Merge /spare/repo/linux-2.6/
[linux-2.6] / drivers / net / wireless / ipw2200.c
1 /******************************************************************************
2
3   Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.
4
5   802.11 status code portion of this file from ethereal-0.10.6:
6     Copyright 2000, Axis Communications AB
7     Ethereal - Network traffic analyzer
8     By Gerald Combs <gerald@ethereal.com>
9     Copyright 1998 Gerald Combs
10
11   This program is free software; you can redistribute it and/or modify it
12   under the terms of version 2 of the GNU General Public License as
13   published by the Free Software Foundation.
14
15   This program is distributed in the hope that it will be useful, but WITHOUT
16   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17   FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
18   more details.
19
20   You should have received a copy of the GNU General Public License along with
21   this program; if not, write to the Free Software Foundation, Inc., 59
22   Temple Place - Suite 330, Boston, MA  02111-1307, USA.
23
24   The full GNU General Public License is included in this distribution in the
25   file called LICENSE.
26
27   Contact Information:
28   James P. Ketrenos <ipw2100-admin@linux.intel.com>
29   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
30
31 ******************************************************************************/
32
33 #include "ipw2200.h"
34
35 #define IPW2200_VERSION "1.0.0"
36 #define DRV_DESCRIPTION "Intel(R) PRO/Wireless 2200/2915 Network Driver"
37 #define DRV_COPYRIGHT   "Copyright(c) 2003-2004 Intel Corporation"
38 #define DRV_VERSION     IPW2200_VERSION
39
40 MODULE_DESCRIPTION(DRV_DESCRIPTION);
41 MODULE_VERSION(DRV_VERSION);
42 MODULE_AUTHOR(DRV_COPYRIGHT);
43 MODULE_LICENSE("GPL");
44
45 static int debug = 0;
46 static int channel = 0;
47 static char *ifname;
48 static int mode = 0;
49
50 static u32 ipw_debug_level;
51 static int associate = 1;
52 static int auto_create = 1;
53 static int disable = 0;
54 static const char ipw_modes[] = {
55         'a', 'b', 'g', '?'
56 };
57
58 static void ipw_rx(struct ipw_priv *priv);
59 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
60                                 struct clx2_tx_queue *txq, int qindex);
61 static int ipw_queue_reset(struct ipw_priv *priv);
62
63 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
64                              int len, int sync);
65
66 static void ipw_tx_queue_free(struct ipw_priv *);
67
68 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *);
69 static void ipw_rx_queue_free(struct ipw_priv *, struct ipw_rx_queue *);
70 static void ipw_rx_queue_replenish(void *);
71
72 static int ipw_up(struct ipw_priv *);
73 static void ipw_down(struct ipw_priv *);
74 static int ipw_config(struct ipw_priv *);
75 static int init_supported_rates(struct ipw_priv *priv,
76                                 struct ipw_supported_rates *prates);
77
78 static u8 band_b_active_channel[MAX_B_CHANNELS] = {
79         1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0
80 };
81 static u8 band_a_active_channel[MAX_A_CHANNELS] = {
82         36, 40, 44, 48, 149, 153, 157, 161, 165, 52, 56, 60, 64, 0
83 };
84
85 static int is_valid_channel(int mode_mask, int channel)
86 {
87         int i;
88
89         if (!channel)
90                 return 0;
91
92         if (mode_mask & IEEE_A)
93                 for (i = 0; i < MAX_A_CHANNELS; i++)
94                         if (band_a_active_channel[i] == channel)
95                                 return IEEE_A;
96
97         if (mode_mask & (IEEE_B | IEEE_G))
98                 for (i = 0; i < MAX_B_CHANNELS; i++)
99                         if (band_b_active_channel[i] == channel)
100                                 return mode_mask & (IEEE_B | IEEE_G);
101
102         return 0;
103 }
104
105 static char *snprint_line(char *buf, size_t count,
106                           const u8 * data, u32 len, u32 ofs)
107 {
108         int out, i, j, l;
109         char c;
110
111         out = snprintf(buf, count, "%08X", ofs);
112
113         for (l = 0, i = 0; i < 2; i++) {
114                 out += snprintf(buf + out, count - out, " ");
115                 for (j = 0; j < 8 && l < len; j++, l++)
116                         out += snprintf(buf + out, count - out, "%02X ",
117                                         data[(i * 8 + j)]);
118                 for (; j < 8; j++)
119                         out += snprintf(buf + out, count - out, "   ");
120         }
121
122         out += snprintf(buf + out, count - out, " ");
123         for (l = 0, i = 0; i < 2; i++) {
124                 out += snprintf(buf + out, count - out, " ");
125                 for (j = 0; j < 8 && l < len; j++, l++) {
126                         c = data[(i * 8 + j)];
127                         if (!isascii(c) || !isprint(c))
128                                 c = '.';
129
130                         out += snprintf(buf + out, count - out, "%c", c);
131                 }
132
133                 for (; j < 8; j++)
134                         out += snprintf(buf + out, count - out, " ");
135         }
136
137         return buf;
138 }
139
140 static void printk_buf(int level, const u8 * data, u32 len)
141 {
142         char line[81];
143         u32 ofs = 0;
144         if (!(ipw_debug_level & level))
145                 return;
146
147         while (len) {
148                 printk(KERN_DEBUG "%s\n",
149                        snprint_line(line, sizeof(line), &data[ofs],
150                                     min(len, 16U), ofs));
151                 ofs += 16;
152                 len -= min(len, 16U);
153         }
154 }
155
156 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg);
157 #define ipw_read_reg32(a, b) _ipw_read_reg32(a, b)
158
159 static u8 _ipw_read_reg8(struct ipw_priv *ipw, u32 reg);
160 #define ipw_read_reg8(a, b) _ipw_read_reg8(a, b)
161
162 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value);
163 static inline void ipw_write_reg8(struct ipw_priv *a, u32 b, u8 c)
164 {
165         IPW_DEBUG_IO("%s %d: write_indirect8(0x%08X, 0x%08X)\n", __FILE__,
166                      __LINE__, (u32) (b), (u32) (c));
167         _ipw_write_reg8(a, b, c);
168 }
169
170 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value);
171 static inline void ipw_write_reg16(struct ipw_priv *a, u32 b, u16 c)
172 {
173         IPW_DEBUG_IO("%s %d: write_indirect16(0x%08X, 0x%08X)\n", __FILE__,
174                      __LINE__, (u32) (b), (u32) (c));
175         _ipw_write_reg16(a, b, c);
176 }
177
178 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value);
179 static inline void ipw_write_reg32(struct ipw_priv *a, u32 b, u32 c)
180 {
181         IPW_DEBUG_IO("%s %d: write_indirect32(0x%08X, 0x%08X)\n", __FILE__,
182                      __LINE__, (u32) (b), (u32) (c));
183         _ipw_write_reg32(a, b, c);
184 }
185
186 #define _ipw_write8(ipw, ofs, val) writeb((val), (ipw)->hw_base + (ofs))
187 #define ipw_write8(ipw, ofs, val) \
188  IPW_DEBUG_IO("%s %d: write_direct8(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
189  _ipw_write8(ipw, ofs, val)
190
191 #define _ipw_write16(ipw, ofs, val) writew((val), (ipw)->hw_base + (ofs))
192 #define ipw_write16(ipw, ofs, val) \
193  IPW_DEBUG_IO("%s %d: write_direct16(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
194  _ipw_write16(ipw, ofs, val)
195
196 #define _ipw_write32(ipw, ofs, val) writel((val), (ipw)->hw_base + (ofs))
197 #define ipw_write32(ipw, ofs, val) \
198  IPW_DEBUG_IO("%s %d: write_direct32(0x%08X, 0x%08X)\n", __FILE__, __LINE__, (u32)(ofs), (u32)(val)); \
199  _ipw_write32(ipw, ofs, val)
200
201 #define _ipw_read8(ipw, ofs) readb((ipw)->hw_base + (ofs))
202 static inline u8 __ipw_read8(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
203 {
204         IPW_DEBUG_IO("%s %d: read_direct8(0x%08X)\n", f, l, (u32) (ofs));
205         return _ipw_read8(ipw, ofs);
206 }
207
208 #define ipw_read8(ipw, ofs) __ipw_read8(__FILE__, __LINE__, ipw, ofs)
209
210 #define _ipw_read16(ipw, ofs) readw((ipw)->hw_base + (ofs))
211 static inline u16 __ipw_read16(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
212 {
213         IPW_DEBUG_IO("%s %d: read_direct16(0x%08X)\n", f, l, (u32) (ofs));
214         return _ipw_read16(ipw, ofs);
215 }
216
217 #define ipw_read16(ipw, ofs) __ipw_read16(__FILE__, __LINE__, ipw, ofs)
218
219 #define _ipw_read32(ipw, ofs) readl((ipw)->hw_base + (ofs))
220 static inline u32 __ipw_read32(char *f, u32 l, struct ipw_priv *ipw, u32 ofs)
221 {
222         IPW_DEBUG_IO("%s %d: read_direct32(0x%08X)\n", f, l, (u32) (ofs));
223         return _ipw_read32(ipw, ofs);
224 }
225
226 #define ipw_read32(ipw, ofs) __ipw_read32(__FILE__, __LINE__, ipw, ofs)
227
228 static void _ipw_read_indirect(struct ipw_priv *, u32, u8 *, int);
229 #define ipw_read_indirect(a, b, c, d) \
230         IPW_DEBUG_IO("%s %d: read_inddirect(0x%08X) %d bytes\n", __FILE__, __LINE__, (u32)(b), d); \
231         _ipw_read_indirect(a, b, c, d)
232
233 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * data,
234                                 int num);
235 #define ipw_write_indirect(a, b, c, d) \
236         IPW_DEBUG_IO("%s %d: write_indirect(0x%08X) %d bytes\n", __FILE__, __LINE__, (u32)(b), d); \
237         _ipw_write_indirect(a, b, c, d)
238
239 /* indirect write s */
240 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value)
241 {
242         IPW_DEBUG_IO(" %p : reg = 0x%8X : value = 0x%8X\n", priv, reg, value);
243         _ipw_write32(priv, CX2_INDIRECT_ADDR, reg);
244         _ipw_write32(priv, CX2_INDIRECT_DATA, value);
245 }
246
247 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value)
248 {
249         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
250         _ipw_write32(priv, CX2_INDIRECT_ADDR, reg & CX2_INDIRECT_ADDR_MASK);
251         _ipw_write8(priv, CX2_INDIRECT_DATA, value);
252         IPW_DEBUG_IO(" reg = 0x%8lX : value = 0x%8X\n",
253                      (unsigned long)(priv->hw_base + CX2_INDIRECT_DATA), value);
254 }
255
256 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value)
257 {
258         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
259         _ipw_write32(priv, CX2_INDIRECT_ADDR, reg & CX2_INDIRECT_ADDR_MASK);
260         _ipw_write16(priv, CX2_INDIRECT_DATA, value);
261 }
262
263 /* indirect read s */
264
265 static u8 _ipw_read_reg8(struct ipw_priv *priv, u32 reg)
266 {
267         u32 word;
268         _ipw_write32(priv, CX2_INDIRECT_ADDR, reg & CX2_INDIRECT_ADDR_MASK);
269         IPW_DEBUG_IO(" reg = 0x%8X : \n", reg);
270         word = _ipw_read32(priv, CX2_INDIRECT_DATA);
271         return (word >> ((reg & 0x3) * 8)) & 0xff;
272 }
273
274 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg)
275 {
276         u32 value;
277
278         IPW_DEBUG_IO("%p : reg = 0x%08x\n", priv, reg);
279
280         _ipw_write32(priv, CX2_INDIRECT_ADDR, reg);
281         value = _ipw_read32(priv, CX2_INDIRECT_DATA);
282         IPW_DEBUG_IO(" reg = 0x%4X : value = 0x%4x \n", reg, value);
283         return value;
284 }
285
286 /* iterative/auto-increment 32 bit reads and writes */
287 static void _ipw_read_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
288                                int num)
289 {
290         u32 aligned_addr = addr & CX2_INDIRECT_ADDR_MASK;
291         u32 dif_len = addr - aligned_addr;
292         u32 aligned_len;
293         u32 i;
294
295         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
296
297         /* Read the first nibble byte by byte */
298         if (unlikely(dif_len)) {
299                 /* Start reading at aligned_addr + dif_len */
300                 _ipw_write32(priv, CX2_INDIRECT_ADDR, aligned_addr);
301                 for (i = dif_len; i < 4; i++, buf++)
302                         *buf = _ipw_read8(priv, CX2_INDIRECT_DATA + i);
303                 num -= dif_len;
304                 aligned_addr += 4;
305         }
306
307         /* Read DWs through autoinc register */
308         _ipw_write32(priv, CX2_AUTOINC_ADDR, aligned_addr);
309         aligned_len = num & CX2_INDIRECT_ADDR_MASK;
310         for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
311                 *(u32 *) buf = ipw_read32(priv, CX2_AUTOINC_DATA);
312
313         /* Copy the last nibble */
314         dif_len = num - aligned_len;
315         _ipw_write32(priv, CX2_INDIRECT_ADDR, aligned_addr);
316         for (i = 0; i < dif_len; i++, buf++)
317                 *buf = ipw_read8(priv, CX2_INDIRECT_DATA + i);
318 }
319
320 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
321                                 int num)
322 {
323         u32 aligned_addr = addr & CX2_INDIRECT_ADDR_MASK;
324         u32 dif_len = addr - aligned_addr;
325         u32 aligned_len;
326         u32 i;
327
328         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
329
330         /* Write the first nibble byte by byte */
331         if (unlikely(dif_len)) {
332                 /* Start writing at aligned_addr + dif_len */
333                 _ipw_write32(priv, CX2_INDIRECT_ADDR, aligned_addr);
334                 for (i = dif_len; i < 4; i++, buf++)
335                         _ipw_write8(priv, CX2_INDIRECT_DATA + i, *buf);
336                 num -= dif_len;
337                 aligned_addr += 4;
338         }
339
340         /* Write DWs through autoinc register */
341         _ipw_write32(priv, CX2_AUTOINC_ADDR, aligned_addr);
342         aligned_len = num & CX2_INDIRECT_ADDR_MASK;
343         for (i = 0; i < aligned_len; i += 4, buf += 4, aligned_addr += 4)
344                 _ipw_write32(priv, CX2_AUTOINC_DATA, *(u32 *) buf);
345
346         /* Copy the last nibble */
347         dif_len = num - aligned_len;
348         _ipw_write32(priv, CX2_INDIRECT_ADDR, aligned_addr);
349         for (i = 0; i < dif_len; i++, buf++)
350                 _ipw_write8(priv, CX2_INDIRECT_DATA + i, *buf);
351 }
352
353 static void ipw_write_direct(struct ipw_priv *priv, u32 addr, void *buf,
354                              int num)
355 {
356         memcpy_toio((priv->hw_base + addr), buf, num);
357 }
358
359 static inline void ipw_set_bit(struct ipw_priv *priv, u32 reg, u32 mask)
360 {
361         ipw_write32(priv, reg, ipw_read32(priv, reg) | mask);
362 }
363
364 static inline void ipw_clear_bit(struct ipw_priv *priv, u32 reg, u32 mask)
365 {
366         ipw_write32(priv, reg, ipw_read32(priv, reg) & ~mask);
367 }
368
369 static inline void ipw_enable_interrupts(struct ipw_priv *priv)
370 {
371         if (priv->status & STATUS_INT_ENABLED)
372                 return;
373         priv->status |= STATUS_INT_ENABLED;
374         ipw_write32(priv, CX2_INTA_MASK_R, CX2_INTA_MASK_ALL);
375 }
376
377 static inline void ipw_disable_interrupts(struct ipw_priv *priv)
378 {
379         if (!(priv->status & STATUS_INT_ENABLED))
380                 return;
381         priv->status &= ~STATUS_INT_ENABLED;
382         ipw_write32(priv, CX2_INTA_MASK_R, ~CX2_INTA_MASK_ALL);
383 }
384
385 static char *ipw_error_desc(u32 val)
386 {
387         switch (val) {
388         case IPW_FW_ERROR_OK:
389                 return "ERROR_OK";
390         case IPW_FW_ERROR_FAIL:
391                 return "ERROR_FAIL";
392         case IPW_FW_ERROR_MEMORY_UNDERFLOW:
393                 return "MEMORY_UNDERFLOW";
394         case IPW_FW_ERROR_MEMORY_OVERFLOW:
395                 return "MEMORY_OVERFLOW";
396         case IPW_FW_ERROR_BAD_PARAM:
397                 return "ERROR_BAD_PARAM";
398         case IPW_FW_ERROR_BAD_CHECKSUM:
399                 return "ERROR_BAD_CHECKSUM";
400         case IPW_FW_ERROR_NMI_INTERRUPT:
401                 return "ERROR_NMI_INTERRUPT";
402         case IPW_FW_ERROR_BAD_DATABASE:
403                 return "ERROR_BAD_DATABASE";
404         case IPW_FW_ERROR_ALLOC_FAIL:
405                 return "ERROR_ALLOC_FAIL";
406         case IPW_FW_ERROR_DMA_UNDERRUN:
407                 return "ERROR_DMA_UNDERRUN";
408         case IPW_FW_ERROR_DMA_STATUS:
409                 return "ERROR_DMA_STATUS";
410         case IPW_FW_ERROR_DINOSTATUS_ERROR:
411                 return "ERROR_DINOSTATUS_ERROR";
412         case IPW_FW_ERROR_EEPROMSTATUS_ERROR:
413                 return "ERROR_EEPROMSTATUS_ERROR";
414         case IPW_FW_ERROR_SYSASSERT:
415                 return "ERROR_SYSASSERT";
416         case IPW_FW_ERROR_FATAL_ERROR:
417                 return "ERROR_FATALSTATUS_ERROR";
418         default:
419                 return "UNKNOWNSTATUS_ERROR";
420         }
421 }
422
423 static void ipw_dump_nic_error_log(struct ipw_priv *priv)
424 {
425         u32 desc, time, blink1, blink2, ilink1, ilink2, idata, i, count, base;
426
427         base = ipw_read32(priv, IPWSTATUS_ERROR_LOG);
428         count = ipw_read_reg32(priv, base);
429
430         if (ERROR_START_OFFSET <= count * ERROR_ELEM_SIZE) {
431                 IPW_ERROR("Start IPW Error Log Dump:\n");
432                 IPW_ERROR("Status: 0x%08X, Config: %08X\n",
433                           priv->status, priv->config);
434         }
435
436         for (i = ERROR_START_OFFSET;
437              i <= count * ERROR_ELEM_SIZE; i += ERROR_ELEM_SIZE) {
438                 desc = ipw_read_reg32(priv, base + i);
439                 time = ipw_read_reg32(priv, base + i + 1 * sizeof(u32));
440                 blink1 = ipw_read_reg32(priv, base + i + 2 * sizeof(u32));
441                 blink2 = ipw_read_reg32(priv, base + i + 3 * sizeof(u32));
442                 ilink1 = ipw_read_reg32(priv, base + i + 4 * sizeof(u32));
443                 ilink2 = ipw_read_reg32(priv, base + i + 5 * sizeof(u32));
444                 idata = ipw_read_reg32(priv, base + i + 6 * sizeof(u32));
445
446                 IPW_ERROR("%s %i 0x%08x  0x%08x  0x%08x  0x%08x  0x%08x\n",
447                           ipw_error_desc(desc), time, blink1, blink2,
448                           ilink1, ilink2, idata);
449         }
450 }
451
452 static void ipw_dump_nic_event_log(struct ipw_priv *priv)
453 {
454         u32 ev, time, data, i, count, base;
455
456         base = ipw_read32(priv, IPW_EVENT_LOG);
457         count = ipw_read_reg32(priv, base);
458
459         if (EVENT_START_OFFSET <= count * EVENT_ELEM_SIZE)
460                 IPW_ERROR("Start IPW Event Log Dump:\n");
461
462         for (i = EVENT_START_OFFSET;
463              i <= count * EVENT_ELEM_SIZE; i += EVENT_ELEM_SIZE) {
464                 ev = ipw_read_reg32(priv, base + i);
465                 time = ipw_read_reg32(priv, base + i + 1 * sizeof(u32));
466                 data = ipw_read_reg32(priv, base + i + 2 * sizeof(u32));
467
468 #ifdef CONFIG_IPW_DEBUG
469                 IPW_ERROR("%i\t0x%08x\t%i\n", time, data, ev);
470 #endif
471         }
472 }
473
474 static int ipw_get_ordinal(struct ipw_priv *priv, u32 ord, void *val, u32 * len)
475 {
476         u32 addr, field_info, field_len, field_count, total_len;
477
478         IPW_DEBUG_ORD("ordinal = %i\n", ord);
479
480         if (!priv || !val || !len) {
481                 IPW_DEBUG_ORD("Invalid argument\n");
482                 return -EINVAL;
483         }
484
485         /* verify device ordinal tables have been initialized */
486         if (!priv->table0_addr || !priv->table1_addr || !priv->table2_addr) {
487                 IPW_DEBUG_ORD("Access ordinals before initialization\n");
488                 return -EINVAL;
489         }
490
491         switch (IPW_ORD_TABLE_ID_MASK & ord) {
492         case IPW_ORD_TABLE_0_MASK:
493                 /*
494                  * TABLE 0: Direct access to a table of 32 bit values
495                  *
496                  * This is a very simple table with the data directly
497                  * read from the table
498                  */
499
500                 /* remove the table id from the ordinal */
501                 ord &= IPW_ORD_TABLE_VALUE_MASK;
502
503                 /* boundary check */
504                 if (ord > priv->table0_len) {
505                         IPW_DEBUG_ORD("ordinal value (%i) longer then "
506                                       "max (%i)\n", ord, priv->table0_len);
507                         return -EINVAL;
508                 }
509
510                 /* verify we have enough room to store the value */
511                 if (*len < sizeof(u32)) {
512                         IPW_DEBUG_ORD("ordinal buffer length too small, "
513                                       "need %zd\n", sizeof(u32));
514                         return -EINVAL;
515                 }
516
517                 IPW_DEBUG_ORD("Reading TABLE0[%i] from offset 0x%08x\n",
518                               ord, priv->table0_addr + (ord << 2));
519
520                 *len = sizeof(u32);
521                 ord <<= 2;
522                 *((u32 *) val) = ipw_read32(priv, priv->table0_addr + ord);
523                 break;
524
525         case IPW_ORD_TABLE_1_MASK:
526                 /*
527                  * TABLE 1: Indirect access to a table of 32 bit values
528                  *
529                  * This is a fairly large table of u32 values each
530                  * representing starting addr for the data (which is
531                  * also a u32)
532                  */
533
534                 /* remove the table id from the ordinal */
535                 ord &= IPW_ORD_TABLE_VALUE_MASK;
536
537                 /* boundary check */
538                 if (ord > priv->table1_len) {
539                         IPW_DEBUG_ORD("ordinal value too long\n");
540                         return -EINVAL;
541                 }
542
543                 /* verify we have enough room to store the value */
544                 if (*len < sizeof(u32)) {
545                         IPW_DEBUG_ORD("ordinal buffer length too small, "
546                                       "need %zd\n", sizeof(u32));
547                         return -EINVAL;
548                 }
549
550                 *((u32 *) val) =
551                     ipw_read_reg32(priv, (priv->table1_addr + (ord << 2)));
552                 *len = sizeof(u32);
553                 break;
554
555         case IPW_ORD_TABLE_2_MASK:
556                 /*
557                  * TABLE 2: Indirect access to a table of variable sized values
558                  *
559                  * This table consist of six values, each containing
560                  *     - dword containing the starting offset of the data
561                  *     - dword containing the lengh in the first 16bits
562                  *       and the count in the second 16bits
563                  */
564
565                 /* remove the table id from the ordinal */
566                 ord &= IPW_ORD_TABLE_VALUE_MASK;
567
568                 /* boundary check */
569                 if (ord > priv->table2_len) {
570                         IPW_DEBUG_ORD("ordinal value too long\n");
571                         return -EINVAL;
572                 }
573
574                 /* get the address of statistic */
575                 addr = ipw_read_reg32(priv, priv->table2_addr + (ord << 3));
576
577                 /* get the second DW of statistics ;
578                  * two 16-bit words - first is length, second is count */
579                 field_info =
580                     ipw_read_reg32(priv,
581                                    priv->table2_addr + (ord << 3) +
582                                    sizeof(u32));
583
584                 /* get each entry length */
585                 field_len = *((u16 *) & field_info);
586
587                 /* get number of entries */
588                 field_count = *(((u16 *) & field_info) + 1);
589
590                 /* abort if not enought memory */
591                 total_len = field_len * field_count;
592                 if (total_len > *len) {
593                         *len = total_len;
594                         return -EINVAL;
595                 }
596
597                 *len = total_len;
598                 if (!total_len)
599                         return 0;
600
601                 IPW_DEBUG_ORD("addr = 0x%08x, total_len = %i, "
602                               "field_info = 0x%08x\n",
603                               addr, total_len, field_info);
604                 ipw_read_indirect(priv, addr, val, total_len);
605                 break;
606
607         default:
608                 IPW_DEBUG_ORD("Invalid ordinal!\n");
609                 return -EINVAL;
610
611         }
612
613         return 0;
614 }
615
616 static void ipw_init_ordinals(struct ipw_priv *priv)
617 {
618         priv->table0_addr = IPW_ORDINALS_TABLE_LOWER;
619         priv->table0_len = ipw_read32(priv, priv->table0_addr);
620
621         IPW_DEBUG_ORD("table 0 offset at 0x%08x, len = %i\n",
622                       priv->table0_addr, priv->table0_len);
623
624         priv->table1_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_1);
625         priv->table1_len = ipw_read_reg32(priv, priv->table1_addr);
626
627         IPW_DEBUG_ORD("table 1 offset at 0x%08x, len = %i\n",
628                       priv->table1_addr, priv->table1_len);
629
630         priv->table2_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_2);
631         priv->table2_len = ipw_read_reg32(priv, priv->table2_addr);
632         priv->table2_len &= 0x0000ffff; /* use first two bytes */
633
634         IPW_DEBUG_ORD("table 2 offset at 0x%08x, len = %i\n",
635                       priv->table2_addr, priv->table2_len);
636
637 }
638
639 /*
640  * The following adds a new attribute to the sysfs representation
641  * of this device driver (i.e. a new file in /sys/bus/pci/drivers/ipw/)
642  * used for controling the debug level.
643  *
644  * See the level definitions in ipw for details.
645  */
646 static ssize_t show_debug_level(struct device_driver *d, char *buf)
647 {
648         return sprintf(buf, "0x%08X\n", ipw_debug_level);
649 }
650 static ssize_t store_debug_level(struct device_driver *d,
651                                  const char *buf, size_t count)
652 {
653         char *p = (char *)buf;
654         u32 val;
655
656         if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
657                 p++;
658                 if (p[0] == 'x' || p[0] == 'X')
659                         p++;
660                 val = simple_strtoul(p, &p, 16);
661         } else
662                 val = simple_strtoul(p, &p, 10);
663         if (p == buf)
664                 printk(KERN_INFO DRV_NAME
665                        ": %s is not in hex or decimal form.\n", buf);
666         else
667                 ipw_debug_level = val;
668
669         return strnlen(buf, count);
670 }
671
672 static DRIVER_ATTR(debug_level, S_IWUSR | S_IRUGO,
673                    show_debug_level, store_debug_level);
674
675 static ssize_t show_status(struct device *d,
676                            struct device_attribute *attr, char *buf)
677 {
678         struct ipw_priv *p = d->driver_data;
679         return sprintf(buf, "0x%08x\n", (int)p->status);
680 }
681
682 static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
683
684 static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
685                         char *buf)
686 {
687         struct ipw_priv *p = d->driver_data;
688         return sprintf(buf, "0x%08x\n", (int)p->config);
689 }
690
691 static DEVICE_ATTR(cfg, S_IRUGO, show_cfg, NULL);
692
693 static ssize_t show_nic_type(struct device *d,
694                              struct device_attribute *attr, char *buf)
695 {
696         struct ipw_priv *p = d->driver_data;
697         u8 type = p->eeprom[EEPROM_NIC_TYPE];
698
699         switch (type) {
700         case EEPROM_NIC_TYPE_STANDARD:
701                 return sprintf(buf, "STANDARD\n");
702         case EEPROM_NIC_TYPE_DELL:
703                 return sprintf(buf, "DELL\n");
704         case EEPROM_NIC_TYPE_FUJITSU:
705                 return sprintf(buf, "FUJITSU\n");
706         case EEPROM_NIC_TYPE_IBM:
707                 return sprintf(buf, "IBM\n");
708         case EEPROM_NIC_TYPE_HP:
709                 return sprintf(buf, "HP\n");
710         }
711
712         return sprintf(buf, "UNKNOWN\n");
713 }
714
715 static DEVICE_ATTR(nic_type, S_IRUGO, show_nic_type, NULL);
716
717 static ssize_t dump_error_log(struct device *d,
718                               struct device_attribute *attr, const char *buf,
719                               size_t count)
720 {
721         char *p = (char *)buf;
722
723         if (p[0] == '1')
724                 ipw_dump_nic_error_log((struct ipw_priv *)d->driver_data);
725
726         return strnlen(buf, count);
727 }
728
729 static DEVICE_ATTR(dump_errors, S_IWUSR, NULL, dump_error_log);
730
731 static ssize_t dump_event_log(struct device *d,
732                               struct device_attribute *attr, const char *buf,
733                               size_t count)
734 {
735         char *p = (char *)buf;
736
737         if (p[0] == '1')
738                 ipw_dump_nic_event_log((struct ipw_priv *)d->driver_data);
739
740         return strnlen(buf, count);
741 }
742
743 static DEVICE_ATTR(dump_events, S_IWUSR, NULL, dump_event_log);
744
745 static ssize_t show_ucode_version(struct device *d,
746                                   struct device_attribute *attr, char *buf)
747 {
748         u32 len = sizeof(u32), tmp = 0;
749         struct ipw_priv *p = d->driver_data;
750
751         if (ipw_get_ordinal(p, IPW_ORD_STAT_UCODE_VERSION, &tmp, &len))
752                 return 0;
753
754         return sprintf(buf, "0x%08x\n", tmp);
755 }
756
757 static DEVICE_ATTR(ucode_version, S_IWUSR | S_IRUGO, show_ucode_version, NULL);
758
759 static ssize_t show_rtc(struct device *d, struct device_attribute *attr,
760                         char *buf)
761 {
762         u32 len = sizeof(u32), tmp = 0;
763         struct ipw_priv *p = d->driver_data;
764
765         if (ipw_get_ordinal(p, IPW_ORD_STAT_RTC, &tmp, &len))
766                 return 0;
767
768         return sprintf(buf, "0x%08x\n", tmp);
769 }
770
771 static DEVICE_ATTR(rtc, S_IWUSR | S_IRUGO, show_rtc, NULL);
772
773 /*
774  * Add a device attribute to view/control the delay between eeprom
775  * operations.
776  */
777 static ssize_t show_eeprom_delay(struct device *d,
778                                  struct device_attribute *attr, char *buf)
779 {
780         int n = ((struct ipw_priv *)d->driver_data)->eeprom_delay;
781         return sprintf(buf, "%i\n", n);
782 }
783 static ssize_t store_eeprom_delay(struct device *d,
784                                   struct device_attribute *attr,
785                                   const char *buf, size_t count)
786 {
787         struct ipw_priv *p = d->driver_data;
788         sscanf(buf, "%i", &p->eeprom_delay);
789         return strnlen(buf, count);
790 }
791
792 static DEVICE_ATTR(eeprom_delay, S_IWUSR | S_IRUGO,
793                    show_eeprom_delay, store_eeprom_delay);
794
795 static ssize_t show_command_event_reg(struct device *d,
796                                       struct device_attribute *attr, char *buf)
797 {
798         u32 reg = 0;
799         struct ipw_priv *p = d->driver_data;
800
801         reg = ipw_read_reg32(p, CX2_INTERNAL_CMD_EVENT);
802         return sprintf(buf, "0x%08x\n", reg);
803 }
804 static ssize_t store_command_event_reg(struct device *d,
805                                        struct device_attribute *attr,
806                                        const char *buf, size_t count)
807 {
808         u32 reg;
809         struct ipw_priv *p = d->driver_data;
810
811         sscanf(buf, "%x", &reg);
812         ipw_write_reg32(p, CX2_INTERNAL_CMD_EVENT, reg);
813         return strnlen(buf, count);
814 }
815
816 static DEVICE_ATTR(command_event_reg, S_IWUSR | S_IRUGO,
817                    show_command_event_reg, store_command_event_reg);
818
819 static ssize_t show_mem_gpio_reg(struct device *d,
820                                  struct device_attribute *attr, char *buf)
821 {
822         u32 reg = 0;
823         struct ipw_priv *p = d->driver_data;
824
825         reg = ipw_read_reg32(p, 0x301100);
826         return sprintf(buf, "0x%08x\n", reg);
827 }
828 static ssize_t store_mem_gpio_reg(struct device *d,
829                                   struct device_attribute *attr,
830                                   const char *buf, size_t count)
831 {
832         u32 reg;
833         struct ipw_priv *p = d->driver_data;
834
835         sscanf(buf, "%x", &reg);
836         ipw_write_reg32(p, 0x301100, reg);
837         return strnlen(buf, count);
838 }
839
840 static DEVICE_ATTR(mem_gpio_reg, S_IWUSR | S_IRUGO,
841                    show_mem_gpio_reg, store_mem_gpio_reg);
842
843 static ssize_t show_indirect_dword(struct device *d,
844                                    struct device_attribute *attr, char *buf)
845 {
846         u32 reg = 0;
847         struct ipw_priv *priv = d->driver_data;
848         if (priv->status & STATUS_INDIRECT_DWORD)
849                 reg = ipw_read_reg32(priv, priv->indirect_dword);
850         else
851                 reg = 0;
852
853         return sprintf(buf, "0x%08x\n", reg);
854 }
855 static ssize_t store_indirect_dword(struct device *d,
856                                     struct device_attribute *attr,
857                                     const char *buf, size_t count)
858 {
859         struct ipw_priv *priv = d->driver_data;
860
861         sscanf(buf, "%x", &priv->indirect_dword);
862         priv->status |= STATUS_INDIRECT_DWORD;
863         return strnlen(buf, count);
864 }
865
866 static DEVICE_ATTR(indirect_dword, S_IWUSR | S_IRUGO,
867                    show_indirect_dword, store_indirect_dword);
868
869 static ssize_t show_indirect_byte(struct device *d,
870                                   struct device_attribute *attr, char *buf)
871 {
872         u8 reg = 0;
873         struct ipw_priv *priv = d->driver_data;
874         if (priv->status & STATUS_INDIRECT_BYTE)
875                 reg = ipw_read_reg8(priv, priv->indirect_byte);
876         else
877                 reg = 0;
878
879         return sprintf(buf, "0x%02x\n", reg);
880 }
881 static ssize_t store_indirect_byte(struct device *d,
882                                    struct device_attribute *attr,
883                                    const char *buf, size_t count)
884 {
885         struct ipw_priv *priv = d->driver_data;
886
887         sscanf(buf, "%x", &priv->indirect_byte);
888         priv->status |= STATUS_INDIRECT_BYTE;
889         return strnlen(buf, count);
890 }
891
892 static DEVICE_ATTR(indirect_byte, S_IWUSR | S_IRUGO,
893                    show_indirect_byte, store_indirect_byte);
894
895 static ssize_t show_direct_dword(struct device *d,
896                                  struct device_attribute *attr, char *buf)
897 {
898         u32 reg = 0;
899         struct ipw_priv *priv = d->driver_data;
900
901         if (priv->status & STATUS_DIRECT_DWORD)
902                 reg = ipw_read32(priv, priv->direct_dword);
903         else
904                 reg = 0;
905
906         return sprintf(buf, "0x%08x\n", reg);
907 }
908 static ssize_t store_direct_dword(struct device *d,
909                                   struct device_attribute *attr,
910                                   const char *buf, size_t count)
911 {
912         struct ipw_priv *priv = d->driver_data;
913
914         sscanf(buf, "%x", &priv->direct_dword);
915         priv->status |= STATUS_DIRECT_DWORD;
916         return strnlen(buf, count);
917 }
918
919 static DEVICE_ATTR(direct_dword, S_IWUSR | S_IRUGO,
920                    show_direct_dword, store_direct_dword);
921
922 static inline int rf_kill_active(struct ipw_priv *priv)
923 {
924         if (0 == (ipw_read32(priv, 0x30) & 0x10000))
925                 priv->status |= STATUS_RF_KILL_HW;
926         else
927                 priv->status &= ~STATUS_RF_KILL_HW;
928
929         return (priv->status & STATUS_RF_KILL_HW) ? 1 : 0;
930 }
931
932 static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
933                             char *buf)
934 {
935         /* 0 - RF kill not enabled
936            1 - SW based RF kill active (sysfs)
937            2 - HW based RF kill active
938            3 - Both HW and SW baed RF kill active */
939         struct ipw_priv *priv = d->driver_data;
940         int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
941             (rf_kill_active(priv) ? 0x2 : 0x0);
942         return sprintf(buf, "%i\n", val);
943 }
944
945 static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio)
946 {
947         if ((disable_radio ? 1 : 0) ==
948             (priv->status & STATUS_RF_KILL_SW ? 1 : 0))
949                 return 0;
950
951         IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
952                           disable_radio ? "OFF" : "ON");
953
954         if (disable_radio) {
955                 priv->status |= STATUS_RF_KILL_SW;
956
957                 if (priv->workqueue) {
958                         cancel_delayed_work(&priv->request_scan);
959                 }
960                 wake_up_interruptible(&priv->wait_command_queue);
961                 queue_work(priv->workqueue, &priv->down);
962         } else {
963                 priv->status &= ~STATUS_RF_KILL_SW;
964                 if (rf_kill_active(priv)) {
965                         IPW_DEBUG_RF_KILL("Can not turn radio back on - "
966                                           "disabled by HW switch\n");
967                         /* Make sure the RF_KILL check timer is running */
968                         cancel_delayed_work(&priv->rf_kill);
969                         queue_delayed_work(priv->workqueue, &priv->rf_kill,
970                                            2 * HZ);
971                 } else
972                         queue_work(priv->workqueue, &priv->up);
973         }
974
975         return 1;
976 }
977
978 static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
979                              const char *buf, size_t count)
980 {
981         struct ipw_priv *priv = d->driver_data;
982
983         ipw_radio_kill_sw(priv, buf[0] == '1');
984
985         return count;
986 }
987
988 static DEVICE_ATTR(rf_kill, S_IWUSR | S_IRUGO, show_rf_kill, store_rf_kill);
989
990 static void ipw_irq_tasklet(struct ipw_priv *priv)
991 {
992         u32 inta, inta_mask, handled = 0;
993         unsigned long flags;
994         int rc = 0;
995
996         spin_lock_irqsave(&priv->lock, flags);
997
998         inta = ipw_read32(priv, CX2_INTA_RW);
999         inta_mask = ipw_read32(priv, CX2_INTA_MASK_R);
1000         inta &= (CX2_INTA_MASK_ALL & inta_mask);
1001
1002         /* Add any cached INTA values that need to be handled */
1003         inta |= priv->isr_inta;
1004
1005         /* handle all the justifications for the interrupt */
1006         if (inta & CX2_INTA_BIT_RX_TRANSFER) {
1007                 ipw_rx(priv);
1008                 handled |= CX2_INTA_BIT_RX_TRANSFER;
1009         }
1010
1011         if (inta & CX2_INTA_BIT_TX_CMD_QUEUE) {
1012                 IPW_DEBUG_HC("Command completed.\n");
1013                 rc = ipw_queue_tx_reclaim(priv, &priv->txq_cmd, -1);
1014                 priv->status &= ~STATUS_HCMD_ACTIVE;
1015                 wake_up_interruptible(&priv->wait_command_queue);
1016                 handled |= CX2_INTA_BIT_TX_CMD_QUEUE;
1017         }
1018
1019         if (inta & CX2_INTA_BIT_TX_QUEUE_1) {
1020                 IPW_DEBUG_TX("TX_QUEUE_1\n");
1021                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[0], 0);
1022                 handled |= CX2_INTA_BIT_TX_QUEUE_1;
1023         }
1024
1025         if (inta & CX2_INTA_BIT_TX_QUEUE_2) {
1026                 IPW_DEBUG_TX("TX_QUEUE_2\n");
1027                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[1], 1);
1028                 handled |= CX2_INTA_BIT_TX_QUEUE_2;
1029         }
1030
1031         if (inta & CX2_INTA_BIT_TX_QUEUE_3) {
1032                 IPW_DEBUG_TX("TX_QUEUE_3\n");
1033                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[2], 2);
1034                 handled |= CX2_INTA_BIT_TX_QUEUE_3;
1035         }
1036
1037         if (inta & CX2_INTA_BIT_TX_QUEUE_4) {
1038                 IPW_DEBUG_TX("TX_QUEUE_4\n");
1039                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[3], 3);
1040                 handled |= CX2_INTA_BIT_TX_QUEUE_4;
1041         }
1042
1043         if (inta & CX2_INTA_BIT_STATUS_CHANGE) {
1044                 IPW_WARNING("STATUS_CHANGE\n");
1045                 handled |= CX2_INTA_BIT_STATUS_CHANGE;
1046         }
1047
1048         if (inta & CX2_INTA_BIT_BEACON_PERIOD_EXPIRED) {
1049                 IPW_WARNING("TX_PERIOD_EXPIRED\n");
1050                 handled |= CX2_INTA_BIT_BEACON_PERIOD_EXPIRED;
1051         }
1052
1053         if (inta & CX2_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE) {
1054                 IPW_WARNING("HOST_CMD_DONE\n");
1055                 handled |= CX2_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE;
1056         }
1057
1058         if (inta & CX2_INTA_BIT_FW_INITIALIZATION_DONE) {
1059                 IPW_WARNING("FW_INITIALIZATION_DONE\n");
1060                 handled |= CX2_INTA_BIT_FW_INITIALIZATION_DONE;
1061         }
1062
1063         if (inta & CX2_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE) {
1064                 IPW_WARNING("PHY_OFF_DONE\n");
1065                 handled |= CX2_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE;
1066         }
1067
1068         if (inta & CX2_INTA_BIT_RF_KILL_DONE) {
1069                 IPW_DEBUG_RF_KILL("RF_KILL_DONE\n");
1070                 priv->status |= STATUS_RF_KILL_HW;
1071                 wake_up_interruptible(&priv->wait_command_queue);
1072                 netif_carrier_off(priv->net_dev);
1073                 netif_stop_queue(priv->net_dev);
1074                 cancel_delayed_work(&priv->request_scan);
1075                 queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
1076                 handled |= CX2_INTA_BIT_RF_KILL_DONE;
1077         }
1078
1079         if (inta & CX2_INTA_BIT_FATAL_ERROR) {
1080                 IPW_ERROR("Firmware error detected.  Restarting.\n");
1081 #ifdef CONFIG_IPW_DEBUG
1082                 if (ipw_debug_level & IPW_DL_FW_ERRORS) {
1083                         ipw_dump_nic_error_log(priv);
1084                         ipw_dump_nic_event_log(priv);
1085                 }
1086 #endif
1087                 queue_work(priv->workqueue, &priv->adapter_restart);
1088                 handled |= CX2_INTA_BIT_FATAL_ERROR;
1089         }
1090
1091         if (inta & CX2_INTA_BIT_PARITY_ERROR) {
1092                 IPW_ERROR("Parity error\n");
1093                 handled |= CX2_INTA_BIT_PARITY_ERROR;
1094         }
1095
1096         if (handled != inta) {
1097                 IPW_ERROR("Unhandled INTA bits 0x%08x\n", inta & ~handled);
1098         }
1099
1100         /* enable all interrupts */
1101         ipw_enable_interrupts(priv);
1102
1103         spin_unlock_irqrestore(&priv->lock, flags);
1104 }
1105
1106 #ifdef CONFIG_IPW_DEBUG
1107 #define IPW_CMD(x) case IPW_CMD_ ## x : return #x
1108 static char *get_cmd_string(u8 cmd)
1109 {
1110         switch (cmd) {
1111                 IPW_CMD(HOST_COMPLETE);
1112                 IPW_CMD(POWER_DOWN);
1113                 IPW_CMD(SYSTEM_CONFIG);
1114                 IPW_CMD(MULTICAST_ADDRESS);
1115                 IPW_CMD(SSID);
1116                 IPW_CMD(ADAPTER_ADDRESS);
1117                 IPW_CMD(PORT_TYPE);
1118                 IPW_CMD(RTS_THRESHOLD);
1119                 IPW_CMD(FRAG_THRESHOLD);
1120                 IPW_CMD(POWER_MODE);
1121                 IPW_CMD(WEP_KEY);
1122                 IPW_CMD(TGI_TX_KEY);
1123                 IPW_CMD(SCAN_REQUEST);
1124                 IPW_CMD(SCAN_REQUEST_EXT);
1125                 IPW_CMD(ASSOCIATE);
1126                 IPW_CMD(SUPPORTED_RATES);
1127                 IPW_CMD(SCAN_ABORT);
1128                 IPW_CMD(TX_FLUSH);
1129                 IPW_CMD(QOS_PARAMETERS);
1130                 IPW_CMD(DINO_CONFIG);
1131                 IPW_CMD(RSN_CAPABILITIES);
1132                 IPW_CMD(RX_KEY);
1133                 IPW_CMD(CARD_DISABLE);
1134                 IPW_CMD(SEED_NUMBER);
1135                 IPW_CMD(TX_POWER);
1136                 IPW_CMD(COUNTRY_INFO);
1137                 IPW_CMD(AIRONET_INFO);
1138                 IPW_CMD(AP_TX_POWER);
1139                 IPW_CMD(CCKM_INFO);
1140                 IPW_CMD(CCX_VER_INFO);
1141                 IPW_CMD(SET_CALIBRATION);
1142                 IPW_CMD(SENSITIVITY_CALIB);
1143                 IPW_CMD(RETRY_LIMIT);
1144                 IPW_CMD(IPW_PRE_POWER_DOWN);
1145                 IPW_CMD(VAP_BEACON_TEMPLATE);
1146                 IPW_CMD(VAP_DTIM_PERIOD);
1147                 IPW_CMD(EXT_SUPPORTED_RATES);
1148                 IPW_CMD(VAP_LOCAL_TX_PWR_CONSTRAINT);
1149                 IPW_CMD(VAP_QUIET_INTERVALS);
1150                 IPW_CMD(VAP_CHANNEL_SWITCH);
1151                 IPW_CMD(VAP_MANDATORY_CHANNELS);
1152                 IPW_CMD(VAP_CELL_PWR_LIMIT);
1153                 IPW_CMD(VAP_CF_PARAM_SET);
1154                 IPW_CMD(VAP_SET_BEACONING_STATE);
1155                 IPW_CMD(MEASUREMENT);
1156                 IPW_CMD(POWER_CAPABILITY);
1157                 IPW_CMD(SUPPORTED_CHANNELS);
1158                 IPW_CMD(TPC_REPORT);
1159                 IPW_CMD(WME_INFO);
1160                 IPW_CMD(PRODUCTION_COMMAND);
1161         default:
1162                 return "UNKNOWN";
1163         }
1164 }
1165 #endif                          /* CONFIG_IPW_DEBUG */
1166
1167 #define HOST_COMPLETE_TIMEOUT HZ
1168 static int ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd)
1169 {
1170         int rc = 0;
1171
1172         if (priv->status & STATUS_HCMD_ACTIVE) {
1173                 IPW_ERROR("Already sending a command\n");
1174                 return -1;
1175         }
1176
1177         priv->status |= STATUS_HCMD_ACTIVE;
1178
1179         IPW_DEBUG_HC("Sending %s command (#%d), %d bytes\n",
1180                      get_cmd_string(cmd->cmd), cmd->cmd, cmd->len);
1181         printk_buf(IPW_DL_HOST_COMMAND, (u8 *) cmd->param, cmd->len);
1182
1183         rc = ipw_queue_tx_hcmd(priv, cmd->cmd, &cmd->param, cmd->len, 0);
1184         if (rc)
1185                 return rc;
1186
1187         rc = wait_event_interruptible_timeout(priv->wait_command_queue,
1188                                               !(priv->
1189                                                 status & STATUS_HCMD_ACTIVE),
1190                                               HOST_COMPLETE_TIMEOUT);
1191         if (rc == 0) {
1192                 IPW_DEBUG_INFO("Command completion failed out after %dms.\n",
1193                                jiffies_to_msecs(HOST_COMPLETE_TIMEOUT));
1194                 priv->status &= ~STATUS_HCMD_ACTIVE;
1195                 return -EIO;
1196         }
1197         if (priv->status & STATUS_RF_KILL_MASK) {
1198                 IPW_DEBUG_INFO("Command aborted due to RF Kill Switch\n");
1199                 return -EIO;
1200         }
1201
1202         return 0;
1203 }
1204
1205 static int ipw_send_host_complete(struct ipw_priv *priv)
1206 {
1207         struct host_cmd cmd = {
1208                 .cmd = IPW_CMD_HOST_COMPLETE,
1209                 .len = 0
1210         };
1211
1212         if (!priv) {
1213                 IPW_ERROR("Invalid args\n");
1214                 return -1;
1215         }
1216
1217         if (ipw_send_cmd(priv, &cmd)) {
1218                 IPW_ERROR("failed to send HOST_COMPLETE command\n");
1219                 return -1;
1220         }
1221
1222         return 0;
1223 }
1224
1225 static int ipw_send_system_config(struct ipw_priv *priv,
1226                                   struct ipw_sys_config *config)
1227 {
1228         struct host_cmd cmd = {
1229                 .cmd = IPW_CMD_SYSTEM_CONFIG,
1230                 .len = sizeof(*config)
1231         };
1232
1233         if (!priv || !config) {
1234                 IPW_ERROR("Invalid args\n");
1235                 return -1;
1236         }
1237
1238         memcpy(&cmd.param, config, sizeof(*config));
1239         if (ipw_send_cmd(priv, &cmd)) {
1240                 IPW_ERROR("failed to send SYSTEM_CONFIG command\n");
1241                 return -1;
1242         }
1243
1244         return 0;
1245 }
1246
1247 static int ipw_send_ssid(struct ipw_priv *priv, u8 * ssid, int len)
1248 {
1249         struct host_cmd cmd = {
1250                 .cmd = IPW_CMD_SSID,
1251                 .len = min(len, IW_ESSID_MAX_SIZE)
1252         };
1253
1254         if (!priv || !ssid) {
1255                 IPW_ERROR("Invalid args\n");
1256                 return -1;
1257         }
1258
1259         memcpy(&cmd.param, ssid, cmd.len);
1260         if (ipw_send_cmd(priv, &cmd)) {
1261                 IPW_ERROR("failed to send SSID command\n");
1262                 return -1;
1263         }
1264
1265         return 0;
1266 }
1267
1268 static int ipw_send_adapter_address(struct ipw_priv *priv, u8 * mac)
1269 {
1270         struct host_cmd cmd = {
1271                 .cmd = IPW_CMD_ADAPTER_ADDRESS,
1272                 .len = ETH_ALEN
1273         };
1274
1275         if (!priv || !mac) {
1276                 IPW_ERROR("Invalid args\n");
1277                 return -1;
1278         }
1279
1280         IPW_DEBUG_INFO("%s: Setting MAC to " MAC_FMT "\n",
1281                        priv->net_dev->name, MAC_ARG(mac));
1282
1283         memcpy(&cmd.param, mac, ETH_ALEN);
1284
1285         if (ipw_send_cmd(priv, &cmd)) {
1286                 IPW_ERROR("failed to send ADAPTER_ADDRESS command\n");
1287                 return -1;
1288         }
1289
1290         return 0;
1291 }
1292
1293 static void ipw_adapter_restart(void *adapter)
1294 {
1295         struct ipw_priv *priv = adapter;
1296
1297         if (priv->status & STATUS_RF_KILL_MASK)
1298                 return;
1299
1300         ipw_down(priv);
1301         if (ipw_up(priv)) {
1302                 IPW_ERROR("Failed to up device\n");
1303                 return;
1304         }
1305 }
1306
1307 #define IPW_SCAN_CHECK_WATCHDOG (5 * HZ)
1308
1309 static void ipw_scan_check(void *data)
1310 {
1311         struct ipw_priv *priv = data;
1312         if (priv->status & (STATUS_SCANNING | STATUS_SCAN_ABORTING)) {
1313                 IPW_DEBUG_SCAN("Scan completion watchdog resetting "
1314                                "adapter (%dms).\n",
1315                                IPW_SCAN_CHECK_WATCHDOG / 100);
1316                 ipw_adapter_restart(priv);
1317         }
1318 }
1319
1320 static int ipw_send_scan_request_ext(struct ipw_priv *priv,
1321                                      struct ipw_scan_request_ext *request)
1322 {
1323         struct host_cmd cmd = {
1324                 .cmd = IPW_CMD_SCAN_REQUEST_EXT,
1325                 .len = sizeof(*request)
1326         };
1327
1328         if (!priv || !request) {
1329                 IPW_ERROR("Invalid args\n");
1330                 return -1;
1331         }
1332
1333         memcpy(&cmd.param, request, sizeof(*request));
1334         if (ipw_send_cmd(priv, &cmd)) {
1335                 IPW_ERROR("failed to send SCAN_REQUEST_EXT command\n");
1336                 return -1;
1337         }
1338
1339         queue_delayed_work(priv->workqueue, &priv->scan_check,
1340                            IPW_SCAN_CHECK_WATCHDOG);
1341         return 0;
1342 }
1343
1344 static int ipw_send_scan_abort(struct ipw_priv *priv)
1345 {
1346         struct host_cmd cmd = {
1347                 .cmd = IPW_CMD_SCAN_ABORT,
1348                 .len = 0
1349         };
1350
1351         if (!priv) {
1352                 IPW_ERROR("Invalid args\n");
1353                 return -1;
1354         }
1355
1356         if (ipw_send_cmd(priv, &cmd)) {
1357                 IPW_ERROR("failed to send SCAN_ABORT command\n");
1358                 return -1;
1359         }
1360
1361         return 0;
1362 }
1363
1364 static int ipw_set_sensitivity(struct ipw_priv *priv, u16 sens)
1365 {
1366         struct host_cmd cmd = {
1367                 .cmd = IPW_CMD_SENSITIVITY_CALIB,
1368                 .len = sizeof(struct ipw_sensitivity_calib)
1369         };
1370         struct ipw_sensitivity_calib *calib = (struct ipw_sensitivity_calib *)
1371             &cmd.param;
1372         calib->beacon_rssi_raw = sens;
1373         if (ipw_send_cmd(priv, &cmd)) {
1374                 IPW_ERROR("failed to send SENSITIVITY CALIB command\n");
1375                 return -1;
1376         }
1377
1378         return 0;
1379 }
1380
1381 static int ipw_send_associate(struct ipw_priv *priv,
1382                               struct ipw_associate *associate)
1383 {
1384         struct host_cmd cmd = {
1385                 .cmd = IPW_CMD_ASSOCIATE,
1386                 .len = sizeof(*associate)
1387         };
1388
1389         if (!priv || !associate) {
1390                 IPW_ERROR("Invalid args\n");
1391                 return -1;
1392         }
1393
1394         memcpy(&cmd.param, associate, sizeof(*associate));
1395         if (ipw_send_cmd(priv, &cmd)) {
1396                 IPW_ERROR("failed to send ASSOCIATE command\n");
1397                 return -1;
1398         }
1399
1400         return 0;
1401 }
1402
1403 static int ipw_send_supported_rates(struct ipw_priv *priv,
1404                                     struct ipw_supported_rates *rates)
1405 {
1406         struct host_cmd cmd = {
1407                 .cmd = IPW_CMD_SUPPORTED_RATES,
1408                 .len = sizeof(*rates)
1409         };
1410
1411         if (!priv || !rates) {
1412                 IPW_ERROR("Invalid args\n");
1413                 return -1;
1414         }
1415
1416         memcpy(&cmd.param, rates, sizeof(*rates));
1417         if (ipw_send_cmd(priv, &cmd)) {
1418                 IPW_ERROR("failed to send SUPPORTED_RATES command\n");
1419                 return -1;
1420         }
1421
1422         return 0;
1423 }
1424
1425 static int ipw_set_random_seed(struct ipw_priv *priv)
1426 {
1427         struct host_cmd cmd = {
1428                 .cmd = IPW_CMD_SEED_NUMBER,
1429                 .len = sizeof(u32)
1430         };
1431
1432         if (!priv) {
1433                 IPW_ERROR("Invalid args\n");
1434                 return -1;
1435         }
1436
1437         get_random_bytes(&cmd.param, sizeof(u32));
1438
1439         if (ipw_send_cmd(priv, &cmd)) {
1440                 IPW_ERROR("failed to send SEED_NUMBER command\n");
1441                 return -1;
1442         }
1443
1444         return 0;
1445 }
1446
1447 #if 0
1448 static int ipw_send_card_disable(struct ipw_priv *priv, u32 phy_off)
1449 {
1450         struct host_cmd cmd = {
1451                 .cmd = IPW_CMD_CARD_DISABLE,
1452                 .len = sizeof(u32)
1453         };
1454
1455         if (!priv) {
1456                 IPW_ERROR("Invalid args\n");
1457                 return -1;
1458         }
1459
1460         *((u32 *) & cmd.param) = phy_off;
1461
1462         if (ipw_send_cmd(priv, &cmd)) {
1463                 IPW_ERROR("failed to send CARD_DISABLE command\n");
1464                 return -1;
1465         }
1466
1467         return 0;
1468 }
1469 #endif
1470
1471 static int ipw_send_tx_power(struct ipw_priv *priv, struct ipw_tx_power *power)
1472 {
1473         struct host_cmd cmd = {
1474                 .cmd = IPW_CMD_TX_POWER,
1475                 .len = sizeof(*power)
1476         };
1477
1478         if (!priv || !power) {
1479                 IPW_ERROR("Invalid args\n");
1480                 return -1;
1481         }
1482
1483         memcpy(&cmd.param, power, sizeof(*power));
1484         if (ipw_send_cmd(priv, &cmd)) {
1485                 IPW_ERROR("failed to send TX_POWER command\n");
1486                 return -1;
1487         }
1488
1489         return 0;
1490 }
1491
1492 static int ipw_send_rts_threshold(struct ipw_priv *priv, u16 rts)
1493 {
1494         struct ipw_rts_threshold rts_threshold = {
1495                 .rts_threshold = rts,
1496         };
1497         struct host_cmd cmd = {
1498                 .cmd = IPW_CMD_RTS_THRESHOLD,
1499                 .len = sizeof(rts_threshold)
1500         };
1501
1502         if (!priv) {
1503                 IPW_ERROR("Invalid args\n");
1504                 return -1;
1505         }
1506
1507         memcpy(&cmd.param, &rts_threshold, sizeof(rts_threshold));
1508         if (ipw_send_cmd(priv, &cmd)) {
1509                 IPW_ERROR("failed to send RTS_THRESHOLD command\n");
1510                 return -1;
1511         }
1512
1513         return 0;
1514 }
1515
1516 static int ipw_send_frag_threshold(struct ipw_priv *priv, u16 frag)
1517 {
1518         struct ipw_frag_threshold frag_threshold = {
1519                 .frag_threshold = frag,
1520         };
1521         struct host_cmd cmd = {
1522                 .cmd = IPW_CMD_FRAG_THRESHOLD,
1523                 .len = sizeof(frag_threshold)
1524         };
1525
1526         if (!priv) {
1527                 IPW_ERROR("Invalid args\n");
1528                 return -1;
1529         }
1530
1531         memcpy(&cmd.param, &frag_threshold, sizeof(frag_threshold));
1532         if (ipw_send_cmd(priv, &cmd)) {
1533                 IPW_ERROR("failed to send FRAG_THRESHOLD command\n");
1534                 return -1;
1535         }
1536
1537         return 0;
1538 }
1539
1540 static int ipw_send_power_mode(struct ipw_priv *priv, u32 mode)
1541 {
1542         struct host_cmd cmd = {
1543                 .cmd = IPW_CMD_POWER_MODE,
1544                 .len = sizeof(u32)
1545         };
1546         u32 *param = (u32 *) (&cmd.param);
1547
1548         if (!priv) {
1549                 IPW_ERROR("Invalid args\n");
1550                 return -1;
1551         }
1552
1553         /* If on battery, set to 3, if AC set to CAM, else user
1554          * level */
1555         switch (mode) {
1556         case IPW_POWER_BATTERY:
1557                 *param = IPW_POWER_INDEX_3;
1558                 break;
1559         case IPW_POWER_AC:
1560                 *param = IPW_POWER_MODE_CAM;
1561                 break;
1562         default:
1563                 *param = mode;
1564                 break;
1565         }
1566
1567         if (ipw_send_cmd(priv, &cmd)) {
1568                 IPW_ERROR("failed to send POWER_MODE command\n");
1569                 return -1;
1570         }
1571
1572         return 0;
1573 }
1574
1575 /*
1576  * The IPW device contains a Microwire compatible EEPROM that stores
1577  * various data like the MAC address.  Usually the firmware has exclusive
1578  * access to the eeprom, but during device initialization (before the
1579  * device driver has sent the HostComplete command to the firmware) the
1580  * device driver has read access to the EEPROM by way of indirect addressing
1581  * through a couple of memory mapped registers.
1582  *
1583  * The following is a simplified implementation for pulling data out of the
1584  * the eeprom, along with some helper functions to find information in
1585  * the per device private data's copy of the eeprom.
1586  *
1587  * NOTE: To better understand how these functions work (i.e what is a chip
1588  *       select and why do have to keep driving the eeprom clock?), read
1589  *       just about any data sheet for a Microwire compatible EEPROM.
1590  */
1591
1592 /* write a 32 bit value into the indirect accessor register */
1593 static inline void eeprom_write_reg(struct ipw_priv *p, u32 data)
1594 {
1595         ipw_write_reg32(p, FW_MEM_REG_EEPROM_ACCESS, data);
1596
1597         /* the eeprom requires some time to complete the operation */
1598         udelay(p->eeprom_delay);
1599
1600         return;
1601 }
1602
1603 /* perform a chip select operation */
1604 static inline void eeprom_cs(struct ipw_priv *priv)
1605 {
1606         eeprom_write_reg(priv, 0);
1607         eeprom_write_reg(priv, EEPROM_BIT_CS);
1608         eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
1609         eeprom_write_reg(priv, EEPROM_BIT_CS);
1610 }
1611
1612 /* perform a chip select operation */
1613 static inline void eeprom_disable_cs(struct ipw_priv *priv)
1614 {
1615         eeprom_write_reg(priv, EEPROM_BIT_CS);
1616         eeprom_write_reg(priv, 0);
1617         eeprom_write_reg(priv, EEPROM_BIT_SK);
1618 }
1619
1620 /* push a single bit down to the eeprom */
1621 static inline void eeprom_write_bit(struct ipw_priv *p, u8 bit)
1622 {
1623         int d = (bit ? EEPROM_BIT_DI : 0);
1624         eeprom_write_reg(p, EEPROM_BIT_CS | d);
1625         eeprom_write_reg(p, EEPROM_BIT_CS | d | EEPROM_BIT_SK);
1626 }
1627
1628 /* push an opcode followed by an address down to the eeprom */
1629 static void eeprom_op(struct ipw_priv *priv, u8 op, u8 addr)
1630 {
1631         int i;
1632
1633         eeprom_cs(priv);
1634         eeprom_write_bit(priv, 1);
1635         eeprom_write_bit(priv, op & 2);
1636         eeprom_write_bit(priv, op & 1);
1637         for (i = 7; i >= 0; i--) {
1638                 eeprom_write_bit(priv, addr & (1 << i));
1639         }
1640 }
1641
1642 /* pull 16 bits off the eeprom, one bit at a time */
1643 static u16 eeprom_read_u16(struct ipw_priv *priv, u8 addr)
1644 {
1645         int i;
1646         u16 r = 0;
1647
1648         /* Send READ Opcode */
1649         eeprom_op(priv, EEPROM_CMD_READ, addr);
1650
1651         /* Send dummy bit */
1652         eeprom_write_reg(priv, EEPROM_BIT_CS);
1653
1654         /* Read the byte off the eeprom one bit at a time */
1655         for (i = 0; i < 16; i++) {
1656                 u32 data = 0;
1657                 eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
1658                 eeprom_write_reg(priv, EEPROM_BIT_CS);
1659                 data = ipw_read_reg32(priv, FW_MEM_REG_EEPROM_ACCESS);
1660                 r = (r << 1) | ((data & EEPROM_BIT_DO) ? 1 : 0);
1661         }
1662
1663         /* Send another dummy bit */
1664         eeprom_write_reg(priv, 0);
1665         eeprom_disable_cs(priv);
1666
1667         return r;
1668 }
1669
1670 /* helper function for pulling the mac address out of the private */
1671 /* data's copy of the eeprom data                                 */
1672 static void eeprom_parse_mac(struct ipw_priv *priv, u8 * mac)
1673 {
1674         u8 *ee = (u8 *) priv->eeprom;
1675         memcpy(mac, &ee[EEPROM_MAC_ADDRESS], 6);
1676 }
1677
1678 /*
1679  * Either the device driver (i.e. the host) or the firmware can
1680  * load eeprom data into the designated region in SRAM.  If neither
1681  * happens then the FW will shutdown with a fatal error.
1682  *
1683  * In order to signal the FW to load the EEPROM, the EEPROM_LOAD_DISABLE
1684  * bit needs region of shared SRAM needs to be non-zero.
1685  */
1686 static void ipw_eeprom_init_sram(struct ipw_priv *priv)
1687 {
1688         int i;
1689         u16 *eeprom = (u16 *) priv->eeprom;
1690
1691         IPW_DEBUG_TRACE(">>\n");
1692
1693         /* read entire contents of eeprom into private buffer */
1694         for (i = 0; i < 128; i++)
1695                 eeprom[i] = eeprom_read_u16(priv, (u8) i);
1696
1697         /*
1698            If the data looks correct, then copy it to our private
1699            copy.  Otherwise let the firmware know to perform the operation
1700            on it's own
1701          */
1702         if ((priv->eeprom + EEPROM_VERSION) != 0) {
1703                 IPW_DEBUG_INFO("Writing EEPROM data into SRAM\n");
1704
1705                 /* write the eeprom data to sram */
1706                 for (i = 0; i < CX2_EEPROM_IMAGE_SIZE; i++)
1707                         ipw_write8(priv, IPW_EEPROM_DATA + i, priv->eeprom[i]);
1708
1709                 /* Do not load eeprom data on fatal error or suspend */
1710                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
1711         } else {
1712                 IPW_DEBUG_INFO("Enabling FW initializationg of SRAM\n");
1713
1714                 /* Load eeprom data on fatal error or suspend */
1715                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 1);
1716         }
1717
1718         IPW_DEBUG_TRACE("<<\n");
1719 }
1720
1721 static inline void ipw_zero_memory(struct ipw_priv *priv, u32 start, u32 count)
1722 {
1723         count >>= 2;
1724         if (!count)
1725                 return;
1726         _ipw_write32(priv, CX2_AUTOINC_ADDR, start);
1727         while (count--)
1728                 _ipw_write32(priv, CX2_AUTOINC_DATA, 0);
1729 }
1730
1731 static inline void ipw_fw_dma_reset_command_blocks(struct ipw_priv *priv)
1732 {
1733         ipw_zero_memory(priv, CX2_SHARED_SRAM_DMA_CONTROL,
1734                         CB_NUMBER_OF_ELEMENTS_SMALL *
1735                         sizeof(struct command_block));
1736 }
1737
1738 static int ipw_fw_dma_enable(struct ipw_priv *priv)
1739 {                               /* start dma engine but no transfers yet */
1740
1741         IPW_DEBUG_FW(">> : \n");
1742
1743         /* Start the dma */
1744         ipw_fw_dma_reset_command_blocks(priv);
1745
1746         /* Write CB base address */
1747         ipw_write_reg32(priv, CX2_DMA_I_CB_BASE, CX2_SHARED_SRAM_DMA_CONTROL);
1748
1749         IPW_DEBUG_FW("<< : \n");
1750         return 0;
1751 }
1752
1753 static void ipw_fw_dma_abort(struct ipw_priv *priv)
1754 {
1755         u32 control = 0;
1756
1757         IPW_DEBUG_FW(">> :\n");
1758
1759         //set the Stop and Abort bit
1760         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_STOP_AND_ABORT;
1761         ipw_write_reg32(priv, CX2_DMA_I_DMA_CONTROL, control);
1762         priv->sram_desc.last_cb_index = 0;
1763
1764         IPW_DEBUG_FW("<< \n");
1765 }
1766
1767 static int ipw_fw_dma_write_command_block(struct ipw_priv *priv, int index,
1768                                           struct command_block *cb)
1769 {
1770         u32 address =
1771             CX2_SHARED_SRAM_DMA_CONTROL +
1772             (sizeof(struct command_block) * index);
1773         IPW_DEBUG_FW(">> :\n");
1774
1775         ipw_write_indirect(priv, address, (u8 *) cb,
1776                            (int)sizeof(struct command_block));
1777
1778         IPW_DEBUG_FW("<< :\n");
1779         return 0;
1780
1781 }
1782
1783 static int ipw_fw_dma_kick(struct ipw_priv *priv)
1784 {
1785         u32 control = 0;
1786         u32 index = 0;
1787
1788         IPW_DEBUG_FW(">> :\n");
1789
1790         for (index = 0; index < priv->sram_desc.last_cb_index; index++)
1791                 ipw_fw_dma_write_command_block(priv, index,
1792                                                &priv->sram_desc.cb_list[index]);
1793
1794         /* Enable the DMA in the CSR register */
1795         ipw_clear_bit(priv, CX2_RESET_REG,
1796                       CX2_RESET_REG_MASTER_DISABLED |
1797                       CX2_RESET_REG_STOP_MASTER);
1798
1799         /* Set the Start bit. */
1800         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_START;
1801         ipw_write_reg32(priv, CX2_DMA_I_DMA_CONTROL, control);
1802
1803         IPW_DEBUG_FW("<< :\n");
1804         return 0;
1805 }
1806
1807 static void ipw_fw_dma_dump_command_block(struct ipw_priv *priv)
1808 {
1809         u32 address;
1810         u32 register_value = 0;
1811         u32 cb_fields_address = 0;
1812
1813         IPW_DEBUG_FW(">> :\n");
1814         address = ipw_read_reg32(priv, CX2_DMA_I_CURRENT_CB);
1815         IPW_DEBUG_FW_INFO("Current CB is 0x%x \n", address);
1816
1817         /* Read the DMA Controlor register */
1818         register_value = ipw_read_reg32(priv, CX2_DMA_I_DMA_CONTROL);
1819         IPW_DEBUG_FW_INFO("CX2_DMA_I_DMA_CONTROL is 0x%x \n", register_value);
1820
1821         /* Print the CB values */
1822         cb_fields_address = address;
1823         register_value = ipw_read_reg32(priv, cb_fields_address);
1824         IPW_DEBUG_FW_INFO("Current CB ControlField is 0x%x \n", register_value);
1825
1826         cb_fields_address += sizeof(u32);
1827         register_value = ipw_read_reg32(priv, cb_fields_address);
1828         IPW_DEBUG_FW_INFO("Current CB Source Field is 0x%x \n", register_value);
1829
1830         cb_fields_address += sizeof(u32);
1831         register_value = ipw_read_reg32(priv, cb_fields_address);
1832         IPW_DEBUG_FW_INFO("Current CB Destination Field is 0x%x \n",
1833                           register_value);
1834
1835         cb_fields_address += sizeof(u32);
1836         register_value = ipw_read_reg32(priv, cb_fields_address);
1837         IPW_DEBUG_FW_INFO("Current CB Status Field is 0x%x \n", register_value);
1838
1839         IPW_DEBUG_FW(">> :\n");
1840 }
1841
1842 static int ipw_fw_dma_command_block_index(struct ipw_priv *priv)
1843 {
1844         u32 current_cb_address = 0;
1845         u32 current_cb_index = 0;
1846
1847         IPW_DEBUG_FW("<< :\n");
1848         current_cb_address = ipw_read_reg32(priv, CX2_DMA_I_CURRENT_CB);
1849
1850         current_cb_index = (current_cb_address - CX2_SHARED_SRAM_DMA_CONTROL) /
1851             sizeof(struct command_block);
1852
1853         IPW_DEBUG_FW_INFO("Current CB index 0x%x address = 0x%X \n",
1854                           current_cb_index, current_cb_address);
1855
1856         IPW_DEBUG_FW(">> :\n");
1857         return current_cb_index;
1858
1859 }
1860
1861 static int ipw_fw_dma_add_command_block(struct ipw_priv *priv,
1862                                         u32 src_address,
1863                                         u32 dest_address,
1864                                         u32 length,
1865                                         int interrupt_enabled, int is_last)
1866 {
1867
1868         u32 control = CB_VALID | CB_SRC_LE | CB_DEST_LE | CB_SRC_AUTOINC |
1869             CB_SRC_IO_GATED | CB_DEST_AUTOINC | CB_SRC_SIZE_LONG |
1870             CB_DEST_SIZE_LONG;
1871         struct command_block *cb;
1872         u32 last_cb_element = 0;
1873
1874         IPW_DEBUG_FW_INFO("src_address=0x%x dest_address=0x%x length=0x%x\n",
1875                           src_address, dest_address, length);
1876
1877         if (priv->sram_desc.last_cb_index >= CB_NUMBER_OF_ELEMENTS_SMALL)
1878                 return -1;
1879
1880         last_cb_element = priv->sram_desc.last_cb_index;
1881         cb = &priv->sram_desc.cb_list[last_cb_element];
1882         priv->sram_desc.last_cb_index++;
1883
1884         /* Calculate the new CB control word */
1885         if (interrupt_enabled)
1886                 control |= CB_INT_ENABLED;
1887
1888         if (is_last)
1889                 control |= CB_LAST_VALID;
1890
1891         control |= length;
1892
1893         /* Calculate the CB Element's checksum value */
1894         cb->status = control ^ src_address ^ dest_address;
1895
1896         /* Copy the Source and Destination addresses */
1897         cb->dest_addr = dest_address;
1898         cb->source_addr = src_address;
1899
1900         /* Copy the Control Word last */
1901         cb->control = control;
1902
1903         return 0;
1904 }
1905
1906 static int ipw_fw_dma_add_buffer(struct ipw_priv *priv,
1907                                  u32 src_phys, u32 dest_address, u32 length)
1908 {
1909         u32 bytes_left = length;
1910         u32 src_offset = 0;
1911         u32 dest_offset = 0;
1912         int status = 0;
1913         IPW_DEBUG_FW(">> \n");
1914         IPW_DEBUG_FW_INFO("src_phys=0x%x dest_address=0x%x length=0x%x\n",
1915                           src_phys, dest_address, length);
1916         while (bytes_left > CB_MAX_LENGTH) {
1917                 status = ipw_fw_dma_add_command_block(priv,
1918                                                       src_phys + src_offset,
1919                                                       dest_address +
1920                                                       dest_offset,
1921                                                       CB_MAX_LENGTH, 0, 0);
1922                 if (status) {
1923                         IPW_DEBUG_FW_INFO(": Failed\n");
1924                         return -1;
1925                 } else
1926                         IPW_DEBUG_FW_INFO(": Added new cb\n");
1927
1928                 src_offset += CB_MAX_LENGTH;
1929                 dest_offset += CB_MAX_LENGTH;
1930                 bytes_left -= CB_MAX_LENGTH;
1931         }
1932
1933         /* add the buffer tail */
1934         if (bytes_left > 0) {
1935                 status =
1936                     ipw_fw_dma_add_command_block(priv, src_phys + src_offset,
1937                                                  dest_address + dest_offset,
1938                                                  bytes_left, 0, 0);
1939                 if (status) {
1940                         IPW_DEBUG_FW_INFO(": Failed on the buffer tail\n");
1941                         return -1;
1942                 } else
1943                         IPW_DEBUG_FW_INFO
1944                             (": Adding new cb - the buffer tail\n");
1945         }
1946
1947         IPW_DEBUG_FW("<< \n");
1948         return 0;
1949 }
1950
1951 static int ipw_fw_dma_wait(struct ipw_priv *priv)
1952 {
1953         u32 current_index = 0;
1954         u32 watchdog = 0;
1955
1956         IPW_DEBUG_FW(">> : \n");
1957
1958         current_index = ipw_fw_dma_command_block_index(priv);
1959         IPW_DEBUG_FW_INFO("sram_desc.last_cb_index:0x%8X\n",
1960                           (int)priv->sram_desc.last_cb_index);
1961
1962         while (current_index < priv->sram_desc.last_cb_index) {
1963                 udelay(50);
1964                 current_index = ipw_fw_dma_command_block_index(priv);
1965
1966                 watchdog++;
1967
1968                 if (watchdog > 400) {
1969                         IPW_DEBUG_FW_INFO("Timeout\n");
1970                         ipw_fw_dma_dump_command_block(priv);
1971                         ipw_fw_dma_abort(priv);
1972                         return -1;
1973                 }
1974         }
1975
1976         ipw_fw_dma_abort(priv);
1977
1978         /*Disable the DMA in the CSR register */
1979         ipw_set_bit(priv, CX2_RESET_REG,
1980                     CX2_RESET_REG_MASTER_DISABLED | CX2_RESET_REG_STOP_MASTER);
1981
1982         IPW_DEBUG_FW("<< dmaWaitSync \n");
1983         return 0;
1984 }
1985
1986 static void ipw_remove_current_network(struct ipw_priv *priv)
1987 {
1988         struct list_head *element, *safe;
1989         struct ieee80211_network *network = NULL;
1990         list_for_each_safe(element, safe, &priv->ieee->network_list) {
1991                 network = list_entry(element, struct ieee80211_network, list);
1992                 if (!memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
1993                         list_del(element);
1994                         list_add_tail(&network->list,
1995                                       &priv->ieee->network_free_list);
1996                 }
1997         }
1998 }
1999
2000 /**
2001  * Check that card is still alive.
2002  * Reads debug register from domain0.
2003  * If card is present, pre-defined value should
2004  * be found there.
2005  *
2006  * @param priv
2007  * @return 1 if card is present, 0 otherwise
2008  */
2009 static inline int ipw_alive(struct ipw_priv *priv)
2010 {
2011         return ipw_read32(priv, 0x90) == 0xd55555d5;
2012 }
2013
2014 static inline int ipw_poll_bit(struct ipw_priv *priv, u32 addr, u32 mask,
2015                                int timeout)
2016 {
2017         int i = 0;
2018
2019         do {
2020                 if ((ipw_read32(priv, addr) & mask) == mask)
2021                         return i;
2022                 mdelay(10);
2023                 i += 10;
2024         } while (i < timeout);
2025
2026         return -ETIME;
2027 }
2028
2029 /* These functions load the firmware and micro code for the operation of
2030  * the ipw hardware.  It assumes the buffer has all the bits for the
2031  * image and the caller is handling the memory allocation and clean up.
2032  */
2033
2034 static int ipw_stop_master(struct ipw_priv *priv)
2035 {
2036         int rc;
2037
2038         IPW_DEBUG_TRACE(">> \n");
2039         /* stop master. typical delay - 0 */
2040         ipw_set_bit(priv, CX2_RESET_REG, CX2_RESET_REG_STOP_MASTER);
2041
2042         rc = ipw_poll_bit(priv, CX2_RESET_REG,
2043                           CX2_RESET_REG_MASTER_DISABLED, 100);
2044         if (rc < 0) {
2045                 IPW_ERROR("stop master failed in 10ms\n");
2046                 return -1;
2047         }
2048
2049         IPW_DEBUG_INFO("stop master %dms\n", rc);
2050
2051         return rc;
2052 }
2053
2054 static void ipw_arc_release(struct ipw_priv *priv)
2055 {
2056         IPW_DEBUG_TRACE(">> \n");
2057         mdelay(5);
2058
2059         ipw_clear_bit(priv, CX2_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
2060
2061         /* no one knows timing, for safety add some delay */
2062         mdelay(5);
2063 }
2064
2065 struct fw_header {
2066         u32 version;
2067         u32 mode;
2068 };
2069
2070 struct fw_chunk {
2071         u32 address;
2072         u32 length;
2073 };
2074
2075 #define IPW_FW_MAJOR_VERSION 2
2076 #define IPW_FW_MINOR_VERSION 2
2077
2078 #define IPW_FW_MINOR(x) ((x & 0xff) >> 8)
2079 #define IPW_FW_MAJOR(x) (x & 0xff)
2080
2081 #define IPW_FW_VERSION ((IPW_FW_MINOR_VERSION << 8) | \
2082                          IPW_FW_MAJOR_VERSION)
2083
2084 #define IPW_FW_PREFIX "ipw-" __stringify(IPW_FW_MAJOR_VERSION) \
2085 "." __stringify(IPW_FW_MINOR_VERSION) "-"
2086
2087 #if IPW_FW_MAJOR_VERSION >= 2 && IPW_FW_MINOR_VERSION > 0
2088 #define IPW_FW_NAME(x) IPW_FW_PREFIX "" x ".fw"
2089 #else
2090 #define IPW_FW_NAME(x) "ipw2200_" x ".fw"
2091 #endif
2092
2093 static int ipw_load_ucode(struct ipw_priv *priv, u8 * data, size_t len)
2094 {
2095         int rc = 0, i, addr;
2096         u8 cr = 0;
2097         u16 *image;
2098
2099         image = (u16 *) data;
2100
2101         IPW_DEBUG_TRACE(">> \n");
2102
2103         rc = ipw_stop_master(priv);
2104
2105         if (rc < 0)
2106                 return rc;
2107
2108 //      spin_lock_irqsave(&priv->lock, flags);
2109
2110         for (addr = CX2_SHARED_LOWER_BOUND;
2111              addr < CX2_REGISTER_DOMAIN1_END; addr += 4) {
2112                 ipw_write32(priv, addr, 0);
2113         }
2114
2115         /* no ucode (yet) */
2116         memset(&priv->dino_alive, 0, sizeof(priv->dino_alive));
2117         /* destroy DMA queues */
2118         /* reset sequence */
2119
2120         ipw_write_reg32(priv, CX2_MEM_HALT_AND_RESET, CX2_BIT_HALT_RESET_ON);
2121         ipw_arc_release(priv);
2122         ipw_write_reg32(priv, CX2_MEM_HALT_AND_RESET, CX2_BIT_HALT_RESET_OFF);
2123         mdelay(1);
2124
2125         /* reset PHY */
2126         ipw_write_reg32(priv, CX2_INTERNAL_CMD_EVENT, CX2_BASEBAND_POWER_DOWN);
2127         mdelay(1);
2128
2129         ipw_write_reg32(priv, CX2_INTERNAL_CMD_EVENT, 0);
2130         mdelay(1);
2131
2132         /* enable ucode store */
2133         ipw_write_reg8(priv, DINO_CONTROL_REG, 0x0);
2134         ipw_write_reg8(priv, DINO_CONTROL_REG, DINO_ENABLE_CS);
2135         mdelay(1);
2136
2137         /* write ucode */
2138         /**
2139          * @bug
2140          * Do NOT set indirect address register once and then
2141          * store data to indirect data register in the loop.
2142          * It seems very reasonable, but in this case DINO do not
2143          * accept ucode. It is essential to set address each time.
2144          */
2145         /* load new ipw uCode */
2146         for (i = 0; i < len / 2; i++)
2147                 ipw_write_reg16(priv, CX2_BASEBAND_CONTROL_STORE, image[i]);
2148
2149         /* enable DINO */
2150         ipw_write_reg8(priv, CX2_BASEBAND_CONTROL_STATUS, 0);
2151         ipw_write_reg8(priv, CX2_BASEBAND_CONTROL_STATUS, DINO_ENABLE_SYSTEM);
2152
2153         /* this is where the igx / win driver deveates from the VAP driver. */
2154
2155         /* wait for alive response */
2156         for (i = 0; i < 100; i++) {
2157                 /* poll for incoming data */
2158                 cr = ipw_read_reg8(priv, CX2_BASEBAND_CONTROL_STATUS);
2159                 if (cr & DINO_RXFIFO_DATA)
2160                         break;
2161                 mdelay(1);
2162         }
2163
2164         if (cr & DINO_RXFIFO_DATA) {
2165                 /* alive_command_responce size is NOT multiple of 4 */
2166                 u32 response_buffer[(sizeof(priv->dino_alive) + 3) / 4];
2167
2168                 for (i = 0; i < ARRAY_SIZE(response_buffer); i++)
2169                         response_buffer[i] =
2170                             ipw_read_reg32(priv, CX2_BASEBAND_RX_FIFO_READ);
2171                 memcpy(&priv->dino_alive, response_buffer,
2172                        sizeof(priv->dino_alive));
2173                 if (priv->dino_alive.alive_command == 1
2174                     && priv->dino_alive.ucode_valid == 1) {
2175                         rc = 0;
2176                         IPW_DEBUG_INFO
2177                             ("Microcode OK, rev. %d (0x%x) dev. %d (0x%x) "
2178                              "of %02d/%02d/%02d %02d:%02d\n",
2179                              priv->dino_alive.software_revision,
2180                              priv->dino_alive.software_revision,
2181                              priv->dino_alive.device_identifier,
2182                              priv->dino_alive.device_identifier,
2183                              priv->dino_alive.time_stamp[0],
2184                              priv->dino_alive.time_stamp[1],
2185                              priv->dino_alive.time_stamp[2],
2186                              priv->dino_alive.time_stamp[3],
2187                              priv->dino_alive.time_stamp[4]);
2188                 } else {
2189                         IPW_DEBUG_INFO("Microcode is not alive\n");
2190                         rc = -EINVAL;
2191                 }
2192         } else {
2193                 IPW_DEBUG_INFO("No alive response from DINO\n");
2194                 rc = -ETIME;
2195         }
2196
2197         /* disable DINO, otherwise for some reason
2198            firmware have problem getting alive resp. */
2199         ipw_write_reg8(priv, CX2_BASEBAND_CONTROL_STATUS, 0);
2200
2201 //      spin_unlock_irqrestore(&priv->lock, flags);
2202
2203         return rc;
2204 }
2205
2206 static int ipw_load_firmware(struct ipw_priv *priv, u8 * data, size_t len)
2207 {
2208         int rc = -1;
2209         int offset = 0;
2210         struct fw_chunk *chunk;
2211         dma_addr_t shared_phys;
2212         u8 *shared_virt;
2213
2214         IPW_DEBUG_TRACE("<< : \n");
2215         shared_virt = pci_alloc_consistent(priv->pci_dev, len, &shared_phys);
2216
2217         if (!shared_virt)
2218                 return -ENOMEM;
2219
2220         memmove(shared_virt, data, len);
2221
2222         /* Start the Dma */
2223         rc = ipw_fw_dma_enable(priv);
2224
2225         if (priv->sram_desc.last_cb_index > 0) {
2226                 /* the DMA is already ready this would be a bug. */
2227                 BUG();
2228                 goto out;
2229         }
2230
2231         do {
2232                 chunk = (struct fw_chunk *)(data + offset);
2233                 offset += sizeof(struct fw_chunk);
2234                 /* build DMA packet and queue up for sending */
2235                 /* dma to chunk->address, the chunk->length bytes from data +
2236                  * offeset*/
2237                 /* Dma loading */
2238                 rc = ipw_fw_dma_add_buffer(priv, shared_phys + offset,
2239                                            chunk->address, chunk->length);
2240                 if (rc) {
2241                         IPW_DEBUG_INFO("dmaAddBuffer Failed\n");
2242                         goto out;
2243                 }
2244
2245                 offset += chunk->length;
2246         } while (offset < len);
2247
2248         /* Run the DMA and wait for the answer */
2249         rc = ipw_fw_dma_kick(priv);
2250         if (rc) {
2251                 IPW_ERROR("dmaKick Failed\n");
2252                 goto out;
2253         }
2254
2255         rc = ipw_fw_dma_wait(priv);
2256         if (rc) {
2257                 IPW_ERROR("dmaWaitSync Failed\n");
2258                 goto out;
2259         }
2260       out:
2261         pci_free_consistent(priv->pci_dev, len, shared_virt, shared_phys);
2262         return rc;
2263 }
2264
2265 /* stop nic */
2266 static int ipw_stop_nic(struct ipw_priv *priv)
2267 {
2268         int rc = 0;
2269
2270         /* stop */
2271         ipw_write32(priv, CX2_RESET_REG, CX2_RESET_REG_STOP_MASTER);
2272
2273         rc = ipw_poll_bit(priv, CX2_RESET_REG,
2274                           CX2_RESET_REG_MASTER_DISABLED, 500);
2275         if (rc < 0) {
2276                 IPW_ERROR("wait for reg master disabled failed\n");
2277                 return rc;
2278         }
2279
2280         ipw_set_bit(priv, CX2_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
2281
2282         return rc;
2283 }
2284
2285 static void ipw_start_nic(struct ipw_priv *priv)
2286 {
2287         IPW_DEBUG_TRACE(">>\n");
2288
2289         /* prvHwStartNic  release ARC */
2290         ipw_clear_bit(priv, CX2_RESET_REG,
2291                       CX2_RESET_REG_MASTER_DISABLED |
2292                       CX2_RESET_REG_STOP_MASTER |
2293                       CBD_RESET_REG_PRINCETON_RESET);
2294
2295         /* enable power management */
2296         ipw_set_bit(priv, CX2_GP_CNTRL_RW,
2297                     CX2_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
2298
2299         IPW_DEBUG_TRACE("<<\n");
2300 }
2301
2302 static int ipw_init_nic(struct ipw_priv *priv)
2303 {
2304         int rc;
2305
2306         IPW_DEBUG_TRACE(">>\n");
2307         /* reset */
2308         /*prvHwInitNic */
2309         /* set "initialization complete" bit to move adapter to D0 state */
2310         ipw_set_bit(priv, CX2_GP_CNTRL_RW, CX2_GP_CNTRL_BIT_INIT_DONE);
2311
2312         /* low-level PLL activation */
2313         ipw_write32(priv, CX2_READ_INT_REGISTER,
2314                     CX2_BIT_INT_HOST_SRAM_READ_INT_REGISTER);
2315
2316         /* wait for clock stabilization */
2317         rc = ipw_poll_bit(priv, CX2_GP_CNTRL_RW,
2318                           CX2_GP_CNTRL_BIT_CLOCK_READY, 250);
2319         if (rc < 0)
2320                 IPW_DEBUG_INFO("FAILED wait for clock stablization\n");
2321
2322         /* assert SW reset */
2323         ipw_set_bit(priv, CX2_RESET_REG, CX2_RESET_REG_SW_RESET);
2324
2325         udelay(10);
2326
2327         /* set "initialization complete" bit to move adapter to D0 state */
2328         ipw_set_bit(priv, CX2_GP_CNTRL_RW, CX2_GP_CNTRL_BIT_INIT_DONE);
2329
2330         IPW_DEBUG_TRACE(">>\n");
2331         return 0;
2332 }
2333
2334 /* Call this function from process context, it will sleep in request_firmware.
2335  * Probe is an ok place to call this from.
2336  */
2337 static int ipw_reset_nic(struct ipw_priv *priv)
2338 {
2339         int rc = 0;
2340
2341         IPW_DEBUG_TRACE(">>\n");
2342
2343         rc = ipw_init_nic(priv);
2344
2345         /* Clear the 'host command active' bit... */
2346         priv->status &= ~STATUS_HCMD_ACTIVE;
2347         wake_up_interruptible(&priv->wait_command_queue);
2348
2349         IPW_DEBUG_TRACE("<<\n");
2350         return rc;
2351 }
2352
2353 static int ipw_get_fw(struct ipw_priv *priv,
2354                       const struct firmware **fw, const char *name)
2355 {
2356         struct fw_header *header;
2357         int rc;
2358
2359         /* ask firmware_class module to get the boot firmware off disk */
2360         rc = request_firmware(fw, name, &priv->pci_dev->dev);
2361         if (rc < 0) {
2362                 IPW_ERROR("%s load failed: Reason %d\n", name, rc);
2363                 return rc;
2364         }
2365
2366         header = (struct fw_header *)(*fw)->data;
2367         if (IPW_FW_MAJOR(header->version) != IPW_FW_MAJOR_VERSION) {
2368                 IPW_ERROR("'%s' firmware version not compatible (%d != %d)\n",
2369                           name,
2370                           IPW_FW_MAJOR(header->version), IPW_FW_MAJOR_VERSION);
2371                 return -EINVAL;
2372         }
2373
2374         IPW_DEBUG_INFO("Loading firmware '%s' file v%d.%d (%zd bytes)\n",
2375                        name,
2376                        IPW_FW_MAJOR(header->version),
2377                        IPW_FW_MINOR(header->version),
2378                        (*fw)->size - sizeof(struct fw_header));
2379         return 0;
2380 }
2381
2382 #define CX2_RX_BUF_SIZE (3000)
2383
2384 static inline void ipw_rx_queue_reset(struct ipw_priv *priv,
2385                                       struct ipw_rx_queue *rxq)
2386 {
2387         unsigned long flags;
2388         int i;
2389
2390         spin_lock_irqsave(&rxq->lock, flags);
2391
2392         INIT_LIST_HEAD(&rxq->rx_free);
2393         INIT_LIST_HEAD(&rxq->rx_used);
2394
2395         /* Fill the rx_used queue with _all_ of the Rx buffers */
2396         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++) {
2397                 /* In the reset function, these buffers may have been allocated
2398                  * to an SKB, so we need to unmap and free potential storage */
2399                 if (rxq->pool[i].skb != NULL) {
2400                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
2401                                          CX2_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
2402                         dev_kfree_skb(rxq->pool[i].skb);
2403                 }
2404                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
2405         }
2406
2407         /* Set us so that we have processed and used all buffers, but have
2408          * not restocked the Rx queue with fresh buffers */
2409         rxq->read = rxq->write = 0;
2410         rxq->processed = RX_QUEUE_SIZE - 1;
2411         rxq->free_count = 0;
2412         spin_unlock_irqrestore(&rxq->lock, flags);
2413 }
2414
2415 #ifdef CONFIG_PM
2416 static int fw_loaded = 0;
2417 static const struct firmware *bootfw = NULL;
2418 static const struct firmware *firmware = NULL;
2419 static const struct firmware *ucode = NULL;
2420 #endif
2421
2422 static int ipw_load(struct ipw_priv *priv)
2423 {
2424 #ifndef CONFIG_PM
2425         const struct firmware *bootfw = NULL;
2426         const struct firmware *firmware = NULL;
2427         const struct firmware *ucode = NULL;
2428 #endif
2429         int rc = 0, retries = 3;
2430
2431 #ifdef CONFIG_PM
2432         if (!fw_loaded) {
2433 #endif
2434                 rc = ipw_get_fw(priv, &bootfw, IPW_FW_NAME("boot"));
2435                 if (rc)
2436                         goto error;
2437
2438                 switch (priv->ieee->iw_mode) {
2439                 case IW_MODE_ADHOC:
2440                         rc = ipw_get_fw(priv, &ucode,
2441                                         IPW_FW_NAME("ibss_ucode"));
2442                         if (rc)
2443                                 goto error;
2444
2445                         rc = ipw_get_fw(priv, &firmware, IPW_FW_NAME("ibss"));
2446                         break;
2447
2448 #ifdef CONFIG_IPW_PROMISC
2449                 case IW_MODE_MONITOR:
2450                         rc = ipw_get_fw(priv, &ucode,
2451                                         IPW_FW_NAME("ibss_ucode"));
2452                         if (rc)
2453                                 goto error;
2454
2455                         rc = ipw_get_fw(priv, &firmware,
2456                                         IPW_FW_NAME("sniffer"));
2457                         break;
2458 #endif
2459                 case IW_MODE_INFRA:
2460                         rc = ipw_get_fw(priv, &ucode, IPW_FW_NAME("bss_ucode"));
2461                         if (rc)
2462                                 goto error;
2463
2464                         rc = ipw_get_fw(priv, &firmware, IPW_FW_NAME("bss"));
2465                         break;
2466
2467                 default:
2468                         rc = -EINVAL;
2469                 }
2470
2471                 if (rc)
2472                         goto error;
2473
2474 #ifdef CONFIG_PM
2475                 fw_loaded = 1;
2476         }
2477 #endif
2478
2479         if (!priv->rxq)
2480                 priv->rxq = ipw_rx_queue_alloc(priv);
2481         else
2482                 ipw_rx_queue_reset(priv, priv->rxq);
2483         if (!priv->rxq) {
2484                 IPW_ERROR("Unable to initialize Rx queue\n");
2485                 goto error;
2486         }
2487
2488       retry:
2489         /* Ensure interrupts are disabled */
2490         ipw_write32(priv, CX2_INTA_MASK_R, ~CX2_INTA_MASK_ALL);
2491         priv->status &= ~STATUS_INT_ENABLED;
2492
2493         /* ack pending interrupts */
2494         ipw_write32(priv, CX2_INTA_RW, CX2_INTA_MASK_ALL);
2495
2496         ipw_stop_nic(priv);
2497
2498         rc = ipw_reset_nic(priv);
2499         if (rc) {
2500                 IPW_ERROR("Unable to reset NIC\n");
2501                 goto error;
2502         }
2503
2504         ipw_zero_memory(priv, CX2_NIC_SRAM_LOWER_BOUND,
2505                         CX2_NIC_SRAM_UPPER_BOUND - CX2_NIC_SRAM_LOWER_BOUND);
2506
2507         /* DMA the initial boot firmware into the device */
2508         rc = ipw_load_firmware(priv, bootfw->data + sizeof(struct fw_header),
2509                                bootfw->size - sizeof(struct fw_header));
2510         if (rc < 0) {
2511                 IPW_ERROR("Unable to load boot firmware\n");
2512                 goto error;
2513         }
2514
2515         /* kick start the device */
2516         ipw_start_nic(priv);
2517
2518         /* wait for the device to finish it's initial startup sequence */
2519         rc = ipw_poll_bit(priv, CX2_INTA_RW,
2520                           CX2_INTA_BIT_FW_INITIALIZATION_DONE, 500);
2521         if (rc < 0) {
2522                 IPW_ERROR("device failed to boot initial fw image\n");
2523                 goto error;
2524         }
2525         IPW_DEBUG_INFO("initial device response after %dms\n", rc);
2526
2527         /* ack fw init done interrupt */
2528         ipw_write32(priv, CX2_INTA_RW, CX2_INTA_BIT_FW_INITIALIZATION_DONE);
2529
2530         /* DMA the ucode into the device */
2531         rc = ipw_load_ucode(priv, ucode->data + sizeof(struct fw_header),
2532                             ucode->size - sizeof(struct fw_header));
2533         if (rc < 0) {
2534                 IPW_ERROR("Unable to load ucode\n");
2535                 goto error;
2536         }
2537
2538         /* stop nic */
2539         ipw_stop_nic(priv);
2540
2541         /* DMA bss firmware into the device */
2542         rc = ipw_load_firmware(priv, firmware->data +
2543                                sizeof(struct fw_header),
2544                                firmware->size - sizeof(struct fw_header));
2545         if (rc < 0) {
2546                 IPW_ERROR("Unable to load firmware\n");
2547                 goto error;
2548         }
2549
2550         ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
2551
2552         rc = ipw_queue_reset(priv);
2553         if (rc) {
2554                 IPW_ERROR("Unable to initialize queues\n");
2555                 goto error;
2556         }
2557
2558         /* Ensure interrupts are disabled */
2559         ipw_write32(priv, CX2_INTA_MASK_R, ~CX2_INTA_MASK_ALL);
2560
2561         /* kick start the device */
2562         ipw_start_nic(priv);
2563
2564         if (ipw_read32(priv, CX2_INTA_RW) & CX2_INTA_BIT_PARITY_ERROR) {
2565                 if (retries > 0) {
2566                         IPW_WARNING("Parity error.  Retrying init.\n");
2567                         retries--;
2568                         goto retry;
2569                 }
2570
2571                 IPW_ERROR("TODO: Handle parity error -- schedule restart?\n");
2572                 rc = -EIO;
2573                 goto error;
2574         }
2575
2576         /* wait for the device */
2577         rc = ipw_poll_bit(priv, CX2_INTA_RW,
2578                           CX2_INTA_BIT_FW_INITIALIZATION_DONE, 500);
2579         if (rc < 0) {
2580                 IPW_ERROR("device failed to start after 500ms\n");
2581                 goto error;
2582         }
2583         IPW_DEBUG_INFO("device response after %dms\n", rc);
2584
2585         /* ack fw init done interrupt */
2586         ipw_write32(priv, CX2_INTA_RW, CX2_INTA_BIT_FW_INITIALIZATION_DONE);
2587
2588         /* read eeprom data and initialize the eeprom region of sram */
2589         priv->eeprom_delay = 1;
2590         ipw_eeprom_init_sram(priv);
2591
2592         /* enable interrupts */
2593         ipw_enable_interrupts(priv);
2594
2595         /* Ensure our queue has valid packets */
2596         ipw_rx_queue_replenish(priv);
2597
2598         ipw_write32(priv, CX2_RX_READ_INDEX, priv->rxq->read);
2599
2600         /* ack pending interrupts */
2601         ipw_write32(priv, CX2_INTA_RW, CX2_INTA_MASK_ALL);
2602
2603 #ifndef CONFIG_PM
2604         release_firmware(bootfw);
2605         release_firmware(ucode);
2606         release_firmware(firmware);
2607 #endif
2608         return 0;
2609
2610       error:
2611         if (priv->rxq) {
2612                 ipw_rx_queue_free(priv, priv->rxq);
2613                 priv->rxq = NULL;
2614         }
2615         ipw_tx_queue_free(priv);
2616         if (bootfw)
2617                 release_firmware(bootfw);
2618         if (ucode)
2619                 release_firmware(ucode);
2620         if (firmware)
2621                 release_firmware(firmware);
2622 #ifdef CONFIG_PM
2623         fw_loaded = 0;
2624         bootfw = ucode = firmware = NULL;
2625 #endif
2626
2627         return rc;
2628 }
2629
2630 /**
2631  * DMA services
2632  *
2633  * Theory of operation
2634  *
2635  * A queue is a circular buffers with 'Read' and 'Write' pointers.
2636  * 2 empty entries always kept in the buffer to protect from overflow.
2637  *
2638  * For Tx queue, there are low mark and high mark limits. If, after queuing
2639  * the packet for Tx, free space become < low mark, Tx queue stopped. When
2640  * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
2641  * Tx queue resumed.
2642  *
2643  * The IPW operates with six queues, one receive queue in the device's
2644  * sram, one transmit queue for sending commands to the device firmware,
2645  * and four transmit queues for data.
2646  *
2647  * The four transmit queues allow for performing quality of service (qos)
2648  * transmissions as per the 802.11 protocol.  Currently Linux does not
2649  * provide a mechanism to the user for utilizing prioritized queues, so
2650  * we only utilize the first data transmit queue (queue1).
2651  */
2652
2653 /**
2654  * Driver allocates buffers of this size for Rx
2655  */
2656
2657 static inline int ipw_queue_space(const struct clx2_queue *q)
2658 {
2659         int s = q->last_used - q->first_empty;
2660         if (s <= 0)
2661                 s += q->n_bd;
2662         s -= 2;                 /* keep some reserve to not confuse empty and full situations */
2663         if (s < 0)
2664                 s = 0;
2665         return s;
2666 }
2667
2668 static inline int ipw_queue_inc_wrap(int index, int n_bd)
2669 {
2670         return (++index == n_bd) ? 0 : index;
2671 }
2672
2673 /**
2674  * Initialize common DMA queue structure
2675  *
2676  * @param q                queue to init
2677  * @param count            Number of BD's to allocate. Should be power of 2
2678  * @param read_register    Address for 'read' register
2679  *                         (not offset within BAR, full address)
2680  * @param write_register   Address for 'write' register
2681  *                         (not offset within BAR, full address)
2682  * @param base_register    Address for 'base' register
2683  *                         (not offset within BAR, full address)
2684  * @param size             Address for 'size' register
2685  *                         (not offset within BAR, full address)
2686  */
2687 static void ipw_queue_init(struct ipw_priv *priv, struct clx2_queue *q,
2688                            int count, u32 read, u32 write, u32 base, u32 size)
2689 {
2690         q->n_bd = count;
2691
2692         q->low_mark = q->n_bd / 4;
2693         if (q->low_mark < 4)
2694                 q->low_mark = 4;
2695
2696         q->high_mark = q->n_bd / 8;
2697         if (q->high_mark < 2)
2698                 q->high_mark = 2;
2699
2700         q->first_empty = q->last_used = 0;
2701         q->reg_r = read;
2702         q->reg_w = write;
2703
2704         ipw_write32(priv, base, q->dma_addr);
2705         ipw_write32(priv, size, count);
2706         ipw_write32(priv, read, 0);
2707         ipw_write32(priv, write, 0);
2708
2709         _ipw_read32(priv, 0x90);
2710 }
2711
2712 static int ipw_queue_tx_init(struct ipw_priv *priv,
2713                              struct clx2_tx_queue *q,
2714                              int count, u32 read, u32 write, u32 base, u32 size)
2715 {
2716         struct pci_dev *dev = priv->pci_dev;
2717
2718         q->txb = kmalloc(sizeof(q->txb[0]) * count, GFP_KERNEL);
2719         if (!q->txb) {
2720                 IPW_ERROR("vmalloc for auxilary BD structures failed\n");
2721                 return -ENOMEM;
2722         }
2723
2724         q->bd =
2725             pci_alloc_consistent(dev, sizeof(q->bd[0]) * count, &q->q.dma_addr);
2726         if (!q->bd) {
2727                 IPW_ERROR("pci_alloc_consistent(%zd) failed\n",
2728                           sizeof(q->bd[0]) * count);
2729                 kfree(q->txb);
2730                 q->txb = NULL;
2731                 return -ENOMEM;
2732         }
2733
2734         ipw_queue_init(priv, &q->q, count, read, write, base, size);
2735         return 0;
2736 }
2737
2738 /**
2739  * Free one TFD, those at index [txq->q.last_used].
2740  * Do NOT advance any indexes
2741  *
2742  * @param dev
2743  * @param txq
2744  */
2745 static void ipw_queue_tx_free_tfd(struct ipw_priv *priv,
2746                                   struct clx2_tx_queue *txq)
2747 {
2748         struct tfd_frame *bd = &txq->bd[txq->q.last_used];
2749         struct pci_dev *dev = priv->pci_dev;
2750         int i;
2751
2752         /* classify bd */
2753         if (bd->control_flags.message_type == TX_HOST_COMMAND_TYPE)
2754                 /* nothing to cleanup after for host commands */
2755                 return;
2756
2757         /* sanity check */
2758         if (bd->u.data.num_chunks > NUM_TFD_CHUNKS) {
2759                 IPW_ERROR("Too many chunks: %i\n", bd->u.data.num_chunks);
2760                 /** @todo issue fatal error, it is quite serious situation */
2761                 return;
2762         }
2763
2764         /* unmap chunks if any */
2765         for (i = 0; i < bd->u.data.num_chunks; i++) {
2766                 pci_unmap_single(dev, bd->u.data.chunk_ptr[i],
2767                                  bd->u.data.chunk_len[i], PCI_DMA_TODEVICE);
2768                 if (txq->txb[txq->q.last_used]) {
2769                         ieee80211_txb_free(txq->txb[txq->q.last_used]);
2770                         txq->txb[txq->q.last_used] = NULL;
2771                 }
2772         }
2773 }
2774
2775 /**
2776  * Deallocate DMA queue.
2777  *
2778  * Empty queue by removing and destroying all BD's.
2779  * Free all buffers.
2780  *
2781  * @param dev
2782  * @param q
2783  */
2784 static void ipw_queue_tx_free(struct ipw_priv *priv, struct clx2_tx_queue *txq)
2785 {
2786         struct clx2_queue *q = &txq->q;
2787         struct pci_dev *dev = priv->pci_dev;
2788
2789         if (q->n_bd == 0)
2790                 return;
2791
2792         /* first, empty all BD's */
2793         for (; q->first_empty != q->last_used;
2794              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
2795                 ipw_queue_tx_free_tfd(priv, txq);
2796         }
2797
2798         /* free buffers belonging to queue itself */
2799         pci_free_consistent(dev, sizeof(txq->bd[0]) * q->n_bd, txq->bd,
2800                             q->dma_addr);
2801         kfree(txq->txb);
2802
2803         /* 0 fill whole structure */
2804         memset(txq, 0, sizeof(*txq));
2805 }
2806
2807 /**
2808  * Destroy all DMA queues and structures
2809  *
2810  * @param priv
2811  */
2812 static void ipw_tx_queue_free(struct ipw_priv *priv)
2813 {
2814         /* Tx CMD queue */
2815         ipw_queue_tx_free(priv, &priv->txq_cmd);
2816
2817         /* Tx queues */
2818         ipw_queue_tx_free(priv, &priv->txq[0]);
2819         ipw_queue_tx_free(priv, &priv->txq[1]);
2820         ipw_queue_tx_free(priv, &priv->txq[2]);
2821         ipw_queue_tx_free(priv, &priv->txq[3]);
2822 }
2823
2824 static void inline __maybe_wake_tx(struct ipw_priv *priv)
2825 {
2826         if (netif_running(priv->net_dev)) {
2827                 switch (priv->port_type) {
2828                 case DCR_TYPE_MU_BSS:
2829                 case DCR_TYPE_MU_IBSS:
2830                         if (!(priv->status & STATUS_ASSOCIATED)) {
2831                                 return;
2832                         }
2833                 }
2834                 netif_wake_queue(priv->net_dev);
2835         }
2836
2837 }
2838
2839 static inline void ipw_create_bssid(struct ipw_priv *priv, u8 * bssid)
2840 {
2841         /* First 3 bytes are manufacturer */
2842         bssid[0] = priv->mac_addr[0];
2843         bssid[1] = priv->mac_addr[1];
2844         bssid[2] = priv->mac_addr[2];
2845
2846         /* Last bytes are random */
2847         get_random_bytes(&bssid[3], ETH_ALEN - 3);
2848
2849         bssid[0] &= 0xfe;       /* clear multicast bit */
2850         bssid[0] |= 0x02;       /* set local assignment bit (IEEE802) */
2851 }
2852
2853 static inline u8 ipw_add_station(struct ipw_priv *priv, u8 * bssid)
2854 {
2855         struct ipw_station_entry entry;
2856         int i;
2857
2858         for (i = 0; i < priv->num_stations; i++) {
2859                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN)) {
2860                         /* Another node is active in network */
2861                         priv->missed_adhoc_beacons = 0;
2862                         if (!(priv->config & CFG_STATIC_CHANNEL))
2863                                 /* when other nodes drop out, we drop out */
2864                                 priv->config &= ~CFG_ADHOC_PERSIST;
2865
2866                         return i;
2867                 }
2868         }
2869
2870         if (i == MAX_STATIONS)
2871                 return IPW_INVALID_STATION;
2872
2873         IPW_DEBUG_SCAN("Adding AdHoc station: " MAC_FMT "\n", MAC_ARG(bssid));
2874
2875         entry.reserved = 0;
2876         entry.support_mode = 0;
2877         memcpy(entry.mac_addr, bssid, ETH_ALEN);
2878         memcpy(priv->stations[i], bssid, ETH_ALEN);
2879         ipw_write_direct(priv, IPW_STATION_TABLE_LOWER + i * sizeof(entry),
2880                          &entry, sizeof(entry));
2881         priv->num_stations++;
2882
2883         return i;
2884 }
2885
2886 static inline u8 ipw_find_station(struct ipw_priv *priv, u8 * bssid)
2887 {
2888         int i;
2889
2890         for (i = 0; i < priv->num_stations; i++)
2891                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN))
2892                         return i;
2893
2894         return IPW_INVALID_STATION;
2895 }
2896
2897 static void ipw_send_disassociate(struct ipw_priv *priv, int quiet)
2898 {
2899         int err;
2900
2901         if (!(priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED))) {
2902                 IPW_DEBUG_ASSOC("Disassociating while not associated.\n");
2903                 return;
2904         }
2905
2906         IPW_DEBUG_ASSOC("Disassocation attempt from " MAC_FMT " "
2907                         "on channel %d.\n",
2908                         MAC_ARG(priv->assoc_request.bssid),
2909                         priv->assoc_request.channel);
2910
2911         priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
2912         priv->status |= STATUS_DISASSOCIATING;
2913
2914         if (quiet)
2915                 priv->assoc_request.assoc_type = HC_DISASSOC_QUIET;
2916         else
2917                 priv->assoc_request.assoc_type = HC_DISASSOCIATE;
2918         err = ipw_send_associate(priv, &priv->assoc_request);
2919         if (err) {
2920                 IPW_DEBUG_HC("Attempt to send [dis]associate command "
2921                              "failed.\n");
2922                 return;
2923         }
2924
2925 }
2926
2927 static void ipw_disassociate(void *data)
2928 {
2929         ipw_send_disassociate(data, 0);
2930 }
2931
2932 static void notify_wx_assoc_event(struct ipw_priv *priv)
2933 {
2934         union iwreq_data wrqu;
2935         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
2936         if (priv->status & STATUS_ASSOCIATED)
2937                 memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
2938         else
2939                 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
2940         wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
2941 }
2942
2943 struct ipw_status_code {
2944         u16 status;
2945         const char *reason;
2946 };
2947
2948 static const struct ipw_status_code ipw_status_codes[] = {
2949         {0x00, "Successful"},
2950         {0x01, "Unspecified failure"},
2951         {0x0A, "Cannot support all requested capabilities in the "
2952          "Capability information field"},
2953         {0x0B, "Reassociation denied due to inability to confirm that "
2954          "association exists"},
2955         {0x0C, "Association denied due to reason outside the scope of this "
2956          "standard"},
2957         {0x0D,
2958          "Responding station does not support the specified authentication "
2959          "algorithm"},
2960         {0x0E,
2961          "Received an Authentication frame with authentication sequence "
2962          "transaction sequence number out of expected sequence"},
2963         {0x0F, "Authentication rejected because of challenge failure"},
2964         {0x10, "Authentication rejected due to timeout waiting for next "
2965          "frame in sequence"},
2966         {0x11, "Association denied because AP is unable to handle additional "
2967          "associated stations"},
2968         {0x12,
2969          "Association denied due to requesting station not supporting all "
2970          "of the datarates in the BSSBasicServiceSet Parameter"},
2971         {0x13,
2972          "Association denied due to requesting station not supporting "
2973          "short preamble operation"},
2974         {0x14,
2975          "Association denied due to requesting station not supporting "
2976          "PBCC encoding"},
2977         {0x15,
2978          "Association denied due to requesting station not supporting "
2979          "channel agility"},
2980         {0x19,
2981          "Association denied due to requesting station not supporting "
2982          "short slot operation"},
2983         {0x1A,
2984          "Association denied due to requesting station not supporting "
2985          "DSSS-OFDM operation"},
2986         {0x28, "Invalid Information Element"},
2987         {0x29, "Group Cipher is not valid"},
2988         {0x2A, "Pairwise Cipher is not valid"},
2989         {0x2B, "AKMP is not valid"},
2990         {0x2C, "Unsupported RSN IE version"},
2991         {0x2D, "Invalid RSN IE Capabilities"},
2992         {0x2E, "Cipher suite is rejected per security policy"},
2993 };
2994
2995 #ifdef CONFIG_IPW_DEBUG
2996 static const char *ipw_get_status_code(u16 status)
2997 {
2998         int i;
2999         for (i = 0; i < ARRAY_SIZE(ipw_status_codes); i++)
3000                 if (ipw_status_codes[i].status == status)
3001                         return ipw_status_codes[i].reason;
3002         return "Unknown status value.";
3003 }
3004 #endif
3005
3006 static void inline average_init(struct average *avg)
3007 {
3008         memset(avg, 0, sizeof(*avg));
3009 }
3010
3011 static void inline average_add(struct average *avg, s16 val)
3012 {
3013         avg->sum -= avg->entries[avg->pos];
3014         avg->sum += val;
3015         avg->entries[avg->pos++] = val;
3016         if (unlikely(avg->pos == AVG_ENTRIES)) {
3017                 avg->init = 1;
3018                 avg->pos = 0;
3019         }
3020 }
3021
3022 static s16 inline average_value(struct average *avg)
3023 {
3024         if (!unlikely(avg->init)) {
3025                 if (avg->pos)
3026                         return avg->sum / avg->pos;
3027                 return 0;
3028         }
3029
3030         return avg->sum / AVG_ENTRIES;
3031 }
3032
3033 static void ipw_reset_stats(struct ipw_priv *priv)
3034 {
3035         u32 len = sizeof(u32);
3036
3037         priv->quality = 0;
3038
3039         average_init(&priv->average_missed_beacons);
3040         average_init(&priv->average_rssi);
3041         average_init(&priv->average_noise);
3042
3043         priv->last_rate = 0;
3044         priv->last_missed_beacons = 0;
3045         priv->last_rx_packets = 0;
3046         priv->last_tx_packets = 0;
3047         priv->last_tx_failures = 0;
3048
3049         /* Firmware managed, reset only when NIC is restarted, so we have to
3050          * normalize on the current value */
3051         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC,
3052                         &priv->last_rx_err, &len);
3053         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE,
3054                         &priv->last_tx_failures, &len);
3055
3056         /* Driver managed, reset with each association */
3057         priv->missed_adhoc_beacons = 0;
3058         priv->missed_beacons = 0;
3059         priv->tx_packets = 0;
3060         priv->rx_packets = 0;
3061
3062 }
3063
3064 static inline u32 ipw_get_max_rate(struct ipw_priv *priv)
3065 {
3066         u32 i = 0x80000000;
3067         u32 mask = priv->rates_mask;
3068         /* If currently associated in B mode, restrict the maximum
3069          * rate match to B rates */
3070         if (priv->assoc_request.ieee_mode == IPW_B_MODE)
3071                 mask &= IEEE80211_CCK_RATES_MASK;
3072
3073         /* TODO: Verify that the rate is supported by the current rates
3074          * list. */
3075
3076         while (i && !(mask & i))
3077                 i >>= 1;
3078         switch (i) {
3079         case IEEE80211_CCK_RATE_1MB_MASK:       return 1000000;
3080         case IEEE80211_CCK_RATE_2MB_MASK:       return 2000000;
3081         case IEEE80211_CCK_RATE_5MB_MASK:       return 5500000;
3082         case IEEE80211_OFDM_RATE_6MB_MASK:      return 6000000;
3083         case IEEE80211_OFDM_RATE_9MB_MASK:      return 9000000;
3084         case IEEE80211_CCK_RATE_11MB_MASK:      return 11000000;
3085         case IEEE80211_OFDM_RATE_12MB_MASK:     return 12000000;
3086         case IEEE80211_OFDM_RATE_18MB_MASK:     return 18000000;
3087         case IEEE80211_OFDM_RATE_24MB_MASK:     return 24000000;
3088         case IEEE80211_OFDM_RATE_36MB_MASK:     return 36000000;
3089         case IEEE80211_OFDM_RATE_48MB_MASK:     return 48000000;
3090         case IEEE80211_OFDM_RATE_54MB_MASK:     return 54000000;
3091         }
3092
3093         if (priv->ieee->mode == IEEE_B)
3094                 return 11000000;
3095         else
3096                 return 54000000;
3097 }
3098
3099 static u32 ipw_get_current_rate(struct ipw_priv *priv)
3100 {
3101         u32 rate, len = sizeof(rate);
3102         int err;
3103
3104         if (!(priv->status & STATUS_ASSOCIATED))
3105                 return 0;
3106
3107         if (priv->tx_packets > IPW_REAL_RATE_RX_PACKET_THRESHOLD) {
3108                 err = ipw_get_ordinal(priv, IPW_ORD_STAT_TX_CURR_RATE, &rate,
3109                                       &len);
3110                 if (err) {
3111                         IPW_DEBUG_INFO("failed querying ordinals.\n");
3112                         return 0;
3113                 }
3114         } else
3115                 return ipw_get_max_rate(priv);
3116
3117         switch (rate) {
3118         case IPW_TX_RATE_1MB:   return 1000000;
3119         case IPW_TX_RATE_2MB:   return 2000000;
3120         case IPW_TX_RATE_5MB:   return 5500000;
3121         case IPW_TX_RATE_6MB:   return 6000000;
3122         case IPW_TX_RATE_9MB:   return 9000000;
3123         case IPW_TX_RATE_11MB:  return 11000000;
3124         case IPW_TX_RATE_12MB:  return 12000000;
3125         case IPW_TX_RATE_18MB:  return 18000000;
3126         case IPW_TX_RATE_24MB:  return 24000000;
3127         case IPW_TX_RATE_36MB:  return 36000000;
3128         case IPW_TX_RATE_48MB:  return 48000000;
3129         case IPW_TX_RATE_54MB:  return 54000000;
3130         }
3131
3132         return 0;
3133 }
3134
3135 #define PERFECT_RSSI (-50)
3136 #define WORST_RSSI   (-85)
3137 #define IPW_STATS_INTERVAL (2 * HZ)
3138 static void ipw_gather_stats(struct ipw_priv *priv)
3139 {
3140         u32 rx_err, rx_err_delta, rx_packets_delta;
3141         u32 tx_failures, tx_failures_delta, tx_packets_delta;
3142         u32 missed_beacons_percent, missed_beacons_delta;
3143         u32 quality = 0;
3144         u32 len = sizeof(u32);
3145         s16 rssi;
3146         u32 beacon_quality, signal_quality, tx_quality, rx_quality,
3147             rate_quality;
3148
3149         if (!(priv->status & STATUS_ASSOCIATED)) {
3150                 priv->quality = 0;
3151                 return;
3152         }
3153
3154         /* Update the statistics */
3155         ipw_get_ordinal(priv, IPW_ORD_STAT_MISSED_BEACONS,
3156                         &priv->missed_beacons, &len);
3157         missed_beacons_delta = priv->missed_beacons - priv->last_missed_beacons;
3158         priv->last_missed_beacons = priv->missed_beacons;
3159         if (priv->assoc_request.beacon_interval) {
3160                 missed_beacons_percent = missed_beacons_delta *
3161                     (HZ * priv->assoc_request.beacon_interval) /
3162                     (IPW_STATS_INTERVAL * 10);
3163         } else {
3164                 missed_beacons_percent = 0;
3165         }
3166         average_add(&priv->average_missed_beacons, missed_beacons_percent);
3167
3168         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC, &rx_err, &len);
3169         rx_err_delta = rx_err - priv->last_rx_err;
3170         priv->last_rx_err = rx_err;
3171
3172         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE, &tx_failures, &len);
3173         tx_failures_delta = tx_failures - priv->last_tx_failures;
3174         priv->last_tx_failures = tx_failures;
3175
3176         rx_packets_delta = priv->rx_packets - priv->last_rx_packets;
3177         priv->last_rx_packets = priv->rx_packets;
3178
3179         tx_packets_delta = priv->tx_packets - priv->last_tx_packets;
3180         priv->last_tx_packets = priv->tx_packets;
3181
3182         /* Calculate quality based on the following:
3183          *
3184          * Missed beacon: 100% = 0, 0% = 70% missed
3185          * Rate: 60% = 1Mbs, 100% = Max
3186          * Rx and Tx errors represent a straight % of total Rx/Tx
3187          * RSSI: 100% = > -50,  0% = < -80
3188          * Rx errors: 100% = 0, 0% = 50% missed
3189          *
3190          * The lowest computed quality is used.
3191          *
3192          */
3193 #define BEACON_THRESHOLD 5
3194         beacon_quality = 100 - missed_beacons_percent;
3195         if (beacon_quality < BEACON_THRESHOLD)
3196                 beacon_quality = 0;
3197         else
3198                 beacon_quality = (beacon_quality - BEACON_THRESHOLD) * 100 /
3199                     (100 - BEACON_THRESHOLD);
3200         IPW_DEBUG_STATS("Missed beacon: %3d%% (%d%%)\n",
3201                         beacon_quality, missed_beacons_percent);
3202
3203         priv->last_rate = ipw_get_current_rate(priv);
3204         rate_quality = priv->last_rate * 40 / priv->last_rate + 60;
3205         IPW_DEBUG_STATS("Rate quality : %3d%% (%dMbs)\n",
3206                         rate_quality, priv->last_rate / 1000000);
3207
3208         if (rx_packets_delta > 100 && rx_packets_delta + rx_err_delta)
3209                 rx_quality = 100 - (rx_err_delta * 100) /
3210                     (rx_packets_delta + rx_err_delta);
3211         else
3212                 rx_quality = 100;
3213         IPW_DEBUG_STATS("Rx quality   : %3d%% (%u errors, %u packets)\n",
3214                         rx_quality, rx_err_delta, rx_packets_delta);
3215
3216         if (tx_packets_delta > 100 && tx_packets_delta + tx_failures_delta)
3217                 tx_quality = 100 - (tx_failures_delta * 100) /
3218                     (tx_packets_delta + tx_failures_delta);
3219         else
3220                 tx_quality = 100;
3221         IPW_DEBUG_STATS("Tx quality   : %3d%% (%u errors, %u packets)\n",
3222                         tx_quality, tx_failures_delta, tx_packets_delta);
3223
3224         rssi = average_value(&priv->average_rssi);
3225         if (rssi > PERFECT_RSSI)
3226                 signal_quality = 100;
3227         else if (rssi < WORST_RSSI)
3228                 signal_quality = 0;
3229         else
3230                 signal_quality = (rssi - WORST_RSSI) * 100 /
3231                     (PERFECT_RSSI - WORST_RSSI);
3232         IPW_DEBUG_STATS("Signal level : %3d%% (%d dBm)\n",
3233                         signal_quality, rssi);
3234
3235         quality = min(beacon_quality,
3236                       min(rate_quality,
3237                           min(tx_quality, min(rx_quality, signal_quality))));
3238         if (quality == beacon_quality)
3239                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to missed beacons.\n",
3240                                 quality);
3241         if (quality == rate_quality)
3242                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to rate quality.\n",
3243                                 quality);
3244         if (quality == tx_quality)
3245                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Tx quality.\n",
3246                                 quality);
3247         if (quality == rx_quality)
3248                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Rx quality.\n",
3249                                 quality);
3250         if (quality == signal_quality)
3251                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to signal quality.\n",
3252                                 quality);
3253
3254         priv->quality = quality;
3255
3256         queue_delayed_work(priv->workqueue, &priv->gather_stats,
3257                            IPW_STATS_INTERVAL);
3258 }
3259
3260 /**
3261  * Handle host notification packet.
3262  * Called from interrupt routine
3263  */
3264 static inline void ipw_rx_notification(struct ipw_priv *priv,
3265                                        struct ipw_rx_notification *notif)
3266 {
3267         IPW_DEBUG_NOTIF("type = %i (%d bytes)\n", notif->subtype, notif->size);
3268
3269         switch (notif->subtype) {
3270         case HOST_NOTIFICATION_STATUS_ASSOCIATED:{
3271                         struct notif_association *assoc = &notif->u.assoc;
3272
3273                         switch (assoc->state) {
3274                         case CMAS_ASSOCIATED:{
3275                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3276                                                   IPW_DL_ASSOC,
3277                                                   "associated: '%s' " MAC_FMT
3278                                                   " \n",
3279                                                   escape_essid(priv->essid,
3280                                                                priv->essid_len),
3281                                                   MAC_ARG(priv->bssid));
3282
3283                                         switch (priv->ieee->iw_mode) {
3284                                         case IW_MODE_INFRA:
3285                                                 memcpy(priv->ieee->bssid,
3286                                                        priv->bssid, ETH_ALEN);
3287                                                 break;
3288
3289                                         case IW_MODE_ADHOC:
3290                                                 memcpy(priv->ieee->bssid,
3291                                                        priv->bssid, ETH_ALEN);
3292
3293                                                 /* clear out the station table */
3294                                                 priv->num_stations = 0;
3295
3296                                                 IPW_DEBUG_ASSOC
3297                                                     ("queueing adhoc check\n");
3298                                                 queue_delayed_work(priv->
3299                                                                    workqueue,
3300                                                                    &priv->
3301                                                                    adhoc_check,
3302                                                                    priv->
3303                                                                    assoc_request.
3304                                                                    beacon_interval);
3305                                                 break;
3306                                         }
3307
3308                                         priv->status &= ~STATUS_ASSOCIATING;
3309                                         priv->status |= STATUS_ASSOCIATED;
3310
3311                                         netif_carrier_on(priv->net_dev);
3312                                         if (netif_queue_stopped(priv->net_dev)) {
3313                                                 IPW_DEBUG_NOTIF
3314                                                     ("waking queue\n");
3315                                                 netif_wake_queue(priv->net_dev);
3316                                         } else {
3317                                                 IPW_DEBUG_NOTIF
3318                                                     ("starting queue\n");
3319                                                 netif_start_queue(priv->
3320                                                                   net_dev);
3321                                         }
3322
3323                                         ipw_reset_stats(priv);
3324                                         /* Ensure the rate is updated immediately */
3325                                         priv->last_rate =
3326                                             ipw_get_current_rate(priv);
3327                                         schedule_work(&priv->gather_stats);
3328                                         notify_wx_assoc_event(priv);
3329
3330 /*                      queue_delayed_work(priv->workqueue,
3331                                            &priv->request_scan,
3332                                            SCAN_ASSOCIATED_INTERVAL);
3333 */
3334                                         break;
3335                                 }
3336
3337                         case CMAS_AUTHENTICATED:{
3338                                         if (priv->
3339                                             status & (STATUS_ASSOCIATED |
3340                                                       STATUS_AUTH)) {
3341 #ifdef CONFIG_IPW_DEBUG
3342                                                 struct notif_authenticate *auth
3343                                                     = &notif->u.auth;
3344                                                 IPW_DEBUG(IPW_DL_NOTIF |
3345                                                           IPW_DL_STATE |
3346                                                           IPW_DL_ASSOC,
3347                                                           "deauthenticated: '%s' "
3348                                                           MAC_FMT
3349                                                           ": (0x%04X) - %s \n",
3350                                                           escape_essid(priv->
3351                                                                        essid,
3352                                                                        priv->
3353                                                                        essid_len),
3354                                                           MAC_ARG(priv->bssid),
3355                                                           ntohs(auth->status),
3356                                                           ipw_get_status_code
3357                                                           (ntohs
3358                                                            (auth->status)));
3359 #endif
3360
3361                                                 priv->status &=
3362                                                     ~(STATUS_ASSOCIATING |
3363                                                       STATUS_AUTH |
3364                                                       STATUS_ASSOCIATED);
3365
3366                                                 netif_carrier_off(priv->
3367                                                                   net_dev);
3368                                                 netif_stop_queue(priv->net_dev);
3369                                                 queue_work(priv->workqueue,
3370                                                            &priv->request_scan);
3371                                                 notify_wx_assoc_event(priv);
3372                                                 break;
3373                                         }
3374
3375                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3376                                                   IPW_DL_ASSOC,
3377                                                   "authenticated: '%s' " MAC_FMT
3378                                                   "\n",
3379                                                   escape_essid(priv->essid,
3380                                                                priv->essid_len),
3381                                                   MAC_ARG(priv->bssid));
3382                                         break;
3383                                 }
3384
3385                         case CMAS_INIT:{
3386                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3387                                                   IPW_DL_ASSOC,
3388                                                   "disassociated: '%s' " MAC_FMT
3389                                                   " \n",
3390                                                   escape_essid(priv->essid,
3391                                                                priv->essid_len),
3392                                                   MAC_ARG(priv->bssid));
3393
3394                                         priv->status &=
3395                                             ~(STATUS_DISASSOCIATING |
3396                                               STATUS_ASSOCIATING |
3397                                               STATUS_ASSOCIATED | STATUS_AUTH);
3398
3399                                         netif_stop_queue(priv->net_dev);
3400                                         if (!(priv->status & STATUS_ROAMING)) {
3401                                                 netif_carrier_off(priv->
3402                                                                   net_dev);
3403                                                 notify_wx_assoc_event(priv);
3404
3405                                                 /* Cancel any queued work ... */
3406                                                 cancel_delayed_work(&priv->
3407                                                                     request_scan);
3408                                                 cancel_delayed_work(&priv->
3409                                                                     adhoc_check);
3410
3411                                                 /* Queue up another scan... */
3412                                                 queue_work(priv->workqueue,
3413                                                            &priv->request_scan);
3414
3415                                                 cancel_delayed_work(&priv->
3416                                                                     gather_stats);
3417                                         } else {
3418                                                 priv->status |= STATUS_ROAMING;
3419                                                 queue_work(priv->workqueue,
3420                                                            &priv->request_scan);
3421                                         }
3422
3423                                         ipw_reset_stats(priv);
3424                                         break;
3425                                 }
3426
3427                         default:
3428                                 IPW_ERROR("assoc: unknown (%d)\n",
3429                                           assoc->state);
3430                                 break;
3431                         }
3432
3433                         break;
3434                 }
3435
3436         case HOST_NOTIFICATION_STATUS_AUTHENTICATE:{
3437                         struct notif_authenticate *auth = &notif->u.auth;
3438                         switch (auth->state) {
3439                         case CMAS_AUTHENTICATED:
3440                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
3441                                           "authenticated: '%s' " MAC_FMT " \n",
3442                                           escape_essid(priv->essid,
3443                                                        priv->essid_len),
3444                                           MAC_ARG(priv->bssid));
3445                                 priv->status |= STATUS_AUTH;
3446                                 break;
3447
3448                         case CMAS_INIT:
3449                                 if (priv->status & STATUS_AUTH) {
3450                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3451                                                   IPW_DL_ASSOC,
3452                                                   "authentication failed (0x%04X): %s\n",
3453                                                   ntohs(auth->status),
3454                                                   ipw_get_status_code(ntohs
3455                                                                       (auth->
3456                                                                        status)));
3457                                 }
3458                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3459                                           IPW_DL_ASSOC,
3460                                           "deauthenticated: '%s' " MAC_FMT "\n",
3461                                           escape_essid(priv->essid,
3462                                                        priv->essid_len),
3463                                           MAC_ARG(priv->bssid));
3464
3465                                 priv->status &= ~(STATUS_ASSOCIATING |
3466                                                   STATUS_AUTH |
3467                                                   STATUS_ASSOCIATED);
3468
3469                                 netif_carrier_off(priv->net_dev);
3470                                 netif_stop_queue(priv->net_dev);
3471                                 queue_work(priv->workqueue,
3472                                            &priv->request_scan);
3473                                 notify_wx_assoc_event(priv);
3474                                 break;
3475
3476                         case CMAS_TX_AUTH_SEQ_1:
3477                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3478                                           IPW_DL_ASSOC, "AUTH_SEQ_1\n");
3479                                 break;
3480                         case CMAS_RX_AUTH_SEQ_2:
3481                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3482                                           IPW_DL_ASSOC, "AUTH_SEQ_2\n");
3483                                 break;
3484                         case CMAS_AUTH_SEQ_1_PASS:
3485                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3486                                           IPW_DL_ASSOC, "AUTH_SEQ_1_PASS\n");
3487                                 break;
3488                         case CMAS_AUTH_SEQ_1_FAIL:
3489                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3490                                           IPW_DL_ASSOC, "AUTH_SEQ_1_FAIL\n");
3491                                 break;
3492                         case CMAS_TX_AUTH_SEQ_3:
3493                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3494                                           IPW_DL_ASSOC, "AUTH_SEQ_3\n");
3495                                 break;
3496                         case CMAS_RX_AUTH_SEQ_4:
3497                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3498                                           IPW_DL_ASSOC, "RX_AUTH_SEQ_4\n");
3499                                 break;
3500                         case CMAS_AUTH_SEQ_2_PASS:
3501                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3502                                           IPW_DL_ASSOC, "AUTH_SEQ_2_PASS\n");
3503                                 break;
3504                         case CMAS_AUTH_SEQ_2_FAIL:
3505                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3506                                           IPW_DL_ASSOC, "AUT_SEQ_2_FAIL\n");
3507                                 break;
3508                         case CMAS_TX_ASSOC:
3509                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3510                                           IPW_DL_ASSOC, "TX_ASSOC\n");
3511                                 break;
3512                         case CMAS_RX_ASSOC_RESP:
3513                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3514                                           IPW_DL_ASSOC, "RX_ASSOC_RESP\n");
3515                                 break;
3516                         case CMAS_ASSOCIATED:
3517                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
3518                                           IPW_DL_ASSOC, "ASSOCIATED\n");
3519                                 break;
3520                         default:
3521                                 IPW_DEBUG_NOTIF("auth: failure - %d\n",
3522                                                 auth->state);
3523                                 break;
3524                         }
3525                         break;
3526                 }
3527
3528         case HOST_NOTIFICATION_STATUS_SCAN_CHANNEL_RESULT:{
3529                         struct notif_channel_result *x =
3530                             &notif->u.channel_result;
3531
3532                         if (notif->size == sizeof(*x)) {
3533                                 IPW_DEBUG_SCAN("Scan result for channel %d\n",
3534                                                x->channel_num);
3535                         } else {
3536                                 IPW_DEBUG_SCAN("Scan result of wrong size %d "
3537                                                "(should be %zd)\n",
3538                                                notif->size, sizeof(*x));
3539                         }
3540                         break;
3541                 }
3542
3543         case HOST_NOTIFICATION_STATUS_SCAN_COMPLETED:{
3544                         struct notif_scan_complete *x = &notif->u.scan_complete;
3545                         if (notif->size == sizeof(*x)) {
3546                                 IPW_DEBUG_SCAN
3547                                     ("Scan completed: type %d, %d channels, "
3548                                      "%d status\n", x->scan_type,
3549                                      x->num_channels, x->status);
3550                         } else {
3551                                 IPW_ERROR("Scan completed of wrong size %d "
3552                                           "(should be %zd)\n",
3553                                           notif->size, sizeof(*x));
3554                         }
3555
3556                         priv->status &=
3557                             ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
3558
3559                         cancel_delayed_work(&priv->scan_check);
3560
3561                         if (!(priv->status & (STATUS_ASSOCIATED |
3562                                               STATUS_ASSOCIATING |
3563                                               STATUS_ROAMING |
3564                                               STATUS_DISASSOCIATING)))
3565                                 queue_work(priv->workqueue, &priv->associate);
3566                         else if (priv->status & STATUS_ROAMING) {
3567                                 /* If a scan completed and we are in roam mode, then
3568                                  * the scan that completed was the one requested as a
3569                                  * result of entering roam... so, schedule the
3570                                  * roam work */
3571                                 queue_work(priv->workqueue, &priv->roam);
3572                         } else if (priv->status & STATUS_SCAN_PENDING)
3573                                 queue_work(priv->workqueue,
3574                                            &priv->request_scan);
3575
3576                         priv->ieee->scans++;
3577                         break;
3578                 }
3579
3580         case HOST_NOTIFICATION_STATUS_FRAG_LENGTH:{
3581                         struct notif_frag_length *x = &notif->u.frag_len;
3582
3583                         if (notif->size == sizeof(*x)) {
3584                                 IPW_ERROR("Frag length: %d\n", x->frag_length);
3585                         } else {
3586                                 IPW_ERROR("Frag length of wrong size %d "
3587                                           "(should be %zd)\n",
3588                                           notif->size, sizeof(*x));
3589                         }
3590                         break;
3591                 }
3592
3593         case HOST_NOTIFICATION_STATUS_LINK_DETERIORATION:{
3594                         struct notif_link_deterioration *x =
3595                             &notif->u.link_deterioration;
3596                         if (notif->size == sizeof(*x)) {
3597                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
3598                                           "link deterioration: '%s' " MAC_FMT
3599                                           " \n", escape_essid(priv->essid,
3600                                                               priv->essid_len),
3601                                           MAC_ARG(priv->bssid));
3602                                 memcpy(&priv->last_link_deterioration, x,
3603                                        sizeof(*x));
3604                         } else {
3605                                 IPW_ERROR("Link Deterioration of wrong size %d "
3606                                           "(should be %zd)\n",
3607                                           notif->size, sizeof(*x));
3608                         }
3609                         break;
3610                 }
3611
3612         case HOST_NOTIFICATION_DINO_CONFIG_RESPONSE:{
3613                         IPW_ERROR("Dino config\n");
3614                         if (priv->hcmd
3615                             && priv->hcmd->cmd == HOST_CMD_DINO_CONFIG) {
3616                                 /* TODO: Do anything special? */
3617                         } else {
3618                                 IPW_ERROR("Unexpected DINO_CONFIG_RESPONSE\n");
3619                         }
3620                         break;
3621                 }
3622
3623         case HOST_NOTIFICATION_STATUS_BEACON_STATE:{
3624                         struct notif_beacon_state *x = &notif->u.beacon_state;
3625                         if (notif->size != sizeof(*x)) {
3626                                 IPW_ERROR
3627                                     ("Beacon state of wrong size %d (should "
3628                                      "be %zd)\n", notif->size, sizeof(*x));
3629                                 break;
3630                         }
3631
3632                         if (x->state == HOST_NOTIFICATION_STATUS_BEACON_MISSING) {
3633                                 if (priv->status & STATUS_SCANNING) {
3634                                         /* Stop scan to keep fw from getting
3635                                          * stuck... */
3636                                         queue_work(priv->workqueue,
3637                                                    &priv->abort_scan);
3638                                 }
3639
3640                                 if (x->number > priv->missed_beacon_threshold &&
3641                                     priv->status & STATUS_ASSOCIATED) {
3642                                         IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
3643                                                   IPW_DL_STATE,
3644                                                   "Missed beacon: %d - disassociate\n",
3645                                                   x->number);
3646                                         queue_work(priv->workqueue,
3647                                                    &priv->disassociate);
3648                                 } else if (x->number > priv->roaming_threshold) {
3649                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
3650                                                   "Missed beacon: %d - initiate "
3651                                                   "roaming\n", x->number);
3652                                         queue_work(priv->workqueue,
3653                                                    &priv->roam);
3654                                 } else {
3655                                         IPW_DEBUG_NOTIF("Missed beacon: %d\n",
3656                                                         x->number);
3657                                 }
3658
3659                                 priv->notif_missed_beacons = x->number;
3660
3661                         }
3662
3663                         break;
3664                 }
3665
3666         case HOST_NOTIFICATION_STATUS_TGI_TX_KEY:{
3667                         struct notif_tgi_tx_key *x = &notif->u.tgi_tx_key;
3668                         if (notif->size == sizeof(*x)) {
3669                                 IPW_ERROR("TGi Tx Key: state 0x%02x sec type "
3670                                           "0x%02x station %d\n",
3671                                           x->key_state, x->security_type,
3672                                           x->station_index);
3673                                 break;
3674                         }
3675
3676                         IPW_ERROR
3677                             ("TGi Tx Key of wrong size %d (should be %zd)\n",
3678                              notif->size, sizeof(*x));
3679                         break;
3680                 }
3681
3682         case HOST_NOTIFICATION_CALIB_KEEP_RESULTS:{
3683                         struct notif_calibration *x = &notif->u.calibration;
3684
3685                         if (notif->size == sizeof(*x)) {
3686                                 memcpy(&priv->calib, x, sizeof(*x));
3687                                 IPW_DEBUG_INFO("TODO: Calibration\n");
3688                                 break;
3689                         }
3690
3691                         IPW_ERROR
3692                             ("Calibration of wrong size %d (should be %zd)\n",
3693                              notif->size, sizeof(*x));
3694                         break;
3695                 }
3696
3697         case HOST_NOTIFICATION_NOISE_STATS:{
3698                         if (notif->size == sizeof(u32)) {
3699                                 priv->last_noise =
3700                                     (u8) (notif->u.noise.value & 0xff);
3701                                 average_add(&priv->average_noise,
3702                                             priv->last_noise);
3703                                 break;
3704                         }
3705
3706                         IPW_ERROR
3707                             ("Noise stat is wrong size %d (should be %zd)\n",
3708                              notif->size, sizeof(u32));
3709                         break;
3710                 }
3711
3712         default:
3713                 IPW_ERROR("Unknown notification: "
3714                           "subtype=%d,flags=0x%2x,size=%d\n",
3715                           notif->subtype, notif->flags, notif->size);
3716         }
3717 }
3718
3719 /**
3720  * Destroys all DMA structures and initialise them again
3721  *
3722  * @param priv
3723  * @return error code
3724  */
3725 static int ipw_queue_reset(struct ipw_priv *priv)
3726 {
3727         int rc = 0;
3728         /** @todo customize queue sizes */
3729         int nTx = 64, nTxCmd = 8;
3730         ipw_tx_queue_free(priv);
3731         /* Tx CMD queue */
3732         rc = ipw_queue_tx_init(priv, &priv->txq_cmd, nTxCmd,
3733                                CX2_TX_CMD_QUEUE_READ_INDEX,
3734                                CX2_TX_CMD_QUEUE_WRITE_INDEX,
3735                                CX2_TX_CMD_QUEUE_BD_BASE,
3736                                CX2_TX_CMD_QUEUE_BD_SIZE);
3737         if (rc) {
3738                 IPW_ERROR("Tx Cmd queue init failed\n");
3739                 goto error;
3740         }
3741         /* Tx queue(s) */
3742         rc = ipw_queue_tx_init(priv, &priv->txq[0], nTx,
3743                                CX2_TX_QUEUE_0_READ_INDEX,
3744                                CX2_TX_QUEUE_0_WRITE_INDEX,
3745                                CX2_TX_QUEUE_0_BD_BASE, CX2_TX_QUEUE_0_BD_SIZE);
3746         if (rc) {
3747                 IPW_ERROR("Tx 0 queue init failed\n");
3748                 goto error;
3749         }
3750         rc = ipw_queue_tx_init(priv, &priv->txq[1], nTx,
3751                                CX2_TX_QUEUE_1_READ_INDEX,
3752                                CX2_TX_QUEUE_1_WRITE_INDEX,
3753                                CX2_TX_QUEUE_1_BD_BASE, CX2_TX_QUEUE_1_BD_SIZE);
3754         if (rc) {
3755                 IPW_ERROR("Tx 1 queue init failed\n");
3756                 goto error;
3757         }
3758         rc = ipw_queue_tx_init(priv, &priv->txq[2], nTx,
3759                                CX2_TX_QUEUE_2_READ_INDEX,
3760                                CX2_TX_QUEUE_2_WRITE_INDEX,
3761                                CX2_TX_QUEUE_2_BD_BASE, CX2_TX_QUEUE_2_BD_SIZE);
3762         if (rc) {
3763                 IPW_ERROR("Tx 2 queue init failed\n");
3764                 goto error;
3765         }
3766         rc = ipw_queue_tx_init(priv, &priv->txq[3], nTx,
3767                                CX2_TX_QUEUE_3_READ_INDEX,
3768                                CX2_TX_QUEUE_3_WRITE_INDEX,
3769                                CX2_TX_QUEUE_3_BD_BASE, CX2_TX_QUEUE_3_BD_SIZE);
3770         if (rc) {
3771                 IPW_ERROR("Tx 3 queue init failed\n");
3772                 goto error;
3773         }
3774         /* statistics */
3775         priv->rx_bufs_min = 0;
3776         priv->rx_pend_max = 0;
3777         return rc;
3778
3779       error:
3780         ipw_tx_queue_free(priv);
3781         return rc;
3782 }
3783
3784 /**
3785  * Reclaim Tx queue entries no more used by NIC.
3786  *
3787  * When FW adwances 'R' index, all entries between old and
3788  * new 'R' index need to be reclaimed. As result, some free space
3789  * forms. If there is enough free space (> low mark), wake Tx queue.
3790  *
3791  * @note Need to protect against garbage in 'R' index
3792  * @param priv
3793  * @param txq
3794  * @param qindex
3795  * @return Number of used entries remains in the queue
3796  */
3797 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
3798                                 struct clx2_tx_queue *txq, int qindex)
3799 {
3800         u32 hw_tail;
3801         int used;
3802         struct clx2_queue *q = &txq->q;
3803
3804         hw_tail = ipw_read32(priv, q->reg_r);
3805         if (hw_tail >= q->n_bd) {
3806                 IPW_ERROR
3807                     ("Read index for DMA queue (%d) is out of range [0-%d)\n",
3808                      hw_tail, q->n_bd);
3809                 goto done;
3810         }
3811         for (; q->last_used != hw_tail;
3812              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
3813                 ipw_queue_tx_free_tfd(priv, txq);
3814                 priv->tx_packets++;
3815         }
3816       done:
3817         if (ipw_queue_space(q) > q->low_mark && qindex >= 0) {
3818                 __maybe_wake_tx(priv);
3819         }
3820         used = q->first_empty - q->last_used;
3821         if (used < 0)
3822                 used += q->n_bd;
3823
3824         return used;
3825 }
3826
3827 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
3828                              int len, int sync)
3829 {
3830         struct clx2_tx_queue *txq = &priv->txq_cmd;
3831         struct clx2_queue *q = &txq->q;
3832         struct tfd_frame *tfd;
3833
3834         if (ipw_queue_space(q) < (sync ? 1 : 2)) {
3835                 IPW_ERROR("No space for Tx\n");
3836                 return -EBUSY;
3837         }
3838
3839         tfd = &txq->bd[q->first_empty];
3840         txq->txb[q->first_empty] = NULL;
3841
3842         memset(tfd, 0, sizeof(*tfd));
3843         tfd->control_flags.message_type = TX_HOST_COMMAND_TYPE;
3844         tfd->control_flags.control_bits = TFD_NEED_IRQ_MASK;
3845         priv->hcmd_seq++;
3846         tfd->u.cmd.index = hcmd;
3847         tfd->u.cmd.length = len;
3848         memcpy(tfd->u.cmd.payload, buf, len);
3849         q->first_empty = ipw_queue_inc_wrap(q->first_empty, q->n_bd);
3850         ipw_write32(priv, q->reg_w, q->first_empty);
3851         _ipw_read32(priv, 0x90);
3852
3853         return 0;
3854 }
3855
3856 /*
3857  * Rx theory of operation
3858  *
3859  * The host allocates 32 DMA target addresses and passes the host address
3860  * to the firmware at register CX2_RFDS_TABLE_LOWER + N * RFD_SIZE where N is
3861  * 0 to 31
3862  *
3863  * Rx Queue Indexes
3864  * The host/firmware share two index registers for managing the Rx buffers.
3865  *
3866  * The READ index maps to the first position that the firmware may be writing
3867  * to -- the driver can read up to (but not including) this position and get
3868  * good data.
3869  * The READ index is managed by the firmware once the card is enabled.
3870  *
3871  * The WRITE index maps to the last position the driver has read from -- the
3872  * position preceding WRITE is the last slot the firmware can place a packet.
3873  *
3874  * The queue is empty (no good data) if WRITE = READ - 1, and is full if
3875  * WRITE = READ.
3876  *
3877  * During initialization the host sets up the READ queue position to the first
3878  * INDEX position, and WRITE to the last (READ - 1 wrapped)
3879  *
3880  * When the firmware places a packet in a buffer it will advance the READ index
3881  * and fire the RX interrupt.  The driver can then query the READ index and
3882  * process as many packets as possible, moving the WRITE index forward as it
3883  * resets the Rx queue buffers with new memory.
3884  *
3885  * The management in the driver is as follows:
3886  * + A list of pre-allocated SKBs is stored in ipw->rxq->rx_free.  When
3887  *   ipw->rxq->free_count drops to or below RX_LOW_WATERMARK, work is scheduled
3888  *   to replensish the ipw->rxq->rx_free.
3889  * + In ipw_rx_queue_replenish (scheduled) if 'processed' != 'read' then the
3890  *   ipw->rxq is replenished and the READ INDEX is updated (updating the
3891  *   'processed' and 'read' driver indexes as well)
3892  * + A received packet is processed and handed to the kernel network stack,
3893  *   detached from the ipw->rxq.  The driver 'processed' index is updated.
3894  * + The Host/Firmware ipw->rxq is replenished at tasklet time from the rx_free
3895  *   list. If there are no allocated buffers in ipw->rxq->rx_free, the READ
3896  *   INDEX is not incremented and ipw->status(RX_STALLED) is set.  If there
3897  *   were enough free buffers and RX_STALLED is set it is cleared.
3898  *
3899  *
3900  * Driver sequence:
3901  *
3902  * ipw_rx_queue_alloc()       Allocates rx_free
3903  * ipw_rx_queue_replenish()   Replenishes rx_free list from rx_used, and calls
3904  *                            ipw_rx_queue_restock
3905  * ipw_rx_queue_restock()     Moves available buffers from rx_free into Rx
3906  *                            queue, updates firmware pointers, and updates
3907  *                            the WRITE index.  If insufficient rx_free buffers
3908  *                            are available, schedules ipw_rx_queue_replenish
3909  *
3910  * -- enable interrupts --
3911  * ISR - ipw_rx()             Detach ipw_rx_mem_buffers from pool up to the
3912  *                            READ INDEX, detaching the SKB from the pool.
3913  *                            Moves the packet buffer from queue to rx_used.
3914  *                            Calls ipw_rx_queue_restock to refill any empty
3915  *                            slots.
3916  * ...
3917  *
3918  */
3919
3920 /*
3921  * If there are slots in the RX queue that  need to be restocked,
3922  * and we have free pre-allocated buffers, fill the ranks as much
3923  * as we can pulling from rx_free.
3924  *
3925  * This moves the 'write' index forward to catch up with 'processed', and
3926  * also updates the memory address in the firmware to reference the new
3927  * target buffer.
3928  */
3929 static void ipw_rx_queue_restock(struct ipw_priv *priv)
3930 {
3931         struct ipw_rx_queue *rxq = priv->rxq;
3932         struct list_head *element;
3933         struct ipw_rx_mem_buffer *rxb;
3934         unsigned long flags;
3935         int write;
3936
3937         spin_lock_irqsave(&rxq->lock, flags);
3938         write = rxq->write;
3939         while ((rxq->write != rxq->processed) && (rxq->free_count)) {
3940                 element = rxq->rx_free.next;
3941                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
3942                 list_del(element);
3943
3944                 ipw_write32(priv, CX2_RFDS_TABLE_LOWER + rxq->write * RFD_SIZE,
3945                             rxb->dma_addr);
3946                 rxq->queue[rxq->write] = rxb;
3947                 rxq->write = (rxq->write + 1) % RX_QUEUE_SIZE;
3948                 rxq->free_count--;
3949         }
3950         spin_unlock_irqrestore(&rxq->lock, flags);
3951
3952         /* If the pre-allocated buffer pool is dropping low, schedule to
3953          * refill it */
3954         if (rxq->free_count <= RX_LOW_WATERMARK)
3955                 queue_work(priv->workqueue, &priv->rx_replenish);
3956
3957         /* If we've added more space for the firmware to place data, tell it */
3958         if (write != rxq->write)
3959                 ipw_write32(priv, CX2_RX_WRITE_INDEX, rxq->write);
3960 }
3961
3962 /*
3963  * Move all used packet from rx_used to rx_free, allocating a new SKB for each.
3964  * Also restock the Rx queue via ipw_rx_queue_restock.
3965  *
3966  * This is called as a scheduled work item (except for during intialization)
3967  */
3968 static void ipw_rx_queue_replenish(void *data)
3969 {
3970         struct ipw_priv *priv = data;
3971         struct ipw_rx_queue *rxq = priv->rxq;
3972         struct list_head *element;
3973         struct ipw_rx_mem_buffer *rxb;
3974         unsigned long flags;
3975
3976         spin_lock_irqsave(&rxq->lock, flags);
3977         while (!list_empty(&rxq->rx_used)) {
3978                 element = rxq->rx_used.next;
3979                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
3980                 rxb->skb = alloc_skb(CX2_RX_BUF_SIZE, GFP_ATOMIC);
3981                 if (!rxb->skb) {
3982                         printk(KERN_CRIT "%s: Can not allocate SKB buffers.\n",
3983                                priv->net_dev->name);
3984                         /* We don't reschedule replenish work here -- we will
3985                          * call the restock method and if it still needs
3986                          * more buffers it will schedule replenish */
3987                         break;
3988                 }
3989                 list_del(element);
3990
3991                 rxb->rxb = (struct ipw_rx_buffer *)rxb->skb->data;
3992                 rxb->dma_addr =
3993                     pci_map_single(priv->pci_dev, rxb->skb->data,
3994                                    CX2_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
3995
3996                 list_add_tail(&rxb->list, &rxq->rx_free);
3997                 rxq->free_count++;
3998         }
3999         spin_unlock_irqrestore(&rxq->lock, flags);
4000
4001         ipw_rx_queue_restock(priv);
4002 }
4003
4004 /* Assumes that the skb field of the buffers in 'pool' is kept accurate.
4005  * If an SKB has been detached, the POOL needs to have it's SKB set to NULL
4006  * This free routine walks the list of POOL entries and if SKB is set to
4007  * non NULL it is unmapped and freed
4008  */
4009 static void ipw_rx_queue_free(struct ipw_priv *priv, struct ipw_rx_queue *rxq)
4010 {
4011         int i;
4012
4013         if (!rxq)
4014                 return;
4015
4016         for (i = 0; i < RX_QUEUE_SIZE + RX_FREE_BUFFERS; i++) {
4017                 if (rxq->pool[i].skb != NULL) {
4018                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
4019                                          CX2_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
4020                         dev_kfree_skb(rxq->pool[i].skb);
4021                 }
4022         }
4023
4024         kfree(rxq);
4025 }
4026
4027 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *priv)
4028 {
4029         struct ipw_rx_queue *rxq;
4030         int i;
4031
4032         rxq = (struct ipw_rx_queue *)kmalloc(sizeof(*rxq), GFP_KERNEL);
4033         memset(rxq, 0, sizeof(*rxq));
4034         spin_lock_init(&rxq->lock);
4035         INIT_LIST_HEAD(&rxq->rx_free);
4036         INIT_LIST_HEAD(&rxq->rx_used);
4037
4038         /* Fill the rx_used queue with _all_ of the Rx buffers */
4039         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++)
4040                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
4041
4042         /* Set us so that we have processed and used all buffers, but have
4043          * not restocked the Rx queue with fresh buffers */
4044         rxq->read = rxq->write = 0;
4045         rxq->processed = RX_QUEUE_SIZE - 1;
4046         rxq->free_count = 0;
4047
4048         return rxq;
4049 }
4050
4051 static int ipw_is_rate_in_mask(struct ipw_priv *priv, int ieee_mode, u8 rate)
4052 {
4053         rate &= ~IEEE80211_BASIC_RATE_MASK;
4054         if (ieee_mode == IEEE_A) {
4055                 switch (rate) {
4056                 case IEEE80211_OFDM_RATE_6MB:
4057                         return priv->rates_mask & IEEE80211_OFDM_RATE_6MB_MASK ?
4058                             1 : 0;
4059                 case IEEE80211_OFDM_RATE_9MB:
4060                         return priv->rates_mask & IEEE80211_OFDM_RATE_9MB_MASK ?
4061                             1 : 0;
4062                 case IEEE80211_OFDM_RATE_12MB:
4063                         return priv->
4064                             rates_mask & IEEE80211_OFDM_RATE_12MB_MASK ? 1 : 0;
4065                 case IEEE80211_OFDM_RATE_18MB:
4066                         return priv->
4067                             rates_mask & IEEE80211_OFDM_RATE_18MB_MASK ? 1 : 0;
4068                 case IEEE80211_OFDM_RATE_24MB:
4069                         return priv->
4070                             rates_mask & IEEE80211_OFDM_RATE_24MB_MASK ? 1 : 0;
4071                 case IEEE80211_OFDM_RATE_36MB:
4072                         return priv->
4073                             rates_mask & IEEE80211_OFDM_RATE_36MB_MASK ? 1 : 0;
4074                 case IEEE80211_OFDM_RATE_48MB:
4075                         return priv->
4076                             rates_mask & IEEE80211_OFDM_RATE_48MB_MASK ? 1 : 0;
4077                 case IEEE80211_OFDM_RATE_54MB:
4078                         return priv->
4079                             rates_mask & IEEE80211_OFDM_RATE_54MB_MASK ? 1 : 0;
4080                 default:
4081                         return 0;
4082                 }
4083         }
4084
4085         /* B and G mixed */
4086         switch (rate) {
4087         case IEEE80211_CCK_RATE_1MB:
4088                 return priv->rates_mask & IEEE80211_CCK_RATE_1MB_MASK ? 1 : 0;
4089         case IEEE80211_CCK_RATE_2MB:
4090                 return priv->rates_mask & IEEE80211_CCK_RATE_2MB_MASK ? 1 : 0;
4091         case IEEE80211_CCK_RATE_5MB:
4092                 return priv->rates_mask & IEEE80211_CCK_RATE_5MB_MASK ? 1 : 0;
4093         case IEEE80211_CCK_RATE_11MB:
4094                 return priv->rates_mask & IEEE80211_CCK_RATE_11MB_MASK ? 1 : 0;
4095         }
4096
4097         /* If we are limited to B modulations, bail at this point */
4098         if (ieee_mode == IEEE_B)
4099                 return 0;
4100
4101         /* G */
4102         switch (rate) {
4103         case IEEE80211_OFDM_RATE_6MB:
4104                 return priv->rates_mask & IEEE80211_OFDM_RATE_6MB_MASK ? 1 : 0;
4105         case IEEE80211_OFDM_RATE_9MB:
4106                 return priv->rates_mask & IEEE80211_OFDM_RATE_9MB_MASK ? 1 : 0;
4107         case IEEE80211_OFDM_RATE_12MB:
4108                 return priv->rates_mask & IEEE80211_OFDM_RATE_12MB_MASK ? 1 : 0;
4109         case IEEE80211_OFDM_RATE_18MB:
4110                 return priv->rates_mask & IEEE80211_OFDM_RATE_18MB_MASK ? 1 : 0;
4111         case IEEE80211_OFDM_RATE_24MB:
4112                 return priv->rates_mask & IEEE80211_OFDM_RATE_24MB_MASK ? 1 : 0;
4113         case IEEE80211_OFDM_RATE_36MB:
4114                 return priv->rates_mask & IEEE80211_OFDM_RATE_36MB_MASK ? 1 : 0;
4115         case IEEE80211_OFDM_RATE_48MB:
4116                 return priv->rates_mask & IEEE80211_OFDM_RATE_48MB_MASK ? 1 : 0;
4117         case IEEE80211_OFDM_RATE_54MB:
4118                 return priv->rates_mask & IEEE80211_OFDM_RATE_54MB_MASK ? 1 : 0;
4119         }
4120
4121         return 0;
4122 }
4123
4124 static int ipw_compatible_rates(struct ipw_priv *priv,
4125                                 const struct ieee80211_network *network,
4126                                 struct ipw_supported_rates *rates)
4127 {
4128         int num_rates, i;
4129
4130         memset(rates, 0, sizeof(*rates));
4131         num_rates = min(network->rates_len, (u8) IPW_MAX_RATES);
4132         rates->num_rates = 0;
4133         for (i = 0; i < num_rates; i++) {
4134                 if (!ipw_is_rate_in_mask
4135                     (priv, network->mode, network->rates[i])) {
4136                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
4137                                        network->rates[i], priv->rates_mask);
4138                         continue;
4139                 }
4140
4141                 rates->supported_rates[rates->num_rates++] = network->rates[i];
4142         }
4143
4144         num_rates =
4145             min(network->rates_ex_len, (u8) (IPW_MAX_RATES - num_rates));
4146         for (i = 0; i < num_rates; i++) {
4147                 if (!ipw_is_rate_in_mask
4148                     (priv, network->mode, network->rates_ex[i])) {
4149                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
4150                                        network->rates_ex[i], priv->rates_mask);
4151                         continue;
4152                 }
4153
4154                 rates->supported_rates[rates->num_rates++] =
4155                     network->rates_ex[i];
4156         }
4157
4158         return rates->num_rates;
4159 }
4160
4161 static inline void ipw_copy_rates(struct ipw_supported_rates *dest,
4162                                   const struct ipw_supported_rates *src)
4163 {
4164         u8 i;
4165         for (i = 0; i < src->num_rates; i++)
4166                 dest->supported_rates[i] = src->supported_rates[i];
4167         dest->num_rates = src->num_rates;
4168 }
4169
4170 /* TODO: Look at sniffed packets in the air to determine if the basic rate
4171  * mask should ever be used -- right now all callers to add the scan rates are
4172  * set with the modulation = CCK, so BASIC_RATE_MASK is never set... */
4173 static void ipw_add_cck_scan_rates(struct ipw_supported_rates *rates,
4174                                    u8 modulation, u32 rate_mask)
4175 {
4176         u8 basic_mask = (IEEE80211_OFDM_MODULATION == modulation) ?
4177             IEEE80211_BASIC_RATE_MASK : 0;
4178
4179         if (rate_mask & IEEE80211_CCK_RATE_1MB_MASK)
4180                 rates->supported_rates[rates->num_rates++] =
4181                     IEEE80211_BASIC_RATE_MASK | IEEE80211_CCK_RATE_1MB;
4182
4183         if (rate_mask & IEEE80211_CCK_RATE_2MB_MASK)
4184                 rates->supported_rates[rates->num_rates++] =
4185                     IEEE80211_BASIC_RATE_MASK | IEEE80211_CCK_RATE_2MB;
4186
4187         if (rate_mask & IEEE80211_CCK_RATE_5MB_MASK)
4188                 rates->supported_rates[rates->num_rates++] = basic_mask |
4189                     IEEE80211_CCK_RATE_5MB;
4190
4191         if (rate_mask & IEEE80211_CCK_RATE_11MB_MASK)
4192                 rates->supported_rates[rates->num_rates++] = basic_mask |
4193                     IEEE80211_CCK_RATE_11MB;
4194 }
4195
4196 static void ipw_add_ofdm_scan_rates(struct ipw_supported_rates *rates,
4197                                     u8 modulation, u32 rate_mask)
4198 {
4199         u8 basic_mask = (IEEE80211_OFDM_MODULATION == modulation) ?
4200             IEEE80211_BASIC_RATE_MASK : 0;
4201
4202         if (rate_mask & IEEE80211_OFDM_RATE_6MB_MASK)
4203                 rates->supported_rates[rates->num_rates++] = basic_mask |
4204                     IEEE80211_OFDM_RATE_6MB;
4205
4206         if (rate_mask & IEEE80211_OFDM_RATE_9MB_MASK)
4207                 rates->supported_rates[rates->num_rates++] =
4208                     IEEE80211_OFDM_RATE_9MB;
4209
4210         if (rate_mask & IEEE80211_OFDM_RATE_12MB_MASK)
4211                 rates->supported_rates[rates->num_rates++] = basic_mask |
4212                     IEEE80211_OFDM_RATE_12MB;
4213
4214         if (rate_mask & IEEE80211_OFDM_RATE_18MB_MASK)
4215                 rates->supported_rates[rates->num_rates++] =
4216                     IEEE80211_OFDM_RATE_18MB;
4217
4218         if (rate_mask & IEEE80211_OFDM_RATE_24MB_MASK)
4219                 rates->supported_rates[rates->num_rates++] = basic_mask |
4220                     IEEE80211_OFDM_RATE_24MB;
4221
4222         if (rate_mask & IEEE80211_OFDM_RATE_36MB_MASK)
4223                 rates->supported_rates[rates->num_rates++] =
4224                     IEEE80211_OFDM_RATE_36MB;
4225
4226         if (rate_mask & IEEE80211_OFDM_RATE_48MB_MASK)
4227                 rates->supported_rates[rates->num_rates++] =
4228                     IEEE80211_OFDM_RATE_48MB;
4229
4230         if (rate_mask & IEEE80211_OFDM_RATE_54MB_MASK)
4231                 rates->supported_rates[rates->num_rates++] =
4232                     IEEE80211_OFDM_RATE_54MB;
4233 }
4234
4235 struct ipw_network_match {
4236         struct ieee80211_network *network;
4237         struct ipw_supported_rates rates;
4238 };
4239
4240 static int ipw_best_network(struct ipw_priv *priv,
4241                             struct ipw_network_match *match,
4242                             struct ieee80211_network *network, int roaming)
4243 {
4244         struct ipw_supported_rates rates;
4245
4246         /* Verify that this network's capability is compatible with the
4247          * current mode (AdHoc or Infrastructure) */
4248         if ((priv->ieee->iw_mode == IW_MODE_INFRA &&
4249              !(network->capability & WLAN_CAPABILITY_ESS)) ||
4250             (priv->ieee->iw_mode == IW_MODE_ADHOC &&
4251              !(network->capability & WLAN_CAPABILITY_IBSS))) {
4252                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded due to "
4253                                 "capability mismatch.\n",
4254                                 escape_essid(network->ssid, network->ssid_len),
4255                                 MAC_ARG(network->bssid));
4256                 return 0;
4257         }
4258
4259         /* If we do not have an ESSID for this AP, we can not associate with
4260          * it */
4261         if (network->flags & NETWORK_EMPTY_ESSID) {
4262                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4263                                 "because of hidden ESSID.\n",
4264                                 escape_essid(network->ssid, network->ssid_len),
4265                                 MAC_ARG(network->bssid));
4266                 return 0;
4267         }
4268
4269         if (unlikely(roaming)) {
4270                 /* If we are roaming, then ensure check if this is a valid
4271                  * network to try and roam to */
4272                 if ((network->ssid_len != match->network->ssid_len) ||
4273                     memcmp(network->ssid, match->network->ssid,
4274                            network->ssid_len)) {
4275                         IPW_DEBUG_ASSOC("Netowrk '%s (" MAC_FMT ")' excluded "
4276                                         "because of non-network ESSID.\n",
4277                                         escape_essid(network->ssid,
4278                                                      network->ssid_len),
4279                                         MAC_ARG(network->bssid));
4280                         return 0;
4281                 }
4282         } else {
4283                 /* If an ESSID has been configured then compare the broadcast
4284                  * ESSID to ours */
4285                 if ((priv->config & CFG_STATIC_ESSID) &&
4286                     ((network->ssid_len != priv->essid_len) ||
4287                      memcmp(network->ssid, priv->essid,
4288                             min(network->ssid_len, priv->essid_len)))) {
4289                         char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
4290                         strncpy(escaped,
4291                                 escape_essid(network->ssid, network->ssid_len),
4292                                 sizeof(escaped));
4293                         IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4294                                         "because of ESSID mismatch: '%s'.\n",
4295                                         escaped, MAC_ARG(network->bssid),
4296                                         escape_essid(priv->essid,
4297                                                      priv->essid_len));
4298                         return 0;
4299                 }
4300         }
4301
4302         /* If the old network rate is better than this one, don't bother
4303          * testing everything else. */
4304         if (match->network && match->network->stats.rssi > network->stats.rssi) {
4305                 char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
4306                 strncpy(escaped,
4307                         escape_essid(network->ssid, network->ssid_len),
4308                         sizeof(escaped));
4309                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded because "
4310                                 "'%s (" MAC_FMT ")' has a stronger signal.\n",
4311                                 escaped, MAC_ARG(network->bssid),
4312                                 escape_essid(match->network->ssid,
4313                                              match->network->ssid_len),
4314                                 MAC_ARG(match->network->bssid));
4315                 return 0;
4316         }
4317
4318         /* If this network has already had an association attempt within the
4319          * last 3 seconds, do not try and associate again... */
4320         if (network->last_associate &&
4321             time_after(network->last_associate + (HZ * 5UL), jiffies)) {
4322                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4323                                 "because of storming (%lu since last "
4324                                 "assoc attempt).\n",
4325                                 escape_essid(network->ssid, network->ssid_len),
4326                                 MAC_ARG(network->bssid),
4327                                 (jiffies - network->last_associate) / HZ);
4328                 return 0;
4329         }
4330
4331         /* Now go through and see if the requested network is valid... */
4332         if (priv->ieee->scan_age != 0 &&
4333             jiffies - network->last_scanned > priv->ieee->scan_age) {
4334                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4335                                 "because of age: %lums.\n",
4336                                 escape_essid(network->ssid, network->ssid_len),
4337                                 MAC_ARG(network->bssid),
4338                                 (jiffies - network->last_scanned) / (HZ / 100));
4339                 return 0;
4340         }
4341
4342         if ((priv->config & CFG_STATIC_CHANNEL) &&
4343             (network->channel != priv->channel)) {
4344                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4345                                 "because of channel mismatch: %d != %d.\n",
4346                                 escape_essid(network->ssid, network->ssid_len),
4347                                 MAC_ARG(network->bssid),
4348                                 network->channel, priv->channel);
4349                 return 0;
4350         }
4351
4352         /* Verify privacy compatability */
4353         if (((priv->capability & CAP_PRIVACY_ON) ? 1 : 0) !=
4354             ((network->capability & WLAN_CAPABILITY_PRIVACY) ? 1 : 0)) {
4355                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4356                                 "because of privacy mismatch: %s != %s.\n",
4357                                 escape_essid(network->ssid, network->ssid_len),
4358                                 MAC_ARG(network->bssid),
4359                                 priv->capability & CAP_PRIVACY_ON ? "on" :
4360                                 "off",
4361                                 network->capability &
4362                                 WLAN_CAPABILITY_PRIVACY ? "on" : "off");
4363                 return 0;
4364         }
4365
4366         if ((priv->config & CFG_STATIC_BSSID) &&
4367             memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
4368                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4369                                 "because of BSSID mismatch: " MAC_FMT ".\n",
4370                                 escape_essid(network->ssid, network->ssid_len),
4371                                 MAC_ARG(network->bssid), MAC_ARG(priv->bssid));
4372                 return 0;
4373         }
4374
4375         /* Filter out any incompatible freq / mode combinations */
4376         if (!ieee80211_is_valid_mode(priv->ieee, network->mode)) {
4377                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4378                                 "because of invalid frequency/mode "
4379                                 "combination.\n",
4380                                 escape_essid(network->ssid, network->ssid_len),
4381                                 MAC_ARG(network->bssid));
4382                 return 0;
4383         }
4384
4385         ipw_compatible_rates(priv, network, &rates);
4386         if (rates.num_rates == 0) {
4387                 IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' excluded "
4388                                 "because of no compatible rates.\n",
4389                                 escape_essid(network->ssid, network->ssid_len),
4390                                 MAC_ARG(network->bssid));
4391                 return 0;
4392         }
4393
4394         /* TODO: Perform any further minimal comparititive tests.  We do not
4395          * want to put too much policy logic here; intelligent scan selection
4396          * should occur within a generic IEEE 802.11 user space tool.  */
4397
4398         /* Set up 'new' AP to this network */
4399         ipw_copy_rates(&match->rates, &rates);
4400         match->network = network;
4401
4402         IPW_DEBUG_ASSOC("Network '%s (" MAC_FMT ")' is a viable match.\n",
4403                         escape_essid(network->ssid, network->ssid_len),
4404                         MAC_ARG(network->bssid));
4405
4406         return 1;
4407 }
4408
4409 static void ipw_adhoc_create(struct ipw_priv *priv,
4410                              struct ieee80211_network *network)
4411 {
4412         /*
4413          * For the purposes of scanning, we can set our wireless mode
4414          * to trigger scans across combinations of bands, but when it
4415          * comes to creating a new ad-hoc network, we have tell the FW
4416          * exactly which band to use.
4417          *
4418          * We also have the possibility of an invalid channel for the
4419          * chossen band.  Attempting to create a new ad-hoc network
4420          * with an invalid channel for wireless mode will trigger a
4421          * FW fatal error.
4422          */
4423         network->mode = is_valid_channel(priv->ieee->mode, priv->channel);
4424         if (network->mode) {
4425                 network->channel = priv->channel;
4426         } else {
4427                 IPW_WARNING("Overriding invalid channel\n");
4428                 if (priv->ieee->mode & IEEE_A) {
4429                         network->mode = IEEE_A;
4430                         priv->channel = band_a_active_channel[0];
4431                 } else if (priv->ieee->mode & IEEE_G) {
4432                         network->mode = IEEE_G;
4433                         priv->channel = band_b_active_channel[0];
4434                 } else {
4435                         network->mode = IEEE_B;
4436                         priv->channel = band_b_active_channel[0];
4437                 }
4438         }
4439
4440         network->channel = priv->channel;
4441         priv->config |= CFG_ADHOC_PERSIST;
4442         ipw_create_bssid(priv, network->bssid);
4443         network->ssid_len = priv->essid_len;
4444         memcpy(network->ssid, priv->essid, priv->essid_len);
4445         memset(&network->stats, 0, sizeof(network->stats));
4446         network->capability = WLAN_CAPABILITY_IBSS;
4447         if (priv->capability & CAP_PRIVACY_ON)
4448                 network->capability |= WLAN_CAPABILITY_PRIVACY;
4449         network->rates_len = min(priv->rates.num_rates, MAX_RATES_LENGTH);
4450         memcpy(network->rates, priv->rates.supported_rates, network->rates_len);
4451         network->rates_ex_len = priv->rates.num_rates - network->rates_len;
4452         memcpy(network->rates_ex,
4453                &priv->rates.supported_rates[network->rates_len],
4454                network->rates_ex_len);
4455         network->last_scanned = 0;
4456         network->flags = 0;
4457         network->last_associate = 0;
4458         network->time_stamp[0] = 0;
4459         network->time_stamp[1] = 0;
4460         network->beacon_interval = 100; /* Default */
4461         network->listen_interval = 10;  /* Default */
4462         network->atim_window = 0;       /* Default */
4463 #ifdef CONFIG_IEEE80211_WPA
4464         network->wpa_ie_len = 0;
4465         network->rsn_ie_len = 0;
4466 #endif                          /* CONFIG_IEEE80211_WPA */
4467 }
4468
4469 static void ipw_send_wep_keys(struct ipw_priv *priv)
4470 {
4471         struct ipw_wep_key *key;
4472         int i;
4473         struct host_cmd cmd = {
4474                 .cmd = IPW_CMD_WEP_KEY,
4475                 .len = sizeof(*key)
4476         };
4477
4478         key = (struct ipw_wep_key *)&cmd.param;
4479         key->cmd_id = DINO_CMD_WEP_KEY;
4480         key->seq_num = 0;
4481
4482         for (i = 0; i < 4; i++) {
4483                 key->key_index = i;
4484                 if (!(priv->sec.flags & (1 << i))) {
4485                         key->key_size = 0;
4486                 } else {
4487                         key->key_size = priv->sec.key_sizes[i];
4488                         memcpy(key->key, priv->sec.keys[i], key->key_size);
4489                 }
4490
4491                 if (ipw_send_cmd(priv, &cmd)) {
4492                         IPW_ERROR("failed to send WEP_KEY command\n");
4493                         return;
4494                 }
4495         }
4496 }
4497
4498 static void ipw_adhoc_check(void *data)
4499 {
4500         struct ipw_priv *priv = data;
4501
4502         if (priv->missed_adhoc_beacons++ > priv->missed_beacon_threshold &&
4503             !(priv->config & CFG_ADHOC_PERSIST)) {
4504                 IPW_DEBUG_SCAN("Disassociating due to missed beacons\n");
4505                 ipw_remove_current_network(priv);
4506                 ipw_disassociate(priv);
4507                 return;
4508         }
4509
4510         queue_delayed_work(priv->workqueue, &priv->adhoc_check,
4511                            priv->assoc_request.beacon_interval);
4512 }
4513
4514 #ifdef CONFIG_IPW_DEBUG
4515 static void ipw_debug_config(struct ipw_priv *priv)
4516 {
4517         IPW_DEBUG_INFO("Scan completed, no valid APs matched "
4518                        "[CFG 0x%08X]\n", priv->config);
4519         if (priv->config & CFG_STATIC_CHANNEL)
4520                 IPW_DEBUG_INFO("Channel locked to %d\n", priv->channel);
4521         else
4522                 IPW_DEBUG_INFO("Channel unlocked.\n");
4523         if (priv->config & CFG_STATIC_ESSID)
4524                 IPW_DEBUG_INFO("ESSID locked to '%s'\n",
4525                                escape_essid(priv->essid, priv->essid_len));
4526         else
4527                 IPW_DEBUG_INFO("ESSID unlocked.\n");
4528         if (priv->config & CFG_STATIC_BSSID)
4529                 IPW_DEBUG_INFO("BSSID locked to %d\n", priv->channel);
4530         else
4531                 IPW_DEBUG_INFO("BSSID unlocked.\n");
4532         if (priv->capability & CAP_PRIVACY_ON)
4533                 IPW_DEBUG_INFO("PRIVACY on\n");
4534         else
4535                 IPW_DEBUG_INFO("PRIVACY off\n");
4536         IPW_DEBUG_INFO("RATE MASK: 0x%08X\n", priv->rates_mask);
4537 }
4538 #else
4539 #define ipw_debug_config(x) do {} while (0)
4540 #endif
4541
4542 static inline void ipw_set_fixed_rate(struct ipw_priv *priv,
4543                                       struct ieee80211_network *network)
4544 {
4545         /* TODO: Verify that this works... */
4546         struct ipw_fixed_rate fr = {
4547                 .tx_rates = priv->rates_mask
4548         };
4549         u32 reg;
4550         u16 mask = 0;
4551
4552         /* Identify 'current FW band' and match it with the fixed
4553          * Tx rates */
4554
4555         switch (priv->ieee->freq_band) {
4556         case IEEE80211_52GHZ_BAND:      /* A only */
4557                 /* IEEE_A */
4558                 if (priv->rates_mask & ~IEEE80211_OFDM_RATES_MASK) {
4559                         /* Invalid fixed rate mask */
4560                         fr.tx_rates = 0;
4561                         break;
4562                 }
4563
4564                 fr.tx_rates >>= IEEE80211_OFDM_SHIFT_MASK_A;
4565                 break;
4566
4567         default:                /* 2.4Ghz or Mixed */
4568                 /* IEEE_B */
4569                 if (network->mode == IEEE_B) {
4570                         if (fr.tx_rates & ~IEEE80211_CCK_RATES_MASK) {
4571                                 /* Invalid fixed rate mask */
4572                                 fr.tx_rates = 0;
4573                         }
4574                         break;
4575                 }
4576
4577                 /* IEEE_G */
4578                 if (fr.tx_rates & ~(IEEE80211_CCK_RATES_MASK |
4579                                     IEEE80211_OFDM_RATES_MASK)) {
4580                         /* Invalid fixed rate mask */
4581                         fr.tx_rates = 0;
4582                         break;
4583                 }
4584
4585                 if (IEEE80211_OFDM_RATE_6MB_MASK & fr.tx_rates) {
4586                         mask |= (IEEE80211_OFDM_RATE_6MB_MASK >> 1);
4587                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_6MB_MASK;
4588                 }
4589
4590                 if (IEEE80211_OFDM_RATE_9MB_MASK & fr.tx_rates) {
4591                         mask |= (IEEE80211_OFDM_RATE_9MB_MASK >> 1);
4592                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_9MB_MASK;
4593                 }
4594
4595                 if (IEEE80211_OFDM_RATE_12MB_MASK & fr.tx_rates) {
4596                         mask |= (IEEE80211_OFDM_RATE_12MB_MASK >> 1);
4597                         fr.tx_rates &= ~IEEE80211_OFDM_RATE_12MB_MASK;
4598                 }
4599
4600                 fr.tx_rates |= mask;
4601                 break;
4602         }
4603
4604         reg = ipw_read32(priv, IPW_MEM_FIXED_OVERRIDE);
4605         ipw_write_reg32(priv, reg, *(u32 *) & fr);
4606 }
4607
4608 static int ipw_associate_network(struct ipw_priv *priv,
4609                                  struct ieee80211_network *network,
4610                                  struct ipw_supported_rates *rates, int roaming)
4611 {
4612         int err;
4613
4614         if (priv->config & CFG_FIXED_RATE)
4615                 ipw_set_fixed_rate(priv, network);
4616
4617         if (!(priv->config & CFG_STATIC_ESSID)) {
4618                 priv->essid_len = min(network->ssid_len,
4619                                       (u8) IW_ESSID_MAX_SIZE);
4620                 memcpy(priv->essid, network->ssid, priv->essid_len);
4621         }
4622
4623         network->last_associate = jiffies;
4624
4625         memset(&priv->assoc_request, 0, sizeof(priv->assoc_request));
4626         priv->assoc_request.channel = network->channel;
4627         if ((priv->capability & CAP_PRIVACY_ON) &&
4628             (priv->capability & CAP_SHARED_KEY)) {
4629                 priv->assoc_request.auth_type = AUTH_SHARED_KEY;
4630                 priv->assoc_request.auth_key = priv->sec.active_key;
4631         } else {
4632                 priv->assoc_request.auth_type = AUTH_OPEN;
4633                 priv->assoc_request.auth_key = 0;
4634         }
4635
4636         if (priv->capability & CAP_PRIVACY_ON)
4637                 ipw_send_wep_keys(priv);
4638
4639         /*
4640          * It is valid for our ieee device to support multiple modes, but
4641          * when it comes to associating to a given network we have to choose
4642          * just one mode.
4643          */
4644         if (network->mode & priv->ieee->mode & IEEE_A)
4645                 priv->assoc_request.ieee_mode = IPW_A_MODE;
4646         else if (network->mode & priv->ieee->mode & IEEE_G)
4647                 priv->assoc_request.ieee_mode = IPW_G_MODE;
4648         else if (network->mode & priv->ieee->mode & IEEE_B)
4649                 priv->assoc_request.ieee_mode = IPW_B_MODE;
4650
4651         IPW_DEBUG_ASSOC("%sssocation attempt: '%s', channel %d, "
4652                         "802.11%c [%d], enc=%s%s%s%c%c\n",
4653                         roaming ? "Rea" : "A",
4654                         escape_essid(priv->essid, priv->essid_len),
4655                         network->channel,
4656                         ipw_modes[priv->assoc_request.ieee_mode],
4657                         rates->num_rates,
4658                         priv->capability & CAP_PRIVACY_ON ? "on " : "off",
4659                         priv->capability & CAP_PRIVACY_ON ?
4660                         (priv->capability & CAP_SHARED_KEY ? "(shared)" :
4661                          "(open)") : "",
4662                         priv->capability & CAP_PRIVACY_ON ? " key=" : "",
4663                         priv->capability & CAP_PRIVACY_ON ?
4664                         '1' + priv->sec.active_key : '.',
4665                         priv->capability & CAP_PRIVACY_ON ? '.' : ' ');
4666
4667         priv->assoc_request.beacon_interval = network->beacon_interval;
4668         if ((priv->ieee->iw_mode == IW_MODE_ADHOC) &&
4669             (network->time_stamp[0] == 0) && (network->time_stamp[1] == 0)) {
4670                 priv->assoc_request.assoc_type = HC_IBSS_START;
4671                 priv->assoc_request.assoc_tsf_msw = 0;
4672                 priv->assoc_request.assoc_tsf_lsw = 0;
4673         } else {
4674                 if (unlikely(roaming))
4675                         priv->assoc_request.assoc_type = HC_REASSOCIATE;
4676                 else
4677                         priv->assoc_request.assoc_type = HC_ASSOCIATE;
4678                 priv->assoc_request.assoc_tsf_msw = network->time_stamp[1];
4679                 priv->assoc_request.assoc_tsf_lsw = network->time_stamp[0];
4680         }
4681
4682         memcpy(&priv->assoc_request.bssid, network->bssid, ETH_ALEN);
4683
4684         if (priv->ieee->iw_mode == IW_MODE_ADHOC) {
4685                 memset(&priv->assoc_request.dest, 0xFF, ETH_ALEN);
4686                 priv->assoc_request.atim_window = network->atim_window;
4687         } else {
4688                 memcpy(&priv->assoc_request.dest, network->bssid, ETH_ALEN);
4689                 priv->assoc_request.atim_window = 0;
4690         }
4691
4692         priv->assoc_request.capability = network->capability;
4693         priv->assoc_request.listen_interval = network->listen_interval;
4694
4695         err = ipw_send_ssid(priv, priv->essid, priv->essid_len);
4696         if (err) {
4697                 IPW_DEBUG_HC("Attempt to send SSID command failed.\n");
4698                 return err;
4699         }
4700
4701         rates->ieee_mode = priv->assoc_request.ieee_mode;
4702         rates->purpose = IPW_RATE_CONNECT;
4703         ipw_send_supported_rates(priv, rates);
4704
4705         if (priv->assoc_request.ieee_mode == IPW_G_MODE)
4706                 priv->sys_config.dot11g_auto_detection = 1;
4707         else
4708                 priv->sys_config.dot11g_auto_detection = 0;
4709         err = ipw_send_system_config(priv, &priv->sys_config);
4710         if (err) {
4711                 IPW_DEBUG_HC("Attempt to send sys config command failed.\n");
4712                 return err;
4713         }
4714
4715         IPW_DEBUG_ASSOC("Association sensitivity: %d\n", network->stats.rssi);
4716         err = ipw_set_sensitivity(priv, network->stats.rssi);
4717         if (err) {
4718                 IPW_DEBUG_HC("Attempt to send associate command failed.\n");
4719                 return err;
4720         }
4721
4722         /*
4723          * If preemption is enabled, it is possible for the association
4724          * to complete before we return from ipw_send_associate.  Therefore
4725          * we have to be sure and update our priviate data first.
4726          */
4727         priv->channel = network->channel;
4728         memcpy(priv->bssid, network->bssid, ETH_ALEN);
4729         priv->status |= STATUS_ASSOCIATING;
4730         priv->status &= ~STATUS_SECURITY_UPDATED;
4731
4732         priv->assoc_network = network;
4733
4734         err = ipw_send_associate(priv, &priv->assoc_request);
4735         if (err) {
4736                 IPW_DEBUG_HC("Attempt to send associate command failed.\n");
4737                 return err;
4738         }
4739
4740         IPW_DEBUG(IPW_DL_STATE, "associating: '%s' " MAC_FMT " \n",
4741                   escape_essid(priv->essid, priv->essid_len),
4742                   MAC_ARG(priv->bssid));
4743
4744         return 0;
4745 }
4746
4747 static void ipw_roam(void *data)
4748 {
4749         struct ipw_priv *priv = data;
4750         struct ieee80211_network *network = NULL;
4751         struct ipw_network_match match = {
4752                 .network = priv->assoc_network
4753         };
4754
4755         /* The roaming process is as follows:
4756          *
4757          * 1.  Missed beacon threshold triggers the roaming process by
4758          *     setting the status ROAM bit and requesting a scan.
4759          * 2.  When the scan completes, it schedules the ROAM work
4760          * 3.  The ROAM work looks at all of the known networks for one that
4761          *     is a better network than the currently associated.  If none
4762          *     found, the ROAM process is over (ROAM bit cleared)
4763          * 4.  If a better network is found, a disassociation request is
4764          *     sent.
4765          * 5.  When the disassociation completes, the roam work is again
4766          *     scheduled.  The second time through, the driver is no longer
4767          *     associated, and the newly selected network is sent an
4768          *     association request.
4769          * 6.  At this point ,the roaming process is complete and the ROAM
4770          *     status bit is cleared.
4771          */
4772
4773         /* If we are no longer associated, and the roaming bit is no longer
4774          * set, then we are not actively roaming, so just return */
4775         if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ROAMING)))
4776                 return;
4777
4778         if (priv->status & STATUS_ASSOCIATED) {
4779                 /* First pass through ROAM process -- look for a better
4780                  * network */
4781                 u8 rssi = priv->assoc_network->stats.rssi;
4782                 priv->assoc_network->stats.rssi = -128;
4783                 list_for_each_entry(network, &priv->ieee->network_list, list) {
4784                         if (network != priv->assoc_network)
4785                                 ipw_best_network(priv, &match, network, 1);
4786                 }
4787                 priv->assoc_network->stats.rssi = rssi;
4788
4789                 if (match.network == priv->assoc_network) {
4790                         IPW_DEBUG_ASSOC("No better APs in this network to "
4791                                         "roam to.\n");
4792                         priv->status &= ~STATUS_ROAMING;
4793                         ipw_debug_config(priv);
4794                         return;
4795                 }
4796
4797                 ipw_send_disassociate(priv, 1);
4798                 priv->assoc_network = match.network;
4799
4800                 return;
4801         }
4802
4803         /* Second pass through ROAM process -- request association */
4804         ipw_compatible_rates(priv, priv->assoc_network, &match.rates);
4805         ipw_associate_network(priv, priv->assoc_network, &match.rates, 1);
4806         priv->status &= ~STATUS_ROAMING;
4807 }
4808
4809 static void ipw_associate(void *data)
4810 {
4811         struct ipw_priv *priv = data;
4812
4813         struct ieee80211_network *network = NULL;
4814         struct ipw_network_match match = {
4815                 .network = NULL
4816         };
4817         struct ipw_supported_rates *rates;
4818         struct list_head *element;
4819
4820         if (!(priv->config & CFG_ASSOCIATE) &&
4821             !(priv->config & (CFG_STATIC_ESSID |
4822                               CFG_STATIC_CHANNEL | CFG_STATIC_BSSID))) {
4823                 IPW_DEBUG_ASSOC("Not attempting association (associate=0)\n");
4824                 return;
4825         }
4826
4827         list_for_each_entry(network, &priv->ieee->network_list, list)
4828             ipw_best_network(priv, &match, network, 0);
4829
4830         network = match.network;
4831         rates = &match.rates;
4832
4833         if (network == NULL &&
4834             priv->ieee->iw_mode == IW_MODE_ADHOC &&
4835             priv->config & CFG_ADHOC_CREATE &&
4836             priv->config & CFG_STATIC_ESSID &&
4837             !list_empty(&priv->ieee->network_free_list)) {
4838                 element = priv->ieee->network_free_list.next;
4839                 network = list_entry(element, struct ieee80211_network, list);
4840                 ipw_adhoc_create(priv, network);
4841                 rates = &priv->rates;
4842                 list_del(element);
4843                 list_add_tail(&network->list, &priv->ieee->network_list);
4844         }
4845
4846         /* If we reached the end of the list, then we don't have any valid
4847          * matching APs */
4848         if (!network) {
4849                 ipw_debug_config(priv);
4850
4851                 queue_delayed_work(priv->workqueue, &priv->request_scan,
4852                                    SCAN_INTERVAL);
4853
4854                 return;
4855         }
4856
4857         ipw_associate_network(priv, network, rates, 0);
4858 }
4859
4860 static inline void ipw_handle_data_packet(struct ipw_priv *priv,
4861                                           struct ipw_rx_mem_buffer *rxb,
4862                                           struct ieee80211_rx_stats *stats)
4863 {
4864         struct ipw_rx_packet *pkt = (struct ipw_rx_packet *)rxb->skb->data;
4865
4866         /* We received data from the HW, so stop the watchdog */
4867         priv->net_dev->trans_start = jiffies;
4868
4869         /* We only process data packets if the
4870          * interface is open */
4871         if (unlikely((pkt->u.frame.length + IPW_RX_FRAME_SIZE) >
4872                      skb_tailroom(rxb->skb))) {
4873                 priv->ieee->stats.rx_errors++;
4874                 priv->wstats.discard.misc++;
4875                 IPW_DEBUG_DROP("Corruption detected! Oh no!\n");
4876                 return;
4877         } else if (unlikely(!netif_running(priv->net_dev))) {
4878                 priv->ieee->stats.rx_dropped++;
4879                 priv->wstats.discard.misc++;
4880                 IPW_DEBUG_DROP("Dropping packet while interface is not up.\n");
4881                 return;
4882         }
4883
4884         /* Advance skb->data to the start of the actual payload */
4885         skb_reserve(rxb->skb, offsetof(struct ipw_rx_packet, u.frame.data));
4886
4887         /* Set the size of the skb to the size of the frame */
4888         skb_put(rxb->skb, pkt->u.frame.length);
4889
4890         IPW_DEBUG_RX("Rx packet of %d bytes.\n", rxb->skb->len);
4891
4892         if (!ieee80211_rx(priv->ieee, rxb->skb, stats))
4893                 priv->ieee->stats.rx_errors++;
4894         else                    /* ieee80211_rx succeeded, so it now owns the SKB */
4895                 rxb->skb = NULL;
4896 }
4897
4898 /*
4899  * Main entry function for recieving a packet with 80211 headers.  This
4900  * should be called when ever the FW has notified us that there is a new
4901  * skb in the recieve queue.
4902  */
4903 static void ipw_rx(struct ipw_priv *priv)
4904 {
4905         struct ipw_rx_mem_buffer *rxb;
4906         struct ipw_rx_packet *pkt;
4907         struct ieee80211_hdr *header;
4908         u32 r, w, i;
4909         u8 network_packet;
4910
4911         r = ipw_read32(priv, CX2_RX_READ_INDEX);
4912         w = ipw_read32(priv, CX2_RX_WRITE_INDEX);
4913         i = (priv->rxq->processed + 1) % RX_QUEUE_SIZE;
4914
4915         while (i != r) {
4916                 rxb = priv->rxq->queue[i];
4917 #ifdef CONFIG_IPW_DEBUG
4918                 if (unlikely(rxb == NULL)) {
4919                         printk(KERN_CRIT "Queue not allocated!\n");
4920                         break;
4921                 }
4922 #endif
4923                 priv->rxq->queue[i] = NULL;
4924
4925                 pci_dma_sync_single_for_cpu(priv->pci_dev, rxb->dma_addr,
4926                                             CX2_RX_BUF_SIZE,
4927                                             PCI_DMA_FROMDEVICE);
4928
4929                 pkt = (struct ipw_rx_packet *)rxb->skb->data;
4930                 IPW_DEBUG_RX("Packet: type=%02X seq=%02X bits=%02X\n",
4931                              pkt->header.message_type,
4932                              pkt->header.rx_seq_num, pkt->header.control_bits);
4933
4934                 switch (pkt->header.message_type) {
4935                 case RX_FRAME_TYPE:     /* 802.11 frame */  {
4936                                 struct ieee80211_rx_stats stats = {
4937                                         .rssi = pkt->u.frame.rssi_dbm -
4938                                             IPW_RSSI_TO_DBM,
4939                                         .signal = pkt->u.frame.signal,
4940                                         .rate = pkt->u.frame.rate,
4941                                         .mac_time = jiffies,
4942                                         .received_channel =
4943                                             pkt->u.frame.received_channel,
4944                                         .freq =
4945                                             (pkt->u.frame.
4946                                              control & (1 << 0)) ?
4947                                             IEEE80211_24GHZ_BAND :
4948                                             IEEE80211_52GHZ_BAND,
4949                                         .len = pkt->u.frame.length,
4950                                 };
4951
4952                                 if (stats.rssi != 0)
4953                                         stats.mask |= IEEE80211_STATMASK_RSSI;
4954                                 if (stats.signal != 0)
4955                                         stats.mask |= IEEE80211_STATMASK_SIGNAL;
4956                                 if (stats.rate != 0)
4957                                         stats.mask |= IEEE80211_STATMASK_RATE;
4958
4959                                 priv->rx_packets++;
4960
4961 #ifdef CONFIG_IPW_PROMISC
4962                                 if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
4963                                         ipw_handle_data_packet(priv, rxb,
4964                                                                &stats);
4965                                         break;
4966                                 }
4967 #endif
4968
4969                                 header =
4970                                     (struct ieee80211_hdr *)(rxb->skb->data +
4971                                                              IPW_RX_FRAME_SIZE);
4972                                 /* TODO: Check Ad-Hoc dest/source and make sure
4973                                  * that we are actually parsing these packets
4974                                  * correctly -- we should probably use the
4975                                  * frame control of the packet and disregard
4976                                  * the current iw_mode */
4977                                 switch (priv->ieee->iw_mode) {
4978                                 case IW_MODE_ADHOC:
4979                                         network_packet =
4980                                             !memcmp(header->addr1,
4981                                                     priv->net_dev->dev_addr,
4982                                                     ETH_ALEN) ||
4983                                             !memcmp(header->addr3,
4984                                                     priv->bssid, ETH_ALEN) ||
4985                                             is_broadcast_ether_addr(header->
4986                                                                     addr1)
4987                                             || is_multicast_ether_addr(header->
4988                                                                        addr1);
4989                                         break;
4990
4991                                 case IW_MODE_INFRA:
4992                                 default:
4993                                         network_packet =
4994                                             !memcmp(header->addr3,
4995                                                     priv->bssid, ETH_ALEN) ||
4996                                             !memcmp(header->addr1,
4997                                                     priv->net_dev->dev_addr,
4998                                                     ETH_ALEN) ||
4999                                             is_broadcast_ether_addr(header->
5000                                                                     addr1)
5001                                             || is_multicast_ether_addr(header->
5002                                                                        addr1);
5003                                         break;
5004                                 }
5005
5006                                 if (network_packet && priv->assoc_network) {
5007                                         priv->assoc_network->stats.rssi =
5008                                             stats.rssi;
5009                                         average_add(&priv->average_rssi,
5010                                                     stats.rssi);
5011                                         priv->last_rx_rssi = stats.rssi;
5012                                 }
5013
5014                                 IPW_DEBUG_RX("Frame: len=%u\n",
5015                                              pkt->u.frame.length);
5016
5017                                 if (pkt->u.frame.length < frame_hdr_len(header)) {
5018                                         IPW_DEBUG_DROP
5019                                             ("Received packet is too small. "
5020                                              "Dropping.\n");
5021                                         priv->ieee->stats.rx_errors++;
5022                                         priv->wstats.discard.misc++;
5023                                         break;
5024                                 }
5025
5026                                 switch (WLAN_FC_GET_TYPE(header->frame_ctl)) {
5027                                 case IEEE80211_FTYPE_MGMT:
5028                                         ieee80211_rx_mgt(priv->ieee, header,
5029                                                          &stats);
5030                                         if (priv->ieee->iw_mode == IW_MODE_ADHOC
5031                                             &&
5032                                             ((WLAN_FC_GET_STYPE
5033                                               (header->frame_ctl) ==
5034                                               IEEE80211_STYPE_PROBE_RESP)
5035                                              ||
5036                                              (WLAN_FC_GET_STYPE
5037                                               (header->frame_ctl) ==
5038                                               IEEE80211_STYPE_BEACON))
5039                                             && !memcmp(header->addr3,
5040                                                        priv->bssid, ETH_ALEN))
5041                                                 ipw_add_station(priv,
5042                                                                 header->addr2);
5043                                         break;
5044
5045                                 case IEEE80211_FTYPE_CTL:
5046                                         break;
5047
5048                                 case IEEE80211_FTYPE_DATA:
5049                                         if (network_packet)
5050                                                 ipw_handle_data_packet(priv,
5051                                                                        rxb,
5052                                                                        &stats);
5053                                         else
5054                                                 IPW_DEBUG_DROP("Dropping: "
5055                                                                MAC_FMT ", "
5056                                                                MAC_FMT ", "
5057                                                                MAC_FMT "\n",
5058                                                                MAC_ARG(header->
5059                                                                        addr1),
5060                                                                MAC_ARG(header->
5061                                                                        addr2),
5062                                                                MAC_ARG(header->
5063                                                                        addr3));
5064                                         break;
5065                                 }
5066                                 break;
5067                         }
5068
5069                 case RX_HOST_NOTIFICATION_TYPE:{
5070                                 IPW_DEBUG_RX
5071                                     ("Notification: subtype=%02X flags=%02X size=%d\n",
5072                                      pkt->u.notification.subtype,
5073                                      pkt->u.notification.flags,
5074                                      pkt->u.notification.size);
5075                                 ipw_rx_notification(priv, &pkt->u.notification);
5076                                 break;
5077                         }
5078
5079                 default:
5080                         IPW_DEBUG_RX("Bad Rx packet of type %d\n",
5081                                      pkt->header.message_type);
5082                         break;
5083                 }
5084
5085                 /* For now we just don't re-use anything.  We can tweak this
5086                  * later to try and re-use notification packets and SKBs that
5087                  * fail to Rx correctly */
5088                 if (rxb->skb != NULL) {
5089                         dev_kfree_skb_any(rxb->skb);
5090                         rxb->skb = NULL;
5091                 }
5092
5093                 pci_unmap_single(priv->pci_dev, rxb->dma_addr,
5094                                  CX2_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
5095                 list_add_tail(&rxb->list, &priv->rxq->rx_used);
5096
5097                 i = (i + 1) % RX_QUEUE_SIZE;
5098         }
5099
5100         /* Backtrack one entry */
5101         priv->rxq->processed = (i ? i : RX_QUEUE_SIZE) - 1;
5102
5103         ipw_rx_queue_restock(priv);
5104 }
5105
5106 static void ipw_abort_scan(struct ipw_priv *priv)
5107 {
5108         int err;
5109
5110         if (priv->status & STATUS_SCAN_ABORTING) {
5111                 IPW_DEBUG_HC("Ignoring concurrent scan abort request.\n");
5112                 return;
5113         }
5114         priv->status |= STATUS_SCAN_ABORTING;
5115
5116         err = ipw_send_scan_abort(priv);
5117         if (err)
5118                 IPW_DEBUG_HC("Request to abort scan failed.\n");
5119 }
5120
5121 static int ipw_request_scan(struct ipw_priv *priv)
5122 {
5123         struct ipw_scan_request_ext scan;
5124         int channel_index = 0;
5125         int i, err, scan_type;
5126
5127         if (priv->status & STATUS_EXIT_PENDING) {
5128                 IPW_DEBUG_SCAN("Aborting scan due to device shutdown\n");
5129                 priv->status |= STATUS_SCAN_PENDING;
5130                 return 0;
5131         }
5132
5133         if (priv->status & STATUS_SCANNING) {
5134                 IPW_DEBUG_HC("Concurrent scan requested.  Aborting first.\n");
5135                 priv->status |= STATUS_SCAN_PENDING;
5136                 ipw_abort_scan(priv);
5137                 return 0;
5138         }
5139
5140         if (priv->status & STATUS_SCAN_ABORTING) {
5141                 IPW_DEBUG_HC("Scan request while abort pending.  Queuing.\n");
5142                 priv->status |= STATUS_SCAN_PENDING;
5143                 return 0;
5144         }
5145
5146         if (priv->status & STATUS_RF_KILL_MASK) {
5147                 IPW_DEBUG_HC("Aborting scan due to RF Kill activation\n");
5148                 priv->status |= STATUS_SCAN_PENDING;
5149                 return 0;
5150         }
5151
5152         memset(&scan, 0, sizeof(scan));
5153
5154         scan.dwell_time[IPW_SCAN_ACTIVE_BROADCAST_SCAN] = 20;
5155         scan.dwell_time[IPW_SCAN_ACTIVE_BROADCAST_AND_DIRECT_SCAN] = 20;
5156         scan.dwell_time[IPW_SCAN_PASSIVE_FULL_DWELL_SCAN] = 20;
5157
5158         scan.full_scan_index = ieee80211_get_scans(priv->ieee);
5159         /* If we are roaming, then make this a directed scan for the current
5160          * network.  Otherwise, ensure that every other scan is a fast
5161          * channel hop scan */
5162         if ((priv->status & STATUS_ROAMING)
5163             || (!(priv->status & STATUS_ASSOCIATED)
5164                 && (priv->config & CFG_STATIC_ESSID)
5165                 && (scan.full_scan_index % 2))) {
5166                 err = ipw_send_ssid(priv, priv->essid, priv->essid_len);
5167                 if (err) {
5168                         IPW_DEBUG_HC("Attempt to send SSID command failed.\n");
5169                         return err;
5170                 }
5171
5172                 scan_type = IPW_SCAN_ACTIVE_BROADCAST_AND_DIRECT_SCAN;
5173         } else {
5174                 scan_type = IPW_SCAN_ACTIVE_BROADCAST_SCAN;
5175         }
5176
5177         if (priv->ieee->freq_band & IEEE80211_52GHZ_BAND) {
5178                 int start = channel_index;
5179                 for (i = 0; i < MAX_A_CHANNELS; i++) {
5180                         if (band_a_active_channel[i] == 0)
5181                                 break;
5182                         if ((priv->status & STATUS_ASSOCIATED) &&
5183                             band_a_active_channel[i] == priv->channel)
5184                                 continue;
5185                         channel_index++;
5186                         scan.channels_list[channel_index] =
5187                             band_a_active_channel[i];
5188                         ipw_set_scan_type(&scan, channel_index, scan_type);
5189                 }
5190
5191                 if (start != channel_index) {
5192                         scan.channels_list[start] = (u8) (IPW_A_MODE << 6) |
5193                             (channel_index - start);
5194                         channel_index++;
5195                 }
5196         }
5197
5198         if (priv->ieee->freq_band & IEEE80211_24GHZ_BAND) {
5199                 int start = channel_index;
5200                 for (i = 0; i < MAX_B_CHANNELS; i++) {
5201                         if (band_b_active_channel[i] == 0)
5202                                 break;
5203                         if ((priv->status & STATUS_ASSOCIATED) &&
5204                             band_b_active_channel[i] == priv->channel)
5205                                 continue;
5206                         channel_index++;
5207                         scan.channels_list[channel_index] =
5208                             band_b_active_channel[i];
5209                         ipw_set_scan_type(&scan, channel_index, scan_type);
5210                 }
5211
5212                 if (start != channel_index) {
5213                         scan.channels_list[start] = (u8) (IPW_B_MODE << 6) |
5214                             (channel_index - start);
5215                 }
5216         }
5217
5218         err = ipw_send_scan_request_ext(priv, &scan);
5219         if (err) {
5220                 IPW_DEBUG_HC("Sending scan command failed: %08X\n", err);
5221                 return -EIO;
5222         }
5223
5224         priv->status |= STATUS_SCANNING;
5225         priv->status &= ~STATUS_SCAN_PENDING;
5226
5227         return 0;
5228 }
5229
5230 /*
5231  * This file defines the Wireless Extension handlers.  It does not
5232  * define any methods of hardware manipulation and relies on the
5233  * functions defined in ipw_main to provide the HW interaction.
5234  *
5235  * The exception to this is the use of the ipw_get_ordinal()
5236  * function used to poll the hardware vs. making unecessary calls.
5237  *
5238  */
5239
5240 static int ipw_wx_get_name(struct net_device *dev,
5241                            struct iw_request_info *info,
5242                            union iwreq_data *wrqu, char *extra)
5243 {
5244         struct ipw_priv *priv = ieee80211_priv(dev);
5245         if (!(priv->status & STATUS_ASSOCIATED))
5246                 strcpy(wrqu->name, "unassociated");
5247         else
5248                 snprintf(wrqu->name, IFNAMSIZ, "IEEE 802.11%c",
5249                          ipw_modes[priv->assoc_request.ieee_mode]);
5250         IPW_DEBUG_WX("Name: %s\n", wrqu->name);
5251         return 0;
5252 }
5253
5254 static int ipw_set_channel(struct ipw_priv *priv, u8 channel)
5255 {
5256         if (channel == 0) {
5257                 IPW_DEBUG_INFO("Setting channel to ANY (0)\n");
5258                 priv->config &= ~CFG_STATIC_CHANNEL;
5259                 if (!(priv->status & (STATUS_SCANNING | STATUS_ASSOCIATED |
5260                                       STATUS_ASSOCIATING))) {
5261                         IPW_DEBUG_ASSOC("Attempting to associate with new "
5262                                         "parameters.\n");
5263                         ipw_associate(priv);
5264                 }
5265
5266                 return 0;
5267         }
5268
5269         priv->config |= CFG_STATIC_CHANNEL;
5270
5271         if (priv->channel == channel) {
5272                 IPW_DEBUG_INFO("Request to set channel to current value (%d)\n",
5273                                channel);
5274                 return 0;
5275         }
5276
5277         IPW_DEBUG_INFO("Setting channel to %i\n", (int)channel);
5278         priv->channel = channel;
5279
5280         /* If we are currently associated, or trying to associate
5281          * then see if this is a new channel (causing us to disassociate) */
5282         if (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
5283                 IPW_DEBUG_ASSOC("Disassociating due to channel change.\n");
5284                 ipw_disassociate(priv);
5285         } else {
5286                 ipw_associate(priv);
5287         }
5288
5289         return 0;
5290 }
5291
5292 static int ipw_wx_set_freq(struct net_device *dev,
5293                            struct iw_request_info *info,
5294                            union iwreq_data *wrqu, char *extra)
5295 {
5296         struct ipw_priv *priv = ieee80211_priv(dev);
5297         struct iw_freq *fwrq = &wrqu->freq;
5298
5299         /* if setting by freq convert to channel */
5300         if (fwrq->e == 1) {
5301                 if ((fwrq->m >= (int)2.412e8 && fwrq->m <= (int)2.487e8)) {
5302                         int f = fwrq->m / 100000;
5303                         int c = 0;
5304
5305                         while ((c < REG_MAX_CHANNEL) &&
5306                                (f != ipw_frequencies[c]))
5307                                 c++;
5308
5309                         /* hack to fall through */
5310                         fwrq->e = 0;
5311                         fwrq->m = c + 1;
5312                 }
5313         }
5314
5315         if (fwrq->e > 0 || fwrq->m > 1000)
5316                 return -EOPNOTSUPP;
5317
5318         IPW_DEBUG_WX("SET Freq/Channel -> %d \n", fwrq->m);
5319         return ipw_set_channel(priv, (u8) fwrq->m);
5320
5321         return 0;
5322 }
5323
5324 static int ipw_wx_get_freq(struct net_device *dev,
5325                            struct iw_request_info *info,
5326                            union iwreq_data *wrqu, char *extra)
5327 {
5328         struct ipw_priv *priv = ieee80211_priv(dev);
5329
5330         wrqu->freq.e = 0;
5331
5332         /* If we are associated, trying to associate, or have a statically
5333          * configured CHANNEL then return that; otherwise return ANY */
5334         if (priv->config & CFG_STATIC_CHANNEL ||
5335             priv->status & (STATUS_ASSOCIATING | STATUS_ASSOCIATED))
5336                 wrqu->freq.m = priv->channel;
5337         else
5338                 wrqu->freq.m = 0;
5339
5340         IPW_DEBUG_WX("GET Freq/Channel -> %d \n", priv->channel);
5341         return 0;
5342 }
5343
5344 static int ipw_wx_set_mode(struct net_device *dev,
5345                            struct iw_request_info *info,
5346                            union iwreq_data *wrqu, char *extra)
5347 {
5348         struct ipw_priv *priv = ieee80211_priv(dev);
5349         int err = 0;
5350
5351         IPW_DEBUG_WX("Set MODE: %d\n", wrqu->mode);
5352
5353         if (wrqu->mode == priv->ieee->iw_mode)
5354                 return 0;
5355
5356         switch (wrqu->mode) {
5357 #ifdef CONFIG_IPW_PROMISC
5358         case IW_MODE_MONITOR:
5359 #endif
5360         case IW_MODE_ADHOC:
5361         case IW_MODE_INFRA:
5362                 break;
5363         case IW_MODE_AUTO:
5364                 wrqu->mode = IW_MODE_INFRA;
5365                 break;
5366         default:
5367                 return -EINVAL;
5368         }
5369
5370 #ifdef CONFIG_IPW_PROMISC
5371         if (priv->ieee->iw_mode == IW_MODE_MONITOR)
5372                 priv->net_dev->type = ARPHRD_ETHER;
5373
5374         if (wrqu->mode == IW_MODE_MONITOR)
5375                 priv->net_dev->type = ARPHRD_IEEE80211;
5376 #endif                          /* CONFIG_IPW_PROMISC */
5377
5378 #ifdef CONFIG_PM
5379         /* Free the existing firmware and reset the fw_loaded
5380          * flag so ipw_load() will bring in the new firmawre */
5381         if (fw_loaded) {
5382                 fw_loaded = 0;
5383         }
5384
5385         release_firmware(bootfw);
5386         release_firmware(ucode);
5387         release_firmware(firmware);
5388         bootfw = ucode = firmware = NULL;
5389 #endif
5390
5391         priv->ieee->iw_mode = wrqu->mode;
5392         ipw_adapter_restart(priv);
5393
5394         return err;
5395 }
5396
5397 static int ipw_wx_get_mode(struct net_device *dev,
5398                            struct iw_request_info *info,
5399                            union iwreq_data *wrqu, char *extra)
5400 {
5401         struct ipw_priv *priv = ieee80211_priv(dev);
5402
5403         wrqu->mode = priv->ieee->iw_mode;
5404         IPW_DEBUG_WX("Get MODE -> %d\n", wrqu->mode);
5405
5406         return 0;
5407 }
5408
5409 #define DEFAULT_RTS_THRESHOLD     2304U
5410 #define MIN_RTS_THRESHOLD         1U
5411 #define MAX_RTS_THRESHOLD         2304U
5412 #define DEFAULT_BEACON_INTERVAL   100U
5413 #define DEFAULT_SHORT_RETRY_LIMIT 7U
5414 #define DEFAULT_LONG_RETRY_LIMIT  4U
5415
5416 /* Values are in microsecond */
5417 static const s32 timeout_duration[] = {
5418         350000,
5419         250000,
5420         75000,
5421         37000,
5422         25000,
5423 };
5424
5425 static const s32 period_duration[] = {
5426         400000,
5427         700000,
5428         1000000,
5429         1000000,
5430         1000000
5431 };
5432
5433 static int ipw_wx_get_range(struct net_device *dev,
5434                             struct iw_request_info *info,
5435                             union iwreq_data *wrqu, char *extra)
5436 {
5437         struct ipw_priv *priv = ieee80211_priv(dev);
5438         struct iw_range *range = (struct iw_range *)extra;
5439         u16 val;
5440         int i;
5441
5442         wrqu->data.length = sizeof(*range);
5443         memset(range, 0, sizeof(*range));
5444
5445         /* 54Mbs == ~27 Mb/s real (802.11g) */
5446         range->throughput = 27 * 1000 * 1000;
5447
5448         range->max_qual.qual = 100;
5449         /* TODO: Find real max RSSI and stick here */
5450         range->max_qual.level = 0;
5451         range->max_qual.noise = 0;
5452         range->max_qual.updated = 7;    /* Updated all three */
5453
5454         range->avg_qual.qual = 70;
5455         /* TODO: Find real 'good' to 'bad' threshol value for RSSI */
5456         range->avg_qual.level = 0;      /* FIXME to real average level */
5457         range->avg_qual.noise = 0;
5458         range->avg_qual.updated = 7;    /* Updated all three */
5459
5460         range->num_bitrates = min(priv->rates.num_rates, (u8) IW_MAX_BITRATES);
5461
5462         for (i = 0; i < range->num_bitrates; i++)
5463                 range->bitrate[i] = (priv->rates.supported_rates[i] & 0x7F) *
5464                     500000;
5465
5466         range->max_rts = DEFAULT_RTS_THRESHOLD;
5467         range->min_frag = MIN_FRAG_THRESHOLD;
5468         range->max_frag = MAX_FRAG_THRESHOLD;
5469
5470         range->encoding_size[0] = 5;
5471         range->encoding_size[1] = 13;
5472         range->num_encoding_sizes = 2;
5473         range->max_encoding_tokens = WEP_KEYS;
5474
5475         /* Set the Wireless Extension versions */
5476         range->we_version_compiled = WIRELESS_EXT;
5477         range->we_version_source = 16;
5478
5479         range->num_channels = FREQ_COUNT;
5480
5481         val = 0;
5482         for (i = 0; i < FREQ_COUNT; i++) {
5483                 range->freq[val].i = i + 1;
5484                 range->freq[val].m = ipw_frequencies[i] * 100000;
5485                 range->freq[val].e = 1;
5486                 val++;
5487
5488                 if (val == IW_MAX_FREQUENCIES)
5489                         break;
5490         }
5491         range->num_frequency = val;
5492
5493         IPW_DEBUG_WX("GET Range\n");
5494         return 0;
5495 }
5496
5497 static int ipw_wx_set_wap(struct net_device *dev,
5498                           struct iw_request_info *info,
5499                           union iwreq_data *wrqu, char *extra)
5500 {
5501         struct ipw_priv *priv = ieee80211_priv(dev);
5502
5503         static const unsigned char any[] = {
5504                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
5505         };
5506         static const unsigned char off[] = {
5507                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5508         };
5509
5510         if (wrqu->ap_addr.sa_family != ARPHRD_ETHER)
5511                 return -EINVAL;
5512
5513         if (!memcmp(any, wrqu->ap_addr.sa_data, ETH_ALEN) ||
5514             !memcmp(off, wrqu->ap_addr.sa_data, ETH_ALEN)) {
5515                 /* we disable mandatory BSSID association */
5516                 IPW_DEBUG_WX("Setting AP BSSID to ANY\n");
5517                 priv->config &= ~CFG_STATIC_BSSID;
5518                 if (!(priv->status & (STATUS_SCANNING | STATUS_ASSOCIATED |
5519                                       STATUS_ASSOCIATING))) {
5520                         IPW_DEBUG_ASSOC("Attempting to associate with new "
5521                                         "parameters.\n");
5522                         ipw_associate(priv);
5523                 }
5524
5525                 return 0;
5526         }
5527
5528         priv->config |= CFG_STATIC_BSSID;
5529         if (!memcmp(priv->bssid, wrqu->ap_addr.sa_data, ETH_ALEN)) {
5530                 IPW_DEBUG_WX("BSSID set to current BSSID.\n");
5531                 return 0;
5532         }
5533
5534         IPW_DEBUG_WX("Setting mandatory BSSID to " MAC_FMT "\n",
5535                      MAC_ARG(wrqu->ap_addr.sa_data));
5536
5537         memcpy(priv->bssid, wrqu->ap_addr.sa_data, ETH_ALEN);
5538
5539         /* If we are currently associated, or trying to associate
5540          * then see if this is a new BSSID (causing us to disassociate) */
5541         if (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
5542                 IPW_DEBUG_ASSOC("Disassociating due to BSSID change.\n");
5543                 ipw_disassociate(priv);
5544         } else {
5545                 ipw_associate(priv);
5546         }
5547
5548         return 0;
5549 }
5550
5551 static int ipw_wx_get_wap(struct net_device *dev,
5552                           struct iw_request_info *info,
5553                           union iwreq_data *wrqu, char *extra)
5554 {
5555         struct ipw_priv *priv = ieee80211_priv(dev);
5556         /* If we are associated, trying to associate, or have a statically
5557          * configured BSSID then return that; otherwise return ANY */
5558         if (priv->config & CFG_STATIC_BSSID ||
5559             priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
5560                 wrqu->ap_addr.sa_family = ARPHRD_ETHER;
5561                 memcpy(wrqu->ap_addr.sa_data, &priv->bssid, ETH_ALEN);
5562         } else
5563                 memset(wrqu->ap_addr.sa_data, 0, ETH_ALEN);
5564
5565         IPW_DEBUG_WX("Getting WAP BSSID: " MAC_FMT "\n",
5566                      MAC_ARG(wrqu->ap_addr.sa_data));
5567         return 0;
5568 }
5569
5570 static int ipw_wx_set_essid(struct net_device *dev,
5571                             struct iw_request_info *info,
5572                             union iwreq_data *wrqu, char *extra)
5573 {
5574         struct ipw_priv *priv = ieee80211_priv(dev);
5575         char *essid = "";       /* ANY */
5576         int length = 0;
5577
5578         if (wrqu->essid.flags && wrqu->essid.length) {
5579                 length = wrqu->essid.length - 1;
5580                 essid = extra;
5581         }
5582         if (length == 0) {
5583                 IPW_DEBUG_WX("Setting ESSID to ANY\n");
5584                 priv->config &= ~CFG_STATIC_ESSID;
5585                 if (!(priv->status & (STATUS_SCANNING | STATUS_ASSOCIATED |
5586                                       STATUS_ASSOCIATING))) {
5587                         IPW_DEBUG_ASSOC("Attempting to associate with new "
5588                                         "parameters.\n");
5589                         ipw_associate(priv);
5590                 }
5591
5592                 return 0;
5593         }
5594
5595         length = min(length, IW_ESSID_MAX_SIZE);
5596
5597         priv->config |= CFG_STATIC_ESSID;
5598
5599         if (priv->essid_len == length && !memcmp(priv->essid, extra, length)) {
5600                 IPW_DEBUG_WX("ESSID set to current ESSID.\n");
5601                 return 0;
5602         }
5603
5604         IPW_DEBUG_WX("Setting ESSID: '%s' (%d)\n", escape_essid(essid, length),
5605                      length);
5606
5607         priv->essid_len = length;
5608         memcpy(priv->essid, essid, priv->essid_len);
5609
5610         /* If we are currently associated, or trying to associate
5611          * then see if this is a new ESSID (causing us to disassociate) */
5612         if (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
5613                 IPW_DEBUG_ASSOC("Disassociating due to ESSID change.\n");
5614                 ipw_disassociate(priv);
5615         } else {
5616                 ipw_associate(priv);
5617         }
5618
5619         return 0;
5620 }
5621
5622 static int ipw_wx_get_essid(struct net_device *dev,
5623                             struct iw_request_info *info,
5624                             union iwreq_data *wrqu, char *extra)
5625 {
5626         struct ipw_priv *priv = ieee80211_priv(dev);
5627
5628         /* If we are associated, trying to associate, or have a statically
5629          * configured ESSID then return that; otherwise return ANY */
5630         if (priv->config & CFG_STATIC_ESSID ||
5631             priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
5632                 IPW_DEBUG_WX("Getting essid: '%s'\n",
5633                              escape_essid(priv->essid, priv->essid_len));
5634                 memcpy(extra, priv->essid, priv->essid_len);
5635                 wrqu->essid.length = priv->essid_len;
5636                 wrqu->essid.flags = 1;  /* active */
5637         } else {
5638                 IPW_DEBUG_WX("Getting essid: ANY\n");
5639                 wrqu->essid.length = 0;
5640                 wrqu->essid.flags = 0;  /* active */
5641         }
5642
5643         return 0;
5644 }
5645
5646 static int ipw_wx_set_nick(struct net_device *dev,
5647                            struct iw_request_info *info,
5648                            union iwreq_data *wrqu, char *extra)
5649 {
5650         struct ipw_priv *priv = ieee80211_priv(dev);
5651
5652         IPW_DEBUG_WX("Setting nick to '%s'\n", extra);
5653         if (wrqu->data.length > IW_ESSID_MAX_SIZE)
5654                 return -E2BIG;
5655
5656         wrqu->data.length = min((size_t) wrqu->data.length, sizeof(priv->nick));
5657         memset(priv->nick, 0, sizeof(priv->nick));
5658         memcpy(priv->nick, extra, wrqu->data.length);
5659         IPW_DEBUG_TRACE("<<\n");
5660         return 0;
5661
5662 }
5663
5664 static int ipw_wx_get_nick(struct net_device *dev,
5665                            struct iw_request_info *info,
5666                            union iwreq_data *wrqu, char *extra)
5667 {
5668         struct ipw_priv *priv = ieee80211_priv(dev);
5669         IPW_DEBUG_WX("Getting nick\n");
5670         wrqu->data.length = strlen(priv->nick) + 1;
5671         memcpy(extra, priv->nick, wrqu->data.length);
5672         wrqu->data.flags = 1;   /* active */
5673         return 0;
5674 }
5675
5676 static int ipw_wx_set_rate(struct net_device *dev,
5677                            struct iw_request_info *info,
5678                            union iwreq_data *wrqu, char *extra)
5679 {
5680         IPW_DEBUG_WX("0x%p, 0x%p, 0x%p\n", dev, info, wrqu);
5681         return -EOPNOTSUPP;
5682 }
5683
5684 static int ipw_wx_get_rate(struct net_device *dev,
5685                            struct iw_request_info *info,
5686                            union iwreq_data *wrqu, char *extra)
5687 {
5688         struct ipw_priv *priv = ieee80211_priv(dev);
5689         wrqu->bitrate.value = priv->last_rate;
5690
5691         IPW_DEBUG_WX("GET Rate -> %d \n", wrqu->bitrate.value);
5692         return 0;
5693 }
5694
5695 static int ipw_wx_set_rts(struct net_device *dev,
5696                           struct iw_request_info *info,
5697                           union iwreq_data *wrqu, char *extra)
5698 {
5699         struct ipw_priv *priv = ieee80211_priv(dev);
5700
5701         if (wrqu->rts.disabled)
5702                 priv->rts_threshold = DEFAULT_RTS_THRESHOLD;
5703         else {
5704                 if (wrqu->rts.value < MIN_RTS_THRESHOLD ||
5705                     wrqu->rts.value > MAX_RTS_THRESHOLD)
5706                         return -EINVAL;
5707
5708                 priv->rts_threshold = wrqu->rts.value;
5709         }
5710
5711         ipw_send_rts_threshold(priv, priv->rts_threshold);
5712         IPW_DEBUG_WX("SET RTS Threshold -> %d \n", priv->rts_threshold);
5713         return 0;
5714 }
5715
5716 static int ipw_wx_get_rts(struct net_device *dev,
5717                           struct iw_request_info *info,
5718                           union iwreq_data *wrqu, char *extra)
5719 {
5720         struct ipw_priv *priv = ieee80211_priv(dev);
5721         wrqu->rts.value = priv->rts_threshold;
5722         wrqu->rts.fixed = 0;    /* no auto select */
5723         wrqu->rts.disabled = (wrqu->rts.value == DEFAULT_RTS_THRESHOLD);
5724
5725         IPW_DEBUG_WX("GET RTS Threshold -> %d \n", wrqu->rts.value);
5726         return 0;
5727 }
5728
5729 static int ipw_wx_set_txpow(struct net_device *dev,
5730                             struct iw_request_info *info,
5731                             union iwreq_data *wrqu, char *extra)
5732 {
5733         struct ipw_priv *priv = ieee80211_priv(dev);
5734         struct ipw_tx_power tx_power;
5735         int i;
5736
5737         if (ipw_radio_kill_sw(priv, wrqu->power.disabled))
5738                 return -EINPROGRESS;
5739
5740         if (wrqu->power.flags != IW_TXPOW_DBM)
5741                 return -EINVAL;
5742
5743         if ((wrqu->power.value > 20) || (wrqu->power.value < -12))
5744                 return -EINVAL;
5745
5746         priv->tx_power = wrqu->power.value;
5747
5748         memset(&tx_power, 0, sizeof(tx_power));
5749
5750         /* configure device for 'G' band */
5751         tx_power.ieee_mode = IPW_G_MODE;
5752         tx_power.num_channels = 11;
5753         for (i = 0; i < 11; i++) {
5754                 tx_power.channels_tx_power[i].channel_number = i + 1;
5755                 tx_power.channels_tx_power[i].tx_power = priv->tx_power;
5756         }
5757         if (ipw_send_tx_power(priv, &tx_power))
5758                 goto error;
5759
5760         /* configure device to also handle 'B' band */
5761         tx_power.ieee_mode = IPW_B_MODE;
5762         if (ipw_send_tx_power(priv, &tx_power))
5763                 goto error;
5764
5765         return 0;
5766
5767       error:
5768         return -EIO;
5769 }
5770
5771 static int ipw_wx_get_txpow(struct net_device *dev,
5772                             struct iw_request_info *info,
5773                             union iwreq_data *wrqu, char *extra)
5774 {
5775         struct ipw_priv *priv = ieee80211_priv(dev);
5776
5777         wrqu->power.value = priv->tx_power;
5778         wrqu->power.fixed = 1;
5779         wrqu->power.flags = IW_TXPOW_DBM;
5780         wrqu->power.disabled = (priv->status & STATUS_RF_KILL_MASK) ? 1 : 0;
5781
5782         IPW_DEBUG_WX("GET TX Power -> %s %d \n",
5783                      wrqu->power.disabled ? "ON" : "OFF", wrqu->power.value);
5784
5785         return 0;
5786 }
5787
5788 static int ipw_wx_set_frag(struct net_device *dev,
5789                            struct iw_request_info *info,
5790                            union iwreq_data *wrqu, char *extra)
5791 {
5792         struct ipw_priv *priv = ieee80211_priv(dev);
5793
5794         if (wrqu->frag.disabled)
5795                 priv->ieee->fts = DEFAULT_FTS;
5796         else {
5797                 if (wrqu->frag.value < MIN_FRAG_THRESHOLD ||
5798                     wrqu->frag.value > MAX_FRAG_THRESHOLD)
5799                         return -EINVAL;
5800
5801                 priv->ieee->fts = wrqu->frag.value & ~0x1;
5802         }
5803
5804         ipw_send_frag_threshold(priv, wrqu->frag.value);
5805         IPW_DEBUG_WX("SET Frag Threshold -> %d \n", wrqu->frag.value);
5806         return 0;
5807 }
5808
5809 static int ipw_wx_get_frag(struct net_device *dev,
5810                            struct iw_request_info *info,
5811                            union iwreq_data *wrqu, char *extra)
5812 {
5813         struct ipw_priv *priv = ieee80211_priv(dev);
5814         wrqu->frag.value = priv->ieee->fts;
5815         wrqu->frag.fixed = 0;   /* no auto select */
5816         wrqu->frag.disabled = (wrqu->frag.value == DEFAULT_FTS);
5817
5818         IPW_DEBUG_WX("GET Frag Threshold -> %d \n", wrqu->frag.value);
5819
5820         return 0;
5821 }
5822
5823 static int ipw_wx_set_retry(struct net_device *dev,
5824                             struct iw_request_info *info,
5825                             union iwreq_data *wrqu, char *extra)
5826 {
5827         IPW_DEBUG_WX("0x%p, 0x%p, 0x%p\n", dev, info, wrqu);
5828         return -EOPNOTSUPP;
5829 }
5830
5831 static int ipw_wx_get_retry(struct net_device *dev,
5832                             struct iw_request_info *info,
5833                             union iwreq_data *wrqu, char *extra)
5834 {
5835         IPW_DEBUG_WX("0x%p, 0x%p, 0x%p\n", dev, info, wrqu);
5836         return -EOPNOTSUPP;
5837 }
5838
5839 static int ipw_wx_set_scan(struct net_device *dev,
5840                            struct iw_request_info *info,
5841                            union iwreq_data *wrqu, char *extra)
5842 {
5843         struct ipw_priv *priv = ieee80211_priv(dev);
5844         IPW_DEBUG_WX("Start scan\n");
5845         if (ipw_request_scan(priv))
5846                 return -EIO;
5847         return 0;
5848 }
5849
5850 static int ipw_wx_get_scan(struct net_device *dev,
5851                            struct iw_request_info *info,
5852                            union iwreq_data *wrqu, char *extra)
5853 {
5854         struct ipw_priv *priv = ieee80211_priv(dev);
5855         return ieee80211_wx_get_scan(priv->ieee, info, wrqu, extra);
5856 }
5857
5858 static int ipw_wx_set_encode(struct net_device *dev,
5859                              struct iw_request_info *info,
5860                              union iwreq_data *wrqu, char *key)
5861 {
5862         struct ipw_priv *priv = ieee80211_priv(dev);
5863         return ieee80211_wx_set_encode(priv->ieee, info, wrqu, key);
5864 }
5865
5866 static int ipw_wx_get_encode(struct net_device *dev,
5867                              struct iw_request_info *info,
5868                              union iwreq_data *wrqu, char *key)
5869 {
5870         struct ipw_priv *priv = ieee80211_priv(dev);
5871         return ieee80211_wx_get_encode(priv->ieee, info, wrqu, key);
5872 }
5873
5874 static int ipw_wx_set_power(struct net_device *dev,
5875                             struct iw_request_info *info,
5876                             union iwreq_data *wrqu, char *extra)
5877 {
5878         struct ipw_priv *priv = ieee80211_priv(dev);
5879         int err;
5880
5881         if (wrqu->power.disabled) {
5882                 priv->power_mode = IPW_POWER_LEVEL(priv->power_mode);
5883                 err = ipw_send_power_mode(priv, IPW_POWER_MODE_CAM);
5884                 if (err) {
5885                         IPW_DEBUG_WX("failed setting power mode.\n");
5886                         return err;
5887                 }
5888
5889                 IPW_DEBUG_WX("SET Power Management Mode -> off\n");
5890
5891                 return 0;
5892         }
5893
5894         switch (wrqu->power.flags & IW_POWER_MODE) {
5895         case IW_POWER_ON:       /* If not specified */
5896         case IW_POWER_MODE:     /* If set all mask */
5897         case IW_POWER_ALL_R:    /* If explicitely state all */
5898                 break;
5899         default:                /* Otherwise we don't support it */
5900                 IPW_DEBUG_WX("SET PM Mode: %X not supported.\n",
5901                              wrqu->power.flags);
5902                 return -EOPNOTSUPP;
5903         }
5904
5905         /* If the user hasn't specified a power management mode yet, default
5906          * to BATTERY */
5907         if (IPW_POWER_LEVEL(priv->power_mode) == IPW_POWER_AC)
5908                 priv->power_mode = IPW_POWER_ENABLED | IPW_POWER_BATTERY;
5909         else
5910                 priv->power_mode = IPW_POWER_ENABLED | priv->power_mode;
5911         err = ipw_send_power_mode(priv, IPW_POWER_LEVEL(priv->power_mode));
5912         if (err) {
5913                 IPW_DEBUG_WX("failed setting power mode.\n");
5914                 return err;
5915         }
5916
5917         IPW_DEBUG_WX("SET Power Management Mode -> 0x%02X\n", priv->power_mode);
5918
5919         return 0;
5920 }
5921
5922 static int ipw_wx_get_power(struct net_device *dev,
5923                             struct iw_request_info *info,
5924                             union iwreq_data *wrqu, char *extra)
5925 {
5926         struct ipw_priv *priv = ieee80211_priv(dev);
5927
5928         if (!(priv->power_mode & IPW_POWER_ENABLED)) {
5929                 wrqu->power.disabled = 1;
5930         } else {
5931                 wrqu->power.disabled = 0;
5932         }
5933
5934         IPW_DEBUG_WX("GET Power Management Mode -> %02X\n", priv->power_mode);
5935
5936         return 0;
5937 }
5938
5939 static int ipw_wx_set_powermode(struct net_device *dev,
5940                                 struct iw_request_info *info,
5941                                 union iwreq_data *wrqu, char *extra)
5942 {
5943         struct ipw_priv *priv = ieee80211_priv(dev);
5944         int mode = *(int *)extra;
5945         int err;
5946
5947         if ((mode < 1) || (mode > IPW_POWER_LIMIT)) {
5948                 mode = IPW_POWER_AC;
5949                 priv->power_mode = mode;
5950         } else {
5951                 priv->power_mode = IPW_POWER_ENABLED | mode;
5952         }
5953
5954         if (priv->power_mode != mode) {
5955                 err = ipw_send_power_mode(priv, mode);
5956
5957                 if (err) {
5958                         IPW_DEBUG_WX("failed setting power mode.\n");
5959                         return err;
5960                 }
5961         }
5962
5963         return 0;
5964 }
5965
5966 #define MAX_WX_STRING 80
5967 static int ipw_wx_get_powermode(struct net_device *dev,
5968                                 struct iw_request_info *info,
5969                                 union iwreq_data *wrqu, char *extra)
5970 {
5971         struct ipw_priv *priv = ieee80211_priv(dev);
5972         int level = IPW_POWER_LEVEL(priv->power_mode);
5973         char *p = extra;
5974
5975         p += snprintf(p, MAX_WX_STRING, "Power save level: %d ", level);
5976
5977         switch (level) {
5978         case IPW_POWER_AC:
5979                 p += snprintf(p, MAX_WX_STRING - (p - extra), "(AC)");
5980                 break;
5981         case IPW_POWER_BATTERY:
5982                 p += snprintf(p, MAX_WX_STRING - (p - extra), "(BATTERY)");
5983                 break;
5984         default:
5985                 p += snprintf(p, MAX_WX_STRING - (p - extra),
5986                               "(Timeout %dms, Period %dms)",
5987                               timeout_duration[level - 1] / 1000,
5988                               period_duration[level - 1] / 1000);
5989         }
5990
5991         if (!(priv->power_mode & IPW_POWER_ENABLED))
5992                 p += snprintf(p, MAX_WX_STRING - (p - extra), " OFF");
5993
5994         wrqu->data.length = p - extra + 1;
5995
5996         return 0;
5997 }
5998
5999 static int ipw_wx_set_wireless_mode(struct net_device *dev,
6000                                     struct iw_request_info *info,
6001                                     union iwreq_data *wrqu, char *extra)
6002 {
6003         struct ipw_priv *priv = ieee80211_priv(dev);
6004         int mode = *(int *)extra;
6005         u8 band = 0, modulation = 0;
6006
6007         if (mode == 0 || mode & ~IEEE_MODE_MASK) {
6008                 IPW_WARNING("Attempt to set invalid wireless mode: %d\n", mode);
6009                 return -EINVAL;
6010         }
6011
6012         if (priv->adapter == IPW_2915ABG) {
6013                 priv->ieee->abg_true = 1;
6014                 if (mode & IEEE_A) {
6015                         band |= IEEE80211_52GHZ_BAND;
6016                         modulation |= IEEE80211_OFDM_MODULATION;
6017                 } else
6018                         priv->ieee->abg_true = 0;
6019         } else {
6020                 if (mode & IEEE_A) {
6021                         IPW_WARNING("Attempt to set 2200BG into "
6022                                     "802.11a mode\n");
6023                         return -EINVAL;
6024                 }
6025
6026                 priv->ieee->abg_true = 0;
6027         }
6028
6029         if (mode & IEEE_B) {
6030                 band |= IEEE80211_24GHZ_BAND;
6031                 modulation |= IEEE80211_CCK_MODULATION;
6032         } else
6033                 priv->ieee->abg_true = 0;
6034
6035         if (mode & IEEE_G) {
6036                 band |= IEEE80211_24GHZ_BAND;
6037                 modulation |= IEEE80211_OFDM_MODULATION;
6038         } else
6039                 priv->ieee->abg_true = 0;
6040
6041         priv->ieee->mode = mode;
6042         priv->ieee->freq_band = band;
6043         priv->ieee->modulation = modulation;
6044         init_supported_rates(priv, &priv->rates);
6045
6046         /* If we are currently associated, or trying to associate
6047          * then see if this is a new configuration (causing us to
6048          * disassociate) */
6049         if (priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) {
6050                 /* The resulting association will trigger
6051                  * the new rates to be sent to the device */
6052                 IPW_DEBUG_ASSOC("Disassociating due to mode change.\n");
6053                 ipw_disassociate(priv);
6054         } else
6055                 ipw_send_supported_rates(priv, &priv->rates);
6056
6057         IPW_DEBUG_WX("PRIV SET MODE: %c%c%c\n",
6058                      mode & IEEE_A ? 'a' : '.',
6059                      mode & IEEE_B ? 'b' : '.', mode & IEEE_G ? 'g' : '.');
6060         return 0;
6061 }
6062
6063 static int ipw_wx_get_wireless_mode(struct net_device *dev,
6064                                     struct iw_request_info *info,
6065                                     union iwreq_data *wrqu, char *extra)
6066 {
6067         struct ipw_priv *priv = ieee80211_priv(dev);
6068
6069         switch (priv->ieee->freq_band) {
6070         case IEEE80211_24GHZ_BAND:
6071                 switch (priv->ieee->modulation) {
6072                 case IEEE80211_CCK_MODULATION:
6073                         strncpy(extra, "802.11b (2)", MAX_WX_STRING);
6074                         break;
6075                 case IEEE80211_OFDM_MODULATION:
6076                         strncpy(extra, "802.11g (4)", MAX_WX_STRING);
6077                         break;
6078                 default:
6079                         strncpy(extra, "802.11bg (6)", MAX_WX_STRING);
6080                         break;
6081                 }
6082                 break;
6083
6084         case IEEE80211_52GHZ_BAND:
6085                 strncpy(extra, "802.11a (1)", MAX_WX_STRING);
6086                 break;
6087
6088         default:                /* Mixed Band */
6089                 switch (priv->ieee->modulation) {
6090                 case IEEE80211_CCK_MODULATION:
6091                         strncpy(extra, "802.11ab (3)", MAX_WX_STRING);
6092                         break;
6093                 case IEEE80211_OFDM_MODULATION:
6094                         strncpy(extra, "802.11ag (5)", MAX_WX_STRING);
6095                         break;
6096                 default:
6097                         strncpy(extra, "802.11abg (7)", MAX_WX_STRING);
6098                         break;
6099                 }
6100                 break;
6101         }
6102
6103         IPW_DEBUG_WX("PRIV GET MODE: %s\n", extra);
6104
6105         wrqu->data.length = strlen(extra) + 1;
6106
6107         return 0;
6108 }
6109
6110 #ifdef CONFIG_IPW_PROMISC
6111 static int ipw_wx_set_promisc(struct net_device *dev,
6112                               struct iw_request_info *info,
6113                               union iwreq_data *wrqu, char *extra)
6114 {
6115         struct ipw_priv *priv = ieee80211_priv(dev);
6116         int *parms = (int *)extra;
6117         int enable = (parms[0] > 0);
6118
6119         IPW_DEBUG_WX("SET PROMISC: %d %d\n", enable, parms[1]);
6120         if (enable) {
6121                 if (priv->ieee->iw_mode != IW_MODE_MONITOR) {
6122                         priv->net_dev->type = ARPHRD_IEEE80211;
6123                         ipw_adapter_restart(priv);
6124                 }
6125
6126                 ipw_set_channel(priv, parms[1]);
6127         } else {
6128                 if (priv->ieee->iw_mode != IW_MODE_MONITOR)
6129                         return 0;
6130                 priv->net_dev->type = ARPHRD_ETHER;
6131                 ipw_adapter_restart(priv);
6132         }
6133         return 0;
6134 }
6135
6136 static int ipw_wx_reset(struct net_device *dev,
6137                         struct iw_request_info *info,
6138                         union iwreq_data *wrqu, char *extra)
6139 {
6140         struct ipw_priv *priv = ieee80211_priv(dev);
6141         IPW_DEBUG_WX("RESET\n");
6142         ipw_adapter_restart(priv);
6143         return 0;
6144 }
6145 #endif                          // CONFIG_IPW_PROMISC
6146
6147 /* Rebase the WE IOCTLs to zero for the handler array */
6148 #define IW_IOCTL(x) [(x)-SIOCSIWCOMMIT]
6149 static iw_handler ipw_wx_handlers[] = {
6150         IW_IOCTL(SIOCGIWNAME)   = ipw_wx_get_name,
6151         IW_IOCTL(SIOCSIWFREQ)   = ipw_wx_set_freq,
6152         IW_IOCTL(SIOCGIWFREQ)   = ipw_wx_get_freq,
6153         IW_IOCTL(SIOCSIWMODE)   = ipw_wx_set_mode,
6154         IW_IOCTL(SIOCGIWMODE)   = ipw_wx_get_mode,
6155         IW_IOCTL(SIOCGIWRANGE)  = ipw_wx_get_range,
6156         IW_IOCTL(SIOCSIWAP)     = ipw_wx_set_wap,
6157         IW_IOCTL(SIOCGIWAP)     = ipw_wx_get_wap,
6158         IW_IOCTL(SIOCSIWSCAN)   = ipw_wx_set_scan,
6159         IW_IOCTL(SIOCGIWSCAN)   = ipw_wx_get_scan,
6160         IW_IOCTL(SIOCSIWESSID)  = ipw_wx_set_essid,
6161         IW_IOCTL(SIOCGIWESSID)  = ipw_wx_get_essid,
6162         IW_IOCTL(SIOCSIWNICKN)  = ipw_wx_set_nick,
6163         IW_IOCTL(SIOCGIWNICKN)  = ipw_wx_get_nick,
6164         IW_IOCTL(SIOCSIWRATE)   = ipw_wx_set_rate,
6165         IW_IOCTL(SIOCGIWRATE)   = ipw_wx_get_rate,
6166         IW_IOCTL(SIOCSIWRTS)    = ipw_wx_set_rts,
6167         IW_IOCTL(SIOCGIWRTS)    = ipw_wx_get_rts,
6168         IW_IOCTL(SIOCSIWFRAG)   = ipw_wx_set_frag,
6169         IW_IOCTL(SIOCGIWFRAG)   = ipw_wx_get_frag,
6170         IW_IOCTL(SIOCSIWTXPOW)  = ipw_wx_set_txpow,
6171         IW_IOCTL(SIOCGIWTXPOW)  = ipw_wx_get_txpow,
6172         IW_IOCTL(SIOCSIWRETRY)  = ipw_wx_set_retry,
6173         IW_IOCTL(SIOCGIWRETRY)  = ipw_wx_get_retry,
6174         IW_IOCTL(SIOCSIWENCODE) = ipw_wx_set_encode,
6175         IW_IOCTL(SIOCGIWENCODE) = ipw_wx_get_encode,
6176         IW_IOCTL(SIOCSIWPOWER)  = ipw_wx_set_power,
6177         IW_IOCTL(SIOCGIWPOWER)  = ipw_wx_get_power,
6178 };
6179
6180 #define IPW_PRIV_SET_POWER      SIOCIWFIRSTPRIV
6181 #define IPW_PRIV_GET_POWER      SIOCIWFIRSTPRIV+1
6182 #define IPW_PRIV_SET_MODE       SIOCIWFIRSTPRIV+2
6183 #define IPW_PRIV_GET_MODE       SIOCIWFIRSTPRIV+3
6184 #define IPW_PRIV_SET_PROMISC    SIOCIWFIRSTPRIV+4
6185 #define IPW_PRIV_RESET          SIOCIWFIRSTPRIV+5
6186
6187 static struct iw_priv_args ipw_priv_args[] = {
6188         {
6189          .cmd = IPW_PRIV_SET_POWER,
6190          .set_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
6191          .name = "set_power"},
6192         {
6193          .cmd = IPW_PRIV_GET_POWER,
6194          .get_args = IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_WX_STRING,
6195          .name = "get_power"},
6196         {
6197          .cmd = IPW_PRIV_SET_MODE,
6198          .set_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
6199          .name = "set_mode"},
6200         {
6201          .cmd = IPW_PRIV_GET_MODE,
6202          .get_args = IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_FIXED | MAX_WX_STRING,
6203          .name = "get_mode"},
6204 #ifdef CONFIG_IPW_PROMISC
6205         {
6206          IPW_PRIV_SET_PROMISC,
6207          IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2, 0, "monitor"},
6208         {
6209          IPW_PRIV_RESET,
6210          IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 0, 0, "reset"},
6211 #endif                          /* CONFIG_IPW_PROMISC */
6212 };
6213
6214 static iw_handler ipw_priv_handler[] = {
6215         ipw_wx_set_powermode,
6216         ipw_wx_get_powermode,
6217         ipw_wx_set_wireless_mode,
6218         ipw_wx_get_wireless_mode,
6219 #ifdef CONFIG_IPW_PROMISC
6220         ipw_wx_set_promisc,
6221         ipw_wx_reset,
6222 #endif
6223 };
6224
6225 static struct iw_handler_def ipw_wx_handler_def = {
6226         .standard               = ipw_wx_handlers,
6227         .num_standard           = ARRAY_SIZE(ipw_wx_handlers),
6228         .num_private            = ARRAY_SIZE(ipw_priv_handler),
6229         .num_private_args       = ARRAY_SIZE(ipw_priv_args),
6230         .private                = ipw_priv_handler,
6231         .private_args           = ipw_priv_args,
6232 };
6233
6234 /*
6235  * Get wireless statistics.
6236  * Called by /proc/net/wireless
6237  * Also called by SIOCGIWSTATS
6238  */
6239 static struct iw_statistics *ipw_get_wireless_stats(struct net_device *dev)
6240 {
6241         struct ipw_priv *priv = ieee80211_priv(dev);
6242         struct iw_statistics *wstats;
6243
6244         wstats = &priv->wstats;
6245
6246         /* if hw is disabled, then ipw2100_get_ordinal() can't be called.
6247          * ipw2100_wx_wireless_stats seems to be called before fw is
6248          * initialized.  STATUS_ASSOCIATED will only be set if the hw is up
6249          * and associated; if not associcated, the values are all meaningless
6250          * anyway, so set them all to NULL and INVALID */
6251         if (!(priv->status & STATUS_ASSOCIATED)) {
6252                 wstats->miss.beacon = 0;
6253                 wstats->discard.retries = 0;
6254                 wstats->qual.qual = 0;
6255                 wstats->qual.level = 0;
6256                 wstats->qual.noise = 0;
6257                 wstats->qual.updated = 7;
6258                 wstats->qual.updated |= IW_QUAL_NOISE_INVALID |
6259                     IW_QUAL_QUAL_INVALID | IW_QUAL_LEVEL_INVALID;
6260                 return wstats;
6261         }
6262
6263         wstats->qual.qual = priv->quality;
6264         wstats->qual.level = average_value(&priv->average_rssi);
6265         wstats->qual.noise = average_value(&priv->average_noise);
6266         wstats->qual.updated = IW_QUAL_QUAL_UPDATED | IW_QUAL_LEVEL_UPDATED |
6267             IW_QUAL_NOISE_UPDATED;
6268
6269         wstats->miss.beacon = average_value(&priv->average_missed_beacons);
6270         wstats->discard.retries = priv->last_tx_failures;
6271         wstats->discard.code = priv->ieee->ieee_stats.rx_discards_undecryptable;
6272
6273 /*      if (ipw_get_ordinal(priv, IPW_ORD_STAT_TX_RETRY, &tx_retry, &len))
6274         goto fail_get_ordinal;
6275         wstats->discard.retries += tx_retry; */
6276
6277         return wstats;
6278 }
6279
6280 /* net device stuff */
6281
6282 static inline void init_sys_config(struct ipw_sys_config *sys_config)
6283 {
6284         memset(sys_config, 0, sizeof(struct ipw_sys_config));
6285         sys_config->bt_coexistence = 1; /* We may need to look into prvStaBtConfig */
6286         sys_config->answer_broadcast_ssid_probe = 0;
6287         sys_config->accept_all_data_frames = 0;
6288         sys_config->accept_non_directed_frames = 1;
6289         sys_config->exclude_unicast_unencrypted = 0;
6290         sys_config->disable_unicast_decryption = 1;
6291         sys_config->exclude_multicast_unencrypted = 0;
6292         sys_config->disable_multicast_decryption = 1;
6293         sys_config->antenna_diversity = CFG_SYS_ANTENNA_BOTH;
6294         sys_config->pass_crc_to_host = 0;       /* TODO: See if 1 gives us FCS */
6295         sys_config->dot11g_auto_detection = 0;
6296         sys_config->enable_cts_to_self = 0;
6297         sys_config->bt_coexist_collision_thr = 0;
6298         sys_config->pass_noise_stats_to_host = 1;
6299 }
6300
6301 static int ipw_net_open(struct net_device *dev)
6302 {
6303         struct ipw_priv *priv = ieee80211_priv(dev);
6304         IPW_DEBUG_INFO("dev->open\n");
6305         /* we should be verifying the device is ready to be opened */
6306         if (!(priv->status & STATUS_RF_KILL_MASK) &&
6307             (priv->status & STATUS_ASSOCIATED))
6308                 netif_start_queue(dev);
6309         return 0;
6310 }
6311
6312 static int ipw_net_stop(struct net_device *dev)
6313 {
6314         IPW_DEBUG_INFO("dev->close\n");
6315         netif_stop_queue(dev);
6316         return 0;
6317 }
6318
6319 /*
6320 todo:
6321
6322 modify to send one tfd per fragment instead of using chunking.  otherwise
6323 we need to heavily modify the ieee80211_skb_to_txb.
6324 */
6325
6326 static inline void ipw_tx_skb(struct ipw_priv *priv, struct ieee80211_txb *txb)
6327 {
6328         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)
6329             txb->fragments[0]->data;
6330         int i = 0;
6331         struct tfd_frame *tfd;
6332         struct clx2_tx_queue *txq = &priv->txq[0];
6333         struct clx2_queue *q = &txq->q;
6334         u8 id, hdr_len, unicast;
6335         u16 remaining_bytes;
6336
6337         switch (priv->ieee->iw_mode) {
6338         case IW_MODE_ADHOC:
6339                 hdr_len = IEEE80211_3ADDR_LEN;
6340                 unicast = !is_broadcast_ether_addr(hdr->addr1) &&
6341                     !is_multicast_ether_addr(hdr->addr1);
6342                 id = ipw_find_station(priv, hdr->addr1);
6343                 if (id == IPW_INVALID_STATION) {
6344                         id = ipw_add_station(priv, hdr->addr1);
6345                         if (id == IPW_INVALID_STATION) {
6346                                 IPW_WARNING("Attempt to send data to "
6347                                             "invalid cell: " MAC_FMT "\n",
6348                                             MAC_ARG(hdr->addr1));
6349                                 goto drop;
6350                         }
6351                 }
6352                 break;
6353
6354         case IW_MODE_INFRA:
6355         default:
6356                 unicast = !is_broadcast_ether_addr(hdr->addr3) &&
6357                     !is_multicast_ether_addr(hdr->addr3);
6358                 hdr_len = IEEE80211_3ADDR_LEN;
6359                 id = 0;
6360                 break;
6361         }
6362
6363         tfd = &txq->bd[q->first_empty];
6364         txq->txb[q->first_empty] = txb;
6365         memset(tfd, 0, sizeof(*tfd));
6366         tfd->u.data.station_number = id;
6367
6368         tfd->control_flags.message_type = TX_FRAME_TYPE;
6369         tfd->control_flags.control_bits = TFD_NEED_IRQ_MASK;
6370
6371         tfd->u.data.cmd_id = DINO_CMD_TX;
6372         tfd->u.data.len = txb->payload_size;
6373         remaining_bytes = txb->payload_size;
6374         if (unlikely(!unicast))
6375                 tfd->u.data.tx_flags = DCT_FLAG_NO_WEP;
6376         else
6377                 tfd->u.data.tx_flags = DCT_FLAG_NO_WEP | DCT_FLAG_ACK_REQD;
6378
6379         if (priv->assoc_request.ieee_mode == IPW_B_MODE)
6380                 tfd->u.data.tx_flags_ext = DCT_FLAG_EXT_MODE_CCK;
6381         else
6382                 tfd->u.data.tx_flags_ext = DCT_FLAG_EXT_MODE_OFDM;
6383
6384         if (priv->config & CFG_PREAMBLE)
6385                 tfd->u.data.tx_flags |= DCT_FLAG_SHORT_PREMBL;
6386
6387         memcpy(&tfd->u.data.tfd.tfd_24.mchdr, hdr, hdr_len);
6388
6389         /* payload */
6390         tfd->u.data.num_chunks = min((u8) (NUM_TFD_CHUNKS - 2), txb->nr_frags);
6391         for (i = 0; i < tfd->u.data.num_chunks; i++) {
6392                 IPW_DEBUG_TX("Dumping TX packet frag %i of %i (%d bytes):\n",
6393                              i, tfd->u.data.num_chunks,
6394                              txb->fragments[i]->len - hdr_len);
6395                 printk_buf(IPW_DL_TX, txb->fragments[i]->data + hdr_len,
6396                            txb->fragments[i]->len - hdr_len);
6397
6398                 tfd->u.data.chunk_ptr[i] =
6399                     pci_map_single(priv->pci_dev,
6400                                    txb->fragments[i]->data + hdr_len,
6401                                    txb->fragments[i]->len - hdr_len,
6402                                    PCI_DMA_TODEVICE);
6403                 tfd->u.data.chunk_len[i] = txb->fragments[i]->len - hdr_len;
6404         }
6405
6406         if (i != txb->nr_frags) {
6407                 struct sk_buff *skb;
6408                 u16 remaining_bytes = 0;
6409                 int j;
6410
6411                 for (j = i; j < txb->nr_frags; j++)
6412                         remaining_bytes += txb->fragments[j]->len - hdr_len;
6413
6414                 printk(KERN_INFO "Trying to reallocate for %d bytes\n",
6415                        remaining_bytes);
6416                 skb = alloc_skb(remaining_bytes, GFP_ATOMIC);
6417                 if (skb != NULL) {
6418                         tfd->u.data.chunk_len[i] = remaining_bytes;
6419                         for (j = i; j < txb->nr_frags; j++) {
6420                                 int size = txb->fragments[j]->len - hdr_len;
6421                                 printk(KERN_INFO "Adding frag %d %d...\n",
6422                                        j, size);
6423                                 memcpy(skb_put(skb, size),
6424                                        txb->fragments[j]->data + hdr_len, size);
6425                         }
6426                         dev_kfree_skb_any(txb->fragments[i]);
6427                         txb->fragments[i] = skb;
6428                         tfd->u.data.chunk_ptr[i] =
6429                             pci_map_single(priv->pci_dev, skb->data,
6430                                            tfd->u.data.chunk_len[i],
6431                                            PCI_DMA_TODEVICE);
6432                         tfd->u.data.num_chunks++;
6433                 }
6434         }
6435
6436         /* kick DMA */
6437         q->first_empty = ipw_queue_inc_wrap(q->first_empty, q->n_bd);
6438         ipw_write32(priv, q->reg_w, q->first_empty);
6439
6440         if (ipw_queue_space(q) < q->high_mark)
6441                 netif_stop_queue(priv->net_dev);
6442
6443         return;
6444
6445       drop:
6446         IPW_DEBUG_DROP("Silently dropping Tx packet.\n");
6447         ieee80211_txb_free(txb);
6448 }
6449
6450 static int ipw_net_hard_start_xmit(struct ieee80211_txb *txb,
6451                                    struct net_device *dev)
6452 {
6453         struct ipw_priv *priv = ieee80211_priv(dev);
6454         unsigned long flags;
6455
6456         IPW_DEBUG_TX("dev->xmit(%d bytes)\n", txb->payload_size);
6457
6458         spin_lock_irqsave(&priv->lock, flags);
6459
6460         if (!(priv->status & STATUS_ASSOCIATED)) {
6461                 IPW_DEBUG_INFO("Tx attempt while not associated.\n");
6462                 priv->ieee->stats.tx_carrier_errors++;
6463                 netif_stop_queue(dev);
6464                 goto fail_unlock;
6465         }
6466
6467         ipw_tx_skb(priv, txb);
6468
6469         spin_unlock_irqrestore(&priv->lock, flags);
6470         return 0;
6471
6472       fail_unlock:
6473         spin_unlock_irqrestore(&priv->lock, flags);
6474         return 1;
6475 }
6476
6477 static struct net_device_stats *ipw_net_get_stats(struct net_device *dev)
6478 {
6479         struct ipw_priv *priv = ieee80211_priv(dev);
6480
6481         priv->ieee->stats.tx_packets = priv->tx_packets;
6482         priv->ieee->stats.rx_packets = priv->rx_packets;
6483         return &priv->ieee->stats;
6484 }
6485
6486 static void ipw_net_set_multicast_list(struct net_device *dev)
6487 {
6488
6489 }
6490
6491 static int ipw_net_set_mac_address(struct net_device *dev, void *p)
6492 {
6493         struct ipw_priv *priv = ieee80211_priv(dev);
6494         struct sockaddr *addr = p;
6495         if (!is_valid_ether_addr(addr->sa_data))
6496                 return -EADDRNOTAVAIL;
6497         priv->config |= CFG_CUSTOM_MAC;
6498         memcpy(priv->mac_addr, addr->sa_data, ETH_ALEN);
6499         printk(KERN_INFO "%s: Setting MAC to " MAC_FMT "\n",
6500                priv->net_dev->name, MAC_ARG(priv->mac_addr));
6501         ipw_adapter_restart(priv);
6502         return 0;
6503 }
6504
6505 static void ipw_ethtool_get_drvinfo(struct net_device *dev,
6506                                     struct ethtool_drvinfo *info)
6507 {
6508         struct ipw_priv *p = ieee80211_priv(dev);
6509         char vers[64];
6510         char date[32];
6511         u32 len;
6512
6513         strcpy(info->driver, DRV_NAME);
6514         strcpy(info->version, DRV_VERSION);
6515
6516         len = sizeof(vers);
6517         ipw_get_ordinal(p, IPW_ORD_STAT_FW_VERSION, vers, &len);
6518         len = sizeof(date);
6519         ipw_get_ordinal(p, IPW_ORD_STAT_FW_DATE, date, &len);
6520
6521         snprintf(info->fw_version, sizeof(info->fw_version), "%s (%s)",
6522                  vers, date);
6523         strcpy(info->bus_info, pci_name(p->pci_dev));
6524         info->eedump_len = CX2_EEPROM_IMAGE_SIZE;
6525 }
6526
6527 static u32 ipw_ethtool_get_link(struct net_device *dev)
6528 {
6529         struct ipw_priv *priv = ieee80211_priv(dev);
6530         return (priv->status & STATUS_ASSOCIATED) != 0;
6531 }
6532
6533 static int ipw_ethtool_get_eeprom_len(struct net_device *dev)
6534 {
6535         return CX2_EEPROM_IMAGE_SIZE;
6536 }
6537
6538 static int ipw_ethtool_get_eeprom(struct net_device *dev,
6539                                   struct ethtool_eeprom *eeprom, u8 * bytes)
6540 {
6541         struct ipw_priv *p = ieee80211_priv(dev);
6542
6543         if (eeprom->offset + eeprom->len > CX2_EEPROM_IMAGE_SIZE)
6544                 return -EINVAL;
6545
6546         memcpy(bytes, &((u8 *) p->eeprom)[eeprom->offset], eeprom->len);
6547         return 0;
6548 }
6549
6550 static int ipw_ethtool_set_eeprom(struct net_device *dev,
6551                                   struct ethtool_eeprom *eeprom, u8 * bytes)
6552 {
6553         struct ipw_priv *p = ieee80211_priv(dev);
6554         int i;
6555
6556         if (eeprom->offset + eeprom->len > CX2_EEPROM_IMAGE_SIZE)
6557                 return -EINVAL;
6558
6559         memcpy(&((u8 *) p->eeprom)[eeprom->offset], bytes, eeprom->len);
6560         for (i = IPW_EEPROM_DATA;
6561              i < IPW_EEPROM_DATA + CX2_EEPROM_IMAGE_SIZE; i++)
6562                 ipw_write8(p, i, p->eeprom[i]);
6563
6564         return 0;
6565 }
6566
6567 static struct ethtool_ops ipw_ethtool_ops = {
6568         .get_link       = ipw_ethtool_get_link,
6569         .get_drvinfo    = ipw_ethtool_get_drvinfo,
6570         .get_eeprom_len = ipw_ethtool_get_eeprom_len,
6571         .get_eeprom     = ipw_ethtool_get_eeprom,
6572         .set_eeprom     = ipw_ethtool_set_eeprom,
6573 };
6574
6575 static irqreturn_t ipw_isr(int irq, void *data, struct pt_regs *regs)
6576 {
6577         struct ipw_priv *priv = data;
6578         u32 inta, inta_mask;
6579
6580         if (!priv)
6581                 return IRQ_NONE;
6582
6583         spin_lock(&priv->lock);
6584
6585         if (!(priv->status & STATUS_INT_ENABLED)) {
6586                 /* Shared IRQ */
6587                 goto none;
6588         }
6589
6590         inta = ipw_read32(priv, CX2_INTA_RW);
6591         inta_mask = ipw_read32(priv, CX2_INTA_MASK_R);
6592
6593         if (inta == 0xFFFFFFFF) {
6594                 /* Hardware disappeared */
6595                 IPW_WARNING("IRQ INTA == 0xFFFFFFFF\n");
6596                 goto none;
6597         }
6598
6599         if (!(inta & (CX2_INTA_MASK_ALL & inta_mask))) {
6600                 /* Shared interrupt */
6601                 goto none;
6602         }
6603
6604         /* tell the device to stop sending interrupts */
6605         ipw_disable_interrupts(priv);
6606
6607         /* ack current interrupts */
6608         inta &= (CX2_INTA_MASK_ALL & inta_mask);
6609         ipw_write32(priv, CX2_INTA_RW, inta);
6610
6611         /* Cache INTA value for our tasklet */
6612         priv->isr_inta = inta;
6613
6614         tasklet_schedule(&priv->irq_tasklet);
6615
6616         spin_unlock(&priv->lock);
6617
6618         return IRQ_HANDLED;
6619       none:
6620         spin_unlock(&priv->lock);
6621         return IRQ_NONE;
6622 }
6623
6624 static void ipw_rf_kill(void *adapter)
6625 {
6626         struct ipw_priv *priv = adapter;
6627         unsigned long flags;
6628
6629         spin_lock_irqsave(&priv->lock, flags);
6630
6631         if (rf_kill_active(priv)) {
6632                 IPW_DEBUG_RF_KILL("RF Kill active, rescheduling GPIO check\n");
6633                 if (priv->workqueue)
6634                         queue_delayed_work(priv->workqueue,
6635                                            &priv->rf_kill, 2 * HZ);
6636                 goto exit_unlock;
6637         }
6638
6639         /* RF Kill is now disabled, so bring the device back up */
6640
6641         if (!(priv->status & STATUS_RF_KILL_MASK)) {
6642                 IPW_DEBUG_RF_KILL("HW RF Kill no longer active, restarting "
6643                                   "device\n");
6644
6645                 /* we can not do an adapter restart while inside an irq lock */
6646                 queue_work(priv->workqueue, &priv->adapter_restart);
6647         } else
6648                 IPW_DEBUG_RF_KILL("HW RF Kill deactivated.  SW RF Kill still "
6649                                   "enabled\n");
6650
6651       exit_unlock:
6652         spin_unlock_irqrestore(&priv->lock, flags);
6653 }
6654
6655 static int ipw_setup_deferred_work(struct ipw_priv *priv)
6656 {
6657         int ret = 0;
6658
6659         priv->workqueue = create_workqueue(DRV_NAME);
6660         init_waitqueue_head(&priv->wait_command_queue);
6661
6662         INIT_WORK(&priv->adhoc_check, ipw_adhoc_check, priv);
6663         INIT_WORK(&priv->associate, ipw_associate, priv);
6664         INIT_WORK(&priv->disassociate, ipw_disassociate, priv);
6665         INIT_WORK(&priv->rx_replenish, ipw_rx_queue_replenish, priv);
6666         INIT_WORK(&priv->adapter_restart, ipw_adapter_restart, priv);
6667         INIT_WORK(&priv->rf_kill, ipw_rf_kill, priv);
6668         INIT_WORK(&priv->up, (void (*)(void *))ipw_up, priv);
6669         INIT_WORK(&priv->down, (void (*)(void *))ipw_down, priv);
6670         INIT_WORK(&priv->request_scan,
6671                   (void (*)(void *))ipw_request_scan, priv);
6672         INIT_WORK(&priv->gather_stats,
6673                   (void (*)(void *))ipw_gather_stats, priv);
6674         INIT_WORK(&priv->abort_scan, (void (*)(void *))ipw_abort_scan, priv);
6675         INIT_WORK(&priv->roam, ipw_roam, priv);
6676         INIT_WORK(&priv->scan_check, ipw_scan_check, priv);
6677
6678         tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
6679                      ipw_irq_tasklet, (unsigned long)priv);
6680
6681         return ret;
6682 }
6683
6684 static void shim__set_security(struct net_device *dev,
6685                                struct ieee80211_security *sec)
6686 {
6687         struct ipw_priv *priv = ieee80211_priv(dev);
6688         int i;
6689
6690         for (i = 0; i < 4; i++) {
6691                 if (sec->flags & (1 << i)) {
6692                         priv->sec.key_sizes[i] = sec->key_sizes[i];
6693                         if (sec->key_sizes[i] == 0)
6694                                 priv->sec.flags &= ~(1 << i);
6695                         else
6696                                 memcpy(priv->sec.keys[i], sec->keys[i],
6697                                        sec->key_sizes[i]);
6698                         priv->sec.flags |= (1 << i);
6699                         priv->status |= STATUS_SECURITY_UPDATED;
6700                 }
6701         }
6702
6703         if ((sec->flags & SEC_ACTIVE_KEY) &&
6704             priv->sec.active_key != sec->active_key) {
6705                 if (sec->active_key <= 3) {
6706                         priv->sec.active_key = sec->active_key;
6707                         priv->sec.flags |= SEC_ACTIVE_KEY;
6708                 } else
6709                         priv->sec.flags &= ~SEC_ACTIVE_KEY;
6710                 priv->status |= STATUS_SECURITY_UPDATED;
6711         }
6712
6713         if ((sec->flags & SEC_AUTH_MODE) &&
6714             (priv->sec.auth_mode != sec->auth_mode)) {
6715                 priv->sec.auth_mode = sec->auth_mode;
6716                 priv->sec.flags |= SEC_AUTH_MODE;
6717                 if (sec->auth_mode == WLAN_AUTH_SHARED_KEY)
6718                         priv->capability |= CAP_SHARED_KEY;
6719                 else
6720                         priv->capability &= ~CAP_SHARED_KEY;
6721                 priv->status |= STATUS_SECURITY_UPDATED;
6722         }
6723
6724         if (sec->flags & SEC_ENABLED && priv->sec.enabled != sec->enabled) {
6725                 priv->sec.flags |= SEC_ENABLED;
6726                 priv->sec.enabled = sec->enabled;
6727                 priv->status |= STATUS_SECURITY_UPDATED;
6728                 if (sec->enabled)
6729                         priv->capability |= CAP_PRIVACY_ON;
6730                 else
6731                         priv->capability &= ~CAP_PRIVACY_ON;
6732         }
6733
6734         if (sec->flags & SEC_LEVEL && priv->sec.level != sec->level) {
6735                 priv->sec.level = sec->level;
6736                 priv->sec.flags |= SEC_LEVEL;
6737                 priv->status |= STATUS_SECURITY_UPDATED;
6738         }
6739
6740         /* To match current functionality of ipw2100 (which works well w/
6741          * various supplicants, we don't force a disassociate if the
6742          * privacy capability changes ... */
6743 #if 0
6744         if ((priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)) &&
6745             (((priv->assoc_request.capability &
6746                WLAN_CAPABILITY_PRIVACY) && !sec->enabled) ||
6747              (!(priv->assoc_request.capability &
6748                 WLAN_CAPABILITY_PRIVACY) && sec->enabled))) {
6749                 IPW_DEBUG_ASSOC("Disassociating due to capability "
6750                                 "change.\n");
6751                 ipw_disassociate(priv);
6752         }
6753 #endif
6754 }
6755
6756 static int init_supported_rates(struct ipw_priv *priv,
6757                                 struct ipw_supported_rates *rates)
6758 {
6759         /* TODO: Mask out rates based on priv->rates_mask */
6760
6761         memset(rates, 0, sizeof(*rates));
6762         /* configure supported rates */
6763         switch (priv->ieee->freq_band) {
6764         case IEEE80211_52GHZ_BAND:
6765                 rates->ieee_mode = IPW_A_MODE;
6766                 rates->purpose = IPW_RATE_CAPABILITIES;
6767                 ipw_add_ofdm_scan_rates(rates, IEEE80211_CCK_MODULATION,
6768                                         IEEE80211_OFDM_DEFAULT_RATES_MASK);
6769                 break;
6770
6771         default:                /* Mixed or 2.4Ghz */
6772                 rates->ieee_mode = IPW_G_MODE;
6773                 rates->purpose = IPW_RATE_CAPABILITIES;
6774                 ipw_add_cck_scan_rates(rates, IEEE80211_CCK_MODULATION,
6775                                        IEEE80211_CCK_DEFAULT_RATES_MASK);
6776                 if (priv->ieee->modulation & IEEE80211_OFDM_MODULATION) {
6777                         ipw_add_ofdm_scan_rates(rates, IEEE80211_CCK_MODULATION,
6778                                                 IEEE80211_OFDM_DEFAULT_RATES_MASK);
6779                 }
6780                 break;
6781         }
6782
6783         return 0;
6784 }
6785
6786 static int ipw_config(struct ipw_priv *priv)
6787 {
6788         int i;
6789         struct ipw_tx_power tx_power;
6790
6791         memset(&priv->sys_config, 0, sizeof(priv->sys_config));
6792         memset(&tx_power, 0, sizeof(tx_power));
6793
6794         /* This is only called from ipw_up, which resets/reloads the firmware
6795            so, we don't need to first disable the card before we configure
6796            it */
6797
6798         /* configure device for 'G' band */
6799         tx_power.ieee_mode = IPW_G_MODE;
6800         tx_power.num_channels = 11;
6801         for (i = 0; i < 11; i++) {
6802                 tx_power.channels_tx_power[i].channel_number = i + 1;
6803                 tx_power.channels_tx_power[i].tx_power = priv->tx_power;
6804         }
6805         if (ipw_send_tx_power(priv, &tx_power))
6806                 goto error;
6807
6808         /* configure device to also handle 'B' band */
6809         tx_power.ieee_mode = IPW_B_MODE;
6810         if (ipw_send_tx_power(priv, &tx_power))
6811                 goto error;
6812
6813         /* initialize adapter address */
6814         if (ipw_send_adapter_address(priv, priv->net_dev->dev_addr))
6815                 goto error;
6816
6817         /* set basic system config settings */
6818         init_sys_config(&priv->sys_config);
6819         if (ipw_send_system_config(priv, &priv->sys_config))
6820                 goto error;
6821
6822         init_supported_rates(priv, &priv->rates);
6823         if (ipw_send_supported_rates(priv, &priv->rates))
6824                 goto error;
6825
6826         /* Set request-to-send threshold */
6827         if (priv->rts_threshold) {
6828                 if (ipw_send_rts_threshold(priv, priv->rts_threshold))
6829                         goto error;
6830         }
6831
6832         if (ipw_set_random_seed(priv))
6833                 goto error;
6834
6835         /* final state transition to the RUN state */
6836         if (ipw_send_host_complete(priv))
6837                 goto error;
6838
6839         /* If configured to try and auto-associate, kick off a scan */
6840         if ((priv->config & CFG_ASSOCIATE) && ipw_request_scan(priv))
6841                 goto error;
6842
6843         return 0;
6844
6845       error:
6846         return -EIO;
6847 }
6848
6849 #define MAX_HW_RESTARTS 5
6850 static int ipw_up(struct ipw_priv *priv)
6851 {
6852         int rc, i;
6853
6854         if (priv->status & STATUS_EXIT_PENDING)
6855                 return -EIO;
6856
6857         for (i = 0; i < MAX_HW_RESTARTS; i++) {
6858                 /* Load the microcode, firmware, and eeprom.
6859                  * Also start the clocks. */
6860                 rc = ipw_load(priv);
6861                 if (rc) {
6862                         IPW_ERROR("Unable to load firmware: 0x%08X\n", rc);
6863                         return rc;
6864                 }
6865
6866                 ipw_init_ordinals(priv);
6867                 if (!(priv->config & CFG_CUSTOM_MAC))
6868                         eeprom_parse_mac(priv, priv->mac_addr);
6869                 memcpy(priv->net_dev->dev_addr, priv->mac_addr, ETH_ALEN);
6870
6871                 if (priv->status & STATUS_RF_KILL_MASK)
6872                         return 0;
6873
6874                 rc = ipw_config(priv);
6875                 if (!rc) {
6876                         IPW_DEBUG_INFO("Configured device on count %i\n", i);
6877                         priv->notif_missed_beacons = 0;
6878                         netif_start_queue(priv->net_dev);
6879                         return 0;
6880                 } else {
6881                         IPW_DEBUG_INFO("Device configuration failed: 0x%08X\n",
6882                                        rc);
6883                 }
6884
6885                 IPW_DEBUG_INFO("Failed to config device on retry %d of %d\n",
6886                                i, MAX_HW_RESTARTS);
6887
6888                 /* We had an error bringing up the hardware, so take it
6889                  * all the way back down so we can try again */
6890                 ipw_down(priv);
6891         }
6892
6893         /* tried to restart and config the device for as long as our
6894          * patience could withstand */
6895         IPW_ERROR("Unable to initialize device after %d attempts.\n", i);
6896         return -EIO;
6897 }
6898
6899 static void ipw_down(struct ipw_priv *priv)
6900 {
6901         /* Attempt to disable the card */
6902 #if 0
6903         ipw_send_card_disable(priv, 0);
6904 #endif
6905
6906         /* tell the device to stop sending interrupts */
6907         ipw_disable_interrupts(priv);
6908
6909         /* Clear all bits but the RF Kill */
6910         priv->status &= STATUS_RF_KILL_MASK;
6911
6912         netif_carrier_off(priv->net_dev);
6913         netif_stop_queue(priv->net_dev);
6914
6915         ipw_stop_nic(priv);
6916 }
6917
6918 /* Called by register_netdev() */
6919 static int ipw_net_init(struct net_device *dev)
6920 {
6921         struct ipw_priv *priv = ieee80211_priv(dev);
6922
6923         if (priv->status & STATUS_RF_KILL_SW) {
6924                 IPW_WARNING("Radio disabled by module parameter.\n");
6925                 return 0;
6926         } else if (rf_kill_active(priv)) {
6927                 IPW_WARNING("Radio Frequency Kill Switch is On:\n"
6928                             "Kill switch must be turned off for "
6929                             "wireless networking to work.\n");
6930                 queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
6931                 return 0;
6932         }
6933
6934         if (ipw_up(priv))
6935                 return -EIO;
6936
6937         return 0;
6938 }
6939
6940 /* PCI driver stuff */
6941 static struct pci_device_id card_ids[] = {
6942         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2701, 0, 0, 0},
6943         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2702, 0, 0, 0},
6944         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2711, 0, 0, 0},
6945         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2712, 0, 0, 0},
6946         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2721, 0, 0, 0},
6947         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2722, 0, 0, 0},
6948         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2731, 0, 0, 0},
6949         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2732, 0, 0, 0},
6950         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2741, 0, 0, 0},
6951         {PCI_VENDOR_ID_INTEL, 0x1043, 0x103c, 0x2741, 0, 0, 0},
6952         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2742, 0, 0, 0},
6953         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2751, 0, 0, 0},
6954         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2752, 0, 0, 0},
6955         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2753, 0, 0, 0},
6956         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2754, 0, 0, 0},
6957         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2761, 0, 0, 0},
6958         {PCI_VENDOR_ID_INTEL, 0x1043, 0x8086, 0x2762, 0, 0, 0},
6959         {PCI_VENDOR_ID_INTEL, 0x104f, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0},
6960         {PCI_VENDOR_ID_INTEL, 0x4220, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* BG */
6961         {PCI_VENDOR_ID_INTEL, 0x4221, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* 2225BG */
6962         {PCI_VENDOR_ID_INTEL, 0x4223, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* ABG */
6963         {PCI_VENDOR_ID_INTEL, 0x4224, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, /* ABG */
6964
6965         /* required last entry */
6966         {0,}
6967 };
6968
6969 MODULE_DEVICE_TABLE(pci, card_ids);
6970
6971 static struct attribute *ipw_sysfs_entries[] = {
6972         &dev_attr_rf_kill.attr,
6973         &dev_attr_direct_dword.attr,
6974         &dev_attr_indirect_byte.attr,
6975         &dev_attr_indirect_dword.attr,
6976         &dev_attr_mem_gpio_reg.attr,
6977         &dev_attr_command_event_reg.attr,
6978         &dev_attr_nic_type.attr,
6979         &dev_attr_status.attr,
6980         &dev_attr_cfg.attr,
6981         &dev_attr_dump_errors.attr,
6982         &dev_attr_dump_events.attr,
6983         &dev_attr_eeprom_delay.attr,
6984         &dev_attr_ucode_version.attr,
6985         &dev_attr_rtc.attr,
6986         NULL
6987 };
6988
6989 static struct attribute_group ipw_attribute_group = {
6990         .name = NULL,           /* put in device directory */
6991         .attrs = ipw_sysfs_entries,
6992 };
6993
6994 static int ipw_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
6995 {
6996         int err = 0;
6997         struct net_device *net_dev;
6998         void __iomem *base;
6999         u32 length, val;
7000         struct ipw_priv *priv;
7001         int band, modulation;
7002
7003         net_dev = alloc_ieee80211(sizeof(struct ipw_priv));
7004         if (net_dev == NULL) {
7005                 err = -ENOMEM;
7006                 goto out;
7007         }
7008
7009         priv = ieee80211_priv(net_dev);
7010         priv->ieee = netdev_priv(net_dev);
7011         priv->net_dev = net_dev;
7012         priv->pci_dev = pdev;
7013 #ifdef CONFIG_IPW_DEBUG
7014         ipw_debug_level = debug;
7015 #endif
7016         spin_lock_init(&priv->lock);
7017
7018         if (pci_enable_device(pdev)) {
7019                 err = -ENODEV;
7020                 goto out_free_ieee80211;
7021         }
7022
7023         pci_set_master(pdev);
7024
7025         err = pci_set_dma_mask(pdev, DMA_32BIT_MASK);
7026         if (!err)
7027                 err = pci_set_consistent_dma_mask(pdev, DMA_32BIT_MASK);
7028         if (err) {
7029                 printk(KERN_WARNING DRV_NAME ": No suitable DMA available.\n");
7030                 goto out_pci_disable_device;
7031         }
7032
7033         pci_set_drvdata(pdev, priv);
7034
7035         err = pci_request_regions(pdev, DRV_NAME);
7036         if (err)
7037                 goto out_pci_disable_device;
7038
7039         /* We disable the RETRY_TIMEOUT register (0x41) to keep
7040          * PCI Tx retries from interfering with C3 CPU state */
7041         pci_read_config_dword(pdev, 0x40, &val);
7042         if ((val & 0x0000ff00) != 0)
7043                 pci_write_config_dword(pdev, 0x40, val & 0xffff00ff);
7044
7045         length = pci_resource_len(pdev, 0);
7046         priv->hw_len = length;
7047
7048         base = ioremap_nocache(pci_resource_start(pdev, 0), length);
7049         if (!base) {
7050                 err = -ENODEV;
7051                 goto out_pci_release_regions;
7052         }
7053
7054         priv->hw_base = base;
7055         IPW_DEBUG_INFO("pci_resource_len = 0x%08x\n", length);
7056         IPW_DEBUG_INFO("pci_resource_base = %p\n", base);
7057
7058         err = ipw_setup_deferred_work(priv);
7059         if (err) {
7060                 IPW_ERROR("Unable to setup deferred work\n");
7061                 goto out_iounmap;
7062         }
7063
7064         /* Initialize module parameter values here */
7065         if (ifname)
7066                 strncpy(net_dev->name, ifname, IFNAMSIZ);
7067
7068         if (associate)
7069                 priv->config |= CFG_ASSOCIATE;
7070         else
7071                 IPW_DEBUG_INFO("Auto associate disabled.\n");
7072
7073         if (auto_create)
7074                 priv->config |= CFG_ADHOC_CREATE;
7075         else
7076                 IPW_DEBUG_INFO("Auto adhoc creation disabled.\n");
7077
7078         if (disable) {
7079                 priv->status |= STATUS_RF_KILL_SW;
7080                 IPW_DEBUG_INFO("Radio disabled.\n");
7081         }
7082
7083         if (channel != 0) {
7084                 priv->config |= CFG_STATIC_CHANNEL;
7085                 priv->channel = channel;
7086                 IPW_DEBUG_INFO("Bind to static channel %d\n", channel);
7087                 IPW_DEBUG_INFO("Bind to static channel %d\n", channel);
7088                 /* TODO: Validate that provided channel is in range */
7089         }
7090
7091         switch (mode) {
7092         case 1:
7093                 priv->ieee->iw_mode = IW_MODE_ADHOC;
7094                 break;
7095 #ifdef CONFIG_IPW_PROMISC
7096         case 2:
7097                 priv->ieee->iw_mode = IW_MODE_MONITOR;
7098                 break;
7099 #endif
7100         default:
7101         case 0:
7102                 priv->ieee->iw_mode = IW_MODE_INFRA;
7103                 break;
7104         }
7105
7106         if ((priv->pci_dev->device == 0x4223) ||
7107             (priv->pci_dev->device == 0x4224)) {
7108                 printk(KERN_INFO DRV_NAME
7109                        ": Detected Intel PRO/Wireless 2915ABG Network "
7110                        "Connection\n");
7111                 priv->ieee->abg_true = 1;
7112                 band = IEEE80211_52GHZ_BAND | IEEE80211_24GHZ_BAND;
7113                 modulation = IEEE80211_OFDM_MODULATION |
7114                     IEEE80211_CCK_MODULATION;
7115                 priv->adapter = IPW_2915ABG;
7116                 priv->ieee->mode = IEEE_A | IEEE_G | IEEE_B;
7117         } else {
7118                 if (priv->pci_dev->device == 0x4221)
7119                         printk(KERN_INFO DRV_NAME
7120                                ": Detected Intel PRO/Wireless 2225BG Network "
7121                                "Connection\n");
7122                 else
7123                         printk(KERN_INFO DRV_NAME
7124                                ": Detected Intel PRO/Wireless 2200BG Network "
7125                                "Connection\n");
7126
7127                 priv->ieee->abg_true = 0;
7128                 band = IEEE80211_24GHZ_BAND;
7129                 modulation = IEEE80211_OFDM_MODULATION |
7130                     IEEE80211_CCK_MODULATION;
7131                 priv->adapter = IPW_2200BG;
7132                 priv->ieee->mode = IEEE_G | IEEE_B;
7133         }
7134
7135         priv->ieee->freq_band = band;
7136         priv->ieee->modulation = modulation;
7137
7138         priv->rates_mask = IEEE80211_DEFAULT_RATES_MASK;
7139
7140         priv->missed_beacon_threshold = IPW_MB_DISASSOCIATE_THRESHOLD_DEFAULT;
7141         priv->roaming_threshold = IPW_MB_ROAMING_THRESHOLD_DEFAULT;
7142
7143         priv->rts_threshold = DEFAULT_RTS_THRESHOLD;
7144
7145         /* If power management is turned on, default to AC mode */
7146         priv->power_mode = IPW_POWER_AC;
7147         priv->tx_power = IPW_DEFAULT_TX_POWER;
7148
7149         err = request_irq(pdev->irq, ipw_isr, SA_SHIRQ, DRV_NAME, priv);
7150         if (err) {
7151                 IPW_ERROR("Error allocating IRQ %d\n", pdev->irq);
7152                 goto out_destroy_workqueue;
7153         }
7154
7155         SET_MODULE_OWNER(net_dev);
7156         SET_NETDEV_DEV(net_dev, &pdev->dev);
7157
7158         priv->ieee->hard_start_xmit = ipw_net_hard_start_xmit;
7159         priv->ieee->set_security = shim__set_security;
7160
7161         net_dev->open = ipw_net_open;
7162         net_dev->stop = ipw_net_stop;
7163         net_dev->init = ipw_net_init;
7164         net_dev->get_stats = ipw_net_get_stats;
7165         net_dev->set_multicast_list = ipw_net_set_multicast_list;
7166         net_dev->set_mac_address = ipw_net_set_mac_address;
7167         net_dev->get_wireless_stats = ipw_get_wireless_stats;
7168         net_dev->wireless_handlers = &ipw_wx_handler_def;
7169         net_dev->ethtool_ops = &ipw_ethtool_ops;
7170         net_dev->irq = pdev->irq;
7171         net_dev->base_addr = (unsigned long)priv->hw_base;
7172         net_dev->mem_start = pci_resource_start(pdev, 0);
7173         net_dev->mem_end = net_dev->mem_start + pci_resource_len(pdev, 0) - 1;
7174
7175         err = sysfs_create_group(&pdev->dev.kobj, &ipw_attribute_group);
7176         if (err) {
7177                 IPW_ERROR("failed to create sysfs device attributes\n");
7178                 goto out_release_irq;
7179         }
7180
7181         err = register_netdev(net_dev);
7182         if (err) {
7183                 IPW_ERROR("failed to register network device\n");
7184                 goto out_remove_group;
7185         }
7186
7187         return 0;
7188
7189       out_remove_group:
7190         sysfs_remove_group(&pdev->dev.kobj, &ipw_attribute_group);
7191       out_release_irq:
7192         free_irq(pdev->irq, priv);
7193       out_destroy_workqueue:
7194         destroy_workqueue(priv->workqueue);
7195         priv->workqueue = NULL;
7196       out_iounmap:
7197         iounmap(priv->hw_base);
7198       out_pci_release_regions:
7199         pci_release_regions(pdev);
7200       out_pci_disable_device:
7201         pci_disable_device(pdev);
7202         pci_set_drvdata(pdev, NULL);
7203       out_free_ieee80211:
7204         free_ieee80211(priv->net_dev);
7205       out:
7206         return err;
7207 }
7208
7209 static void ipw_pci_remove(struct pci_dev *pdev)
7210 {
7211         struct ipw_priv *priv = pci_get_drvdata(pdev);
7212         if (!priv)
7213                 return;
7214
7215         priv->status |= STATUS_EXIT_PENDING;
7216
7217         sysfs_remove_group(&pdev->dev.kobj, &ipw_attribute_group);
7218
7219         ipw_down(priv);
7220
7221         unregister_netdev(priv->net_dev);
7222
7223         if (priv->rxq) {
7224                 ipw_rx_queue_free(priv, priv->rxq);
7225                 priv->rxq = NULL;
7226         }
7227         ipw_tx_queue_free(priv);
7228
7229         /* ipw_down will ensure that there is no more pending work
7230          * in the workqueue's, so we can safely remove them now. */
7231         if (priv->workqueue) {
7232                 cancel_delayed_work(&priv->adhoc_check);
7233                 cancel_delayed_work(&priv->gather_stats);
7234                 cancel_delayed_work(&priv->request_scan);
7235                 cancel_delayed_work(&priv->rf_kill);
7236                 cancel_delayed_work(&priv->scan_check);
7237                 destroy_workqueue(priv->workqueue);
7238                 priv->workqueue = NULL;
7239         }
7240
7241         free_irq(pdev->irq, priv);
7242         iounmap(priv->hw_base);
7243         pci_release_regions(pdev);
7244         pci_disable_device(pdev);
7245         pci_set_drvdata(pdev, NULL);
7246         free_ieee80211(priv->net_dev);
7247
7248 #ifdef CONFIG_PM
7249         if (fw_loaded) {
7250                 release_firmware(bootfw);
7251                 release_firmware(ucode);
7252                 release_firmware(firmware);
7253                 fw_loaded = 0;
7254         }
7255 #endif
7256 }
7257
7258 #ifdef CONFIG_PM
7259 static int ipw_pci_suspend(struct pci_dev *pdev, pm_message_t state)
7260 {
7261         struct ipw_priv *priv = pci_get_drvdata(pdev);
7262         struct net_device *dev = priv->net_dev;
7263
7264         printk(KERN_INFO "%s: Going into suspend...\n", dev->name);
7265
7266         /* Take down the device; powers it off, etc. */
7267         ipw_down(priv);
7268
7269         /* Remove the PRESENT state of the device */
7270         netif_device_detach(dev);
7271
7272         pci_save_state(pdev);
7273         pci_disable_device(pdev);
7274         pci_set_power_state(pdev, pci_choose_state(pdev, state));
7275
7276         return 0;
7277 }
7278
7279 static int ipw_pci_resume(struct pci_dev *pdev)
7280 {
7281         struct ipw_priv *priv = pci_get_drvdata(pdev);
7282         struct net_device *dev = priv->net_dev;
7283         u32 val;
7284
7285         printk(KERN_INFO "%s: Coming out of suspend...\n", dev->name);
7286
7287         pci_set_power_state(pdev, 0);
7288         pci_enable_device(pdev);
7289 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
7290         pci_restore_state(pdev, priv->pm_state);
7291 #else
7292         pci_restore_state(pdev);
7293 #endif
7294         /*
7295          * Suspend/Resume resets the PCI configuration space, so we have to
7296          * re-disable the RETRY_TIMEOUT register (0x41) to keep PCI Tx retries
7297          * from interfering with C3 CPU state. pci_restore_state won't help
7298          * here since it only restores the first 64 bytes pci config header.
7299          */
7300         pci_read_config_dword(pdev, 0x40, &val);
7301         if ((val & 0x0000ff00) != 0)
7302                 pci_write_config_dword(pdev, 0x40, val & 0xffff00ff);
7303
7304         /* Set the device back into the PRESENT state; this will also wake
7305          * the queue of needed */
7306         netif_device_attach(dev);
7307
7308         /* Bring the device back up */
7309         queue_work(priv->workqueue, &priv->up);
7310
7311         return 0;
7312 }
7313 #endif
7314
7315 /* driver initialization stuff */
7316 static struct pci_driver ipw_driver = {
7317         .name = DRV_NAME,
7318         .id_table = card_ids,
7319         .probe = ipw_pci_probe,
7320         .remove = __devexit_p(ipw_pci_remove),
7321 #ifdef CONFIG_PM
7322         .suspend = ipw_pci_suspend,
7323         .resume = ipw_pci_resume,
7324 #endif
7325 };
7326
7327 static int __init ipw_init(void)
7328 {
7329         int ret;
7330
7331         printk(KERN_INFO DRV_NAME ": " DRV_DESCRIPTION ", " DRV_VERSION "\n");
7332         printk(KERN_INFO DRV_NAME ": " DRV_COPYRIGHT "\n");
7333
7334         ret = pci_module_init(&ipw_driver);
7335         if (ret) {
7336                 IPW_ERROR("Unable to initialize PCI module\n");
7337                 return ret;
7338         }
7339
7340         ret = driver_create_file(&ipw_driver.driver, &driver_attr_debug_level);
7341         if (ret) {
7342                 IPW_ERROR("Unable to create driver sysfs file\n");
7343                 pci_unregister_driver(&ipw_driver);
7344                 return ret;
7345         }
7346
7347         return ret;
7348 }
7349
7350 static void __exit ipw_exit(void)
7351 {
7352         driver_remove_file(&ipw_driver.driver, &driver_attr_debug_level);
7353         pci_unregister_driver(&ipw_driver);
7354 }
7355
7356 module_param(disable, int, 0444);
7357 MODULE_PARM_DESC(disable, "manually disable the radio (default 0 [radio on])");
7358
7359 module_param(associate, int, 0444);
7360 MODULE_PARM_DESC(associate, "auto associate when scanning (default on)");
7361
7362 module_param(auto_create, int, 0444);
7363 MODULE_PARM_DESC(auto_create, "auto create adhoc network (default on)");
7364
7365 module_param(debug, int, 0444);
7366 MODULE_PARM_DESC(debug, "debug output mask");
7367
7368 module_param(channel, int, 0444);
7369 MODULE_PARM_DESC(channel, "channel to limit associate to (default 0 [ANY])");
7370
7371 module_param(ifname, charp, 0444);
7372 MODULE_PARM_DESC(ifname, "network device name (default eth%d)");
7373
7374 #ifdef CONFIG_IPW_PROMISC
7375 module_param(mode, int, 0444);
7376 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS,2=Monitor)");
7377 #else
7378 module_param(mode, int, 0444);
7379 MODULE_PARM_DESC(mode, "network mode (0=BSS,1=IBSS)");
7380 #endif
7381
7382 module_exit(ipw_exit);
7383 module_init(ipw_init);