1 /* $OpenBSD: if_atureg.h,v 1.30 2007/06/09 11:06:53 mbalmer Exp $ */
2 /*
3 * Copyright (c) 2003
4 * Daan Vreeken <Danovitsch@Vitsch.net>. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by Daan Vreeken.
17 * 4. Neither the name of the author nor the names of any co-contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY DAAN VREEKEN AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL Daan Vreeken OR THE VOICES IN HIS HEAD
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
31 * THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
34
35 #define ATU_CONFIG_NO 1
36 #define ATU_IFACE_IDX 0
37
38 /* the number of simultaneously requested RX transfers */
39 #define ATU_RX_LIST_CNT 1
40
41 /*
42 * the number of simultaneously started TX transfers
43 * my measurements :
44 * 1 430.82 KB/sec
45 * 2 534.66 KB/sec
46 * 3 536.23 KB/sec
47 * 4 537.80 KB/sec
48 * 6 537.30 KB/sec
49 * 8 535.31 KB/sec
50 * 16 535.68 KB/sec
51 * 128 535.67 KB/sec (before you ask : yes, 128 is silly :)
52 * (+/- 24% increase)
53 */
54 #define ATU_TX_LIST_CNT 8
55
56 /*
57 * According to the 802.11 spec (7.1.2) the frame body can be up to 2312 bytes
58 */
59 #define ATU_RX_BUFSZ (ATU_RX_HDRLEN + \
60 sizeof(struct ieee80211_frame_addr4) + 2312 + 4)
61 /* BE CAREFUL! should add ATU_TX_PADDING */
62 #define ATU_TX_BUFSZ (ATU_TX_HDRLEN + \
63 sizeof(struct ieee80211_frame_addr4) + 2312)
64
65 #define ATU_MIN_FRAMELEN 60
66
67 /*
68 * Sending packets of more than 1500 bytes confuses some access points, so the
69 * default MTU is set to 1500 but can be increased up to 2310 bytes using
70 * ifconfig
71 */
72 #define ATU_DEFAULT_MTU 1500
73 #define ATU_MAX_MTU (2312 - 2)
74
75 #define ATU_ENDPT_RX 0x0
76 #define ATU_ENDPT_TX 0x1
77 #define ATU_ENDPT_MAX 0x2
78
79 #define ATU_TX_TIMEOUT 10000
80 #define ATU_JOIN_TIMEOUT 2000
81
82 #define ATU_NO_QUIRK 0x0000
83 #define ATU_QUIRK_NO_REMAP 0x0001
84 #define ATU_QUIRK_FW_DELAY 0x0002
85
86 #define ATU_DEFAULT_SSID ""
87 #define ATU_DEFAULT_CHANNEL 10
88
89 enum atu_radio_type {
90 RadioRFMD = 0,
91 RadioRFMD2958,
92 RadioRFMD2958_SMC,
93 RadioIntersil,
94 AT76C503_i3863,
95 AT76C503_rfmd_acc,
96 AT76C505_rfmd
97 };
98
99 struct atu_type {
100 u_int16_t atu_vid;
101 u_int16_t atu_pid;
102 enum atu_radio_type atu_radio;
103 u_int16_t atu_quirk;
104 };
105
106 struct atu_softc;
107
108 struct atu_chain {
109 struct atu_softc *atu_sc;
110 usbd_xfer_handle atu_xfer;
111 char *atu_buf;
112 struct mbuf *atu_mbuf;
113 u_int8_t atu_idx;
114 u_int16_t atu_length;
115 int atu_in_xfer;
116 SLIST_ENTRY(atu_chain) atu_list;
117 };
118
119 /* Radio capture format */
120
121 #define ATU_RX_RADIOTAP_PRESENT \
122 ((1 << IEEE80211_RADIOTAP_TSFT) | \
123 (1 << IEEE80211_RADIOTAP_FLAGS) | \
124 (1 << IEEE80211_RADIOTAP_RATE) | \
125 (1 << IEEE80211_RADIOTAP_CHANNEL) | \
126 (1 << IEEE80211_RADIOTAP_LOCK_QUALITY) | \
127 (1 << IEEE80211_RADIOTAP_RSSI) | \
128 0)
129
130 struct atu_rx_radiotap_header {
131 struct ieee80211_radiotap_header rr_ihdr;
132 u_int64_t rr_tsft;
133 u_int8_t rr_flags;
134 u_int8_t rr_rate;
135 u_int16_t rr_chan_freq;
136 u_int16_t rr_chan_flags;
137 u_int16_t rr_barker_lock;
138 u_int8_t rr_rssi;
139 u_int8_t rr_max_rssi;
140 } __packed;
141
142 #define ATU_TX_RADIOTAP_PRESENT \
143 ((1 << IEEE80211_RADIOTAP_FLAGS) | \
144 (1 << IEEE80211_RADIOTAP_RATE) | \
145 (1 << IEEE80211_RADIOTAP_CHANNEL) | \
146 0)
147
148 struct atu_tx_radiotap_header {
149 struct ieee80211_radiotap_header rt_ihdr;
150 u_int8_t rt_flags;
151 u_int8_t rt_rate;
152 u_int16_t rt_chan_freq;
153 u_int16_t rt_chan_flags;
154 } __packed;
155
156 struct atu_cdata {
157 struct atu_chain atu_tx_chain[ATU_TX_LIST_CNT];
158 struct atu_chain atu_rx_chain[ATU_RX_LIST_CNT];
159
160 SLIST_HEAD(atu_list_head, atu_chain) atu_rx_free;
161 struct atu_list_head atu_tx_free;
162
163 u_int8_t atu_tx_inuse;
164 u_int8_t atu_tx_last_idx;
165 };
166
167 #define MAX_SSID_LEN 32
168 #define ATU_AVG_TIME 20
169
170 struct atu_softc {
171 struct device atu_dev;
172 struct ieee80211com sc_ic;
173 int (*sc_newstate)(struct ieee80211com *,
174 enum ieee80211_state, int);
175
176 char sc_state;
177 #define ATU_S_DEAD 0
178 #define ATU_S_OK 1
179 #define ATU_S_UNCONFIG 2
180 char sc_cmd;
181 #define ATU_C_NONE 0
182 #define ATU_C_SCAN 1
183 #define ATU_C_JOIN 2
184 struct usb_task sc_task;
185
186 usbd_device_handle atu_udev;
187 usbd_interface_handle atu_iface;
188 struct ifmedia atu_media;
189 int atu_ed[ATU_ENDPT_MAX];
190 usbd_pipe_handle atu_ep[ATU_ENDPT_MAX];
191 int atu_unit;
192 int atu_if_flags;
193
194 struct atu_cdata atu_cdata;
195
196 struct timeval atu_rx_notice;
197
198 u_int8_t atu_bssid[ETHER_ADDR_LEN];
199 enum atu_radio_type atu_radio;
200 u_int16_t atu_quirk;
201
202 u_int8_t atu_channel;
203 u_int16_t atu_desired_channel;
204 u_int8_t atu_mode;
205 #define NO_MODE_YET 0
206 #define AD_HOC_MODE 1
207 #define INFRASTRUCTURE_MODE 2
208
209 u_int8_t atu_radio_on;
210 caddr_t sc_radiobpf;
211
212 union {
213 struct atu_rx_radiotap_header tap;
214 u_int8_t pad[64];
215 } sc_rxtapu;
216 union {
217 struct atu_tx_radiotap_header tap;
218 u_int8_t pad[64];
219 } sc_txtapu;
220
221 };
222
223 #define sc_rxtap sc_rxtapu.tap
224 #define sc_txtap sc_txtapu.tap
225
226 /* Commands for uploading the firmware (standard DFU interface) */
227 #define DFU_DNLOAD UT_WRITE_CLASS_INTERFACE, 0x01
228 #define DFU_GETSTATUS UT_READ_CLASS_INTERFACE, 0x03
229 #define DFU_GETSTATE UT_READ_CLASS_INTERFACE, 0x05
230 #define DFU_REMAP UT_WRITE_VENDOR_INTERFACE, 0x0a
231
232 /* DFU states */
233 #define DFUState_AppIdle 0
234 #define DFUState_AppDetach 1
235 #define DFUState_DFUIdle 2
236 #define DFUState_DnLoadSync 3
237 #define DFUState_DnLoadBusy 4
238 #define DFUState_DnLoadIdle 5
239 #define DFUState_ManifestSync 6
240 #define DFUState_Manifest 7
241 #define DFUState_ManifestWait 8
242 #define DFUState_UploadIdle 9
243 #define DFUState_DFUError 10
244
245 #define DFU_MaxBlockSize 1024
246
247 /* AT76c503 operating modes */
248 #define MODE_NONE 0x00
249 #define MODE_NETCARD 0x01
250 #define MODE_CONFIG 0x02
251 #define MODE_DFU 0x03
252 #define MODE_NOFLASHNETCARD 0x04
253
254 /* AT76c503 commands */
255 #define CMD_SET_MIB 0x01
256 #define CMD_START_SCAN 0x03
257 #define CMD_JOIN 0x04
258 #define CMD_START_IBSS 0x05
259 #define CMD_RADIO 0x06
260 #define CMD_RADIO_ON 0x06
261 #define CMD_RADIO_OFF 0x07
262 #define CMD_STARTUP 0x0b
263
264 /* AT76c503 status messages - used in atu_wait_completion */
265 #define STATUS_IDLE 0x00
266 #define STATUS_COMPLETE 0x01
267 #define STATUS_UNKNOWN 0x02
268 #define STATUS_INVALID_PARAMETER 0x03
269 #define STATUS_FUNCTION_NOT_SUPPORTED 0x04
270 #define STATUS_TIME_OUT 0x07
271 #define STATUS_IN_PROGRESS 0x08
272 #define STATUS_HOST_FAILURE 0xff
273 #define STATUS_SCAN_FAILED 0xf0
274
275 /* AT76c503 command header */
276 struct atu_cmd {
277 uByte Cmd;
278 uByte Reserved;
279 uWord Size;
280 } __packed;
281
282 /* CMD_SET_MIB command (0x01) */
283 struct atu_cmd_set_mib {
284 /* AT76c503 command header */
285 uByte AtCmd;
286 uByte AtReserved;
287 uWord AtSize;
288
289 /* MIB header */
290 uByte MIBType;
291 uByte MIBSize;
292 uByte MIBIndex;
293 uByte MIBReserved;
294
295 /* MIB data */
296 uByte data[72];
297 } __packed;
298
299 /* CMD_STARTUP command (0x0b) */
300 struct atu_cmd_card_config {
301 uByte Cmd;
302 uByte Reserved;
303 uWord Size;
304
305 uByte ExcludeUnencrypted;
306 uByte PromiscuousMode;
307 uByte ShortRetryLimit;
308 uByte EncryptionType;
309 uWord RTS_Threshold;
310 uWord FragThreshold; /* 256 .. 2346 */
311 uByte BasicRateSet[4];
312 uByte AutoRateFallback;
313 uByte Channel;
314 uByte PrivacyInvoked; /* wep */
315 uByte WEP_DefaultKeyID; /* 0 .. 3 */
316 uByte SSID[MAX_SSID_LEN];
317 uByte WEP_DefaultKey[4][13];
318 uByte SSID_Len;
319 uByte ShortPreamble;
320 uWord BeaconPeriod;
321 } __packed;
322
323 /* CMD_SCAN command (0x03) */
324 struct atu_cmd_do_scan {
325 uByte Cmd;
326 uByte Reserved;
327 uWord Size;
328
329 uByte BSSID[ETHER_ADDR_LEN];
330 uByte SSID[MAX_SSID_LEN];
331 uByte ScanType;
332 uByte Channel;
333 uWord ProbeDelay;
334 uWord MinChannelTime;
335 uWord MaxChannelTime;
336 uByte SSID_Len;
337 uByte InternationalScan;
338 } __packed;
339
340 #define ATU_SCAN_ACTIVE 0x00
341 #define ATU_SCAN_PASSIVE 0x01
342
343 /* CMD_JOIN command (0x04) */
344 struct atu_cmd_join {
345 uByte Cmd;
346 uByte Reserved;
347 uWord Size;
348
349 uByte bssid[ETHER_ADDR_LEN];
350 uByte essid[32];
351 uByte bss_type;
352 uByte channel;
353 uWord timeout;
354 uByte essid_size;
355 uByte reserved;
356 } __packed;
357
358 /* CMD_START_IBSS (0x05) */
359 struct atu_cmd_start_ibss {
360 uByte Cmd;
361 uByte Reserved;
362 uWord Size;
363
364 uByte BSSID[ETHER_ADDR_LEN];
365 uByte SSID[32];
366 uByte BSSType;
367 uByte Channel;
368 uByte SSIDSize;
369 uByte Res[3];
370 } __packed;
371
372 /*
373 * The At76c503 adapters come with different types of radios on them.
374 * At this moment the driver supports adapters with RFMD and Intersil radios.
375 */
376
377 /* The config structure of an RFMD radio */
378 struct atu_rfmd_conf {
379 u_int8_t CR20[14];
380 u_int8_t CR21[14];
381 u_int8_t BB_CR[14];
382 u_int8_t PidVid[4];
383 u_int8_t MACAddr[ETHER_ADDR_LEN];
384 u_int8_t RegulatoryDomain;
385 u_int8_t LowPowerValues[14];
386 u_int8_t NormalPowerValues[14];
387 u_int8_t Reserved[3];
388 /* then we have 84 bytes, somehow Windows reads 95?? */
389 u_int8_t Rest[11];
390 } __packed;
391
392 /* The config structure of an Intersil radio */
393 struct atu_intersil_conf {
394 u_int8_t MACAddr[ETHER_ADDR_LEN];
395 /* From the HFA3861B manual : */
396 /* Manual TX power control (7bit : -64 to 63) */
397 u_int8_t CR31[14];
398 /* TX power measurement */
399 u_int8_t CR58[14];
400 u_int8_t PidVid[4];
401 u_int8_t RegulatoryDomain;
402 u_int8_t Reserved[1];
403 } __packed;
404
405
406 /* Firmware information request */
407 struct atu_fw {
408 u_int8_t major;
409 u_int8_t minor;
410 u_int8_t patch;
411 u_int8_t build;
412 } __packed;
413
414 /*
415 * The header the AT76c503 puts in front of RX packets (for both managment &
416 * data)
417 */
418 struct atu_rx_hdr {
419 uWord length;
420 uByte rx_rate;
421 uByte newbss;
422 uByte fragmentation;
423 uByte rssi;
424 uByte link_quality;
425 uByte noise_level;
426 uDWord rx_time;
427 } __packed;
428 #define ATU_RX_HDRLEN sizeof(struct atu_rx_hdr)
429
430 /*
431 * The header we have to put in front of a TX packet before sending it to the
432 * AT76c503
433 */
434 struct atu_tx_hdr {
435 uWord length;
436 uByte tx_rate;
437 uByte padding;
438 uByte reserved[4];
439 } __packed;
440 #define ATU_TX_HDRLEN sizeof(struct atu_tx_hdr)
441
442 #define NR(x) (void *)((long)x)
443
444 /*
445 * The linux driver uses seperate routines for every mib request they do
446 * (eg. set_radio / set_preamble / set_frag / etc etc )
447 * We just define a list of types, sizes and offsets and use those
448 */
449
450 /* Name Type Size Index */
451 #define MIB_LOCAL 0x01
452 #define MIB_LOCAL__BEACON_ENABLE MIB_LOCAL, 1, 2
453 #define MIB_LOCAL__AUTO_RATE_FALLBACK MIB_LOCAL, 1, 3
454 #define MIB_LOCAL__SSID_SIZE MIB_LOCAL, 1, 5
455 #define MIB_LOCAL__PREAMBLE MIB_LOCAL, 1, 9
456 #define MIB_MAC_ADDR 0x02
457 #define MIB_MAC_ADDR__ADDR MIB_MAC_ADDR, 6, 0
458 #define MIB_MAC 0x03
459 #define MIB_MAC__FRAG MIB_MAC, 2, 8
460 #define MIB_MAC__RTS MIB_MAC, 2, 10
461 #define MIB_MAC__DESIRED_SSID MIB_MAC, 32, 28
462 #define MIB_MAC_MGMT 0x05
463 #define MIB_MAC_MGMT__BEACON_PERIOD MIB_MAC_MGMT, 2, 0
464 #define MIB_MAC_MGMT__CURRENT_BSSID MIB_MAC_MGMT, 6, 14
465 #define MIB_MAC_MGMT__CURRENT_ESSID MIB_MAC_MGMT, 32, 20
466 #define MIB_MAC_MGMT__POWER_MODE MIB_MAC_MGMT, 1, 53
467 #define MIB_MAC_MGMT__IBSS_CHANGE MIB_MAC_MGMT, 1, 54
468 #define MIB_MAC_WEP 0x06
469 #define MIB_MAC_WEP__PRIVACY_INVOKED MIB_MAC_WEP, 1, 0
470 #define MIB_MAC_WEP__KEY_ID MIB_MAC_WEP, 1, 1
471 #define MIB_MAC_WEP__ICV_ERROR_COUNT MIB_MAC_WEP, 4, 4
472 #define MIB_MAC_WEP__EXCLUDED_COUNT MIB_MAC_WEP, 4, 8
473 #define MIB_MAC_WEP__KEYS(nr) MIB_MAC_WEP, 13, 12+(nr)*13
474 #define MIB_MAC_WEP__ENCR_LEVEL MIB_MAC_WEP, 1, 64
475 #define MIB_PHY 0x07
476 #define MIB_PHY__CHANNEL MIB_PHY, 1, 20
477 #define MIB_PHY__REG_DOMAIN MIB_PHY, 1, 23
478 #define MIB_FW_VERSION 0x08
479 #define MIB_DOMAIN 0x09
480 #define MIB_DOMAIN__POWER_LEVELS MIB_DOMAIN, 14, 0
481 #define MIB_DOMAIN__CHANNELS MIB_DOMAIN, 14, 14
482
483 #define ATU_WEP_OFF 0
484 #define ATU_WEP_40BITS 1
485 #define ATU_WEP_104BITS 2
486
487 #define POWER_MODE_ACTIVE 1
488 #define POWER_MODE_SAVE 2
489 #define POWER_MODE_SMART 3
490
491 #define PREAMBLE_SHORT 1
492 #define PREAMBLE_LONG 0