Merge branch 'linux-2.6'
[linux-2.6] / drivers / net / wireless / ipw2200.c
1 /******************************************************************************
2
3   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
4
5   802.11 status code portion of this file from ethereal-0.10.6:
6     Copyright 2000, Axis Communications AB
7     Ethereal - Network traffic analyzer
8     By Gerald Combs <gerald@ethereal.com>
9     Copyright 1998 Gerald Combs
10
11   This program is free software; you can redistribute it and/or modify it
12   under the terms of version 2 of the GNU General Public License as
13   published by the Free Software Foundation.
14
15   This program is distributed in the hope that it will be useful, but WITHOUT
16   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17   FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
18   more details.
19
20   You should have received a copy of the GNU General Public License along with
21   this program; if not, write to the Free Software Foundation, Inc., 59
22   Temple Place - Suite 330, Boston, MA  02111-1307, USA.
23
24   The full GNU General Public License is included in this distribution in the
25   file called LICENSE.
26
27   Contact Information:
28   James P. Ketrenos <ipw2100-admin@linux.intel.com>
29   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
30
31 ******************************************************************************/
32
33 #include "ipw2200.h"
34
35
36 #ifndef KBUILD_EXTMOD
37 #define VK "k"
38 #else
39 #define VK
40 #endif
41
42 #ifdef CONFIG_IPW2200_DEBUG
43 #define VD "d"
44 #else
45 #define VD
46 #endif
47
48 #ifdef CONFIG_IPW2200_MONITOR
49 #define VM "m"
50 #else
51 #define VM
52 #endif
53
54 #ifdef CONFIG_IPW2200_PROMISCUOUS
55 #define VP "p"
56 #else
57 #define VP
58 #endif
59
60 #ifdef CONFIG_IPW2200_RADIOTAP
61 #define VR "r"
62 #else
63 #define VR
64 #endif
65
66 #ifdef CONFIG_IPW2200_QOS
67 #define VQ "q"
68 #else
69 #define VQ
70 #endif
71
72 #define IPW2200_VERSION "1.2.2" VK VD VM VP VR VQ
73 #define DRV_DESCRIPTION "Intel(R) PRO/Wireless 2200/2915 Network Driver"
74 #define DRV_COPYRIGHT   "Copyright(c) 2003-2006 Intel Corporation"
75 #define DRV_VERSION     IPW2200_VERSION
76
77 #define ETH_P_80211_STATS (ETH_P_80211_RAW + 1)
78
79 MODULE_DESCRIPTION(DRV_DESCRIPTION);
80 MODULE_VERSION(DRV_VERSION);
81 MODULE_AUTHOR(DRV_COPYRIGHT);
82 MODULE_LICENSE("GPL");
83
84 static int cmdlog = 0;
85 static int debug = 0;
86 static int channel = 0;
87 static int mode = 0;
88
89 static u32 ipw_debug_level;
90 static int associate = 1;
91 static int auto_create = 1;
92 static int led = 0;
93 static int disable = 0;
94 static int bt_coexist = 0;
95 static int hwcrypto = 0;
96 static int roaming = 1;
97 static const char ipw_modes[] = {
98         'a', 'b', 'g', '?'
99 };
100 static int antenna = CFG_SYS_ANTENNA_BOTH;
101
102 #ifdef CONFIG_IPW2200_PROMISCUOUS
103 static int rtap_iface = 0;     /* def: 0 -- do not create rtap interface */
104 #endif
105
106
107 #ifdef CONFIG_IPW2200_QOS
108 static int qos_enable = 0;
109 static int qos_burst_enable = 0;
110 static int qos_no_ack_mask = 0;
111 static int burst_duration_CCK = 0;
112 static int burst_duration_OFDM = 0;
113
114 static struct ieee80211_qos_parameters def_qos_parameters_OFDM = {
115         {QOS_TX0_CW_MIN_OFDM, QOS_TX1_CW_MIN_OFDM, QOS_TX2_CW_MIN_OFDM,
116          QOS_TX3_CW_MIN_OFDM},
117         {QOS_TX0_CW_MAX_OFDM, QOS_TX1_CW_MAX_OFDM, QOS_TX2_CW_MAX_OFDM,
118          QOS_TX3_CW_MAX_OFDM},
119         {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
120         {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
121         {QOS_TX0_TXOP_LIMIT_OFDM, QOS_TX1_TXOP_LIMIT_OFDM,
122          QOS_TX2_TXOP_LIMIT_OFDM, QOS_TX3_TXOP_LIMIT_OFDM}
123 };
124
125 static struct ieee80211_qos_parameters def_qos_parameters_CCK = {
126         {QOS_TX0_CW_MIN_CCK, QOS_TX1_CW_MIN_CCK, QOS_TX2_CW_MIN_CCK,
127          QOS_TX3_CW_MIN_CCK},
128         {QOS_TX0_CW_MAX_CCK, QOS_TX1_CW_MAX_CCK, QOS_TX2_CW_MAX_CCK,
129          QOS_TX3_CW_MAX_CCK},
130         {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
131         {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
132         {QOS_TX0_TXOP_LIMIT_CCK, QOS_TX1_TXOP_LIMIT_CCK, QOS_TX2_TXOP_LIMIT_CCK,
133          QOS_TX3_TXOP_LIMIT_CCK}
134 };
135
136 static struct ieee80211_qos_parameters def_parameters_OFDM = {
137         {DEF_TX0_CW_MIN_OFDM, DEF_TX1_CW_MIN_OFDM, DEF_TX2_CW_MIN_OFDM,
138          DEF_TX3_CW_MIN_OFDM},
139         {DEF_TX0_CW_MAX_OFDM, DEF_TX1_CW_MAX_OFDM, DEF_TX2_CW_MAX_OFDM,
140          DEF_TX3_CW_MAX_OFDM},
141         {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
142         {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
143         {DEF_TX0_TXOP_LIMIT_OFDM, DEF_TX1_TXOP_LIMIT_OFDM,
144          DEF_TX2_TXOP_LIMIT_OFDM, DEF_TX3_TXOP_LIMIT_OFDM}
145 };
146
147 static struct ieee80211_qos_parameters def_parameters_CCK = {
148         {DEF_TX0_CW_MIN_CCK, DEF_TX1_CW_MIN_CCK, DEF_TX2_CW_MIN_CCK,
149          DEF_TX3_CW_MIN_CCK},
150         {DEF_TX0_CW_MAX_CCK, DEF_TX1_CW_MAX_CCK, DEF_TX2_CW_MAX_CCK,
151          DEF_TX3_CW_MAX_CCK},
152         {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
153         {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
154         {DEF_TX0_TXOP_LIMIT_CCK, DEF_TX1_TXOP_LIMIT_CCK, DEF_TX2_TXOP_LIMIT_CCK,
155          DEF_TX3_TXOP_LIMIT_CCK}
156 };
157
158 static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 };
159
160 static int from_priority_to_tx_queue[] = {
161         IPW_TX_QUEUE_1, IPW_TX_QUEUE_2, IPW_TX_QUEUE_2, IPW_TX_QUEUE_1,
162         IPW_TX_QUEUE_3, IPW_TX_QUEUE_3, IPW_TX_QUEUE_4, IPW_TX_QUEUE_4
163 };
164
165 static u32 ipw_qos_get_burst_duration(struct ipw_priv *priv);
166
167 static int ipw_send_qos_params_command(struct ipw_priv *priv, struct ieee80211_qos_parameters
168                                        *qos_param);
169 static int ipw_send_qos_info_command(struct ipw_priv *priv, struct ieee80211_qos_information_element
170                                      *qos_param);
171 #endif                          /* CONFIG_IPW2200_QOS */
172
173 static struct iw_statistics *ipw_get_wireless_stats(struct net_device *dev);
174 static void ipw_remove_current_network(struct ipw_priv *priv);
175 static void ipw_rx(struct ipw_priv *priv);
176 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
177                                 struct clx2_tx_queue *txq, int qindex);
178 static int ipw_queue_reset(struct ipw_priv *priv);
179
180 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
181                              int len, int sync);
182
183 static void ipw_tx_queue_free(struct ipw_priv *);
184
185 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *);
186 static void ipw_rx_queue_free(struct ipw_priv *, struct ipw_rx_queue *);
187 static void ipw_rx_queue_replenish(void *);
188 static int ipw_up(struct ipw_priv *);
189 static void ipw_bg_up(struct work_struct *work);
190 static void ipw_down(struct ipw_priv *);
191 static void ipw_bg_down(struct work_struct *work);
192 static int ipw_config(struct ipw_priv *);
193 static int init_supported_rates(struct ipw_priv *priv,
194                                 struct ipw_supported_rates *prates);
195 static void ipw_set_hwcrypto_keys(struct ipw_priv *);
196 static void ipw_send_wep_keys(struct ipw_priv *, int);
197
198 static int snprint_line(char *buf, size_t count,
199                         const u8 * data, u32 len, u32 ofs)
200 {
201         int out, i, j, l;
202         char c;
203
204         out = snprintf(buf, count, "%08X", ofs);
205
206         for (l = 0, i = 0; i < 2; i++) {
207                 out += snprintf(buf + out, count - out, " ");
208                 for (j = 0; j < 8 && l < len; j++, l++)
209                         out += snprintf(buf + out, count - out, "%02X ",
210                                         data[(i * 8 + j)]);
211                 for (; j < 8; j++)
212                         out += snprintf(buf + out, count - out, "   ");
213         }
214
215         out += snprintf(buf + out, count - out, " ");
216         for (l = 0, i = 0; i < 2; i++) {
217                 out += snprintf(buf + out, count - out, " ");
218                 for (j = 0; j < 8 && l < len; j++, l++) {
219                         c = data[(i * 8 + j)];
220                         if (!isascii(c) || !isprint(c))
221                                 c = '.';
222
223                         out += snprintf(buf + out, count - out, "%c", c);
224                 }
225
226                 for (; j < 8; j++)
227                         out += snprintf(buf + out, count - out, " ");
228         }
229
230         return out;
231 }
232
233 static void printk_buf(int level, const u8 * data, u32 len)
234 {
235         char line[81];
236         u32 ofs = 0;
237         if (!(ipw_debug_level & level))
238                 return;
239
240         while (len) {
241                 snprint_line(line, sizeof(line), &data[ofs],
242                              min(len, 16U), ofs);
243                 printk(KERN_DEBUG "%s\n", line);
244                 ofs += 16;
245                 len -= min(len, 16U);
246         }
247 }
248
249 static int snprintk_buf(u8 * output, size_t size, const u8 * data, size_t len)
250 {
251         size_t out = size;
252         u32 ofs = 0;
253         int total = 0;
254
255         while (size && len) {
256                 out = snprint_line(output, size, &data[ofs],
257                                    min_t(size_t, len, 16U), ofs);
258
259                 ofs += 16;
260                 output += out;
261                 size -= out;
262                 len -= min_t(size_t, len, 16U);
263                 total += out;
264         }
265         return total;
266 }
267
268 /* alias for 32-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
269 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg);
270 #define ipw_read_reg32(a, b) _ipw_read_reg32(a, b)
271
272 /* alias for 8-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
273 static u8 _ipw_read_reg8(struct ipw_priv *ipw, u32 reg);
274 #define ipw_read_reg8(a, b) _ipw_read_reg8(a, b)
275
276 /* 8-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
277 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value);
278 static inline void ipw_write_reg8(struct ipw_priv *a, u32 b, u8 c)
279 {
280         IPW_DEBUG_IO("%s %d: write_indirect8(0x%08X, 0x%08X)\n", __FILE__,
281                      __LINE__, (u32) (b), (u32) (c));
282         _ipw_write_reg8(a, b, c);
283 }
284
285 /* 16-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
286 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value);
287 static inline void ipw_write_reg16(struct ipw_priv *a, u32 b, u16 c)
288 {
289         IPW_DEBUG_IO("%s %d: write_indirect16(0x%08X, 0x%08X)\n", __FILE__,
290                      __LINE__, (u32) (b), (u32) (c));
291         _ipw_write_reg16(a, b, c);
292 }
293
294 /* 32-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
295 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value);
296 static inline void ipw_write_reg32(struct ipw_priv *a, u32 b, u32 c)
297 {
298         IPW_DEBUG_IO("%s %d: write_indirect32(0x%08X, 0x%08X)\n", __FILE__,
299                      __LINE__, (u32) (b), (u32) (c));
300         _ipw_write_reg32(a, b, c);
301 }
302
303 /* 8-bit direct write (low 4K) */
304 #define _ipw_write8(ipw, ofs, val) writeb((val), (ipw)->hw_base + (ofs))
305
306 /* 8-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
307 #define ipw_write8(ipw, ofs, val) do { \
308  IPW_DEBUG_IO("%s %d: write_direct8(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
309  _ipw_write8(ipw, ofs, val); \
310  } while (0)
311
312 /* 16-bit direct write (low 4K) */
313 #define _ipw_write16(ipw, ofs, val) writew((val), (ipw)->hw_base + (ofs))
314
315 /* 16-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
316 #define ipw_write16(ipw, ofs, val) \
317  IPW_DEBUG_IO("%s %d: write_direct16(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
318  _ipw_write16(ipw, ofs, val)
319
320 /* 32-bit direct write (low 4K) */
321 #define _ipw_write32(ipw, ofs, val) writel((val), (ipw)->hw_base + (ofs))
322
323 /* 32-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
324 #define ipw_write32(ipw, ofs, val) \
325  IPW_DEBUG_IO("%s %d: write_direct32(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
326  _ipw_write32(ipw, ofs, val)
327
328 /* 8-bit direct read (low 4K) */
329 #define _ipw_read8(ipw, ofs) readb((ipw)->hw_base + (ofs))
330
331 /* 8-bit direct read (low 4K), with debug wrapper */
332 static inline u8 __ipw_read8(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
333 {
334         IPW_DEBUG_IO("%s %d: read_direct8(0x%08X)\n", f, l, (u32) (ofs));
335         return _ipw_read8(ipw, ofs);
336 }
337
338 /* alias to 8-bit direct read (low 4K of SRAM/regs), with debug wrapper */
339 #define ipw_read8(ipw, ofs) __ipw_read8(__FILE__, __LINE__, ipw, ofs)
340
341 /* 16-bit direct read (low 4K) */
342 #define _ipw_read16(ipw, ofs) readw((ipw)->hw_base + (ofs))
343
344 /* 16-bit direct read (low 4K), with debug wrapper */
345 static inline u16 __ipw_read16(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
346 {
347         IPW_DEBUG_IO("%s %d: read_direct16(0x%08X)\n", f, l, (u32) (ofs));
348         return _ipw_read16(ipw, ofs);
349 }
350
351 /* alias to 16-bit direct read (low 4K of SRAM/regs), with debug wrapper */
352 #define ipw_read16(ipw, ofs) __ipw_read16(__FILE__, __LINE__, ipw, ofs)
353
354 /* 32-bit direct read (low 4K) */
355 #define _ipw_read32(ipw, ofs) readl((ipw)->hw_base + (ofs))
356
357 /* 32-bit direct read (low 4K), with debug wrapper */
358 static inline u32 __ipw_read32(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
359 {
360         IPW_DEBUG_IO("%s %d: read_direct32(0x%08X)\n", f, l, (u32) (ofs));
361         return _ipw_read32(ipw, ofs);
362 }
363
364 /* alias to 32-bit direct read (low 4K of SRAM/regs), with debug wrapper */
365 #define ipw_read32(ipw, ofs) __ipw_read32(__FILE__, __LINE__, ipw, ofs)
366
367 /* multi-byte read (above 4K), with debug wrapper */
368 static void _ipw_read_indirect(struct ipw_priv *, u32, u8 *, int);
369 static inline void __ipw_read_indirect(const char *f, int l,
370                                        struct ipw_priv *a, u32 b, u8 * c, int d)
371 {
372         IPW_DEBUG_IO("%s %d: read_indirect(0x%08X) %d bytes\n", f, l, (u32) (b),
373                      d);
374         _ipw_read_indirect(a, b, c, d);
375 }
376
377 /* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
378 #define ipw_read_indirect(a, b, c, d) __ipw_read_indirect(__FILE__, __LINE__, a, b, c, d)
379
380 /* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
381 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * data,
382                                 int num);
383 #define ipw_write_indirect(a, b, c, d) \
384         IPW_DEBUG_IO("%s %d: write_indirect(0x%08X) %d bytes\n", __FILE__, __LINE__, (u32)(b), d); \
385         _ipw_write_indirect(a, b, c, d)
386
387 /* 32-bit indirect write (above 4K) */
388 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value)
389 {
390         IPW_DEBUG_IO(" %p : reg = 0x%8X : value = 0x%8X\n", priv, reg, value);
391         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
392         _ipw_write32(priv, IPW_INDIRECT_DATA, value);
393 }
394
395 /* 8-bit indirect write (above 4K) */
396 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value)
397 {
398         u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
399         u32 dif_len = reg - aligned_addr;
400
401         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
402         _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
403         _ipw_write8(priv, IPW_INDIRECT_DATA + dif_len, value);
404 }
405
406 /* 16-bit indirect write (above 4K) */
407 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value)
408 {
409         u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
410         u32 dif_len = (reg - aligned_addr) & (~0x1ul);
411
412         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
413         _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
414         _ipw_write16(priv, IPW_INDIRECT_DATA + dif_len, value);
415 }
416
417 /* 8-bit indirect read (above 4K) */
418 static u8 _ipw_read_reg8(struct ipw_priv *priv, u32 reg)
419 {
420         u32 word;
421         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg & IPW_INDIRECT_ADDR_MASK);
422         IPW_DEBUG_IO(" reg = 0x%8X : \n", reg);
423         word = _ipw_read32(priv, IPW_INDIRECT_DATA);
424         return (word >> ((reg & 0x3) * 8)) & 0xff;
425 }
426
427 /* 32-bit indirect read (above 4K) */
428 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg)
429 {
430         u32 value;
431
432         IPW_DEBUG_IO("%p : reg = 0x%08x\n", priv, reg);
433
434         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
435         value = _ipw_read32(priv, IPW_INDIRECT_DATA);
436         IPW_DEBUG_IO(" reg = 0x%4X : value = 0x%4x \n", reg, value);
437         return value;
438 }
439
440 /* General purpose, no alignment requirement, iterative (multi-byte) read, */
441 /*    for area above 1st 4K of SRAM/reg space */
442 static void _ipw_read_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
443                                int num)
444 {
445         u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
446         u32 dif_len = addr - aligned_addr;
447         u32 i;
448
449         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
450
451         if (num <= 0) {
452                 return;
453         }
454
455         /* Read the first dword (or portion) byte by byte */
456         if (unlikely(dif_len)) {
457                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
458                 /* Start reading at aligned_addr + dif_len */
459                 for (i = dif_len; ((i < 4) && (num > 0)); i++, num--)
460                         *buf++ = _ipw_read8(priv, IPW_INDIRECT_DATA + i);
461                 aligned_addr += 4;
462         }
463
464         /* Read all of the middle dwords as dwords, with auto-increment */
465         _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
466         for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
467                 *(u32 *) buf = _ipw_read32(priv, IPW_AUTOINC_DATA);
468
469         /* Read the last dword (or portion) byte by byte */
470         if (unlikely(num)) {
471                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
472                 for (i = 0; num > 0; i++, num--)
473                         *buf++ = ipw_read8(priv, IPW_INDIRECT_DATA + i);
474         }
475 }
476
477 /* General purpose, no alignment requirement, iterative (multi-byte) write, */
478 /*    for area above 1st 4K of SRAM/reg space */
479 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
480                                 int num)
481 {
482         u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
483         u32 dif_len = addr - aligned_addr;
484         u32 i;
485
486         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
487
488         if (num <= 0) {
489                 return;
490         }
491
492         /* Write the first dword (or portion) byte by byte */
493         if (unlikely(dif_len)) {
494                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
495                 /* Start writing at aligned_addr + dif_len */
496                 for (i = dif_len; ((i < 4) && (num > 0)); i++, num--, buf++)
497                         _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
498                 aligned_addr += 4;
499         }
500
501         /* Write all of the middle dwords as dwords, with auto-increment */
502         _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
503         for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
504                 _ipw_write32(priv, IPW_AUTOINC_DATA, *(u32 *) buf);
505
506         /* Write the last dword (or portion) byte by byte */
507         if (unlikely(num)) {
508                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
509                 for (i = 0; num > 0; i++, num--, buf++)
510                         _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
511         }
512 }
513
514 /* General purpose, no alignment requirement, iterative (multi-byte) write, */
515 /*    for 1st 4K of SRAM/regs space */
516 static void ipw_write_direct(struct ipw_priv *priv, u32 addr, void *buf,
517                              int num)
518 {
519         memcpy_toio((priv->hw_base + addr), buf, num);
520 }
521
522 /* Set bit(s) in low 4K of SRAM/regs */
523 static inline void ipw_set_bit(struct ipw_priv *priv, u32 reg, u32 mask)
524 {
525         ipw_write32(priv, reg, ipw_read32(priv, reg) | mask);
526 }
527
528 /* Clear bit(s) in low 4K of SRAM/regs */
529 static inline void ipw_clear_bit(struct ipw_priv *priv, u32 reg, u32 mask)
530 {
531         ipw_write32(priv, reg, ipw_read32(priv, reg) & ~mask);
532 }
533
534 static inline void __ipw_enable_interrupts(struct ipw_priv *priv)
535 {
536         if (priv->status & STATUS_INT_ENABLED)
537                 return;
538         priv->status |= STATUS_INT_ENABLED;
539         ipw_write32(priv, IPW_INTA_MASK_R, IPW_INTA_MASK_ALL);
540 }
541
542 static inline void __ipw_disable_interrupts(struct ipw_priv *priv)
543 {
544         if (!(priv->status & STATUS_INT_ENABLED))
545                 return;
546         priv->status &= ~STATUS_INT_ENABLED;
547         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
548 }
549
550 static inline void ipw_enable_interrupts(struct ipw_priv *priv)
551 {
552         unsigned long flags;
553
554         spin_lock_irqsave(&priv->irq_lock, flags);
555         __ipw_enable_interrupts(priv);
556         spin_unlock_irqrestore(&priv->irq_lock, flags);
557 }
558
559 static inline void ipw_disable_interrupts(struct ipw_priv *priv)
560 {
561         unsigned long flags;
562
563         spin_lock_irqsave(&priv->irq_lock, flags);
564         __ipw_disable_interrupts(priv);
565         spin_unlock_irqrestore(&priv->irq_lock, flags);
566 }
567
568 static char *ipw_error_desc(u32 val)
569 {
570         switch (val) {
571         case IPW_FW_ERROR_OK:
572                 return "ERROR_OK";
573         case IPW_FW_ERROR_FAIL:
574                 return "ERROR_FAIL";
575         case IPW_FW_ERROR_MEMORY_UNDERFLOW:
576                 return "MEMORY_UNDERFLOW";
577         case IPW_FW_ERROR_MEMORY_OVERFLOW:
578                 return "MEMORY_OVERFLOW";
579         case IPW_FW_ERROR_BAD_PARAM:
580                 return "BAD_PARAM";
581         case IPW_FW_ERROR_BAD_CHECKSUM:
582                 return "BAD_CHECKSUM";
583         case IPW_FW_ERROR_NMI_INTERRUPT:
584                 return "NMI_INTERRUPT";
585         case IPW_FW_ERROR_BAD_DATABASE:
586                 return "BAD_DATABASE";
587         case IPW_FW_ERROR_ALLOC_FAIL:
588                 return "ALLOC_FAIL";
589         case IPW_FW_ERROR_DMA_UNDERRUN:
590                 return "DMA_UNDERRUN";
591         case IPW_FW_ERROR_DMA_STATUS:
592                 return "DMA_STATUS";
593         case IPW_FW_ERROR_DINO_ERROR:
594                 return "DINO_ERROR";
595         case IPW_FW_ERROR_EEPROM_ERROR:
596                 return "EEPROM_ERROR";
597         case IPW_FW_ERROR_SYSASSERT:
598                 return "SYSASSERT";
599         case IPW_FW_ERROR_FATAL_ERROR:
600                 return "FATAL_ERROR";
601         default:
602                 return "UNKNOWN_ERROR";
603         }
604 }
605
606 static void ipw_dump_error_log(struct ipw_priv *priv,
607                                struct ipw_fw_error *error)
608 {
609         u32 i;
610
611         if (!error) {
612                 IPW_ERROR("Error allocating and capturing error log.  "
613                           "Nothing to dump.\n");
614                 return;
615         }
616
617         IPW_ERROR("Start IPW Error Log Dump:\n");
618         IPW_ERROR("Status: 0x%08X, Config: %08X\n",
619                   error->status, error->config);
620
621         for (i = 0; i < error->elem_len; i++)
622                 IPW_ERROR("%s %i 0x%08x  0x%08x  0x%08x  0x%08x  0x%08x\n",
623                           ipw_error_desc(error->elem[i].desc),
624                           error->elem[i].time,
625                           error->elem[i].blink1,
626                           error->elem[i].blink2,
627                           error->elem[i].link1,
628                           error->elem[i].link2, error->elem[i].data);
629         for (i = 0; i < error->log_len; i++)
630                 IPW_ERROR("%i\t0x%08x\t%i\n",
631                           error->log[i].time,
632                           error->log[i].data, error->log[i].event);
633 }
634
635 static inline int ipw_is_init(struct ipw_priv *priv)
636 {
637         return (priv->status & STATUS_INIT) ? 1 : 0;
638 }
639
640 static int ipw_get_ordinal(struct ipw_priv *priv, u32 ord, void *val, u32 * len)
641 {
642         u32 addr, field_info, field_len, field_count, total_len;
643
644         IPW_DEBUG_ORD("ordinal = %i\n", ord);
645
646         if (!priv || !val || !len) {
647                 IPW_DEBUG_ORD("Invalid argument\n");
648                 return -EINVAL;
649         }
650
651         /* verify device ordinal tables have been initialized */
652         if (!priv->table0_addr || !priv->table1_addr || !priv->table2_addr) {
653                 IPW_DEBUG_ORD("Access ordinals before initialization\n");
654                 return -EINVAL;
655         }
656
657         switch (IPW_ORD_TABLE_ID_MASK & ord) {
658         case IPW_ORD_TABLE_0_MASK:
659                 /*
660                  * TABLE 0: Direct access to a table of 32 bit values
661                  *
662                  * This is a very simple table with the data directly
663                  * read from the table
664                  */
665
666                 /* remove the table id from the ordinal */
667                 ord &= IPW_ORD_TABLE_VALUE_MASK;
668
669                 /* boundary check */
670                 if (ord > priv->table0_len) {
671                         IPW_DEBUG_ORD("ordinal value (%i) longer then "
672                                       "max (%i)\n", ord, priv->table0_len);
673                         return -EINVAL;
674                 }
675
676                 /* verify we have enough room to store the value */
677                 if (*len < sizeof(u32)) {
678                         IPW_DEBUG_ORD("ordinal buffer length too small, "
679                                       "need %zd\n", sizeof(u32));
680                         return -EINVAL;
681                 }
682
683                 IPW_DEBUG_ORD("Reading TABLE0[%i] from offset 0x%08x\n",
684                               ord, priv->table0_addr + (ord << 2));
685
686                 *len = sizeof(u32);
687                 ord <<= 2;
688                 *((u32 *) val) = ipw_read32(priv, priv->table0_addr + ord);
689                 break;
690
691         case IPW_ORD_TABLE_1_MASK:
692                 /*
693                  * TABLE 1: Indirect access to a table of 32 bit values
694                  *
695                  * This is a fairly large table of u32 values each
696                  * representing starting addr for the data (which is
697                  * also a u32)
698                  */
699
700                 /* remove the table id from the ordinal */
701                 ord &= IPW_ORD_TABLE_VALUE_MASK;
702
703                 /* boundary check */
704                 if (ord > priv->table1_len) {
705                         IPW_DEBUG_ORD("ordinal value too long\n");
706                         return -EINVAL;
707                 }
708
709                 /* verify we have enough room to store the value */
710                 if (*len < sizeof(u32)) {
711                         IPW_DEBUG_ORD("ordinal buffer length too small, "
712                                       "need %zd\n", sizeof(u32));
713                         return -EINVAL;
714                 }
715
716                 *((u32 *) val) =
717                     ipw_read_reg32(priv, (priv->table1_addr + (ord << 2)));
718                 *len = sizeof(u32);
719                 break;
720
721         case IPW_ORD_TABLE_2_MASK:
722                 /*
723                  * TABLE 2: Indirect access to a table of variable sized values
724                  *
725                  * This table consist of six values, each containing
726                  *     - dword containing the starting offset of the data
727                  *     - dword containing the lengh in the first 16bits
728                  *       and the count in the second 16bits
729                  */
730
731                 /* remove the table id from the ordinal */
732                 ord &= IPW_ORD_TABLE_VALUE_MASK;
733
734                 /* boundary check */
735                 if (ord > priv->table2_len) {
736                         IPW_DEBUG_ORD("ordinal value too long\n");
737                         return -EINVAL;
738                 }
739
740                 /* get the address of statistic */
741                 addr = ipw_read_reg32(priv, priv->table2_addr + (ord << 3));
742
743                 /* get the second DW of statistics ;
744                  * two 16-bit words - first is length, second is count */
745                 field_info =
746                     ipw_read_reg32(priv,
747                                    priv->table2_addr + (ord << 3) +
748                                    sizeof(u32));
749
750                 /* get each entry length */
751                 field_len = *((u16 *) & field_info);
752
753                 /* get number of entries */
754                 field_count = *(((u16 *) & field_info) + 1);
755
756                 /* abort if not enought memory */
757                 total_len = field_len * field_count;
758                 if (total_len > *len) {
759                         *len = total_len;
760                         return -EINVAL;
761                 }
762
763                 *len = total_len;
764                 if (!total_len)
765                         return 0;
766
767                 IPW_DEBUG_ORD("addr = 0x%08x, total_len = %i, "
768                               "field_info = 0x%08x\n",
769                               addr, total_len, field_info);
770                 ipw_read_indirect(priv, addr, val, total_len);
771                 break;
772
773         default:
774                 IPW_DEBUG_ORD("Invalid ordinal!\n");
775                 return -EINVAL;
776
777         }
778
779         return 0;
780 }
781
782 static void ipw_init_ordinals(struct ipw_priv *priv)
783 {
784         priv->table0_addr = IPW_ORDINALS_TABLE_LOWER;
785         priv->table0_len = ipw_read32(priv, priv->table0_addr);
786
787         IPW_DEBUG_ORD("table 0 offset at 0x%08x, len = %i\n",
788                       priv->table0_addr, priv->table0_len);
789
790         priv->table1_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_1);
791         priv->table1_len = ipw_read_reg32(priv, priv->table1_addr);
792
793         IPW_DEBUG_ORD("table 1 offset at 0x%08x, len = %i\n",
794                       priv->table1_addr, priv->table1_len);
795
796         priv->table2_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_2);
797         priv->table2_len = ipw_read_reg32(priv, priv->table2_addr);
798         priv->table2_len &= 0x0000ffff; /* use first two bytes */
799
800         IPW_DEBUG_ORD("table 2 offset at 0x%08x, len = %i\n",
801                       priv->table2_addr, priv->table2_len);
802
803 }
804
805 static u32 ipw_register_toggle(u32 reg)
806 {
807         reg &= ~IPW_START_STANDBY;
808         if (reg & IPW_GATE_ODMA)
809                 reg &= ~IPW_GATE_ODMA;
810         if (reg & IPW_GATE_IDMA)
811                 reg &= ~IPW_GATE_IDMA;
812         if (reg & IPW_GATE_ADMA)
813                 reg &= ~IPW_GATE_ADMA;
814         return reg;
815 }
816
817 /*
818  * LED behavior:
819  * - On radio ON, turn on any LEDs that require to be on during start
820  * - On initialization, start unassociated blink
821  * - On association, disable unassociated blink
822  * - On disassociation, start unassociated blink
823  * - On radio OFF, turn off any LEDs started during radio on
824  *
825  */
826 #define LD_TIME_LINK_ON msecs_to_jiffies(300)
827 #define LD_TIME_LINK_OFF msecs_to_jiffies(2700)
828 #define LD_TIME_ACT_ON msecs_to_jiffies(250)
829
830 static void ipw_led_link_on(struct ipw_priv *priv)
831 {
832         unsigned long flags;
833         u32 led;
834
835         /* If configured to not use LEDs, or nic_type is 1,
836          * then we don't toggle a LINK led */
837         if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
838                 return;
839
840         spin_lock_irqsave(&priv->lock, flags);
841
842         if (!(priv->status & STATUS_RF_KILL_MASK) &&
843             !(priv->status & STATUS_LED_LINK_ON)) {
844                 IPW_DEBUG_LED("Link LED On\n");
845                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
846                 led |= priv->led_association_on;
847
848                 led = ipw_register_toggle(led);
849
850                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
851                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
852
853                 priv->status |= STATUS_LED_LINK_ON;
854
855                 /* If we aren't associated, schedule turning the LED off */
856                 if (!(priv->status & STATUS_ASSOCIATED))
857                         queue_delayed_work(priv->workqueue,
858                                            &priv->led_link_off,
859                                            LD_TIME_LINK_ON);
860         }
861
862         spin_unlock_irqrestore(&priv->lock, flags);
863 }
864
865 static void ipw_bg_led_link_on(struct work_struct *work)
866 {
867         struct ipw_priv *priv =
868                 container_of(work, struct ipw_priv, led_link_on.work);
869         mutex_lock(&priv->mutex);
870         ipw_led_link_on(priv);
871         mutex_unlock(&priv->mutex);
872 }
873
874 static void ipw_led_link_off(struct ipw_priv *priv)
875 {
876         unsigned long flags;
877         u32 led;
878
879         /* If configured not to use LEDs, or nic type is 1,
880          * then we don't goggle the LINK led. */
881         if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
882                 return;
883
884         spin_lock_irqsave(&priv->lock, flags);
885
886         if (priv->status & STATUS_LED_LINK_ON) {
887                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
888                 led &= priv->led_association_off;
889                 led = ipw_register_toggle(led);
890
891                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
892                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
893
894                 IPW_DEBUG_LED("Link LED Off\n");
895
896                 priv->status &= ~STATUS_LED_LINK_ON;
897
898                 /* If we aren't associated and the radio is on, schedule
899                  * turning the LED on (blink while unassociated) */
900                 if (!(priv->status & STATUS_RF_KILL_MASK) &&
901                     !(priv->status & STATUS_ASSOCIATED))
902                         queue_delayed_work(priv->workqueue, &priv->led_link_on,
903                                            LD_TIME_LINK_OFF);
904
905         }
906
907         spin_unlock_irqrestore(&priv->lock, flags);
908 }
909
910 static void ipw_bg_led_link_off(struct work_struct *work)
911 {
912         struct ipw_priv *priv =
913                 container_of(work, struct ipw_priv, led_link_off.work);
914         mutex_lock(&priv->mutex);
915         ipw_led_link_off(priv);
916         mutex_unlock(&priv->mutex);
917 }
918
919 static void __ipw_led_activity_on(struct ipw_priv *priv)
920 {
921         u32 led;
922
923         if (priv->config & CFG_NO_LED)
924                 return;
925
926         if (priv->status & STATUS_RF_KILL_MASK)
927                 return;
928
929         if (!(priv->status & STATUS_LED_ACT_ON)) {
930                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
931                 led |= priv->led_activity_on;
932
933                 led = ipw_register_toggle(led);
934
935                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
936                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
937
938                 IPW_DEBUG_LED("Activity LED On\n");
939
940                 priv->status |= STATUS_LED_ACT_ON;
941
942                 cancel_delayed_work(&priv->led_act_off);
943                 queue_delayed_work(priv->workqueue, &priv->led_act_off,
944                                    LD_TIME_ACT_ON);
945         } else {
946                 /* Reschedule LED off for full time period */
947                 cancel_delayed_work(&priv->led_act_off);
948                 queue_delayed_work(priv->workqueue, &priv->led_act_off,
949                                    LD_TIME_ACT_ON);
950         }
951 }
952
953 #if 0
954 void ipw_led_activity_on(struct ipw_priv *priv)
955 {
956         unsigned long flags;
957         spin_lock_irqsave(&priv->lock, flags);
958         __ipw_led_activity_on(priv);
959         spin_unlock_irqrestore(&priv->lock, flags);
960 }
961 #endif  /*  0  */
962
963 static void ipw_led_activity_off(struct ipw_priv *priv)
964 {
965         unsigned long flags;
966         u32 led;
967
968         if (priv->config & CFG_NO_LED)
969                 return;
970
971         spin_lock_irqsave(&priv->lock, flags);
972
973         if (priv->status & STATUS_LED_ACT_ON) {
974                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
975                 led &= priv->led_activity_off;
976
977                 led = ipw_register_toggle(led);
978
979                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
980                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
981
982                 IPW_DEBUG_LED("Activity LED Off\n");
983
984                 priv->status &= ~STATUS_LED_ACT_ON;
985         }
986
987         spin_unlock_irqrestore(&priv->lock, flags);
988 }
989
990 static void ipw_bg_led_activity_off(struct work_struct *work)
991 {
992         struct ipw_priv *priv =
993                 container_of(work, struct ipw_priv, led_act_off.work);
994         mutex_lock(&priv->mutex);
995         ipw_led_activity_off(priv);
996         mutex_unlock(&priv->mutex);
997 }
998
999 static void ipw_led_band_on(struct ipw_priv *priv)
1000 {
1001         unsigned long flags;
1002         u32 led;
1003
1004         /* Only nic type 1 supports mode LEDs */
1005         if (priv->config & CFG_NO_LED ||
1006             priv->nic_type != EEPROM_NIC_TYPE_1 || !priv->assoc_network)
1007                 return;
1008
1009         spin_lock_irqsave(&priv->lock, flags);
1010
1011         led = ipw_read_reg32(priv, IPW_EVENT_REG);
1012         if (priv->assoc_network->mode == IEEE_A) {
1013                 led |= priv->led_ofdm_on;
1014                 led &= priv->led_association_off;
1015                 IPW_DEBUG_LED("Mode LED On: 802.11a\n");
1016         } else if (priv->assoc_network->mode == IEEE_G) {
1017                 led |= priv->led_ofdm_on;
1018                 led |= priv->led_association_on;
1019                 IPW_DEBUG_LED("Mode LED On: 802.11g\n");
1020         } else {
1021                 led &= priv->led_ofdm_off;
1022                 led |= priv->led_association_on;
1023                 IPW_DEBUG_LED("Mode LED On: 802.11b\n");
1024         }
1025
1026         led = ipw_register_toggle(led);
1027
1028         IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1029         ipw_write_reg32(priv, IPW_EVENT_REG, led);
1030
1031         spin_unlock_irqrestore(&priv->lock, flags);
1032 }
1033
1034 static void ipw_led_band_off(struct ipw_priv *priv)
1035 {
1036         unsigned long flags;
1037         u32 led;
1038
1039         /* Only nic type 1 supports mode LEDs */
1040         if (priv->config & CFG_NO_LED || priv->nic_type != EEPROM_NIC_TYPE_1)
1041                 return;
1042
1043         spin_lock_irqsave(&priv->lock, flags);
1044
1045         led = ipw_read_reg32(priv, IPW_EVENT_REG);
1046         led &= priv->led_ofdm_off;
1047         led &= priv->led_association_off;
1048
1049         led = ipw_register_toggle(led);
1050
1051         IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1052         ipw_write_reg32(priv, IPW_EVENT_REG, led);
1053
1054         spin_unlock_irqrestore(&priv->lock, flags);
1055 }
1056
1057 static void ipw_led_radio_on(struct ipw_priv *priv)
1058 {
1059         ipw_led_link_on(priv);
1060 }
1061
1062 static void ipw_led_radio_off(struct ipw_priv *priv)
1063 {
1064         ipw_led_activity_off(priv);
1065         ipw_led_link_off(priv);
1066 }
1067
1068 static void ipw_led_link_up(struct ipw_priv *priv)
1069 {
1070         /* Set the Link Led on for all nic types */
1071         ipw_led_link_on(priv);
1072 }
1073
1074 static void ipw_led_link_down(struct ipw_priv *priv)
1075 {
1076         ipw_led_activity_off(priv);
1077         ipw_led_link_off(priv);
1078
1079         if (priv->status & STATUS_RF_KILL_MASK)
1080                 ipw_led_radio_off(priv);
1081 }
1082
1083 static void ipw_led_init(struct ipw_priv *priv)
1084 {
1085         priv->nic_type = priv->eeprom[EEPROM_NIC_TYPE];
1086
1087         /* Set the default PINs for the link and activity leds */
1088         priv->led_activity_on = IPW_ACTIVITY_LED;
1089         priv->led_activity_off = ~(IPW_ACTIVITY_LED);
1090
1091         priv->led_association_on = IPW_ASSOCIATED_LED;
1092         priv->led_association_off = ~(IPW_ASSOCIATED_LED);
1093
1094         /* Set the default PINs for the OFDM leds */
1095         priv->led_ofdm_on = IPW_OFDM_LED;
1096         priv->led_ofdm_off = ~(IPW_OFDM_LED);
1097
1098         switch (priv->nic_type) {
1099         case EEPROM_NIC_TYPE_1:
1100                 /* In this NIC type, the LEDs are reversed.... */
1101                 priv->led_activity_on = IPW_ASSOCIATED_LED;
1102                 priv->led_activity_off = ~(IPW_ASSOCIATED_LED);
1103                 priv->led_association_on = IPW_ACTIVITY_LED;
1104                 priv->led_association_off = ~(IPW_ACTIVITY_LED);
1105
1106                 if (!(priv->config & CFG_NO_LED))
1107                         ipw_led_band_on(priv);
1108
1109                 /* And we don't blink link LEDs for this nic, so
1110                  * just return here */
1111                 return;
1112
1113         case EEPROM_NIC_TYPE_3:
1114         case EEPROM_NIC_TYPE_2:
1115         case EEPROM_NIC_TYPE_4:
1116         case EEPROM_NIC_TYPE_0:
1117                 break;
1118
1119         default:
1120                 IPW_DEBUG_INFO("Unknown NIC type from EEPROM: %d\n",
1121                                priv->nic_type);
1122                 priv->nic_type = EEPROM_NIC_TYPE_0;
1123                 break;
1124         }
1125
1126         if (!(priv->config & CFG_NO_LED)) {
1127                 if (priv->status & STATUS_ASSOCIATED)
1128                         ipw_led_link_on(priv);
1129                 else
1130                         ipw_led_link_off(priv);
1131         }
1132 }
1133
1134 static void ipw_led_shutdown(struct ipw_priv *priv)
1135 {
1136         ipw_led_activity_off(priv);
1137         ipw_led_link_off(priv);
1138         ipw_led_band_off(priv);
1139         cancel_delayed_work(&priv->led_link_on);
1140         cancel_delayed_work(&priv->led_link_off);
1141         cancel_delayed_work(&priv->led_act_off);
1142 }
1143
1144 /*
1145  * The following adds a new attribute to the sysfs representation
1146  * of this device driver (i.e. a new file in /sys/bus/pci/drivers/ipw/)
1147  * used for controling the debug level.
1148  *
1149  * See the level definitions in ipw for details.
1150  */
1151 static ssize_t show_debug_level(struct device_driver *d, char *buf)
1152 {
1153         return sprintf(buf, "0x%08X\n", ipw_debug_level);
1154 }
1155
1156 static ssize_t store_debug_level(struct device_driver *d, const char *buf,
1157                                  size_t count)
1158 {
1159         char *p = (char *)buf;
1160         u32 val;
1161
1162         if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1163                 p++;
1164                 if (p[0] == 'x' || p[0] == 'X')
1165                         p++;
1166                 val = simple_strtoul(p, &p, 16);
1167         } else
1168                 val = simple_strtoul(p, &p, 10);
1169         if (p == buf)
1170                 printk(KERN_INFO DRV_NAME
1171                        ": %s is not in hex or decimal form.\n", buf);
1172         else
1173                 ipw_debug_level = val;
1174
1175         return strnlen(buf, count);
1176 }
1177
1178 static DRIVER_ATTR(debug_level, S_IWUSR | S_IRUGO,
1179                    show_debug_level, store_debug_level);
1180
1181 static inline u32 ipw_get_event_log_len(struct ipw_priv *priv)
1182 {
1183         /* length = 1st dword in log */
1184         return ipw_read_reg32(priv, ipw_read32(priv, IPW_EVENT_LOG));
1185 }
1186
1187 static void ipw_capture_event_log(struct ipw_priv *priv,
1188                                   u32 log_len, struct ipw_event *log)
1189 {
1190         u32 base;
1191
1192         if (log_len) {
1193                 base = ipw_read32(priv, IPW_EVENT_LOG);
1194                 ipw_read_indirect(priv, base + sizeof(base) + sizeof(u32),
1195                                   (u8 *) log, sizeof(*log) * log_len);
1196         }
1197 }
1198
1199 static struct ipw_fw_error *ipw_alloc_error_log(struct ipw_priv *priv)
1200 {
1201         struct ipw_fw_error *error;
1202         u32 log_len = ipw_get_event_log_len(priv);
1203         u32 base = ipw_read32(priv, IPW_ERROR_LOG);
1204         u32 elem_len = ipw_read_reg32(priv, base);
1205
1206         error = kmalloc(sizeof(*error) +
1207                         sizeof(*error->elem) * elem_len +
1208                         sizeof(*error->log) * log_len, GFP_ATOMIC);
1209         if (!error) {
1210                 IPW_ERROR("Memory allocation for firmware error log "
1211                           "failed.\n");
1212                 return NULL;
1213         }
1214         error->jiffies = jiffies;
1215         error->status = priv->status;
1216         error->config = priv->config;
1217         error->elem_len = elem_len;
1218         error->log_len = log_len;
1219         error->elem = (struct ipw_error_elem *)error->payload;
1220         error->log = (struct ipw_event *)(error->elem + elem_len);
1221
1222         ipw_capture_event_log(priv, log_len, error->log);
1223
1224         if (elem_len)
1225                 ipw_read_indirect(priv, base + sizeof(base), (u8 *) error->elem,
1226                                   sizeof(*error->elem) * elem_len);
1227
1228         return error;
1229 }
1230
1231 static ssize_t show_event_log(struct device *d,
1232                               struct device_attribute *attr, char *buf)
1233 {
1234         struct ipw_priv *priv = dev_get_drvdata(d);
1235         u32 log_len = ipw_get_event_log_len(priv);
1236         u32 log_size;
1237         struct ipw_event *log;
1238         u32 len = 0, i;
1239
1240         /* not using min() because of its strict type checking */
1241         log_size = PAGE_SIZE / sizeof(*log) > log_len ?
1242                         sizeof(*log) * log_len : PAGE_SIZE;
1243         log = kzalloc(log_size, GFP_KERNEL);
1244         if (!log) {
1245                 IPW_ERROR("Unable to allocate memory for log\n");
1246                 return 0;
1247         }
1248         log_len = log_size / sizeof(*log);
1249         ipw_capture_event_log(priv, log_len, log);
1250
1251         len += snprintf(buf + len, PAGE_SIZE - len, "%08X", log_len);
1252         for (i = 0; i < log_len; i++)
1253                 len += snprintf(buf + len, PAGE_SIZE - len,
1254                                 "\n%08X%08X%08X",
1255                                 log[i].time, log[i].event, log[i].data);
1256         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1257         kfree(log);
1258         return len;
1259 }
1260
1261 static DEVICE_ATTR(event_log, S_IRUGO, show_event_log, NULL);
1262
1263 static ssize_t show_error(struct device *d,
1264                           struct device_attribute *attr, char *buf)
1265 {
1266         struct ipw_priv *priv = dev_get_drvdata(d);
1267         u32 len = 0, i;
1268         if (!priv->error)
1269                 return 0;
1270         len += snprintf(buf + len, PAGE_SIZE - len,
1271                         "%08lX%08X%08X%08X",
1272                         priv->error->jiffies,
1273                         priv->error->status,
1274                         priv->error->config, priv->error->elem_len);
1275         for (i = 0; i < priv->error->elem_len; i++)
1276                 len += snprintf(buf + len, PAGE_SIZE - len,
1277                                 "\n%08X%08X%08X%08X%08X%08X%08X",
1278                                 priv->error->elem[i].time,
1279                                 priv->error->elem[i].desc,
1280                                 priv->error->elem[i].blink1,
1281                                 priv->error->elem[i].blink2,
1282                                 priv->error->elem[i].link1,
1283                                 priv->error->elem[i].link2,
1284                                 priv->error->elem[i].data);
1285
1286         len += snprintf(buf + len, PAGE_SIZE - len,
1287                         "\n%08X", priv->error->log_len);
1288         for (i = 0; i < priv->error->log_len; i++)
1289                 len += snprintf(buf + len, PAGE_SIZE - len,
1290                                 "\n%08X%08X%08X",
1291                                 priv->error->log[i].time,
1292                                 priv->error->log[i].event,
1293                                 priv->error->log[i].data);
1294         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1295         return len;
1296 }
1297
1298 static ssize_t clear_error(struct device *d,
1299                            struct device_attribute *attr,
1300                            const char *buf, size_t count)
1301 {
1302         struct ipw_priv *priv = dev_get_drvdata(d);
1303
1304         kfree(priv->error);
1305         priv->error = NULL;
1306         return count;
1307 }
1308
1309 static DEVICE_ATTR(error, S_IRUGO | S_IWUSR, show_error, clear_error);
1310
1311 static ssize_t show_cmd_log(struct device *d,
1312                             struct device_attribute *attr, char *buf)
1313 {
1314         struct ipw_priv *priv = dev_get_drvdata(d);
1315         u32 len = 0, i;
1316         if (!priv->cmdlog)
1317                 return 0;
1318         for (i = (priv->cmdlog_pos + 1) % priv->cmdlog_len;
1319              (i != priv->cmdlog_pos) && (PAGE_SIZE - len);
1320              i = (i + 1) % priv->cmdlog_len) {
1321                 len +=
1322                     snprintf(buf + len, PAGE_SIZE - len,
1323                              "\n%08lX%08X%08X%08X\n", priv->cmdlog[i].jiffies,
1324                              priv->cmdlog[i].retcode, priv->cmdlog[i].cmd.cmd,
1325                              priv->cmdlog[i].cmd.len);
1326                 len +=
1327                     snprintk_buf(buf + len, PAGE_SIZE - len,
1328                                  (u8 *) priv->cmdlog[i].cmd.param,
1329                                  priv->cmdlog[i].cmd.len);
1330                 len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1331         }
1332         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1333         return len;
1334 }
1335
1336 static DEVICE_ATTR(cmd_log, S_IRUGO, show_cmd_log, NULL);
1337
1338 #ifdef CONFIG_IPW2200_PROMISCUOUS
1339 static void ipw_prom_free(struct ipw_priv *priv);
1340 static int ipw_prom_alloc(struct ipw_priv *priv);
1341 static ssize_t store_rtap_iface(struct device *d,
1342                          struct device_attribute *attr,
1343                          const char *buf, size_t count)
1344 {
1345         struct ipw_priv *priv = dev_get_drvdata(d);
1346         int rc = 0;
1347
1348         if (count < 1)
1349                 return -EINVAL;
1350
1351         switch (buf[0]) {
1352         case '0':
1353                 if (!rtap_iface)
1354                         return count;
1355
1356                 if (netif_running(priv->prom_net_dev)) {
1357                         IPW_WARNING("Interface is up.  Cannot unregister.\n");
1358                         return count;
1359                 }
1360
1361                 ipw_prom_free(priv);
1362                 rtap_iface = 0;
1363                 break;
1364
1365         case '1':
1366                 if (rtap_iface)
1367                         return count;
1368
1369                 rc = ipw_prom_alloc(priv);
1370                 if (!rc)
1371                         rtap_iface = 1;
1372                 break;
1373
1374         default:
1375                 return -EINVAL;
1376         }
1377
1378         if (rc) {
1379                 IPW_ERROR("Failed to register promiscuous network "
1380                           "device (error %d).\n", rc);
1381         }
1382
1383         return count;
1384 }
1385
1386 static ssize_t show_rtap_iface(struct device *d,
1387                         struct device_attribute *attr,
1388                         char *buf)
1389 {
1390         struct ipw_priv *priv = dev_get_drvdata(d);
1391         if (rtap_iface)
1392                 return sprintf(buf, "%s", priv->prom_net_dev->name);
1393         else {
1394                 buf[0] = '-';
1395                 buf[1] = '1';
1396                 buf[2] = '\0';
1397                 return 3;
1398         }
1399 }
1400
1401 static DEVICE_ATTR(rtap_iface, S_IWUSR | S_IRUSR, show_rtap_iface,
1402                    store_rtap_iface);
1403
1404 static ssize_t store_rtap_filter(struct device *d,
1405                          struct device_attribute *attr,
1406                          const char *buf, size_t count)
1407 {
1408         struct ipw_priv *priv = dev_get_drvdata(d);
1409
1410         if (!priv->prom_priv) {
1411                 IPW_ERROR("Attempting to set filter without "
1412                           "rtap_iface enabled.\n");
1413                 return -EPERM;
1414         }
1415
1416         priv->prom_priv->filter = simple_strtol(buf, NULL, 0);
1417
1418         IPW_DEBUG_INFO("Setting rtap filter to " BIT_FMT16 "\n",
1419                        BIT_ARG16(priv->prom_priv->filter));
1420
1421         return count;
1422 }
1423
1424 static ssize_t show_rtap_filter(struct device *d,
1425                         struct device_attribute *attr,
1426                         char *buf)
1427 {
1428         struct ipw_priv *priv = dev_get_drvdata(d);
1429         return sprintf(buf, "0x%04X",
1430                        priv->prom_priv ? priv->prom_priv->filter : 0);
1431 }
1432
1433 static DEVICE_ATTR(rtap_filter, S_IWUSR | S_IRUSR, show_rtap_filter,
1434                    store_rtap_filter);
1435 #endif
1436
1437 static ssize_t show_scan_age(struct device *d, struct device_attribute *attr,
1438                              char *buf)
1439 {
1440         struct ipw_priv *priv = dev_get_drvdata(d);
1441         return sprintf(buf, "%d\n", priv->ieee->scan_age);
1442 }
1443
1444 static ssize_t store_scan_age(struct device *d, struct device_attribute *attr,
1445                               const char *buf, size_t count)
1446 {
1447         struct ipw_priv *priv = dev_get_drvdata(d);
1448         struct net_device *dev = priv->net_dev;
1449         char buffer[] = "00000000";
1450         unsigned long len =
1451             (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1;
1452         unsigned long val;
1453         char *p = buffer;
1454
1455         IPW_DEBUG_INFO("enter\n");
1456
1457         strncpy(buffer, buf, len);
1458         buffer[len] = 0;
1459
1460         if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1461                 p++;
1462                 if (p[0] == 'x' || p[0] == 'X')
1463                         p++;
1464                 val = simple_strtoul(p, &p, 16);
1465         } else
1466                 val = simple_strtoul(p, &p, 10);
1467         if (p == buffer) {
1468                 IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
1469         } else {
1470                 priv->ieee->scan_age = val;
1471                 IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
1472         }
1473
1474         IPW_DEBUG_INFO("exit\n");
1475         return len;
1476 }
1477
1478 static DEVICE_ATTR(scan_age, S_IWUSR | S_IRUGO, show_scan_age, store_scan_age);
1479
1480 static ssize_t show_led(struct device *d, struct device_attribute *attr,
1481                         char *buf)
1482 {
1483         struct ipw_priv *priv = dev_get_drvdata(d);
1484         return sprintf(buf, "%d\n", (priv->config & CFG_NO_LED) ? 0 : 1);
1485 }
1486
1487 static ssize_t store_led(struct device *d, struct device_attribute *attr,
1488                          const char *buf, size_t count)
1489 {
1490         struct ipw_priv *priv = dev_get_drvdata(d);
1491
1492         IPW_DEBUG_INFO("enter\n");
1493
1494         if (count == 0)
1495                 return 0;
1496
1497         if (*buf == 0) {
1498                 IPW_DEBUG_LED("Disabling LED control.\n");
1499                 priv->config |= CFG_NO_LED;
1500                 ipw_led_shutdown(priv);
1501         } else {
1502                 IPW_DEBUG_LED("Enabling LED control.\n");
1503                 priv->config &= ~CFG_NO_LED;
1504                 ipw_led_init(priv);
1505         }
1506
1507         IPW_DEBUG_INFO("exit\n");
1508         return count;
1509 }
1510
1511 static DEVICE_ATTR(led, S_IWUSR | S_IRUGO, show_led, store_led);
1512
1513 static ssize_t show_status(struct device *d,
1514                            struct device_attribute *attr, char *buf)
1515 {
1516         struct ipw_priv *p = d->driver_data;
1517         return sprintf(buf, "0x%08x\n", (int)p->status);
1518 }
1519
1520 static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
1521
1522 static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
1523                         char *buf)
1524 {
1525         struct ipw_priv *p = d->driver_data;
1526         return sprintf(buf, "0x%08x\n", (int)p->config);
1527 }
1528
1529 static DEVICE_ATTR(cfg, S_IRUGO, show_cfg, NULL);
1530
1531 static ssize_t show_nic_type(struct device *d,
1532                              struct device_attribute *attr, char *buf)
1533 {
1534         struct ipw_priv *priv = d->driver_data;
1535         return sprintf(buf, "TYPE: %d\n", priv->nic_type);
1536 }
1537
1538 static DEVICE_ATTR(nic_type, S_IRUGO, show_nic_type, NULL);
1539
1540 static ssize_t show_ucode_version(struct device *d,
1541                                   struct device_attribute *attr, char *buf)
1542 {
1543         u32 len = sizeof(u32), tmp = 0;
1544         struct ipw_priv *p = d->driver_data;
1545
1546         if (ipw_get_ordinal(p, IPW_ORD_STAT_UCODE_VERSION, &tmp, &len))
1547                 return 0;
1548
1549         return sprintf(buf, "0x%08x\n", tmp);
1550 }
1551
1552 static DEVICE_ATTR(ucode_version, S_IWUSR | S_IRUGO, show_ucode_version, NULL);
1553
1554 static ssize_t show_rtc(struct device *d, struct device_attribute *attr,
1555                         char *buf)
1556 {
1557         u32 len = sizeof(u32), tmp = 0;
1558         struct ipw_priv *p = d->driver_data;
1559
1560         if (ipw_get_ordinal(p, IPW_ORD_STAT_RTC, &tmp, &len))
1561                 return 0;
1562
1563         return sprintf(buf, "0x%08x\n", tmp);
1564 }
1565
1566 static DEVICE_ATTR(rtc, S_IWUSR | S_IRUGO, show_rtc, NULL);
1567
1568 /*
1569  * Add a device attribute to view/control the delay between eeprom
1570  * operations.
1571  */
1572 static ssize_t show_eeprom_delay(struct device *d,
1573                                  struct device_attribute *attr, char *buf)
1574 {
1575         int n = ((struct ipw_priv *)d->driver_data)->eeprom_delay;
1576         return sprintf(buf, "%i\n", n);
1577 }
1578 static ssize_t store_eeprom_delay(struct device *d,
1579                                   struct device_attribute *attr,
1580                                   const char *buf, size_t count)
1581 {
1582         struct ipw_priv *p = d->driver_data;
1583         sscanf(buf, "%i", &p->eeprom_delay);
1584         return strnlen(buf, count);
1585 }
1586
1587 static DEVICE_ATTR(eeprom_delay, S_IWUSR | S_IRUGO,
1588                    show_eeprom_delay, store_eeprom_delay);
1589
1590 static ssize_t show_command_event_reg(struct device *d,
1591                                       struct device_attribute *attr, char *buf)
1592 {
1593         u32 reg = 0;
1594         struct ipw_priv *p = d->driver_data;
1595
1596         reg = ipw_read_reg32(p, IPW_INTERNAL_CMD_EVENT);
1597         return sprintf(buf, "0x%08x\n", reg);
1598 }
1599 static ssize_t store_command_event_reg(struct device *d,
1600                                        struct device_attribute *attr,
1601                                        const char *buf, size_t count)
1602 {
1603         u32 reg;
1604         struct ipw_priv *p = d->driver_data;
1605
1606         sscanf(buf, "%x", &reg);
1607         ipw_write_reg32(p, IPW_INTERNAL_CMD_EVENT, reg);
1608         return strnlen(buf, count);
1609 }
1610
1611 static DEVICE_ATTR(command_event_reg, S_IWUSR | S_IRUGO,
1612                    show_command_event_reg, store_command_event_reg);
1613
1614 static ssize_t show_mem_gpio_reg(struct device *d,
1615                                  struct device_attribute *attr, char *buf)
1616 {
1617         u32 reg = 0;
1618         struct ipw_priv *p = d->driver_data;
1619
1620         reg = ipw_read_reg32(p, 0x301100);
1621         return sprintf(buf, "0x%08x\n", reg);
1622 }
1623 static ssize_t store_mem_gpio_reg(struct device *d,
1624                                   struct device_attribute *attr,
1625                                   const char *buf, size_t count)
1626 {
1627         u32 reg;
1628         struct ipw_priv *p = d->driver_data;
1629
1630         sscanf(buf, "%x", &reg);
1631         ipw_write_reg32(p, 0x301100, reg);
1632         return strnlen(buf, count);
1633 }
1634
1635 static DEVICE_ATTR(mem_gpio_reg, S_IWUSR | S_IRUGO,
1636                    show_mem_gpio_reg, store_mem_gpio_reg);
1637
1638 static ssize_t show_indirect_dword(struct device *d,
1639                                    struct device_attribute *attr, char *buf)
1640 {
1641         u32 reg = 0;
1642         struct ipw_priv *priv = d->driver_data;
1643
1644         if (priv->status & STATUS_INDIRECT_DWORD)
1645                 reg = ipw_read_reg32(priv, priv->indirect_dword);
1646         else
1647                 reg = 0;
1648
1649         return sprintf(buf, "0x%08x\n", reg);
1650 }
1651 static ssize_t store_indirect_dword(struct device *d,
1652                                     struct device_attribute *attr,
1653                                     const char *buf, size_t count)
1654 {
1655         struct ipw_priv *priv = d->driver_data;
1656
1657         sscanf(buf, "%x", &priv->indirect_dword);
1658         priv->status |= STATUS_INDIRECT_DWORD;
1659         return strnlen(buf, count);
1660 }
1661
1662 static DEVICE_ATTR(indirect_dword, S_IWUSR | S_IRUGO,
1663                    show_indirect_dword, store_indirect_dword);
1664
1665 static ssize_t show_indirect_byte(struct device *d,
1666                                   struct device_attribute *attr, char *buf)
1667 {
1668         u8 reg = 0;
1669         struct ipw_priv *priv = d->driver_data;
1670
1671         if (priv->status & STATUS_INDIRECT_BYTE)
1672                 reg = ipw_read_reg8(priv, priv->indirect_byte);
1673         else
1674                 reg = 0;
1675
1676         return sprintf(buf, "0x%02x\n", reg);
1677 }
1678 static ssize_t store_indirect_byte(struct device *d,
1679                                    struct device_attribute *attr,
1680                                    const char *buf, size_t count)
1681 {
1682         struct ipw_priv *priv = d->driver_data;
1683
1684         sscanf(buf, "%x", &priv->indirect_byte);
1685         priv->status |= STATUS_INDIRECT_BYTE;
1686         return strnlen(buf, count);
1687 }
1688
1689 static DEVICE_ATTR(indirect_byte, S_IWUSR | S_IRUGO,
1690                    show_indirect_byte, store_indirect_byte);
1691
1692 static ssize_t show_direct_dword(struct device *d,
1693                                  struct device_attribute *attr, char *buf)
1694 {
1695         u32 reg = 0;
1696         struct ipw_priv *priv = d->driver_data;
1697
1698         if (priv->status & STATUS_DIRECT_DWORD)
1699                 reg = ipw_read32(priv, priv->direct_dword);
1700         else
1701                 reg = 0;
1702
1703         return sprintf(buf, "0x%08x\n", reg);
1704 }
1705 static ssize_t store_direct_dword(struct device *d,
1706                                   struct device_attribute *attr,
1707                                   const char *buf, size_t count)
1708 {
1709         struct ipw_priv *priv = d->driver_data;
1710
1711         sscanf(buf, "%x", &priv->direct_dword);
1712         priv->status |= STATUS_DIRECT_DWORD;
1713         return strnlen(buf, count);
1714 }
1715
1716 static DEVICE_ATTR(direct_dword, S_IWUSR | S_IRUGO,
1717                    show_direct_dword, store_direct_dword);
1718
1719 static int rf_kill_active(struct ipw_priv *priv)
1720 {
1721         if (0 == (ipw_read32(priv, 0x30) & 0x10000))
1722                 priv->status |= STATUS_RF_KILL_HW;
1723         else
1724                 priv->status &= ~STATUS_RF_KILL_HW;
1725
1726         return (priv->status & STATUS_RF_KILL_HW) ? 1 : 0;
1727 }
1728
1729 static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
1730                             char *buf)
1731 {
1732         /* 0 - RF kill not enabled
1733            1 - SW based RF kill active (sysfs)
1734            2 - HW based RF kill active
1735            3 - Both HW and SW baed RF kill active */
1736         struct ipw_priv *priv = d->driver_data;
1737         int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
1738             (rf_kill_active(priv) ? 0x2 : 0x0);
1739         return sprintf(buf, "%i\n", val);
1740 }
1741
1742 static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio)
1743 {
1744         if ((disable_radio ? 1 : 0) ==
1745             ((priv->status & STATUS_RF_KILL_SW) ? 1 : 0))
1746                 return 0;
1747
1748         IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
1749                           disable_radio ? "OFF" : "ON");
1750
1751         if (disable_radio) {
1752                 priv->status |= STATUS_RF_KILL_SW;
1753
1754                 if (priv->workqueue) {
1755                         cancel_delayed_work(&priv->request_scan);
1756                         cancel_delayed_work(&priv->request_direct_scan);
1757                         cancel_delayed_work(&priv->request_passive_scan);
1758                         cancel_delayed_work(&priv->scan_event);
1759                 }
1760                 queue_work(priv->workqueue, &priv->down);
1761         } else {
1762                 priv->status &= ~STATUS_RF_KILL_SW;
1763                 if (rf_kill_active(priv)) {
1764                         IPW_DEBUG_RF_KILL("Can not turn radio back on - "
1765                                           "disabled by HW switch\n");
1766                         /* Make sure the RF_KILL check timer is running */
1767                         cancel_delayed_work(&priv->rf_kill);
1768                         queue_delayed_work(priv->workqueue, &priv->rf_kill,
1769                                            round_jiffies_relative(2 * HZ));
1770                 } else
1771                         queue_work(priv->workqueue, &priv->up);
1772         }
1773
1774         return 1;
1775 }
1776
1777 static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
1778                              const char *buf, size_t count)
1779 {
1780         struct ipw_priv *priv = d->driver_data;
1781
1782         ipw_radio_kill_sw(priv, buf[0] == '1');
1783
1784         return count;
1785 }
1786
1787 static DEVICE_ATTR(rf_kill, S_IWUSR | S_IRUGO, show_rf_kill, store_rf_kill);
1788
1789 static ssize_t show_speed_scan(struct device *d, struct device_attribute *attr,
1790                                char *buf)
1791 {
1792         struct ipw_priv *priv = (struct ipw_priv *)d->driver_data;
1793         int pos = 0, len = 0;
1794         if (priv->config & CFG_SPEED_SCAN) {
1795                 while (priv->speed_scan[pos] != 0)
1796                         len += sprintf(&buf[len], "%d ",
1797                                        priv->speed_scan[pos++]);
1798                 return len + sprintf(&buf[len], "\n");
1799         }
1800
1801         return sprintf(buf, "0\n");
1802 }
1803
1804 static ssize_t store_speed_scan(struct device *d, struct device_attribute *attr,
1805                                 const char *buf, size_t count)
1806 {
1807         struct ipw_priv *priv = (struct ipw_priv *)d->driver_data;
1808         int channel, pos = 0;
1809         const char *p = buf;
1810
1811         /* list of space separated channels to scan, optionally ending with 0 */
1812         while ((channel = simple_strtol(p, NULL, 0))) {
1813                 if (pos == MAX_SPEED_SCAN - 1) {
1814                         priv->speed_scan[pos] = 0;
1815                         break;
1816                 }
1817
1818                 if (ieee80211_is_valid_channel(priv->ieee, channel))
1819                         priv->speed_scan[pos++] = channel;
1820                 else
1821                         IPW_WARNING("Skipping invalid channel request: %d\n",
1822                                     channel);
1823                 p = strchr(p, ' ');
1824                 if (!p)
1825                         break;
1826                 while (*p == ' ' || *p == '\t')
1827                         p++;
1828         }
1829
1830         if (pos == 0)
1831                 priv->config &= ~CFG_SPEED_SCAN;
1832         else {
1833                 priv->speed_scan_pos = 0;
1834                 priv->config |= CFG_SPEED_SCAN;
1835         }
1836
1837         return count;
1838 }
1839
1840 static DEVICE_ATTR(speed_scan, S_IWUSR | S_IRUGO, show_speed_scan,
1841                    store_speed_scan);
1842
1843 static ssize_t show_net_stats(struct device *d, struct device_attribute *attr,
1844                               char *buf)
1845 {
1846         struct ipw_priv *priv = (struct ipw_priv *)d->driver_data;
1847         return sprintf(buf, "%c\n", (priv->config & CFG_NET_STATS) ? '1' : '0');
1848 }
1849
1850 static ssize_t store_net_stats(struct device *d, struct device_attribute *attr,
1851                                const char *buf, size_t count)
1852 {
1853         struct ipw_priv *priv = (struct ipw_priv *)d->driver_data;
1854         if (buf[0] == '1')
1855                 priv->config |= CFG_NET_STATS;
1856         else
1857                 priv->config &= ~CFG_NET_STATS;
1858
1859         return count;
1860 }
1861
1862 static DEVICE_ATTR(net_stats, S_IWUSR | S_IRUGO,
1863                    show_net_stats, store_net_stats);
1864
1865 static ssize_t show_channels(struct device *d,
1866                              struct device_attribute *attr,
1867                              char *buf)
1868 {
1869         struct ipw_priv *priv = dev_get_drvdata(d);
1870         const struct ieee80211_geo *geo = ieee80211_get_geo(priv->ieee);
1871         int len = 0, i;
1872
1873         len = sprintf(&buf[len],
1874                       "Displaying %d channels in 2.4Ghz band "
1875                       "(802.11bg):\n", geo->bg_channels);
1876
1877         for (i = 0; i < geo->bg_channels; i++) {
1878                 len += sprintf(&buf[len], "%d: BSS%s%s, %s, Band %s.\n",
1879                                geo->bg[i].channel,
1880                                geo->bg[i].flags & IEEE80211_CH_RADAR_DETECT ?
1881                                " (radar spectrum)" : "",
1882                                ((geo->bg[i].flags & IEEE80211_CH_NO_IBSS) ||
1883                                 (geo->bg[i].flags & IEEE80211_CH_RADAR_DETECT))
1884                                ? "" : ", IBSS",
1885                                geo->bg[i].flags & IEEE80211_CH_PASSIVE_ONLY ?
1886                                "passive only" : "active/passive",
1887                                geo->bg[i].flags & IEEE80211_CH_B_ONLY ?
1888                                "B" : "B/G");
1889         }
1890
1891         len += sprintf(&buf[len],
1892                        "Displaying %d channels in 5.2Ghz band "
1893                        "(802.11a):\n", geo->a_channels);
1894         for (i = 0; i < geo->a_channels; i++) {
1895                 len += sprintf(&buf[len], "%d: BSS%s%s, %s.\n",
1896                                geo->a[i].channel,
1897                                geo->a[i].flags & IEEE80211_CH_RADAR_DETECT ?
1898                                " (radar spectrum)" : "",
1899                                ((geo->a[i].flags & IEEE80211_CH_NO_IBSS) ||
1900                                 (geo->a[i].flags & IEEE80211_CH_RADAR_DETECT))
1901                                ? "" : ", IBSS",
1902                                geo->a[i].flags & IEEE80211_CH_PASSIVE_ONLY ?
1903                                "passive only" : "active/passive");
1904         }
1905
1906         return len;
1907 }
1908
1909 static DEVICE_ATTR(channels, S_IRUSR, show_channels, NULL);
1910
1911 static void notify_wx_assoc_event(struct ipw_priv *priv)
1912 {
1913         union iwreq_data wrqu;
1914         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1915         if (priv->status & STATUS_ASSOCIATED)
1916                 memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
1917         else
1918                 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1919         wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1920 }
1921
1922 static void ipw_irq_tasklet(struct ipw_priv *priv)
1923 {
1924         u32 inta, inta_mask, handled = 0;
1925         unsigned long flags;
1926         int rc = 0;
1927
1928         spin_lock_irqsave(&priv->irq_lock, flags);
1929
1930         inta = ipw_read32(priv, IPW_INTA_RW);
1931         inta_mask = ipw_read32(priv, IPW_INTA_MASK_R);
1932         inta &= (IPW_INTA_MASK_ALL & inta_mask);
1933
1934         /* Add any cached INTA values that need to be handled */
1935         inta |= priv->isr_inta;
1936
1937         spin_unlock_irqrestore(&priv->irq_lock, flags);
1938
1939         spin_lock_irqsave(&priv->lock, flags);
1940
1941         /* handle all the justifications for the interrupt */
1942         if (inta & IPW_INTA_BIT_RX_TRANSFER) {
1943                 ipw_rx(priv);
1944                 handled |= IPW_INTA_BIT_RX_TRANSFER;
1945         }
1946
1947         if (inta & IPW_INTA_BIT_TX_CMD_QUEUE) {
1948                 IPW_DEBUG_HC("Command completed.\n");
1949                 rc = ipw_queue_tx_reclaim(priv, &priv->txq_cmd, -1);
1950                 priv->status &= ~STATUS_HCMD_ACTIVE;
1951                 wake_up_interruptible(&priv->wait_command_queue);
1952                 handled |= IPW_INTA_BIT_TX_CMD_QUEUE;
1953         }
1954
1955         if (inta & IPW_INTA_BIT_TX_QUEUE_1) {
1956                 IPW_DEBUG_TX("TX_QUEUE_1\n");
1957                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[0], 0);
1958                 handled |= IPW_INTA_BIT_TX_QUEUE_1;
1959         }
1960
1961         if (inta & IPW_INTA_BIT_TX_QUEUE_2) {
1962                 IPW_DEBUG_TX("TX_QUEUE_2\n");
1963                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[1], 1);
1964                 handled |= IPW_INTA_BIT_TX_QUEUE_2;
1965         }
1966
1967         if (inta & IPW_INTA_BIT_TX_QUEUE_3) {
1968                 IPW_DEBUG_TX("TX_QUEUE_3\n");
1969                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[2], 2);
1970                 handled |= IPW_INTA_BIT_TX_QUEUE_3;
1971         }
1972
1973         if (inta & IPW_INTA_BIT_TX_QUEUE_4) {
1974                 IPW_DEBUG_TX("TX_QUEUE_4\n");
1975                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[3], 3);
1976                 handled |= IPW_INTA_BIT_TX_QUEUE_4;
1977         }
1978
1979         if (inta & IPW_INTA_BIT_STATUS_CHANGE) {
1980                 IPW_WARNING("STATUS_CHANGE\n");
1981                 handled |= IPW_INTA_BIT_STATUS_CHANGE;
1982         }
1983
1984         if (inta & IPW_INTA_BIT_BEACON_PERIOD_EXPIRED) {
1985                 IPW_WARNING("TX_PERIOD_EXPIRED\n");
1986                 handled |= IPW_INTA_BIT_BEACON_PERIOD_EXPIRED;
1987         }
1988
1989         if (inta & IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE) {
1990                 IPW_WARNING("HOST_CMD_DONE\n");
1991                 handled |= IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE;
1992         }
1993
1994         if (inta & IPW_INTA_BIT_FW_INITIALIZATION_DONE) {
1995                 IPW_WARNING("FW_INITIALIZATION_DONE\n");
1996                 handled |= IPW_INTA_BIT_FW_INITIALIZATION_DONE;
1997         }
1998
1999         if (inta & IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE) {
2000                 IPW_WARNING("PHY_OFF_DONE\n");
2001                 handled |= IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE;
2002         }
2003
2004         if (inta & IPW_INTA_BIT_RF_KILL_DONE) {
2005                 IPW_DEBUG_RF_KILL("RF_KILL_DONE\n");
2006                 priv->status |= STATUS_RF_KILL_HW;
2007                 wake_up_interruptible(&priv->wait_command_queue);
2008                 priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2009                 cancel_delayed_work(&priv->request_scan);
2010                 cancel_delayed_work(&priv->request_direct_scan);
2011                 cancel_delayed_work(&priv->request_passive_scan);
2012                 cancel_delayed_work(&priv->scan_event);
2013                 schedule_work(&priv->link_down);
2014                 queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
2015                 handled |= IPW_INTA_BIT_RF_KILL_DONE;
2016         }
2017
2018         if (inta & IPW_INTA_BIT_FATAL_ERROR) {
2019                 IPW_WARNING("Firmware error detected.  Restarting.\n");
2020                 if (priv->error) {
2021                         IPW_DEBUG_FW("Sysfs 'error' log already exists.\n");
2022                         if (ipw_debug_level & IPW_DL_FW_ERRORS) {
2023                                 struct ipw_fw_error *error =
2024                                     ipw_alloc_error_log(priv);
2025                                 ipw_dump_error_log(priv, error);
2026                                 kfree(error);
2027                         }
2028                 } else {
2029                         priv->error = ipw_alloc_error_log(priv);
2030                         if (priv->error)
2031                                 IPW_DEBUG_FW("Sysfs 'error' log captured.\n");
2032                         else
2033                                 IPW_DEBUG_FW("Error allocating sysfs 'error' "
2034                                              "log.\n");
2035                         if (ipw_debug_level & IPW_DL_FW_ERRORS)
2036                                 ipw_dump_error_log(priv, priv->error);
2037                 }
2038
2039                 /* XXX: If hardware encryption is for WPA/WPA2,
2040                  * we have to notify the supplicant. */
2041                 if (priv->ieee->sec.encrypt) {
2042                         priv->status &= ~STATUS_ASSOCIATED;
2043                         notify_wx_assoc_event(priv);
2044                 }
2045
2046                 /* Keep the restart process from trying to send host
2047                  * commands by clearing the INIT status bit */
2048                 priv->status &= ~STATUS_INIT;
2049
2050                 /* Cancel currently queued command. */
2051                 priv->status &= ~STATUS_HCMD_ACTIVE;
2052                 wake_up_interruptible(&priv->wait_command_queue);
2053
2054                 queue_work(priv->workqueue, &priv->adapter_restart);
2055                 handled |= IPW_INTA_BIT_FATAL_ERROR;
2056         }
2057
2058         if (inta & IPW_INTA_BIT_PARITY_ERROR) {
2059                 IPW_ERROR("Parity error\n");
2060                 handled |= IPW_INTA_BIT_PARITY_ERROR;
2061         }
2062
2063         if (handled != inta) {
2064                 IPW_ERROR("Unhandled INTA bits 0x%08x\n", inta & ~handled);
2065         }
2066
2067         spin_unlock_irqrestore(&priv->lock, flags);
2068
2069         /* enable all interrupts */
2070         ipw_enable_interrupts(priv);
2071 }
2072
2073 #define IPW_CMD(x) case IPW_CMD_ ## x : return #x
2074 static char *get_cmd_string(u8 cmd)
2075 {
2076         switch (cmd) {
2077                 IPW_CMD(HOST_COMPLETE);
2078                 IPW_CMD(POWER_DOWN);
2079                 IPW_CMD(SYSTEM_CONFIG);
2080                 IPW_CMD(MULTICAST_ADDRESS);
2081                 IPW_CMD(SSID);
2082                 IPW_CMD(ADAPTER_ADDRESS);
2083                 IPW_CMD(PORT_TYPE);
2084                 IPW_CMD(RTS_THRESHOLD);
2085                 IPW_CMD(FRAG_THRESHOLD);
2086                 IPW_CMD(POWER_MODE);
2087                 IPW_CMD(WEP_KEY);
2088                 IPW_CMD(TGI_TX_KEY);
2089                 IPW_CMD(SCAN_REQUEST);
2090                 IPW_CMD(SCAN_REQUEST_EXT);
2091                 IPW_CMD(ASSOCIATE);
2092                 IPW_CMD(SUPPORTED_RATES);
2093                 IPW_CMD(SCAN_ABORT);
2094                 IPW_CMD(TX_FLUSH);
2095                 IPW_CMD(QOS_PARAMETERS);
2096                 IPW_CMD(DINO_CONFIG);
2097                 IPW_CMD(RSN_CAPABILITIES);
2098                 IPW_CMD(RX_KEY);
2099                 IPW_CMD(CARD_DISABLE);
2100                 IPW_CMD(SEED_NUMBER);
2101                 IPW_CMD(TX_POWER);
2102                 IPW_CMD(COUNTRY_INFO);
2103                 IPW_CMD(AIRONET_INFO);
2104                 IPW_CMD(AP_TX_POWER);
2105                 IPW_CMD(CCKM_INFO);
2106                 IPW_CMD(CCX_VER_INFO);
2107                 IPW_CMD(SET_CALIBRATION);
2108                 IPW_CMD(SENSITIVITY_CALIB);
2109                 IPW_CMD(RETRY_LIMIT);
2110                 IPW_CMD(IPW_PRE_POWER_DOWN);
2111                 IPW_CMD(VAP_BEACON_TEMPLATE);
2112                 IPW_CMD(VAP_DTIM_PERIOD);
2113                 IPW_CMD(EXT_SUPPORTED_RATES);
2114                 IPW_CMD(VAP_LOCAL_TX_PWR_CONSTRAINT);
2115                 IPW_CMD(VAP_QUIET_INTERVALS);
2116                 IPW_CMD(VAP_CHANNEL_SWITCH);
2117                 IPW_CMD(VAP_MANDATORY_CHANNELS);
2118                 IPW_CMD(VAP_CELL_PWR_LIMIT);
2119                 IPW_CMD(VAP_CF_PARAM_SET);
2120                 IPW_CMD(VAP_SET_BEACONING_STATE);
2121                 IPW_CMD(MEASUREMENT);
2122                 IPW_CMD(POWER_CAPABILITY);
2123                 IPW_CMD(SUPPORTED_CHANNELS);
2124                 IPW_CMD(TPC_REPORT);
2125                 IPW_CMD(WME_INFO);
2126                 IPW_CMD(PRODUCTION_COMMAND);
2127         default:
2128                 return "UNKNOWN";
2129         }
2130 }
2131
2132 #define HOST_COMPLETE_TIMEOUT HZ
2133
2134 static int __ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd)
2135 {
2136         int rc = 0;
2137         unsigned long flags;
2138
2139         spin_lock_irqsave(&priv->lock, flags);
2140         if (priv->status & STATUS_HCMD_ACTIVE) {
2141                 IPW_ERROR("Failed to send %s: Already sending a command.\n",
2142                           get_cmd_string(cmd->cmd));
2143                 spin_unlock_irqrestore(&priv->lock, flags);
2144                 return -EAGAIN;
2145         }
2146
2147         priv->status |= STATUS_HCMD_ACTIVE;
2148
2149         if (priv->cmdlog) {
2150                 priv->cmdlog[priv->cmdlog_pos].jiffies = jiffies;
2151                 priv->cmdlog[priv->cmdlog_pos].cmd.cmd = cmd->cmd;
2152                 priv->cmdlog[priv->cmdlog_pos].cmd.len = cmd->len;
2153                 memcpy(priv->cmdlog[priv->cmdlog_pos].cmd.param, cmd->param,
2154                        cmd->len);
2155                 priv->cmdlog[priv->cmdlog_pos].retcode = -1;
2156         }
2157
2158         IPW_DEBUG_HC("%s command (#%d) %d bytes: 0x%08X\n",
2159                      get_cmd_string(cmd->cmd), cmd->cmd, cmd->len,
2160                      priv->status);
2161
2162 #ifndef DEBUG_CMD_WEP_KEY
2163         if (cmd->cmd == IPW_CMD_WEP_KEY)
2164                 IPW_DEBUG_HC("WEP_KEY command masked out for secure.\n");
2165         else
2166 #endif
2167                 printk_buf(IPW_DL_HOST_COMMAND, (u8 *) cmd->param, cmd->len);
2168
2169         rc = ipw_queue_tx_hcmd(priv, cmd->cmd, cmd->param, cmd->len, 0);
2170         if (rc) {
2171                 priv->status &= ~STATUS_HCMD_ACTIVE;
2172                 IPW_ERROR("Failed to send %s: Reason %d\n",
2173                           get_cmd_string(cmd->cmd), rc);
2174                 spin_unlock_irqrestore(&priv->lock, flags);
2175                 goto exit;
2176         }
2177         spin_unlock_irqrestore(&priv->lock, flags);
2178
2179         rc = wait_event_interruptible_timeout(priv->wait_command_queue,
2180                                               !(priv->
2181                                                 status & STATUS_HCMD_ACTIVE),
2182                                               HOST_COMPLETE_TIMEOUT);
2183         if (rc == 0) {
2184                 spin_lock_irqsave(&priv->lock, flags);
2185                 if (priv->status & STATUS_HCMD_ACTIVE) {
2186                         IPW_ERROR("Failed to send %s: Command timed out.\n",
2187                                   get_cmd_string(cmd->cmd));
2188                         priv->status &= ~STATUS_HCMD_ACTIVE;
2189                         spin_unlock_irqrestore(&priv->lock, flags);
2190                         rc = -EIO;
2191                         goto exit;
2192                 }
2193                 spin_unlock_irqrestore(&priv->lock, flags);
2194         } else
2195                 rc = 0;
2196
2197         if (priv->status & STATUS_RF_KILL_HW) {
2198                 IPW_ERROR("Failed to send %s: Aborted due to RF kill switch.\n",
2199                           get_cmd_string(cmd->cmd));
2200                 rc = -EIO;
2201                 goto exit;
2202         }
2203
2204       exit:
2205         if (priv->cmdlog) {
2206                 priv->cmdlog[priv->cmdlog_pos++].retcode = rc;
2207                 priv->cmdlog_pos %= priv->cmdlog_len;
2208         }
2209         return rc;
2210 }
2211
2212 static int ipw_send_cmd_simple(struct ipw_priv *priv, u8 command)
2213 {
2214         struct host_cmd cmd = {
2215                 .cmd = command,
2216         };
2217
2218         return __ipw_send_cmd(priv, &cmd);
2219 }
2220
2221 static int ipw_send_cmd_pdu(struct ipw_priv *priv, u8 command, u8 len,
2222                             void *data)
2223 {
2224         struct host_cmd cmd = {
2225                 .cmd = command,
2226                 .len = len,
2227                 .param = data,
2228         };
2229
2230         return __ipw_send_cmd(priv, &cmd);
2231 }
2232
2233 static int ipw_send_host_complete(struct ipw_priv *priv)
2234 {
2235         if (!priv) {
2236                 IPW_ERROR("Invalid args\n");
2237                 return -1;
2238         }
2239
2240         return ipw_send_cmd_simple(priv, IPW_CMD_HOST_COMPLETE);
2241 }
2242
2243 static int ipw_send_system_config(struct ipw_priv *priv)
2244 {
2245         return ipw_send_cmd_pdu(priv, IPW_CMD_SYSTEM_CONFIG,
2246                                 sizeof(priv->sys_config),
2247                                 &priv->sys_config);
2248 }
2249
2250 static int ipw_send_ssid(struct ipw_priv *priv, u8 * ssid, int len)
2251 {
2252         if (!priv || !ssid) {
2253                 IPW_ERROR("Invalid args\n");
2254                 return -1;
2255         }
2256
2257         return ipw_send_cmd_pdu(priv, IPW_CMD_SSID, min(len, IW_ESSID_MAX_SIZE),
2258                                 ssid);
2259 }
2260
2261 static int ipw_send_adapter_address(struct ipw_priv *priv, u8 * mac)
2262 {
2263         if (!priv || !mac) {
2264                 IPW_ERROR("Invalid args\n");
2265                 return -1;
2266         }
2267
2268         IPW_DEBUG_INFO("%s: Setting MAC to %s\n",
2269                        priv->net_dev->name, print_mac(mac, mac));
2270
2271         return ipw_send_cmd_pdu(priv, IPW_CMD_ADAPTER_ADDRESS, ETH_ALEN, mac);
2272 }
2273
2274 /*
2275  * NOTE: This must be executed from our workqueue as it results in udelay
2276  * being called which may corrupt the keyboard if executed on default
2277  * workqueue
2278  */
2279 static void ipw_adapter_restart(void *adapter)
2280 {
2281         struct ipw_priv *priv = adapter;
2282
2283         if (priv->status & STATUS_RF_KILL_MASK)
2284                 return;
2285
2286         ipw_down(priv);
2287
2288         if (priv->assoc_network &&
2289             (priv->assoc_network->capability & WLAN_CAPABILITY_IBSS))
2290                 ipw_remove_current_network(priv);
2291
2292         if (ipw_up(priv)) {
2293                 IPW_ERROR("Failed to up device\n");
2294                 return;
2295         }
2296 }
2297
2298 static void ipw_bg_adapter_restart(struct work_struct *work)
2299 {
2300         struct ipw_priv *priv =
2301                 container_of(work, struct ipw_priv, adapter_restart);
2302         mutex_lock(&priv->mutex);
2303         ipw_adapter_restart(priv);
2304         mutex_unlock(&priv->mutex);
2305 }
2306
2307 #define IPW_SCAN_CHECK_WATCHDOG (5 * HZ)
2308
2309 static void ipw_scan_check(void *data)
2310 {
2311         struct ipw_priv *priv = data;
2312         if (priv->status & (STATUS_SCANNING | STATUS_SCAN_ABORTING)) {
2313                 IPW_DEBUG_SCAN("Scan completion watchdog resetting "
2314                                "adapter after (%dms).\n",
2315                                jiffies_to_msecs(IPW_SCAN_CHECK_WATCHDOG));
2316                 queue_work(priv->workqueue, &priv->adapter_restart);
2317         }
2318 }
2319
2320 static void ipw_bg_scan_check(struct work_struct *work)
2321 {
2322         struct ipw_priv *priv =
2323                 container_of(work, struct ipw_priv, scan_check.work);
2324         mutex_lock(&priv->mutex);
2325         ipw_scan_check(priv);
2326         mutex_unlock(&priv->mutex);
2327 }
2328
2329 static int ipw_send_scan_request_ext(struct ipw_priv *priv,
2330                                      struct ipw_scan_request_ext *request)
2331 {
2332         return ipw_send_cmd_pdu(priv, IPW_CMD_SCAN_REQUEST_EXT,
2333                                 sizeof(*request), request);
2334 }
2335
2336 static int ipw_send_scan_abort(struct ipw_priv *priv)
2337 {
2338         if (!priv) {
2339                 IPW_ERROR("Invalid args\n");
2340                 return -1;
2341         }
2342
2343         return ipw_send_cmd_simple(priv, IPW_CMD_SCAN_ABORT);
2344 }
2345
2346 static int ipw_set_sensitivity(struct ipw_priv *priv, u16 sens)
2347 {
2348         struct ipw_sensitivity_calib calib = {
2349                 .beacon_rssi_raw = cpu_to_le16(sens),
2350         };
2351
2352         return ipw_send_cmd_pdu(priv, IPW_CMD_SENSITIVITY_CALIB, sizeof(calib),
2353                                 &calib);
2354 }
2355
2356 static int ipw_send_associate(struct ipw_priv *priv,
2357                               struct ipw_associate *associate)
2358 {
2359         if (!priv || !associate) {
2360                 IPW_ERROR("Invalid args\n");
2361                 return -1;
2362         }
2363
2364         return ipw_send_cmd_pdu(priv, IPW_CMD_ASSOCIATE, sizeof(*associate),
2365                                 associate);
2366 }
2367
2368 static int ipw_send_supported_rates(struct ipw_priv *priv,
2369                                     struct ipw_supported_rates *rates)
2370 {
2371         if (!priv || !rates) {
2372                 IPW_ERROR("Invalid args\n");
2373                 return -1;
2374         }
2375
2376         return ipw_send_cmd_pdu(priv, IPW_CMD_SUPPORTED_RATES, sizeof(*rates),
2377                                 rates);
2378 }
2379
2380 static int ipw_set_random_seed(struct ipw_priv *priv)
2381 {
2382         u32 val;
2383
2384         if (!priv) {
2385                 IPW_ERROR("Invalid args\n");
2386                 return -1;
2387         }
2388
2389         get_random_bytes(&val, sizeof(val));
2390
2391         return ipw_send_cmd_pdu(priv, IPW_CMD_SEED_NUMBER, sizeof(val), &val);
2392 }
2393
2394 static int ipw_send_card_disable(struct ipw_priv *priv, u32 phy_off)
2395 {
2396         __le32 v = cpu_to_le32(phy_off);
2397         if (!priv) {
2398                 IPW_ERROR("Invalid args\n");
2399                 return -1;
2400         }
2401
2402         return ipw_send_cmd_pdu(priv, IPW_CMD_CARD_DISABLE, sizeof(v), &v);
2403 }
2404
2405 static int ipw_send_tx_power(struct ipw_priv *priv, struct ipw_tx_power *power)
2406 {
2407         if (!priv || !power) {
2408                 IPW_ERROR("Invalid args\n");
2409                 return -1;
2410         }
2411
2412         return ipw_send_cmd_pdu(priv, IPW_CMD_TX_POWER, sizeof(*power), power);
2413 }
2414
2415 static int ipw_set_tx_power(struct ipw_priv *priv)
2416 {
2417         const struct ieee80211_geo *geo = ieee80211_get_geo(priv->ieee);
2418         struct ipw_tx_power tx_power;
2419         s8 max_power;
2420         int i;
2421
2422         memset(&tx_power, 0, sizeof(tx_power));
2423
2424         /* configure device for 'G' band */
2425         tx_power.ieee_mode = IPW_G_MODE;
2426         tx_power.num_channels = geo->bg_channels;
2427         for (i = 0; i < geo->bg_channels; i++) {
2428                 max_power = geo->bg[i].max_power;
2429                 tx_power.channels_tx_power[i].channel_number =
2430                     geo->bg[i].channel;
2431                 tx_power.channels_tx_power[i].tx_power = max_power ?
2432                     min(max_power, priv->tx_power) : priv->tx_power;
2433         }
2434         if (ipw_send_tx_power(priv, &tx_power))
2435                 return -EIO;
2436
2437         /* configure device to also handle 'B' band */
2438         tx_power.ieee_mode = IPW_B_MODE;
2439         if (ipw_send_tx_power(priv, &tx_power))
2440                 return -EIO;
2441
2442         /* configure device to also handle 'A' band */
2443         if (priv->ieee->abg_true) {
2444                 tx_power.ieee_mode = IPW_A_MODE;
2445                 tx_power.num_channels = geo->a_channels;
2446                 for (i = 0; i < tx_power.num_channels; i++) {
2447                         max_power = geo->a[i].max_power;
2448                         tx_power.channels_tx_power[i].channel_number =
2449                             geo->a[i].channel;
2450                         tx_power.channels_tx_power[i].tx_power = max_power ?
2451                             min(max_power, priv->tx_power) : priv->tx_power;
2452                 }
2453                 if (ipw_send_tx_power(priv, &tx_power))
2454                         return -EIO;
2455         }
2456         return 0;
2457 }
2458
2459 static int ipw_send_rts_threshold(struct ipw_priv *priv, u16 rts)
2460 {
2461         struct ipw_rts_threshold rts_threshold = {
2462                 .rts_threshold = cpu_to_le16(rts),
2463         };
2464
2465         if (!priv) {
2466                 IPW_ERROR("Invalid args\n");
2467                 return -1;
2468         }
2469
2470         return ipw_send_cmd_pdu(priv, IPW_CMD_RTS_THRESHOLD,
2471                                 sizeof(rts_threshold), &rts_threshold);
2472 }
2473
2474 static int ipw_send_frag_threshold(struct ipw_priv *priv, u16 frag)
2475 {
2476         struct ipw_frag_threshold frag_threshold = {
2477                 .frag_threshold = cpu_to_le16(frag),
2478         };
2479
2480         if (!priv) {
2481                 IPW_ERROR("Invalid args\n");
2482                 return -1;
2483         }
2484
2485         return ipw_send_cmd_pdu(priv, IPW_CMD_FRAG_THRESHOLD,
2486                                 sizeof(frag_threshold), &frag_threshold);
2487 }
2488
2489 static int ipw_send_power_mode(struct ipw_priv *priv, u32 mode)
2490 {
2491         __le32 param;
2492
2493         if (!priv) {
2494                 IPW_ERROR("Invalid args\n");
2495                 return -1;
2496         }
2497
2498         /* If on battery, set to 3, if AC set to CAM, else user
2499          * level */
2500         switch (mode) {
2501         case IPW_POWER_BATTERY:
2502                 param = cpu_to_le32(IPW_POWER_INDEX_3);
2503                 break;
2504         case IPW_POWER_AC:
2505                 param = cpu_to_le32(IPW_POWER_MODE_CAM);
2506                 break;
2507         default:
2508                 param = cpu_to_le32(mode);
2509                 break;
2510         }
2511
2512         return ipw_send_cmd_pdu(priv, IPW_CMD_POWER_MODE, sizeof(param),
2513                                 &param);
2514 }
2515
2516 static int ipw_send_retry_limit(struct ipw_priv *priv, u8 slimit, u8 llimit)
2517 {
2518         struct ipw_retry_limit retry_limit = {
2519                 .short_retry_limit = slimit,
2520                 .long_retry_limit = llimit
2521         };
2522
2523         if (!priv) {
2524                 IPW_ERROR("Invalid args\n");
2525                 return -1;
2526         }
2527
2528         return ipw_send_cmd_pdu(priv, IPW_CMD_RETRY_LIMIT, sizeof(retry_limit),
2529                                 &retry_limit);
2530 }
2531
2532 /*
2533  * The IPW device contains a Microwire compatible EEPROM that stores
2534  * various data like the MAC address.  Usually the firmware has exclusive
2535  * access to the eeprom, but during device initialization (before the
2536  * device driver has sent the HostComplete command to the firmware) the
2537  * device driver has read access to the EEPROM by way of indirect addressing
2538  * through a couple of memory mapped registers.
2539  *
2540  * The following is a simplified implementation for pulling data out of the
2541  * the eeprom, along with some helper functions to find information in
2542  * the per device private data's copy of the eeprom.
2543  *
2544  * NOTE: To better understand how these functions work (i.e what is a chip
2545  *       select and why do have to keep driving the eeprom clock?), read
2546  *       just about any data sheet for a Microwire compatible EEPROM.
2547  */
2548
2549 /* write a 32 bit value into the indirect accessor register */
2550 static inline void eeprom_write_reg(struct ipw_priv *p, u32 data)
2551 {
2552         ipw_write_reg32(p, FW_MEM_REG_EEPROM_ACCESS, data);
2553
2554         /* the eeprom requires some time to complete the operation */
2555         udelay(p->eeprom_delay);
2556
2557         return;
2558 }
2559
2560 /* perform a chip select operation */
2561 static void eeprom_cs(struct ipw_priv *priv)
2562 {
2563         eeprom_write_reg(priv, 0);
2564         eeprom_write_reg(priv, EEPROM_BIT_CS);
2565         eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2566         eeprom_write_reg(priv, EEPROM_BIT_CS);
2567 }
2568
2569 /* perform a chip select operation */
2570 static void eeprom_disable_cs(struct ipw_priv *priv)
2571 {
2572         eeprom_write_reg(priv, EEPROM_BIT_CS);
2573         eeprom_write_reg(priv, 0);
2574         eeprom_write_reg(priv, EEPROM_BIT_SK);
2575 }
2576
2577 /* push a single bit down to the eeprom */
2578 static inline void eeprom_write_bit(struct ipw_priv *p, u8 bit)
2579 {
2580         int d = (bit ? EEPROM_BIT_DI : 0);
2581         eeprom_write_reg(p, EEPROM_BIT_CS | d);
2582         eeprom_write_reg(p, EEPROM_BIT_CS | d | EEPROM_BIT_SK);
2583 }
2584
2585 /* push an opcode followed by an address down to the eeprom */
2586 static void eeprom_op(struct ipw_priv *priv, u8 op, u8 addr)
2587 {
2588         int i;
2589
2590         eeprom_cs(priv);
2591         eeprom_write_bit(priv, 1);
2592         eeprom_write_bit(priv, op & 2);
2593         eeprom_write_bit(priv, op & 1);
2594         for (i = 7; i >= 0; i--) {
2595                 eeprom_write_bit(priv, addr & (1 << i));
2596         }
2597 }
2598
2599 /* pull 16 bits off the eeprom, one bit at a time */
2600 static u16 eeprom_read_u16(struct ipw_priv *priv, u8 addr)
2601 {
2602         int i;
2603         u16 r = 0;
2604
2605         /* Send READ Opcode */
2606         eeprom_op(priv, EEPROM_CMD_READ, addr);
2607
2608         /* Send dummy bit */
2609         eeprom_write_reg(priv, EEPROM_BIT_CS);
2610
2611         /* Read the byte off the eeprom one bit at a time */
2612         for (i = 0; i < 16; i++) {
2613                 u32 data = 0;
2614                 eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2615                 eeprom_write_reg(priv, EEPROM_BIT_CS);
2616                 data = ipw_read_reg32(priv, FW_MEM_REG_EEPROM_ACCESS);
2617                 r = (r << 1) | ((data & EEPROM_BIT_DO) ? 1 : 0);
2618         }
2619
2620         /* Send another dummy bit */
2621         eeprom_write_reg(priv, 0);
2622         eeprom_disable_cs(priv);
2623
2624         return r;
2625 }
2626
2627 /* helper function for pulling the mac address out of the private */
2628 /* data's copy of the eeprom data                                 */
2629 static void eeprom_parse_mac(struct ipw_priv *priv, u8 * mac)
2630 {
2631         memcpy(mac, &priv->eeprom[EEPROM_MAC_ADDRESS], 6);
2632 }
2633
2634 /*
2635  * Either the device driver (i.e. the host) or the firmware can
2636  * load eeprom data into the designated region in SRAM.  If neither
2637  * happens then the FW will shutdown with a fatal error.
2638  *
2639  * In order to signal the FW to load the EEPROM, the EEPROM_LOAD_DISABLE
2640  * bit needs region of shared SRAM needs to be non-zero.
2641  */
2642 static void ipw_eeprom_init_sram(struct ipw_priv *priv)
2643 {
2644         int i;
2645         __le16 *eeprom = (__le16 *) priv->eeprom;
2646
2647         IPW_DEBUG_TRACE(">>\n");
2648
2649         /* read entire contents of eeprom into private buffer */
2650         for (i = 0; i < 128; i++)
2651                 eeprom[i] = cpu_to_le16(eeprom_read_u16(priv, (u8) i));
2652
2653         /*
2654            If the data looks correct, then copy it to our private
2655            copy.  Otherwise let the firmware know to perform the operation
2656            on its own.
2657          */
2658         if (priv->eeprom[EEPROM_VERSION] != 0) {
2659                 IPW_DEBUG_INFO("Writing EEPROM data into SRAM\n");
2660
2661                 /* write the eeprom data to sram */
2662                 for (i = 0; i < IPW_EEPROM_IMAGE_SIZE; i++)
2663                         ipw_write8(priv, IPW_EEPROM_DATA + i, priv->eeprom[i]);
2664
2665                 /* Do not load eeprom data on fatal error or suspend */
2666                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
2667         } else {
2668                 IPW_DEBUG_INFO("Enabling FW initializationg of SRAM\n");
2669
2670                 /* Load eeprom data on fatal error or suspend */
2671                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 1);
2672         }
2673
2674         IPW_DEBUG_TRACE("<<\n");
2675 }
2676
2677 static void ipw_zero_memory(struct ipw_priv *priv, u32 start, u32 count)
2678 {
2679         count >>= 2;
2680         if (!count)
2681                 return;
2682         _ipw_write32(priv, IPW_AUTOINC_ADDR, start);
2683         while (count--)
2684                 _ipw_write32(priv, IPW_AUTOINC_DATA, 0);
2685 }
2686
2687 static inline void ipw_fw_dma_reset_command_blocks(struct ipw_priv *priv)
2688 {
2689         ipw_zero_memory(priv, IPW_SHARED_SRAM_DMA_CONTROL,
2690                         CB_NUMBER_OF_ELEMENTS_SMALL *
2691                         sizeof(struct command_block));
2692 }
2693
2694 static int ipw_fw_dma_enable(struct ipw_priv *priv)
2695 {                               /* start dma engine but no transfers yet */
2696
2697         IPW_DEBUG_FW(">> : \n");
2698
2699         /* Start the dma */
2700         ipw_fw_dma_reset_command_blocks(priv);
2701
2702         /* Write CB base address */
2703         ipw_write_reg32(priv, IPW_DMA_I_CB_BASE, IPW_SHARED_SRAM_DMA_CONTROL);
2704
2705         IPW_DEBUG_FW("<< : \n");
2706         return 0;
2707 }
2708
2709 static void ipw_fw_dma_abort(struct ipw_priv *priv)
2710 {
2711         u32 control = 0;
2712
2713         IPW_DEBUG_FW(">> :\n");
2714
2715         /* set the Stop and Abort bit */
2716         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_STOP_AND_ABORT;
2717         ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2718         priv->sram_desc.last_cb_index = 0;
2719
2720         IPW_DEBUG_FW("<< \n");
2721 }
2722
2723 static int ipw_fw_dma_write_command_block(struct ipw_priv *priv, int index,
2724                                           struct command_block *cb)
2725 {
2726         u32 address =
2727             IPW_SHARED_SRAM_DMA_CONTROL +
2728             (sizeof(struct command_block) * index);
2729         IPW_DEBUG_FW(">> :\n");
2730
2731         ipw_write_indirect(priv, address, (u8 *) cb,
2732                            (int)sizeof(struct command_block));
2733
2734         IPW_DEBUG_FW("<< :\n");
2735         return 0;
2736
2737 }
2738
2739 static int ipw_fw_dma_kick(struct ipw_priv *priv)
2740 {
2741         u32 control = 0;
2742         u32 index = 0;
2743
2744         IPW_DEBUG_FW(">> :\n");
2745
2746         for (index = 0; index < priv->sram_desc.last_cb_index; index++)
2747                 ipw_fw_dma_write_command_block(priv, index,
2748                                                &priv->sram_desc.cb_list[index]);
2749
2750         /* Enable the DMA in the CSR register */
2751         ipw_clear_bit(priv, IPW_RESET_REG,
2752                       IPW_RESET_REG_MASTER_DISABLED |
2753                       IPW_RESET_REG_STOP_MASTER);
2754
2755         /* Set the Start bit. */
2756         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_START;
2757         ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2758
2759         IPW_DEBUG_FW("<< :\n");
2760         return 0;
2761 }
2762
2763 static void ipw_fw_dma_dump_command_block(struct ipw_priv *priv)
2764 {
2765         u32 address;
2766         u32 register_value = 0;
2767         u32 cb_fields_address = 0;
2768
2769         IPW_DEBUG_FW(">> :\n");
2770         address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2771         IPW_DEBUG_FW_INFO("Current CB is 0x%x \n", address);
2772
2773         /* Read the DMA Controlor register */
2774         register_value = ipw_read_reg32(priv, IPW_DMA_I_DMA_CONTROL);
2775         IPW_DEBUG_FW_INFO("IPW_DMA_I_DMA_CONTROL is 0x%x \n", register_value);
2776
2777         /* Print the CB values */
2778         cb_fields_address = address;
2779         register_value = ipw_read_reg32(priv, cb_fields_address);
2780         IPW_DEBUG_FW_INFO("Current CB ControlField is 0x%x \n", register_value);
2781
2782         cb_fields_address += sizeof(u32);
2783         register_value = ipw_read_reg32(priv, cb_fields_address);
2784         IPW_DEBUG_FW_INFO("Current CB Source Field is 0x%x \n", register_value);
2785
2786         cb_fields_address += sizeof(u32);
2787         register_value = ipw_read_reg32(priv, cb_fields_address);
2788         IPW_DEBUG_FW_INFO("Current CB Destination Field is 0x%x \n",
2789                           register_value);
2790
2791         cb_fields_address += sizeof(u32);
2792         register_value = ipw_read_reg32(priv, cb_fields_address);
2793         IPW_DEBUG_FW_INFO("Current CB Status Field is 0x%x \n", register_value);
2794
2795         IPW_DEBUG_FW(">> :\n");
2796 }
2797
2798 static int ipw_fw_dma_command_block_index(struct ipw_priv *priv)
2799 {
2800         u32 current_cb_address = 0;
2801         u32 current_cb_index = 0;
2802
2803         IPW_DEBUG_FW("<< :\n");
2804         current_cb_address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2805
2806         current_cb_index = (current_cb_address - IPW_SHARED_SRAM_DMA_CONTROL) /
2807             sizeof(struct command_block);
2808
2809         IPW_DEBUG_FW_INFO("Current CB index 0x%x address = 0x%X \n",
2810                           current_cb_index, current_cb_address);
2811
2812         IPW_DEBUG_FW(">> :\n");
2813         return current_cb_index;
2814
2815 }
2816
2817 static int ipw_fw_dma_add_command_block(struct ipw_priv *priv,
2818                                         u32 src_address,
2819                                         u32 dest_address,
2820                                         u32 length,
2821                                         int interrupt_enabled, int is_last)
2822 {
2823
2824         u32 control = CB_VALID | CB_SRC_LE | CB_DEST_LE | CB_SRC_AUTOINC |
2825             CB_SRC_IO_GATED | CB_DEST_AUTOINC | CB_SRC_SIZE_LONG |
2826             CB_DEST_SIZE_LONG;
2827         struct command_block *cb;
2828         u32 last_cb_element = 0;
2829
2830         IPW_DEBUG_FW_INFO("src_address=0x%x dest_address=0x%x length=0x%x\n",
2831                           src_address, dest_address, length);
2832
2833         if (priv->sram_desc.last_cb_index >= CB_NUMBER_OF_ELEMENTS_SMALL)
2834                 return -1;
2835
2836         last_cb_element = priv->sram_desc.last_cb_index;
2837         cb = &priv->sram_desc.cb_list[last_cb_element];
2838         priv->sram_desc.last_cb_index++;
2839
2840         /* Calculate the new CB control word */
2841         if (interrupt_enabled)
2842                 control |= CB_INT_ENABLED;
2843
2844         if (is_last)
2845                 control |= CB_LAST_VALID;
2846
2847         control |= length;
2848
2849         /* Calculate the CB Element's checksum value */
2850         cb->status = control ^ src_address ^ dest_address;
2851
2852         /* Copy the Source and Destination addresses */
2853         cb->dest_addr = dest_address;
2854         cb->source_addr = src_address;
2855
2856         /* Copy the Control Word last */
2857         cb->control = control;
2858
2859         return 0;
2860 }
2861
2862 static int ipw_fw_dma_add_buffer(struct ipw_priv *priv,
2863                                  u32 src_phys, u32 dest_address, u32 length)
2864 {
2865         u32 bytes_left = length;
2866         u32 src_offset = 0;
2867         u32 dest_offset = 0;
2868         int status = 0;
2869         IPW_DEBUG_FW(">> \n");
2870         IPW_DEBUG_FW_INFO("src_phys=0x%x dest_address=0x%x length=0x%x\n",
2871                           src_phys, dest_address, length);
2872         while (bytes_left > CB_MAX_LENGTH) {
2873                 status = ipw_fw_dma_add_command_block(priv,
2874                                                       src_phys + src_offset,
2875                                                       dest_address +
2876                                                       dest_offset,
2877                                                       CB_MAX_LENGTH, 0, 0);
2878                 if (status) {
2879                         IPW_DEBUG_FW_INFO(": Failed\n");
2880                         return -1;
2881                 } else
2882                         IPW_DEBUG_FW_INFO(": Added new cb\n");
2883
2884                 src_offset += CB_MAX_LENGTH;
2885                 dest_offset += CB_MAX_LENGTH;
2886                 bytes_left -= CB_MAX_LENGTH;
2887         }
2888
2889         /* add the buffer tail */
2890         if (bytes_left > 0) {
2891                 status =
2892                     ipw_fw_dma_add_command_block(priv, src_phys + src_offset,
2893                                                  dest_address + dest_offset,
2894                                                  bytes_left, 0, 0);
2895                 if (status) {
2896                         IPW_DEBUG_FW_INFO(": Failed on the buffer tail\n");
2897                         return -1;
2898                 } else
2899                         IPW_DEBUG_FW_INFO
2900                             (": Adding new cb - the buffer tail\n");
2901         }
2902
2903         IPW_DEBUG_FW("<< \n");
2904         return 0;
2905 }
2906
2907 static int ipw_fw_dma_wait(struct ipw_priv *priv)
2908 {
2909         u32 current_index = 0, previous_index;
2910         u32 watchdog = 0;
2911
2912         IPW_DEBUG_FW(">> : \n");
2913
2914         current_index = ipw_fw_dma_command_block_index(priv);
2915         IPW_DEBUG_FW_INFO("sram_desc.last_cb_index:0x%08X\n",
2916                           (int)priv->sram_desc.last_cb_index);
2917
2918         while (current_index < priv->sram_desc.last_cb_index) {
2919                 udelay(50);
2920                 previous_index = current_index;
2921                 current_index = ipw_fw_dma_command_block_index(priv);
2922
2923                 if (previous_index < current_index) {
2924                         watchdog = 0;
2925                         continue;
2926                 }
2927                 if (++watchdog > 400) {
2928                         IPW_DEBUG_FW_INFO("Timeout\n");
2929                         ipw_fw_dma_dump_command_block(priv);
2930                         ipw_fw_dma_abort(priv);
2931                         return -1;
2932                 }
2933         }
2934
2935         ipw_fw_dma_abort(priv);
2936
2937         /*Disable the DMA in the CSR register */
2938         ipw_set_bit(priv, IPW_RESET_REG,
2939                     IPW_RESET_REG_MASTER_DISABLED | IPW_RESET_REG_STOP_MASTER);
2940
2941         IPW_DEBUG_FW("<< dmaWaitSync \n");
2942         return 0;
2943 }
2944
2945 static void ipw_remove_current_network(struct ipw_priv *priv)
2946 {
2947         struct list_head *element, *safe;
2948         struct ieee80211_network *network = NULL;
2949         unsigned long flags;
2950
2951         spin_lock_irqsave(&priv->ieee->lock, flags);
2952         list_for_each_safe(element, safe, &priv->ieee->network_list) {
2953                 network = list_entry(element, struct ieee80211_network, list);
2954                 if (!memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
2955                         list_del(element);
2956                         list_add_tail(&network->list,
2957                                       &priv->ieee->network_free_list);
2958                 }
2959         }
2960         spin_unlock_irqrestore(&priv->ieee->lock, flags);
2961 }
2962
2963 /**
2964  * Check that card is still alive.
2965  * Reads debug register from domain0.
2966  * If card is present, pre-defined value should
2967  * be found there.
2968  *
2969  * @param priv
2970  * @return 1 if card is present, 0 otherwise
2971  */
2972 static inline int ipw_alive(struct ipw_priv *priv)
2973 {
2974         return ipw_read32(priv, 0x90) == 0xd55555d5;
2975 }
2976
2977 /* timeout in msec, attempted in 10-msec quanta */
2978 static int ipw_poll_bit(struct ipw_priv *priv, u32 addr, u32 mask,
2979                                int timeout)
2980 {
2981         int i = 0;
2982
2983         do {
2984                 if ((ipw_read32(priv, addr) & mask) == mask)
2985                         return i;
2986                 mdelay(10);
2987                 i += 10;
2988         } while (i < timeout);
2989
2990         return -ETIME;
2991 }
2992
2993 /* These functions load the firmware and micro code for the operation of
2994  * the ipw hardware.  It assumes the buffer has all the bits for the
2995  * image and the caller is handling the memory allocation and clean up.
2996  */
2997
2998 static int ipw_stop_master(struct ipw_priv *priv)
2999 {
3000         int rc;
3001
3002         IPW_DEBUG_TRACE(">> \n");
3003         /* stop master. typical delay - 0 */
3004         ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3005
3006         /* timeout is in msec, polled in 10-msec quanta */
3007         rc = ipw_poll_bit(priv, IPW_RESET_REG,
3008                           IPW_RESET_REG_MASTER_DISABLED, 100);
3009         if (rc < 0) {
3010                 IPW_ERROR("wait for stop master failed after 100ms\n");
3011                 return -1;
3012         }
3013
3014         IPW_DEBUG_INFO("stop master %dms\n", rc);
3015
3016         return rc;
3017 }
3018
3019 static void ipw_arc_release(struct ipw_priv *priv)
3020 {
3021         IPW_DEBUG_TRACE(">> \n");
3022         mdelay(5);
3023
3024         ipw_clear_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3025
3026         /* no one knows timing, for safety add some delay */
3027         mdelay(5);
3028 }
3029
3030 struct fw_chunk {
3031         __le32 address;
3032         __le32 length;
3033 };
3034
3035 static int ipw_load_ucode(struct ipw_priv *priv, u8 * data, size_t len)
3036 {
3037         int rc = 0, i, addr;
3038         u8 cr = 0;
3039         __le16 *image;
3040
3041         image = (__le16 *) data;
3042
3043         IPW_DEBUG_TRACE(">> \n");
3044
3045         rc = ipw_stop_master(priv);
3046
3047         if (rc < 0)
3048                 return rc;
3049
3050         for (addr = IPW_SHARED_LOWER_BOUND;
3051              addr < IPW_REGISTER_DOMAIN1_END; addr += 4) {
3052                 ipw_write32(priv, addr, 0);
3053         }
3054
3055         /* no ucode (yet) */
3056         memset(&priv->dino_alive, 0, sizeof(priv->dino_alive));
3057         /* destroy DMA queues */
3058         /* reset sequence */
3059
3060         ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_ON);
3061         ipw_arc_release(priv);
3062         ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_OFF);
3063         mdelay(1);
3064
3065         /* reset PHY */
3066         ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, IPW_BASEBAND_POWER_DOWN);
3067         mdelay(1);
3068
3069         ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, 0);
3070         mdelay(1);
3071
3072         /* enable ucode store */
3073         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0x0);
3074         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_CS);
3075         mdelay(1);
3076
3077         /* write ucode */
3078         /**
3079          * @bug
3080          * Do NOT set indirect address register once and then
3081          * store data to indirect data register in the loop.
3082          * It seems very reasonable, but in this case DINO do not
3083          * accept ucode. It is essential to set address each time.
3084          */
3085         /* load new ipw uCode */
3086         for (i = 0; i < len / 2; i++)
3087                 ipw_write_reg16(priv, IPW_BASEBAND_CONTROL_STORE,
3088                                 le16_to_cpu(image[i]));
3089
3090         /* enable DINO */
3091         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3092         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_SYSTEM);
3093
3094         /* this is where the igx / win driver deveates from the VAP driver. */
3095
3096         /* wait for alive response */
3097         for (i = 0; i < 100; i++) {
3098                 /* poll for incoming data */
3099                 cr = ipw_read_reg8(priv, IPW_BASEBAND_CONTROL_STATUS);
3100                 if (cr & DINO_RXFIFO_DATA)
3101                         break;
3102                 mdelay(1);
3103         }
3104
3105         if (cr & DINO_RXFIFO_DATA) {
3106                 /* alive_command_responce size is NOT multiple of 4 */
3107                 __le32 response_buffer[(sizeof(priv->dino_alive) + 3) / 4];
3108
3109                 for (i = 0; i < ARRAY_SIZE(response_buffer); i++)
3110                         response_buffer[i] =
3111                             cpu_to_le32(ipw_read_reg32(priv,
3112                                                        IPW_BASEBAND_RX_FIFO_READ));
3113                 memcpy(&priv->dino_alive, response_buffer,
3114                        sizeof(priv->dino_alive));
3115                 if (priv->dino_alive.alive_command == 1
3116                     && priv->dino_alive.ucode_valid == 1) {
3117                         rc = 0;
3118                         IPW_DEBUG_INFO
3119                             ("Microcode OK, rev. %d (0x%x) dev. %d (0x%x) "
3120                              "of %02d/%02d/%02d %02d:%02d\n",
3121                              priv->dino_alive.software_revision,
3122                              priv->dino_alive.software_revision,
3123                              priv->dino_alive.device_identifier,
3124                              priv->dino_alive.device_identifier,
3125                              priv->dino_alive.time_stamp[0],
3126                              priv->dino_alive.time_stamp[1],
3127                              priv->dino_alive.time_stamp[2],
3128                              priv->dino_alive.time_stamp[3],
3129                              priv->dino_alive.time_stamp[4]);
3130                 } else {
3131                         IPW_DEBUG_INFO("Microcode is not alive\n");
3132                         rc = -EINVAL;
3133                 }
3134         } else {
3135                 IPW_DEBUG_INFO("No alive response from DINO\n");
3136                 rc = -ETIME;
3137         }
3138
3139         /* disable DINO, otherwise for some reason
3140            firmware have problem getting alive resp. */
3141         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3142
3143         return rc;
3144 }
3145
3146 static int ipw_load_firmware(struct ipw_priv *priv, u8 * data, size_t len)
3147 {
3148         int rc = -1;
3149         int offset = 0;
3150         struct fw_chunk *chunk;
3151         dma_addr_t shared_phys;
3152         u8 *shared_virt;
3153
3154         IPW_DEBUG_TRACE("<< : \n");
3155         shared_virt = pci_alloc_consistent(priv->pci_dev, len, &shared_phys);
3156
3157         if (!shared_virt)
3158                 return -ENOMEM;
3159
3160         memmove(shared_virt, data, len);
3161
3162         /* Start the Dma */
3163         rc = ipw_fw_dma_enable(priv);
3164
3165         if (priv->sram_desc.last_cb_index > 0) {
3166                 /* the DMA is already ready this would be a bug. */
3167                 BUG();
3168                 goto out;
3169         }
3170
3171         do {
3172                 chunk = (struct fw_chunk *)(data + offset);
3173                 offset += sizeof(struct fw_chunk);
3174                 /* build DMA packet and queue up for sending */
3175                 /* dma to chunk->address, the chunk->length bytes from data +
3176                  * offeset*/
3177                 /* Dma loading */
3178                 rc = ipw_fw_dma_add_buffer(priv, shared_phys + offset,
3179                                            le32_to_cpu(chunk->address),
3180                                            le32_to_cpu(chunk->length));
3181                 if (rc) {
3182                         IPW_DEBUG_INFO("dmaAddBuffer Failed\n");
3183                         goto out;
3184                 }
3185
3186                 offset += le32_to_cpu(chunk->length);
3187         } while (offset < len);
3188
3189         /* Run the DMA and wait for the answer */
3190         rc = ipw_fw_dma_kick(priv);
3191         if (rc) {
3192                 IPW_ERROR("dmaKick Failed\n");
3193                 goto out;
3194         }
3195
3196         rc = ipw_fw_dma_wait(priv);
3197         if (rc) {
3198                 IPW_ERROR("dmaWaitSync Failed\n");
3199                 goto out;
3200         }
3201       out:
3202         pci_free_consistent(priv->pci_dev, len, shared_virt, shared_phys);
3203         return rc;
3204 }
3205
3206 /* stop nic */
3207 static int ipw_stop_nic(struct ipw_priv *priv)
3208 {
3209         int rc = 0;
3210
3211         /* stop */
3212         ipw_write32(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3213
3214         rc = ipw_poll_bit(priv, IPW_RESET_REG,
3215                           IPW_RESET_REG_MASTER_DISABLED, 500);
3216         if (rc < 0) {
3217                 IPW_ERROR("wait for reg master disabled failed after 500ms\n");
3218                 return rc;
3219         }
3220
3221         ipw_set_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3222
3223         return rc;
3224 }
3225
3226 static void ipw_start_nic(struct ipw_priv *priv)
3227 {
3228         IPW_DEBUG_TRACE(">>\n");
3229
3230         /* prvHwStartNic  release ARC */
3231         ipw_clear_bit(priv, IPW_RESET_REG,
3232                       IPW_RESET_REG_MASTER_DISABLED |
3233                       IPW_RESET_REG_STOP_MASTER |
3234                       CBD_RESET_REG_PRINCETON_RESET);
3235
3236         /* enable power management */
3237         ipw_set_bit(priv, IPW_GP_CNTRL_RW,
3238                     IPW_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
3239
3240         IPW_DEBUG_TRACE("<<\n");
3241 }
3242
3243 static int ipw_init_nic(struct ipw_priv *priv)
3244 {
3245         int rc;
3246
3247         IPW_DEBUG_TRACE(">>\n");
3248         /* reset */
3249         /*prvHwInitNic */
3250         /* set "initialization complete" bit to move adapter to D0 state */
3251         ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3252
3253         /* low-level PLL activation */
3254         ipw_write32(priv, IPW_READ_INT_REGISTER,
3255                     IPW_BIT_INT_HOST_SRAM_READ_INT_REGISTER);
3256
3257         /* wait for clock stabilization */
3258         rc = ipw_poll_bit(priv, IPW_GP_CNTRL_RW,
3259                           IPW_GP_CNTRL_BIT_CLOCK_READY, 250);
3260         if (rc < 0)
3261                 IPW_DEBUG_INFO("FAILED wait for clock stablization\n");
3262
3263         /* assert SW reset */
3264         ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_SW_RESET);
3265
3266         udelay(10);
3267
3268         /* set "initialization complete" bit to move adapter to D0 state */
3269         ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3270
3271         IPW_DEBUG_TRACE(">>\n");
3272         return 0;
3273 }
3274
3275 /* Call this function from process context, it will sleep in request_firmware.
3276  * Probe is an ok place to call this from.
3277  */
3278 static int ipw_reset_nic(struct ipw_priv *priv)
3279 {
3280         int rc = 0;
3281         unsigned long flags;
3282
3283         IPW_DEBUG_TRACE(">>\n");
3284
3285         rc = ipw_init_nic(priv);
3286
3287         spin_lock_irqsave(&priv->lock, flags);
3288         /* Clear the 'host command active' bit... */
3289         priv->status &= ~STATUS_HCMD_ACTIVE;
3290         wake_up_interruptible(&priv->wait_command_queue);
3291         priv->status &= ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
3292         wake_up_interruptible(&priv->wait_state);
3293         spin_unlock_irqrestore(&priv->lock, flags);
3294
3295         IPW_DEBUG_TRACE("<<\n");
3296         return rc;
3297 }
3298
3299
3300 struct ipw_fw {
3301         __le32 ver;
3302         __le32 boot_size;
3303         __le32 ucode_size;
3304         __le32 fw_size;
3305         u8 data[0];
3306 };
3307
3308 static int ipw_get_fw(struct ipw_priv *priv,
3309                       const struct firmware **raw, const char *name)
3310 {
3311         struct ipw_fw *fw;
3312         int rc;
3313
3314         /* ask firmware_class module to get the boot firmware off disk */
3315         rc = request_firmware(raw, name, &priv->pci_dev->dev);
3316         if (rc < 0) {
3317                 IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc);
3318                 return rc;
3319         }
3320
3321         if ((*raw)->size < sizeof(*fw)) {
3322                 IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size);
3323                 return -EINVAL;
3324         }
3325
3326         fw = (void *)(*raw)->data;
3327
3328         if ((*raw)->size < sizeof(*fw) + le32_to_cpu(fw->boot_size) +
3329             le32_to_cpu(fw->ucode_size) + le32_to_cpu(fw->fw_size)) {
3330                 IPW_ERROR("%s is too small or corrupt (%zd)\n",
3331                           name, (*raw)->size);
3332                 return -EINVAL;
3333         }
3334
3335         IPW_DEBUG_INFO("Read firmware '%s' image v%d.%d (%zd bytes)\n",
3336                        name,
3337                        le32_to_cpu(fw->ver) >> 16,
3338                        le32_to_cpu(fw->ver) & 0xff,
3339                        (*raw)->size - sizeof(*fw));
3340         return 0;
3341 }
3342
3343 #define IPW_RX_BUF_SIZE (3000)
3344
3345 static void ipw_rx_queue_reset(struct ipw_priv *priv,
3346                                       struct ipw_rx_queue *rxq)
3347 {
3348         unsigned long flags;
3349         int i;
3350
3351         spin_lock_irqsave(&rxq->lock, flags);
3352
3353         INIT_LIST_HEAD(&rxq->rx_free);
3354         INIT_LIST_HEAD(&rxq->rx_used);
3355
3356         /* Fill the rx_used queue with _all_ of the Rx buffers */
3357         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++) {
3358                 /* In the reset function, these buffers may have been allocated
3359                  * to an SKB, so we need to unmap and free potential storage */
3360                 if (rxq->pool[i].skb != NULL) {
3361                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
3362                                          IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
3363                         dev_kfree_skb(rxq->pool[i].skb);
3364                         rxq->pool[i].skb = NULL;
3365                 }
3366                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
3367         }
3368
3369         /* Set us so that we have processed and used all buffers, but have
3370          * not restocked the Rx queue with fresh buffers */
3371         rxq->read = rxq->write = 0;
3372         rxq->free_count = 0;
3373         spin_unlock_irqrestore(&rxq->lock, flags);
3374 }
3375
3376 #ifdef CONFIG_PM
3377 static int fw_loaded = 0;
3378 static const struct firmware *raw = NULL;
3379
3380 static void free_firmware(void)
3381 {
3382         if (fw_loaded) {
3383                 release_firmware(raw);
3384                 raw = NULL;
3385                 fw_loaded = 0;
3386         }
3387 }
3388 #else
3389 #define free_firmware() do {} while (0)
3390 #endif
3391
3392 static int ipw_load(struct ipw_priv *priv)
3393 {
3394 #ifndef CONFIG_PM
3395         const struct firmware *raw = NULL;
3396 #endif
3397         struct ipw_fw *fw;
3398         u8 *boot_img, *ucode_img, *fw_img;
3399         u8 *name = NULL;
3400         int rc = 0, retries = 3;
3401
3402         switch (priv->ieee->iw_mode) {
3403         case IW_MODE_ADHOC:
3404                 name = "ipw2200-ibss.fw";
3405                 break;
3406 #ifdef CONFIG_IPW2200_MONITOR
3407         case IW_MODE_MONITOR:
3408                 name = "ipw2200-sniffer.fw";
3409                 break;
3410 #endif
3411         case IW_MODE_INFRA:
3412                 name = "ipw2200-bss.fw";
3413                 break;
3414         }
3415
3416         if (!name) {
3417                 rc = -EINVAL;
3418                 goto error;
3419         }
3420
3421 #ifdef CONFIG_PM
3422         if (!fw_loaded) {
3423 #endif
3424                 rc = ipw_get_fw(priv, &raw, name);
3425                 if (rc < 0)
3426                         goto error;
3427 #ifdef CONFIG_PM
3428         }
3429 #endif
3430
3431         fw = (void *)raw->data;
3432         boot_img = &fw->data[0];
3433         ucode_img = &fw->data[le32_to_cpu(fw->boot_size)];
3434         fw_img = &fw->data[le32_to_cpu(fw->boot_size) +
3435                            le32_to_cpu(fw->ucode_size)];
3436
3437         if (rc < 0)
3438                 goto error;
3439
3440         if (!priv->rxq)
3441                 priv->rxq = ipw_rx_queue_alloc(priv);
3442         else
3443                 ipw_rx_queue_reset(priv, priv->rxq);
3444         if (!priv->rxq) {
3445                 IPW_ERROR("Unable to initialize Rx queue\n");
3446                 goto error;
3447         }
3448
3449       retry:
3450         /* Ensure interrupts are disabled */
3451         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3452         priv->status &= ~STATUS_INT_ENABLED;
3453
3454         /* ack pending interrupts */
3455         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3456
3457         ipw_stop_nic(priv);
3458
3459         rc = ipw_reset_nic(priv);
3460         if (rc < 0) {
3461                 IPW_ERROR("Unable to reset NIC\n");
3462                 goto error;
3463         }
3464
3465         ipw_zero_memory(priv, IPW_NIC_SRAM_LOWER_BOUND,
3466                         IPW_NIC_SRAM_UPPER_BOUND - IPW_NIC_SRAM_LOWER_BOUND);
3467
3468         /* DMA the initial boot firmware into the device */
3469         rc = ipw_load_firmware(priv, boot_img, le32_to_cpu(fw->boot_size));
3470         if (rc < 0) {
3471                 IPW_ERROR("Unable to load boot firmware: %d\n", rc);
3472                 goto error;
3473         }
3474
3475         /* kick start the device */
3476         ipw_start_nic(priv);
3477
3478         /* wait for the device to finish its initial startup sequence */
3479         rc = ipw_poll_bit(priv, IPW_INTA_RW,
3480                           IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3481         if (rc < 0) {
3482                 IPW_ERROR("device failed to boot initial fw image\n");
3483                 goto error;
3484         }
3485         IPW_DEBUG_INFO("initial device response after %dms\n", rc);
3486
3487         /* ack fw init done interrupt */
3488         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3489
3490         /* DMA the ucode into the device */
3491         rc = ipw_load_ucode(priv, ucode_img, le32_to_cpu(fw->ucode_size));
3492         if (rc < 0) {
3493                 IPW_ERROR("Unable to load ucode: %d\n", rc);
3494                 goto error;
3495         }
3496
3497         /* stop nic */
3498         ipw_stop_nic(priv);
3499
3500         /* DMA bss firmware into the device */
3501         rc = ipw_load_firmware(priv, fw_img, le32_to_cpu(fw->fw_size));
3502         if (rc < 0) {
3503                 IPW_ERROR("Unable to load firmware: %d\n", rc);
3504                 goto error;
3505         }
3506 #ifdef CONFIG_PM
3507         fw_loaded = 1;
3508 #endif
3509
3510         ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
3511
3512         rc = ipw_queue_reset(priv);
3513         if (rc < 0) {
3514                 IPW_ERROR("Unable to initialize queues\n");
3515                 goto error;
3516         }
3517
3518         /* Ensure interrupts are disabled */
3519         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3520         /* ack pending interrupts */
3521         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3522
3523         /* kick start the device */
3524         ipw_start_nic(priv);
3525
3526         if (ipw_read32(priv, IPW_INTA_RW) & IPW_INTA_BIT_PARITY_ERROR) {
3527                 if (retries > 0) {
3528                         IPW_WARNING("Parity error.  Retrying init.\n");
3529                         retries--;
3530                         goto retry;
3531                 }
3532
3533                 IPW_ERROR("TODO: Handle parity error -- schedule restart?\n");
3534                 rc = -EIO;
3535                 goto error;
3536         }
3537
3538         /* wait for the device */
3539         rc = ipw_poll_bit(priv, IPW_INTA_RW,
3540                           IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3541         if (rc < 0) {
3542                 IPW_ERROR("device failed to start within 500ms\n");
3543                 goto error;
3544         }
3545         IPW_DEBUG_INFO("device response after %dms\n", rc);
3546
3547         /* ack fw init done interrupt */
3548         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3549
3550         /* read eeprom data and initialize the eeprom region of sram */
3551         priv->eeprom_delay = 1;
3552         ipw_eeprom_init_sram(priv);
3553
3554         /* enable interrupts */
3555         ipw_enable_interrupts(priv);
3556
3557         /* Ensure our queue has valid packets */
3558         ipw_rx_queue_replenish(priv);
3559
3560         ipw_write32(priv, IPW_RX_READ_INDEX, priv->rxq->read);
3561
3562         /* ack pending interrupts */
3563         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3564
3565 #ifndef CONFIG_PM
3566         release_firmware(raw);
3567 #endif
3568         return 0;
3569
3570       error:
3571         if (priv->rxq) {
3572                 ipw_rx_queue_free(priv, priv->rxq);
3573                 priv->rxq = NULL;
3574         }
3575         ipw_tx_queue_free(priv);
3576         if (raw)
3577                 release_firmware(raw);
3578 #ifdef CONFIG_PM
3579         fw_loaded = 0;
3580         raw = NULL;
3581 #endif
3582
3583         return rc;
3584 }
3585
3586 /**
3587  * DMA services
3588  *
3589  * Theory of operation
3590  *
3591  * A queue is a circular buffers with 'Read' and 'Write' pointers.
3592  * 2 empty entries always kept in the buffer to protect from overflow.
3593  *
3594  * For Tx queue, there are low mark and high mark limits. If, after queuing
3595  * the packet for Tx, free space become < low mark, Tx queue stopped. When
3596  * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
3597  * Tx queue resumed.
3598  *
3599  * The IPW operates with six queues, one receive queue in the device's
3600  * sram, one transmit queue for sending commands to the device firmware,
3601  * and four transmit queues for data.
3602  *
3603  * The four transmit queues allow for performing quality of service (qos)
3604  * transmissions as per the 802.11 protocol.  Currently Linux does not
3605  * provide a mechanism to the user for utilizing prioritized queues, so
3606  * we only utilize the first data transmit queue (queue1).
3607  */
3608
3609 /**
3610  * Driver allocates buffers of this size for Rx
3611  */
3612
3613 /**
3614  * ipw_rx_queue_space - Return number of free slots available in queue.
3615  */
3616 static int ipw_rx_queue_space(const struct ipw_rx_queue *q)
3617 {
3618         int s = q->read - q->write;
3619         if (s <= 0)
3620                 s += RX_QUEUE_SIZE;
3621         /* keep some buffer to not confuse full and empty queue */
3622         s -= 2;
3623         if (s < 0)
3624                 s = 0;
3625         return s;
3626 }
3627
3628 static inline int ipw_tx_queue_space(const struct clx2_queue *q)
3629 {
3630         int s = q->last_used - q->first_empty;
3631         if (s <= 0)
3632                 s += q->n_bd;
3633         s -= 2;                 /* keep some reserve to not confuse empty and full situations */
3634         if (s < 0)
3635                 s = 0;
3636         return s;
3637 }
3638
3639 static inline int ipw_queue_inc_wrap(int index, int n_bd)
3640 {
3641         return (++index == n_bd) ? 0 : index;
3642 }
3643
3644 /**
3645  * Initialize common DMA queue structure
3646  *
3647  * @param q                queue to init
3648  * @param count            Number of BD's to allocate. Should be power of 2
3649  * @param read_register    Address for 'read' register
3650  *                         (not offset within BAR, full address)
3651  * @param write_register   Address for 'write' register
3652  *                         (not offset within BAR, full address)
3653  * @param base_register    Address for 'base' register
3654  *                         (not offset within BAR, full address)
3655  * @param size             Address for 'size' register
3656  *                         (not offset within BAR, full address)
3657  */
3658 static void ipw_queue_init(struct ipw_priv *priv, struct clx2_queue *q,
3659                            int count, u32 read, u32 write, u32 base, u32 size)
3660 {
3661         q->n_bd = count;
3662
3663         q->low_mark = q->n_bd / 4;
3664         if (q->low_mark < 4)
3665                 q->low_mark = 4;
3666
3667         q->high_mark = q->n_bd / 8;
3668         if (q->high_mark < 2)
3669                 q->high_mark = 2;
3670
3671         q->first_empty = q->last_used = 0;
3672         q->reg_r = read;
3673         q->reg_w = write;
3674
3675         ipw_write32(priv, base, q->dma_addr);
3676         ipw_write32(priv, size, count);
3677         ipw_write32(priv, read, 0);
3678         ipw_write32(priv, write, 0);
3679
3680         _ipw_read32(priv, 0x90);
3681 }
3682
3683 static int ipw_queue_tx_init(struct ipw_priv *priv,
3684                              struct clx2_tx_queue *q,
3685                              int count, u32 read, u32 write, u32 base, u32 size)
3686 {
3687         struct pci_dev *dev = priv->pci_dev;
3688
3689         q->txb = kmalloc(sizeof(q->txb[0]) * count, GFP_KERNEL);
3690         if (!q->txb) {
3691                 IPW_ERROR("vmalloc for auxilary BD structures failed\n");
3692                 return -ENOMEM;
3693         }
3694
3695         q->bd =
3696             pci_alloc_consistent(dev, sizeof(q->bd[0]) * count, &q->q.dma_addr);
3697         if (!q->bd) {
3698                 IPW_ERROR("pci_alloc_consistent(%zd) failed\n",
3699                           sizeof(q->bd[0]) * count);
3700                 kfree(q->txb);
3701                 q->txb = NULL;
3702                 return -ENOMEM;
3703         }
3704
3705         ipw_queue_init(priv, &q->q, count, read, write, base, size);
3706         return 0;
3707 }
3708
3709 /**
3710  * Free one TFD, those at index [txq->q.last_used].
3711  * Do NOT advance any indexes
3712  *
3713  * @param dev
3714  * @param txq
3715  */
3716 static void ipw_queue_tx_free_tfd(struct ipw_priv *priv,
3717                                   struct clx2_tx_queue *txq)
3718 {
3719         struct tfd_frame *bd = &txq->bd[txq->q.last_used];
3720         struct pci_dev *dev = priv->pci_dev;
3721         int i;
3722
3723         /* classify bd */
3724         if (bd->control_flags.message_type == TX_HOST_COMMAND_TYPE)
3725                 /* nothing to cleanup after for host commands */
3726                 return;
3727
3728         /* sanity check */
3729         if (le32_to_cpu(bd->u.data.num_chunks) > NUM_TFD_CHUNKS) {
3730                 IPW_ERROR("Too many chunks: %i\n",
3731                           le32_to_cpu(bd->u.data.num_chunks));
3732                 /** @todo issue fatal error, it is quite serious situation */
3733                 return;
3734         }
3735
3736         /* unmap chunks if any */
3737         for (i = 0; i < le32_to_cpu(bd->u.data.num_chunks); i++) {
3738                 pci_unmap_single(dev, le32_to_cpu(bd->u.data.chunk_ptr[i]),
3739                                  le16_to_cpu(bd->u.data.chunk_len[i]),
3740                                  PCI_DMA_TODEVICE);
3741                 if (txq->txb[txq->q.last_used]) {
3742                         ieee80211_txb_free(txq->txb[txq->q.last_used]);
3743                         txq->txb[txq->q.last_used] = NULL;
3744                 }
3745         }
3746 }
3747
3748 /**
3749  * Deallocate DMA queue.
3750  *
3751  * Empty queue by removing and destroying all BD's.
3752  * Free all buffers.
3753  *
3754  * @param dev
3755  * @param q
3756  */
3757 static void ipw_queue_tx_free(struct ipw_priv *priv, struct clx2_tx_queue *txq)
3758 {
3759         struct clx2_queue *q = &txq->q;
3760         struct pci_dev *dev = priv->pci_dev;
3761
3762         if (q->n_bd == 0)
3763                 return;
3764
3765         /* first, empty all BD's */
3766         for (; q->first_empty != q->last_used;
3767              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
3768                 ipw_queue_tx_free_tfd(priv, txq);
3769         }
3770
3771         /* free buffers belonging to queue itself */
3772         pci_free_consistent(dev, sizeof(txq->bd[0]) * q->n_bd, txq->bd,
3773                             q->dma_addr);
3774         kfree(txq->txb);
3775
3776         /* 0 fill whole structure */
3777         memset(txq, 0, sizeof(*txq));
3778 }
3779
3780 /**
3781  * Destroy all DMA queues and structures
3782  *
3783  * @param priv
3784  */
3785 static void ipw_tx_queue_free(struct ipw_priv *priv)
3786 {
3787         /* Tx CMD queue */
3788         ipw_queue_tx_free(priv, &priv->txq_cmd);
3789
3790         /* Tx queues */
3791         ipw_queue_tx_free(priv, &priv->txq[0]);
3792         ipw_queue_tx_free(priv, &priv->txq[1]);
3793         ipw_queue_tx_free(priv, &priv->txq[2]);
3794         ipw_queue_tx_free(priv, &priv->txq[3]);
3795 }
3796
3797 static void ipw_create_bssid(struct ipw_priv *priv, u8 * bssid)
3798 {
3799         /* First 3 bytes are manufacturer */
3800         bssid[0] = priv->mac_addr[0];
3801         bssid[1] = priv->mac_addr[1];
3802         bssid[2] = priv->mac_addr[2];
3803
3804         /* Last bytes are random */
3805         get_random_bytes(&bssid[3], ETH_ALEN - 3);
3806
3807         bssid[0] &= 0xfe;       /* clear multicast bit */
3808         bssid[0] |= 0x02;       /* set local assignment bit (IEEE802) */
3809 }
3810
3811 static u8 ipw_add_station(struct ipw_priv *priv, u8 * bssid)
3812 {
3813         struct ipw_station_entry entry;
3814         int i;
3815         DECLARE_MAC_BUF(mac);
3816
3817         for (i = 0; i < priv->num_stations; i++) {
3818                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN)) {
3819                         /* Another node is active in network */
3820                         priv->missed_adhoc_beacons = 0;
3821                         if (!(priv->config & CFG_STATIC_CHANNEL))
3822                                 /* when other nodes drop out, we drop out */
3823                                 priv->config &= ~CFG_ADHOC_PERSIST;
3824
3825                         return i;
3826                 }
3827         }
3828
3829         if (i == MAX_STATIONS)
3830                 return IPW_INVALID_STATION;
3831
3832         IPW_DEBUG_SCAN("Adding AdHoc station: %s\n", print_mac(mac, bssid));
3833
3834         entry.reserved = 0;
3835         entry.support_mode = 0;
3836         memcpy(entry.mac_addr, bssid, ETH_ALEN);
3837         memcpy(priv->stations[i], bssid, ETH_ALEN);
3838         ipw_write_direct(priv, IPW_STATION_TABLE_LOWER + i * sizeof(entry),
3839                          &entry, sizeof(entry));
3840         priv->num_stations++;
3841
3842         return i;
3843 }
3844
3845 static u8 ipw_find_station(struct ipw_priv *priv, u8 * bssid)
3846 {
3847         int i;
3848
3849         for (i = 0; i < priv->num_stations; i++)
3850                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN))
3851                         return i;
3852
3853         return IPW_INVALID_STATION;
3854 }
3855
3856 static void ipw_send_disassociate(struct ipw_priv *priv, int quiet)
3857 {
3858         int err;
3859         DECLARE_MAC_BUF(mac);
3860
3861         if (priv->status & STATUS_ASSOCIATING) {
3862                 IPW_DEBUG_ASSOC("Disassociating while associating.\n");
3863                 queue_work(priv->workqueue, &priv->disassociate);
3864                 return;
3865         }
3866
3867         if (!(priv->status & STATUS_ASSOCIATED)) {
3868                 IPW_DEBUG_ASSOC("Disassociating while not associated.\n");
3869                 return;
3870         }
3871
3872         IPW_DEBUG_ASSOC("Disassocation attempt from %s "
3873                         "on channel %d.\n",
3874                         print_mac(mac, priv->assoc_request.bssid),
3875                         priv->assoc_request.channel);
3876
3877         priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
3878         priv->status |= STATUS_DISASSOCIATING;
3879
3880         if (quiet)
3881                 priv->assoc_request.assoc_type = HC_DISASSOC_QUIET;
3882         else
3883                 priv->assoc_request.assoc_type = HC_DISASSOCIATE;
3884
3885         err = ipw_send_associate(priv, &priv->assoc_request);
3886         if (err) {
3887                 IPW_DEBUG_HC("Attempt to send [dis]associate command "
3888                              "failed.\n");
3889                 return;
3890         }
3891
3892 }
3893
3894 static int ipw_disassociate(void *data)
3895 {
3896         struct ipw_priv *priv = data;
3897         if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
3898                 return 0;
3899         ipw_send_disassociate(data, 0);
3900         return 1;
3901 }
3902
3903 static void ipw_bg_disassociate(struct work_struct *work)
3904 {
3905         struct ipw_priv *priv =
3906                 container_of(work, struct ipw_priv, disassociate);
3907         mutex_lock(&priv->mutex);
3908         ipw_disassociate(priv);
3909         mutex_unlock(&priv->mutex);
3910 }
3911
3912 static void ipw_system_config(struct work_struct *work)
3913 {
3914         struct ipw_priv *priv =
3915                 container_of(work, struct ipw_priv, system_config);
3916
3917 #ifdef CONFIG_IPW2200_PROMISCUOUS
3918         if (priv->prom_net_dev && netif_running(priv->prom_net_dev)) {
3919                 priv->sys_config.accept_all_data_frames = 1;
3920                 priv->sys_config.accept_non_directed_frames = 1;
3921                 priv->sys_config.accept_all_mgmt_bcpr = 1;
3922                 priv->sys_config.accept_all_mgmt_frames = 1;
3923         }
3924 #endif
3925
3926         ipw_send_system_config(priv);
3927 }
3928
3929 struct ipw_status_code {
3930         u16 status;
3931         const char *reason;
3932 };
3933
3934 static const struct ipw_status_code ipw_status_codes[] = {
3935         {0x00, "Successful"},
3936         {0x01, "Unspecified failure"},
3937         {0x0A, "Cannot support all requested capabilities in the "
3938          "Capability information field"},
3939         {0x0B, "Reassociation denied due to inability to confirm that "
3940          "association exists"},
3941         {0x0C, "Association denied due to reason outside the scope of this "
3942          "standard"},
3943         {0x0D,
3944          "Responding station does not support the specified authentication "
3945          "algorithm"},
3946         {0x0E,
3947          "Received an Authentication frame with authentication sequence "
3948          "transaction sequence number out of expected sequence"},
3949         {0x0F, "Authentication rejected because of challenge failure"},
3950         {0x10, "Authentication rejected due to timeout waiting for next "
3951          "frame in sequence"},
3952         {0x11, "Association denied because AP is unable to handle additional "
3953          "associated stations"},
3954         {0x12,
3955          "Association denied due to requesting station not supporting all "
3956          "of the datarates in the BSSBasicServiceSet Parameter"},
3957         {0x13,
3958          "Association denied due to requesting station not supporting "
3959          "short preamble operation"},
3960         {0x14,
3961          "Association denied due to requesting station not supporting "
3962          "PBCC encoding"},
3963         {0x15,
3964          "Association denied due to requesting station not supporting "
3965          "channel agility"},
3966         {0x19,
3967          "Association denied due to requesting station not supporting "
3968          "short slot operation"},
3969         {0x1A,
3970          "Association denied due to requesting station not supporting "
3971          "DSSS-OFDM operation"},
3972         {0x28, "Invalid Information Element"},
3973         {0x29, "Group Cipher is not valid"},
3974         {0x2A, "Pairwise Cipher is not valid"},
3975         {0x2B, "AKMP is not valid"},
3976         {0x2C, "Unsupported RSN IE version"},
3977         {0x2D, "Invalid RSN IE Capabilities"},
3978         {0x2E, "Cipher suite is rejected per security policy"},
3979 };
3980
3981 static const char *ipw_get_status_code(u16 status)
3982 {
3983         int i;
3984         for (i = 0; i < ARRAY_SIZE(ipw_status_codes); i++)
3985                 if (ipw_status_codes[i].status == (status & 0xff))
3986                         return ipw_status_codes[i].reason;
3987         return "Unknown status value.";
3988 }
3989
3990 static void inline average_init(struct average *avg)
3991 {
3992         memset(avg, 0, sizeof(*avg));
3993 }
3994
3995 #define DEPTH_RSSI 8
3996 #define DEPTH_NOISE 16
3997 static s16 exponential_average(s16 prev_avg, s16 val, u8 depth)
3998 {
3999         return ((depth-1)*prev_avg +  val)/depth;
4000 }
4001
4002 static void average_add(struct average *avg, s16 val)
4003 {
4004         avg->sum -= avg->entries[avg->pos];
4005         avg->sum += val;
4006         avg->entries[avg->pos++] = val;
4007         if (unlikely(avg->pos == AVG_ENTRIES)) {
4008                 avg->init = 1;
4009                 avg->pos = 0;
4010         }
4011 }
4012
4013 static s16 average_value(struct average *avg)
4014 {
4015         if (!unlikely(avg->init)) {
4016                 if (avg->pos)
4017                         return avg->sum / avg->pos;
4018                 return 0;
4019         }
4020
4021         return avg->sum / AVG_ENTRIES;
4022 }
4023
4024 static void ipw_reset_stats(struct ipw_priv *priv)
4025 {
4026         u32 len = sizeof(u32);
4027
4028         priv->quality = 0;
4029
4030         average_init(&priv->average_missed_beacons);
4031         priv->exp_avg_rssi = -60;
4032         priv->exp_avg_noise = -85 + 0x100;
4033
4034         priv->last_rate = 0;
4035         priv->last_missed_beacons = 0;
4036         priv->last_rx_packets = 0;
4037         priv->last_tx_packets = 0;
4038         priv->last_tx_failures = 0;
4039
4040         /* Firmware managed, reset only when NIC is restarted, so we have to
4041          * normalize on the current value */
4042         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC,
4043                         &priv->last_rx_err, &len);
4044         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE,
4045                         &priv->last_tx_failures, &len);
4046
4047         /* Driver managed, reset with each association */
4048         priv->missed_adhoc_beacons = 0;
4049         priv->missed_beacons = 0;
4050         priv->tx_packets = 0;
4051         priv->rx_packets = 0;
4052
4053 }
4054
4055 static u32 ipw_get_max_rate(struct ipw_priv *priv)
4056 {
4057         u32 i = 0x80000000;
4058         u32 mask = priv->rates_mask;
4059         /* If currently associated in B mode, restrict the maximum
4060          * rate match to B rates */
4061         if (priv->assoc_request.ieee_mode == IPW_B_MODE)
4062                 mask &= IEEE80211_CCK_RATES_MASK;
4063
4064         /* TODO: Verify that the rate is supported by the current rates
4065          * list. */
4066
4067         while (i && !(mask & i))
4068                 i >>= 1;
4069         switch (i) {
4070         case IEEE80211_CCK_RATE_1MB_MASK:
4071                 return 1000000;
4072         case IEEE80211_CCK_RATE_2MB_MASK:
4073                 return 2000000;
4074         case IEEE80211_CCK_RATE_5MB_MASK:
4075                 return 5500000;
4076         case IEEE80211_OFDM_RATE_6MB_MASK:
4077                 return 6000000;
4078         case IEEE80211_OFDM_RATE_9MB_MASK:
4079                 return 9000000;
4080         case IEEE80211_CCK_RATE_11MB_MASK:
4081                 return 11000000;
4082         case IEEE80211_OFDM_RATE_12MB_MASK:
4083                 return 12000000;
4084         case IEEE80211_OFDM_RATE_18MB_MASK:
4085                 return 18000000;
4086         case IEEE80211_OFDM_RATE_24MB_MASK:
4087                 return 24000000;
4088         case IEEE80211_OFDM_RATE_36MB_MASK:
4089                 return 36000000;
4090         case IEEE80211_OFDM_RATE_48MB_MASK:
4091                 return 48000000;
4092         case IEEE80211_OFDM_RATE_54MB_MASK:
4093                 return 54000000;
4094         }
4095
4096         if (priv->ieee->mode == IEEE_B)
4097                 return 11000000;
4098         else
4099                 return 54000000;
4100 }
4101
4102 static u32 ipw_get_current_rate(struct ipw_priv *priv)
4103 {
4104         u32 rate, len = sizeof(rate);
4105         int err;
4106
4107         if (!(priv->status & STATUS_ASSOCIATED))
4108                 return 0;
4109
4110         if (priv->tx_packets > IPW_REAL_RATE_RX_PACKET_THRESHOLD) {
4111                 err = ipw_get_ordinal(priv, IPW_ORD_STAT_TX_CURR_RATE, &rate,
4112                                       &len);
4113                 if (err) {
4114                         IPW_DEBUG_INFO("failed querying ordinals.\n");
4115                         return 0;
4116                 }
4117         } else
4118                 return ipw_get_max_rate(priv);
4119
4120         switch (rate) {
4121         case IPW_TX_RATE_1MB:
4122                 return 1000000;
4123         case IPW_TX_RATE_2MB:
4124                 return 2000000;
4125         case IPW_TX_RATE_5MB:
4126                 return 5500000;
4127         case IPW_TX_RATE_6MB:
4128                 return 6000000;
4129         case IPW_TX_RATE_9MB:
4130                 return 9000000;
4131         case IPW_TX_RATE_11MB:
4132                 return 11000000;
4133         case IPW_TX_RATE_12MB:
4134                 return 12000000;
4135         case IPW_TX_RATE_18MB:
4136                 return 18000000;
4137         case IPW_TX_RATE_24MB:
4138                 return 24000000;
4139         case IPW_TX_RATE_36MB:
4140                 return 36000000;
4141         case IPW_TX_RATE_48MB:
4142                 return 48000000;
4143         case IPW_TX_RATE_54MB:
4144                 return 54000000;
4145         }
4146
4147         return 0;
4148 }
4149
4150 #define IPW_STATS_INTERVAL (2 * HZ)
4151 static void ipw_gather_stats(struct ipw_priv *priv)
4152 {
4153         u32 rx_err, rx_err_delta, rx_packets_delta;
4154         u32 tx_failures, tx_failures_delta, tx_packets_delta;
4155         u32 missed_beacons_percent, missed_beacons_delta;
4156         u32 quality = 0;
4157         u32 len = sizeof(u32);
4158         s16 rssi;
4159         u32 beacon_quality, signal_quality, tx_quality, rx_quality,
4160             rate_quality;
4161         u32 max_rate;
4162
4163         if (!(priv->status & STATUS_ASSOCIATED)) {
4164                 priv->quality = 0;
4165                 return;
4166         }
4167
4168         /* Update the statistics */
4169         ipw_get_ordinal(priv, IPW_ORD_STAT_MISSED_BEACONS,
4170                         &priv->missed_beacons, &len);
4171         missed_beacons_delta = priv->missed_beacons - priv->last_missed_beacons;
4172         priv->last_missed_beacons = priv->missed_beacons;
4173         if (priv->assoc_request.beacon_interval) {
4174                 missed_beacons_percent = missed_beacons_delta *
4175                     (HZ * le16_to_cpu(priv->assoc_request.beacon_interval)) /
4176                     (IPW_STATS_INTERVAL * 10);
4177         } else {
4178                 missed_beacons_percent = 0;
4179         }
4180         average_add(&priv->average_missed_beacons, missed_beacons_percent);
4181
4182         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC, &rx_err, &len);
4183         rx_err_delta = rx_err - priv->last_rx_err;
4184         priv->last_rx_err = rx_err;
4185
4186         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE, &tx_failures, &len);
4187         tx_failures_delta = tx_failures - priv->last_tx_failures;
4188         priv->last_tx_failures = tx_failures;
4189
4190         rx_packets_delta = priv->rx_packets - priv->last_rx_packets;
4191         priv->last_rx_packets = priv->rx_packets;
4192
4193         tx_packets_delta = priv->tx_packets - priv->last_tx_packets;
4194         priv->last_tx_packets = priv->tx_packets;
4195
4196         /* Calculate quality based on the following:
4197          *
4198          * Missed beacon: 100% = 0, 0% = 70% missed
4199          * Rate: 60% = 1Mbs, 100% = Max
4200          * Rx and Tx errors represent a straight % of total Rx/Tx
4201          * RSSI: 100% = > -50,  0% = < -80
4202          * Rx errors: 100% = 0, 0% = 50% missed
4203          *
4204          * The lowest computed quality is used.
4205          *
4206          */
4207 #define BEACON_THRESHOLD 5
4208         beacon_quality = 100 - missed_beacons_percent;
4209         if (beacon_quality < BEACON_THRESHOLD)
4210                 beacon_quality = 0;
4211         else
4212                 beacon_quality = (beacon_quality - BEACON_THRESHOLD) * 100 /
4213                     (100 - BEACON_THRESHOLD);
4214         IPW_DEBUG_STATS("Missed beacon: %3d%% (%d%%)\n",
4215                         beacon_quality, missed_beacons_percent);
4216
4217         priv->last_rate = ipw_get_current_rate(priv);
4218         max_rate = ipw_get_max_rate(priv);
4219         rate_quality = priv->last_rate * 40 / max_rate + 60;
4220         IPW_DEBUG_STATS("Rate quality : %3d%% (%dMbs)\n",
4221                         rate_quality, priv->last_rate / 1000000);
4222
4223         if (rx_packets_delta > 100 && rx_packets_delta + rx_err_delta)
4224                 rx_quality = 100 - (rx_err_delta * 100) /
4225                     (rx_packets_delta + rx_err_delta);
4226         else
4227                 rx_quality = 100;
4228         IPW_DEBUG_STATS("Rx quality   : %3d%% (%u errors, %u packets)\n",
4229                         rx_quality, rx_err_delta, rx_packets_delta);
4230
4231         if (tx_packets_delta > 100 && tx_packets_delta + tx_failures_delta)
4232                 tx_quality = 100 - (tx_failures_delta * 100) /
4233                     (tx_packets_delta + tx_failures_delta);
4234         else
4235                 tx_quality = 100;
4236         IPW_DEBUG_STATS("Tx quality   : %3d%% (%u errors, %u packets)\n",
4237                         tx_quality, tx_failures_delta, tx_packets_delta);
4238
4239         rssi = priv->exp_avg_rssi;
4240         signal_quality =
4241             (100 *
4242              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4243              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) -
4244              (priv->ieee->perfect_rssi - rssi) *
4245              (15 * (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) +
4246               62 * (priv->ieee->perfect_rssi - rssi))) /
4247             ((priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4248              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi));
4249         if (signal_quality > 100)
4250                 signal_quality = 100;
4251         else if (signal_quality < 1)
4252                 signal_quality = 0;
4253
4254         IPW_DEBUG_STATS("Signal level : %3d%% (%d dBm)\n",
4255                         signal_quality, rssi);
4256
4257         quality = min(beacon_quality,
4258                       min(rate_quality,
4259                           min(tx_quality, min(rx_quality, signal_quality))));
4260         if (quality == beacon_quality)
4261                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to missed beacons.\n",
4262                                 quality);
4263         if (quality == rate_quality)
4264                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to rate quality.\n",
4265                                 quality);
4266         if (quality == tx_quality)
4267                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Tx quality.\n",
4268                                 quality);
4269         if (quality == rx_quality)
4270                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Rx quality.\n",
4271                                 quality);
4272         if (quality == signal_quality)
4273                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to signal quality.\n",
4274                                 quality);
4275
4276         priv->quality = quality;
4277
4278         queue_delayed_work(priv->workqueue, &priv->gather_stats,
4279                            IPW_STATS_INTERVAL);
4280 }
4281
4282 static void ipw_bg_gather_stats(struct work_struct *work)
4283 {
4284         struct ipw_priv *priv =
4285                 container_of(work, struct ipw_priv, gather_stats.work);
4286         mutex_lock(&priv->mutex);
4287         ipw_gather_stats(priv);
4288         mutex_unlock(&priv->mutex);
4289 }
4290
4291 /* Missed beacon behavior:
4292  * 1st missed -> roaming_threshold, just wait, don't do any scan/roam.
4293  * roaming_threshold -> disassociate_threshold, scan and roam for better signal.
4294  * Above disassociate threshold, give up and stop scanning.
4295  * Roaming is disabled if disassociate_threshold <= roaming_threshold  */
4296 static void ipw_handle_missed_beacon(struct ipw_priv *priv,
4297                                             int missed_count)
4298 {
4299         priv->notif_missed_beacons = missed_count;
4300
4301         if (missed_count > priv->disassociate_threshold &&
4302             priv->status & STATUS_ASSOCIATED) {
4303                 /* If associated and we've hit the missed
4304                  * beacon threshold, disassociate, turn
4305                  * off roaming, and abort any active scans */
4306                 IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4307                           IPW_DL_STATE | IPW_DL_ASSOC,
4308                           "Missed beacon: %d - disassociate\n", missed_count);
4309                 priv->status &= ~STATUS_ROAMING;
4310                 if (priv->status & STATUS_SCANNING) {
4311                         IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4312                                   IPW_DL_STATE,
4313                                   "Aborting scan with missed beacon.\n");
4314                         queue_work(priv->workqueue, &priv->abort_scan);
4315                 }
4316
4317                 queue_work(priv->workqueue, &priv->disassociate);
4318                 return;
4319         }
4320
4321         if (priv->status & STATUS_ROAMING) {
4322                 /* If we are currently roaming, then just
4323                  * print a debug statement... */
4324                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4325                           "Missed beacon: %d - roam in progress\n",
4326                           missed_count);
4327                 return;
4328         }
4329
4330         if (roaming &&
4331             (missed_count > priv->roaming_threshold &&
4332              missed_count <= priv->disassociate_threshold)) {
4333                 /* If we are not already roaming, set the ROAM
4334                  * bit in the status and kick off a scan.
4335                  * This can happen several times before we reach
4336                  * disassociate_threshold. */
4337                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4338                           "Missed beacon: %d - initiate "
4339                           "roaming\n", missed_count);
4340                 if (!(priv->status & STATUS_ROAMING)) {
4341                         priv->status |= STATUS_ROAMING;
4342                         if (!(priv->status & STATUS_SCANNING))
4343                                 queue_delayed_work(priv->workqueue,
4344                                                    &priv->request_scan, 0);
4345                 }
4346                 return;
4347         }
4348
4349         if (priv->status & STATUS_SCANNING) {
4350                 /* Stop scan to keep fw from getting
4351                  * stuck (only if we aren't roaming --
4352                  * otherwise we'll never scan more than 2 or 3
4353                  * channels..) */
4354                 IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF | IPW_DL_STATE,
4355                           "Aborting scan with missed beacon.\n");
4356                 queue_work(priv->workqueue, &priv->abort_scan);
4357         }
4358
4359         IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count);
4360 }
4361
4362 static void ipw_scan_event(struct work_struct *work)
4363 {
4364         union iwreq_data wrqu;
4365
4366         struct ipw_priv *priv =
4367                 container_of(work, struct ipw_priv, scan_event.work);
4368
4369         wrqu.data.length = 0;
4370         wrqu.data.flags = 0;
4371         wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
4372 }
4373
4374 static void handle_scan_event(struct ipw_priv *priv)
4375 {
4376         /* Only userspace-requested scan completion events go out immediately */
4377         if (!priv->user_requested_scan) {
4378                 if (!delayed_work_pending(&priv->scan_event))
4379                         queue_delayed_work(priv->workqueue, &priv->scan_event,
4380                                          round_jiffies_relative(msecs_to_jiffies(4000)));
4381         } else {
4382                 union iwreq_data wrqu;
4383
4384                 priv->user_requested_scan = 0;
4385                 cancel_delayed_work(&priv->scan_event);
4386
4387                 wrqu.data.length = 0;
4388                 wrqu.data.flags = 0;
4389                 wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
4390         }
4391 }
4392
4393 /**
4394  * Handle host notification packet.
4395  * Called from interrupt routine
4396  */
4397 static void ipw_rx_notification(struct ipw_priv *priv,
4398                                        struct ipw_rx_notification *notif)
4399 {
4400         DECLARE_MAC_BUF(mac);
4401         u16 size = le16_to_cpu(notif->size);
4402         notif->size = le16_to_cpu(notif->size);
4403
4404         IPW_DEBUG_NOTIF("type = %i (%d bytes)\n", notif->subtype, size);
4405
4406         switch (notif->subtype) {
4407         case HOST_NOTIFICATION_STATUS_ASSOCIATED:{
4408                         struct notif_association *assoc = &notif->u.assoc;
4409
4410                         switch (assoc->state) {
4411                         case CMAS_ASSOCIATED:{
4412                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4413                                                   IPW_DL_ASSOC,
4414                                                   "associated: '%s' %s"
4415                                                   " \n",
4416                                                   escape_essid(priv->essid,
4417                                                                priv->essid_len),
4418                                                   print_mac(mac, priv->bssid));
4419
4420                                         switch (priv->ieee->iw_mode) {
4421                                         case IW_MODE_INFRA:
4422                                                 memcpy(priv->ieee->bssid,
4423                                                        priv->bssid, ETH_ALEN);
4424                                                 break;
4425
4426                                         case IW_MODE_ADHOC:
4427                                                 memcpy(priv->ieee->bssid,
4428                                                        priv->bssid, ETH_ALEN);
4429
4430                                                 /* clear out the station table */
4431                                                 priv->num_stations = 0;
4432
4433                                                 IPW_DEBUG_ASSOC
4434                                                     ("queueing adhoc check\n");
4435                                                 queue_delayed_work(priv->
4436                                                                    workqueue,
4437                                                                    &priv->
4438                                                                    adhoc_check,
4439                                                                    le16_to_cpu(priv->
4440                                                                    assoc_request.
4441                                                                    beacon_interval));
4442                                                 break;
4443                                         }
4444
4445                                         priv->status &= ~STATUS_ASSOCIATING;
4446                                         priv->status |= STATUS_ASSOCIATED;
4447                                         queue_work(priv->workqueue,
4448                                                    &priv->system_config);
4449
4450 #ifdef CONFIG_IPW2200_QOS
4451 #define IPW_GET_PACKET_STYPE(x) WLAN_FC_GET_STYPE( \
4452                          le16_to_cpu(((struct ieee80211_hdr *)(x))->frame_ctl))
4453                                         if ((priv->status & STATUS_AUTH) &&
4454                                             (IPW_GET_PACKET_STYPE(&notif->u.raw)
4455                                              == IEEE80211_STYPE_ASSOC_RESP)) {
4456                                                 if ((sizeof
4457                                                      (struct
4458                                                       ieee80211_assoc_response)
4459                                                      <= size)
4460                                                     && (size <= 2314)) {
4461                                                         struct
4462                                                         ieee80211_rx_stats
4463                                                             stats = {
4464                                                                 .len = size - 1,
4465                                                         };
4466
4467                                                         IPW_DEBUG_QOS
4468                                                             ("QoS Associate "
4469                                                              "size %d\n", size);
4470                                                         ieee80211_rx_mgt(priv->
4471                                                                          ieee,
4472                                                                          (struct
4473                                                                           ieee80211_hdr_4addr
4474                                                                           *)
4475                                                                          &notif->u.raw, &stats);
4476                                                 }
4477                                         }
4478 #endif
4479
4480                                         schedule_work(&priv->link_up);
4481
4482                                         break;
4483                                 }
4484
4485                         case CMAS_AUTHENTICATED:{
4486                                         if (priv->
4487                                             status & (STATUS_ASSOCIATED |
4488                                                       STATUS_AUTH)) {
4489                                                 struct notif_authenticate *auth
4490                                                     = &notif->u.auth;
4491                                                 IPW_DEBUG(IPW_DL_NOTIF |
4492                                                           IPW_DL_STATE |
4493                                                           IPW_DL_ASSOC,
4494                                                           "deauthenticated: '%s' "
4495                                                           "%s"
4496                                                           ": (0x%04X) - %s \n",
4497                                                           escape_essid(priv->
4498                                                                        essid,
4499                                                                        priv->
4500                                                                        essid_len),
4501                                                           print_mac(mac, priv->bssid),
4502                                                           le16_to_cpu(auth->status),
4503                                                           ipw_get_status_code
4504                                                           (le16_to_cpu
4505                                                            (auth->status)));
4506
4507                                                 priv->status &=
4508                                                     ~(STATUS_ASSOCIATING |
4509                                                       STATUS_AUTH |
4510                                                       STATUS_ASSOCIATED);
4511
4512                                                 schedule_work(&priv->link_down);
4513                                                 break;
4514                                         }
4515
4516                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4517                                                   IPW_DL_ASSOC,
4518                                                   "authenticated: '%s' %s"
4519                                                   "\n",
4520                                                   escape_essid(priv->essid,
4521                                                                priv->essid_len),
4522                                                   print_mac(mac, priv->bssid));
4523                                         break;
4524                                 }
4525
4526                         case CMAS_INIT:{
4527                                         if (priv->status & STATUS_AUTH) {
4528                                                 struct
4529                                                     ieee80211_assoc_response
4530                                                 *resp;
4531                                                 resp =
4532                                                     (struct
4533                                                      ieee80211_assoc_response
4534                                                      *)&notif->u.raw;
4535                                                 IPW_DEBUG(IPW_DL_NOTIF |
4536                                                           IPW_DL_STATE |
4537                                                           IPW_DL_ASSOC,
4538                                                           "association failed (0x%04X): %s\n",
4539                                                           le16_to_cpu(resp->status),
4540                                                           ipw_get_status_code
4541                                                           (le16_to_cpu
4542                                                            (resp->status)));
4543                                         }
4544
4545                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4546                                                   IPW_DL_ASSOC,
4547                                                   "disassociated: '%s' %s"
4548                                                   " \n",
4549                                                   escape_essid(priv->essid,
4550                                                                priv->essid_len),
4551                                                   print_mac(mac, priv->bssid));
4552
4553                                         priv->status &=
4554                                             ~(STATUS_DISASSOCIATING |
4555                                               STATUS_ASSOCIATING |
4556                                               STATUS_ASSOCIATED | STATUS_AUTH);
4557                                         if (priv->assoc_network
4558                                             && (priv->assoc_network->
4559                                                 capability &
4560                                                 WLAN_CAPABILITY_IBSS))
4561                                                 ipw_remove_current_network
4562                                                     (priv);
4563
4564                                         schedule_work(&priv->link_down);
4565
4566                                         break;
4567                                 }
4568
4569                         case CMAS_RX_ASSOC_RESP:
4570                                 break;
4571
4572                         default:
4573                                 IPW_ERROR("assoc: unknown (%d)\n",
4574                                           assoc->state);
4575                                 break;
4576                         }
4577
4578                         break;
4579                 }
4580
4581         case HOST_NOTIFICATION_STATUS_AUTHENTICATE:{
4582                         struct notif_authenticate *auth = &notif->u.auth;
4583                         switch (auth->state) {
4584                         case CMAS_AUTHENTICATED:
4585                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4586                                           "authenticated: '%s' %s \n",
4587                                           escape_essid(priv->essid,
4588                                                        priv->essid_len),
4589                                           print_mac(mac, priv->bssid));
4590                                 priv->status |= STATUS_AUTH;
4591                                 break;
4592
4593                         case CMAS_INIT:
4594                                 if (priv->status & STATUS_AUTH) {
4595                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4596                                                   IPW_DL_ASSOC,
4597                                                   "authentication failed (0x%04X): %s\n",
4598                                                   le16_to_cpu(auth->status),
4599                                                   ipw_get_status_code(le16_to_cpu
4600                                                                       (auth->
4601                                                                        status)));
4602                                 }
4603                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4604                                           IPW_DL_ASSOC,
4605                                           "deauthenticated: '%s' %s\n",
4606                                           escape_essid(priv->essid,
4607                                                        priv->essid_len),
4608                                           print_mac(mac, priv->bssid));
4609
4610                                 priv->status &= ~(STATUS_ASSOCIATING |
4611                                                   STATUS_AUTH |
4612                                                   STATUS_ASSOCIATED);
4613
4614                                 schedule_work(&priv->link_down);
4615                                 break;
4616
4617                         case CMAS_TX_AUTH_SEQ_1:
4618                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4619                                           IPW_DL_ASSOC, "AUTH_SEQ_1\n");
4620                                 break;
4621                         case CMAS_RX_AUTH_SEQ_2:
4622                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4623                                           IPW_DL_ASSOC, "AUTH_SEQ_2\n");
4624                                 break;
4625                         case CMAS_AUTH_SEQ_1_PASS:
4626                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4627                                           IPW_DL_ASSOC, "AUTH_SEQ_1_PASS\n");
4628                                 break;
4629                         case CMAS_AUTH_SEQ_1_FAIL:
4630                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4631                                           IPW_DL_ASSOC, "AUTH_SEQ_1_FAIL\n");
4632                                 break;
4633                         case CMAS_TX_AUTH_SEQ_3:
4634                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4635                                           IPW_DL_ASSOC, "AUTH_SEQ_3\n");
4636                                 break;
4637                         case CMAS_RX_AUTH_SEQ_4:
4638                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4639                                           IPW_DL_ASSOC, "RX_AUTH_SEQ_4\n");
4640                                 break;
4641                         case CMAS_AUTH_SEQ_2_PASS:
4642                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4643                                           IPW_DL_ASSOC, "AUTH_SEQ_2_PASS\n");
4644                                 break;
4645                         case CMAS_AUTH_SEQ_2_FAIL:
4646                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4647                                           IPW_DL_ASSOC, "AUT_SEQ_2_FAIL\n");
4648                                 break;
4649                         case CMAS_TX_ASSOC:
4650                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4651                                           IPW_DL_ASSOC, "TX_ASSOC\n");
4652                                 break;
4653                         case CMAS_RX_ASSOC_RESP:
4654                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4655                                           IPW_DL_ASSOC, "RX_ASSOC_RESP\n");
4656
4657                                 break;
4658                         case CMAS_ASSOCIATED:
4659                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4660                                           IPW_DL_ASSOC, "ASSOCIATED\n");
4661                                 break;
4662                         default:
4663                                 IPW_DEBUG_NOTIF("auth: failure - %d\n",
4664                                                 auth->state);
4665                                 break;
4666                         }
4667                         break;
4668                 }
4669
4670         case HOST_NOTIFICATION_STATUS_SCAN_CHANNEL_RESULT:{
4671                         struct notif_channel_result *x =
4672                             &notif->u.channel_result;
4673
4674                         if (size == sizeof(*x)) {
4675                                 IPW_DEBUG_SCAN("Scan result for channel %d\n",
4676                                                x->channel_num);
4677                         } else {
4678                                 IPW_DEBUG_SCAN("Scan result of wrong size %d "
4679                                                "(should be %zd)\n",
4680                                                size, sizeof(*x));
4681                         }
4682                         break;
4683                 }
4684
4685         case HOST_NOTIFICATION_STATUS_SCAN_COMPLETED:{
4686                         struct notif_scan_complete *x = &notif->u.scan_complete;
4687                         if (size == sizeof(*x)) {
4688                                 IPW_DEBUG_SCAN
4689                                     ("Scan completed: type %d, %d channels, "
4690                                      "%d status\n", x->scan_type,
4691                                      x->num_channels, x->status);
4692                         } else {
4693                                 IPW_ERROR("Scan completed of wrong size %d "
4694                                           "(should be %zd)\n",
4695                                           size, sizeof(*x));
4696                         }
4697
4698                         priv->status &=
4699                             ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
4700
4701                         wake_up_interruptible(&priv->wait_state);
4702                         cancel_delayed_work(&priv->scan_check);
4703
4704                         if (priv->status & STATUS_EXIT_PENDING)
4705                                 break;
4706
4707                         priv->ieee->scans++;
4708
4709 #ifdef CONFIG_IPW2200_MONITOR
4710                         if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
4711                                 priv->status |= STATUS_SCAN_FORCED;
4712                                 queue_delayed_work(priv->workqueue,
4713                                                    &priv->request_scan, 0);
4714                                 break;
4715                         }
4716                         priv->status &= ~STATUS_SCAN_FORCED;
4717 #endif                          /* CONFIG_IPW2200_MONITOR */
4718
4719                         /* Do queued direct scans first */
4720                         if (priv->status & STATUS_DIRECT_SCAN_PENDING) {
4721                                 queue_delayed_work(priv->workqueue,
4722                                                    &priv->request_direct_scan, 0);
4723                         }
4724
4725                         if (!(priv->status & (STATUS_ASSOCIATED |
4726                                               STATUS_ASSOCIATING |
4727                                               STATUS_ROAMING |
4728                                               STATUS_DISASSOCIATING)))
4729                                 queue_work(priv->workqueue, &priv->associate);
4730                         else if (priv->status & STATUS_ROAMING) {
4731                                 if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
4732                                         /* If a scan completed and we are in roam mode, then
4733                                          * the scan that completed was the one requested as a
4734                                          * result of entering roam... so, schedule the
4735                                          * roam work */
4736                                         queue_work(priv->workqueue,
4737                                                    &priv->roam);
4738                                 else
4739                                         /* Don't schedule if we aborted the scan */
4740                                         priv->status &= ~STATUS_ROAMING;
4741                         } else if (priv->status & STATUS_SCAN_PENDING)
4742                                 queue_delayed_work(priv->workqueue,
4743                                                    &priv->request_scan, 0);
4744                         else if (priv->config & CFG_BACKGROUND_SCAN
4745                                  && priv->status & STATUS_ASSOCIATED)
4746                                 queue_delayed_work(priv->workqueue,
4747                                                    &priv->request_scan,
4748                                                    round_jiffies_relative(HZ));
4749
4750                         /* Send an empty event to user space.
4751                          * We don't send the received data on the event because
4752                          * it would require us to do complex transcoding, and
4753                          * we want to minimise the work done in the irq handler
4754                          * Use a request to extract the data.
4755                          * Also, we generate this even for any scan, regardless
4756                          * on how the scan was initiated. User space can just
4757                          * sync on periodic scan to get fresh data...
4758                          * Jean II */
4759                         if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
4760                                 handle_scan_event(priv);
4761                         break;
4762                 }
4763
4764         case HOST_NOTIFICATION_STATUS_FRAG_LENGTH:{
4765                         struct notif_frag_length *x = &notif->u.frag_len;
4766
4767                         if (size == sizeof(*x))
4768                                 IPW_ERROR("Frag length: %d\n",
4769                                           le16_to_cpu(x->frag_length));
4770                         else
4771                                 IPW_ERROR("Frag length of wrong size %d "
4772                                           "(should be %zd)\n",
4773                                           size, sizeof(*x));
4774                         break;
4775                 }
4776
4777         case HOST_NOTIFICATION_STATUS_LINK_DETERIORATION:{
4778                         struct notif_link_deterioration *x =
4779                             &notif->u.link_deterioration;
4780
4781                         if (size == sizeof(*x)) {
4782                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4783                                         "link deterioration: type %d, cnt %d\n",
4784                                         x->silence_notification_type,
4785                                         x->silence_count);
4786                                 memcpy(&priv->last_link_deterioration, x,
4787                                        sizeof(*x));
4788                         } else {
4789                                 IPW_ERROR("Link Deterioration of wrong size %d "
4790                                           "(should be %zd)\n",
4791                                           size, sizeof(*x));
4792                         }
4793                         break;
4794                 }
4795
4796         case HOST_NOTIFICATION_DINO_CONFIG_RESPONSE:{
4797                         IPW_ERROR("Dino config\n");
4798                         if (priv->hcmd
4799                             && priv->hcmd->cmd != HOST_CMD_DINO_CONFIG)
4800                                 IPW_ERROR("Unexpected DINO_CONFIG_RESPONSE\n");
4801
4802                         break;
4803                 }
4804
4805         case HOST_NOTIFICATION_STATUS_BEACON_STATE:{
4806                         struct notif_beacon_state *x = &notif->u.beacon_state;
4807                         if (size != sizeof(*x)) {
4808                                 IPW_ERROR
4809                                     ("Beacon state of wrong size %d (should "
4810                                      "be %zd)\n", size, sizeof(*x));
4811                                 break;
4812                         }
4813
4814                         if (le32_to_cpu(x->state) ==
4815                             HOST_NOTIFICATION_STATUS_BEACON_MISSING)
4816                                 ipw_handle_missed_beacon(priv,
4817                                                          le32_to_cpu(x->
4818                                                                      number));
4819
4820                         break;
4821                 }
4822
4823         case HOST_NOTIFICATION_STATUS_TGI_TX_KEY:{
4824                         struct notif_tgi_tx_key *x = &notif->u.tgi_tx_key;
4825                         if (size == sizeof(*x)) {
4826                                 IPW_ERROR("TGi Tx Key: state 0x%02x sec type "
4827                                           "0x%02x station %d\n",
4828                                           x->key_state, x->security_type,
4829                                           x->station_index);
4830                                 break;
4831                         }
4832
4833                         IPW_ERROR
4834                             ("TGi Tx Key of wrong size %d (should be %zd)\n",
4835                              size, sizeof(*x));
4836                         break;
4837                 }
4838
4839         case HOST_NOTIFICATION_CALIB_KEEP_RESULTS:{
4840                         struct notif_calibration *x = &notif->u.calibration;
4841
4842                         if (size == sizeof(*x)) {
4843                                 memcpy(&priv->calib, x, sizeof(*x));
4844                                 IPW_DEBUG_INFO("TODO: Calibration\n");
4845                                 break;
4846                         }
4847
4848                         IPW_ERROR
4849                             ("Calibration of wrong size %d (should be %zd)\n",
4850                              size, sizeof(*x));
4851                         break;
4852                 }
4853
4854         case HOST_NOTIFICATION_NOISE_STATS:{
4855                         if (size == sizeof(u32)) {
4856                                 priv->exp_avg_noise =
4857                                     exponential_average(priv->exp_avg_noise,
4858                                     (u8) (le32_to_cpu(notif->u.noise.value) & 0xff),
4859                                     DEPTH_NOISE);
4860                                 break;
4861                         }
4862
4863                         IPW_ERROR
4864                             ("Noise stat is wrong size %d (should be %zd)\n",
4865                              size, sizeof(u32));
4866                         break;
4867                 }
4868
4869         default:
4870                 IPW_DEBUG_NOTIF("Unknown notification: "
4871                                 "subtype=%d,flags=0x%2x,size=%d\n",
4872                                 notif->subtype, notif->flags, size);
4873         }
4874 }
4875
4876 /**
4877  * Destroys all DMA structures and initialise them again
4878  *
4879  * @param priv
4880  * @return error code
4881  */
4882 static int ipw_queue_reset(struct ipw_priv *priv)
4883 {
4884         int rc = 0;
4885         /** @todo customize queue sizes */
4886         int nTx = 64, nTxCmd = 8;
4887         ipw_tx_queue_free(priv);
4888         /* Tx CMD queue */
4889         rc = ipw_queue_tx_init(priv, &priv->txq_cmd, nTxCmd,
4890                                IPW_TX_CMD_QUEUE_READ_INDEX,
4891                                IPW_TX_CMD_QUEUE_WRITE_INDEX,
4892                                IPW_TX_CMD_QUEUE_BD_BASE,
4893                                IPW_TX_CMD_QUEUE_BD_SIZE);
4894         if (rc) {
4895                 IPW_ERROR("Tx Cmd queue init failed\n");
4896                 goto error;
4897         }
4898         /* Tx queue(s) */
4899         rc = ipw_queue_tx_init(priv, &priv->txq[0], nTx,
4900                                IPW_TX_QUEUE_0_READ_INDEX,
4901                                IPW_TX_QUEUE_0_WRITE_INDEX,
4902                                IPW_TX_QUEUE_0_BD_BASE, IPW_TX_QUEUE_0_BD_SIZE);
4903         if (rc) {
4904                 IPW_ERROR("Tx 0 queue init failed\n");
4905                 goto error;
4906         }
4907         rc = ipw_queue_tx_init(priv, &priv->txq[1], nTx,
4908                                IPW_TX_QUEUE_1_READ_INDEX,
4909                                IPW_TX_QUEUE_1_WRITE_INDEX,
4910                                IPW_TX_QUEUE_1_BD_BASE, IPW_TX_QUEUE_1_BD_SIZE);
4911         if (rc) {
4912                 IPW_ERROR("Tx 1 queue init failed\n");
4913                 goto error;
4914         }
4915         rc = ipw_queue_tx_init(priv, &priv->txq[2], nTx,
4916                                IPW_TX_QUEUE_2_READ_INDEX,
4917                                IPW_TX_QUEUE_2_WRITE_INDEX,
4918                                IPW_TX_QUEUE_2_BD_BASE, IPW_TX_QUEUE_2_BD_SIZE);
4919         if (rc) {
4920                 IPW_ERROR("Tx 2 queue init failed\n");
4921                 goto error;
4922         }
4923         rc = ipw_queue_tx_init(priv, &priv->txq[3], nTx,
4924                                IPW_TX_QUEUE_3_READ_INDEX,
4925                                IPW_TX_QUEUE_3_WRITE_INDEX,
4926                                IPW_TX_QUEUE_3_BD_BASE, IPW_TX_QUEUE_3_BD_SIZE);
4927         if (rc) {
4928                 IPW_ERROR("Tx 3 queue init failed\n");
4929                 goto error;
4930         }
4931         /* statistics */
4932         priv->rx_bufs_min = 0;
4933         priv->rx_pend_max = 0;
4934         return rc;
4935
4936       error:
4937         ipw_tx_queue_free(priv);
4938         return rc;
4939 }
4940
4941 /**
4942  * Reclaim Tx queue entries no more used by NIC.
4943  *
4944  * When FW advances 'R' index, all entries between old and
4945  * new 'R' index need to be reclaimed. As result, some free space
4946  * forms. If there is enough free space (> low mark), wake Tx queue.
4947  *
4948  * @note Need to protect against garbage in 'R' index
4949  * @param priv
4950  * @param txq
4951  * @param qindex
4952  * @return Number of used entries remains in the queue
4953  */
4954 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
4955                                 struct clx2_tx_queue *txq, int qindex)
4956 {
4957         u32 hw_tail;
4958         int used;
4959         struct clx2_queue *q = &txq->q;
4960
4961         hw_tail = ipw_read32(priv, q->reg_r);
4962         if (hw_tail >= q->n_bd) {
4963                 IPW_ERROR
4964                     ("Read index for DMA queue (%d) is out of range [0-%d)\n",
4965                      hw_tail, q->n_bd);
4966                 goto done;
4967         }
4968         for (; q->last_used != hw_tail;
4969              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
4970                 ipw_queue_tx_free_tfd(priv, txq);
4971                 priv->tx_packets++;
4972         }
4973       done:
4974         if ((ipw_tx_queue_space(q) > q->low_mark) &&
4975             (qindex >= 0))
4976                 netif_wake_queue(priv->net_dev);
4977         used = q->first_empty - q->last_used;
4978         if (used < 0)
4979                 used += q->n_bd;
4980
4981         return used;
4982 }
4983
4984 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
4985                              int len, int sync)
4986 {
4987         struct clx2_tx_queue *txq = &priv->txq_cmd;
4988         struct clx2_queue *q = &txq->q;
4989         struct tfd_frame *tfd;
4990
4991         if (ipw_tx_queue_space(q) < (sync ? 1 : 2)) {
4992                 IPW_ERROR("No space for Tx\n");
4993                 return -EBUSY;
4994         }
4995
4996         tfd = &txq->bd[q->first_empty];
4997         txq->txb[q->first_empty] = NULL;
4998
4999         memset(tfd, 0, sizeof(*tfd));
5000         tfd->control_flags.message_type = TX_HOST_COMMAND_TYPE;
5001         tfd->control_flags.control_bits = TFD_NEED_IRQ_MASK;
5002         priv->hcmd_seq++;
5003         tfd->u.cmd.index = hcmd;
5004         tfd->u.cmd.length = len;
5005         memcpy(tfd->u.cmd.payload, buf, len);
5006         q->first_empty = ipw_queue_inc_wrap(q->first_empty, q->n_bd);
5007         ipw_write32(priv, q->reg_w, q->first_empty);
5008         _ipw_read32(priv, 0x90);
5009
5010         return 0;
5011 }
5012
5013 /*
5014  * Rx theory of operation
5015  *
5016  * The host allocates 32 DMA target addresses and passes the host address
5017  * to the firmware at register IPW_RFDS_TABLE_LOWER + N * RFD_SIZE where N is
5018  * 0 to 31
5019  *
5020  * Rx Queue Indexes
5021  * The host/firmware share two index registers for managing the Rx buffers.
5022  *
5023  * The READ index maps to the first position that the firmware may be writing
5024  * to -- the driver can read up to (but not including) this position and get
5025  * good data.
5026  * The READ index is managed by the firmware once the card is enabled.
5027  *
5028  * The WRITE index maps to the last position the driver has read from -- the
5029  * position preceding WRITE is the last slot the firmware can place a packet.
5030  *
5031  * The queue is empty (no good data) if WRITE = READ - 1, and is full if
5032  * WRITE = READ.
5033  *
5034  * During initialization the host sets up the READ queue position to the first
5035  * INDEX position, and WRITE to the last (READ - 1 wrapped)
5036  *
5037  * When the firmware places a packet in a buffer it will advance the READ index
5038  * and fire the RX interrupt.  The driver can then query the READ index and
5039  * process as many packets as possible, moving the WRITE index forward as it
5040  * resets the Rx queue buffers with new memory.
5041  *
5042  * The management in the driver is as follows:
5043  * + A list of pre-allocated SKBs is stored in ipw->rxq->rx_free.  When
5044  *   ipw->rxq->free_count drops to or below RX_LOW_WATERMARK, work is scheduled
5045  *   to replensish the ipw->rxq->rx_free.
5046  * + In ipw_rx_queue_replenish (scheduled) if 'processed' != 'read' then the
5047  *   ipw->rxq is replenished and the READ INDEX is updated (updating the
5048  *   'processed' and 'read' driver indexes as well)
5049  * + A received packet is processed and handed to the kernel network stack,
5050  *   detached from the ipw->rxq.  The driver 'processed' index is updated.
5051  * + The Host/Firmware ipw->rxq is replenished at tasklet time from the rx_free
5052  *   list. If there are no allocated buffers in ipw->rxq->rx_free, the READ
5053  *   INDEX is not incremented and ipw->status(RX_STALLED) is set.  If there
5054  *   were enough free buffers and RX_STALLED is set it is cleared.
5055  *
5056  *
5057  * Driver sequence:
5058  *
5059  * ipw_rx_queue_alloc()       Allocates rx_free
5060  * ipw_rx_queue_replenish()   Replenishes rx_free list from rx_used, and calls
5061  *                            ipw_rx_queue_restock
5062  * ipw_rx_queue_restock()     Moves available buffers from rx_free into Rx
5063  *                            queue, updates firmware pointers, and updates
5064  *                            the WRITE index.  If insufficient rx_free buffers
5065  *                            are available, schedules ipw_rx_queue_replenish
5066  *
5067  * -- enable interrupts --
5068  * ISR - ipw_rx()             Detach ipw_rx_mem_buffers from pool up to the
5069  *                            READ INDEX, detaching the SKB from the pool.
5070  *                            Moves the packet buffer from queue to rx_used.
5071  *                            Calls ipw_rx_queue_restock to refill any empty
5072  *                            slots.
5073  * ...
5074  *
5075  */
5076
5077 /*
5078  * If there are slots in the RX queue that  need to be restocked,
5079  * and we have free pre-allocated buffers, fill the ranks as much
5080  * as we can pulling from rx_free.
5081  *
5082  * This moves the 'write' index forward to catch up with 'processed', and
5083  * also updates the memory address in the firmware to reference the new
5084  * target buffer.
5085  */
5086 static void ipw_rx_queue_restock(struct ipw_priv *priv)
5087 {
5088         struct ipw_rx_queue *rxq = priv->rxq;
5089         struct list_head *element;
5090         struct ipw_rx_mem_buffer *rxb;
5091         unsigned long flags;
5092         int write;
5093
5094         spin_lock_irqsave(&rxq->lock, flags);
5095         write = rxq->write;
5096         while ((ipw_rx_queue_space(rxq) > 0) && (rxq->free_count)) {
5097                 element = rxq->rx_free.next;
5098                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
5099                 list_del(element);
5100
5101                 ipw_write32(priv, IPW_RFDS_TABLE_LOWER + rxq->write * RFD_SIZE,
5102                             rxb->dma_addr);
5103                 rxq->queue[rxq->write] = rxb;
5104                 rxq->write = (rxq->write + 1) % RX_QUEUE_SIZE;
5105                 rxq->free_count--;
5106         }
5107         spin_unlock_irqrestore(&rxq->lock, flags);
5108
5109         /* If the pre-allocated buffer pool is dropping low, schedule to
5110          * refill it */
5111         if (rxq->free_count <= RX_LOW_WATERMARK)
5112                 queue_work(priv->workqueue, &priv->rx_replenish);
5113
5114         /* If we've added more space for the firmware to place data, tell it */
5115         if (write != rxq->write)
5116                 ipw_write32(priv, IPW_RX_WRITE_INDEX, rxq->write);
5117 }
5118
5119 /*
5120  * Move all used packet from rx_used to rx_free, allocating a new SKB for each.
5121  * Also restock the Rx queue via ipw_rx_queue_restock.
5122  *
5123  * This is called as a scheduled work item (except for during intialization)
5124  */
5125 static void ipw_rx_queue_replenish(void *data)
5126 {
5127         struct ipw_priv *priv = data;
5128         struct ipw_rx_queue *rxq = priv->rxq;
5129         struct list_head *element;
5130         struct ipw_rx_mem_buffer *rxb;
5131         unsigned long flags;
5132
5133         spin_lock_irqsave(&rxq->lock, flags);
5134         while (!list_empty(&rxq->rx_used)) {
5135                 element = rxq->rx_used.next;
5136                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
5137                 rxb->skb = alloc_skb(IPW_RX_BUF_SIZE, GFP_ATOMIC);
5138                 if (!rxb->skb) {
5139                         printk(KERN_CRIT "%s: Can not allocate SKB buffers.\n",
5140                                priv->net_dev->name);
5141                         /* We don't reschedule replenish work here -- we will
5142                          * call the restock method and if it still needs
5143                          * more buffers it will schedule replenish */
5144                         break;
5145                 }
5146                 list_del(element);
5147
5148                 rxb->dma_addr =
5149                     pci_map_single(priv->pci_dev, rxb->skb->data,
5150                                    IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
5151
5152                 list_add_tail(&rxb->list, &rxq->rx_free);
5153                 rxq->free_count++;
5154         }
5155         spin_unlock_irqrestore(&rxq->lock, flags);
5156
5157         ipw_rx_queue_restock(priv);
5158 }
5159
5160 static void ipw_bg_rx_queue_replenish(struct work_struct *work)
5161 {
5162         struct ipw_priv *priv =
5163                 container_of(work, struct ipw_priv, rx_replenish);
5164         mutex_lock(&priv->mutex);
5165         ipw_rx_queue_replenish(priv);
5166         mutex_unlock(&priv->mutex);
5167 }
5168
5169 /* Assumes that the skb field of the buffers in 'pool' is kept accurate.
5170  * If an SKB has been detached, the POOL needs to have its SKB set to NULL
5171  * This free routine walks the list of POOL entries and if SKB is set to
5172  * non NULL it is unmapped and freed
5173  */
5174 static void ipw_rx_queue_free(struct ipw_priv *priv, struct ipw_rx_queue *rxq)
5175 {
5176         int i;
5177
5178         if (!rxq)
5179                 return;
5180
5181         for (i = 0; i < RX_QUEUE_SIZE + RX_FREE_BUFFERS; i++) {
5182                 if (rxq->pool[i].skb != NULL) {
5183                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
5184                                          IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
5185                         dev_kfree_skb(rxq->pool[i].skb);
5186                 }
5187         }
5188
5189         kfree(rxq);
5190 }
5191
5192 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *priv)
5193 {
5194         struct ipw_rx_queue *rxq;
5195         int i;
5196
5197         rxq = kzalloc(sizeof(*rxq), GFP_KERNEL);
5198         if (unlikely(!rxq)) {
5199                 IPW_ERROR("memory allocation failed\n");
5200                 return NULL;
5201         }
5202         spin_lock_init(&rxq->lock);
5203         INIT_LIST_HEAD(&rxq->rx_free);
5204         INIT_LIST_HEAD(&rxq->rx_used);
5205
5206         /* Fill the rx_used queue with _all_ of the Rx buffers */
5207         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++)
5208                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
5209
5210         /* Set us so that we have processed and used all buffers, but have
5211          * not restocked the Rx queue with fresh buffers */
5212         rxq->read = rxq->write = 0;
5213         rxq->free_count = 0;
5214
5215         return rxq;
5216 }
5217
5218 static int ipw_is_rate_in_mask(struct ipw_priv *priv, int ieee_mode, u8 rate)
5219 {
5220         rate &= ~IEEE80211_BASIC_RATE_MASK;
5221         if (ieee_mode == IEEE_A) {
5222                 switch (rate) {
5223                 case IEEE80211_OFDM_RATE_6MB:
5224                         return priv->rates_mask & IEEE80211_OFDM_RATE_6MB_MASK ?
5225                             1 : 0;
5226                 case IEEE80211_OFDM_RATE_9MB:
5227                         return priv->rates_mask & IEEE80211_OFDM_RATE_9MB_MASK ?
5228                             1 : 0;
5229                 case IEEE80211_OFDM_RATE_12MB:
5230                         return priv->
5231                             rates_mask & IEEE80211_OFDM_RATE_12MB_MASK ? 1 : 0;
5232                 case IEEE80211_OFDM_RATE_18MB:
5233                         return priv->
5234                             rates_mask & IEEE80211_OFDM_RATE_18MB_MASK ? 1 : 0;
5235                 case IEEE80211_OFDM_RATE_24MB:
5236                         return priv->
5237                             rates_mask & IEEE80211_OFDM_RATE_24MB_MASK ? 1 : 0;
5238                 case IEEE80211_OFDM_RATE_36MB:
5239                         return priv->
5240                             rates_mask & IEEE80211_OFDM_RATE_36MB_MASK ? 1 : 0;
5241                 case IEEE80211_OFDM_RATE_48MB:
5242                         return priv->
5243                             rates_mask & IEEE80211_OFDM_RATE_48MB_MASK ? 1 : 0;
5244                 case IEEE80211_OFDM_RATE_54MB:
5245                         return priv->
5246                             rates_mask & IEEE80211_OFDM_RATE_54MB_MASK ? 1 : 0;
5247                 default:
5248                         return 0;
5249                 }
5250         }
5251
5252         /* B and G mixed */
5253         switch (rate) {
5254         case IEEE80211_CCK_RATE_1MB:
5255                 return priv->rates_mask & IEEE80211_CCK_RATE_1MB_MASK ? 1 : 0;
5256         case IEEE80211_CCK_RATE_2MB:
5257                 return priv->rates_mask & IEEE80211_CCK_RATE_2MB_MASK ? 1 : 0;
5258         case IEEE80211_CCK_RATE_5MB:
5259                 return priv->rates_mask & IEEE80211_CCK_RATE_5MB_MASK ? 1 : 0;
5260         case IEEE80211_CCK_RATE_11MB:
5261                 return priv->rates_mask & IEEE80211_CCK_RATE_11MB_MASK ? 1 : 0;
5262         }
5263
5264         /* If we are limited to B modulations, bail at this point */
5265         if (ieee_mode == IEEE_B)
5266                 return 0;
5267
5268         /* G */
5269         switch (rate) {
5270         case IEEE80211_OFDM_RATE_6MB:
5271                 return priv->rates_mask & IEEE80211_OFDM_RATE_6MB_MASK ? 1 : 0;
5272         case IEEE80211_OFDM_RATE_9MB:
5273                 return priv->rates_mask & IEEE80211_OFDM_RATE_9MB_MASK ? 1 : 0;
5274         case IEEE80211_OFDM_RATE_12MB:
5275                 return priv->rates_mask & IEEE80211_OFDM_RATE_12MB_MASK ? 1 : 0;
5276         case IEEE80211_OFDM_RATE_18MB:
5277                 return priv->rates_mask & IEEE80211_OFDM_RATE_18MB_MASK ? 1 : 0;
5278         case IEEE80211_OFDM_RATE_24MB:
5279                 return priv->rates_mask & IEEE80211_OFDM_RATE_24MB_MASK ? 1 : 0;
5280         case IEEE80211_OFDM_RATE_36MB:
5281                 return priv->rates_mask & IEEE80211_OFDM_RATE_36MB_MASK ? 1 : 0;
5282         case IEEE80211_OFDM_RATE_48MB:
5283                 return priv->rates_mask & IEEE80211_OFDM_RATE_48MB_MASK ? 1 : 0;
5284         case IEEE80211_OFDM_RATE_54MB:
5285                 return priv->rates_mask & IEEE80211_OFDM_RATE_54MB_MASK ? 1 : 0;
5286         }
5287
5288         return 0;
5289 }
5290
5291 static int ipw_compatible_rates(struct ipw_priv *priv,
5292                                 const struct ieee80211_network *network,
5293                                 struct ipw_supported_rates *rates)
5294 {
5295         int num_rates, i;
5296
5297         memset(rates, 0, sizeof(*rates));
5298         num_rates = min(network->rates_len, (u8) IPW_MAX_RATES);
5299         rates->num_rates = 0;
5300         for (i = 0; i < num_rates; i++) {
5301                 if (!ipw_is_rate_in_mask(priv, network->mode,
5302                                          network->rates[i])) {
5303
5304                         if (network->rates[i] & IEEE80211_BASIC_RATE_MASK) {
5305                                 IPW_DEBUG_SCAN("Adding masked mandatory "
5306                                                "rate %02X\n",
5307                                                network->rates[i]);
5308                                 rates->supported_rates[rates->num_rates++] =
5309                                     network->rates[i];
5310                                 continue;
5311                         }
5312
5313                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
5314                                        network->rates[i], priv->rates_mask);
5315                         continue;
5316                 }
5317
5318                 rates->supported_rates[rates->num_rates++] = network->rates[i];
5319         }
5320
5321         num_rates = min(network->rates_ex_len,
5322                         (u8) (IPW_MAX_RATES - num_rates));
5323         for (i = 0; i < num_rates; i++) {
5324                 if (!ipw_is_rate_in_mask(priv, network->mode,
5325                                          network->rates_ex[i])) {
5326                         if (network->rates_ex[i] & IEEE80211_BASIC_RATE_MASK) {
5327                                 IPW_DEBUG_SCAN("Adding masked mandatory "
5328                                                "rate %02X\n",
5329                                                network->rates_ex[i]);
5330                                 rates->supported_rates[rates->num_rates++] =
5331                                     network->rates[i];
5332                                 continue;
5333                         }
5334
5335                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
5336                                        network->rates_ex[i], priv->rates_mask);
5337                         continue;
5338                 }
5339
5340                 rates->supported_rates[rates->num_rates++] =
5341                     network->rates_ex[i];
5342         }
5343
5344         return 1;
5345 }
5346
5347 static void ipw_copy_rates(struct ipw_supported_rates *dest,
5348                                   const struct ipw_supported_rates *src)
5349 {
5350         u8 i;
5351         for (i = 0; i < src->num_rates; i++)
5352                 dest->supported_rates[i] = src->supported_rates[i];
5353         dest->num_rates = src->num_rates;
5354 }
5355
5356 /* TODO: Look at sniffed packets in the air to determine if the basic rate
5357  * mask should ever be used -- right now all callers to add the scan rates are
5358  * set with the modulation = CCK, so BASIC_RATE_MASK is never set... */
5359 static void ipw_add_cck_scan_rates(struct ipw_supported_rates *rates,
5360                                    u8 modulation, u32 rate_mask)
5361 {
5362         u8 basic_mask = (IEEE80211_OFDM_MODULATION == modulation) ?
5363             IEEE80211_BASIC_RATE_MASK : 0;
5364
5365         if (rate_mask & IEEE80211_CCK_RATE_1MB_MASK)
5366                 rates->supported_rates[rates->num_rates++] =
5367                     IEEE80211_BASIC_RATE_MASK | IEEE80211_CCK_RATE_1MB;
5368
5369         if (rate_mask & IEEE80211_CCK_RATE_2MB_MASK)
5370                 rates->supported_rates[rates->num_rates++] =
5371                     IEEE80211_BASIC_RATE_MASK | IEEE80211_CCK_RATE_2MB;
5372
5373         if (rate_mask & IEEE80211_CCK_RATE_5MB_MASK)
5374                 rates->supported_rates[rates->num_rates++] = basic_mask |
5375                     IEEE80211_CCK_RATE_5MB;
5376
5377         if (rate_mask & IEEE80211_CCK_RATE_11MB_MASK)
5378                 rates->supported_rates[rates->num_rates++] = basic_mask |
5379                     IEEE80211_CCK_RATE_11MB;
5380 }
5381
5382 static void ipw_add_ofdm_scan_rates(struct ipw_supported_rates *rates,
5383                                     u8 modulation, u32 rate_mask)
5384 {
5385         u8 basic_mask = (IEEE80211_OFDM_MODULATION == modulation) ?
5386             IEEE80211_BASIC_RATE_MASK : 0;
5387
5388         if (rate_mask & IEEE80211_OFDM_RATE_6MB_MASK)
5389                 rates->supported_rates[rates->num_rates++] = basic_mask |
5390                     IEEE80211_OFDM_RATE_6MB;
5391
5392         if (rate_mask & IEEE80211_OFDM_RATE_9MB_MASK)
5393                 rates->supported_rates[rates->num_rates++] =
5394                     IEEE80211_OFDM_RATE_9MB;
5395
5396         if (rate_mask & IEEE80211_OFDM_RATE_12MB_MASK)
5397                 rates->supported_rates[rates->num_rates++] = basic_mask |
5398                     IEEE80211_OFDM_RATE_12MB;
5399
5400         if (rate_mask & IEEE80211_OFDM_RATE_18MB_MASK)
5401                 rates->supported_rates[rates->num_rates++] =
5402                     IEEE80211_OFDM_RATE_18MB;
5403
5404         if (rate_mask & IEEE80211_OFDM_RATE_24MB_MASK)
5405                 rates->supported_rates[rates->num_rates++] = basic_mask |
5406                     IEEE80211_OFDM_RATE_24MB;
5407
5408         if (rate_mask & IEEE80211_OFDM_RATE_36MB_MASK)
5409                 rates->supported_rates[rates->num_rates++] =
5410                     IEEE80211_OFDM_RATE_36MB;
5411
5412         if (rate_mask & IEEE80211_OFDM_RATE_48MB_MASK)
5413                 rates->supported_rates[rates->num_rates++] =
5414                     IEEE80211_OFDM_RATE_48MB;
5415
5416         if (rate_mask & IEEE80211_OFDM_RATE_54MB_MASK)
5417                 rates->supported_rates[rates->num_rates++] =
5418                     IEEE80211_OFDM_RATE_54MB;
5419 }
5420
5421 struct ipw_network_match {
5422         struct ieee80211_network *network;
5423         struct ipw_supported_rates rates;
5424 };
5425
5426 static int ipw_find_adhoc_network(struct ipw_priv *priv,
5427                                   struct ipw_network_match *match,
5428                                   struct ieee80211_network *network,
5429                                   int roaming)
5430 {
5431         struct ipw_supported_rates rates;
5432         DECLARE_MAC_BUF(mac);
5433         DECLARE_MAC_BUF(mac2);
5434
5435         /* Verify that this network's capability is compatible with the
5436          * current mode (AdHoc or Infrastructure) */
5437         if ((priv->ieee->iw_mode == IW_MODE_ADHOC &&
5438              !(network->capability & WLAN_CAPABILITY_IBSS))) {
5439                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded due to "
5440                                 "capability mismatch.\n",
5441                                 escape_essid(network->ssid, network->ssid_len),
5442                                 print_mac(mac, network->bssid));
5443                 return 0;
5444         }
5445
5446         /* If we do not have an ESSID for this AP, we can not associate with
5447          * it */
5448         if (network->flags & NETWORK_EMPTY_ESSID) {
5449                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5450                                 "because of hidden ESSID.\n",
5451                                 escape_essid(network->ssid, network->ssid_len),
5452                                 print_mac(mac, network->bssid));
5453                 return 0;
5454         }
5455
5456         if (unlikely(roaming)) {
5457                 /* If we are roaming, then ensure check if this is a valid
5458                  * network to try and roam to */
5459                 if ((network->ssid_len != match->network->ssid_len) ||
5460                     memcmp(network->ssid, match->network->ssid,
5461                            network->ssid_len)) {
5462                         IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5463                                         "because of non-network ESSID.\n",
5464                                         escape_essid(network->ssid,
5465                                                      network->ssid_len),
5466                                         print_mac(mac, network->bssid));
5467                         return 0;
5468                 }
5469         } else {
5470                 /* If an ESSID has been configured then compare the broadcast
5471                  * ESSID to ours */
5472                 if ((priv->config & CFG_STATIC_ESSID) &&
5473                     ((network->ssid_len != priv->essid_len) ||
5474                      memcmp(network->ssid, priv->essid,
5475                             min(network->ssid_len, priv->essid_len)))) {
5476                         char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5477
5478                         strncpy(escaped,
5479                                 escape_essid(network->ssid, network->ssid_len),
5480                                 sizeof(escaped));
5481                         IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5482                                         "because of ESSID mismatch: '%s'.\n",
5483                                         escaped, print_mac(mac, network->bssid),
5484                                         escape_essid(priv->essid,
5485                                                      priv->essid_len));
5486                         return 0;
5487                 }
5488         }
5489
5490         /* If the old network rate is better than this one, don't bother
5491          * testing everything else. */
5492
5493         if (network->time_stamp[0] < match->network->time_stamp[0]) {
5494                 IPW_DEBUG_MERGE("Network '%s excluded because newer than "
5495                                 "current network.\n",
5496                                 escape_essid(match->network->ssid,
5497                                              match->network->ssid_len));
5498                 return 0;
5499         } else if (network->time_stamp[1] < match->network->time_stamp[1]) {
5500                 IPW_DEBUG_MERGE("Network '%s excluded because newer than "
5501                                 "current network.\n",
5502                                 escape_essid(match->network->ssid,
5503                                              match->network->ssid_len));
5504                 return 0;
5505         }
5506
5507         /* Now go through and see if the requested network is valid... */
5508         if (priv->ieee->scan_age != 0 &&
5509             time_after(jiffies, network->last_scanned + priv->ieee->scan_age)) {
5510                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5511                                 "because of age: %ums.\n",
5512                                 escape_essid(network->ssid, network->ssid_len),
5513                                 print_mac(mac, network->bssid),
5514                                 jiffies_to_msecs(jiffies -
5515                                                  network->last_scanned));
5516                 return 0;
5517         }
5518
5519         if ((priv->config & CFG_STATIC_CHANNEL) &&
5520             (network->channel != priv->channel)) {
5521                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5522                                 "because of channel mismatch: %d != %d.\n",
5523                                 escape_essid(network->ssid, network->ssid_len),
5524                                 print_mac(mac, network->bssid),
5525                                 network->channel, priv->channel);
5526                 return 0;
5527         }
5528
5529         /* Verify privacy compatability */
5530         if (((priv->capability & CAP_PRIVACY_ON) ? 1 : 0) !=
5531             ((network->capability & WLAN_CAPABILITY_PRIVACY) ? 1 : 0)) {
5532                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5533                                 "because of privacy mismatch: %s != %s.\n",
5534                                 escape_essid(network->ssid, network->ssid_len),
5535                                 print_mac(mac, network->bssid),
5536                                 priv->
5537                                 capability & CAP_PRIVACY_ON ? "on" : "off",
5538                                 network->
5539                                 capability & WLAN_CAPABILITY_PRIVACY ? "on" :
5540                                 "off");
5541                 return 0;
5542         }
5543
5544         if (!memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
5545                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5546                                 "because of the same BSSID match: %s"
5547                                 ".\n", escape_essid(network->ssid,
5548                                                     network->ssid_len),
5549                                 print_mac(mac, network->bssid),
5550                                 print_mac(mac2, priv->bssid));
5551                 return 0;
5552         }
5553
5554         /* Filter out any incompatible freq / mode combinations */
5555         if (!ieee80211_is_valid_mode(priv->ieee, network->mode)) {
5556                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5557                                 "because of invalid frequency/mode "
5558                                 "combination.\n",
5559                                 escape_essid(network->ssid, network->ssid_len),
5560                                 print_mac(mac, network->bssid));
5561                 return 0;
5562         }
5563
5564         /* Ensure that the rates supported by the driver are compatible with
5565          * this AP, including verification of basic rates (mandatory) */
5566         if (!ipw_compatible_rates(priv, network, &rates)) {
5567                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5568                                 "because configured rate mask excludes "
5569                                 "AP mandatory rate.\n",
5570                                 escape_essid(network->ssid, network->ssid_len),
5571                                 print_mac(mac, network->bssid));
5572                 return 0;
5573         }
5574
5575         if (rates.num_rates == 0) {
5576                 IPW_DEBUG_MERGE("Network '%s (%s)' excluded "
5577                                 "because of no compatible rates.\n",
5578                                 escape_essid(network->ssid, network->ssid_len),
5579                                 print_mac(mac, network->bssid));
5580                 return 0;
5581         }
5582
5583         /* TODO: Perform any further minimal comparititive tests.  We do not
5584          * want to put too much policy logic here; intelligent scan selection
5585          * should occur within a generic IEEE 802.11 user space tool.  */
5586
5587         /* Set up 'new' AP to this network */
5588         ipw_copy_rates(&match->rates, &rates);
5589         match->network = network;
5590         IPW_DEBUG_MERGE("Network '%s (%s)' is a viable match.\n",
5591                         escape_essid(network->ssid, network->ssid_len),
5592                         print_mac(mac, network->bssid));
5593
5594         return 1;
5595 }
5596
5597 static void ipw_merge_adhoc_network(struct work_struct *work)
5598 {
5599         struct ipw_priv *priv =
5600                 container_of(work, struct ipw_priv, merge_networks);
5601         struct ieee80211_network *network = NULL;
5602         struct ipw_network_match match = {
5603                 .network = priv->assoc_network
5604         };
5605
5606         if ((priv->status & STATUS_ASSOCIATED) &&
5607             (priv->ieee->iw_mode == IW_MODE_ADHOC)) {
5608                 /* First pass through ROAM process -- look for a better
5609                  * network */
5610                 unsigned long flags;
5611
5612                 spin_lock_irqsave(&priv->ieee->lock, flags);
5613                 list_for_each_entry(network, &priv->ieee->network_list, list) {
5614                         if (network != priv->assoc_network)
5615                                 ipw_find_adhoc_network(priv, &match, network,
5616                                                        1);
5617                 }
5618                 spin_unlock_irqrestore(&priv->ieee->lock, flags);
5619
5620                 if (match.network == priv->assoc_network) {
5621                         IPW_DEBUG_MERGE("No better ADHOC in this network to "
5622                                         "merge to.\n");
5623                         return;
5624                 }
5625
5626                 mutex_lock(&priv->mutex);
5627                 if ((priv->ieee->iw_mode == IW_MODE_ADHOC)) {
5628                         IPW_DEBUG_MERGE("remove network %s\n",
5629                                         escape_essid(priv->essid,
5630                                                      priv->essid_len));
5631                         ipw_remove_current_network(priv);
5632                 }
5633
5634                 ipw_disassociate(priv);
5635                 priv->assoc_network = match.network;
5636                 mutex_unlock(&priv->mutex);
5637                 return;
5638         }
5639 }
5640
5641 static int ipw_best_network(struct ipw_priv *priv,
5642                             struct ipw_network_match *match,
5643                             struct ieee80211_network *network, int roaming)
5644 {
5645         struct ipw_supported_rates rates;
5646         DECLARE_MAC_BUF(mac);
5647
5648         /* Verify that this network's capability is compatible with the
5649          * current mode (AdHoc or Infrastructure) */
5650         if ((priv->ieee->iw_mode == IW_MODE_INFRA &&
5651              !(network->capability & WLAN_CAPABILITY_ESS)) ||
5652             (priv->ieee->iw_mode == IW_MODE_ADHOC &&
5653              !(network->capability & WLAN_CAPABILITY_IBSS))) {
5654                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded due to "
5655                                 "capability mismatch.\n",
5656                                 escape_essid(network->ssid, network->ssid_len),
5657                                 print_mac(mac, network->bssid));
5658                 return 0;
5659         }
5660
5661         /* If we do not have an ESSID for this AP, we can not associate with
5662          * it */
5663         if (network->flags & NETWORK_EMPTY_ESSID) {
5664                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5665                                 "because of hidden ESSID.\n",
5666                                 escape_essid(network->ssid, network->ssid_len),
5667                                 print_mac(mac, network->bssid));
5668                 return 0;
5669         }
5670
5671         if (unlikely(roaming)) {
5672                 /* If we are roaming, then ensure check if this is a valid
5673                  * network to try and roam to */
5674                 if ((network->ssid_len != match->network->ssid_len) ||
5675                     memcmp(network->ssid, match->network->ssid,
5676                            network->ssid_len)) {
5677                         IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5678                                         "because of non-network ESSID.\n",
5679                                         escape_essid(network->ssid,
5680                                                      network->ssid_len),
5681                                         print_mac(mac, network->bssid));
5682                         return 0;
5683                 }
5684         } else {
5685                 /* If an ESSID has been configured then compare the broadcast
5686                  * ESSID to ours */
5687                 if ((priv->config & CFG_STATIC_ESSID) &&
5688                     ((network->ssid_len != priv->essid_len) ||
5689                      memcmp(network->ssid, priv->essid,
5690                             min(network->ssid_len, priv->essid_len)))) {
5691                         char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5692                         strncpy(escaped,
5693                                 escape_essid(network->ssid, network->ssid_len),
5694                                 sizeof(escaped));
5695                         IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5696                                         "because of ESSID mismatch: '%s'.\n",
5697                                         escaped, print_mac(mac, network->bssid),
5698                                         escape_essid(priv->essid,
5699                                                      priv->essid_len));
5700                         return 0;
5701                 }
5702         }
5703
5704         /* If the old network rate is better than this one, don't bother
5705          * testing everything else. */
5706         if (match->network && match->network->stats.rssi > network->stats.rssi) {
5707                 char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5708                 strncpy(escaped,
5709                         escape_essid(network->ssid, network->ssid_len),
5710                         sizeof(escaped));
5711                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded because "
5712                                 "'%s (%s)' has a stronger signal.\n",
5713                                 escaped, print_mac(mac, network->bssid),
5714                                 escape_essid(match->network->ssid,
5715                                              match->network->ssid_len),
5716                                 print_mac(mac, match->network->bssid));
5717                 return 0;
5718         }
5719
5720         /* If this network has already had an association attempt within the
5721          * last 3 seconds, do not try and associate again... */
5722         if (network->last_associate &&
5723             time_after(network->last_associate + (HZ * 3UL), jiffies)) {
5724                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5725                                 "because of storming (%ums since last "
5726                                 "assoc attempt).\n",
5727                                 escape_essid(network->ssid, network->ssid_len),
5728                                 print_mac(mac, network->bssid),
5729                                 jiffies_to_msecs(jiffies -
5730                                                  network->last_associate));
5731                 return 0;
5732         }
5733
5734         /* Now go through and see if the requested network is valid... */
5735         if (priv->ieee->scan_age != 0 &&
5736             time_after(jiffies, network->last_scanned + priv->ieee->scan_age)) {
5737                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5738                                 "because of age: %ums.\n",
5739                                 escape_essid(network->ssid, network->ssid_len),
5740                                 print_mac(mac, network->bssid),
5741                                 jiffies_to_msecs(jiffies -
5742                                                  network->last_scanned));
5743                 return 0;
5744         }
5745
5746         if ((priv->config & CFG_STATIC_CHANNEL) &&
5747             (network->channel != priv->channel)) {
5748                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5749                                 "because of channel mismatch: %d != %d.\n",
5750                                 escape_essid(network->ssid, network->ssid_len),
5751                                 print_mac(mac, network->bssid),
5752                                 network->channel, priv->channel);
5753                 return 0;
5754         }
5755
5756         /* Verify privacy compatability */
5757         if (((priv->capability & CAP_PRIVACY_ON) ? 1 : 0) !=
5758             ((network->capability & WLAN_CAPABILITY_PRIVACY) ? 1 : 0)) {
5759                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5760                                 "because of privacy mismatch: %s != %s.\n",
5761                                 escape_essid(network->ssid, network->ssid_len),
5762                                 print_mac(mac, network->bssid),
5763                                 priv->capability & CAP_PRIVACY_ON ? "on" :
5764                                 "off",
5765                                 network->capability &
5766                                 WLAN_CAPABILITY_PRIVACY ? "on" : "off");
5767                 return 0;
5768         }
5769
5770         if ((priv->config & CFG_STATIC_BSSID) &&
5771             memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
5772                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5773                                 "because of BSSID mismatch: %s.\n",
5774                                 escape_essid(network->ssid, network->ssid_len),
5775                                 print_mac(mac, network->bssid), print_mac(mac, priv->bssid));
5776                 return 0;
5777         }
5778
5779         /* Filter out any incompatible freq / mode combinations */
5780         if (!ieee80211_is_valid_mode(priv->ieee, network->mode)) {
5781                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5782                                 "because of invalid frequency/mode "
5783                                 "combination.\n",
5784                                 escape_essid(network->ssid, network->ssid_len),
5785                                 print_mac(mac, network->bssid));
5786                 return 0;
5787         }
5788
5789         /* Filter out invalid channel in current GEO */
5790         if (!ieee80211_is_valid_channel(priv->ieee, network->channel)) {
5791                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5792                                 "because of invalid channel in current GEO\n",
5793                                 escape_essid(network->ssid, network->ssid_len),
5794                                 print_mac(mac, network->bssid));
5795                 return 0;
5796         }
5797
5798         /* Ensure that the rates supported by the driver are compatible with
5799          * this AP, including verification of basic rates (mandatory) */
5800         if (!ipw_compatible_rates(priv, network, &rates)) {
5801                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5802                                 "because configured rate mask excludes "
5803                                 "AP mandatory rate.\n",
5804                                 escape_essid(network->ssid, network->ssid_len),
5805                                 print_mac(mac, network->bssid));
5806                 return 0;
5807         }
5808
5809         if (rates.num_rates == 0) {
5810                 IPW_DEBUG_ASSOC("Network '%s (%s)' excluded "
5811                                 "because of no compatible rates.\n",
5812                                 escape_essid(network->ssid, network->ssid_len),
5813                                 print_mac(mac, network->bssid));
5814                 return 0;
5815         }
5816
5817         /* TODO: Perform any further minimal comparititive tests.  We do not
5818          * want to put too much policy logic here; intelligent scan selection
5819          * should occur within a generic IEEE 802.11 user space tool.  */
5820
5821         /* Set up 'new' AP to this network */
5822         ipw_copy_rates(&match->rates, &rates);
5823         match->network = network;
5824
5825         IPW_DEBUG_ASSOC("Network '%s (%s)' is a viable match.\n",
5826                         escape_essid(network->ssid, network->ssid_len),
5827                         print_mac(mac, network->bssid));
5828
5829         return 1;
5830 }
5831
5832 static void ipw_adhoc_create(struct ipw_priv *priv,
5833                              struct ieee80211_network *network)
5834 {
5835         const struct ieee80211_geo *geo = ieee80211_get_geo(priv->ieee);
5836         int i;
5837
5838         /*
5839          * For the purposes of scanning, we can set our wireless mode
5840          * to trigger scans across combinations of bands, but when it
5841          * comes to creating a new ad-hoc network, we have tell the FW
5842          * exactly which band to use.
5843          *
5844          * We also have the possibility of an invalid channel for the
5845          * chossen band.  Attempting to create a new ad-hoc network
5846          * with an invalid channel for wireless mode will trigger a
5847          * FW fatal error.
5848          *
5849          */
5850         switch (ieee80211_is_valid_channel(priv->ieee, priv->channel)) {
5851         case IEEE80211_52GHZ_BAND:
5852                 network->mode = IEEE_A;
5853                 i = ieee80211_channel_to_index(priv->ieee, priv->channel);
5854                 BUG_ON(i == -1);
5855                 if (geo->a[i].flags & IEEE80211_CH_PASSIVE_ONLY) {
5856                         IPW_WARNING("Overriding invalid channel\n");
5857                         priv->channel = geo->a[0].channel;
5858                 }
5859                 break;
5860
5861         case IEEE80211_24GHZ_BAND:
5862                 if (priv->ieee->mode & IEEE_G)
5863                         network->mode = IEEE_G;
5864                 else
5865                         network->mode = IEEE_B;
5866                 i = ieee80211_channel_to_index(priv->ieee, priv->channel);
5867                 BUG_ON(i == -1);
5868                 if (geo->bg[i].flags & IEEE80211_CH_PASSIVE_ONLY) {
5869                         IPW_WARNING("Overriding invalid channel\n");
5870                         priv->channel = geo->bg[0].channel;
5871                 }
5872                 break;
5873
5874         default:
5875                 IPW_WARNING("Overriding invalid channel\n");
5876                 if (priv->ieee->mode & IEEE_A) {
5877                         network->mode = IEEE_A;
5878                         priv->channel = geo->a[0].channel;
5879                 } else if (priv->ieee->mode & IEEE_G) {
5880                         network->mode = IEEE_G;
5881                         priv->channel = geo->bg[0].channel;
5882                 } else {
5883                         network->mode = IEEE_B;
5884                         priv->channel = geo->bg[0].channel;
5885                 }
5886                 break;
5887         }
5888
5889         network->channel = priv->channel;
5890         priv->config |= CFG_ADHOC_PERSIST;
5891         ipw_create_bssid(priv, network->bssid);
5892         network->ssid_len = priv->essid_len;
5893         memcpy(network->ssid, priv->essid, priv->essid_len);
5894         memset(&network->stats, 0, sizeof(network->stats));
5895         network->capability = WLAN_CAPABILITY_IBSS;
5896         if (!(priv->config & CFG_PREAMBLE_LONG))
5897                 network->capability |= WLAN_CAPABILITY_SHORT_PREAMBLE;
5898         if (priv->capability & CAP_PRIVACY_ON)
5899                 network->capability |= WLAN_CAPABILITY_PRIVACY;
5900         network->rates_len = min(priv->rates.num_rates, MAX_RATES_LENGTH);
5901         memcpy(network->rates, priv->rates.supported_rates, network->rates_len);
5902         network->rates_ex_len = priv->rates.num_rates - network->rates_len;
5903         memcpy(network->rates_ex,
5904                &priv->rates.supported_rates[network->rates_len],
5905                network->rates_ex_len);
5906         network->last_scanned = 0;
5907         network->flags = 0;
5908         network->last_associate = 0;
5909         network->time_stamp[0] = 0;
5910         network->time_stamp[1] = 0;
5911         network->beacon_interval = 100; /* Default */
5912         network->listen_interval = 10;  /* Default */
5913         network->atim_window = 0;       /* Default */
5914         network->wpa_ie_len = 0;
5915         network->rsn_ie_len = 0;
5916 }
5917
5918 static void ipw_send_tgi_tx_key(struct ipw_priv *priv, int type, int index)
5919 {
5920         struct ipw_tgi_tx_key key;
5921
5922         if (!(priv->ieee->sec.flags & (1 << index)))
5923                 return;
5924
5925         key.key_id = index;
5926         memcpy(key.key, priv->ieee->sec.keys[index], SCM_TEMPORAL_KEY_LENGTH);
5927         key.security_type = type;
5928         key.station_index = 0;  /* always 0 for BSS */
5929         key.flags = 0;
5930         /* 0 for new key; previous value of counter (after fatal error) */
5931         key.tx_counter[0] = cpu_to_le32(0);
5932         key.tx_counter[1] = cpu_to_le32(0);
5933
5934         ipw_send_cmd_pdu(priv, IPW_CMD_TGI_TX_KEY, sizeof(key), &key);
5935 }
5936
5937 static void ipw_send_wep_keys(struct ipw_priv *priv, int type)
5938 {
5939         struct ipw_wep_key key;
5940         int i;
5941
5942         key.cmd_id = DINO_CMD_WEP_KEY;
5943         key.seq_num = 0;
5944
5945         /* Note: AES keys cannot be set for multiple times.
5946          * Only set it at the first time. */
5947         for (i = 0; i < 4; i++) {
5948                 key.key_index = i | type;
5949                 if (!(priv->ieee->sec.flags & (1 << i))) {
5950                         key.key_size = 0;
5951                         continue;
5952                 }
5953
5954                 key.key_size = priv->ieee->sec.key_sizes[i];
5955                 memcpy(key.key, priv->ieee->sec.keys[i], key.key_size);
5956
5957                 ipw_send_cmd_pdu(priv, IPW_CMD_WEP_KEY, sizeof(key), &key);
5958         }
5959 }
5960
5961 static void ipw_set_hw_decrypt_unicast(struct ipw_priv *priv, int level)
5962 {
5963         if (priv->ieee->host_encrypt)
5964                 return;
5965
5966         switch (level) {
5967         case SEC_LEVEL_3:
5968                 priv->sys_config.disable_unicast_decryption = 0;
5969                 priv->ieee->host_decrypt = 0;
5970                 break;
5971         case SEC_LEVEL_2:
5972                 priv->sys_config.disable_unicast_decryption = 1;
5973                 priv->ieee->host_decrypt = 1;
5974                 break;
5975         case SEC_LEVEL_1:
5976                 priv->sys_config.disable_unicast_decryption = 0;
5977                 priv->ieee->host_decrypt = 0;
5978                 break;
5979         case SEC_LEVEL_0:
5980                 priv->sys_config.disable_unicast_decryption = 1;
5981                 break;
5982         default:
5983                 break;
5984         }
5985 }
5986
5987 static void ipw_set_hw_decrypt_multicast(struct ipw_priv *priv, int level)
5988 {
5989         if (priv->ieee->host_encrypt)
5990                 return;
5991
5992         switch (level) {
5993         case SEC_LEVEL_3:
5994                 priv->sys_config.disable_multicast_decryption = 0;
5995                 break;
5996         case SEC_LEVEL_2:
5997                 priv->sys_config.disable_multicast_decryption = 1;
5998                 break;
5999         case SEC_LEVEL_1:
6000                 priv->sys_config.disable_multicast_decryption = 0;
6001                 break;
6002         case SEC_LEVEL_0:
6003                 priv->sys_config.disable_multicast_decryption = 1;
6004                 break;
6005         default:
6006                 break;
6007         }
6008 }
6009
6010 static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)
6011 {
6012         switch (priv->ieee->sec.level) {
6013         case SEC_LEVEL_3:
6014                 if (priv->ieee->sec.flags & SEC_ACTIVE_KEY)
6015                         ipw_send_tgi_tx_key(priv,
6016                                             DCT_FLAG_EXT_SECURITY_CCM,
6017                                             priv->ieee->sec.active_key);
6018
6019                 if (!priv->ieee->host_mc_decrypt)
6020                         ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_CCM);
6021                 break;
6022         case SEC_LEVEL_2:
6023                 if (priv->ieee->sec.flags & SEC_ACTIVE_KEY)
6024                         ipw_send_tgi_tx_key(priv,
6025                                             DCT_FLAG_EXT_SECURITY_TKIP,
6026                                             priv->ieee->sec.active_key);
6027                 break;
6028         case SEC_LEVEL_1:
6029                 ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_WEP);
6030                 ipw_set_hw_decrypt_unicast(priv, priv->ieee->sec.level);
6031                 ipw_set_hw_decrypt_multicast(priv, priv->ieee->sec.level);
6032                 break;
6033         case SEC_LEVEL_0:
6034         default:
6035                 break;
6036         }
6037 }
6038
6039 static void ipw_adhoc_check(void *data)
6040 {
6041         struct ipw_priv *priv = data;
6042
6043         if (priv->missed_adhoc_beacons++ > priv->disassociate_threshold &&
6044             !(priv->config & CFG_ADHOC_PERSIST)) {
6045                 IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
6046                           IPW_DL_STATE | IPW_DL_ASSOC,
6047                           "Missed beacon: %d - disassociate\n",
6048                           priv->missed_adhoc_beacons);
6049                 ipw_remove_current_network(priv);
6050                 ipw_disassociate(priv);
6051                 return;
6052         }
6053
6054         queue_delayed_work(priv->workqueue, &priv->adhoc_check,
6055                            le16_to_cpu(priv->assoc_request.beacon_interval));
6056 }
6057
6058 static void ipw_bg_adhoc_check(struct work_struct *work)
6059 {
6060         struct ipw_priv *priv =
6061                 container_of(work, struct ipw_priv, adhoc_check.work);
6062         mutex_lock(&priv->mutex);
6063         ipw_adhoc_check(priv);
6064         mutex_unlock(&priv->mutex);
6065 }
6066
6067 static void ipw_debug_config(struct ipw_priv *priv)
6068 {
6069         DECLARE_MAC_BUF(mac);
6070         IPW_DEBUG_INFO("Scan completed, no valid APs matched "
6071                        "[CFG 0x%08X]\n", priv->config);
6072         if (priv->config & CFG_STATIC_CHANNEL)
6073                 IPW_DEBUG_INFO("Channel locked to %d\n", priv->channel);
6074         else
6075                 IPW_DEBUG_INFO("Channel unlocked.\n");
6076         if (priv->config & CFG_STATIC_ESSID)
6077                 IPW_DEBUG_INFO("ESSID locked to '%s'\n",
6078                                escape_essid(priv->essid, priv->essid_len));
6079         else
6080                 IPW_DEBUG_INFO("ESSID unlocked.\n");
6081         if (priv->config & CFG_STATIC_BSSID)
6082                 IPW_DEBUG_INFO("BSSID locked to %s\n",
6083                                print_mac(mac, priv->bssid));
6084         else
6085                 IPW_DEBUG_INFO("BSSID unlocked.\n");
6086         if (priv->capability & CAP_PRIVACY_ON)
6087                 IPW_DEBUG_INFO("PRIVACY on\n");
6088         else
6089                 IPW_DEBUG_INFO("PRIVACY off\n");
6090         IPW_DEBUG_INFO("RATE MASK: 0x%08X\n", priv->rates_mask);
6091 }
6092
6093 static void ipw_set_fixed_rate(struct ipw_priv *priv, int mode)
6094 {
6095         /* TODO: Verify that this works... */
6096         struct ipw_fixed_rate fr = {
6097                 .tx_rates = priv->rates_mask
6098         };
6099         u32 reg;
6100         u16 mask = 0;
6101
6102         /* Identify 'current FW band' and match it with the fixed
6103          * Tx rates */
6104
6105         switch (priv->ieee->freq_band) {
6106         case IEEE80211_52GHZ_BAND:      /* A only */
6107                 /* IEEE_A */
6108                 if (priv->rates_mask & ~IEEE80211_OFDM_RATES_MASK) {
6109                         /* Invalid fixed rate mask */
6110                         IPW_DEBUG_WX
6111                             ("invalid fixed rate mask in ipw_set_fixed_rate\n");
6112                         fr.tx_rates = 0;
6113                         break;
6114                 }
6115
6116                 fr.tx_rates >>= IEEE80211_OFDM_SHIFT_MASK_A;
6117                 break;
6118
6119         default:                /* 2.4Ghz or Mixed */
6120                 /* IEEE_B */
6121                 if (mode == IEEE_B) {
6122                         if (fr.tx_rates & ~IEEE80211_CCK_RATES_MASK) {
6123                                 /* Invalid fixed rate mask */
6124                                 IPW_DEBUG_WX
6125                                     ("invalid fixed rate mask in ipw_set_fixed_rate\n");
6126                                 fr.tx_rates = 0;
6127                         }
6128                         break;
6129                 }
6130
6131                 /* IEEE_G */
6132                 if (fr.tx_rates & ~(IEEE80211_CCK_RATES_MASK |
6133                                     IEEE80211_OFDM_RATES_MASK)) {
6134                         /* Invalid fixed rate mask */
6135                         IPW_DEBUG_WX
6136                             ("invalid fixed rate mask in ipw_set_fixed_rate\n");
6137                         fr.tx_rates = 0;
6138                         break;
6139                 }
6140
6141                 if (IEEE80211_OFDM_RATE_6MB_MASK & fr.tx_rates) {
6142                         mask |= (IEEE80211_OFDM_RATE_6MB_MASK >> 1);
6143                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_6MB_MASK;
6144                 }
6145
6146                 if (IEEE80211_OFDM_RATE_9MB_MASK & fr.tx_rates) {
6147                         mask |= (IEEE80211_OFDM_RATE_9MB_MASK >> 1);
6148                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_9MB_MASK;
6149                 }
6150
6151                 if (IEEE80211_OFDM_RATE_12MB_MASK & fr.tx_rates) {
6152                         mask |= (IEEE80211_OFDM_RATE_12MB_MASK >> 1);
6153                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_12MB_MASK;
6154                 }
6155
6156                 fr.tx_rates |= mask;
6157                 break;
6158         }
6159
6160         reg = ipw_read32(priv, IPW_MEM_FIXED_OVERRIDE);
6161         ipw_write_reg32(priv, reg, *(u32 *) & fr);
6162 }
6163
6164 static void ipw_abort_scan(struct ipw_priv *priv)
6165 {
6166         int err;
6167
6168         if (priv->status & STATUS_SCAN_ABORTING) {
6169                 IPW_DEBUG_HC("Ignoring concurrent scan abort request.\n");
6170                 return;
6171         }
6172         priv->status |= STATUS_SCAN_ABORTING;
6173
6174         err = ipw_send_scan_abort(priv);
6175         if (err)
6176                 IPW_DEBUG_HC("Request to abort scan failed.\n");
6177 }
6178
6179 static void ipw_add_scan_channels(struct ipw_priv *priv,
6180                                   struct ipw_scan_request_ext *scan,
6181                                   int scan_type)
6182 {
6183         int channel_index = 0;
6184         const struct ieee80211_geo *geo;
6185         int i;
6186
6187         geo = ieee80211_get_geo(priv->ieee);
6188
6189         if (priv->ieee->freq_band & IEEE80211_52GHZ_BAND) {
6190                 int start = channel_index;
6191                 for (i = 0; i < geo->a_channels; i++) {
6192                         if ((priv->status & STATUS_ASSOCIATED) &&
6193                             geo->a[i].channel == priv->channel)
6194                                 continue;
6195                         channel_index++;
6196                         scan->channels_list[channel_index] = geo->a[i].channel;
6197                         ipw_set_scan_type(scan, channel_index,
6198                                           geo->a[i].
6199                                           flags & IEEE80211_CH_PASSIVE_ONLY ?
6200                                           IPW_SCAN_PASSIVE_FULL_DWELL_SCAN :
6201                                           scan_type);
6202                 }
6203
6204                 if (start != channel_index) {
6205                         scan->channels_list[start] = (u8) (IPW_A_MODE << 6) |
6206                             (channel_index - start);
6207                         channel_index++;
6208                 }
6209         }
6210
6211         if (priv->ieee->freq_band & IEEE80211_24GHZ_BAND) {
6212                 int start = channel_index;
6213                 if (priv->config & CFG_SPEED_SCAN) {
6214                         int index;
6215                         u8 channels[IEEE80211_24GHZ_CHANNELS] = {
6216                                 /* nop out the list */
6217                                 [0] = 0
6218                         };
6219
6220                         u8 channel;
6221                         while (channel_index < IPW_SCAN_CHANNELS) {
6222                                 channel =
6223                                     priv->speed_scan[priv->speed_scan_pos];
6224                                 if (channel == 0) {
6225                                         priv->speed_scan_pos = 0;
6226                                         channel = priv->speed_scan[0];
6227                                 }
6228                                 if ((priv->status & STATUS_ASSOCIATED) &&
6229                                     channel == priv->channel) {
6230                                         priv->speed_scan_pos++;
6231                                         continue;
6232                                 }
6233
6234                                 /* If this channel has already been
6235                                  * added in scan, break from loop
6236                                  * and this will be the first channel
6237                                  * in the next scan.
6238                                  */
6239                                 if (channels[channel - 1] != 0)
6240                                         break;
6241
6242                                 channels[channel - 1] = 1;
6243                                 priv->speed_scan_pos++;
6244                                 channel_index++;
6245                                 scan->channels_list[channel_index] = channel;
6246                                 index =
6247                                     ieee80211_channel_to_index(priv->ieee, channel);
6248                                 ipw_set_scan_type(scan, channel_index,
6249                                                   geo->bg[index].
6250                                                   flags &
6251                                                   IEEE80211_CH_PASSIVE_ONLY ?
6252                                                   IPW_SCAN_PASSIVE_FULL_DWELL_SCAN
6253                                                   : scan_type);
6254                         }
6255                 } else {
6256                         for (i = 0; i < geo->bg_channels; i++) {
6257                                 if ((priv->status & STATUS_ASSOCIATED) &&
6258                                     geo->bg[i].channel == priv->channel)
6259                                         continue;
6260                                 channel_index++;
6261                                 scan->channels_list[channel_index] =
6262                                     geo->bg[i].channel;
6263                                 ipw_set_scan_type(scan, channel_index,
6264                                                   geo->bg[i].
6265                                                   flags &
6266                                                   IEEE80211_CH_PASSIVE_ONLY ?
6267                                                   IPW_SCAN_PASSIVE_FULL_DWELL_SCAN
6268                                                   : scan_type);
6269                         }
6270                 }
6271
6272                 if (start != channel_index) {
6273                         scan->channels_list[start] = (u8) (IPW_B_MODE << 6) |
6274                             (channel_index - start);
6275                 }
6276         }
6277 }
6278
6279 static int ipw_request_scan_helper(struct ipw_priv *priv, int type, int direct)
6280 {
6281         struct ipw_scan_request_ext scan;
6282         int err = 0, scan_type;
6283
6284         if (!(priv->status & STATUS_INIT) ||
6285             (priv->status & STATUS_EXIT_PENDING))
6286                 return 0;
6287
6288         mutex_lock(&priv->mutex);
6289
6290         if (direct && (priv->direct_scan_ssid_len == 0)) {
6291                 IPW_DEBUG_HC("Direct scan requested but no SSID to scan for\n");
6292                 priv->status &= ~STATUS_DIRECT_SCAN_PENDING;
6293                 goto done;
6294         }
6295
6296         if (priv->status & STATUS_SCANNING) {
6297                 IPW_DEBUG_HC("Concurrent scan requested.  Queuing.\n");
6298                 priv->status |= direct ? STATUS_DIRECT_SCAN_PENDING :
6299                                         STATUS_SCAN_PENDING;
6300                 goto done;
6301         }
6302
6303         if (!(priv->status & STATUS_SCAN_FORCED) &&
6304             priv->status & STATUS_SCAN_ABORTING) {
6305                 IPW_DEBUG_HC("Scan request while abort pending.  Queuing.\n");
6306                 priv->status |= direct ? STATUS_DIRECT_SCAN_PENDING :
6307                                         STATUS_SCAN_PENDING;
6308                 goto done;
6309         }
6310
6311         if (priv->status & STATUS_RF_KILL_MASK) {
6312                 IPW_DEBUG_HC("Queuing scan due to RF Kill activation\n");
6313                 priv->status |= direct ? STATUS_DIRECT_SCAN_PENDING :
6314                                         STATUS_SCAN_PENDING;
6315                 goto done;
6316         }
6317
6318         memset(&scan, 0, sizeof(scan));
6319         scan.full_scan_index = cpu_to_le32(ieee80211_get_scans(priv->ieee));
6320
6321         if (type == IW_SCAN_TYPE_PASSIVE) {
6322                 IPW_DEBUG_WX("use passive scanning\n");
6323                 scan_type = IPW_SCAN_PASSIVE_FULL_DWELL_SCAN;
6324                 scan.dwell_time[IPW_SCAN_PASSIVE_FULL_DWELL_SCAN] =
6325                         cpu_to_le16(120);
6326                 ipw_add_scan_channels(priv, &scan, scan_type);
6327                 goto send_request;
6328         }
6329
6330         /* Use active scan by default. */
6331         if (priv->config & CFG_SPEED_SCAN)
6332                 scan.dwell_time[IPW_SCAN_ACTIVE_BROADCAST_SCAN] =
6333                         cpu_to_le16(30);
6334         else
6335                 scan.dwell_time[IPW_SCAN_ACTIVE_BROADCAST_SCAN] =
6336                         cpu_to_le16(20);
6337
6338         scan.dwell_time[IPW_SCAN_ACTIVE_BROADCAST_AND_DIRECT_SCAN] =
6339                 cpu_to_le16(20);
6340
6341         scan.dwell_time[IPW_SCAN_PASSIVE_FULL_DWELL_SCAN] = cpu_to_le16(120);
6342         scan.dwell_time[IPW_SCAN_ACTIVE_DIRECT_SCAN] = cpu_to_le16(20);
6343
6344 #ifdef CONFIG_IPW2200_MONITOR
6345         if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
6346                 u8 channel;
6347                 u8 band = 0;
6348
6349                 switch (ieee80211_is_valid_channel(priv->ieee, priv->channel)) {
6350                 case IEEE80211_52GHZ_BAND:
6351                         band = (u8) (IPW_A_MODE << 6) | 1;
6352                         channel = priv->channel;
6353                         break;
6354
6355                 case IEEE80211_24GHZ_BAND:
6356                         band = (u8) (IPW_B_MODE << 6) | 1;
6357                         channel = priv->channel;
6358                         break;
6359
6360                 default:
6361                         band = (u8) (IPW_B_MODE << 6) | 1;
6362                         channel = 9;
6363                         break;
6364                 }
6365
6366                 scan.channels_list[0] = band;
6367                 scan.channels_list[1] = channel;
6368                 ipw_set_scan_type(&scan, 1, IPW_SCAN_PASSIVE_FULL_DWELL_SCAN);
6369
6370                 /* NOTE:  The card will sit on this channel for this time
6371                  * period.  Scan aborts are timing sensitive and frequently
6372                  * result in firmware restarts.  As such, it is best to
6373                  * set a small dwell_time here and just keep re-issuing
6374                  * scans.  Otherwise fast channel hopping will not actually
6375                  * hop channels.
6376                  *
6377                  * TODO: Move SPEED SCAN support to all modes and bands */
6378                 scan.dwell_time[IPW_SCAN_PASSIVE_FULL_DWELL_SCAN] =
6379                         cpu_to_le16(2000);
6380         } else {
6381 #endif                          /* CONFIG_IPW2200_MONITOR */
6382                 /* Honor direct scans first, otherwise if we are roaming make
6383                  * this a direct scan for the current network.  Finally,
6384                  * ensure that every other scan is a fast channel hop scan */
6385                 if (direct) {
6386                         err = ipw_send_ssid(priv, priv->direct_scan_ssid,
6387                                             priv->direct_scan_ssid_len);
6388                         if (err) {
6389                                 IPW_DEBUG_HC("Attempt to send SSID command  "
6390                                              "failed\n");
6391                                 goto done;
6392                         }
6393
6394                         scan_type = IPW_SCAN_ACTIVE_BROADCAST_AND_DIRECT_SCAN;
6395                 } else if ((priv->status & STATUS_ROAMING)
6396                            || (!(priv->status & STATUS_ASSOCIATED)
6397                                && (priv->config & CFG_STATIC_ESSID)
6398                                && (le32_to_cpu(scan.full_scan_index) % 2))) {
6399                         err = ipw_send_ssid(priv, priv->essid, priv->essid_len);
6400                         if (err) {
6401                                 IPW_DEBUG_HC("Attempt to send SSID command "
6402                                              "failed.\n");
6403                                 goto done;
6404                         }
6405
6406                         scan_type = IPW_SCAN_ACTIVE_BROADCAST_AND_DIRECT_SCAN;
6407                 } else
6408                         scan_type = IPW_SCAN_ACTIVE_BROADCAST_SCAN;
6409
6410                 ipw_add_scan_channels(priv, &scan, scan_type);
6411 #ifdef CONFIG_IPW2200_MONITOR
6412         }
6413 #endif
6414
6415 send_request:
6416         err = ipw_send_scan_request_ext(priv, &scan);
6417         if (err) {
6418                 IPW_DEBUG_HC("Sending scan command failed: %08X\n", err);
6419                 goto done;
6420         }
6421
6422         priv->status |= STATUS_SCANNING;
6423         if (direct) {
6424                 priv->status &= ~STATUS_DIRECT_SCAN_PENDING;
6425                 priv->direct_scan_ssid_len = 0;
6426         } else
6427                 priv->status &= ~STATUS_SCAN_PENDING;
6428
6429         queue_delayed_work(priv->workqueue, &priv->scan_check,
6430                            IPW_SCAN_CHECK_WATCHDOG);
6431 done:
6432         mutex_unlock(&priv->mutex);
6433         return err;
6434 }
6435
6436 static void ipw_request_passive_scan(struct work_struct *work)
6437 {
6438         struct ipw_priv *priv =
6439                 container_of(work, struct ipw_priv, request_passive_scan.work);
6440         ipw_request_scan_helper(priv, IW_SCAN_TYPE_PASSIVE, 0);
6441 }
6442
6443 static void ipw_request_scan(struct work_struct *work)
6444 {
6445         struct ipw_priv *priv =
6446                 container_of(work, struct ipw_priv, request_scan.work);
6447         ipw_request_scan_helper(priv, IW_SCAN_TYPE_ACTIVE, 0);
6448 }
6449
6450 static void ipw_request_direct_scan(struct work_struct *work)
6451 {
6452         struct ipw_priv *priv =
6453                 container_of(work, struct ipw_priv, request_direct_scan.work);
6454         ipw_request_scan_helper(priv, IW_SCAN_TYPE_ACTIVE, 1);
6455 }
6456
6457 static void ipw_bg_abort_scan(struct work_struct *work)
6458 {
6459         struct ipw_priv *priv =
6460                 container_of(work, struct ipw_priv, abort_scan);
6461         mutex_lock(&priv->mutex);
6462         ipw_abort_scan(priv);
6463         mutex_unlock(&priv->mutex);
6464 }
6465
6466 static int ipw_wpa_enable(struct ipw_priv *priv, int value)
6467 {
6468         /* This is called when wpa_supplicant loads and closes the driver
6469          * interface. */
6470         priv->ieee->wpa_enabled = value;
6471         return 0;
6472 }
6473
6474 static int ipw_wpa_set_auth_algs(struct ipw_priv *priv, int value)
6475 {
6476         struct ieee80211_device *ieee = priv->ieee;
6477         struct ieee80211_security sec = {
6478                 .flags = SEC_AUTH_MODE,
6479         };
6480         int ret = 0;
6481
6482         if (value & IW_AUTH_ALG_SHARED_KEY) {
6483                 sec.auth_mode = WLAN_AUTH_SHARED_KEY;
6484                 ieee->open_wep = 0;
6485         } else if (value & IW_AUTH_ALG_OPEN_SYSTEM) {
6486                 sec.auth_mode = WLAN_AUTH_OPEN;
6487                 ieee->open_wep = 1;
6488         } else if (value & IW_AUTH_ALG_LEAP) {
6489                 sec.auth_mode = WLAN_AUTH_LEAP;
6490                 ieee->open_wep = 1;
6491         } else
6492                 return -EINVAL;
6493
6494         if (ieee->set_security)
6495                 ieee->set_security(ieee->dev, &sec);
6496         else
6497                 ret = -EOPNOTSUPP;
6498
6499         return ret;
6500 }
6501
6502 static void ipw_wpa_assoc_frame(struct ipw_priv *priv, char *wpa_ie,
6503                                 int wpa_ie_len)
6504 {
6505         /* make sure WPA is enabled */
6506         ipw_wpa_enable(priv, 1);
6507 }
6508
6509 static int ipw_set_rsn_capa(struct ipw_priv *priv,
6510                             char *capabilities, int length)
6511 {
6512         IPW_DEBUG_HC("HOST_CMD_RSN_CAPABILITIES\n");
6513
6514         return ipw_send_cmd_pdu(priv, IPW_CMD_RSN_CAPABILITIES, length,
6515                                 capabilities);
6516 }
6517
6518 /*
6519  * WE-18 support
6520  */
6521
6522 /* SIOCSIWGENIE */
6523 static int ipw_wx_set_genie(struct net_device *dev,
6524                             struct iw_request_info *info,
6525                             union iwreq_data *wrqu, char *extra)
6526 {
6527         struct ipw_priv *priv = ieee80211_priv(dev);
6528         struct ieee80211_device *ieee = priv->ieee;
6529         u8 *buf;
6530         int err = 0;
6531
6532         if (wrqu->data.length > MAX_WPA_IE_LEN ||
6533             (wrqu->data.length && extra == NULL))
6534                 return -EINVAL;
6535
6536         if (wrqu->data.length) {
6537                 buf = kmalloc(wrqu->data.length, GFP_KERNEL);
6538                 if (buf == NULL) {
6539                         err = -ENOMEM;
6540                         goto out;
6541                 }
6542
6543                 memcpy(buf, extra, wrqu->data.length);
6544                 kfree(ieee->wpa_ie);
6545                 ieee->wpa_ie = buf;
6546                 ieee->wpa_ie_len = wrqu->data.length;
6547         } else {
6548                 kfree(ieee->wpa_ie);
6549                 ieee->wpa_ie = NULL;
6550                 ieee->wpa_ie_len = 0;
6551         }
6552
6553         ipw_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
6554       out:
6555         return err;
6556 }
6557
6558 /* SIOCGIWGENIE */
6559 static int ipw_wx_get_genie(struct net_device *dev,
6560                             struct iw_request_info *info,
6561                             union iwreq_data *wrqu, char *extra)
6562 {
6563         struct ipw_priv *priv = ieee80211_priv(dev);
6564         struct ieee80211_device *ieee = priv->ieee;
6565         int err = 0;
6566
6567         if (ieee->wpa_ie_len == 0 || ieee->wpa_ie == NULL) {
6568                 wrqu->data.length = 0;
6569                 goto out;
6570         }
6571
6572         if (wrqu->data.length < ieee->wpa_ie_len) {
6573                 err = -E2BIG;
6574                 goto out;
6575         }
6576
6577         wrqu->data.length = ieee->wpa_ie_len;
6578         memcpy(extra, ieee->wpa_ie, ieee->wpa_ie_len);
6579
6580       out:
6581         return err;
6582 }
6583
6584 static int wext_cipher2level(int cipher)
6585 {
6586         switch (cipher) {
6587         case IW_AUTH_CIPHER_NONE:
6588                 return SEC_LEVEL_0;
6589         case IW_AUTH_CIPHER_WEP40:
6590         case IW_AUTH_CIPHER_WEP104:
6591                 return SEC_LEVEL_1;
6592         case IW_AUTH_CIPHER_TKIP:
6593                 return SEC_LEVEL_2;
6594         case IW_AUTH_CIPHER_CCMP:
6595                 return SEC_LEVEL_3;
6596         default:
6597                 return -1;
6598         }
6599 }
6600
6601 /* SIOCSIWAUTH */
6602 static int ipw_wx_set_auth(struct net_device *dev,
6603                            struct iw_request_info *info,
6604                            union iwreq_data *wrqu, char *extra)
6605 {
6606         struct ipw_priv *priv = ieee80211_priv(dev);
6607         struct ieee80211_device *ieee = priv->ieee;
6608         struct iw_param *param = &wrqu->param;
6609         struct ieee80211_crypt_data *crypt;
6610         unsigned long flags;
6611         int ret = 0;
6612
6613         switch (param->flags & IW_AUTH_INDEX) {
6614         case IW_AUTH_WPA_VERSION:
6615                 break;
6616         case IW_AUTH_CIPHER_PAIRWISE:
6617                 ipw_set_hw_decrypt_unicast(priv,
6618                                            wext_cipher2level(param->value));
6619                 break;
6620         case IW_AUTH_CIPHER_GROUP:
6621                 ipw_set_hw_decrypt_multicast(priv,
6622                                              wext_cipher2level(param->value));
6623                 break;
6624         case IW_AUTH_KEY_MGMT:
6625                 /*
6626                  * ipw2200 does not use these parameters
6627                  */
6628                 break;
6629
6630         case IW_AUTH_TKIP_COUNTERMEASURES:
6631                 crypt = priv->ieee->crypt[priv->ieee->tx_keyidx];
6632                 if (!crypt || !crypt->ops->set_flags || !crypt->ops->get_flags)
6633                         break;
6634
6635                 flags = crypt->ops->get_flags(crypt->priv);
6636
6637                 if (param->value)
6638                         flags |= IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
6639                 else
6640                         flags &= ~IEEE80211_CRYPTO_TKIP_COUNTERMEASURES;
6641
6642                 crypt->ops->set_flags(flags, crypt->priv);
6643
6644                 break;
6645
6646         case IW_AUTH_DROP_UNENCRYPTED:{
6647                         /* HACK:
6648                          *
6649                          * wpa_supplicant calls set_wpa_enabled when the driver
6650                          * is loaded and unloaded, regardless of if WPA is being
6651                          * used.  No other calls are made which can be used to
6652                          * determine if encryption will be used or not prior to
6653                          * association being expected.  If encryption is not being
6654                          * used, drop_unencrypted is set to false, else true -- we
6655                          * can use this to determine if the CAP_PRIVACY_ON bit should
6656                          * be set.
6657                          */
6658                         struct ieee80211_security sec = {
6659                                 .flags = SEC_ENABLED,
6660                                 .enabled = param->value,
6661                         };
6662                         priv->ieee->drop_unencrypted = param->value;
6663                         /* We only change SEC_LEVEL for open mode. Others
6664                          * are set by ipw_wpa_set_encryption.
6665                          */
6666                         if (!param->value) {
6667                                 sec.flags |= SEC_LEVEL;
6668                                 sec.level = SEC_LEVEL_0;
6669                         } else {
6670                                 sec.flags |= SEC_LEVEL;
6671                                 sec.level = SEC_LEVEL_1;
6672                         }
6673                         if (priv->ieee->set_security)
6674                                 priv->ieee->set_security(priv->ieee->dev, &sec);
6675                         break;
6676                 }
6677
6678         case IW_AUTH_80211_AUTH_ALG:
6679                 ret = ipw_wpa_set_auth_algs(priv, param->value);
6680                 break;
6681
6682         case IW_AUTH_WPA_ENABLED:
6683                 ret = ipw_wpa_enable(priv, param->value);
6684                 ipw_disassociate(priv);
6685                 break;
6686
6687         case IW_AUTH_RX_UNENCRYPTED_EAPOL:
6688                 ieee->ieee802_1x = param->value;
6689                 break;
6690
6691         case IW_AUTH_PRIVACY_INVOKED:
6692                 ieee->privacy_invoked = param->value;
6693                 break;
6694
6695         default:
6696                 return -EOPNOTSUPP;
6697         }
6698         return ret;
6699 }
6700
6701 /* SIOCGIWAUTH */
6702 static int ipw_wx_get_auth(struct net_device *dev,
6703                            struct iw_request_info *info,
6704                            union iwreq_data *wrqu, char *extra)
6705 {
6706         struct ipw_priv *priv = ieee80211_priv(dev);
6707         struct ieee80211_device *ieee = priv->ieee;
6708         struct ieee80211_crypt_data *crypt;
6709         struct iw_param *param = &wrqu->param;
6710         int ret = 0;
6711
6712         switch (param->flags & IW_AUTH_INDEX) {
6713         case IW_AUTH_WPA_VERSION:
6714         case IW_AUTH_CIPHER_PAIRWISE:
6715         case IW_AUTH_CIPHER_GROUP:
6716         case IW_AUTH_KEY_MGMT:
6717                 /*
6718                  * wpa_supplicant will control these internally
6719                  */
6720                 ret = -EOPNOTSUPP;
6721                 break;
6722
6723         case IW_AUTH_TKIP_COUNTERMEASURES:
6724                 crypt = priv->ieee->crypt[priv->ieee->tx_keyidx];
6725                 if (!crypt || !crypt->ops->get_flags)
6726                         break;
6727
6728                 param->value = (crypt->ops->get_flags(crypt->priv) &
6729                                 IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) ? 1 : 0;
6730
6731                 break;
6732
6733         case IW_AUTH_DROP_UNENCRYPTED:
6734                 param->value = ieee->drop_unencrypted;
6735                 break;
6736
6737         case IW_AUTH_80211_AUTH_ALG:
6738                 param->value = ieee->sec.auth_mode;
6739                 break;
6740
6741         case IW_AUTH_WPA_ENABLED:
6742                 param->value = ieee->wpa_enabled;
6743                 break;
6744
6745         case IW_AUTH_RX_UNENCRYPTED_EAPOL:
6746                 param->value = ieee->ieee802_1x;
6747                 break;
6748
6749         case IW_AUTH_ROAMING_CONTROL:
6750         case IW_AUTH_PRIVACY_INVOKED:
6751                 param->value = ieee->privacy_invoked;
6752                 break;
6753
6754         default:
6755                 return -EOPNOTSUPP;
6756         }
6757         return 0;
6758 }
6759
6760 /* SIOCSIWENCODEEXT */
6761 static int ipw_wx_set_encodeext(struct net_device *dev,
6762                                 struct iw_request_info *info,
6763                                 union iwreq_data *wrqu, char *extra)
6764 {
6765         struct ipw_priv *priv = ieee80211_priv(dev);
6766         struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
6767
6768         if (hwcrypto) {
6769                 if (ext->alg == IW_ENCODE_ALG_TKIP) {
6770                         /* IPW HW can't build TKIP MIC,
6771                            host decryption still needed */
6772                         if (ext->ext_flags & IW_ENCODE_EXT_GROUP_KEY)
6773                                 priv->ieee->host_mc_decrypt = 1;
6774                         else {
6775                                 priv->ieee->host_encrypt = 0;
6776                                 priv->ieee->host_encrypt_msdu = 1;
6777                                 priv->ieee->host_decrypt = 1;
6778                         }
6779                 } else {
6780                         priv->ieee->host_encrypt = 0;
6781                         priv->ieee->host_encrypt_msdu = 0;
6782                         priv->ieee->host_decrypt = 0;
6783                         priv->ieee->host_mc_decrypt = 0;
6784                 }
6785         }
6786
6787         return ieee80211_wx_set_encodeext(priv->ieee, info, wrqu, extra);
6788 }
6789
6790 /* SIOCGIWENCODEEXT */
6791 static int ipw_wx_get_encodeext(struct net_device *dev,
6792                                 struct iw_request_info *info,
6793                                 union iwreq_data *wrqu, char *extra)
6794 {
6795         struct ipw_priv *priv = ieee80211_priv(dev);
6796         return ieee80211_wx_get_encodeext(priv->ieee, info, wrqu, extra);
6797 }
6798
6799 /* SIOCSIWMLME */
6800 static int ipw_wx_set_mlme(struct net_device *dev,
6801                            struct iw_request_info *info,
6802                            union iwreq_data *wrqu, char *extra)
6803 {
6804         struct ipw_priv *priv = ieee80211_priv(dev);
6805         struct iw_mlme *mlme = (struct iw_mlme *)extra;
6806         __le16 reason;
6807
6808         reason = cpu_to_le16(mlme->reason_code);
6809
6810         switch (mlme->cmd) {
6811         case IW_MLME_DEAUTH:
6812                 /* silently ignore */
6813                 break;
6814
6815         case IW_MLME_DISASSOC:
6816                 ipw_disassociate(priv);
6817                 break;
6818
6819         default:
6820                 return -EOPNOTSUPP;
6821         }
6822         return 0;
6823 }
6824
6825 #ifdef CONFIG_IPW2200_QOS
6826
6827 /* QoS */
6828 /*
6829 * get the modulation type of the current network or
6830 * the card current mode
6831 */
6832 static u8 ipw_qos_current_mode(struct ipw_priv * priv)
6833 {
6834         u8 mode = 0;
6835
6836         if (priv->status & STATUS_ASSOCIATED) {
6837                 unsigned long flags;
6838
6839                 spin_lock_irqsave(&priv->ieee->lock, flags);
6840                 mode = priv->assoc_network->mode;
6841                 spin_unlock_irqrestore(&priv->ieee->lock, flags);
6842         } else {
6843                 mode = priv->ieee->mode;
6844         }
6845         IPW_DEBUG_QOS("QoS network/card mode %d \n", mode);
6846         return mode;
6847 }
6848
6849 /*
6850 * Handle management frame beacon and probe response
6851 */
6852 static int ipw_qos_handle_probe_response(struct ipw_priv *priv,
6853                                          int active_network,
6854                                          struct ieee80211_network *network)
6855 {
6856         u32 size = sizeof(struct ieee80211_qos_parameters);
6857
6858         if (network->capability & WLAN_CAPABILITY_IBSS)
6859                 network->qos_data.active = network->qos_data.supported;
6860
6861         if (network->flags & NETWORK_HAS_QOS_MASK) {
6862                 if (active_network &&
6863                     (network->flags & NETWORK_HAS_QOS_PARAMETERS))
6864                         network->qos_data.active = network->qos_data.supported;
6865
6866                 if ((network->qos_data.active == 1) && (active_network == 1) &&
6867                     (network->flags & NETWORK_HAS_QOS_PARAMETERS) &&
6868                     (network->qos_data.old_param_count !=
6869                      network->qos_data.param_count)) {
6870                         network->qos_data.old_param_count =
6871                             network->qos_data.param_count;
6872                         schedule_work(&priv->qos_activate);
6873                         IPW_DEBUG_QOS("QoS parameters change call "
6874                                       "qos_activate\n");
6875                 }
6876         } else {
6877                 if ((priv->ieee->mode == IEEE_B) || (network->mode == IEEE_B))
6878                         memcpy(&network->qos_data.parameters,
6879                                &def_parameters_CCK, size);
6880                 else
6881                         memcpy(&network->qos_data.parameters,
6882                                &def_parameters_OFDM, size);
6883
6884                 if ((network->qos_data.active == 1) && (active_network == 1)) {
6885                         IPW_DEBUG_QOS("QoS was disabled call qos_activate \n");
6886                         schedule_work(&priv->qos_activate);
6887                 }
6888
6889                 network->qos_data.active = 0;
6890                 network->qos_data.supported = 0;
6891         }
6892         if ((priv->status & STATUS_ASSOCIATED) &&
6893             (priv->ieee->iw_mode == IW_MODE_ADHOC) && (active_network == 0)) {
6894                 if (memcmp(network->bssid, priv->bssid, ETH_ALEN))
6895                         if ((network->capability & WLAN_CAPABILITY_IBSS) &&
6896                             !(network->flags & NETWORK_EMPTY_ESSID))
6897                                 if ((network->ssid_len ==
6898                                      priv->assoc_network->ssid_len) &&
6899                                     !memcmp(network->ssid,
6900                                             priv->assoc_network->ssid,
6901                                             network->ssid_len)) {
6902                                         queue_work(priv->workqueue,
6903                                                    &priv->merge_networks);
6904                                 }
6905         }
6906
6907         return 0;
6908 }
6909
6910 /*
6911 * This function set up the firmware to support QoS. It sends
6912 * IPW_CMD_QOS_PARAMETERS and IPW_CMD_WME_INFO
6913 */
6914 static int ipw_qos_activate(struct ipw_priv *priv,
6915                             struct ieee80211_qos_data *qos_network_data)
6916 {
6917         int err;
6918         struct ieee80211_qos_parameters qos_parameters[QOS_QOS_SETS];
6919         struct ieee80211_qos_parameters *active_one = NULL;
6920         u32 size = sizeof(struct ieee80211_qos_parameters);
6921         u32 burst_duration;
6922         int i;
6923         u8 type;
6924
6925         type = ipw_qos_current_mode(priv);
6926
6927         active_one = &(qos_parameters[QOS_PARAM_SET_DEF_CCK]);
6928         memcpy(active_one, priv->qos_data.def_qos_parm_CCK, size);
6929         active_one = &(qos_parameters[QOS_PARAM_SET_DEF_OFDM]);
6930         memcpy(active_one, priv->qos_data.def_qos_parm_OFDM, size);
6931
6932         if (qos_network_data == NULL) {
6933                 if (type == IEEE_B) {
6934                         IPW_DEBUG_QOS("QoS activate network mode %d\n", type);
6935                         active_one = &def_parameters_CCK;
6936                 } else
6937                         active_one = &def_parameters_OFDM;
6938
6939                 memcpy(&qos_parameters[QOS_PARAM_SET_ACTIVE], active_one, size);
6940                 burst_duration = ipw_qos_get_burst_duration(priv);
6941                 for (i = 0; i < QOS_QUEUE_NUM; i++)
6942                         qos_parameters[QOS_PARAM_SET_ACTIVE].tx_op_limit[i] =
6943                             cpu_to_le16(burst_duration);
6944         } else if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
6945                 if (type == IEEE_B) {
6946                         IPW_DEBUG_QOS("QoS activate IBSS nework mode %d\n",
6947                                       type);
6948                         if (priv->qos_data.qos_enable == 0)
6949                                 active_one = &def_parameters_CCK;
6950                         else
6951                                 active_one = priv->qos_data.def_qos_parm_CCK;
6952                 } else {
6953                         if (priv->qos_data.qos_enable == 0)
6954                                 active_one = &def_parameters_OFDM;
6955                         else
6956                                 active_one = priv->qos_data.def_qos_parm_OFDM;
6957                 }
6958                 memcpy(&qos_parameters[QOS_PARAM_SET_ACTIVE], active_one, size);
6959         } else {
6960                 unsigned long flags;
6961                 int active;
6962
6963                 spin_lock_irqsave(&priv->ieee->lock, flags);
6964                 active_one = &(qos_network_data->parameters);
6965                 qos_network_data->old_param_count =
6966                     qos_network_data->param_count;
6967                 memcpy(&qos_parameters[QOS_PARAM_SET_ACTIVE], active_one, size);
6968                 active = qos_network_data->supported;
6969                 spin_unlock_irqrestore(&priv->ieee->lock, flags);
6970
6971                 if (active == 0) {
6972                         burst_duration = ipw_qos_get_burst_duration(priv);
6973                         for (i = 0; i < QOS_QUEUE_NUM; i++)
6974                                 qos_parameters[QOS_PARAM_SET_ACTIVE].
6975                                     tx_op_limit[i] = cpu_to_le16(burst_duration);
6976                 }
6977         }
6978
6979         IPW_DEBUG_QOS("QoS sending IPW_CMD_QOS_PARAMETERS\n");
6980         err = ipw_send_qos_params_command(priv,
6981                                           (struct ieee80211_qos_parameters *)
6982                                           &(qos_parameters[0]));
6983         if (err)
6984                 IPW_DEBUG_QOS("QoS IPW_CMD_QOS_PARAMETERS failed\n");
6985
6986         return err;
6987 }
6988
6989 /*
6990 * send IPW_CMD_WME_INFO to the firmware
6991 */
6992 static int ipw_qos_set_info_element(struct ipw_priv *priv)
6993 {
6994         int ret = 0;
6995         struct ieee80211_qos_information_element qos_info;
6996
6997         if (priv == NULL)
6998                 return -1;
6999
7000         qos_info.elementID = QOS_ELEMENT_ID;
7001         qos_info.length = sizeof(struct ieee80211_qos_information_element) - 2;
7002
7003         qos_info.version = QOS_VERSION_1;
7004         qos_info.ac_info = 0;
7005
7006         memcpy(qos_info.qui, qos_oui, QOS_OUI_LEN);
7007         qos_info.qui_type = QOS_OUI_TYPE;
7008         qos_info.qui_subtype = QOS_OUI_INFO_SUB_TYPE;
7009
7010         ret = ipw_send_qos_info_command(priv, &qos_info);
7011         if (ret != 0) {
7012                 IPW_DEBUG_QOS("QoS error calling ipw_send_qos_info_command\n");
7013         }
7014         return ret;
7015 }
7016
7017 /*
7018 * Set the QoS parameter with the association request structure
7019 */
7020 static int ipw_qos_association(struct ipw_priv *priv,
7021                                struct ieee80211_network *network)
7022 {
7023         int err = 0;
7024         struct ieee80211_qos_data *qos_data = NULL;
7025         struct ieee80211_qos_data ibss_data = {
7026                 .supported = 1,
7027                 .active = 1,
7028         };
7029
7030         switch (priv->ieee->iw_mode) {
7031         case IW_MODE_ADHOC:
7032                 BUG_ON(!(network->capability & WLAN_CAPABILITY_IBSS));
7033
7034                 qos_data = &ibss_data;
7035                 break;
7036
7037         case IW_MODE_INFRA:
7038                 qos_data = &network->qos_data;
7039                 break;
7040
7041         default:
7042                 BUG();
7043                 break;
7044         }
7045
7046         err = ipw_qos_activate(priv, qos_data);
7047         if (err) {
7048                 priv->assoc_request.policy_support &= ~HC_QOS_SUPPORT_ASSOC;
7049                 return err;
7050         }
7051
7052         if (priv->qos_data.qos_enable && qos_data->supported) {
7053                 IPW_DEBUG_QOS("QoS will be enabled for this association\n");
7054                 priv->assoc_request.policy_support |= HC_QOS_SUPPORT_ASSOC;
7055                 return ipw_qos_set_info_element(priv);
7056         }
7057
7058         return 0;
7059 }
7060
7061 /*
7062 * handling the beaconing responses. if we get different QoS setting
7063 * off the network from the associated setting, adjust the QoS
7064 * setting
7065 */
7066 static int ipw_qos_association_resp(struct ipw_priv *priv,
7067                                     struct ieee80211_network *network)
7068 {
7069         int ret = 0;
7070         unsigned long flags;
7071         u32 size = sizeof(struct ieee80211_qos_parameters);
7072         int set_qos_param = 0;
7073
7074         if ((priv == NULL) || (network == NULL) ||
7075             (priv->assoc_network == NULL))
7076                 return ret;
7077
7078         if (!(priv->status & STATUS_ASSOCIATED))
7079                 return ret;
7080
7081         if ((priv->ieee->iw_mode != IW_MODE_INFRA))
7082                 return ret;
7083
7084         spin_lock_irqsave(&priv->ieee->lock, flags);
7085         if (network->flags & NETWORK_HAS_QOS_PARAMETERS) {
7086                 memcpy(&priv->assoc_network->qos_data, &network->qos_data,
7087                        sizeof(struct ieee80211_qos_data));
7088                 priv->assoc_network->qos_data.active = 1;
7089                 if ((network->qos_data.old_param_count !=
7090                      network->qos_data.param_count)) {
7091                         set_qos_param = 1;
7092                         network->qos_data.old_param_count =
7093                             network->qos_data.param_count;
7094                 }
7095
7096         } else {
7097                 if ((network->mode == IEEE_B) || (priv->ieee->mode == IEEE_B))
7098                         memcpy(&priv->assoc_network->qos_data.parameters,
7099                                &def_parameters_CCK, size);
7100                 else
7101                         memcpy(&priv->assoc_network->qos_data.parameters,
7102                                &def_parameters_OFDM, size);
7103                 priv->assoc_network->qos_data.active = 0;
7104                 priv->assoc_network->qos_data.supported = 0;
7105                 set_qos_param = 1;
7106         }
7107
7108         spin_unlock_irqrestore(&priv->ieee->lock, flags);
7109
7110         if (set_qos_param == 1)
7111                 schedule_work(&priv->qos_activate);
7112
7113         return ret;
7114 }
7115
7116 static u32 ipw_qos_get_burst_duration(struct ipw_priv *priv)
7117 {
7118         u32 ret = 0;
7119
7120         if ((priv == NULL))
7121                 return 0;
7122
7123         if (!(priv->ieee->modulation & IEEE80211_OFDM_MODULATION))
7124                 ret = priv->qos_data.burst_duration_CCK;
7125         else
7126                 ret = priv->qos_data.burst_duration_OFDM;
7127
7128         return ret;
7129 }
7130
7131 /*
7132 * Initialize the setting of QoS global
7133 */
7134 static void ipw_qos_init(struct ipw_priv *priv, int enable,
7135                          int burst_enable, u32 burst_duration_CCK,
7136                          u32 burst_duration_OFDM)
7137 {
7138         priv->qos_data.qos_enable = enable;
7139
7140         if (priv->qos_data.qos_enable) {
7141                 priv->qos_data.def_qos_parm_CCK = &def_qos_parameters_CCK;
7142                 priv->qos_data.def_qos_parm_OFDM = &def_qos_parameters_OFDM;
7143                 IPW_DEBUG_QOS("QoS is enabled\n");
7144         } else {
7145                 priv->qos_data.def_qos_parm_CCK = &def_parameters_CCK;
7146                 priv->qos_data.def_qos_parm_OFDM = &def_parameters_OFDM;
7147                 IPW_DEBUG_QOS("QoS is not enabled\n");
7148         }
7149
7150         priv->qos_data.burst_enable = burst_enable;
7151
7152         if (burst_enable) {
7153                 priv->qos_data.burst_duration_CCK = burst_duration_CCK;
7154                 priv->qos_data.burst_duration_OFDM = burst_duration_OFDM;
7155         } else {
7156                 priv->qos_data.burst_duration_CCK = 0;
7157                 priv->qos_data.burst_duration_OFDM = 0;
7158         }
7159 }
7160
7161 /*
7162 * map the packet priority to the right TX Queue
7163 */
7164 static int ipw_get_tx_queue_number(struct ipw_priv *priv, u16 priority)
7165 {
7166         if (priority > 7 || !priv->qos_data.qos_enable)
7167                 priority = 0;
7168
7169         return from_priority_to_tx_queue[priority] - 1;
7170 }
7171
7172 static int ipw_is_qos_active(struct net_device *dev,
7173                              struct sk_buff *skb)
7174 {
7175         struct ipw_priv *priv = ieee80211_priv(dev);
7176         struct ieee80211_qos_data *qos_data = NULL;
7177         int active, supported;
7178         u8 *daddr = skb->data + ETH_ALEN;
7179         int unicast = !is_multicast_ether_addr(daddr);
7180
7181         if (!(priv->status & STATUS_ASSOCIATED))
7182                 return 0;
7183
7184         qos_data = &priv->assoc_network->qos_data;
7185
7186         if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
7187                 if (unicast == 0)
7188                         qos_data->active = 0;
7189                 else
7190                         qos_data->active = qos_data->supported;
7191         }
7192         active = qos_data->active;
7193         supported = qos_data->supported;
7194         IPW_DEBUG_QOS("QoS  %d network is QoS active %d  supported %d  "
7195                       "unicast %d\n",
7196                       priv->qos_data.qos_enable, active, supported, unicast);
7197         if (active && priv->qos_data.qos_enable)
7198                 return 1;
7199
7200         return 0;
7201
7202 }
7203 /*
7204 * add QoS parameter to the TX command
7205 */
7206 static int ipw_qos_set_tx_queue_command(struct ipw_priv *priv,
7207                                         u16 priority,
7208                                         struct tfd_data *tfd)
7209 {
7210         int tx_queue_id = 0;
7211
7212
7213         tx_queue_id = from_priority_to_tx_queue[priority] - 1;
7214         tfd->tx_flags_ext |= DCT_FLAG_EXT_QOS_ENABLED;
7215
7216         if (priv->qos_data.qos_no_ack_mask & (1UL << tx_queue_id)) {
7217                 tfd->tx_flags &= ~DCT_FLAG_ACK_REQD;
7218                 tfd->tfd.tfd_26.mchdr.qos_ctrl |= cpu_to_le16(CTRL_QOS_NO_ACK);
7219         }
7220         return 0;
7221 }
7222
7223 /*
7224 * background support to run QoS activate functionality
7225 */
7226 static void ipw_bg_qos_activate(struct work_struct *work)
7227 {
7228         struct ipw_priv *priv =
7229                 container_of(work, struct ipw_priv, qos_activate);
7230
7231         if (priv == NULL)
7232                 return;
7233
7234         mutex_lock(&priv->mutex);
7235
7236         if (priv->status & STATUS_ASSOCIATED)
7237                 ipw_qos_activate(priv, &(priv->assoc_network->qos_data));
7238
7239         mutex_unlock(&priv->mutex);
7240 }
7241
7242 static int ipw_handle_probe_response(struct net_device *dev,
7243                                      struct ieee80211_probe_response *resp,
7244                                      struct ieee80211_network *network)
7245 {
7246         struct ipw_priv *priv = ieee80211_priv(dev);
7247         int active_network = ((priv->status & STATUS_ASSOCIATED) &&
7248                               (network == priv->assoc_network));
7249
7250         ipw_qos_handle_probe_response(priv, active_network, network);
7251
7252         return 0;
7253 }
7254
7255 static int ipw_handle_beacon(struct net_device *dev,
7256                              struct ieee80211_beacon *resp,
7257                              struct ieee80211_network *network)
7258 {
7259         struct ipw_priv *priv = ieee80211_priv(dev);
7260         int active_network = ((priv->status & STATUS_ASSOCIATED) &&
7261                               (network == priv->assoc_network));
7262
7263         ipw_qos_handle_probe_response(priv, active_network, network);
7264
7265         return 0;
7266 }
7267
7268 static int ipw_handle_assoc_response(struct net_device *dev,
7269                                      struct ieee80211_assoc_response *resp,
7270                                      struct ieee80211_network *network)
7271 {
7272         struct ipw_priv *priv = ieee80211_priv(dev);
7273         ipw_qos_association_resp(priv, network);
7274         return 0;
7275 }
7276
7277 static int ipw_send_qos_params_command(struct ipw_priv *priv, struct ieee80211_qos_parameters
7278                                        *qos_param)
7279 {
7280         return ipw_send_cmd_pdu(priv, IPW_CMD_QOS_PARAMETERS,
7281                                 sizeof(*qos_param) * 3, qos_param);
7282 }
7283
7284 static int ipw_send_qos_info_command(struct ipw_priv *priv, struct ieee80211_qos_information_element
7285                                      *qos_param)
7286 {
7287         return ipw_send_cmd_pdu(priv, IPW_CMD_WME_INFO, sizeof(*qos_param),
7288                                 qos_param);
7289 }
7290
7291 #endif                          /* CONFIG_IPW2200_QOS */
7292
7293 static int ipw_associate_network(struct ipw_priv *priv,
7294                                  struct ieee80211_network *network,
7295                                  struct ipw_supported_rates *rates, int roaming)
7296 {
7297         int err;
7298         DECLARE_MAC_BUF(mac);
7299
7300         if (priv->config & CFG_FIXED_RATE)
7301                 ipw_set_fixed_rate(priv, network->mode);
7302
7303         if (!(priv->config & CFG_STATIC_ESSID)) {
7304                 priv->essid_len = min(network->ssid_len,
7305                                       (u8) IW_ESSID_MAX_SIZE);
7306                 memcpy(priv->essid, network->ssid, priv->essid_len);
7307         }
7308
7309         network->last_associate = jiffies;
7310
7311         memset(&priv->assoc_request, 0, sizeof(priv->assoc_request));
7312         priv->assoc_request.channel = network->channel;
7313         priv->assoc_request.auth_key = 0;
7314
7315         if ((priv->capability & CAP_PRIVACY_ON) &&
7316             (priv->ieee->sec.auth_mode == WLAN_AUTH_SHARED_KEY)) {
7317                 priv->assoc_request.auth_type = AUTH_SHARED_KEY;
7318                 priv->assoc_request.auth_key = priv->ieee->sec.active_key;
7319
7320                 if (priv->ieee->sec.level == SEC_LEVEL_1)
7321                         ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_WEP);
7322
7323         } else if ((priv->capability & CAP_PRIVACY_ON) &&
7324                    (priv->ieee->sec.auth_mode == WLAN_AUTH_LEAP))
7325                 priv->assoc_request.auth_type = AUTH_LEAP;
7326         else
7327                 priv->assoc_request.auth_type = AUTH_OPEN;
7328
7329         if (priv->ieee->wpa_ie_len) {
7330                 priv->assoc_request.policy_support = cpu_to_le16(0x02); /* RSN active */
7331                 ipw_set_rsn_capa(priv, priv->ieee->wpa_ie,
7332                                  priv->ieee->wpa_ie_len);
7333         }
7334
7335         /*
7336          * It is valid for our ieee device to support multiple modes, but
7337          * when it comes to associating to a given network we have to choose
7338          * just one mode.
7339          */
7340         if (network->mode & priv->ieee->mode & IEEE_A)
7341                 priv->assoc_request.ieee_mode = IPW_A_MODE;
7342         else if (network->mode & priv->ieee->mode & IEEE_G)
7343                 priv->assoc_request.ieee_mode = IPW_G_MODE;
7344         else if (network->mode & priv->ieee->mode & IEEE_B)
7345                 priv->assoc_request.ieee_mode = IPW_B_MODE;
7346
7347         priv->assoc_request.capability = cpu_to_le16(network->capability);
7348         if ((network->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
7349             && !(priv->config & CFG_PREAMBLE_LONG)) {
7350                 priv->assoc_request.preamble_length = DCT_FLAG_SHORT_PREAMBLE;
7351         } else {
7352                 priv->assoc_request.preamble_length = DCT_FLAG_LONG_PREAMBLE;
7353
7354                 /* Clear the short preamble if we won't be supporting it */
7355                 priv->assoc_request.capability &=
7356                     ~cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
7357         }
7358
7359         /* Clear capability bits that aren't used in Ad Hoc */
7360         if (priv->ieee->iw_mode == IW_MODE_ADHOC)
7361                 priv->assoc_request.capability &=
7362                     ~cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME);
7363
7364         IPW_DEBUG_ASSOC("%sssocation attempt: '%s', channel %d, "
7365                         "802.11%c [%d], %s[:%s], enc=%s%s%s%c%c\n",
7366                         roaming ? "Rea" : "A",
7367                         escape_essid(priv->essid, priv->essid_len),
7368                         network->channel,
7369                         ipw_modes[priv->assoc_request.ieee_mode],
7370                         rates->num_rates,
7371                         (priv->assoc_request.preamble_length ==
7372                          DCT_FLAG_LONG_PREAMBLE) ? "long" : "short",
7373                         network->capability &
7374                         WLAN_CAPABILITY_SHORT_PREAMBLE ? "short" : "long",
7375                         priv->capability & CAP_PRIVACY_ON ? "on " : "off",
7376                         priv->capability & CAP_PRIVACY_ON ?
7377                         (priv->capability & CAP_SHARED_KEY ? "(shared)" :
7378                          "(open)") : "",
7379                         priv->capability & CAP_PRIVACY_ON ? " key=" : "",
7380                         priv->capability & CAP_PRIVACY_ON ?
7381                         '1' + priv->ieee->sec.active_key : '.',
7382                         priv->capability & CAP_PRIVACY_ON ? '.' : ' ');
7383
7384         priv->assoc_request.beacon_interval = cpu_to_le16(network->beacon_interval);
7385         if ((priv->ieee->iw_mode == IW_MODE_ADHOC) &&
7386             (network->time_stamp[0] == 0) && (network->time_stamp[1] == 0)) {
7387                 priv->assoc_request.assoc_type = HC_IBSS_START;
7388                 priv->assoc_request.assoc_tsf_msw = 0;
7389                 priv->assoc_request.assoc_tsf_lsw = 0;
7390         } else {
7391                 if (unlikely(roaming))
7392                         priv->assoc_request.assoc_type = HC_REASSOCIATE;
7393                 else
7394                         priv->assoc_request.assoc_type = HC_ASSOCIATE;
7395                 priv->assoc_request.assoc_tsf_msw = cpu_to_le32(network->time_stamp[1]);
7396                 priv->assoc_request.assoc_tsf_lsw = cpu_to_le32(network->time_stamp[0]);
7397         }
7398
7399         memcpy(priv->assoc_request.bssid, network->bssid, ETH_ALEN);
7400
7401         if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
7402                 memset(&priv->assoc_request.dest, 0xFF, ETH_ALEN);
7403                 priv->assoc_request.atim_window = cpu_to_le16(network->atim_window);
7404         } else {
7405                 memcpy(priv->assoc_request.dest, network->bssid, ETH_ALEN);
7406                 priv->assoc_request.atim_window = 0;
7407         }
7408
7409         priv->assoc_request.listen_interval = cpu_to_le16(network->listen_interval);
7410
7411         err = ipw_send_ssid(priv, priv->essid, priv->essid_len);
7412         if (err) {
7413                 IPW_DEBUG_HC("Attempt to send SSID command failed.\n");
7414                 return err;
7415         }
7416
7417         rates->ieee_mode = priv->assoc_request.ieee_mode;
7418         rates->purpose = IPW_RATE_CONNECT;
7419         ipw_send_supported_rates(priv, rates);
7420
7421         if (priv->assoc_request.ieee_mode == IPW_G_MODE)
7422                 priv->sys_config.dot11g_auto_detection = 1;
7423         else
7424                 priv->sys_config.dot11g_auto_detection = 0;
7425
7426         if (priv->ieee->iw_mode == IW_MODE_ADHOC)
7427                 priv->sys_config.answer_broadcast_ssid_probe = 1;
7428         else
7429                 priv->sys_config.answer_broadcast_ssid_probe = 0;
7430
7431         err = ipw_send_system_config(priv);
7432         if (err) {
7433                 IPW_DEBUG_HC("Attempt to send sys config command failed.\n");
7434                 return err;
7435         }
7436
7437         IPW_DEBUG_ASSOC("Association sensitivity: %d\n", network->stats.rssi);
7438         err = ipw_set_sensitivity(priv, network->stats.rssi + IPW_RSSI_TO_DBM);
7439         if (err) {
7440                 IPW_DEBUG_HC("Attempt to send associate command failed.\n");
7441                 return err;
7442         }
7443
7444         /*
7445          * If preemption is enabled, it is possible for the association
7446          * to complete before we return from ipw_send_associate.  Therefore
7447          * we have to be sure and update our priviate data first.
7448          */
7449         priv->channel = network->channel;
7450         memcpy(priv->bssid, network->bssid, ETH_ALEN);
7451         priv->status |= STATUS_ASSOCIATING;
7452         priv->status &= ~STATUS_SECURITY_UPDATED;
7453
7454         priv->assoc_network = network;
7455
7456 #ifdef CONFIG_IPW2200_QOS
7457         ipw_qos_association(priv, network);
7458 #endif
7459
7460         err = ipw_send_associate(priv, &priv->assoc_request);
7461         if (err) {
7462                 IPW_DEBUG_HC("Attempt to send associate command failed.\n");
7463                 return err;
7464         }
7465
7466         IPW_DEBUG(IPW_DL_STATE, "associating: '%s' %s \n",
7467                   escape_essid(priv->essid, priv->essid_len),
7468                   print_mac(mac, priv->bssid));
7469
7470         return 0;
7471 }
7472
7473 static void ipw_roam(void *data)
7474 {
7475         struct ipw_priv *priv = data;
7476         struct ieee80211_network *network = NULL;
7477         struct ipw_network_match match = {
7478                 .network = priv->assoc_network
7479         };
7480
7481         /* The roaming process is as follows:
7482          *
7483          * 1.  Missed beacon threshold triggers the roaming process by
7484          *     setting the status ROAM bit and requesting a scan.
7485          * 2.  When the scan completes, it schedules the ROAM work
7486          * 3.  The ROAM work looks at all of the known networks for one that
7487          *     is a better network than the currently associated.  If none
7488          *     found, the ROAM process is over (ROAM bit cleared)
7489          * 4.  If a better network is found, a disassociation request is
7490          *     sent.
7491          * 5.  When the disassociation completes, the roam work is again
7492          *     scheduled.  The second time through, the driver is no longer
7493          *     associated, and the newly selected network is sent an
7494          *     association request.
7495          * 6.  At this point ,the roaming process is complete and the ROAM
7496          *     status bit is cleared.
7497          */
7498
7499         /* If we are no longer associated, and the roaming bit is no longer
7500          * set, then we are not actively roaming, so just return */
7501         if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ROAMING)))
7502                 return;
7503
7504         if (priv->status & STATUS_ASSOCIATED) {
7505                 /* First pass through ROAM process -- look for a better
7506                  * network */
7507                 unsigned long flags;
7508                 u8 rssi = priv->assoc_network->stats.rssi;
7509                 priv->assoc_network->stats.rssi = -128;
7510                 spin_lock_irqsave(&priv->ieee->lock, flags);
7511                 list_for_each_entry(network, &priv->ieee->network_list, list) {
7512                         if (network != priv->assoc_network)
7513                                 ipw_best_network(priv, &match, network, 1);
7514                 }
7515                 spin_unlock_irqrestore(&priv->ieee->lock, flags);
7516                 priv->assoc_network->stats.rssi = rssi;
7517
7518                 if (match.network == priv->assoc_network) {
7519                         IPW_DEBUG_ASSOC("No better APs in this network to "
7520                                         "roam to.\n");
7521                         priv->status &= ~STATUS_ROAMING;
7522                         ipw_debug_config(priv);
7523                         return;
7524                 }
7525
7526                 ipw_send_disassociate(priv, 1);
7527                 priv->assoc_network = match.network;
7528
7529                 return;
7530         }
7531
7532         /* Second pass through ROAM process -- request association */
7533         ipw_compatible_rates(priv, priv->assoc_network, &match.rates);
7534         ipw_associate_network(priv, priv->assoc_network, &match.rates, 1);
7535         priv->status &= ~STATUS_ROAMING;
7536 }
7537
7538 static void ipw_bg_roam(struct work_struct *work)
7539 {
7540         struct ipw_priv *priv =
7541                 container_of(work, struct ipw_priv, roam);
7542         mutex_lock(&priv->mutex);
7543         ipw_roam(priv);
7544         mutex_unlock(&priv->mutex);
7545 }
7546
7547 static int ipw_associate(void *data)
7548 {
7549         struct ipw_priv *priv = data;
7550
7551         struct ieee80211_network *network = NULL;
7552         struct ipw_network_match match = {
7553                 .network = NULL
7554         };
7555         struct ipw_supported_rates *rates;
7556         struct list_head *element;
7557         unsigned long flags;
7558
7559         if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
7560                 IPW_DEBUG_ASSOC("Not attempting association (monitor mode)\n");
7561                 return 0;
7562         }
7563
7564         if (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
7565                 IPW_DEBUG_ASSOC("Not attempting association (already in "
7566                                 "progress)\n");
7567                 return 0;
7568         }
7569
7570         if (priv->status & STATUS_DISASSOCIATING) {
7571                 IPW_DEBUG_ASSOC("Not attempting association (in "
7572                                 "disassociating)\n ");
7573                 queue_work(priv->workqueue, &priv->associate);
7574                 return 0;
7575         }
7576
7577         if (!ipw_is_init(priv) || (priv->status & STATUS_SCANNING)) {
7578                 IPW_DEBUG_ASSOC("Not attempting association (scanning or not "
7579                                 "initialized)\n");
7580                 return 0;
7581         }
7582
7583         if (!(priv->config & CFG_ASSOCIATE) &&
7584             !(priv->config & (CFG_STATIC_ESSID |
7585                               CFG_STATIC_CHANNEL | CFG_STATIC_BSSID))) {
7586                 IPW_DEBUG_ASSOC("Not attempting association (associate=0)\n");
7587                 return 0;
7588         }
7589
7590         /* Protect our use of the network_list */
7591         spin_lock_irqsave(&priv->ieee->lock, flags);
7592         list_for_each_entry(network, &priv->ieee->network_list, list)
7593             ipw_best_network(priv, &match, network, 0);
7594
7595         network = match.network;
7596         rates = &match.rates;
7597
7598         if (network == NULL &&
7599             priv->ieee->iw_mode == IW_MODE_ADHOC &&
7600             priv->config & CFG_ADHOC_CREATE &&
7601             priv->config & CFG_STATIC_ESSID &&
7602             priv->config & CFG_STATIC_CHANNEL) {
7603                 /* Use oldest network if the free list is empty */
7604                 if (list_empty(&priv->ieee->network_free_list)) {
7605                         struct ieee80211_network *oldest = NULL;
7606                         struct ieee80211_network *target;
7607                         DECLARE_MAC_BUF(mac);
7608
7609                         list_for_each_entry(target, &priv->ieee->network_list, list) {
7610                                 if ((oldest == NULL) ||
7611                                     (target->last_scanned < oldest->last_scanned))
7612                                         oldest = target;
7613                         }
7614
7615                         /* If there are no more slots, expire the oldest */
7616                         list_del(&oldest->list);
7617                         target = oldest;
7618                         IPW_DEBUG_ASSOC("Expired '%s' (%s) from "
7619                                         "network list.\n",
7620                                         escape_essid(target->ssid,
7621                                                      target->ssid_len),
7622                                         print_mac(mac, target->bssid));
7623                         list_add_tail(&target->list,
7624                                       &priv->ieee->network_free_list);
7625                 }
7626
7627                 element = priv->ieee->network_free_list.next;
7628                 network = list_entry(element, struct ieee80211_network, list);
7629                 ipw_adhoc_create(priv, network);
7630                 rates = &priv->rates;
7631                 list_del(element);
7632                 list_add_tail(&network->list, &priv->ieee->network_list);
7633         }
7634         spin_unlock_irqrestore(&priv->ieee->lock, flags);
7635
7636         /* If we reached the end of the list, then we don't have any valid
7637          * matching APs */
7638         if (!network) {
7639                 ipw_debug_config(priv);
7640
7641                 if (!(priv->status & STATUS_SCANNING)) {
7642                         if (!(priv->config & CFG_SPEED_SCAN))
7643                                 queue_delayed_work(priv->workqueue,
7644                                                    &priv->request_scan,
7645                                                    SCAN_INTERVAL);
7646                         else
7647                                 queue_delayed_work(priv->workqueue,
7648                                                    &priv->request_scan, 0);
7649                 }
7650
7651                 return 0;
7652         }
7653
7654         ipw_associate_network(priv, network, rates, 0);
7655
7656         return 1;
7657 }
7658
7659 static void ipw_bg_associate(struct work_struct *work)
7660 {
7661         struct ipw_priv *priv =
7662                 container_of(work, struct ipw_priv, associate);
7663         mutex_lock(&priv->mutex);
7664         ipw_associate(priv);
7665         mutex_unlock(&priv->mutex);
7666 }
7667
7668 static void ipw_rebuild_decrypted_skb(struct ipw_priv *priv,
7669                                       struct sk_buff *skb)
7670 {
7671         struct ieee80211_hdr *hdr;
7672         u16 fc;
7673
7674         hdr = (struct ieee80211_hdr *)skb->data;
7675         fc = le16_to_cpu(hdr->frame_ctl);
7676         if (!(fc & IEEE80211_FCTL_PROTECTED))
7677                 return;
7678
7679         fc &= ~IEEE80211_FCTL_PROTECTED;
7680         hdr->frame_ctl = cpu_to_le16(fc);
7681         switch (priv->ieee->sec.level) {
7682         case SEC_LEVEL_3:
7683                 /* Remove CCMP HDR */
7684                 memmove(skb->data + IEEE80211_3ADDR_LEN,
7685                         skb->data + IEEE80211_3ADDR_LEN + 8,
7686                         skb->len - IEEE80211_3ADDR_LEN - 8);
7687                 skb_trim(skb, skb->len - 16);   /* CCMP_HDR_LEN + CCMP_MIC_LEN */
7688                 break;
7689         case SEC_LEVEL_2:
7690                 break;
7691         case SEC_LEVEL_1:
7692                 /* Remove IV */
7693                 memmove(skb->data + IEEE80211_3ADDR_LEN,
7694                         skb->data + IEEE80211_3ADDR_LEN + 4,
7695                         skb->len - IEEE80211_3ADDR_LEN - 4);
7696                 skb_trim(skb, skb->len - 8);    /* IV + ICV */
7697                 break;
7698         case SEC_LEVEL_0:
7699                 break;
7700         default:
7701                 printk(KERN_ERR "Unknow security level %d\n",
7702                        priv->ieee->sec.level);
7703                 break;
7704         }
7705 }
7706
7707 static void ipw_handle_data_packet(struct ipw_priv *priv,
7708                                    struct ipw_rx_mem_buffer *rxb,
7709                                    struct ieee80211_rx_stats *stats)
7710 {
7711         struct ieee80211_hdr_4addr *hdr;
7712         struct ipw_rx_packet *pkt = (struct ipw_rx_packet *)rxb->skb->data;
7713
7714         /* We received data from the HW, so stop the watchdog */
7715         priv->net_dev->trans_start = jiffies;
7716
7717         /* We only process data packets if the
7718          * interface is open */
7719         if (unlikely((le16_to_cpu(pkt->u.frame.length) + IPW_RX_FRAME_SIZE) >
7720                      skb_tailroom(rxb->skb))) {
7721                 priv->ieee->stats.rx_errors++;
7722                 priv->wstats.discard.misc++;
7723                 IPW_DEBUG_DROP("Corruption detected! Oh no!\n");
7724                 return;
7725         } else if (unlikely(!netif_running(priv->net_dev))) {
7726                 priv->ieee->stats.rx_dropped++;
7727                 priv->wstats.discard.misc++;
7728                 IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
7729                 return;
7730         }
7731
7732         /* Advance skb->data to the start of the actual payload */
7733         skb_reserve(rxb->skb, offsetof(struct ipw_rx_packet, u.frame.data));
7734
7735         /* Set the size of the skb to the size of the frame */
7736         skb_put(rxb->skb, le16_to_cpu(pkt->u.frame.length));
7737
7738         IPW_DEBUG_RX("Rx packet of %d bytes.\n", rxb->skb->len);
7739
7740         /* HW decrypt will not clear the WEP bit, MIC, PN, etc. */
7741         hdr = (struct ieee80211_hdr_4addr *)rxb->skb->data;
7742         if (priv->ieee->iw_mode != IW_MODE_MONITOR &&
7743             (is_multicast_ether_addr(hdr->addr1) ?
7744              !priv->ieee->host_mc_decrypt : !priv->ieee->host_decrypt))
7745                 ipw_rebuild_decrypted_skb(priv, rxb->skb);
7746
7747         if (!ieee80211_rx(priv->ieee, rxb->skb, stats))
7748                 priv->ieee->stats.rx_errors++;
7749         else {                  /* ieee80211_rx succeeded, so it now owns the SKB */
7750                 rxb->skb = NULL;
7751                 __ipw_led_activity_on(priv);
7752         }
7753 }
7754
7755 #ifdef CONFIG_IPW2200_RADIOTAP
7756 static void ipw_handle_data_packet_monitor(struct ipw_priv *priv,
7757                                            struct ipw_rx_mem_buffer *rxb,
7758                                            struct ieee80211_rx_stats *stats)
7759 {
7760         struct ipw_rx_packet *pkt = (struct ipw_rx_packet *)rxb->skb->data;
7761         struct ipw_rx_frame *frame = &pkt->u.frame;
7762
7763         /* initial pull of some data */
7764         u16 received_channel = frame->received_channel;
7765         u8 antennaAndPhy = frame->antennaAndPhy;
7766         s8 antsignal = frame->rssi_dbm - IPW_RSSI_TO_DBM;       /* call it signed anyhow */
7767         u16 pktrate = frame->rate;
7768
7769         /* Magic struct that slots into the radiotap header -- no reason
7770          * to build this manually element by element, we can write it much
7771          * more efficiently than we can parse it. ORDER MATTERS HERE */
7772         struct ipw_rt_hdr *ipw_rt;
7773
7774         short len = le16_to_cpu(pkt->u.frame.length);
7775
7776         /* We received data from the HW, so stop the watchdog */
7777         priv->net_dev->trans_start = jiffies;
7778
7779         /* We only process data packets if the
7780          * interface is open */
7781         if (unlikely((le16_to_cpu(pkt->u.frame.length) + IPW_RX_FRAME_SIZE) >
7782                      skb_tailroom(rxb->skb))) {
7783                 priv->ieee->stats.rx_errors++;
7784                 priv->wstats.discard.misc++;
7785                 IPW_DEBUG_DROP("Corruption detected! Oh no!\n");
7786                 return;
7787         } else if (unlikely(!netif_running(priv->net_dev))) {
7788                 priv->ieee->stats.rx_dropped++;
7789                 priv->wstats.discard.misc++;
7790                 IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
7791                 return;
7792         }
7793
7794         /* Libpcap 0.9.3+ can handle variable length radiotap, so we'll use
7795          * that now */
7796         if (len > IPW_RX_BUF_SIZE - sizeof(struct ipw_rt_hdr)) {
7797                 /* FIXME: Should alloc bigger skb instead */
7798                 priv->ieee->stats.rx_dropped++;
7799                 priv->wstats.discard.misc++;
7800                 IPW_DEBUG_DROP("Dropping too large packet in monitor\n");
7801                 return;
7802         }
7803
7804         /* copy the frame itself */
7805         memmove(rxb->skb->data + sizeof(struct ipw_rt_hdr),
7806                 rxb->skb->data + IPW_RX_FRAME_SIZE, len);
7807
7808         /* Zero the radiotap static buffer  ...  We only need to zero the bytes NOT
7809          * part of our real header, saves a little time.
7810          *
7811          * No longer necessary since we fill in all our data.  Purge before merging
7812          * patch officially.
7813          * memset(rxb->skb->data + sizeof(struct ipw_rt_hdr), 0,
7814          *        IEEE80211_RADIOTAP_HDRLEN - sizeof(struct ipw_rt_hdr));
7815          */
7816
7817         ipw_rt = (struct ipw_rt_hdr *)rxb->skb->data;
7818
7819         ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
7820         ipw_rt->rt_hdr.it_pad = 0;      /* always good to zero */
7821         ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(struct ipw_rt_hdr)); /* total header+data */
7822
7823         /* Big bitfield of all the fields we provide in radiotap */
7824         ipw_rt->rt_hdr.it_present = cpu_to_le32(
7825              (1 << IEEE80211_RADIOTAP_TSFT) |
7826              (1 << IEEE80211_RADIOTAP_FLAGS) |
7827              (1 << IEEE80211_RADIOTAP_RATE) |
7828              (1 << IEEE80211_RADIOTAP_CHANNEL) |
7829              (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
7830              (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE) |
7831              (1 << IEEE80211_RADIOTAP_ANTENNA));
7832
7833         /* Zero the flags, we'll add to them as we go */
7834         ipw_rt->rt_flags = 0;
7835         ipw_rt->rt_tsf = (u64)(frame->parent_tsf[3] << 24 |
7836                                frame->parent_tsf[2] << 16 |
7837                                frame->parent_tsf[1] << 8  |
7838                                frame->parent_tsf[0]);
7839
7840         /* Convert signal to DBM */
7841         ipw_rt->rt_dbmsignal = antsignal;
7842         ipw_rt->rt_dbmnoise = frame->noise;
7843
7844         /* Convert the channel data and set the flags */
7845         ipw_rt->rt_channel = cpu_to_le16(ieee80211chan2mhz(received_channel));
7846         if (received_channel > 14) {    /* 802.11a */
7847                 ipw_rt->rt_chbitmask =
7848                     cpu_to_le16((IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ));
7849         } else if (antennaAndPhy & 32) {        /* 802.11b */
7850                 ipw_rt->rt_chbitmask =
7851                     cpu_to_le16((IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ));
7852         } else {                /* 802.11g */
7853                 ipw_rt->rt_chbitmask =
7854                     cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ);
7855         }
7856
7857         /* set the rate in multiples of 500k/s */
7858         switch (pktrate) {
7859         case IPW_TX_RATE_1MB:
7860                 ipw_rt->rt_rate = 2;
7861                 break;
7862         case IPW_TX_RATE_2MB:
7863                 ipw_rt->rt_rate = 4;
7864                 break;
7865         case IPW_TX_RATE_5MB:
7866                 ipw_rt->rt_rate = 10;
7867                 break;
7868         case IPW_TX_RATE_6MB:
7869                 ipw_rt->rt_rate = 12;
7870                 break;
7871         case IPW_TX_RATE_9MB:
7872                 ipw_rt->rt_rate = 18;
7873                 break;
7874         case IPW_TX_RATE_11MB:
7875                 ipw_rt->rt_rate = 22;
7876                 break;
7877         case IPW_TX_RATE_12MB:
7878                 ipw_rt->rt_rate = 24;
7879                 break;
7880         case IPW_TX_RATE_18MB:
7881                 ipw_rt->rt_rate = 36;
7882                 break;
7883         case IPW_TX_RATE_24MB:
7884                 ipw_rt->rt_rate = 48;
7885                 break;
7886         case IPW_TX_RATE_36MB:
7887                 ipw_rt->rt_rate = 72;
7888                 break;
7889         case IPW_TX_RATE_48MB:
7890                 ipw_rt->rt_rate = 96;
7891                 break;
7892         case IPW_TX_RATE_54MB:
7893                 ipw_rt->rt_rate = 108;
7894                 break;
7895         default:
7896                 ipw_rt->rt_rate = 0;
7897                 break;
7898         }
7899
7900         /* antenna number */
7901         ipw_rt->rt_antenna = (antennaAndPhy & 3);       /* Is this right? */
7902
7903         /* set the preamble flag if we have it */
7904         if ((antennaAndPhy & 64))
7905                 ipw_rt->rt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
7906
7907         /* Set the size of the skb to the size of the frame */
7908         skb_put(rxb->skb, len + sizeof(struct ipw_rt_hdr));
7909
7910         IPW_DEBUG_RX("Rx packet of %d bytes.\n", rxb->skb->len);
7911
7912         if (!ieee80211_rx(priv->ieee, rxb->skb, stats))
7913                 priv->ieee->stats.rx_errors++;
7914         else {                  /* ieee80211_rx succeeded, so it now owns the SKB */
7915                 rxb->skb = NULL;
7916                 /* no LED during capture */
7917         }
7918 }
7919 #endif
7920
7921 #ifdef CONFIG_IPW2200_PROMISCUOUS
7922 #define ieee80211_is_probe_response(fc) \
7923    ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT && \
7924     (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP )
7925
7926 #define ieee80211_is_management(fc) \
7927    ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
7928
7929 #define ieee80211_is_control(fc) \
7930    ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL)
7931
7932 #define ieee80211_is_data(fc) \
7933    ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
7934
7935 #define ieee80211_is_assoc_request(fc) \
7936    ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_ASSOC_REQ)
7937
7938 #define ieee80211_is_reassoc_request(fc) \
7939    ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_REASSOC_REQ)
7940
7941 static void ipw_handle_promiscuous_rx(struct ipw_priv *priv,
7942                                       struct ipw_rx_mem_buffer *rxb,
7943                                       struct ieee80211_rx_stats *stats)
7944 {
7945         struct ipw_rx_packet *pkt = (struct ipw_rx_packet *)rxb->skb->data;
7946         struct ipw_rx_frame *frame = &pkt->u.frame;
7947         struct ipw_rt_hdr *ipw_rt;
7948
7949         /* First cache any information we need before we overwrite
7950          * the information provided in the skb from the hardware */
7951         struct ieee80211_hdr *hdr;
7952         u16 channel = frame->received_channel;
7953         u8 phy_flags = frame->antennaAndPhy;
7954         s8 signal = frame->rssi_dbm - IPW_RSSI_TO_DBM;
7955         s8 noise = frame->noise;
7956         u8 rate = frame->rate;
7957         short len = le16_to_cpu(pkt->u.frame.length);
7958         struct sk_buff *skb;
7959         int hdr_only = 0;
7960         u16 filter = priv->prom_priv->filter;
7961
7962         /* If the filter is set to not include Rx frames then return */
7963         if (filter & IPW_PROM_NO_RX)
7964                 return;
7965
7966         /* We received data from the HW, so stop the watchdog */
7967         priv->prom_net_dev->trans_start = jiffies;
7968
7969         if (unlikely((len + IPW_RX_FRAME_SIZE) > skb_tailroom(rxb->skb))) {
7970                 priv->prom_priv->ieee->stats.rx_errors++;
7971                 IPW_DEBUG_DROP("Corruption detected! Oh no!\n");
7972                 return;
7973         }
7974
7975         /* We only process data packets if the interface is open */
7976         if (unlikely(!netif_running(priv->prom_net_dev))) {
7977                 priv->prom_priv->ieee->stats.rx_dropped++;
7978                 IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
7979                 return;
7980         }
7981
7982         /* Libpcap 0.9.3+ can handle variable length radiotap, so we'll use
7983          * that now */
7984         if (len > IPW_RX_BUF_SIZE - sizeof(struct ipw_rt_hdr)) {
7985                 /* FIXME: Should alloc bigger skb instead */
7986                 priv->prom_priv->ieee->stats.rx_dropped++;
7987                 IPW_DEBUG_DROP("Dropping too large packet in monitor\n");
7988                 return;
7989         }
7990
7991         hdr = (void *)rxb->skb->data + IPW_RX_FRAME_SIZE;
7992         if (ieee80211_is_management(le16_to_cpu(hdr->frame_ctl))) {
7993                 if (filter & IPW_PROM_NO_MGMT)
7994                         return;
7995                 if (filter & IPW_PROM_MGMT_HEADER_ONLY)
7996                         hdr_only = 1;
7997         } else if (ieee80211_is_control(le16_to_cpu(hdr->frame_ctl))) {
7998                 if (filter & IPW_PROM_NO_CTL)
7999                         return;
8000                 if (filter & IPW_PROM_CTL_HEADER_ONLY)
8001                         hdr_only = 1;
8002         } else if (ieee80211_is_data(le16_to_cpu(hdr->frame_ctl))) {
8003                 if (filter & IPW_PROM_NO_DATA)
8004                         return;
8005                 if (filter & IPW_PROM_DATA_HEADER_ONLY)
8006                         hdr_only = 1;
8007         }
8008
8009         /* Copy the SKB since this is for the promiscuous side */
8010         skb = skb_copy(rxb->skb, GFP_ATOMIC);
8011         if (skb == NULL) {
8012                 IPW_ERROR("skb_clone failed for promiscuous copy.\n");
8013                 return;
8014         }
8015
8016         /* copy the frame data to write after where the radiotap header goes */
8017         ipw_rt = (void *)skb->data;
8018
8019         if (hdr_only)
8020                 len = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
8021
8022         memcpy(ipw_rt->payload, hdr, len);
8023
8024         /* Zero the radiotap static buffer  ...  We only need to zero the bytes
8025          * NOT part of our real header, saves a little time.
8026          *
8027          * No longer necessary since we fill in all our data.  Purge before
8028          * merging patch officially.
8029          * memset(rxb->skb->data + sizeof(struct ipw_rt_hdr), 0,
8030          *        IEEE80211_RADIOTAP_HDRLEN - sizeof(struct ipw_rt_hdr));
8031          */
8032
8033         ipw_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
8034         ipw_rt->rt_hdr.it_pad = 0;      /* always good to zero */
8035         ipw_rt->rt_hdr.it_len = cpu_to_le16(sizeof(*ipw_rt));   /* total header+data */
8036
8037         /* Set the size of the skb to the size of the frame */
8038         skb_put(skb, sizeof(*ipw_rt) + len);
8039
8040         /* Big bitfield of all the fields we provide in radiotap */
8041         ipw_rt->rt_hdr.it_present = cpu_to_le32(
8042              (1 << IEEE80211_RADIOTAP_TSFT) |
8043              (1 << IEEE80211_RADIOTAP_FLAGS) |
8044              (1 << IEEE80211_RADIOTAP_RATE) |
8045              (1 << IEEE80211_RADIOTAP_CHANNEL) |
8046              (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
8047              (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE) |
8048              (1 << IEEE80211_RADIOTAP_ANTENNA));
8049
8050         /* Zero the flags, we'll add to them as we go */
8051         ipw_rt->rt_flags = 0;
8052         ipw_rt->rt_tsf = (u64)(frame->parent_tsf[3] << 24 |
8053                                frame->parent_tsf[2] << 16 |
8054                                frame->parent_tsf[1] << 8  |
8055                                frame->parent_tsf[0]);
8056
8057         /* Convert to DBM */
8058         ipw_rt->rt_dbmsignal = signal;
8059         ipw_rt->rt_dbmnoise = noise;
8060
8061         /* Convert the channel data and set the flags */
8062         ipw_rt->rt_channel = cpu_to_le16(ieee80211chan2mhz(channel));
8063         if (channel > 14) {     /* 802.11a */
8064                 ipw_rt->rt_chbitmask =
8065                     cpu_to_le16((IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ));
8066         } else if (phy_flags & (1 << 5)) {      /* 802.11b */
8067                 ipw_rt->rt_chbitmask =
8068                     cpu_to_le16((IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ));
8069         } else {                /* 802.11g */
8070                 ipw_rt->rt_chbitmask =
8071                     cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ);
8072         }
8073
8074         /* set the rate in multiples of 500k/s */
8075         switch (rate) {
8076         case IPW_TX_RATE_1MB:
8077                 ipw_rt->rt_rate = 2;
8078                 break;
8079         case IPW_TX_RATE_2MB:
8080                 ipw_rt->rt_rate = 4;
8081                 break;
8082         case IPW_TX_RATE_5MB:
8083                 ipw_rt->rt_rate = 10;
8084                 break;
8085         case IPW_TX_RATE_6MB:
8086                 ipw_rt->rt_rate = 12;
8087                 break;
8088         case IPW_TX_RATE_9MB:
8089                 ipw_rt->rt_rate = 18;
8090                 break;
8091         case IPW_TX_RATE_11MB:
8092                 ipw_rt->rt_rate = 22;
8093                 break;
8094         case IPW_TX_RATE_12MB:
8095                 ipw_rt->rt_rate = 24;
8096                 break;
8097         case IPW_TX_RATE_18MB:
8098                 ipw_rt->rt_rate = 36;
8099                 break;
8100         case IPW_TX_RATE_24MB:
8101                 ipw_rt->rt_rate = 48;
8102                 break;
8103         case IPW_TX_RATE_36MB:
8104                 ipw_rt->rt_rate = 72;
8105                 break;
8106         case IPW_TX_RATE_48MB:
8107                 ipw_rt->rt_rate = 96;
8108                 break;
8109         case IPW_TX_RATE_54MB:
8110                 ipw_rt->rt_rate = 108;
8111                 break;
8112         default:
8113                 ipw_rt->rt_rate = 0;
8114                 break;
8115         }
8116
8117         /* antenna number */
8118         ipw_rt->rt_antenna = (phy_flags & 3);
8119
8120         /* set the preamble flag if we have it */
8121         if (phy_flags & (1 << 6))
8122                 ipw_rt->rt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
8123
8124         IPW_DEBUG_RX("Rx packet of %d bytes.\n", skb->len);
8125
8126         if (!ieee80211_rx(priv->prom_priv->ieee, skb, stats)) {
8127                 priv->prom_priv->ieee->stats.rx_errors++;
8128                 dev_kfree_skb_any(skb);
8129         }
8130 }
8131 #endif
8132
8133 static int is_network_packet(struct ipw_priv *priv,
8134                                     struct ieee80211_hdr_4addr *header)
8135 {
8136         /* Filter incoming packets to determine if they are targetted toward
8137          * this network, discarding packets coming from ourselves */
8138         switch (priv->ieee->iw_mode) {
8139         case IW_MODE_ADHOC:     /* Header: Dest. | Source    | BSSID */
8140                 /* packets from our adapter are dropped (echo) */
8141                 if (!memcmp(header->addr2, priv->net_dev->dev_addr, ETH_ALEN))
8142                         return 0;
8143
8144                 /* {broad,multi}cast packets to our BSSID go through */
8145                 if (is_multicast_ether_addr(header->addr1))
8146                         return !memcmp(header->addr3, priv->bssid, ETH_ALEN);
8147
8148                 /* packets to our adapter go through */
8149                 return !memcmp(header->addr1, priv->net_dev->dev_addr,
8150                                ETH_ALEN);
8151
8152         case IW_MODE_INFRA:     /* Header: Dest. | BSSID | Source */
8153                 /* packets from our adapter are dropped (echo) */
8154                 if (!memcmp(header->addr3, priv->net_dev->dev_addr, ETH_ALEN))
8155                         return 0;
8156
8157                 /* {broad,multi}cast packets to our BSS go through */
8158                 if (is_multicast_ether_addr(header->addr1))
8159                         return !memcmp(header->addr2, priv->bssid, ETH_ALEN);
8160
8161                 /* packets to our adapter go through */
8162                 return !memcmp(header->addr1, priv->net_dev->dev_addr,
8163                                ETH_ALEN);
8164         }
8165
8166         return 1;
8167 }
8168
8169 #define IPW_PACKET_RETRY_TIME HZ
8170
8171 static  int is_duplicate_packet(struct ipw_priv *priv,
8172                                       struct ieee80211_hdr_4addr *header)
8173 {
8174         u16 sc = le16_to_cpu(header->seq_ctl);
8175         u16 seq = WLAN_GET_SEQ_SEQ(sc);
8176         u16 frag = WLAN_GET_SEQ_FRAG(sc);
8177         u16 *last_seq, *last_frag;
8178         unsigned long *last_time;
8179
8180         switch (priv->ieee->iw_mode) {
8181         case IW_MODE_ADHOC:
8182                 {
8183                         struct list_head *p;
8184                         struct ipw_ibss_seq *entry = NULL;
8185                         u8 *mac = header->addr2;
8186                         int index = mac[5] % IPW_IBSS_MAC_HASH_SIZE;
8187
8188                         __list_for_each(p, &priv->ibss_mac_hash[index]) {
8189                                 entry =
8190                                     list_entry(p, struct ipw_ibss_seq, list);
8191                                 if (!memcmp(entry->mac, mac, ETH_ALEN))
8192                                         break;
8193                         }
8194                         if (p == &priv->ibss_mac_hash[index]) {
8195                                 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
8196                                 if (!entry) {
8197                                         IPW_ERROR
8198                                             ("Cannot malloc new mac entry\n");
8199                                         return 0;
8200                                 }
8201                                 memcpy(entry->mac, mac, ETH_ALEN);
8202                                 entry->seq_num = seq;
8203                                 entry->frag_num = frag;
8204                                 entry->packet_time = jiffies;
8205                                 list_add(&entry->list,
8206                                          &priv->ibss_mac_hash[index]);
8207                                 return 0;
8208                         }
8209                         last_seq = &entry->seq_num;
8210                         last_frag = &entry->frag_num;
8211                         last_time = &entry->packet_time;
8212                         break;
8213                 }
8214         case IW_MODE_INFRA:
8215                 last_seq = &priv->last_seq_num;
8216                 last_frag = &priv->last_frag_num;
8217                 last_time = &priv->last_packet_time;
8218                 break;
8219         default:
8220                 return 0;
8221         }
8222         if ((*last_seq == seq) &&
8223             time_after(*last_time + IPW_PACKET_RETRY_TIME, jiffies)) {
8224                 if (*last_frag == frag)
8225                         goto drop;
8226                 if (*last_frag + 1 != frag)
8227                         /* out-of-order fragment */
8228                         goto drop;
8229         } else
8230                 *last_seq = seq;
8231
8232         *last_frag = frag;
8233         *last_time = jiffies;
8234         return 0;
8235
8236       drop:
8237         /* Comment this line now since we observed the card receives
8238          * duplicate packets but the FCTL_RETRY bit is not set in the
8239          * IBSS mode with fragmentation enabled.
8240          BUG_ON(!(le16_to_cpu(header->frame_ctl) & IEEE80211_FCTL_RETRY)); */
8241         return 1;
8242 }
8243
8244 static void ipw_handle_mgmt_packet(struct ipw_priv *priv,
8245                                    struct ipw_rx_mem_buffer *rxb,
8246                                    struct ieee80211_rx_stats *stats)
8247 {
8248         struct sk_buff *skb = rxb->skb;
8249         struct ipw_rx_packet *pkt = (struct ipw_rx_packet *)skb->data;
8250         struct ieee80211_hdr_4addr *header = (struct ieee80211_hdr_4addr *)
8251             (skb->data + IPW_RX_FRAME_SIZE);
8252
8253         ieee80211_rx_mgt(priv->ieee, header, stats);
8254
8255         if (priv->ieee->iw_mode == IW_MODE_ADHOC &&
8256             ((WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) ==
8257               IEEE80211_STYPE_PROBE_RESP) ||
8258              (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) ==
8259               IEEE80211_STYPE_BEACON))) {
8260                 if (!memcmp(header->addr3, priv->bssid, ETH_ALEN))
8261                         ipw_add_station(priv, header->addr2);
8262         }
8263
8264         if (priv->config & CFG_NET_STATS) {
8265                 IPW_DEBUG_HC("sending stat packet\n");
8266
8267                 /* Set the size of the skb to the size of the full
8268                  * ipw header and 802.11 frame */
8269                 skb_put(skb, le16_to_cpu(pkt->u.frame.length) +
8270                         IPW_RX_FRAME_SIZE);
8271
8272                 /* Advance past the ipw packet header to the 802.11 frame */
8273                 skb_pull(skb, IPW_RX_FRAME_SIZE);
8274
8275                 /* Push the ieee80211_rx_stats before the 802.11 frame */
8276                 memcpy(skb_push(skb, sizeof(*stats)), stats, sizeof(*stats));
8277
8278                 skb->dev = priv->ieee->dev;
8279
8280                 /* Point raw at the ieee80211_stats */
8281                 skb_reset_mac_header(skb);
8282
8283                 skb->pkt_type = PACKET_OTHERHOST;
8284                 skb->protocol = __constant_htons(ETH_P_80211_STATS);
8285                 memset(skb->cb, 0, sizeof(rxb->skb->cb));
8286                 netif_rx(skb);
8287                 rxb->skb = NULL;
8288         }
8289 }
8290
8291 /*
8292  * Main entry function for recieving a packet with 80211 headers.  This
8293  * should be called when ever the FW has notified us that there is a new
8294  * skb in the recieve queue.
8295  */
8296 static void ipw_rx(struct ipw_priv *priv)
8297 {
8298         struct ipw_rx_mem_buffer *rxb;
8299         struct ipw_rx_packet *pkt;
8300         struct ieee80211_hdr_4addr *header;
8301         u32 r, w, i;
8302         u8 network_packet;
8303         u8 fill_rx = 0;
8304         DECLARE_MAC_BUF(mac);
8305         DECLARE_MAC_BUF(mac2);
8306         DECLARE_MAC_BUF(mac3);
8307
8308         r = ipw_read32(priv, IPW_RX_READ_INDEX);
8309         w = ipw_read32(priv, IPW_RX_WRITE_INDEX);
8310         i = priv->rxq->read;
8311
8312         if (ipw_rx_queue_space (priv->rxq) > (RX_QUEUE_SIZE / 2))
8313                 fill_rx = 1;
8314
8315         while (i != r) {
8316                 rxb = priv->rxq->queue[i];
8317                 if (unlikely(rxb == NULL)) {
8318                         printk(KERN_CRIT "Queue not allocated!\n");
8319                         break;
8320                 }
8321                 priv->rxq->queue[i] = NULL;
8322
8323                 pci_dma_sync_single_for_cpu(priv->pci_dev, rxb->dma_addr,
8324                                             IPW_RX_BUF_SIZE,
8325                                             PCI_DMA_FROMDEVICE);
8326
8327                 pkt = (struct ipw_rx_packet *)rxb->skb->data;
8328                 IPW_DEBUG_RX("Packet: type=%02X seq=%02X bits=%02X\n",
8329                              pkt->header.message_type,
8330                              pkt->header.rx_seq_num, pkt->header.control_bits);
8331
8332                 switch (pkt->header.message_type) {
8333                 case RX_FRAME_TYPE:     /* 802.11 frame */  {
8334                                 struct ieee80211_rx_stats stats = {
8335                                         .rssi = pkt->u.frame.rssi_dbm -
8336                                             IPW_RSSI_TO_DBM,
8337                                         .signal =
8338                                             le16_to_cpu(pkt->u.frame.rssi_dbm) -
8339                                             IPW_RSSI_TO_DBM + 0x100,
8340                                         .noise =
8341                                             le16_to_cpu(pkt->u.frame.noise),
8342                                         .rate = pkt->u.frame.rate,
8343                                         .mac_time = jiffies,
8344                                         .received_channel =
8345                                             pkt->u.frame.received_channel,
8346                                         .freq =
8347                                             (pkt->u.frame.
8348                                              control & (1 << 0)) ?
8349                                             IEEE80211_24GHZ_BAND :
8350                                             IEEE80211_52GHZ_BAND,
8351                                         .len = le16_to_cpu(pkt->u.frame.length),
8352                                 };
8353
8354                                 if (stats.rssi != 0)
8355                                         stats.mask |= IEEE80211_STATMASK_RSSI;
8356                                 if (stats.signal != 0)
8357                                         stats.mask |= IEEE80211_STATMASK_SIGNAL;
8358                                 if (stats.noise != 0)
8359                                         stats.mask |= IEEE80211_STATMASK_NOISE;
8360                                 if (stats.rate != 0)
8361                                         stats.mask |= IEEE80211_STATMASK_RATE;
8362
8363                                 priv->rx_packets++;
8364
8365 #ifdef CONFIG_IPW2200_PROMISCUOUS
8366         if (priv->prom_net_dev && netif_running(priv->prom_net_dev))
8367                 ipw_handle_promiscuous_rx(priv, rxb, &stats);
8368 #endif
8369
8370 #ifdef CONFIG_IPW2200_MONITOR
8371                                 if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
8372 #ifdef CONFIG_IPW2200_RADIOTAP
8373
8374                 ipw_handle_data_packet_monitor(priv,
8375                                                rxb,
8376                                                &stats);
8377 #else
8378                 ipw_handle_data_packet(priv, rxb,
8379                                        &stats);
8380 #endif
8381                                         break;
8382                                 }
8383 #endif
8384
8385                                 header =
8386                                     (struct ieee80211_hdr_4addr *)(rxb->skb->
8387                                                                    data +
8388                                                                    IPW_RX_FRAME_SIZE);
8389                                 /* TODO: Check Ad-Hoc dest/source and make sure
8390                                  * that we are actually parsing these packets
8391                                  * correctly -- we should probably use the
8392                                  * frame control of the packet and disregard
8393                                  * the current iw_mode */
8394
8395                                 network_packet =
8396                                     is_network_packet(priv, header);
8397                                 if (network_packet && priv->assoc_network) {
8398                                         priv->assoc_network->stats.rssi =
8399                                             stats.rssi;
8400                                         priv->exp_avg_rssi =
8401                                             exponential_average(priv->exp_avg_rssi,
8402                                             stats.rssi, DEPTH_RSSI);
8403                                 }
8404
8405                                 IPW_DEBUG_RX("Frame: len=%u\n",
8406                                              le16_to_cpu(pkt->u.frame.length));
8407
8408                                 if (le16_to_cpu(pkt->u.frame.length) <
8409                                     ieee80211_get_hdrlen(le16_to_cpu(
8410                                                     header->frame_ctl))) {
8411                                         IPW_DEBUG_DROP
8412                                             ("Received packet is too small. "
8413                                              "Dropping.\n");
8414                                         priv->ieee->stats.rx_errors++;
8415                                         priv->wstats.discard.misc++;
8416                                         break;
8417                                 }
8418
8419                                 switch (WLAN_FC_GET_TYPE
8420                                         (le16_to_cpu(header->frame_ctl))) {
8421
8422                                 case IEEE80211_FTYPE_MGMT:
8423                                         ipw_handle_mgmt_packet(priv, rxb,
8424                                                                &stats);
8425                                         break;
8426
8427                                 case IEEE80211_FTYPE_CTL:
8428                                         break;
8429
8430                                 case IEEE80211_FTYPE_DATA:
8431                                         if (unlikely(!network_packet ||
8432                                                      is_duplicate_packet(priv,
8433                                                                          header)))
8434                                         {
8435                                                 IPW_DEBUG_DROP("Dropping: "
8436                                                                "%s, "
8437                                                                "%s, "
8438                                                                "%s\n",
8439                                                                print_mac(mac,
8440                                                                          header->
8441                                                                        addr1),
8442                                                                print_mac(mac2,
8443                                                                          header->
8444                                                                        addr2),
8445                                                                print_mac(mac3,
8446                                                                          header->
8447                                                                        addr3));
8448                                                 break;
8449                                         }
8450
8451                                         ipw_handle_data_packet(priv, rxb,
8452                                                                &stats);
8453
8454                                         break;
8455                                 }
8456                                 break;
8457                         }
8458
8459                 case RX_HOST_NOTIFICATION_TYPE:{
8460                                 IPW_DEBUG_RX
8461                                     ("Notification: subtype=%02X flags=%02X size=%d\n",
8462                                      pkt->u.notification.subtype,
8463                                      pkt->u.notification.flags,
8464                                      le16_to_cpu(pkt->u.notification.size));
8465                                 ipw_rx_notification(priv, &pkt->u.notification);
8466                                 break;
8467                         }
8468
8469                 default:
8470                         IPW_DEBUG_RX("Bad Rx packet of type %d\n",
8471                                      pkt->header.message_type);
8472                         break;
8473                 }
8474
8475                 /* For now we just don't re-use anything.  We can tweak this
8476                  * later to try and re-use notification packets and SKBs that
8477                  * fail to Rx correctly */
8478                 if (rxb->skb != NULL) {
8479                         dev_kfree_skb_any(rxb->skb);
8480                         rxb->skb = NULL;
8481                 }
8482
8483                 pci_unmap_single(priv->pci_dev, rxb->dma_addr,
8484                                  IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
8485                 list_add_tail(&rxb->list, &priv->rxq->rx_used);
8486
8487                 i = (i + 1) % RX_QUEUE_SIZE;
8488
8489                 /* If there are a lot of unsued frames, restock the Rx queue
8490                  * so the ucode won't assert */
8491                 if (fill_rx) {
8492                         priv->rxq->read = i;
8493                         ipw_rx_queue_replenish(priv);
8494                 }
8495         }
8496
8497         /* Backtrack one entry */
8498         priv->rxq->read = i;
8499         ipw_rx_queue_restock(priv);
8500 }
8501
8502 #define DEFAULT_RTS_THRESHOLD     2304U
8503 #define MIN_RTS_THRESHOLD         1U
8504 #define MAX_RTS_THRESHOLD         2304U
8505 #define DEFAULT_BEACON_INTERVAL   100U
8506 #define DEFAULT_SHORT_RETRY_LIMIT 7U
8507 #define DEFAULT_LONG_RETRY_LIMIT  4U
8508
8509 /**
8510  * ipw_sw_reset
8511  * @option: options to control different reset behaviour
8512  *          0 = reset everything except the 'disable' module_param
8513  *          1 = reset everything and print out driver info (for probe only)
8514  *          2 = reset everything
8515  */
8516 static int ipw_sw_reset(struct ipw_priv *priv, int option)
8517 {
8518         int band, modulation;
8519         int old_mode = priv->ieee->iw_mode;
8520
8521         /* Initialize module parameter values here */
8522         priv->config = 0;
8523
8524         /* We default to disabling the LED code as right now it causes
8525          * too many systems to lock up... */
8526         if (!led)
8527                 priv->config |= CFG_NO_LED;
8528
8529         if (associate)
8530                 priv->config |= CFG_ASSOCIATE;
8531         else
8532                 IPW_DEBUG_INFO("Auto associate disabled.\n");
8533
8534         if (auto_create)
8535                 priv->config |= CFG_ADHOC_CREATE;
8536         else
8537                 IPW_DEBUG_INFO("Auto adhoc creation disabled.\n");
8538
8539         priv->config &= ~CFG_STATIC_ESSID;
8540         priv->essid_len = 0;
8541         memset(priv->essid, 0, IW_ESSID_MAX_SIZE);
8542
8543         if (disable && option) {
8544                 priv->status |= STATUS_RF_KILL_SW;
8545                 IPW_DEBUG_INFO("Radio disabled.\n");
8546         }
8547
8548         if (channel != 0) {
8549                 priv->config |= CFG_STATIC_CHANNEL;
8550                 priv->channel = channel;
8551                 IPW_DEBUG_INFO("Bind to static channel %d\n", channel);
8552                 /* TODO: Validate that provided channel is in range */
8553         }
8554 #ifdef CONFIG_IPW2200_QOS
8555         ipw_qos_init(priv, qos_enable, qos_burst_enable,
8556                      burst_duration_CCK, burst_duration_OFDM);
8557 #endif                          /* CONFIG_IPW2200_QOS */
8558
8559         switch (mode) {
8560         case 1:
8561                 priv->ieee->iw_mode = IW_MODE_ADHOC;
8562                 priv->net_dev->type = ARPHRD_ETHER;
8563
8564                 break;
8565 #ifdef CONFIG_IPW2200_MONITOR
8566         case 2:
8567                 priv->ieee->iw_mode = IW_MODE_MONITOR;
8568 #ifdef CONFIG_IPW2200_RADIOTAP
8569                 priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
8570 #else
8571                 priv->net_dev->type = ARPHRD_IEEE80211;
8572 #endif
8573                 break;
8574 #endif
8575         default:
8576         case 0:
8577                 priv->net_dev->type = ARPHRD_ETHER;
8578                 priv->ieee->iw_mode = IW_MODE_INFRA;
8579                 break;
8580         }
8581
8582         if (hwcrypto) {
8583                 priv->ieee->host_encrypt = 0;
8584                 priv->ieee->host_encrypt_msdu = 0;
8585                 priv->ieee->host_decrypt = 0;
8586                 priv->ieee->host_mc_decrypt = 0;
8587         }
8588         IPW_DEBUG_INFO("Hardware crypto [%s]\n", hwcrypto ? "on" : "off");
8589
8590         /* IPW2200/2915 is abled to do hardware fragmentation. */
8591         priv->ieee->host_open_frag = 0;
8592
8593         if ((priv->pci_dev->device == 0x4223) ||
8594             (priv->pci_dev->device == 0x4224)) {
8595                 if (option == 1)
8596                         printk(KERN_INFO DRV_NAME
8597                                ": Detected Intel PRO/Wireless 2915ABG Network "
8598                                "Connection\n");
8599                 priv->ieee->abg_true = 1;
8600                 band = IEEE80211_52GHZ_BAND | IEEE80211_24GHZ_BAND;
8601                 modulation = IEEE80211_OFDM_MODULATION |
8602                     IEEE80211_CCK_MODULATION;
8603                 priv->adapter = IPW_2915ABG;
8604                 priv->ieee->mode = IEEE_A | IEEE_G | IEEE_B;
8605         } else {
8606                 if (option == 1)
8607                         printk(KERN_INFO DRV_NAME
8608                                ": Detected Intel PRO/Wireless 2200BG Network "
8609                                "Connection\n");
8610
8611                 priv->ieee->abg_true = 0;
8612                 band = IEEE80211_24GHZ_BAND;
8613                 modulation = IEEE80211_OFDM_MODULATION |
8614                     IEEE80211_CCK_MODULATION;
8615                 priv->adapter = IPW_2200BG;
8616                 priv->ieee->mode = IEEE_G | IEEE_B;
8617         }
8618
8619         priv->ieee->freq_band = band;
8620         priv->ieee->modulation = modulation;
8621
8622         priv->rates_mask = IEEE80211_DEFAULT_RATES_MASK;
8623
8624         priv->disassociate_threshold = IPW_MB_DISASSOCIATE_THRESHOLD_DEFAULT;
8625         priv->roaming_threshold = IPW_MB_ROAMING_THRESHOLD_DEFAULT;
8626
8627         priv->rts_threshold = DEFAULT_RTS_THRESHOLD;
8628         priv->short_retry_limit = DEFAULT_SHORT_RETRY_LIMIT;
8629         priv->long_retry_limit = DEFAULT_LONG_RETRY_LIMIT;
8630
8631         /* If power management is turned on, default to AC mode */
8632         priv->power_mode = IPW_POWER_AC;
8633         priv->tx_power = IPW_TX_POWER_DEFAULT;
8634
8635         return old_mode == priv->ieee->iw_mode;
8636 }
8637
8638 /*
8639  * This file defines the Wireless Extension handlers.  It does not
8640  * define any methods of hardware manipulation and relies on the
8641  * functions defined in ipw_main to provide the HW interaction.
8642  *
8643  * The exception to this is the use of the ipw_get_ordinal()
8644  * function used to poll the hardware vs. making unecessary calls.
8645  *
8646  */
8647
8648 static int ipw_wx_get_name(struct net_device *dev,
8649                            struct iw_request_info *info,
8650                            union iwreq_data *wrqu, char *extra)
8651 {
8652         struct ipw_priv *priv = ieee80211_priv(dev);
8653         mutex_lock(&priv->mutex);
8654         if (priv->status & STATUS_RF_KILL_MASK)
8655                 strcpy(wrqu->name, "radio off");
8656         else if (!(priv->status & STATUS_ASSOCIATED))
8657                 strcpy(wrqu->name, "unassociated");
8658         else
8659                 snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11%c",
8660                          ipw_modes[priv->assoc_request.ieee_mode]);
8661         IPW_DEBUG_WX("Name: %s\n", wrqu->name);
8662         mutex_unlock(&priv->mutex);
8663         return 0;
8664 }
8665
8666 static int ipw_set_channel(struct ipw_priv *priv, u8 channel)
8667 {
8668         if (channel == 0) {
8669                 IPW_DEBUG_INFO("Setting channel to ANY (0)\n");
8670                 priv->config &= ~CFG_STATIC_CHANNEL;
8671                 IPW_DEBUG_ASSOC("Attempting to associate with new "
8672                                 "parameters.\n");
8673                 ipw_associate(priv);
8674                 return 0;
8675         }
8676
8677         priv->config |= CFG_STATIC_CHANNEL;
8678
8679         if (priv->channel == channel) {
8680                 IPW_DEBUG_INFO("Request to set channel to current value (%d)\n",
8681                                channel);
8682                 return 0;
8683         }
8684
8685         IPW_DEBUG_INFO("Setting channel to %i\n", (int)channel);
8686         priv->channel = channel;
8687
8688 #ifdef CONFIG_IPW2200_MONITOR
8689         if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
8690                 int i;
8691                 if (priv->status & STATUS_SCANNING) {
8692                         IPW_DEBUG_SCAN("Scan abort triggered due to "
8693                                        "channel change.\n");
8694                         ipw_abort_scan(priv);
8695                 }
8696
8697                 for (i = 1000; i && (priv->status & STATUS_SCANNING); i--)
8698                         udelay(10);
8699
8700                 if (priv->status & STATUS_SCANNING)
8701                         IPW_DEBUG_SCAN("Still scanning...\n");
8702                 else
8703                         IPW_DEBUG_SCAN("Took %dms to abort current scan\n",
8704                                        1000 - i);
8705
8706                 return 0;
8707         }
8708 #endif                          /* CONFIG_IPW2200_MONITOR */
8709
8710         /* Network configuration changed -- force [re]association */
8711         IPW_DEBUG_ASSOC("[re]association triggered due to channel change.\n");
8712         if (!ipw_disassociate(priv))
8713                 ipw_associate(priv);
8714
8715         return 0;
8716 }
8717
8718 static int ipw_wx_set_freq(struct net_device *dev,
8719                            struct iw_request_info *info,
8720                            union iwreq_data *wrqu, char *extra)
8721 {
8722         struct ipw_priv *priv = ieee80211_priv(dev);
8723         const struct ieee80211_geo *geo = ieee80211_get_geo(priv->ieee);
8724         struct iw_freq *fwrq = &wrqu->freq;
8725         int ret = 0, i;
8726         u8 channel, flags;
8727         int band;
8728
8729         if (fwrq->m == 0) {
8730                 IPW_DEBUG_WX("SET Freq/Channel -> any\n");
8731                 mutex_lock(&priv->mutex);
8732                 ret = ipw_set_channel(priv, 0);
8733                 mutex_unlock(&priv->mutex);
8734                 return ret;
8735         }
8736         /* if setting by freq convert to channel */
8737         if (fwrq->e == 1) {
8738                 channel = ieee80211_freq_to_channel(priv->ieee, fwrq->m);
8739                 if (channel == 0)
8740                         return -EINVAL;
8741         } else
8742                 channel = fwrq->m;
8743
8744         if (!(band = ieee80211_is_valid_channel(priv->ieee, channel)))
8745                 return -EINVAL;
8746
8747         if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
8748                 i = ieee80211_channel_to_index(priv->ieee, channel);
8749                 if (i == -1)
8750                         return -EINVAL;
8751
8752                 flags = (band == IEEE80211_24GHZ_BAND) ?
8753                     geo->bg[i].flags : geo->a[i].flags;
8754                 if (flags & IEEE80211_CH_PASSIVE_ONLY) {
8755                         IPW_DEBUG_WX("Invalid Ad-Hoc channel for 802.11a\n");
8756                         return -EINVAL;
8757                 }
8758         }
8759
8760         IPW_DEBUG_WX("SET Freq/Channel -> %d \n", fwrq->m);
8761         mutex_lock(&priv->mutex);
8762         ret = ipw_set_channel(priv, channel);
8763         mutex_unlock(&priv->mutex);
8764         return ret;
8765 }
8766
8767 static int ipw_wx_get_freq(struct net_device *dev,
8768                            struct iw_request_info *info,
8769                            union iwreq_data *wrqu, char *extra)
8770 {
8771         struct ipw_priv *priv = ieee80211_priv(dev);
8772
8773         wrqu->freq.e = 0;
8774
8775         /* If we are associated, trying to associate, or have a statically
8776          * configured CHANNEL then return that; otherwise return ANY */
8777         mutex_lock(&priv->mutex);
8778         if (priv->config & CFG_STATIC_CHANNEL ||
8779             priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED)) {
8780                 int i;
8781
8782                 i = ieee80211_channel_to_index(priv->ieee, priv->channel);
8783                 BUG_ON(i == -1);
8784                 wrqu->freq.e = 1;
8785
8786                 switch (ieee80211_is_valid_channel(priv->ieee, priv->channel)) {
8787                 case IEEE80211_52GHZ_BAND:
8788                         wrqu->freq.m = priv->ieee->geo.a[i].freq * 100000;
8789                         break;
8790
8791                 case IEEE80211_24GHZ_BAND:
8792                         wrqu->freq.m = priv->ieee->geo.bg[i].freq * 100000;
8793                         break;
8794
8795                 default:
8796                         BUG();
8797                 }
8798         } else
8799                 wrqu->freq.m = 0;
8800
8801         mutex_unlock(&priv->mutex);
8802         IPW_DEBUG_WX("GET Freq/Channel -> %d \n", priv->channel);
8803         return 0;
8804 }
8805
8806 static int ipw_wx_set_mode(struct net_device *dev,
8807                            struct iw_request_info *info,
8808                            union iwreq_data *wrqu, char *extra)
8809 {
8810         struct ipw_priv *priv = ieee80211_priv(dev);
8811         int err = 0;
8812
8813         IPW_DEBUG_WX("Set MODE: %d\n", wrqu->mode);
8814
8815         switch (wrqu->mode) {
8816 #ifdef CONFIG_IPW2200_MONITOR
8817         case IW_MODE_MONITOR:
8818 #endif
8819         case IW_MODE_ADHOC:
8820         case IW_MODE_INFRA:
8821                 break;
8822         case IW_MODE_AUTO:
8823                 wrqu->mode = IW_MODE_INFRA;
8824                 break;
8825         default:
8826                 return -EINVAL;
8827         }
8828         if (wrqu->mode == priv->ieee->iw_mode)
8829                 return 0;
8830
8831         mutex_lock(&priv->mutex);
8832
8833         ipw_sw_reset(priv, 0);
8834
8835 #ifdef CONFIG_IPW2200_MONITOR
8836         if (priv->ieee->iw_mode == IW_MODE_MONITOR)
8837                 priv->net_dev->type = ARPHRD_ETHER;
8838
8839         if (wrqu->mode == IW_MODE_MONITOR)
8840 #ifdef CONFIG_IPW2200_RADIOTAP
8841                 priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
8842 #else
8843                 priv->net_dev->type = ARPHRD_IEEE80211;
8844 #endif
8845 #endif                          /* CONFIG_IPW2200_MONITOR */
8846
8847         /* Free the existing firmware and reset the fw_loaded
8848          * flag so ipw_load() will bring in the new firmawre */
8849         free_firmware();
8850
8851         priv->ieee->iw_mode = wrqu->mode;
8852
8853         queue_work(priv->workqueue, &priv->adapter_restart);
8854         mutex_unlock(&priv->mutex);
8855         return err;
8856 }
8857
8858 static int ipw_wx_get_mode(struct net_device *dev,
8859                            struct iw_request_info *info,
8860                            union iwreq_data *wrqu, char *extra)
8861 {
8862         struct ipw_priv *priv = ieee80211_priv(dev);
8863         mutex_lock(&priv->mutex);
8864         wrqu->mode = priv->ieee->iw_mode;
8865         IPW_DEBUG_WX("Get MODE -> %d\n", wrqu->mode);
8866         mutex_unlock(&priv->mutex);
8867         return 0;
8868 }
8869
8870 /* Values are in microsecond */
8871 static const s32 timeout_duration[] = {
8872         350000,
8873         250000,
8874         75000,
8875         37000,
8876         25000,
8877 };
8878
8879 static const s32 period_duration[] = {
8880         400000,
8881         700000,
8882         1000000,
8883         1000000,
8884         1000000
8885 };
8886
8887 static int ipw_wx_get_range(struct net_device *dev,
8888                             struct iw_request_info *info,
8889                             union iwreq_data *wrqu, char *extra)
8890 {
8891         struct ipw_priv *priv = ieee80211_priv(dev);
8892         struct iw_range *range = (struct iw_range *)extra;
8893         const struct ieee80211_geo *geo = ieee80211_get_geo(priv->ieee);
8894         int i = 0, j;
8895
8896         wrqu->data.length = sizeof(*range);
8897         memset(range, 0, sizeof(*range));
8898
8899         /* 54Mbs == ~27 Mb/s real (802.11g) */
8900         range->throughput = 27 * 1000 * 1000;
8901
8902         range->max_qual.qual = 100;
8903         /* TODO: Find real max RSSI and stick here */
8904         range->max_qual.level = 0;
8905         range->max_qual.noise = 0;
8906         range->max_qual.updated = 7;    /* Updated all three */
8907
8908         range->avg_qual.qual = 70;
8909         /* TODO: Find real 'good' to 'bad' threshol value for RSSI */
8910         range->avg_qual.level = 0;      /* FIXME to real average level */
8911         range->avg_qual.noise = 0;
8912         range->avg_qual.updated = 7;    /* Updated all three */
8913         mutex_lock(&priv->mutex);
8914         range->num_bitrates = min(priv->rates.num_rates, (u8) IW_MAX_BITRATES);
8915
8916         for (i = 0; i < range->num_bitrates; i++)
8917                 range->bitrate[i] = (priv->rates.supported_rates[i] & 0x7F) *
8918                     500000;
8919
8920         range->max_rts = DEFAULT_RTS_THRESHOLD;
8921         range->min_frag = MIN_FRAG_THRESHOLD;
8922         range->max_frag = MAX_FRAG_THRESHOLD;
8923
8924         range->encoding_size[0] = 5;
8925         range->encoding_size[1] = 13;
8926         range->num_encoding_sizes = 2;
8927         range->max_encoding_tokens = WEP_KEYS;
8928
8929         /* Set the Wireless Extension versions */
8930         range->we_version_compiled = WIRELESS_EXT;
8931         range->we_version_source = 18;
8932
8933         i = 0;
8934         if (priv->ieee->mode & (IEEE_B | IEEE_G)) {
8935                 for (j = 0; j < geo->bg_channels && i < IW_MAX_FREQUENCIES; j++) {
8936                         if ((priv->ieee->iw_mode == IW_MODE_ADHOC) &&
8937                             (geo->bg[j].flags & IEEE80211_CH_PASSIVE_ONLY))
8938                                 continue;
8939
8940                         range->freq[i].i = geo->bg[j].channel;
8941                         range->freq[i].m = geo->bg[j].freq * 100000;
8942                         range->freq[i].e = 1;
8943                         i++;
8944                 }
8945         }
8946
8947         if (priv->ieee->mode & IEEE_A) {
8948                 for (j = 0; j < geo->a_channels && i < IW_MAX_FREQUENCIES; j++) {
8949                         if ((priv->ieee->iw_mode == IW_MODE_ADHOC) &&
8950                             (geo->a[j].flags & IEEE80211_CH_PASSIVE_ONLY))
8951                                 continue;
8952
8953                         range->freq[i].i = geo->a[j].channel;
8954                         range->freq[i].m = geo->a[j].freq * 100000;
8955                         range->freq[i].e = 1;
8956                         i++;
8957                 }
8958         }
8959
8960         range->num_channels = i;
8961         range->num_frequency = i;
8962
8963         mutex_unlock(&priv->mutex);
8964
8965         /* Event capability (kernel + driver) */
8966         range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
8967                                 IW_EVENT_CAPA_MASK(SIOCGIWTHRSPY) |
8968                                 IW_EVENT_CAPA_MASK(SIOCGIWAP) |
8969                                 IW_EVENT_CAPA_MASK(SIOCGIWSCAN));
8970         range->event_capa[1] = IW_EVENT_CAPA_K_1;
8971
8972         range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
8973                 IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
8974
8975         range->scan_capa = IW_SCAN_CAPA_ESSID | IW_SCAN_CAPA_TYPE;
8976
8977         IPW_DEBUG_WX("GET Range\n");
8978         return 0;
8979 }
8980
8981 static int ipw_wx_set_wap(struct net_device *dev,
8982                           struct iw_request_info *info,
8983                           union iwreq_data *wrqu, char *extra)
8984 {
8985         struct ipw_priv *priv = ieee80211_priv(dev);
8986         DECLARE_MAC_BUF(mac);
8987
8988         static const unsigned char any[] = {
8989                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
8990         };
8991         static const unsigned char off[] = {
8992                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
8993         };
8994
8995         if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
8996                 return -EINVAL;
8997         mutex_lock(&priv->mutex);
8998         if (!memcmp(any, wrqu->ap_addr.sa_data, ETH_ALEN) ||
8999             !memcmp(off, wrqu->ap_addr.sa_data, ETH_ALEN)) {
9000                 /* we disable mandatory BSSID association */
9001                 IPW_DEBUG_WX("Setting AP BSSID to ANY\n");
9002                 priv->config &= ~CFG_STATIC_BSSID;
9003                 IPW_DEBUG_ASSOC("Attempting to associate with new "
9004                                 "parameters.\n");
9005                 ipw_associate(priv);
9006                 mutex_unlock(&priv->mutex);
9007                 return 0;
9008         }
9009
9010         priv->config |= CFG_STATIC_BSSID;
9011         if (!memcmp(priv->bssid, wrqu->ap_addr.sa_data, ETH_ALEN)) {
9012                 IPW_DEBUG_WX("BSSID set to current BSSID.\n");
9013                 mutex_unlock(&priv->mutex);
9014                 return 0;
9015         }
9016
9017         IPW_DEBUG_WX("Setting mandatory BSSID to %s\n",
9018                      print_mac(mac, wrqu->ap_addr.sa_data));
9019
9020         memcpy(priv->bssid, wrqu->ap_addr.sa_data, ETH_ALEN);
9021
9022         /* Network configuration changed -- force [re]association */
9023         IPW_DEBUG_ASSOC("[re]association triggered due to BSSID change.\n");
9024         if (!ipw_disassociate(priv))
9025                 ipw_associate(priv);
9026
9027         mutex_unlock(&priv->mutex);
9028         return 0;
9029 }
9030
9031 static int ipw_wx_get_wap(struct net_device *dev,
9032                           struct iw_request_info *info,
9033                           union iwreq_data *wrqu, char *extra)
9034 {
9035         struct ipw_priv *priv = ieee80211_priv(dev);
9036         DECLARE_MAC_BUF(mac);
9037
9038         /* If we are associated, trying to associate, or have a statically
9039          * configured BSSID then return that; otherwise return ANY */
9040         mutex_lock(&priv->mutex);
9041         if (priv->config & CFG_STATIC_BSSID ||
9042             priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
9043                 wrqu->ap_addr.sa_family = ARPHRD_ETHER;
9044                 memcpy(wrqu->ap_addr.sa_data, priv->bssid, ETH_ALEN);
9045         } else
9046                 memset(wrqu->ap_addr.sa_data, 0, ETH_ALEN);
9047
9048         IPW_DEBUG_WX("Getting WAP BSSID: %s\n",
9049                      print_mac(mac, wrqu->ap_addr.sa_data));
9050         mutex_unlock(&priv->mutex);
9051         return 0;
9052 }
9053
9054 static int ipw_wx_set_essid(struct net_device *dev,
9055                             struct iw_request_info *info,
9056                             union iwreq_data *wrqu, char *extra)
9057 {
9058         struct ipw_priv *priv = ieee80211_priv(dev);
9059         int length;
9060
9061         mutex_lock(&priv->mutex);
9062
9063         if (!wrqu->essid.flags)
9064         {
9065                 IPW_DEBUG_WX("Setting ESSID to ANY\n");
9066                 ipw_disassociate(priv);
9067                 priv->config &= ~CFG_STATIC_ESSID;
9068                 ipw_associate(priv);
9069                 mutex_unlock(&priv->mutex);
9070                 return 0;
9071         }
9072
9073         length = min((int)wrqu->essid.length, IW_ESSID_MAX_SIZE);
9074
9075         priv->config |= CFG_STATIC_ESSID;
9076
9077         if (priv->essid_len == length && !memcmp(priv->essid, extra, length)
9078             && (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING))) {
9079                 IPW_DEBUG_WX("ESSID set to current ESSID.\n");
9080                 mutex_unlock(&priv->mutex);
9081                 return 0;
9082         }
9083
9084         IPW_DEBUG_WX("Setting ESSID: '%s' (%d)\n", escape_essid(extra, length),
9085                      length);
9086
9087         priv->essid_len = length;
9088         memcpy(priv->essid, extra, priv->essid_len);
9089
9090         /* Network configuration changed -- force [re]association */
9091         IPW_DEBUG_ASSOC("[re]association triggered due to ESSID change.\n");
9092         if (!ipw_disassociate(priv))
9093                 ipw_associate(priv);
9094
9095         mutex_unlock(&priv->mutex);
9096         return 0;
9097 }
9098
9099 static int ipw_wx_get_essid(struct net_device *dev,
9100                             struct iw_request_info *info,
9101                             union iwreq_data *wrqu, char *extra)
9102 {
9103         struct ipw_priv *priv = ieee80211_priv(dev);
9104
9105         /* If we are associated, trying to associate, or have a statically
9106          * configured ESSID then return that; otherwise return ANY */
9107         mutex_lock(&priv->mutex);
9108         if (priv->config & CFG_STATIC_ESSID ||
9109             priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
9110                 IPW_DEBUG_WX("Getting essid: '%s'\n",
9111                              escape_essid(priv->essid, priv->essid_len));
9112                 memcpy(extra, priv->essid, priv->essid_len);
9113                 wrqu->essid.length = priv->essid_len;
9114                 wrqu->essid.flags = 1;  /* active */
9115         } else {
9116                 IPW_DEBUG_WX("Getting essid: ANY\n");
9117                 wrqu->essid.length = 0;
9118                 wrqu->essid.flags = 0;  /* active */
9119         }
9120         mutex_unlock(&priv->mutex);
9121         return 0;
9122 }
9123
9124 static int ipw_wx_set_nick(struct net_device *dev,
9125                            struct iw_request_info *info,
9126                            union iwreq_data *wrqu, char *extra)
9127 {
9128         struct ipw_priv *priv = ieee80211_priv(dev);
9129
9130         IPW_DEBUG_WX("Setting nick to '%s'\n", extra);
9131         if (wrqu->data.length > IW_ESSID_MAX_SIZE)
9132                 return -E2BIG;
9133         mutex_lock(&priv->mutex);
9134         wrqu->data.length = min((size_t) wrqu->data.length, sizeof(priv->nick));
9135         memset(priv->nick, 0, sizeof(priv->nick));
9136         memcpy(priv->nick, extra, wrqu->data.length);
9137         IPW_DEBUG_TRACE("<<\n");
9138         mutex_unlock(&priv->mutex);
9139         return 0;
9140
9141 }
9142
9143 static int ipw_wx_get_nick(struct net_device *dev,
9144                            struct iw_request_info *info,
9145                            union iwreq_data *wrqu, char *extra)
9146 {
9147         struct ipw_priv *priv = ieee80211_priv(dev);
9148         IPW_DEBUG_WX("Getting nick\n");
9149         mutex_lock(&priv->mutex);
9150         wrqu->data.length = strlen(priv->nick);
9151         memcpy(extra, priv->nick, wrqu->data.length);
9152         wrqu->data.flags = 1;   /* active */
9153         mutex_unlock(&priv->mutex);
9154         return 0;
9155 }
9156
9157 static int ipw_wx_set_sens(struct net_device *dev,
9158                             struct iw_request_info *info,
9159                             union iwreq_data *wrqu, char *extra)
9160 {
9161         struct ipw_priv *priv = ieee80211_priv(dev);
9162         int err = 0;
9163
9164         IPW_DEBUG_WX("Setting roaming threshold to %d\n", wrqu->sens.value);
9165         IPW_DEBUG_WX("Setting disassociate threshold to %d\n", 3*wrqu->sens.value);
9166         mutex_lock(&priv->mutex);
9167
9168         if (wrqu->sens.fixed == 0)
9169         {
9170                 priv->roaming_threshold = IPW_MB_ROAMING_THRESHOLD_DEFAULT;
9171                 priv->disassociate_threshold = IPW_MB_DISASSOCIATE_THRESHOLD_DEFAULT;
9172                 goto out;
9173         }
9174         if ((wrqu->sens.value > IPW_MB_ROAMING_THRESHOLD_MAX) ||
9175             (wrqu->sens.value < IPW_MB_ROAMING_THRESHOLD_MIN)) {
9176                 err = -EINVAL;
9177                 goto out;
9178         }
9179
9180         priv->roaming_threshold = wrqu->sens.value;
9181         priv->disassociate_threshold = 3*wrqu->sens.value;
9182       out:
9183         mutex_unlock(&priv->mutex);
9184         return err;
9185 }
9186
9187 static int ipw_wx_get_sens(struct net_device *dev,
9188                             struct iw_request_info *info,
9189                             union iwreq_data *wrqu, char *extra)
9190 {
9191         struct ipw_priv *priv = ieee80211_priv(dev);
9192         mutex_lock(&priv->mutex);
9193         wrqu->sens.fixed = 1;
9194         wrqu->sens.value = priv->roaming_threshold;
9195         mutex_unlock(&priv->mutex);
9196
9197         IPW_DEBUG_WX("GET roaming threshold -> %s %d \n",
9198                      wrqu->power.disabled ? "OFF" : "ON", wrqu->power.value);
9199
9200         return 0;
9201 }
9202
9203 static int ipw_wx_set_rate(struct net_device *dev,
9204                            struct iw_request_info *info,
9205                            union iwreq_data *wrqu, char *extra)
9206 {
9207         /* TODO: We should use semaphores or locks for access to priv */
9208         struct ipw_priv *priv = ieee80211_priv(dev);
9209         u32 target_rate = wrqu->bitrate.value;
9210         u32 fixed, mask;
9211
9212         /* value = -1, fixed = 0 means auto only, so we should use all rates offered by AP */
9213         /* value = X, fixed = 1 means only rate X */
9214         /* value = X, fixed = 0 means all rates lower equal X */
9215
9216         if (target_rate == -1) {
9217                 fixed = 0;
9218                 mask = IEEE80211_DEFAULT_RATES_MASK;
9219                 /* Now we should reassociate */
9220                 goto apply;
9221         }
9222
9223         mask = 0;
9224         fixed = wrqu->bitrate.fixed;
9225
9226         if (target_rate == 1000000 || !fixed)
9227                 mask |= IEEE80211_CCK_RATE_1MB_MASK;
9228         if (target_rate == 1000000)
9229                 goto apply;
9230
9231         if (target_rate == 2000000 || !fixed)
9232                 mask |= IEEE80211_CCK_RATE_2MB_MASK;
9233         if (target_rate == 2000000)
9234                 goto apply;
9235
9236         if (target_rate == 5500000 || !fixed)
9237                 mask |= IEEE80211_CCK_RATE_5MB_MASK;
9238         if (target_rate == 5500000)
9239                 goto apply;
9240
9241         if (target_rate == 6000000 || !fixed)
9242                 mask |= IEEE80211_OFDM_RATE_6MB_MASK;
9243         if (target_rate == 6000000)
9244                 goto apply;
9245
9246         if (target_rate == 9000000 || !fixed)
9247                 mask |= IEEE80211_OFDM_RATE_9MB_MASK;
9248         if (target_rate == 9000000)
9249                 goto apply;
9250
9251         if (target_rate == 11000000 || !fixed)
9252                 mask |= IEEE80211_CCK_RATE_11MB_MASK;
9253         if (target_rate == 11000000)
9254                 goto apply;
9255
9256         if (target_rate == 12000000 || !fixed)
9257                 mask |= IEEE80211_OFDM_RATE_12MB_MASK;
9258         if (target_rate == 12000000)
9259                 goto apply;
9260
9261         if (target_rate == 18000000 || !fixed)
9262                 mask |= IEEE80211_OFDM_RATE_18MB_MASK;
9263         if (target_rate == 18000000)
9264                 goto apply;
9265
9266         if (target_rate == 24000000 || !fixed)
9267                 mask |= IEEE80211_OFDM_RATE_24MB_MASK;
9268         if (target_rate == 24000000)
9269                 goto apply;
9270
9271         if (target_rate == 36000000 || !fixed)
9272                 mask |= IEEE80211_OFDM_RATE_36MB_MASK;
9273         if (target_rate == 36000000)
9274                 goto apply;
9275
9276         if (target_rate == 48000000 || !fixed)
9277                 mask |= IEEE80211_OFDM_RATE_48MB_MASK;
9278         if (target_rate == 48000000)
9279                 goto apply;
9280
9281         if (target_rate == 54000000 || !fixed)
9282                 mask |= IEEE80211_OFDM_RATE_54MB_MASK;
9283         if (target_rate == 54000000)
9284                 goto apply;
9285
9286         IPW_DEBUG_WX("invalid rate specified, returning error\n");
9287         return -EINVAL;
9288
9289       apply:
9290         IPW_DEBUG_WX("Setting rate mask to 0x%08X [%s]\n",
9291                      mask, fixed ? "fixed" : "sub-rates");
9292         mutex_lock(&priv->mutex);
9293         if (mask == IEEE80211_DEFAULT_RATES_MASK) {
9294                 priv->config &= ~CFG_FIXED_RATE;
9295                 ipw_set_fixed_rate(priv, priv->ieee->mode);
9296         } else
9297                 priv->config |= CFG_FIXED_RATE;
9298
9299         if (priv->rates_mask == mask) {
9300                 IPW_DEBUG_WX("Mask set to current mask.\n");
9301                 mutex_unlock(&priv->mutex);
9302                 return 0;
9303         }
9304
9305         priv->rates_mask = mask;
9306
9307         /* Network configuration changed -- force [re]association */
9308         IPW_DEBUG_ASSOC("[re]association triggered due to rates change.\n");
9309         if (!ipw_disassociate(priv))
9310                 ipw_associate(priv);
9311
9312         mutex_unlock(&priv->mutex);
9313         return 0;
9314 }
9315
9316 static int ipw_wx_get_rate(struct net_device *dev,
9317                            struct iw_request_info *info,
9318                            union iwreq_data *wrqu, char *extra)
9319 {
9320         struct ipw_priv *priv = ieee80211_priv(dev);
9321         mutex_lock(&priv->mutex);
9322         wrqu->bitrate.value = priv->last_rate;
9323         wrqu->bitrate.fixed = (priv->config & CFG_FIXED_RATE) ? 1 : 0;
9324         mutex_unlock(&priv->mutex);
9325         IPW_DEBUG_WX("GET Rate -> %d \n", wrqu->bitrate.value);
9326         return 0;
9327 }
9328
9329 static int ipw_wx_set_rts(struct net_device *dev,
9330                           struct iw_request_info *info,
9331                           union iwreq_data *wrqu, char *extra)
9332 {
9333         struct ipw_priv *priv = ieee80211_priv(dev);
9334         mutex_lock(&priv->mutex);
9335         if (wrqu->rts.disabled || !wrqu->rts.fixed)
9336                 priv->rts_threshold = DEFAULT_RTS_THRESHOLD;
9337         else {
9338                 if (wrqu->rts.value < MIN_RTS_THRESHOLD ||
9339                     wrqu->rts.value > MAX_RTS_THRESHOLD) {
9340                         mutex_unlock(&priv->mutex);
9341                         return -EINVAL;
9342                 }
9343                 priv->rts_threshold = wrqu->rts.value;
9344         }
9345
9346         ipw_send_rts_threshold(priv, priv->rts_threshold);
9347         mutex_unlock(&priv->mutex);
9348         IPW_DEBUG_WX("SET RTS Threshold -> %d \n", priv->rts_threshold);
9349         return 0;
9350 }
9351
9352 static int ipw_wx_get_rts(struct net_device *dev,
9353                           struct iw_request_info *info,
9354                           union iwreq_data *wrqu, char *extra)
9355 {
9356         struct ipw_priv *priv = ieee80211_priv(dev);
9357         mutex_lock(&priv->mutex);
9358         wrqu->rts.value = priv->rts_threshold;
9359         wrqu->rts.fixed = 0;    /* no auto select */
9360         wrqu->rts.disabled = (wrqu->rts.value == DEFAULT_RTS_THRESHOLD);
9361         mutex_unlock(&priv->mutex);
9362         IPW_DEBUG_WX("GET RTS Threshold -> %d \n", wrqu->rts.value);
9363         return 0;
9364 }
9365
9366 static int ipw_wx_set_txpow(struct net_device *dev,
9367                             struct iw_request_info *info,
9368                             union iwreq_data *wrqu, char *extra)
9369 {
9370         struct ipw_priv *priv = ieee80211_priv(dev);
9371         int err = 0;
9372
9373         mutex_lock(&priv->mutex);
9374         if (ipw_radio_kill_sw(priv, wrqu->power.disabled)) {
9375                 err = -EINPROGRESS;
9376                 goto out;
9377         }
9378
9379         if (!wrqu->power.fixed)
9380                 wrqu->power.value = IPW_TX_POWER_DEFAULT;
9381
9382         if (wrqu->power.flags != IW_TXPOW_DBM) {
9383                 err = -EINVAL;
9384                 goto out;
9385         }
9386
9387         if ((wrqu->power.value > IPW_TX_POWER_MAX) ||
9388             (wrqu->power.value < IPW_TX_POWER_MIN)) {
9389                 err = -EINVAL;
9390                 goto out;
9391         }
9392
9393         priv->tx_power = wrqu->power.value;
9394         err = ipw_set_tx_power(priv);
9395       out:
9396         mutex_unlock(&priv->mutex);
9397         return err;
9398 }
9399
9400 static int ipw_wx_get_txpow(struct net_device *dev,
9401                             struct iw_request_info *info,
9402                             union iwreq_data *wrqu, char *extra)
9403 {
9404         struct ipw_priv *priv = ieee80211_priv(dev);
9405         mutex_lock(&priv->mutex);
9406         wrqu->power.value = priv->tx_power;
9407         wrqu->power.fixed = 1;
9408         wrqu->power.flags = IW_TXPOW_DBM;
9409         wrqu->power.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
9410         mutex_unlock(&priv->mutex);
9411
9412         IPW_DEBUG_WX("GET TX Power -> %s %d \n",
9413                      wrqu->power.disabled ? "OFF" : "ON", wrqu->power.value);
9414
9415         return 0;
9416 }
9417
9418 static int ipw_wx_set_frag(struct net_device *dev,
9419                            struct iw_request_info *info,
9420                            union iwreq_data *wrqu, char *extra)
9421 {
9422         struct ipw_priv *priv = ieee80211_priv(dev);
9423         mutex_lock(&priv->mutex);
9424         if (wrqu->frag.disabled || !wrqu->frag.fixed)
9425                 priv->ieee->fts = DEFAULT_FTS;
9426         else {
9427                 if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
9428                     wrqu->frag.value > MAX_FRAG_THRESHOLD) {
9429                         mutex_unlock(&priv->mutex);
9430                         return -EINVAL;
9431                 }
9432
9433                 priv->ieee->fts = wrqu->frag.value & ~0x1;
9434         }
9435
9436         ipw_send_frag_threshold(priv, wrqu->frag.value);
9437         mutex_unlock(&priv->mutex);
9438         IPW_DEBUG_WX("SET Frag Threshold -> %d \n", wrqu->frag.value);
9439         return 0;
9440 }
9441
9442 static int ipw_wx_get_frag(struct net_device *dev,
9443                            struct iw_request_info *info,
9444                            union iwreq_data *wrqu, char *extra)
9445 {
9446         struct ipw_priv *priv = ieee80211_priv(dev);
9447         mutex_lock(&priv->mutex);
9448         wrqu->frag.value = priv->ieee->fts;
9449         wrqu->frag.fixed = 0;   /* no auto select */
9450         wrqu->frag.disabled = (wrqu->frag.value == DEFAULT_FTS);
9451         mutex_unlock(&priv->mutex);
9452         IPW_DEBUG_WX("GET Frag Threshold -> %d \n", wrqu->frag.value);
9453
9454         return 0;
9455 }
9456
9457 static int ipw_wx_set_retry(struct net_device *dev,
9458                             struct iw_request_info *info,
9459                             union iwreq_data *wrqu, char *extra)
9460 {
9461         struct ipw_priv *priv = ieee80211_priv(dev);
9462
9463         if (wrqu->retry.flags & IW_RETRY_LIFETIME || wrqu->retry.disabled)
9464                 return -EINVAL;
9465
9466         if (!(wrqu->retry.flags & IW_RETRY_LIMIT))
9467                 return 0;
9468
9469         if (wrqu->retry.value < 0 || wrqu->retry.value >= 255)
9470                 return -EINVAL;
9471
9472         mutex_lock(&priv->mutex);
9473         if (wrqu->retry.flags & IW_RETRY_SHORT)
9474                 priv->short_retry_limit = (u8) wrqu->retry.value;
9475         else if (wrqu->retry.flags & IW_RETRY_LONG)
9476                 priv->long_retry_limit = (u8) wrqu->retry.value;
9477         else {
9478                 priv->short_retry_limit = (u8) wrqu->retry.value;
9479                 priv->long_retry_limit = (u8) wrqu->retry.value;
9480         }
9481
9482         ipw_send_retry_limit(priv, priv->short_retry_limit,
9483                              priv->long_retry_limit);
9484         mutex_unlock(&priv->mutex);
9485         IPW_DEBUG_WX("SET retry limit -> short:%d long:%d\n",
9486                      priv->short_retry_limit, priv->long_retry_limit);
9487         return 0;
9488 }
9489
9490 static int ipw_wx_get_retry(struct net_device *dev,
9491                             struct iw_request_info *info,
9492                             union iwreq_data *wrqu, char *extra)
9493 {
9494         struct ipw_priv *priv = ieee80211_priv(dev);
9495
9496         mutex_lock(&priv->mutex);
9497         wrqu->retry.disabled = 0;
9498
9499         if ((wrqu->retry.flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
9500                 mutex_unlock(&priv->mutex);
9501                 return -EINVAL;
9502         }
9503
9504         if (wrqu->retry.flags & IW_RETRY_LONG) {
9505                 wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
9506                 wrqu->retry.value = priv->long_retry_limit;
9507         } else if (wrqu->retry.flags & IW_RETRY_SHORT) {
9508                 wrqu->retry.flags = IW_RETRY_LIMIT | IW_RETRY_SHORT;
9509                 wrqu->retry.value = priv->short_retry_limit;
9510         } else {
9511                 wrqu->retry.flags = IW_RETRY_LIMIT;
9512                 wrqu->retry.value = priv->short_retry_limit;
9513         }
9514         mutex_unlock(&priv->mutex);
9515
9516         IPW_DEBUG_WX("GET retry -> %d \n", wrqu->retry.value);
9517
9518         return 0;
9519 }
9520
9521 static int ipw_wx_set_scan(struct net_device *dev,
9522                            struct iw_request_info *info,
9523                            union iwreq_data *wrqu, char *extra)
9524 {
9525         struct ipw_priv *priv = ieee80211_priv(dev);
9526         struct iw_scan_req *req = (struct iw_scan_req *)extra;
9527         struct delayed_work *work = NULL;
9528
9529         mutex_lock(&priv->mutex);
9530
9531         priv->user_requested_scan = 1;
9532
9533         if (wrqu->data.length == sizeof(struct iw_scan_req)) {
9534                 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
9535                         int len = min((int)req->essid_len,
9536                                       (int)sizeof(priv->direct_scan_ssid));
9537                         memcpy(priv->direct_scan_ssid, req->essid, len);
9538                         priv->direct_scan_ssid_len = len;
9539                         work = &priv->request_direct_scan;
9540                 } else if (req->scan_type == IW_SCAN_TYPE_PASSIVE) {
9541                         work = &priv->request_passive_scan;
9542                 }
9543         } else {
9544                 /* Normal active broadcast scan */
9545                 work = &priv->request_scan;
9546         }
9547
9548         mutex_unlock(&priv->mutex);
9549
9550         IPW_DEBUG_WX("Start scan\n");
9551
9552         queue_delayed_work(priv->workqueue, work, 0);
9553
9554         return 0;
9555 }
9556
9557 static int ipw_wx_get_scan(struct net_device *dev,
9558                            struct iw_request_info *info,
9559                            union iwreq_data *wrqu, char *extra)
9560 {
9561         struct ipw_priv *priv = ieee80211_priv(dev);
9562         return ieee80211_wx_get_scan(priv->ieee, info, wrqu, extra);
9563 }
9564
9565 static int ipw_wx_set_encode(struct net_device *dev,
9566                              struct iw_request_info *info,
9567                              union iwreq_data *wrqu, char *key)
9568 {
9569         struct ipw_priv *priv = ieee80211_priv(dev);
9570         int ret;
9571         u32 cap = priv->capability;
9572
9573         mutex_lock(&priv->mutex);
9574         ret = ieee80211_wx_set_encode(priv->ieee, info, wrqu, key);
9575
9576         /* In IBSS mode, we need to notify the firmware to update
9577          * the beacon info after we changed the capability. */
9578         if (cap != priv->capability &&
9579             priv->ieee->iw_mode == IW_MODE_ADHOC &&
9580             priv->status & STATUS_ASSOCIATED)
9581                 ipw_disassociate(priv);
9582
9583         mutex_unlock(&priv->mutex);
9584         return ret;
9585 }
9586
9587 static int ipw_wx_get_encode(struct net_device *dev,
9588                              struct iw_request_info *info,
9589                              union iwreq_data *wrqu, char *key)
9590 {
9591         struct ipw_priv *priv = ieee80211_priv(dev);
9592         return ieee80211_wx_get_encode(priv->ieee, info, wrqu, key);
9593 }
9594
9595 static int ipw_wx_set_power(struct net_device *dev,
9596                             struct iw_request_info *info,
9597                             union iwreq_data *wrqu, char *extra)
9598 {
9599         struct ipw_priv *priv = ieee80211_priv(dev);
9600         int err;
9601         mutex_lock(&priv->mutex);
9602         if (wrqu->power.disabled) {
9603                 priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
9604                 err = ipw_send_power_mode(priv, IPW_POWER_MODE_CAM);
9605                 if (err) {
9606                         IPW_DEBUG_WX("failed setting power mode.\n");
9607                         mutex_unlock(&priv->mutex);
9608                         return err;
9609                 }
9610                 IPW_DEBUG_WX("SET Power Management Mode -> off\n");
9611                 mutex_unlock(&priv->mutex);
9612                 return 0;
9613         }
9614
9615         switch (wrqu->power.flags & IW_POWER_MODE) {
9616         case IW_POWER_ON:       /* If not specified */
9617         case IW_POWER_MODE:     /* If set all mask */
9618         case IW_POWER_ALL_R:    /* If explicitly state all */
9619                 break;
9620         default:                /* Otherwise we don't support it */
9621                 IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
9622                              wrqu->power.flags);
9623                 mutex_unlock(&priv->mutex);
9624                 return -EOPNOTSUPP;
9625         }
9626
9627         /* If the user hasn't specified a power management mode yet, default
9628          * to BATTERY */
9629         if (IPW_POWER_LEVEL(priv->power_mode) == IPW_POWER_AC)
9630                 priv->power_mode = IPW_POWER_ENABLED | IPW_POWER_BATTERY;
9631         else
9632                 priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
9633
9634         err = ipw_send_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
9635         if (err) {
9636                 IPW_DEBUG_WX("failed setting power mode.\n");
9637                 mutex_unlock(&priv->mutex);
9638                 return err;
9639         }
9640
9641         IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
9642         mutex_unlock(&priv->mutex);
9643         return 0;
9644 }
9645
9646 static int ipw_wx_get_power(struct net_device *dev,
9647                             struct iw_request_info *info,
9648                             union iwreq_data *wrqu, char *extra)
9649 {
9650         struct ipw_priv *priv = ieee80211_priv(dev);
9651         mutex_lock(&priv->mutex);
9652         if (!(priv->power_mode & IPW_POWER_ENABLED))
9653                 wrqu->power.disabled = 1;
9654         else
9655                 wrqu->power.disabled = 0;
9656
9657         mutex_unlock(&priv->mutex);
9658         IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
9659
9660         return 0;
9661 }
9662
9663 static int ipw_wx_set_powermode(struct net_device *dev,
9664                                 struct iw_request_info *info,
9665                                 union iwreq_data *wrqu, char *extra)
9666 {
9667         struct ipw_priv *priv = ieee80211_priv(dev);
9668         int mode = *(int *)extra;
9669         int err;
9670
9671         mutex_lock(&priv->mutex);
9672         if ((mode < 1) || (mode > IPW_POWER_LIMIT))
9673                 mode = IPW_POWER_AC;
9674
9675         if (IPW_POWER_LEVEL(priv->power_mode) != mode) {
9676                 err = ipw_send_power_mode(priv, mode);
9677                 if (err) {
9678                         IPW_DEBUG_WX("failed setting power mode.\n");
9679                         mutex_unlock(&priv->mutex);
9680                         return err;
9681                 }
9682                 priv->power_mode = IPW_POWER_ENABLED | mode;
9683         }
9684         mutex_unlock(&priv->mutex);
9685         return 0;
9686 }
9687
9688 #define MAX_WX_STRING 80
9689 static int ipw_wx_get_powermode(struct net_device *dev,
9690                                 struct iw_request_info *info,
9691                                 union iwreq_data *wrqu, char *extra)
9692 {
9693         struct ipw_priv *priv = ieee80211_priv(dev);
9694         int level = IPW_POWER_LEVEL(priv->power_mode);
9695         char *p = extra;
9696
9697         p += snprintf(p, MAX_WX_STRING, "Power save level: %d ", level);
9698
9699         switch (level) {
9700         case IPW_POWER_AC:
9701                 p += snprintf(p, MAX_WX_STRING - (p - extra), "(AC)");
9702                 break;
9703         case IPW_POWER_BATTERY:
9704                 p += snprintf(p, MAX_WX_STRING - (p - extra), "(BATTERY)");
9705                 break;
9706         default:
9707                 p += snprintf(p, MAX_WX_STRING - (p - extra),
9708                               "(Timeout %dms, Period %dms)",
9709                               timeout_duration[level - 1] / 1000,
9710                               period_duration[level - 1] / 1000);
9711         }
9712
9713         if (!(priv->power_mode & IPW_POWER_ENABLED))
9714                 p += snprintf(p, MAX_WX_STRING - (p - extra), " OFF");
9715
9716         wrqu->data.length = p - extra + 1;
9717
9718         return 0;
9719 }
9720
9721 static int ipw_wx_set_wireless_mode(struct net_device *dev,
9722                                     struct iw_request_info *info,
9723                                     union iwreq_data *wrqu, char *extra)
9724 {
9725         struct ipw_priv *priv = ieee80211_priv(dev);
9726         int mode = *(int *)extra;
9727         u8 band = 0, modulation = 0;
9728
9729         if (mode == 0 || mode & ~IEEE_MODE_MASK) {
9730                 IPW_WARNING("Attempt to set invalid wireless mode: %d\n", mode);
9731                 return -EINVAL;
9732         }
9733         mutex_lock(&priv->mutex);
9734         if (priv->adapter == IPW_2915ABG) {
9735                 priv->ieee->abg_true = 1;
9736                 if (mode & IEEE_A) {
9737                         band |= IEEE80211_52GHZ_BAND;
9738                         modulation |= IEEE80211_OFDM_MODULATION;
9739                 } else
9740                         priv->ieee->abg_true = 0;
9741         } else {
9742                 if (mode & IEEE_A) {
9743                         IPW_WARNING("Attempt to set 2200BG into "
9744                                     "802.11a mode\n");
9745                         mutex_unlock(&priv->mutex);
9746                         return -EINVAL;
9747                 }
9748
9749                 priv->ieee->abg_true = 0;
9750         }
9751
9752         if (mode & IEEE_B) {
9753                 band |= IEEE80211_24GHZ_BAND;
9754                 modulation |= IEEE80211_CCK_MODULATION;
9755         } else
9756                 priv->ieee->abg_true = 0;
9757
9758         if (mode & IEEE_G) {
9759                 band |= IEEE80211_24GHZ_BAND;
9760                 modulation |= IEEE80211_OFDM_MODULATION;
9761         } else
9762                 priv->ieee->abg_true = 0;
9763
9764         priv->ieee->mode = mode;
9765         priv->ieee->freq_band = band;
9766         priv->ieee->modulation = modulation;
9767         init_supported_rates(priv, &priv->rates);
9768
9769         /* Network configuration changed -- force [re]association */
9770         IPW_DEBUG_ASSOC("[re]association triggered due to mode change.\n");
9771         if (!ipw_disassociate(priv)) {
9772                 ipw_send_supported_rates(priv, &priv->rates);
9773                 ipw_associate(priv);
9774         }
9775
9776         /* Update the band LEDs */
9777         ipw_led_band_on(priv);
9778
9779         IPW_DEBUG_WX("PRIV SET MODE: %c%c%c\n",
9780                      mode & IEEE_A ? 'a' : '.',
9781                      mode & IEEE_B ? 'b' : '.', mode & IEEE_G ? 'g' : '.');
9782         mutex_unlock(&priv->mutex);
9783         return 0;
9784 }
9785
9786 static int ipw_wx_get_wireless_mode(struct net_device *dev,
9787                                     struct iw_request_info *info,
9788                                     union iwreq_data *wrqu, char *extra)
9789 {
9790         struct ipw_priv *priv = ieee80211_priv(dev);
9791         mutex_lock(&priv->mutex);
9792         switch (priv->ieee->mode) {
9793         case IEEE_A:
9794                 strncpy(extra, "802.11a (1)", MAX_WX_STRING);
9795                 break;
9796         case IEEE_B:
9797                 strncpy(extra, "802.11b (2)", MAX_WX_STRING);
9798                 break;
9799         case IEEE_A | IEEE_B:
9800                 strncpy(extra, "802.11ab (3)", MAX_WX_STRING);
9801                 break;
9802         case IEEE_G:
9803                 strncpy(extra, "802.11g (4)", MAX_WX_STRING);
9804                 break;
9805         case IEEE_A | IEEE_G:
9806                 strncpy(extra, "802.11ag (5)", MAX_WX_STRING);
9807                 break;
9808         case IEEE_B | IEEE_G:
9809                 strncpy(extra, "802.11bg (6)", MAX_WX_STRING);
9810                 break;
9811         case IEEE_A | IEEE_B | IEEE_G:
9812                 strncpy(extra, "802.11abg (7)", MAX_WX_STRING);
9813                 break;
9814         default:
9815                 strncpy(extra, "unknown", MAX_WX_STRING);
9816                 break;
9817         }
9818
9819         IPW_DEBUG_WX("PRIV GET MODE: %s\n", extra);
9820
9821         wrqu->data.length = strlen(extra) + 1;
9822         mutex_unlock(&priv->mutex);
9823
9824         return 0;
9825 }
9826
9827 static int ipw_wx_set_preamble(struct net_device *dev,
9828                                struct iw_request_info *info,
9829                                union iwreq_data *wrqu, char *extra)
9830 {
9831         struct ipw_priv *priv = ieee80211_priv(dev);
9832         int mode = *(int *)extra;
9833         mutex_lock(&priv->mutex);
9834         /* Switching from SHORT -> LONG requires a disassociation */
9835         if (mode == 1) {
9836                 if (!(priv->config & CFG_PREAMBLE_LONG)) {
9837                         priv->config |= CFG_PREAMBLE_LONG;
9838
9839                         /* Network configuration changed -- force [re]association */
9840                         IPW_DEBUG_ASSOC
9841                             ("[re]association triggered due to preamble change.\n");
9842                         if (!ipw_disassociate(priv))
9843                                 ipw_associate(priv);
9844                 }
9845                 goto done;
9846         }
9847
9848         if (mode == 0) {
9849                 priv->config &= ~CFG_PREAMBLE_LONG;
9850                 goto done;
9851         }
9852         mutex_unlock(&priv->mutex);
9853         return -EINVAL;
9854
9855       done:
9856         mutex_unlock(&priv->mutex);
9857         return 0;
9858 }
9859
9860 static int ipw_wx_get_preamble(struct net_device *dev,
9861                                struct iw_request_info *info,
9862                                union iwreq_data *wrqu, char *extra)
9863 {
9864         struct ipw_priv *priv = ieee80211_priv(dev);
9865         mutex_lock(&priv->mutex);
9866         if (priv->config & CFG_PREAMBLE_LONG)
9867                 snprintf(wrqu->name, IFNAMSIZ, "long (1)");
9868         else
9869                 snprintf(wrqu->name, IFNAMSIZ, "auto (0)");
9870         mutex_unlock(&priv->mutex);
9871         return 0;
9872 }
9873
9874 #ifdef CONFIG_IPW2200_MONITOR
9875 static int ipw_wx_set_monitor(struct net_device *dev,
9876                               struct iw_request_info *info,
9877                               union iwreq_data *wrqu, char *extra)
9878 {
9879         struct ipw_priv *priv = ieee80211_priv(dev);
9880         int *parms = (int *)extra;
9881         int enable = (parms[0] > 0);
9882         mutex_lock(&priv->mutex);
9883         IPW_DEBUG_WX("SET MONITOR: %d %d\n", enable, parms[1]);
9884         if (enable) {
9885                 if (priv->ieee->iw_mode != IW_MODE_MONITOR) {
9886 #ifdef CONFIG_IPW2200_RADIOTAP
9887                         priv->net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
9888 #else
9889                         priv->net_dev->type = ARPHRD_IEEE80211;
9890 #endif
9891                         queue_work(priv->workqueue, &priv->adapter_restart);
9892                 }
9893
9894                 ipw_set_channel(priv, parms[1]);
9895         } else {
9896                 if (priv->ieee->iw_mode != IW_MODE_MONITOR) {
9897                         mutex_unlock(&priv->mutex);
9898                         return 0;
9899                 }
9900                 priv->net_dev->type = ARPHRD_ETHER;
9901                 queue_work(priv->workqueue, &priv->adapter_restart);
9902         }
9903         mutex_unlock(&priv->mutex);
9904         return 0;
9905 }
9906
9907 #endif                          /* CONFIG_IPW2200_MONITOR */
9908
9909 static int ipw_wx_reset(struct net_device *dev,
9910                         struct iw_request_info *info,
9911                         union iwreq_data *wrqu, char *extra)
9912 {
9913         struct ipw_priv *priv = ieee80211_priv(dev);
9914         IPW_DEBUG_WX("RESET\n");
9915         queue_work(priv->workqueue, &priv->adapter_restart);
9916         return 0;
9917 }
9918
9919 static int ipw_wx_sw_reset(struct net_device *dev,
9920                            struct iw_request_info *info,
9921                            union iwreq_data *wrqu, char *extra)
9922 {
9923         struct ipw_priv *priv = ieee80211_priv(dev);
9924         union iwreq_data wrqu_sec = {
9925                 .encoding = {
9926                              .flags = IW_ENCODE_DISABLED,
9927                              },
9928         };
9929         int ret;
9930
9931         IPW_DEBUG_WX("SW_RESET\n");
9932
9933         mutex_lock(&priv->mutex);
9934
9935         ret = ipw_sw_reset(priv, 2);
9936         if (!ret) {
9937                 free_firmware();
9938                 ipw_adapter_restart(priv);
9939         }
9940
9941         /* The SW reset bit might have been toggled on by the 'disable'
9942          * module parameter, so take appropriate action */
9943         ipw_radio_kill_sw(priv, priv->status & STATUS_RF_KILL_SW);
9944
9945         mutex_unlock(&priv->mutex);
9946         ieee80211_wx_set_encode(priv->ieee, info, &wrqu_sec, NULL);
9947         mutex_lock(&priv->mutex);
9948
9949         if (!(priv->status & STATUS_RF_KILL_MASK)) {
9950                 /* Configuration likely changed -- force [re]association */
9951                 IPW_DEBUG_ASSOC("[re]association triggered due to sw "
9952                                 "reset.\n");
9953                 if (!ipw_disassociate(priv))
9954                         ipw_associate(priv);
9955         }
9956
9957         mutex_unlock(&priv->mutex);
9958
9959         return 0;
9960 }
9961
9962 /* Rebase the WE IOCTLs to zero for the handler array */
9963 #define IW_IOCTL(x) [(x)-SIOCSIWCOMMIT]
9964 static iw_handler ipw_wx_handlers[] = {
9965         IW_IOCTL(SIOCGIWNAME) = ipw_wx_get_name,
9966         IW_IOCTL(SIOCSIWFREQ) = ipw_wx_set_freq,
9967         IW_IOCTL(SIOCGIWFREQ) = ipw_wx_get_freq,
9968         IW_IOCTL(SIOCSIWMODE) = ipw_wx_set_mode,
9969         IW_IOCTL(SIOCGIWMODE) = ipw_wx_get_mode,
9970         IW_IOCTL(SIOCSIWSENS) = ipw_wx_set_sens,
9971         IW_IOCTL(SIOCGIWSENS) = ipw_wx_get_sens,
9972         IW_IOCTL(SIOCGIWRANGE) = ipw_wx_get_range,
9973         IW_IOCTL(SIOCSIWAP) = ipw_wx_set_wap,
9974         IW_IOCTL(SIOCGIWAP) = ipw_wx_get_wap,
9975         IW_IOCTL(SIOCSIWSCAN) = ipw_wx_set_scan,
9976         IW_IOCTL(SIOCGIWSCAN) = ipw_wx_get_scan,
9977         IW_IOCTL(SIOCSIWESSID) = ipw_wx_set_essid,
9978         IW_IOCTL(SIOCGIWESSID) = ipw_wx_get_essid,
9979         IW_IOCTL(SIOCSIWNICKN) = ipw_wx_set_nick,
9980         IW_IOCTL(SIOCGIWNICKN) = ipw_wx_get_nick,
9981         IW_IOCTL(SIOCSIWRATE) = ipw_wx_set_rate,
9982         IW_IOCTL(SIOCGIWRATE) = ipw_wx_get_rate,
9983         IW_IOCTL(SIOCSIWRTS) = ipw_wx_set_rts,
9984         IW_IOCTL(SIOCGIWRTS) = ipw_wx_get_rts,
9985         IW_IOCTL(SIOCSIWFRAG) = ipw_wx_set_frag,
9986         IW_IOCTL(SIOCGIWFRAG) = ipw_wx_get_frag,
9987         IW_IOCTL(SIOCSIWTXPOW) = ipw_wx_set_txpow,
9988         IW_IOCTL(SIOCGIWTXPOW) = ipw_wx_get_txpow,
9989         IW_IOCTL(SIOCSIWRETRY) = ipw_wx_set_retry,
9990         IW_IOCTL(SIOCGIWRETRY) = ipw_wx_get_retry,
9991         IW_IOCTL(SIOCSIWENCODE) = ipw_wx_set_encode,
9992         IW_IOCTL(SIOCGIWENCODE) = ipw_wx_get_encode,
9993         IW_IOCTL(SIOCSIWPOWER) = ipw_wx_set_power,
9994         IW_IOCTL(SIOCGIWPOWER) = ipw_wx_get_power,
9995         IW_IOCTL(SIOCSIWSPY) = iw_handler_set_spy,
9996         IW_IOCTL(SIOCGIWSPY) = iw_handler_get_spy,
9997         IW_IOCTL(SIOCSIWTHRSPY) = iw_handler_set_thrspy,
9998         IW_IOCTL(SIOCGIWTHRSPY) = iw_handler_get_thrspy,
9999         IW_IOCTL(SIOCSIWGENIE) = ipw_wx_set_genie,
10000         IW_IOCTL(SIOCGIWGENIE) = ipw_wx_get_genie,
10001         IW_IOCTL(SIOCSIWMLME) = ipw_wx_set_mlme,
10002         IW_IOCTL(SIOCSIWAUTH) = ipw_wx_set_auth,
10003         IW_IOCTL(SIOCGIWAUTH) = ipw_wx_get_auth,
10004         IW_IOCTL(SIOCSIWENCODEEXT) = ipw_wx_set_encodeext,
10005         IW_IOCTL(SIOCGIWENCODEEXT) = ipw_wx_get_encodeext,
10006 };
10007
10008 enum {
10009         IPW_PRIV_SET_POWER = SIOCIWFIRSTPRIV,
10010         IPW_PRIV_GET_POWER,
10011         IPW_PRIV_SET_MODE,
10012         IPW_PRIV_GET_MODE,
10013         IPW_PRIV_SET_PREAMBLE,
10014         IPW_PRIV_GET_PREAMBLE,
10015         IPW_PRIV_RESET,
10016         IPW_PRIV_SW_RESET,
10017 #ifdef CONFIG_IPW2200_MONITOR
10018         IPW_PRIV_SET_MONITOR,
10019 #endif
10020 };
10021
10022 static struct iw_priv_args ipw_priv_args[] = {
10023         {
10024          .cmd = IPW_PRIV_SET_POWER,
10025          .set_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
10026          .name = "set_power"},
10027         {
10028          .cmd = IPW_PRIV_GET_POWER,
10029          .get_args = IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_WX_STRING,
10030          .name = "get_power"},
10031         {
10032          .cmd = IPW_PRIV_SET_MODE,
10033          .set_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
10034          .name = "set_mode"},
10035         {
10036          .cmd = IPW_PRIV_GET_MODE,
10037          .get_args = IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_WX_STRING,
10038          .name = "get_mode"},
10039         {
10040          .cmd = IPW_PRIV_SET_PREAMBLE,
10041          .set_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
10042          .name = "set_preamble"},
10043         {
10044          .cmd = IPW_PRIV_GET_PREAMBLE,
10045          .get_args = IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | IFNAMSIZ,
10046          .name = "get_preamble"},
10047         {
10048          IPW_PRIV_RESET,
10049          IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
10050         {
10051          IPW_PRIV_SW_RESET,
10052          IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "sw_reset"},
10053 #ifdef CONFIG_IPW2200_MONITOR
10054         {
10055          IPW_PRIV_SET_MONITOR,
10056          IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
10057 #endif                          /* CONFIG_IPW2200_MONITOR */
10058 };
10059
10060 static iw_handler ipw_priv_handler[] = {
10061         ipw_wx_set_powermode,
10062         ipw_wx_get_powermode,
10063         ipw_wx_set_wireless_mode,
10064         ipw_wx_get_wireless_mode,
10065         ipw_wx_set_preamble,
10066         ipw_wx_get_preamble,
10067         ipw_wx_reset,
10068         ipw_wx_sw_reset,
10069 #ifdef CONFIG_IPW2200_MONITOR
10070         ipw_wx_set_monitor,
10071 #endif
10072 };
10073
10074 static struct iw_handler_def ipw_wx_handler_def = {
10075         .standard = ipw_wx_handlers,
10076         .num_standard = ARRAY_SIZE(ipw_wx_handlers),
10077         .num_private = ARRAY_SIZE(ipw_priv_handler),
10078         .num_private_args = ARRAY_SIZE(ipw_priv_args),
10079         .private = ipw_priv_handler,
10080         .private_args = ipw_priv_args,
10081         .get_wireless_stats = ipw_get_wireless_stats,
10082 };
10083
10084 /*
10085  * Get wireless statistics.
10086  * Called by /proc/net/wireless
10087  * Also called by SIOCGIWSTATS
10088  */
10089 static struct iw_statistics *ipw_get_wireless_stats(struct net_device *dev)
10090 {
10091         struct ipw_priv *priv = ieee80211_priv(dev);
10092         struct iw_statistics *wstats;
10093
10094         wstats = &priv->wstats;
10095
10096         /* if hw is disabled, then ipw_get_ordinal() can't be called.
10097          * netdev->get_wireless_stats seems to be called before fw is
10098          * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
10099          * and associated; if not associcated, the values are all meaningless
10100          * anyway, so set them all to NULL and INVALID */
10101         if (!(priv->status & STATUS_ASSOCIATED)) {
10102                 wstats->miss.beacon = 0;
10103                 wstats->discard.retries = 0;
10104                 wstats->qual.qual = 0;
10105                 wstats->qual.level = 0;
10106                 wstats->qual.noise = 0;
10107                 wstats->qual.updated = 7;
10108                 wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
10109                     IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
10110                 return wstats;
10111         }
10112
10113         wstats->qual.qual = priv->quality;
10114         wstats->qual.level = priv->exp_avg_rssi;
10115         wstats->qual.noise = priv->exp_avg_noise;
10116         wstats->qual.updated = IW_QUAL_QUAL_UPDATED | IW_QUAL_LEVEL_UPDATED |
10117             IW_QUAL_NOISE_UPDATED | IW_QUAL_DBM;
10118
10119         wstats->miss.beacon = average_value(&priv->average_missed_beacons);
10120         wstats->discard.retries = priv->last_tx_failures;
10121         wstats->discard.code = priv->ieee->ieee_stats.rx_discards_undecryptable;
10122
10123 /*      if (ipw_get_ordinal(priv, IPW_ORD_STAT_TX_RETRY, &tx_retry, &len))
10124         goto fail_get_ordinal;
10125         wstats->discard.retries += tx_retry; */
10126
10127         return wstats;
10128 }
10129
10130 /* net device stuff */
10131
10132 static  void init_sys_config(struct ipw_sys_config *sys_config)
10133 {
10134         memset(sys_config, 0, sizeof(struct ipw_sys_config));
10135         sys_config->bt_coexistence = 0;
10136         sys_config->answer_broadcast_ssid_probe = 0;
10137         sys_config->accept_all_data_frames = 0;
10138         sys_config->accept_non_directed_frames = 1;
10139         sys_config->exclude_unicast_unencrypted = 0;
10140         sys_config->disable_unicast_decryption = 1;
10141         sys_config->exclude_multicast_unencrypted = 0;
10142         sys_config->disable_multicast_decryption = 1;
10143         if (antenna < CFG_SYS_ANTENNA_BOTH || antenna > CFG_SYS_ANTENNA_B)
10144                 antenna = CFG_SYS_ANTENNA_BOTH;
10145         sys_config->antenna_diversity = antenna;
10146         sys_config->pass_crc_to_host = 0;       /* TODO: See if 1 gives us FCS */
10147         sys_config->dot11g_auto_detection = 0;
10148         sys_config->enable_cts_to_self = 0;
10149         sys_config->bt_coexist_collision_thr = 0;
10150         sys_config->pass_noise_stats_to_host = 1;       /* 1 -- fix for 256 */
10151         sys_config->silence_threshold = 0x1e;
10152 }
10153
10154 static int ipw_net_open(struct net_device *dev)
10155 {
10156         IPW_DEBUG_INFO("dev->open\n");
10157         netif_start_queue(dev);
10158         return 0;
10159 }
10160
10161 static int ipw_net_stop(struct net_device *dev)
10162 {
10163         IPW_DEBUG_INFO("dev->close\n");
10164         netif_stop_queue(dev);
10165         return 0;
10166 }
10167
10168 /*
10169 todo:
10170
10171 modify to send one tfd per fragment instead of using chunking.  otherwise
10172 we need to heavily modify the ieee80211_skb_to_txb.
10173 */
10174
10175 static int ipw_tx_skb(struct ipw_priv *priv, struct ieee80211_txb *txb,
10176                              int pri)
10177 {
10178         struct ieee80211_hdr_3addrqos *hdr = (struct ieee80211_hdr_3addrqos *)
10179             txb->fragments[0]->data;
10180         int i = 0;
10181         struct tfd_frame *tfd;
10182 #ifdef CONFIG_IPW2200_QOS
10183         int tx_id = ipw_get_tx_queue_number(priv, pri);
10184         struct clx2_tx_queue *txq = &priv->txq[tx_id];
10185 #else
10186         struct clx2_tx_queue *txq = &priv->txq[0];
10187 #endif
10188         struct clx2_queue *q = &txq->q;
10189         u8 id, hdr_len, unicast;
10190         u16 remaining_bytes;
10191         int fc;
10192
10193         hdr_len = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
10194         switch (priv->ieee->iw_mode) {
10195         case IW_MODE_ADHOC:
10196                 unicast = !is_multicast_ether_addr(hdr->addr1);
10197                 id = ipw_find_station(priv, hdr->addr1);
10198                 if (id == IPW_INVALID_STATION) {
10199                         id = ipw_add_station(priv, hdr->addr1);
10200                         if (id == IPW_INVALID_STATION) {
10201                                 IPW_WARNING("Attempt to send data to "
10202                                             "invalid cell: " MAC_FMT "\n",
10203                                             hdr->addr1[0], hdr->addr1[1],
10204                                             hdr->addr1[2], hdr->addr1[3],
10205                                             hdr->addr1[4], hdr->addr1[5]);
10206                                 goto drop;
10207                         }
10208                 }
10209                 break;
10210
10211         case IW_MODE_INFRA:
10212         default:
10213                 unicast = !is_multicast_ether_addr(hdr->addr3);
10214                 id = 0;
10215                 break;
10216         }
10217
10218         tfd = &txq->bd[q->first_empty];
10219         txq->txb[q->first_empty] = txb;
10220         memset(tfd, 0, sizeof(*tfd));
10221         tfd->u.data.station_number = id;
10222
10223         tfd->control_flags.message_type = TX_FRAME_TYPE;
10224         tfd->control_flags.control_bits = TFD_NEED_IRQ_MASK;
10225
10226         tfd->u.data.cmd_id = DINO_CMD_TX;
10227         tfd->u.data.len = cpu_to_le16(txb->payload_size);
10228         remaining_bytes = txb->payload_size;
10229
10230         if (priv->assoc_request.ieee_mode == IPW_B_MODE)
10231                 tfd->u.data.tx_flags_ext |= DCT_FLAG_EXT_MODE_CCK;
10232         else
10233                 tfd->u.data.tx_flags_ext |= DCT_FLAG_EXT_MODE_OFDM;
10234
10235         if (priv->assoc_request.preamble_length == DCT_FLAG_SHORT_PREAMBLE)
10236                 tfd->u.data.tx_flags |= DCT_FLAG_SHORT_PREAMBLE;
10237
10238         fc = le16_to_cpu(hdr->frame_ctl);
10239         hdr->frame_ctl = cpu_to_le16(fc & ~IEEE80211_FCTL_MOREFRAGS);
10240
10241         memcpy(&tfd->u.data.tfd.tfd_24.mchdr, hdr, hdr_len);
10242
10243         if (likely(unicast))
10244                 tfd->u.data.tx_flags |= DCT_FLAG_ACK_REQD;
10245
10246         if (txb->encrypted && !priv->ieee->host_encrypt) {
10247                 switch (priv->ieee->sec.level) {
10248                 case SEC_LEVEL_3:
10249                         tfd->u.data.tfd.tfd_24.mchdr.frame_ctl |=
10250                             cpu_to_le16(IEEE80211_FCTL_PROTECTED);
10251                         /* XXX: ACK flag must be set for CCMP even if it
10252                          * is a multicast/broadcast packet, because CCMP
10253                          * group communication encrypted by GTK is
10254                          * actually done by the AP. */
10255                         if (!unicast)
10256                                 tfd->u.data.tx_flags |= DCT_FLAG_ACK_REQD;
10257
10258                         tfd->u.data.tx_flags &= ~DCT_FLAG_NO_WEP;
10259                         tfd->u.data.tx_flags_ext |= DCT_FLAG_EXT_SECURITY_CCM;
10260                         tfd->u.data.key_index = 0;
10261                         tfd->u.data.key_index |= DCT_WEP_INDEX_USE_IMMEDIATE;
10262                         break;
10263                 case SEC_LEVEL_2:
10264                         tfd->u.data.tfd.tfd_24.mchdr.frame_ctl |=
10265                             cpu_to_le16(IEEE80211_FCTL_PROTECTED);
10266                         tfd->u.data.tx_flags &= ~DCT_FLAG_NO_WEP;
10267                         tfd->u.data.tx_flags_ext |= DCT_FLAG_EXT_SECURITY_TKIP;
10268                         tfd->u.data.key_index = DCT_WEP_INDEX_USE_IMMEDIATE;
10269                         break;
10270                 case SEC_LEVEL_1:
10271                         tfd->u.data.tfd.tfd_24.mchdr.frame_ctl |=
10272                             cpu_to_le16(IEEE80211_FCTL_PROTECTED);
10273                         tfd->u.data.key_index = priv->ieee->tx_keyidx;
10274                         if (priv->ieee->sec.key_sizes[priv->ieee->tx_keyidx] <=
10275                             40)
10276                                 tfd->u.data.key_index |= DCT_WEP_KEY_64Bit;
10277                         else
10278                                 tfd->u.data.key_index |= DCT_WEP_KEY_128Bit;
10279                         break;
10280                 case SEC_LEVEL_0:
10281                         break;
10282                 default:
10283                         printk(KERN_ERR "Unknow security level %d\n",
10284                                priv->ieee->sec.level);
10285                         break;
10286                 }
10287         } else
10288                 /* No hardware encryption */
10289                 tfd->u.data.tx_flags |= DCT_FLAG_NO_WEP;
10290
10291 #ifdef CONFIG_IPW2200_QOS
10292         if (fc & IEEE80211_STYPE_QOS_DATA)
10293                 ipw_qos_set_tx_queue_command(priv, pri, &(tfd->u.data));
10294 #endif                          /* CONFIG_IPW2200_QOS */
10295
10296         /* payload */
10297         tfd->u.data.num_chunks = cpu_to_le32(min((u8) (NUM_TFD_CHUNKS - 2),
10298                                                  txb->nr_frags));
10299         IPW_DEBUG_FRAG("%i fragments being sent as %i chunks.\n",
10300                        txb->nr_frags, le32_to_cpu(tfd->u.data.num_chunks));
10301         for (i = 0; i < le32_to_cpu(tfd->u.data.num_chunks); i++) {
10302                 IPW_DEBUG_FRAG("Adding fragment %i of %i (%d bytes).\n",
10303                                i, le32_to_cpu(tfd->u.data.num_chunks),
10304                                txb->fragments[i]->len - hdr_len);
10305                 IPW_DEBUG_TX("Dumping TX packet frag %i of %i (%d bytes):\n",
10306                              i, tfd->u.data.num_chunks,
10307                              txb->fragments[i]->len - hdr_len);
10308                 printk_buf(IPW_DL_TX, txb->fragments[i]->data + hdr_len,
10309                            txb->fragments[i]->len - hdr_len);
10310
10311                 tfd->u.data.chunk_ptr[i] =
10312                     cpu_to_le32(pci_map_single
10313                                 (priv->pci_dev,
10314                                  txb->fragments[i]->data + hdr_len,
10315                                  txb->fragments[i]->len - hdr_len,
10316                                  PCI_DMA_TODEVICE));
10317                 tfd->u.data.chunk_len[i] =
10318                     cpu_to_le16(txb->fragments[i]->len - hdr_len);
10319         }
10320
10321         if (i != txb->nr_frags) {
10322                 struct sk_buff *skb;
10323                 u16 remaining_bytes = 0;
10324                 int j;
10325
10326                 for (j = i; j < txb->nr_frags; j++)
10327                         remaining_bytes += txb->fragments[j]->len - hdr_len;
10328
10329                 printk(KERN_INFO "Trying to reallocate for %d bytes\n",
10330                        remaining_bytes);
10331                 skb = alloc_skb(remaining_bytes, GFP_ATOMIC);
10332                 if (skb != NULL) {
10333                         tfd->u.data.chunk_len[i] = cpu_to_le16(remaining_bytes);
10334                         for (j = i; j < txb->nr_frags; j++) {
10335                                 int size = txb->fragments[j]->len - hdr_len;
10336
10337                                 printk(KERN_INFO "Adding frag %d %d...\n",
10338                                        j, size);
10339                                 memcpy(skb_put(skb, size),
10340                                        txb->fragments[j]->data + hdr_len, size);
10341                         }
10342                         dev_kfree_skb_any(txb->fragments[i]);
10343                         txb->fragments[i] = skb;
10344                         tfd->u.data.chunk_ptr[i] =
10345                             cpu_to_le32(pci_map_single
10346                                         (priv->pci_dev, skb->data,
10347                                          remaining_bytes,
10348                                          PCI_DMA_TODEVICE));
10349
10350                         le32_add_cpu(&tfd->u.data.num_chunks, 1);
10351                 }
10352         }
10353
10354         /* kick DMA */
10355         q->first_empty = ipw_queue_inc_wrap(q->first_empty, q->n_bd);
10356         ipw_write32(priv, q->reg_w, q->first_empty);
10357
10358         if (ipw_tx_queue_space(q) < q->high_mark)
10359                 netif_stop_queue(priv->net_dev);
10360
10361         return NETDEV_TX_OK;
10362
10363       drop:
10364         IPW_DEBUG_DROP("Silently dropping Tx packet.\n");
10365         ieee80211_txb_free(txb);
10366         return NETDEV_TX_OK;
10367 }
10368
10369 static int ipw_net_is_queue_full(struct net_device *dev, int pri)
10370 {
10371         struct ipw_priv *priv = ieee80211_priv(dev);
10372 #ifdef CONFIG_IPW2200_QOS
10373         int tx_id = ipw_get_tx_queue_number(priv, pri);
10374         struct clx2_tx_queue *txq = &priv->txq[tx_id];
10375 #else
10376         struct clx2_tx_queue *txq = &priv->txq[0];
10377 #endif                          /* CONFIG_IPW2200_QOS */
10378
10379         if (ipw_tx_queue_space(&txq->q) < txq->q.high_mark)
10380                 return 1;
10381
10382         return 0;
10383 }
10384
10385 #ifdef CONFIG_IPW2200_PROMISCUOUS
10386 static void ipw_handle_promiscuous_tx(struct ipw_priv *priv,
10387                                       struct ieee80211_txb *txb)
10388 {
10389         struct ieee80211_rx_stats dummystats;
10390         struct ieee80211_hdr *hdr;
10391         u8 n;
10392         u16 filter = priv->prom_priv->filter;
10393         int hdr_only = 0;
10394
10395         if (filter & IPW_PROM_NO_TX)
10396                 return;
10397
10398         memset(&dummystats, 0, sizeof(dummystats));
10399
10400         /* Filtering of fragment chains is done agains the first fragment */
10401         hdr = (void *)txb->fragments[0]->data;
10402         if (ieee80211_is_management(le16_to_cpu(hdr->frame_ctl))) {
10403                 if (filter & IPW_PROM_NO_MGMT)
10404                         return;
10405                 if (filter & IPW_PROM_MGMT_HEADER_ONLY)
10406                         hdr_only = 1;
10407         } else if (ieee80211_is_control(le16_to_cpu(hdr->frame_ctl))) {
10408                 if (filter & IPW_PROM_NO_CTL)
10409                         return;
10410                 if (filter & IPW_PROM_CTL_HEADER_ONLY)
10411                         hdr_only = 1;
10412         } else if (ieee80211_is_data(le16_to_cpu(hdr->frame_ctl))) {
10413                 if (filter & IPW_PROM_NO_DATA)
10414                         return;
10415                 if (filter & IPW_PROM_DATA_HEADER_ONLY)
10416                         hdr_only = 1;
10417         }
10418
10419         for(n=0; n<txb->nr_frags; ++n) {
10420                 struct sk_buff *src = txb->fragments[n];
10421                 struct sk_buff *dst;
10422                 struct ieee80211_radiotap_header *rt_hdr;
10423                 int len;
10424
10425                 if (hdr_only) {
10426                         hdr = (void *)src->data;
10427                         len = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
10428                 } else
10429                         len = src->len;
10430
10431                 dst = alloc_skb(
10432                         len + IEEE80211_RADIOTAP_HDRLEN, GFP_ATOMIC);
10433                 if (!dst) continue;
10434
10435                 rt_hdr = (void *)skb_put(dst, sizeof(*rt_hdr));
10436
10437                 rt_hdr->it_version = PKTHDR_RADIOTAP_VERSION;
10438                 rt_hdr->it_pad = 0;
10439                 rt_hdr->it_present = 0; /* after all, it's just an idea */
10440                 rt_hdr->it_present |=  cpu_to_le32(1 << IEEE80211_RADIOTAP_CHANNEL);
10441
10442                 *(__le16*)skb_put(dst, sizeof(u16)) = cpu_to_le16(
10443                         ieee80211chan2mhz(priv->channel));
10444                 if (priv->channel > 14)         /* 802.11a */
10445                         *(__le16*)skb_put(dst, sizeof(u16)) =
10446                                 cpu_to_le16(IEEE80211_CHAN_OFDM |
10447                                              IEEE80211_CHAN_5GHZ);
10448                 else if (priv->ieee->mode == IEEE_B) /* 802.11b */
10449                         *(__le16*)skb_put(dst, sizeof(u16)) =
10450                                 cpu_to_le16(IEEE80211_CHAN_CCK |
10451                                              IEEE80211_CHAN_2GHZ);
10452                 else            /* 802.11g */
10453                         *(__le16*)skb_put(dst, sizeof(u16)) =
10454                                 cpu_to_le16(IEEE80211_CHAN_OFDM |
10455                                  IEEE80211_CHAN_2GHZ);
10456
10457                 rt_hdr->it_len = cpu_to_le16(dst->len);
10458
10459                 skb_copy_from_linear_data(src, skb_put(dst, len), len);
10460
10461                 if (!ieee80211_rx(priv->prom_priv->ieee, dst, &dummystats))
10462                         dev_kfree_skb_any(dst);
10463         }
10464 }
10465 #endif
10466
10467 static int ipw_net_hard_start_xmit(struct ieee80211_txb *txb,
10468                                    struct net_device *dev, int pri)
10469 {
10470         struct ipw_priv *priv = ieee80211_priv(dev);
10471         unsigned long flags;
10472         int ret;
10473
10474         IPW_DEBUG_TX("dev->xmit(%d bytes)\n", txb->payload_size);
10475         spin_lock_irqsave(&priv->lock, flags);
10476
10477 #ifdef CONFIG_IPW2200_PROMISCUOUS
10478         if (rtap_iface && netif_running(priv->prom_net_dev))
10479                 ipw_handle_promiscuous_tx(priv, txb);
10480 #endif
10481
10482         ret = ipw_tx_skb(priv, txb, pri);
10483         if (ret == NETDEV_TX_OK)
10484                 __ipw_led_activity_on(priv);
10485         spin_unlock_irqrestore(&priv->lock, flags);
10486
10487         return ret;
10488 }
10489
10490 static struct net_device_stats *ipw_net_get_stats(struct net_device *dev)
10491 {
10492         struct ipw_priv *priv = ieee80211_priv(dev);
10493
10494         priv->ieee->stats.tx_packets = priv->tx_packets;
10495         priv->ieee->stats.rx_packets = priv->rx_packets;
10496         return &priv->ieee->stats;
10497 }
10498
10499 static void ipw_net_set_multicast_list(struct net_device *dev)
10500 {
10501
10502 }
10503
10504 static int ipw_net_set_mac_address(struct net_device *dev, void *p)
10505 {
10506         struct ipw_priv *priv = ieee80211_priv(dev);
10507         struct sockaddr *addr = p;
10508         DECLARE_MAC_BUF(mac);
10509
10510         if (!is_valid_ether_addr(addr->sa_data))
10511                 return -EADDRNOTAVAIL;
10512         mutex_lock(&priv->mutex);
10513         priv->config |= CFG_CUSTOM_MAC;
10514         memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
10515         printk(KERN_INFO "%s: Setting MAC to %s\n",
10516                priv->net_dev->name, print_mac(mac, priv->mac_addr));
10517         queue_work(priv->workqueue, &priv->adapter_restart);
10518         mutex_unlock(&priv->mutex);
10519         return 0;
10520 }
10521
10522 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
10523                                     struct ethtool_drvinfo *info)
10524 {
10525         struct ipw_priv *p = ieee80211_priv(dev);
10526         char vers[64];
10527         char date[32];
10528         u32 len;
10529
10530         strcpy(info->driver, DRV_NAME);
10531         strcpy(info->version, DRV_VERSION);
10532
10533         len = sizeof(vers);
10534         ipw_get_ordinal(p, IPW_ORD_STAT_FW_VERSION, vers, &len);
10535         len = sizeof(date);
10536         ipw_get_ordinal(p, IPW_ORD_STAT_FW_DATE, date, &len);
10537
10538         snprintf(info->fw_version, sizeof(info->fw_version), "%s (%s)",
10539                  vers, date);
10540         strcpy(info->bus_info, pci_name(p->pci_dev));
10541         info->eedump_len = IPW_EEPROM_IMAGE_SIZE;
10542 }
10543
10544 static u32 ipw_ethtool_get_link(struct net_device *dev)
10545 {
10546         struct ipw_priv *priv = ieee80211_priv(dev);
10547         return (priv->status & STATUS_ASSOCIATED) != 0;
10548 }
10549
10550 static int ipw_ethtool_get_eeprom_len(struct net_device *dev)
10551 {
10552         return IPW_EEPROM_IMAGE_SIZE;
10553 }
10554
10555 static int ipw_ethtool_get_eeprom(struct net_device *dev,
10556                                   struct ethtool_eeprom *eeprom, u8 * bytes)
10557 {
10558         struct ipw_priv *p = ieee80211_priv(dev);
10559
10560         if (eeprom->offset + eeprom->len > IPW_EEPROM_IMAGE_SIZE)
10561                 return -EINVAL;
10562         mutex_lock(&p->mutex);
10563         memcpy(bytes, &p->eeprom[eeprom->offset], eeprom->len);
10564         mutex_unlock(&p->mutex);
10565         return 0;
10566 }
10567
10568 static int ipw_ethtool_set_eeprom(struct net_device *dev,
10569                                   struct ethtool_eeprom *eeprom, u8 * bytes)
10570 {
10571         struct ipw_priv *p = ieee80211_priv(dev);
10572         int i;
10573
10574         if (eeprom->offset + eeprom->len > IPW_EEPROM_IMAGE_SIZE)
10575                 return -EINVAL;
10576         mutex_lock(&p->mutex);
10577         memcpy(&p->eeprom[eeprom->offset], bytes, eeprom->len);
10578         for (i = 0; i < IPW_EEPROM_IMAGE_SIZE; i++)
10579                 ipw_write8(p, i + IPW_EEPROM_DATA, p->eeprom[i]);
10580         mutex_unlock(&p->mutex);
10581         return 0;
10582 }
10583
10584 static const struct ethtool_ops ipw_ethtool_ops = {
10585         .get_link = ipw_ethtool_get_link,
10586         .get_drvinfo = ipw_ethtool_get_drvinfo,
10587         .get_eeprom_len = ipw_ethtool_get_eeprom_len,
10588         .get_eeprom = ipw_ethtool_get_eeprom,
10589         .set_eeprom = ipw_ethtool_set_eeprom,
10590 };
10591
10592 static irqreturn_t ipw_isr(int irq, void *data)
10593 {
10594         struct ipw_priv *priv = data;
10595         u32 inta, inta_mask;
10596
10597         if (!priv)
10598                 return IRQ_NONE;
10599
10600         spin_lock(&priv->irq_lock);
10601
10602         if (!(priv->status & STATUS_INT_ENABLED)) {
10603                 /* IRQ is disabled */
10604                 goto none;
10605         }
10606
10607         inta = ipw_read32(priv, IPW_INTA_RW);
10608         inta_mask = ipw_read32(priv, IPW_INTA_MASK_R);
10609
10610         if (inta == 0xFFFFFFFF) {
10611                 /* Hardware disappeared */
10612                 IPW_WARNING("IRQ INTA == 0xFFFFFFFF\n");
10613                 goto none;
10614         }
10615
10616         if (!(inta & (IPW_INTA_MASK_ALL & inta_mask))) {
10617                 /* Shared interrupt */
10618                 goto none;
10619         }
10620
10621         /* tell the device to stop sending interrupts */
10622         __ipw_disable_interrupts(priv);
10623
10624         /* ack current interrupts */
10625         inta &= (IPW_INTA_MASK_ALL & inta_mask);
10626         ipw_write32(priv, IPW_INTA_RW, inta);
10627
10628         /* Cache INTA value for our tasklet */
10629         priv->isr_inta = inta;
10630
10631         tasklet_schedule(&priv->irq_tasklet);
10632
10633         spin_unlock(&priv->irq_lock);
10634
10635         return IRQ_HANDLED;
10636       none:
10637         spin_unlock(&priv->irq_lock);
10638         return IRQ_NONE;
10639 }
10640
10641 static void ipw_rf_kill(void *adapter)
10642 {
10643         struct ipw_priv *priv = adapter;
10644         unsigned long flags;
10645
10646         spin_lock_irqsave(&priv->lock, flags);
10647
10648         if (rf_kill_active(priv)) {
10649                 IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
10650                 if (priv->workqueue)
10651                         queue_delayed_work(priv->workqueue,
10652                                            &priv->rf_kill, 2 * HZ);
10653                 goto exit_unlock;
10654         }
10655
10656         /* RF Kill is now disabled, so bring the device back up */
10657
10658         if (!(priv->status & STATUS_RF_KILL_MASK)) {
10659                 IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
10660                                   "device\n");
10661
10662                 /* we can not do an adapter restart while inside an irq lock */
10663                 queue_work(priv->workqueue, &priv->adapter_restart);
10664         } else
10665                 IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
10666                                   "enabled\n");
10667
10668       exit_unlock:
10669         spin_unlock_irqrestore(&priv->lock, flags);
10670 }
10671
10672 static void ipw_bg_rf_kill(struct work_struct *work)
10673 {
10674         struct ipw_priv *priv =
10675                 container_of(work, struct ipw_priv, rf_kill.work);
10676         mutex_lock(&priv->mutex);
10677         ipw_rf_kill(priv);
10678         mutex_unlock(&priv->mutex);
10679 }
10680
10681 static void ipw_link_up(struct ipw_priv *priv)
10682 {
10683         priv->last_seq_num = -1;
10684         priv->last_frag_num = -1;
10685         priv->last_packet_time = 0;
10686
10687         netif_carrier_on(priv->net_dev);
10688
10689         cancel_delayed_work(&priv->request_scan);
10690         cancel_delayed_work(&priv->request_direct_scan);
10691         cancel_delayed_work(&priv->request_passive_scan);
10692         cancel_delayed_work(&priv->scan_event);
10693         ipw_reset_stats(priv);
10694         /* Ensure the rate is updated immediately */
10695         priv->last_rate = ipw_get_current_rate(priv);
10696         ipw_gather_stats(priv);
10697         ipw_led_link_up(priv);
10698         notify_wx_assoc_event(priv);
10699
10700         if (priv->config & CFG_BACKGROUND_SCAN)
10701                 queue_delayed_work(priv->workqueue, &priv->request_scan, HZ);
10702 }
10703
10704 static void ipw_bg_link_up(struct work_struct *work)
10705 {
10706         struct ipw_priv *priv =
10707                 container_of(work, struct ipw_priv, link_up);
10708         mutex_lock(&priv->mutex);
10709         ipw_link_up(priv);
10710         mutex_unlock(&priv->mutex);
10711 }
10712
10713 static void ipw_link_down(struct ipw_priv *priv)
10714 {
10715         ipw_led_link_down(priv);
10716         netif_carrier_off(priv->net_dev);
10717         notify_wx_assoc_event(priv);
10718
10719         /* Cancel any queued work ... */
10720         cancel_delayed_work(&priv->request_scan);
10721         cancel_delayed_work(&priv->request_direct_scan);
10722         cancel_delayed_work(&priv->request_passive_scan);
10723         cancel_delayed_work(&priv->adhoc_check);
10724         cancel_delayed_work(&priv->gather_stats);
10725
10726         ipw_reset_stats(priv);
10727
10728         if (!(priv->status & STATUS_EXIT_PENDING)) {
10729                 /* Queue up another scan... */
10730                 queue_delayed_work(priv->workqueue, &priv->request_scan, 0);
10731         } else
10732                 cancel_delayed_work(&priv->scan_event);
10733 }
10734
10735 static void ipw_bg_link_down(struct work_struct *work)
10736 {
10737         struct ipw_priv *priv =
10738                 container_of(work, struct ipw_priv, link_down);
10739         mutex_lock(&priv->mutex);
10740         ipw_link_down(priv);
10741         mutex_unlock(&priv->mutex);
10742 }
10743
10744 static int __devinit ipw_setup_deferred_work(struct ipw_priv *priv)
10745 {
10746         int ret = 0;
10747
10748         priv->workqueue = create_workqueue(DRV_NAME);
10749         init_waitqueue_head(&priv->wait_command_queue);
10750         init_waitqueue_head(&priv->wait_state);
10751
10752         INIT_DELAYED_WORK(&priv->adhoc_check, ipw_bg_adhoc_check);
10753         INIT_WORK(&priv->associate, ipw_bg_associate);
10754         INIT_WORK(&priv->disassociate, ipw_bg_disassociate);
10755         INIT_WORK(&priv->system_config, ipw_system_config);
10756         INIT_WORK(&priv->rx_replenish, ipw_bg_rx_queue_replenish);
10757         INIT_WORK(&priv->adapter_restart, ipw_bg_adapter_restart);
10758         INIT_DELAYED_WORK(&priv->rf_kill, ipw_bg_rf_kill);
10759         INIT_WORK(&priv->up, ipw_bg_up);
10760         INIT_WORK(&priv->down, ipw_bg_down);
10761         INIT_DELAYED_WORK(&priv->request_scan, ipw_request_scan);
10762         INIT_DELAYED_WORK(&priv->request_direct_scan, ipw_request_direct_scan);
10763         INIT_DELAYED_WORK(&priv->request_passive_scan, ipw_request_passive_scan);
10764         INIT_DELAYED_WORK(&priv->scan_event, ipw_scan_event);
10765         INIT_DELAYED_WORK(&priv->gather_stats, ipw_bg_gather_stats);
10766         INIT_WORK(&priv->abort_scan, ipw_bg_abort_scan);
10767         INIT_WORK(&priv->roam, ipw_bg_roam);
10768         INIT_DELAYED_WORK(&priv->scan_check, ipw_bg_scan_check);
10769         INIT_WORK(&priv->link_up, ipw_bg_link_up);
10770         INIT_WORK(&priv->link_down, ipw_bg_link_down);
10771         INIT_DELAYED_WORK(&priv->led_link_on, ipw_bg_led_link_on);
10772         INIT_DELAYED_WORK(&priv->led_link_off, ipw_bg_led_link_off);
10773         INIT_DELAYED_WORK(&priv->led_act_off, ipw_bg_led_activity_off);
10774         INIT_WORK(&priv->merge_networks, ipw_merge_adhoc_network);
10775
10776 #ifdef CONFIG_IPW2200_QOS
10777         INIT_WORK(&priv->qos_activate, ipw_bg_qos_activate);
10778 #endif                          /* CONFIG_IPW2200_QOS */
10779
10780         tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
10781                      ipw_irq_tasklet, (unsigned long)priv);
10782
10783         return ret;
10784 }
10785
10786 static void shim__set_security(struct net_device *dev,
10787                                struct ieee80211_security *sec)
10788 {
10789         struct ipw_priv *priv = ieee80211_priv(dev);
10790         int i;
10791         for (i = 0; i < 4; i++) {
10792                 if (sec->flags & (1 << i)) {
10793                         priv->ieee->sec.encode_alg[i] = sec->encode_alg[i];
10794                         priv->ieee->sec.key_sizes[i] = sec->key_sizes[i];
10795                         if (sec->key_sizes[i] == 0)
10796                                 priv->ieee->sec.flags &= ~(1 << i);
10797                         else {
10798                                 memcpy(priv->ieee->sec.keys[i], sec->keys[i],
10799                                        sec->key_sizes[i]);
10800                                 priv->ieee->sec.flags |= (1 << i);
10801                         }
10802                         priv->status |= STATUS_SECURITY_UPDATED;
10803                 } else if (sec->level != SEC_LEVEL_1)
10804                         priv->ieee->sec.flags &= ~(1 << i);
10805         }
10806
10807         if (sec->flags & SEC_ACTIVE_KEY) {
10808                 if (sec->active_key <= 3) {
10809                         priv->ieee->sec.active_key = sec->active_key;
10810                         priv->ieee->sec.flags |= SEC_ACTIVE_KEY;
10811                 } else
10812                         priv->ieee->sec.flags &= ~SEC_ACTIVE_KEY;
10813                 priv->status |= STATUS_SECURITY_UPDATED;
10814         } else
10815                 priv->ieee->sec.flags &= ~SEC_ACTIVE_KEY;
10816
10817         if ((sec->flags & SEC_AUTH_MODE) &&
10818             (priv->ieee->sec.auth_mode != sec->auth_mode)) {
10819                 priv->ieee->sec.auth_mode = sec->auth_mode;
10820                 priv->ieee->sec.flags |= SEC_AUTH_MODE;
10821                 if (sec->auth_mode == WLAN_AUTH_SHARED_KEY)
10822                         priv->capability |= CAP_SHARED_KEY;
10823                 else
10824                         priv->capability &= ~CAP_SHARED_KEY;
10825                 priv->status |= STATUS_SECURITY_UPDATED;
10826         }
10827
10828         if (sec->flags & SEC_ENABLED && priv->ieee->sec.enabled != sec->enabled) {
10829                 priv->ieee->sec.flags |= SEC_ENABLED;
10830                 priv->ieee->sec.enabled = sec->enabled;
10831                 priv->status |= STATUS_SECURITY_UPDATED;
10832                 if (sec->enabled)
10833                         priv->capability |= CAP_PRIVACY_ON;
10834                 else
10835                         priv->capability &= ~CAP_PRIVACY_ON;
10836         }
10837
10838         if (sec->flags & SEC_ENCRYPT)
10839                 priv->ieee->sec.encrypt = sec->encrypt;
10840
10841         if (sec->flags & SEC_LEVEL && priv->ieee->sec.level != sec->level) {
10842                 priv->ieee->sec.level = sec->level;
10843                 priv->ieee->sec.flags |= SEC_LEVEL;
10844                 priv->status |= STATUS_SECURITY_UPDATED;
10845         }
10846
10847         if (!priv->ieee->host_encrypt && (sec->flags & SEC_ENCRYPT))
10848                 ipw_set_hwcrypto_keys(priv);
10849
10850         /* To match current functionality of ipw2100 (which works well w/
10851          * various supplicants, we don't force a disassociate if the
10852          * privacy capability changes ... */
10853 #if 0
10854         if ((priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) &&
10855             (((priv->assoc_request.capability &
10856                cpu_to_le16(WLAN_CAPABILITY_PRIVACY)) && !sec->enabled) ||
10857              (!(priv->assoc_request.capability &
10858                 cpu_to_le16(WLAN_CAPABILITY_PRIVACY)) && sec->enabled))) {
10859                 IPW_DEBUG_ASSOC("Disassociating due to capability "
10860                                 "change.\n");
10861                 ipw_disassociate(priv);
10862         }
10863 #endif
10864 }
10865
10866 static int init_supported_rates(struct ipw_priv *priv,
10867                                 struct ipw_supported_rates *rates)
10868 {
10869         /* TODO: Mask out rates based on priv->rates_mask */
10870
10871         memset(rates, 0, sizeof(*rates));
10872         /* configure supported rates */
10873         switch (priv->ieee->freq_band) {
10874         case IEEE80211_52GHZ_BAND:
10875                 rates->ieee_mode = IPW_A_MODE;
10876                 rates->purpose = IPW_RATE_CAPABILITIES;
10877                 ipw_add_ofdm_scan_rates(rates, IEEE80211_CCK_MODULATION,
10878                                         IEEE80211_OFDM_DEFAULT_RATES_MASK);
10879                 break;
10880
10881         default:                /* Mixed or 2.4Ghz */
10882                 rates->ieee_mode = IPW_G_MODE;
10883                 rates->purpose = IPW_RATE_CAPABILITIES;
10884                 ipw_add_cck_scan_rates(rates, IEEE80211_CCK_MODULATION,
10885                                        IEEE80211_CCK_DEFAULT_RATES_MASK);
10886                 if (priv->ieee->modulation & IEEE80211_OFDM_MODULATION) {
10887                         ipw_add_ofdm_scan_rates(rates, IEEE80211_CCK_MODULATION,
10888                                                 IEEE80211_OFDM_DEFAULT_RATES_MASK);
10889                 }
10890                 break;
10891         }
10892
10893         return 0;
10894 }
10895
10896 static int ipw_config(struct ipw_priv *priv)
10897 {
10898         /* This is only called from ipw_up, which resets/reloads the firmware
10899            so, we don't need to first disable the card before we configure
10900            it */
10901         if (ipw_set_tx_power(priv))
10902                 goto error;
10903
10904         /* initialize adapter address */
10905         if (ipw_send_adapter_address(priv, priv->net_dev->dev_addr))
10906                 goto error;
10907
10908         /* set basic system config settings */
10909         init_sys_config(&priv->sys_config);
10910
10911         /* Support Bluetooth if we have BT h/w on board, and user wants to.
10912          * Does not support BT priority yet (don't abort or defer our Tx) */
10913         if (bt_coexist) {
10914                 unsigned char bt_caps = priv->eeprom[EEPROM_SKU_CAPABILITY];
10915
10916                 if (bt_caps & EEPROM_SKU_CAP_BT_CHANNEL_SIG)
10917                         priv->sys_config.bt_coexistence
10918                             |= CFG_BT_COEXISTENCE_SIGNAL_CHNL;
10919                 if (bt_caps & EEPROM_SKU_CAP_BT_OOB)
10920                         priv->sys_config.bt_coexistence
10921                             |= CFG_BT_COEXISTENCE_OOB;
10922         }
10923
10924 #ifdef CONFIG_IPW2200_PROMISCUOUS
10925         if (priv->prom_net_dev && netif_running(priv->prom_net_dev)) {
10926                 priv->sys_config.accept_all_data_frames = 1;
10927                 priv->sys_config.accept_non_directed_frames = 1;
10928                 priv->sys_config.accept_all_mgmt_bcpr = 1;
10929                 priv->sys_config.accept_all_mgmt_frames = 1;
10930         }
10931 #endif
10932
10933         if (priv->ieee->iw_mode == IW_MODE_ADHOC)
10934                 priv->sys_config.answer_broadcast_ssid_probe = 1;
10935         else
10936                 priv->sys_config.answer_broadcast_ssid_probe = 0;
10937
10938         if (ipw_send_system_config(priv))
10939                 goto error;
10940
10941         init_supported_rates(priv, &priv->rates);
10942         if (ipw_send_supported_rates(priv, &priv->rates))
10943                 goto error;
10944
10945         /* Set request-to-send threshold */
10946         if (priv->rts_threshold) {
10947                 if (ipw_send_rts_threshold(priv, priv->rts_threshold))
10948                         goto error;
10949         }
10950 #ifdef CONFIG_IPW2200_QOS
10951         IPW_DEBUG_QOS("QoS: call ipw_qos_activate\n");
10952         ipw_qos_activate(priv, NULL);
10953 #endif                          /* CONFIG_IPW2200_QOS */
10954
10955         if (ipw_set_random_seed(priv))
10956                 goto error;
10957
10958         /* final state transition to the RUN state */
10959         if (ipw_send_host_complete(priv))
10960                 goto error;
10961
10962         priv->status |= STATUS_INIT;
10963
10964         ipw_led_init(priv);
10965         ipw_led_radio_on(priv);
10966         priv->notif_missed_beacons = 0;
10967
10968         /* Set hardware WEP key if it is configured. */
10969         if ((priv->capability & CAP_PRIVACY_ON) &&
10970             (priv->ieee->sec.level == SEC_LEVEL_1) &&
10971             !(priv->ieee->host_encrypt || priv->ieee->host_decrypt))
10972                 ipw_set_hwcrypto_keys(priv);
10973
10974         return 0;
10975
10976       error:
10977         return -EIO;
10978 }
10979
10980 /*
10981  * NOTE:
10982  *
10983  * These tables have been tested in conjunction with the
10984  * Intel PRO/Wireless 2200BG and 2915ABG Network Connection Adapters.
10985  *
10986  * Altering this values, using it on other hardware, or in geographies
10987  * not intended for resale of the above mentioned Intel adapters has
10988  * not been tested.
10989  *
10990  * Remember to update the table in README.ipw2200 when changing this
10991  * table.
10992  *
10993  */
10994 static const struct ieee80211_geo ipw_geos[] = {
10995         {                       /* Restricted */
10996          "---",
10997          .bg_channels = 11,
10998          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
10999                 {2427, 4}, {2432, 5}, {2437, 6},
11000                 {2442, 7}, {2447, 8}, {2452, 9},
11001                 {2457, 10}, {2462, 11}},
11002          },
11003
11004         {                       /* Custom US/Canada */
11005          "ZZF",
11006          .bg_channels = 11,
11007          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11008                 {2427, 4}, {2432, 5}, {2437, 6},
11009                 {2442, 7}, {2447, 8}, {2452, 9},
11010                 {2457, 10}, {2462, 11}},
11011          .a_channels = 8,
11012          .a = {{5180, 36},
11013                {5200, 40},
11014                {5220, 44},
11015                {5240, 48},
11016                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11017                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11018                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11019                {5320, 64, IEEE80211_CH_PASSIVE_ONLY}},
11020          },
11021
11022         {                       /* Rest of World */
11023          "ZZD",
11024          .bg_channels = 13,
11025          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11026                 {2427, 4}, {2432, 5}, {2437, 6},
11027                 {2442, 7}, {2447, 8}, {2452, 9},
11028                 {2457, 10}, {2462, 11}, {2467, 12},
11029                 {2472, 13}},
11030          },
11031
11032         {                       /* Custom USA & Europe & High */
11033          "ZZA",
11034          .bg_channels = 11,
11035          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11036                 {2427, 4}, {2432, 5}, {2437, 6},
11037                 {2442, 7}, {2447, 8}, {2452, 9},
11038                 {2457, 10}, {2462, 11}},
11039          .a_channels = 13,
11040          .a = {{5180, 36},
11041                {5200, 40},
11042                {5220, 44},
11043                {5240, 48},
11044                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11045                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11046                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11047                {5320, 64, IEEE80211_CH_PASSIVE_ONLY},
11048                {5745, 149},
11049                {5765, 153},
11050                {5785, 157},
11051                {5805, 161},
11052                {5825, 165}},
11053          },
11054
11055         {                       /* Custom NA & Europe */
11056          "ZZB",
11057          .bg_channels = 11,
11058          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11059                 {2427, 4}, {2432, 5}, {2437, 6},
11060                 {2442, 7}, {2447, 8}, {2452, 9},
11061                 {2457, 10}, {2462, 11}},
11062          .a_channels = 13,
11063          .a = {{5180, 36},
11064                {5200, 40},
11065                {5220, 44},
11066                {5240, 48},
11067                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11068                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11069                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11070                {5320, 64, IEEE80211_CH_PASSIVE_ONLY},
11071                {5745, 149, IEEE80211_CH_PASSIVE_ONLY},
11072                {5765, 153, IEEE80211_CH_PASSIVE_ONLY},
11073                {5785, 157, IEEE80211_CH_PASSIVE_ONLY},
11074                {5805, 161, IEEE80211_CH_PASSIVE_ONLY},
11075                {5825, 165, IEEE80211_CH_PASSIVE_ONLY}},
11076          },
11077
11078         {                       /* Custom Japan */
11079          "ZZC",
11080          .bg_channels = 11,
11081          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11082                 {2427, 4}, {2432, 5}, {2437, 6},
11083                 {2442, 7}, {2447, 8}, {2452, 9},
11084                 {2457, 10}, {2462, 11}},
11085          .a_channels = 4,
11086          .a = {{5170, 34}, {5190, 38},
11087                {5210, 42}, {5230, 46}},
11088          },
11089
11090         {                       /* Custom */
11091          "ZZM",
11092          .bg_channels = 11,
11093          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11094                 {2427, 4}, {2432, 5}, {2437, 6},
11095                 {2442, 7}, {2447, 8}, {2452, 9},
11096                 {2457, 10}, {2462, 11}},
11097          },
11098
11099         {                       /* Europe */
11100          "ZZE",
11101          .bg_channels = 13,
11102          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11103                 {2427, 4}, {2432, 5}, {2437, 6},
11104                 {2442, 7}, {2447, 8}, {2452, 9},
11105                 {2457, 10}, {2462, 11}, {2467, 12},
11106                 {2472, 13}},
11107          .a_channels = 19,
11108          .a = {{5180, 36},
11109                {5200, 40},
11110                {5220, 44},
11111                {5240, 48},
11112                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11113                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11114                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11115                {5320, 64, IEEE80211_CH_PASSIVE_ONLY},
11116                {5500, 100, IEEE80211_CH_PASSIVE_ONLY},
11117                {5520, 104, IEEE80211_CH_PASSIVE_ONLY},
11118                {5540, 108, IEEE80211_CH_PASSIVE_ONLY},
11119                {5560, 112, IEEE80211_CH_PASSIVE_ONLY},
11120                {5580, 116, IEEE80211_CH_PASSIVE_ONLY},
11121                {5600, 120, IEEE80211_CH_PASSIVE_ONLY},
11122                {5620, 124, IEEE80211_CH_PASSIVE_ONLY},
11123                {5640, 128, IEEE80211_CH_PASSIVE_ONLY},
11124                {5660, 132, IEEE80211_CH_PASSIVE_ONLY},
11125                {5680, 136, IEEE80211_CH_PASSIVE_ONLY},
11126                {5700, 140, IEEE80211_CH_PASSIVE_ONLY}},
11127          },
11128
11129         {                       /* Custom Japan */
11130          "ZZJ",
11131          .bg_channels = 14,
11132          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11133                 {2427, 4}, {2432, 5}, {2437, 6},
11134                 {2442, 7}, {2447, 8}, {2452, 9},
11135                 {2457, 10}, {2462, 11}, {2467, 12},
11136                 {2472, 13}, {2484, 14, IEEE80211_CH_B_ONLY}},
11137          .a_channels = 4,
11138          .a = {{5170, 34}, {5190, 38},
11139                {5210, 42}, {5230, 46}},
11140          },
11141
11142         {                       /* Rest of World */
11143          "ZZR",
11144          .bg_channels = 14,
11145          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11146                 {2427, 4}, {2432, 5}, {2437, 6},
11147                 {2442, 7}, {2447, 8}, {2452, 9},
11148                 {2457, 10}, {2462, 11}, {2467, 12},
11149                 {2472, 13}, {2484, 14, IEEE80211_CH_B_ONLY |
11150                              IEEE80211_CH_PASSIVE_ONLY}},
11151          },
11152
11153         {                       /* High Band */
11154          "ZZH",
11155          .bg_channels = 13,
11156          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11157                 {2427, 4}, {2432, 5}, {2437, 6},
11158                 {2442, 7}, {2447, 8}, {2452, 9},
11159                 {2457, 10}, {2462, 11},
11160                 {2467, 12, IEEE80211_CH_PASSIVE_ONLY},
11161                 {2472, 13, IEEE80211_CH_PASSIVE_ONLY}},
11162          .a_channels = 4,
11163          .a = {{5745, 149}, {5765, 153},
11164                {5785, 157}, {5805, 161}},
11165          },
11166
11167         {                       /* Custom Europe */
11168          "ZZG",
11169          .bg_channels = 13,
11170          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11171                 {2427, 4}, {2432, 5}, {2437, 6},
11172                 {2442, 7}, {2447, 8}, {2452, 9},
11173                 {2457, 10}, {2462, 11},
11174                 {2467, 12}, {2472, 13}},
11175          .a_channels = 4,
11176          .a = {{5180, 36}, {5200, 40},
11177                {5220, 44}, {5240, 48}},
11178          },
11179
11180         {                       /* Europe */
11181          "ZZK",
11182          .bg_channels = 13,
11183          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11184                 {2427, 4}, {2432, 5}, {2437, 6},
11185                 {2442, 7}, {2447, 8}, {2452, 9},
11186                 {2457, 10}, {2462, 11},
11187                 {2467, 12, IEEE80211_CH_PASSIVE_ONLY},
11188                 {2472, 13, IEEE80211_CH_PASSIVE_ONLY}},
11189          .a_channels = 24,
11190          .a = {{5180, 36, IEEE80211_CH_PASSIVE_ONLY},
11191                {5200, 40, IEEE80211_CH_PASSIVE_ONLY},
11192                {5220, 44, IEEE80211_CH_PASSIVE_ONLY},
11193                {5240, 48, IEEE80211_CH_PASSIVE_ONLY},
11194                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11195                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11196                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11197                {5320, 64, IEEE80211_CH_PASSIVE_ONLY},
11198                {5500, 100, IEEE80211_CH_PASSIVE_ONLY},
11199                {5520, 104, IEEE80211_CH_PASSIVE_ONLY},
11200                {5540, 108, IEEE80211_CH_PASSIVE_ONLY},
11201                {5560, 112, IEEE80211_CH_PASSIVE_ONLY},
11202                {5580, 116, IEEE80211_CH_PASSIVE_ONLY},
11203                {5600, 120, IEEE80211_CH_PASSIVE_ONLY},
11204                {5620, 124, IEEE80211_CH_PASSIVE_ONLY},
11205                {5640, 128, IEEE80211_CH_PASSIVE_ONLY},
11206                {5660, 132, IEEE80211_CH_PASSIVE_ONLY},
11207                {5680, 136, IEEE80211_CH_PASSIVE_ONLY},
11208                {5700, 140, IEEE80211_CH_PASSIVE_ONLY},
11209                {5745, 149, IEEE80211_CH_PASSIVE_ONLY},
11210                {5765, 153, IEEE80211_CH_PASSIVE_ONLY},
11211                {5785, 157, IEEE80211_CH_PASSIVE_ONLY},
11212                {5805, 161, IEEE80211_CH_PASSIVE_ONLY},
11213                {5825, 165, IEEE80211_CH_PASSIVE_ONLY}},
11214          },
11215
11216         {                       /* Europe */
11217          "ZZL",
11218          .bg_channels = 11,
11219          .bg = {{2412, 1}, {2417, 2}, {2422, 3},
11220                 {2427, 4}, {2432, 5}, {2437, 6},
11221                 {2442, 7}, {2447, 8}, {2452, 9},
11222                 {2457, 10}, {2462, 11}},
11223          .a_channels = 13,
11224          .a = {{5180, 36, IEEE80211_CH_PASSIVE_ONLY},
11225                {5200, 40, IEEE80211_CH_PASSIVE_ONLY},
11226                {5220, 44, IEEE80211_CH_PASSIVE_ONLY},
11227                {5240, 48, IEEE80211_CH_PASSIVE_ONLY},
11228                {5260, 52, IEEE80211_CH_PASSIVE_ONLY},
11229                {5280, 56, IEEE80211_CH_PASSIVE_ONLY},
11230                {5300, 60, IEEE80211_CH_PASSIVE_ONLY},
11231                {5320, 64, IEEE80211_CH_PASSIVE_ONLY},
11232                {5745, 149, IEEE80211_CH_PASSIVE_ONLY},
11233                {5765, 153, IEEE80211_CH_PASSIVE_ONLY},
11234                {5785, 157, IEEE80211_CH_PASSIVE_ONLY},
11235                {5805, 161, IEEE80211_CH_PASSIVE_ONLY},
11236                {5825, 165, IEEE80211_CH_PASSIVE_ONLY}},
11237          }
11238 };
11239
11240 #define MAX_HW_RESTARTS 5
11241 static int ipw_up(struct ipw_priv *priv)
11242 {
11243         int rc, i, j;
11244
11245         if (priv->status & STATUS_EXIT_PENDING)
11246                 return -EIO;
11247
11248         if (cmdlog && !priv->cmdlog) {
11249                 priv->cmdlog = kcalloc(cmdlog, sizeof(*priv->cmdlog),
11250                                        GFP_KERNEL);
11251                 if (priv->cmdlog == NULL) {
11252                         IPW_ERROR("Error allocating %d command log entries.\n",
11253                                   cmdlog);
11254                         return -ENOMEM;
11255                 } else {
11256                         priv->cmdlog_len = cmdlog;
11257                 }
11258         }
11259
11260         for (i = 0; i < MAX_HW_RESTARTS; i++) {
11261                 /* Load the microcode, firmware, and eeprom.
11262                  * Also start the clocks. */
11263                 rc = ipw_load(priv);
11264                 if (rc) {
11265                         IPW_ERROR("Unable to load firmware: %d\n", rc);
11266                         return rc;
11267                 }
11268
11269                 ipw_init_ordinals(priv);
11270                 if (!(priv->config & CFG_CUSTOM_MAC))
11271                         eeprom_parse_mac(priv, priv->mac_addr);
11272                 memcpy(priv->net_dev->dev_addr, priv->mac_addr, ETH_ALEN);
11273
11274                 for (j = 0; j < ARRAY_SIZE(ipw_geos); j++) {
11275                         if (!memcmp(&priv->eeprom[EEPROM_COUNTRY_CODE],
11276                                     ipw_geos[j].name, 3))
11277                                 break;
11278                 }
11279                 if (j == ARRAY_SIZE(ipw_geos)) {
11280                         IPW_WARNING("SKU [%c%c%c] not recognized.\n",
11281                                     priv->eeprom[EEPROM_COUNTRY_CODE + 0],
11282                                     priv->eeprom[EEPROM_COUNTRY_CODE + 1],
11283                                     priv->eeprom[EEPROM_COUNTRY_CODE + 2]);
11284                         j = 0;
11285                 }
11286                 if (ieee80211_set_geo(priv->ieee, &ipw_geos[j])) {
11287                         IPW_WARNING("Could not set geography.");
11288                         return 0;
11289                 }
11290
11291                 if (priv->status & STATUS_RF_KILL_SW) {
11292                         IPW_WARNING("Radio disabled by module parameter.\n");
11293                         return 0;
11294                 } else if (rf_kill_active(priv)) {
11295                         IPW_WARNING("Radio Frequency Kill Switch is On:\n"
11296                                     "Kill switch must be turned off for "
11297                                     "wireless networking to work.\n");
11298                         queue_delayed_work(priv->workqueue, &priv->rf_kill,
11299                                            2 * HZ);
11300                         return 0;
11301                 }
11302
11303                 rc = ipw_config(priv);
11304                 if (!rc) {
11305                         IPW_DEBUG_INFO("Configured device on count %i\n", i);
11306
11307                         /* If configure to try and auto-associate, kick
11308                          * off a scan. */
11309                         queue_delayed_work(priv->workqueue,
11310                                            &priv->request_scan, 0);
11311
11312                         return 0;
11313                 }
11314
11315                 IPW_DEBUG_INFO("Device configuration failed: 0x%08X\n", rc);
11316                 IPW_DEBUG_INFO("Failed to config device on retry %d of %d\n",
11317                                i, MAX_HW_RESTARTS);
11318
11319                 /* We had an error bringing up the hardware, so take it
11320                  * all the way back down so we can try again */
11321                 ipw_down(priv);
11322         }
11323
11324         /* tried to restart and config the device for as long as our
11325          * patience could withstand */
11326         IPW_ERROR("Unable to initialize device after %d attempts.\n", i);
11327
11328         return -EIO;
11329 }
11330
11331 static void ipw_bg_up(struct work_struct *work)
11332 {
11333         struct ipw_priv *priv =
11334                 container_of(work, struct ipw_priv, up);
11335         mutex_lock(&priv->mutex);
11336         ipw_up(priv);
11337         mutex_unlock(&priv->mutex);
11338 }
11339
11340 static void ipw_deinit(struct ipw_priv *priv)
11341 {
11342         int i;
11343
11344         if (priv->status & STATUS_SCANNING) {
11345                 IPW_DEBUG_INFO("Aborting scan during shutdown.\n");
11346                 ipw_abort_scan(priv);
11347         }
11348
11349         if (priv->status & STATUS_ASSOCIATED) {
11350                 IPW_DEBUG_INFO("Disassociating during shutdown.\n");
11351                 ipw_disassociate(priv);
11352         }
11353
11354         ipw_led_shutdown(priv);
11355
11356         /* Wait up to 1s for status to change to not scanning and not
11357          * associated (disassociation can take a while for a ful 802.11
11358          * exchange */
11359         for (i = 1000; i && (priv->status &
11360                              (STATUS_DISASSOCIATING |
11361                               STATUS_ASSOCIATED | STATUS_SCANNING)); i--)
11362                 udelay(10);
11363
11364         if (priv->status & (STATUS_DISASSOCIATING |
11365                             STATUS_ASSOCIATED | STATUS_SCANNING))
11366                 IPW_DEBUG_INFO("Still associated or scanning...\n");
11367         else
11368                 IPW_DEBUG_INFO("Took %dms to de-init\n", 1000 - i);
11369
11370         /* Attempt to disable the card */
11371         ipw_send_card_disable(priv, 0);
11372
11373         priv->status &= ~STATUS_INIT;
11374 }
11375
11376 static void ipw_down(struct ipw_priv *priv)
11377 {
11378         int exit_pending = priv->status & STATUS_EXIT_PENDING;
11379
11380         priv->status |= STATUS_EXIT_PENDING;
11381
11382         if (ipw_is_init(priv))
11383                 ipw_deinit(priv);
11384
11385         /* Wipe out the EXIT_PENDING status bit if we are not actually
11386          * exiting the module */
11387         if (!exit_pending)
11388                 priv->status &= ~STATUS_EXIT_PENDING;
11389
11390         /* tell the device to stop sending interrupts */
11391         ipw_disable_interrupts(priv);
11392
11393         /* Clear all bits but the RF Kill */
11394         priv->status &= STATUS_RF_KILL_MASK | STATUS_EXIT_PENDING;
11395         netif_carrier_off(priv->net_dev);
11396
11397         ipw_stop_nic(priv);
11398
11399         ipw_led_radio_off(priv);
11400 }
11401
11402 static void ipw_bg_down(struct work_struct *work)
11403 {
11404         struct ipw_priv *priv =
11405                 container_of(work, struct ipw_priv, down);
11406         mutex_lock(&priv->mutex);
11407         ipw_down(priv);
11408         mutex_unlock(&priv->mutex);
11409 }
11410
11411 /* Called by register_netdev() */
11412 static int ipw_net_init(struct net_device *dev)
11413 {
11414         struct ipw_priv *priv = ieee80211_priv(dev);
11415         mutex_lock(&priv->mutex);
11416
11417         if (ipw_up(priv)) {
11418                 mutex_unlock(&priv->mutex);
11419                 return -EIO;
11420         }
11421
11422         mutex_unlock(&priv->mutex);
11423         return 0;
11424 }
11425
11426 /* PCI driver stuff */
11427 static struct pci_device_id card_ids[] = {
11428         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2701, 0, 0, 0},
11429         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2702, 0, 0, 0},
11430         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2711, 0, 0, 0},
11431         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2712, 0, 0, 0},
11432         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2721, 0, 0, 0},
11433         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2722, 0, 0, 0},
11434         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2731, 0, 0, 0},
11435         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2732, 0, 0, 0},
11436         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2741, 0, 0, 0},
11437         {PCI_VENDOR_ID_INTEL, 0x1043, 0x103c, 0x2741, 0, 0, 0},
11438         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2742, 0, 0, 0},
11439         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2751, 0, 0, 0},
11440         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2752, 0, 0, 0},
11441         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2753, 0, 0, 0},
11442         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2754, 0, 0, 0},
11443         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2761, 0, 0, 0},
11444         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2762, 0, 0, 0},
11445         {PCI_VENDOR_ID_INTEL, 0x104f, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0},
11446         {PCI_VENDOR_ID_INTEL, 0x4220, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* BG */
11447         {PCI_VENDOR_ID_INTEL, 0x4221, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* BG */
11448         {PCI_VENDOR_ID_INTEL, 0x4223, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* ABG */
11449         {PCI_VENDOR_ID_INTEL, 0x4224, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* ABG */
11450
11451         /* required last entry */
11452         {0,}
11453 };
11454
11455 MODULE_DEVICE_TABLE(pci, card_ids);
11456
11457 static struct attribute *ipw_sysfs_entries[] = {
11458         &dev_attr_rf_kill.attr,
11459         &dev_attr_direct_dword.attr,
11460         &dev_attr_indirect_byte.attr,
11461         &dev_attr_indirect_dword.attr,
11462         &dev_attr_mem_gpio_reg.attr,
11463         &dev_attr_command_event_reg.attr,
11464         &dev_attr_nic_type.attr,
11465         &dev_attr_status.attr,
11466         &dev_attr_cfg.attr,
11467         &dev_attr_error.attr,
11468         &dev_attr_event_log.attr,
11469         &dev_attr_cmd_log.attr,
11470         &dev_attr_eeprom_delay.attr,
11471         &dev_attr_ucode_version.attr,
11472         &dev_attr_rtc.attr,
11473         &dev_attr_scan_age.attr,
11474         &dev_attr_led.attr,
11475         &dev_attr_speed_scan.attr,
11476         &dev_attr_net_stats.attr,
11477         &dev_attr_channels.attr,
11478 #ifdef CONFIG_IPW2200_PROMISCUOUS
11479         &dev_attr_rtap_iface.attr,
11480         &dev_attr_rtap_filter.attr,
11481 #endif
11482         NULL
11483 };
11484
11485 static struct attribute_group ipw_attribute_group = {
11486         .name = NULL,           /* put in device directory */
11487         .attrs = ipw_sysfs_entries,
11488 };
11489
11490 #ifdef CONFIG_IPW2200_PROMISCUOUS
11491 static int ipw_prom_open(struct net_device *dev)
11492 {
11493         struct ipw_prom_priv *prom_priv = ieee80211_priv(dev);
11494         struct ipw_priv *priv = prom_priv->priv;
11495
11496         IPW_DEBUG_INFO("prom dev->open\n");
11497         netif_carrier_off(dev);
11498
11499         if (priv->ieee->iw_mode != IW_MODE_MONITOR) {
11500                 priv->sys_config.accept_all_data_frames = 1;
11501                 priv->sys_config.accept_non_directed_frames = 1;
11502                 priv->sys_config.accept_all_mgmt_bcpr = 1;
11503                 priv->sys_config.accept_all_mgmt_frames = 1;
11504
11505                 ipw_send_system_config(priv);
11506         }
11507
11508         return 0;
11509 }
11510
11511 static int ipw_prom_stop(struct net_device *dev)
11512 {
11513         struct ipw_prom_priv *prom_priv = ieee80211_priv(dev);
11514         struct ipw_priv *priv = prom_priv->priv;
11515
11516         IPW_DEBUG_INFO("prom dev->stop\n");
11517
11518         if (priv->ieee->iw_mode != IW_MODE_MONITOR) {
11519                 priv->sys_config.accept_all_data_frames = 0;
11520                 priv->sys_config.accept_non_directed_frames = 0;
11521                 priv->sys_config.accept_all_mgmt_bcpr = 0;
11522                 priv->sys_config.accept_all_mgmt_frames = 0;
11523
11524                 ipw_send_system_config(priv);
11525         }
11526
11527         return 0;
11528 }
11529
11530 static int ipw_prom_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
11531 {
11532         IPW_DEBUG_INFO("prom dev->xmit\n");
11533         return -EOPNOTSUPP;
11534 }
11535
11536 static struct net_device_stats *ipw_prom_get_stats(struct net_device *dev)
11537 {
11538         struct ipw_prom_priv *prom_priv = ieee80211_priv(dev);
11539         return &prom_priv->ieee->stats;
11540 }
11541
11542 static int ipw_prom_alloc(struct ipw_priv *priv)
11543 {
11544         int rc = 0;
11545
11546         if (priv->prom_net_dev)
11547                 return -EPERM;
11548
11549         priv->prom_net_dev = alloc_ieee80211(sizeof(struct ipw_prom_priv));
11550         if (priv->prom_net_dev == NULL)
11551                 return -ENOMEM;
11552
11553         priv->prom_priv = ieee80211_priv(priv->prom_net_dev);
11554         priv->prom_priv->ieee = netdev_priv(priv->prom_net_dev);
11555         priv->prom_priv->priv = priv;
11556
11557         strcpy(priv->prom_net_dev->name, "rtap%d");
11558         memcpy(priv->prom_net_dev->dev_addr, priv->mac_addr, ETH_ALEN);
11559
11560         priv->prom_net_dev->type = ARPHRD_IEEE80211_RADIOTAP;
11561         priv->prom_net_dev->open = ipw_prom_open;
11562         priv->prom_net_dev->stop = ipw_prom_stop;
11563         priv->prom_net_dev->get_stats = ipw_prom_get_stats;
11564         priv->prom_net_dev->hard_start_xmit = ipw_prom_hard_start_xmit;
11565
11566         priv->prom_priv->ieee->iw_mode = IW_MODE_MONITOR;
11567         SET_NETDEV_DEV(priv->prom_net_dev, &priv->pci_dev->dev);
11568
11569         rc = register_netdev(priv->prom_net_dev);
11570         if (rc) {
11571                 free_ieee80211(priv->prom_net_dev);
11572                 priv->prom_net_dev = NULL;
11573                 return rc;
11574         }
11575
11576         return 0;
11577 }
11578
11579 static void ipw_prom_free(struct ipw_priv *priv)
11580 {
11581         if (!priv->prom_net_dev)
11582                 return;
11583
11584         unregister_netdev(priv->prom_net_dev);
11585         free_ieee80211(priv->prom_net_dev);
11586
11587         priv->prom_net_dev = NULL;
11588 }
11589
11590 #endif
11591
11592
11593 static int __devinit ipw_pci_probe(struct pci_dev *pdev,
11594                                    const struct pci_device_id *ent)
11595 {
11596         int err = 0;
11597         struct net_device *net_dev;
11598         void __iomem *base;
11599         u32 length, val;
11600         struct ipw_priv *priv;
11601         int i;
11602
11603         net_dev = alloc_ieee80211(sizeof(struct ipw_priv));
11604         if (net_dev == NULL) {
11605                 err = -ENOMEM;
11606                 goto out;
11607         }
11608
11609         priv = ieee80211_priv(net_dev);
11610         priv->ieee = netdev_priv(net_dev);
11611
11612         priv->net_dev = net_dev;
11613         priv->pci_dev = pdev;
11614         ipw_debug_level = debug;
11615         spin_lock_init(&priv->irq_lock);
11616         spin_lock_init(&priv->lock);
11617         for (i = 0; i < IPW_IBSS_MAC_HASH_SIZE; i++)
11618                 INIT_LIST_HEAD(&priv->ibss_mac_hash[i]);
11619
11620         mutex_init(&priv->mutex);
11621         if (pci_enable_device(pdev)) {
11622                 err = -ENODEV;
11623                 goto out_free_ieee80211;
11624         }
11625
11626         pci_set_master(pdev);
11627
11628         err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
11629         if (!err)
11630                 err = pci_set_consistent_dma_mask(pdev, DMA_32BIT_MASK);
11631         if (err) {
11632                 printk(KERN_WARNING DRV_NAME ": No suitable DMA available.\n");
11633                 goto out_pci_disable_device;
11634         }
11635
11636         pci_set_drvdata(pdev, priv);
11637
11638         err = pci_request_regions(pdev, DRV_NAME);
11639         if (err)
11640                 goto out_pci_disable_device;
11641
11642         /* We disable the RETRY_TIMEOUT register (0x41) to keep
11643          * PCI Tx retries from interfering with C3 CPU state */
11644         pci_read_config_dword(pdev, 0x40, &val);
11645         if ((val & 0x0000ff00) != 0)
11646                 pci_write_config_dword(pdev, 0x40, val & 0xffff00ff);
11647
11648         length = pci_resource_len(pdev, 0);
11649         priv->hw_len = length;
11650
11651         base = ioremap_nocache(pci_resource_start(pdev, 0), length);
11652         if (!base) {
11653                 err = -ENODEV;
11654                 goto out_pci_release_regions;
11655         }
11656
11657         priv->hw_base = base;
11658         IPW_DEBUG_INFO("pci_resource_len = 0x%08x\n", length);
11659         IPW_DEBUG_INFO("pci_resource_base = %p\n", base);
11660
11661         err = ipw_setup_deferred_work(priv);
11662         if (err) {
11663                 IPW_ERROR("Unable to setup deferred work\n");
11664                 goto out_iounmap;
11665         }
11666
11667         ipw_sw_reset(priv, 1);
11668
11669         err = request_irq(pdev->irq, ipw_isr, IRQF_SHARED, DRV_NAME, priv);
11670         if (err) {
11671                 IPW_ERROR("Error allocating IRQ %d\n", pdev->irq);
11672                 goto out_destroy_workqueue;
11673         }
11674
11675         SET_NETDEV_DEV(net_dev, &pdev->dev);
11676
11677         mutex_lock(&priv->mutex);
11678
11679         priv->ieee->hard_start_xmit = ipw_net_hard_start_xmit;
11680         priv->ieee->set_security = shim__set_security;
11681         priv->ieee->is_queue_full = ipw_net_is_queue_full;
11682
11683 #ifdef CONFIG_IPW2200_QOS
11684         priv->ieee->is_qos_active = ipw_is_qos_active;
11685         priv->ieee->handle_probe_response = ipw_handle_beacon;
11686         priv->ieee->handle_beacon = ipw_handle_probe_response;
11687         priv->ieee->handle_assoc_response = ipw_handle_assoc_response;
11688 #endif                          /* CONFIG_IPW2200_QOS */
11689
11690         priv->ieee->perfect_rssi = -20;
11691         priv->ieee->worst_rssi = -85;
11692
11693         net_dev->open = ipw_net_open;
11694         net_dev->stop = ipw_net_stop;
11695         net_dev->init = ipw_net_init;
11696         net_dev->get_stats = ipw_net_get_stats;
11697         net_dev->set_multicast_list = ipw_net_set_multicast_list;
11698         net_dev->set_mac_address = ipw_net_set_mac_address;
11699         priv->wireless_data.spy_data = &priv->ieee->spy_data;
11700         net_dev->wireless_data = &priv->wireless_data;
11701         net_dev->wireless_handlers = &ipw_wx_handler_def;
11702         net_dev->ethtool_ops = &ipw_ethtool_ops;
11703         net_dev->irq = pdev->irq;
11704         net_dev->base_addr = (unsigned long)priv->hw_base;
11705         net_dev->mem_start = pci_resource_start(pdev, 0);
11706         net_dev->mem_end = net_dev->mem_start + pci_resource_len(pdev, 0) - 1;
11707
11708         err = sysfs_create_group(&pdev->dev.kobj, &ipw_attribute_group);
11709         if (err) {
11710                 IPW_ERROR("failed to create sysfs device attributes\n");
11711                 mutex_unlock(&priv->mutex);
11712                 goto out_release_irq;
11713         }
11714
11715         mutex_unlock(&priv->mutex);
11716         err = register_netdev(net_dev);
11717         if (err) {
11718                 IPW_ERROR("failed to register network device\n");
11719                 goto out_remove_sysfs;
11720         }
11721
11722 #ifdef CONFIG_IPW2200_PROMISCUOUS
11723         if (rtap_iface) {
11724                 err = ipw_prom_alloc(priv);
11725                 if (err) {
11726                         IPW_ERROR("Failed to register promiscuous network "
11727                                   "device (error %d).\n", err);
11728                         unregister_netdev(priv->net_dev);
11729                         goto out_remove_sysfs;
11730                 }
11731         }
11732 #endif
11733
11734         printk(KERN_INFO DRV_NAME ": Detected geography %s (%d 802.11bg "
11735                "channels, %d 802.11a channels)\n",
11736                priv->ieee->geo.name, priv->ieee->geo.bg_channels,
11737                priv->ieee->geo.a_channels);
11738
11739         return 0;
11740
11741       out_remove_sysfs:
11742         sysfs_remove_group(&pdev->dev.kobj, &ipw_attribute_group);
11743       out_release_irq:
11744         free_irq(pdev->irq, priv);
11745       out_destroy_workqueue:
11746         destroy_workqueue(priv->workqueue);
11747         priv->workqueue = NULL;
11748       out_iounmap:
11749         iounmap(priv->hw_base);
11750       out_pci_release_regions:
11751         pci_release_regions(pdev);
11752       out_pci_disable_device:
11753         pci_disable_device(pdev);
11754         pci_set_drvdata(pdev, NULL);
11755       out_free_ieee80211:
11756         free_ieee80211(priv->net_dev);
11757       out:
11758         return err;
11759 }
11760
11761 static void __devexit ipw_pci_remove(struct pci_dev *pdev)
11762 {
11763         struct ipw_priv *priv = pci_get_drvdata(pdev);
11764         struct list_head *p, *q;
11765         int i;
11766
11767         if (!priv)
11768                 return;
11769
11770         mutex_lock(&priv->mutex);
11771
11772         priv->status |= STATUS_EXIT_PENDING;
11773         ipw_down(priv);
11774         sysfs_remove_group(&pdev->dev.kobj, &ipw_attribute_group);
11775
11776         mutex_unlock(&priv->mutex);
11777
11778         unregister_netdev(priv->net_dev);
11779
11780         if (priv->rxq) {
11781                 ipw_rx_queue_free(priv, priv->rxq);
11782                 priv->rxq = NULL;
11783         }
11784         ipw_tx_queue_free(priv);
11785
11786         if (priv->cmdlog) {
11787                 kfree(priv->cmdlog);
11788                 priv->cmdlog = NULL;
11789         }
11790         /* ipw_down will ensure that there is no more pending work
11791          * in the workqueue's, so we can safely remove them now. */
11792         cancel_delayed_work(&priv->adhoc_check);
11793         cancel_delayed_work(&priv->gather_stats);
11794         cancel_delayed_work(&priv->request_scan);
11795         cancel_delayed_work(&priv->request_direct_scan);
11796         cancel_delayed_work(&priv->request_passive_scan);
11797         cancel_delayed_work(&priv->scan_event);
11798         cancel_delayed_work(&priv->rf_kill);
11799         cancel_delayed_work(&priv->scan_check);
11800         destroy_workqueue(priv->workqueue);
11801         priv->workqueue = NULL;
11802
11803         /* Free MAC hash list for ADHOC */
11804         for (i = 0; i < IPW_IBSS_MAC_HASH_SIZE; i++) {
11805                 list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) {
11806                         list_del(p);
11807                         kfree(list_entry(p, struct ipw_ibss_seq, list));
11808                 }
11809         }
11810
11811         kfree(priv->error);
11812         priv->error = NULL;
11813
11814 #ifdef CONFIG_IPW2200_PROMISCUOUS
11815         ipw_prom_free(priv);
11816 #endif
11817
11818         free_irq(pdev->irq, priv);
11819         iounmap(priv->hw_base);
11820         pci_release_regions(pdev);
11821         pci_disable_device(pdev);
11822         pci_set_drvdata(pdev, NULL);
11823         free_ieee80211(priv->net_dev);
11824         free_firmware();
11825 }
11826
11827 #ifdef CONFIG_PM
11828 static int ipw_pci_suspend(struct pci_dev *pdev, pm_message_t state)
11829 {
11830         struct ipw_priv *priv = pci_get_drvdata(pdev);
11831         struct net_device *dev = priv->net_dev;
11832
11833         printk(KERN_INFO "%s: Going into suspend...\n", dev->name);
11834
11835         /* Take down the device; powers it off, etc. */
11836         ipw_down(priv);
11837
11838         /* Remove the PRESENT state of the device */
11839         netif_device_detach(dev);
11840
11841         pci_save_state(pdev);
11842         pci_disable_device(pdev);
11843         pci_set_power_state(pdev, pci_choose_state(pdev, state));
11844
11845         return 0;
11846 }
11847
11848 static int ipw_pci_resume(struct pci_dev *pdev)
11849 {
11850         struct ipw_priv *priv = pci_get_drvdata(pdev);
11851         struct net_device *dev = priv->net_dev;
11852         int err;
11853         u32 val;
11854
11855         printk(KERN_INFO "%s: Coming out of suspend...\n", dev->name);
11856
11857         pci_set_power_state(pdev, PCI_D0);
11858         err = pci_enable_device(pdev);
11859         if (err) {
11860                 printk(KERN_ERR "%s: pci_enable_device failed on resume\n",
11861                        dev->name);
11862                 return err;
11863         }
11864         pci_restore_state(pdev);
11865
11866         /*
11867          * Suspend/Resume resets the PCI configuration space, so we have to
11868          * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
11869          * from interfering with C3 CPU state. pci_restore_state won't help
11870          * here since it only restores the first 64 bytes pci config header.
11871          */
11872         pci_read_config_dword(pdev, 0x40, &val);
11873         if ((val & 0x0000ff00) != 0)
11874                 pci_write_config_dword(pdev, 0x40, val & 0xffff00ff);
11875
11876         /* Set the device back into the PRESENT state; this will also wake
11877          * the queue of needed */
11878         netif_device_attach(dev);
11879
11880         /* Bring the device back up */
11881         queue_work(priv->workqueue, &priv->up);
11882
11883         return 0;
11884 }
11885 #endif
11886
11887 static void ipw_pci_shutdown(struct pci_dev *pdev)
11888 {
11889         struct ipw_priv *priv = pci_get_drvdata(pdev);
11890
11891         /* Take down the device; powers it off, etc. */
11892         ipw_down(priv);
11893
11894         pci_disable_device(pdev);
11895 }
11896
11897 /* driver initialization stuff */
11898 static struct pci_driver ipw_driver = {
11899         .name = DRV_NAME,
11900         .id_table = card_ids,
11901         .probe = ipw_pci_probe,
11902         .remove = __devexit_p(ipw_pci_remove),
11903 #ifdef CONFIG_PM
11904         .suspend = ipw_pci_suspend,
11905         .resume = ipw_pci_resume,
11906 #endif
11907         .shutdown = ipw_pci_shutdown,
11908 };
11909
11910 static int __init ipw_init(void)
11911 {
11912         int ret;
11913
11914         printk(KERN_INFO DRV_NAME ": " DRV_DESCRIPTION ", " DRV_VERSION "\n");
11915         printk(KERN_INFO DRV_NAME ": " DRV_COPYRIGHT "\n");
11916
11917         ret = pci_register_driver(&ipw_driver);
11918         if (ret) {
11919                 IPW_ERROR("Unable to initialize PCI module\n");
11920                 return ret;
11921         }
11922
11923         ret = driver_create_file(&ipw_driver.driver, &driver_attr_debug_level);
11924         if (ret) {
11925                 IPW_ERROR("Unable to create driver sysfs file\n");
11926                 pci_unregister_driver(&ipw_driver);
11927                 return ret;
11928         }
11929
11930         return ret;
11931 }
11932
11933 static void __exit ipw_exit(void)
11934 {
11935         driver_remove_file(&ipw_driver.driver, &driver_attr_debug_level);
11936         pci_unregister_driver(&ipw_driver);
11937 }
11938
11939 module_param(disable, int, 0444);
11940 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
11941
11942 module_param(associate, int, 0444);
11943 MODULE_PARM_DESC(associate, "auto associate when scanning (default on)");
11944
11945 module_param(auto_create, int, 0444);
11946 MODULE_PARM_DESC(auto_create, "auto create adhoc network (default on)");
11947
11948 module_param(led, int, 0444);
11949 MODULE_PARM_DESC(led, "enable led control on some systems (default 0 off)");
11950
11951 module_param(debug, int, 0444);
11952 MODULE_PARM_DESC(debug, "debug output mask");
11953
11954 module_param(channel, int, 0444);
11955 MODULE_PARM_DESC(channel, "channel to limit associate to (default 0 [ANY])");
11956
11957 #ifdef CONFIG_IPW2200_PROMISCUOUS
11958 module_param(rtap_iface, int, 0444);
11959 MODULE_PARM_DESC(rtap_iface, "create the rtap interface (1 - create, default 0)");
11960 #endif
11961
11962 #ifdef CONFIG_IPW2200_QOS
11963 module_param(qos_enable, int, 0444);
11964 MODULE_PARM_DESC(qos_enable, "enable all QoS functionalitis");
11965
11966 module_param(qos_burst_enable, int, 0444);
11967 MODULE_PARM_DESC(qos_burst_enable, "enable QoS burst mode");
11968
11969 module_param(qos_no_ack_mask, int, 0444);
11970 MODULE_PARM_DESC(qos_no_ack_mask, "mask Tx_Queue to no ack");
11971
11972 module_param(burst_duration_CCK, int, 0444);
11973 MODULE_PARM_DESC(burst_duration_CCK, "set CCK burst value");
11974
11975 module_param(burst_duration_OFDM, int, 0444);
11976 MODULE_PARM_DESC(burst_duration_OFDM, "set OFDM burst value");
11977 #endif                          /* CONFIG_IPW2200_QOS */
11978
11979 #ifdef CONFIG_IPW2200_MONITOR
11980 module_param(mode, int, 0444);
11981 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
11982 #else
11983 module_param(mode, int, 0444);
11984 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS)");
11985 #endif
11986
11987 module_param(bt_coexist, int, 0444);
11988 MODULE_PARM_DESC(bt_coexist, "enable bluetooth coexistence (default off)");
11989
11990 module_param(hwcrypto, int, 0444);
11991 MODULE_PARM_DESC(hwcrypto, "enable hardware crypto (default off)");
11992
11993 module_param(cmdlog, int, 0444);
11994 MODULE_PARM_DESC(cmdlog,
11995                  "allocate a ring buffer for logging firmware commands");
11996
11997 module_param(roaming, int, 0444);
11998 MODULE_PARM_DESC(roaming, "enable roaming support (default on)");
11999
12000 module_param(antenna, int, 0444);
12001 MODULE_PARM_DESC(antenna, "select antenna 1=Main, 3=Aux, default 0 [both], 2=slow_diversity (choose the one with lower background noise)");
12002
12003 module_exit(ipw_exit);
12004 module_init(ipw_init);