summaryrefslogtreecommitdiff
path: root/sys/dev/usb/if_atureg.h
blob: a0eafb3fa0788cfee0d7557ca872d5980ae51c3a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
/*	$OpenBSD: if_atureg.h,v 1.24 2005/05/23 20:09:31 jsg Exp $ */
/*
 * Copyright (c) 2003
 *	Daan Vreeken <Danovitsch@Vitsch.net>.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by Daan Vreeken.
 * 4. Neither the name of the author nor the names of any co-contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY DAAN VREEKEN AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL Daan Vreeken OR THE VOICES IN HIS HEAD
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#define ATU_CONFIG_NO		1
#define ATU_IFACE_IDX		0

/* the number of simultaniuously requested RX transfers */
#define ATU_RX_LIST_CNT	1

/*
 * the number of simultaniously started TX transfers
 * my measurements :
 * 1		430.82 KB/sec
 * 2		534.66 KB/sec
 * 3		536.23 KB/sec
 * 4		537.80 KB/sec
 * 6		537.30 KB/sec
 * 8		535.31 KB/sec
 * 16		535.68 KB/sec
 * 128		535.67 KB/sec (before you ask : yes, 128 is silly :)
 * (+/- 24% increase)
 */
#define ATU_TX_LIST_CNT	8

/*
 * According to the 802.11 spec (7.1.2) the frame body can be up to 2312 bytes
 */
#define ATU_RX_BUFSZ		(ATU_RX_HDRLEN + \
				 sizeof(struct ieee80211_frame_addr4) + 2312 + 4)
/* BE CAREFULL! should add ATU_TX_PADDING */
#define ATU_TX_BUFSZ		(ATU_TX_HDRLEN + \
				 sizeof(struct ieee80211_frame_addr4) + 2312)

#define ATU_MIN_FRAMELEN	60

/*
 * Sending packets of more than 1500 bytes confuses some access points, so the
 * default MTU is set to 1500 but can be increased up to 2310 bytes using
 * ifconfig
 */
#define ATU_DEFAULT_MTU	1500
#define ATU_MAX_MTU		(2312 - 2)

#define ATU_ENDPT_RX		0x0
#define ATU_ENDPT_TX		0x1
#define ATU_ENDPT_MAX		0x2

#define ATU_TX_TIMEOUT		10000
#define ATU_JOIN_TIMEOUT	2000

#define ATU_NO_QUIRK		0x0000
#define ATU_QUIRK_NO_REMAP	0x0001
#define ATU_QUIRK_FW_DELAY	0x0002

#define ATU_DEFAULT_SSID	""
#define ATU_DEFAULT_CHANNEL	10

enum atu_radio_type {
	RadioRFMD = 0,
	RadioRFMD2958,
	RadioRFMD2958_SMC,
	RadioIntersil,
	AT76C503_i3863,
	AT76C503_rfmd_acc,
	AT76C505_rfmd
};

struct atu_type {
	u_int16_t		atu_vid;
	u_int16_t		atu_pid;
	enum atu_radio_type	atu_radio;
	u_int16_t		atu_quirk;
};

struct atu_softc;

struct atu_chain {
	struct atu_softc	*atu_sc;
	usbd_xfer_handle	atu_xfer;
	char			*atu_buf;
	struct mbuf		*atu_mbuf;
	u_int8_t		atu_idx;
	u_int16_t		atu_length;
	int			atu_in_xfer;
	SLIST_ENTRY(atu_chain)	atu_list;
};

/* Radio capture format */

#define ATU_RX_RADIOTAP_PRESENT					\
	((1 << IEEE80211_RADIOTAP_TSFT)			|	\
	 (1 << IEEE80211_RADIOTAP_FLAGS)		|	\
	 (1 << IEEE80211_RADIOTAP_RATE)			|	\
	 (1 << IEEE80211_RADIOTAP_CHANNEL)		|	\
	 (1 << IEEE80211_RADIOTAP_LOCK_QUALITY)		|	\
	 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL)		|	\
	 0)

struct atu_rx_radiotap_header {
	struct ieee80211_radiotap_header	rr_ihdr;
	u_int64_t				rr_tsft;
	u_int8_t				rr_flags;
	u_int8_t				rr_rate;
	u_int16_t				rr_chan_freq;
	u_int16_t				rr_chan_flags;
	u_int16_t				rr_barker_lock;
	u_int8_t				rr_antsignal;
} __attribute__((__packed__));

#define ATU_TX_RADIOTAP_PRESENT				\
	((1 << IEEE80211_RADIOTAP_FLAGS)	|	\
	 (1 << IEEE80211_RADIOTAP_RATE)		|	\
	 (1 << IEEE80211_RADIOTAP_CHANNEL)	|	\
	 0)

struct atu_tx_radiotap_header {
	struct ieee80211_radiotap_header	rt_ihdr;
	u_int8_t				rt_flags;
	u_int8_t				rt_rate;
	u_int16_t				rt_chan_freq;
	u_int16_t				rt_chan_flags;
} __attribute__((__packed__));

struct atu_cdata {
	struct atu_chain	atu_tx_chain[ATU_TX_LIST_CNT];
	struct atu_chain	atu_rx_chain[ATU_RX_LIST_CNT];

	SLIST_HEAD(atu_list_head, atu_chain)	atu_rx_free;
	struct atu_list_head	atu_tx_free;

	u_int8_t		atu_tx_inuse;
	u_int8_t		atu_tx_last_idx;	
};

#define MAX_SSID_LEN		32
#define ATU_AVG_TIME		20

struct atu_softc {
	USBBASEDEVICE           atu_dev;
	struct ieee80211com	sc_ic;
	int			(*sc_newstate)(struct ieee80211com *,
				    enum ieee80211_state, int);

	char			sc_state;
#define ATU_S_DEAD		0
#define ATU_S_OK		1
#define ATU_S_UNCONFIG		2
	char			sc_cmd;
#define ATU_C_NONE		0
#define ATU_C_SCAN		1
#define ATU_C_JOIN		2
	struct usb_task		sc_task;

	usbd_device_handle	atu_udev;
	usbd_interface_handle	atu_iface;
	struct ifmedia		atu_media;
	int			atu_ed[ATU_ENDPT_MAX];
	usbd_pipe_handle	atu_ep[ATU_ENDPT_MAX];
	int			atu_unit;
	int			atu_if_flags;

	struct atu_cdata	atu_cdata;

	struct timeval		atu_rx_notice;
	
	u_int8_t		atu_bssid[ETHER_ADDR_LEN];
	enum atu_radio_type	atu_radio;
	u_int16_t		atu_quirk;
	
	u_int8_t		atu_ssid[MAX_SSID_LEN];
	u_int8_t		atu_ssidlen;
	u_int8_t		atu_channel;
	u_int16_t		atu_desired_channel;
	u_int8_t		atu_mode;
#define NO_MODE_YET		0
#define AD_HOC_MODE		1
#define INFRASTRUCTURE_MODE	2

	u_int8_t		atu_radio_on;
	caddr_t			sc_radiobpf;

	union {
		struct atu_rx_radiotap_header	tap;
		u_int8_t			pad[64];
	} sc_rxtapu;
	union {
		struct atu_tx_radiotap_header	tap;
		u_int8_t			pad[64];
	} sc_txtapu;

};

#define sc_rxtap	sc_rxtapu.tap
#define sc_txtap	sc_txtapu.tap

/* Commands for uploading the firmware (standard DFU interface) */
#define DFU_DNLOAD		UT_WRITE_CLASS_INTERFACE, 0x01
#define DFU_GETSTATUS		UT_READ_CLASS_INTERFACE, 0x03
#define DFU_GETSTATE		UT_READ_CLASS_INTERFACE, 0x05
#define DFU_REMAP		UT_WRITE_VENDOR_INTERFACE, 0x0a

/* DFU states */
#define DFUState_AppIdle	0
#define DFUState_AppDetach	1
#define DFUState_DFUIdle	2
#define DFUState_DnLoadSync	3
#define DFUState_DnLoadBusy	4
#define DFUState_DnLoadIdle	5
#define DFUState_ManifestSync	6
#define DFUState_Manifest	7
#define DFUState_ManifestWait	8
#define DFUState_UploadIdle	9
#define DFUState_DFUError	10

#define DFU_MaxBlockSize	1024

/* AT76c503 operating modes */
#define MODE_NONE			0x00
#define MODE_NETCARD			0x01
#define MODE_CONFIG			0x02
#define MODE_DFU			0x03
#define MODE_NOFLASHNETCARD		0x04

/* AT76c503 commands */
#define CMD_SET_MIB			0x01
#define CMD_START_SCAN			0x03
#define CMD_JOIN			0x04
#define CMD_START_IBSS			0x05
#define CMD_RADIO			0x06
#define CMD_RADIO_ON			0x06
#define CMD_RADIO_OFF			0x07
#define CMD_STARTUP			0x0b

/* AT76c503 status messages -  used in atu_wait_completion */
#define STATUS_IDLE			0x00
#define STATUS_COMPLETE			0x01
#define STATUS_UNKNOWN			0x02
#define STATUS_INVALID_PARAMETER	0x03
#define STATUS_FUNCTION_NOT_SUPPORTED	0x04
#define STATUS_TIME_OUT			0x07
#define STATUS_IN_PROGRESS		0x08
#define STATUS_HOST_FAILURE		0xff
#define STATUS_SCAN_FAILED		0xf0

/* AT76c503 command header */
struct atu_cmd {
	uByte			Cmd;
	uByte			Reserved;
	uWord			Size;
} UPACKED;

/* CMD_SET_MIB command (0x01) */
struct atu_cmd_set_mib {
	/* AT76c503 command header */
	uByte		AtCmd;
	uByte		AtReserved;
	uWord		AtSize;

	/* MIB header */
	uByte		MIBType;
	uByte		MIBSize;
	uByte		MIBIndex;
	uByte		MIBReserved;

	/* MIB data */
	uByte		data[72];
} UPACKED;

/* CMD_STARTUP command (0x0b) */
struct atu_cmd_card_config {
	uByte			Cmd;
	uByte			Reserved;
	uWord			Size;
		
	uByte			ExcludeUnencrypted;
	uByte			PromiscuousMode;
	uByte			ShortRetryLimit;
	uByte			EncryptionType;
	uWord			RTS_Threshold;
	uWord			FragThreshold;		/* 256 .. 2346 */
	uByte			BasicRateSet[4];
	uByte			AutoRateFallback;
	uByte			Channel;
	uByte			PrivacyInvoked;		/* wep */
	uByte			WEP_DefaultKeyID;	/* 0 .. 3 */
	uByte			SSID[MAX_SSID_LEN];
	uByte			WEP_DefaultKey[4][13];
	uByte			SSID_Len;
	uByte			ShortPreamble;
	uWord			BeaconPeriod;
} UPACKED;

/* CMD_SCAN command (0x03) */
struct atu_cmd_do_scan {
	uByte			Cmd;
	uByte			Reserved;
	uWord			Size;
	
	uByte			BSSID[ETHER_ADDR_LEN];
	uByte			SSID[MAX_SSID_LEN];
	uByte			ScanType;
	uByte			Channel;
	uWord			ProbeDelay;
	uWord			MinChannelTime;
	uWord			MaxChannelTime;
	uByte			SSID_Len;
	uByte			InternationalScan;  
} UPACKED;

#define ATU_SCAN_ACTIVE		0x00
#define ATU_SCAN_PASSIVE	0x01

/* CMD_JOIN command (0x04) */
struct atu_cmd_join {
	uByte			Cmd;
	uByte			Reserved;
	uWord			Size;
	
	uByte			bssid[ETHER_ADDR_LEN];
	uByte			essid[32];
	uByte			bss_type;
	uByte			channel;
	uWord			timeout;
	uByte			essid_size;
	uByte			reserved;
} UPACKED;

/* CMD_START_IBSS (0x05) */
struct atu_cmd_start_ibss {
	uByte		Cmd;
	uByte		Reserved;
	uWord		Size;
	
	uByte		BSSID[ETHER_ADDR_LEN];
	uByte		SSID[32];
	uByte		BSSType; 
	uByte		Channel; 
	uByte		SSIDSize;
	uByte		Res[3];  
} UPACKED;

/*
 * The At76c503 adapters come with different types of radios on them.
 * At this moment the driver supports adapters with RFMD and Intersil radios.
 */

/* The config structure of an RFMD radio */
struct atu_rfmd_conf {
	u_int8_t		CR20[14];
	u_int8_t		CR21[14];
	u_int8_t		BB_CR[14];
	u_int8_t		PidVid[4];
	u_int8_t		MACAddr[ETHER_ADDR_LEN];
	u_int8_t		RegulatoryDomain;
	u_int8_t		LowPowerValues[14];
	u_int8_t		NormalPowerValues[14];
	u_int8_t		Reserved[3];
	/* then we have 84 bytes, somehow Windows reads 95?? */
	u_int8_t		Rest[11];
} UPACKED;

/* The config structure of an Intersil radio */
struct atu_intersil_conf {
	u_int8_t		MACAddr[ETHER_ADDR_LEN];
	/* From the HFA3861B manual : */
	/* Manual TX power control (7bit : -64 to 63) */
	u_int8_t		CR31[14];
	/* TX power measurement */
	u_int8_t		CR58[14];
	u_int8_t		PidVid[4];
	u_int8_t		RegulatoryDomain;
	u_int8_t		Reserved[1];
} UPACKED;


/* Firmware information request */
struct atu_fw {
	u_int8_t		major;
	u_int8_t		minor;
	u_int8_t		patch;
	u_int8_t		build;
} UPACKED;
        
/*
 * The header the AT76c503 puts in front of RX packets (for both managment &
 * data)
 */
struct atu_rx_hdr {
	uWord			length;
	uByte			rx_rate;
	uByte			newbss;
	uByte			fragmentation;
	uByte			rssi;
	uByte			link_quality;
	uByte			noise_level;
	uDWord			rx_time;
} UPACKED;
#define ATU_RX_HDRLEN sizeof(struct atu_rx_hdr)

/*
 * The header we have to put in front of a TX packet before sending it to the
 * AT76c503
 */
struct atu_tx_hdr {
	uWord				length;
	uByte				tx_rate;
	uByte				padding;
	uByte				reserved[4];
} UPACKED;
#define ATU_TX_HDRLEN sizeof(struct atu_tx_hdr)

#define NR(x)		(void *)((long)x)

/*
 * The linux driver uses seperate routines for every mib request they do
 * (eg. set_radio / set_preamble / set_frag / etc etc )
 * We just define a list of types, sizes and offsets and use those
 */

/*	Name				Type		Size	Index	*/
#define MIB_LOCAL			0x01
#define  MIB_LOCAL__BEACON_ENABLE	MIB_LOCAL,	1,	2
#define  MIB_LOCAL__AUTO_RATE_FALLBACK	MIB_LOCAL,	1,	3
#define  MIB_LOCAL__SSID_SIZE		MIB_LOCAL,	1,	5
#define  MIB_LOCAL__PREAMBLE		MIB_LOCAL,	1,	9
#define MIB_MAC_ADDR			0x02
#define  MIB_MAC_ADDR__ADDR		MIB_MAC_ADDR,	6,	0
#define MIB_MAC				0x03
#define  MIB_MAC__FRAG			MIB_MAC,	2,	8
#define  MIB_MAC__RTS			MIB_MAC,	2,	10
#define  MIB_MAC__DESIRED_SSID		MIB_MAC,	32,	28
#define MIB_MAC_MGMT			0x05
#define  MIB_MAC_MGMT__BEACON_PERIOD	MIB_MAC_MGMT,	2,	0
#define  MIB_MAC_MGMT__CURRENT_BSSID	MIB_MAC_MGMT,	6,	14
#define  MIB_MAC_MGMT__CURRENT_ESSID	MIB_MAC_MGMT,	32,	20
#define  MIB_MAC_MGMT__POWER_MODE	MIB_MAC_MGMT,	1,	53
#define  MIB_MAC_MGMT__IBSS_CHANGE	MIB_MAC_MGMT,	1,	54
#define MIB_MAC_WEP			0x06
#define  MIB_MAC_WEP__PRIVACY_INVOKED	MIB_MAC_WEP,	1,	0
#define  MIB_MAC_WEP__KEY_ID		MIB_MAC_WEP,	1,	1
#define  MIB_MAC_WEP__ICV_ERROR_COUNT	MIB_MAC_WEP,	4,	4
#define  MIB_MAC_WEP__EXCLUDED_COUNT	MIB_MAC_WEP,	4,	8
#define  MIB_MAC_WEP__KEYS(nr)		MIB_MAC_WEP,	13,	12+(nr)*13
#define  MIB_MAC_WEP__ENCR_LEVEL	MIB_MAC_WEP,	1,	64
#define MIB_PHY				0x07
#define  MIB_PHY__CHANNEL		MIB_PHY,	1,	20
#define  MIB_PHY__REG_DOMAIN		MIB_PHY,	1,	23
#define MIB_FW_VERSION			0x08
#define MIB_DOMAIN			0x09
#define  MIB_DOMAIN__POWER_LEVELS	MIB_DOMAIN,	14,	0
#define  MIB_DOMAIN__CHANNELS		MIB_DOMAIN,	14,	14

#define ATU_WEP_OFF			0
#define ATU_WEP_40BITS			1
#define ATU_WEP_104BITS			2

#define POWER_MODE_ACTIVE		1
#define POWER_MODE_SAVE			2
#define POWER_MODE_SMART		3

#define PREAMBLE_SHORT			1
#define PREAMBLE_LONG			0