1 /*
   2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 
   6 /*
   7  * Copyright (c) 2005-2007 Damien Bergamini <damien.bergamini@free.fr>
   8  * Copyright (c) 2006 Niall O'Higgins <niallo@openbsd.org>
   9  *
  10  * Permission to use, copy, modify, and distribute this software for any
  11  * purpose with or without fee is hereby granted, provided that the above
  12  * copyright notice and this permission notice appear in all copies.
  13  *
  14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  21  */
  22 
  23 /*
  24  * Ralink Technology RT2501USB/RT2601USB chipset driver
  25  * http://www.ralinktech.com.tw/
  26  */
  27 #include <sys/types.h>
  28 #include <sys/cmn_err.h>
  29 #include <sys/strsubr.h>
  30 #include <sys/modctl.h>
  31 #include <sys/devops.h>
  32 #include <sys/mac_provider.h>
  33 #include <sys/mac_wifi.h>
  34 #include <sys/net80211.h>
  35 #include <sys/byteorder.h>
  36 
  37 #define USBDRV_MAJOR_VER        2
  38 #define USBDRV_MINOR_VER        0
  39 #include <sys/usb/usba.h>
  40 #include <sys/usb/usba/usba_types.h>
  41 
  42 #include "rum_reg.h"
  43 #include "rum_var.h"
  44 #include "rt2573_ucode.h"
  45 
  46 static void *rum_soft_state_p = NULL;
  47 
  48 #define RAL_TXBUF_SIZE          (IEEE80211_MAX_LEN)
  49 #define RAL_RXBUF_SIZE          (IEEE80211_MAX_LEN)
  50 
  51 /* quickly determine if a given rate is CCK or OFDM */
  52 #define RUM_RATE_IS_OFDM(rate)  ((rate) >= 12 && (rate) != 22)
  53 #define RUM_ACK_SIZE    14      /* 10 + 4(FCS) */
  54 #define RUM_CTS_SIZE    14      /* 10 + 4(FCS) */
  55 
  56 #define RUM_N(a)                (sizeof (a) / sizeof ((a)[0]))
  57 
  58 /*
  59  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
  60  */
  61 static const struct ieee80211_rateset rum_rateset_11a =
  62         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
  63 
  64 static const struct ieee80211_rateset rum_rateset_11b =
  65         { 4, { 2, 4, 11, 22 } };
  66 
  67 static const struct ieee80211_rateset rum_rateset_11g =
  68         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
  69 
  70 static const struct {
  71         uint32_t        reg;
  72         uint32_t        val;
  73 } rum_def_mac[] = {
  74         { RT2573_TXRX_CSR0,  0x025fb032 },
  75         { RT2573_TXRX_CSR1,  0x9eaa9eaf },
  76         { RT2573_TXRX_CSR2,  0x8a8b8c8d },
  77         { RT2573_TXRX_CSR3,  0x00858687 },
  78         { RT2573_TXRX_CSR7,  0x2e31353b },
  79         { RT2573_TXRX_CSR8,  0x2a2a2a2c },
  80         { RT2573_TXRX_CSR15, 0x0000000f },
  81         { RT2573_MAC_CSR6,   0x00000fff },
  82         { RT2573_MAC_CSR8,   0x016c030a },
  83         { RT2573_MAC_CSR10,  0x00000718 },
  84         { RT2573_MAC_CSR12,  0x00000004 },
  85         { RT2573_MAC_CSR13,  0x00007f00 },
  86         { RT2573_SEC_CSR0,   0x00000000 },
  87         { RT2573_SEC_CSR1,   0x00000000 },
  88         { RT2573_SEC_CSR5,   0x00000000 },
  89         { RT2573_PHY_CSR1,   0x000023b0 },
  90         { RT2573_PHY_CSR5,   0x00040a06 },
  91         { RT2573_PHY_CSR6,   0x00080606 },
  92         { RT2573_PHY_CSR7,   0x00000408 },
  93         { RT2573_AIFSN_CSR,  0x00002273 },
  94         { RT2573_CWMIN_CSR,  0x00002344 },
  95         { RT2573_CWMAX_CSR,  0x000034aa }
  96 };
  97 
  98 static const struct {
  99         uint8_t reg;
 100         uint8_t val;
 101 } rum_def_bbp[] = {
 102         {   3, 0x80 },
 103         {  15, 0x30 },
 104         {  17, 0x20 },
 105         {  21, 0xc8 },
 106         {  22, 0x38 },
 107         {  23, 0x06 },
 108         {  24, 0xfe },
 109         {  25, 0x0a },
 110         {  26, 0x0d },
 111         {  32, 0x0b },
 112         {  34, 0x12 },
 113         {  37, 0x07 },
 114         {  39, 0xf8 },
 115         {  41, 0x60 },
 116         {  53, 0x10 },
 117         {  54, 0x18 },
 118         {  60, 0x10 },
 119         {  61, 0x04 },
 120         {  62, 0x04 },
 121         {  75, 0xfe },
 122         {  86, 0xfe },
 123         {  88, 0xfe },
 124         {  90, 0x0f },
 125         {  99, 0x00 },
 126         { 102, 0x16 },
 127         { 107, 0x04 }
 128 };
 129 
 130 static const struct rfprog {
 131         uint8_t         chan;
 132         uint32_t        r1, r2, r3, r4;
 133 }  rum_rf5226[] = {
 134         {   1, 0x00b03, 0x001e1, 0x1a014, 0x30282 },
 135         {   2, 0x00b03, 0x001e1, 0x1a014, 0x30287 },
 136         {   3, 0x00b03, 0x001e2, 0x1a014, 0x30282 },
 137         {   4, 0x00b03, 0x001e2, 0x1a014, 0x30287 },
 138         {   5, 0x00b03, 0x001e3, 0x1a014, 0x30282 },
 139         {   6, 0x00b03, 0x001e3, 0x1a014, 0x30287 },
 140         {   7, 0x00b03, 0x001e4, 0x1a014, 0x30282 },
 141         {   8, 0x00b03, 0x001e4, 0x1a014, 0x30287 },
 142         {   9, 0x00b03, 0x001e5, 0x1a014, 0x30282 },
 143         {  10, 0x00b03, 0x001e5, 0x1a014, 0x30287 },
 144         {  11, 0x00b03, 0x001e6, 0x1a014, 0x30282 },
 145         {  12, 0x00b03, 0x001e6, 0x1a014, 0x30287 },
 146         {  13, 0x00b03, 0x001e7, 0x1a014, 0x30282 },
 147         {  14, 0x00b03, 0x001e8, 0x1a014, 0x30284 },
 148 
 149         {  34, 0x00b03, 0x20266, 0x36014, 0x30282 },
 150         {  38, 0x00b03, 0x20267, 0x36014, 0x30284 },
 151         {  42, 0x00b03, 0x20268, 0x36014, 0x30286 },
 152         {  46, 0x00b03, 0x20269, 0x36014, 0x30288 },
 153 
 154         {  36, 0x00b03, 0x00266, 0x26014, 0x30288 },
 155         {  40, 0x00b03, 0x00268, 0x26014, 0x30280 },
 156         {  44, 0x00b03, 0x00269, 0x26014, 0x30282 },
 157         {  48, 0x00b03, 0x0026a, 0x26014, 0x30284 },
 158         {  52, 0x00b03, 0x0026b, 0x26014, 0x30286 },
 159         {  56, 0x00b03, 0x0026c, 0x26014, 0x30288 },
 160         {  60, 0x00b03, 0x0026e, 0x26014, 0x30280 },
 161         {  64, 0x00b03, 0x0026f, 0x26014, 0x30282 },
 162 
 163         { 100, 0x00b03, 0x0028a, 0x2e014, 0x30280 },
 164         { 104, 0x00b03, 0x0028b, 0x2e014, 0x30282 },
 165         { 108, 0x00b03, 0x0028c, 0x2e014, 0x30284 },
 166         { 112, 0x00b03, 0x0028d, 0x2e014, 0x30286 },
 167         { 116, 0x00b03, 0x0028e, 0x2e014, 0x30288 },
 168         { 120, 0x00b03, 0x002a0, 0x2e014, 0x30280 },
 169         { 124, 0x00b03, 0x002a1, 0x2e014, 0x30282 },
 170         { 128, 0x00b03, 0x002a2, 0x2e014, 0x30284 },
 171         { 132, 0x00b03, 0x002a3, 0x2e014, 0x30286 },
 172         { 136, 0x00b03, 0x002a4, 0x2e014, 0x30288 },
 173         { 140, 0x00b03, 0x002a6, 0x2e014, 0x30280 },
 174 
 175         { 149, 0x00b03, 0x002a8, 0x2e014, 0x30287 },
 176         { 153, 0x00b03, 0x002a9, 0x2e014, 0x30289 },
 177         { 157, 0x00b03, 0x002ab, 0x2e014, 0x30281 },
 178         { 161, 0x00b03, 0x002ac, 0x2e014, 0x30283 },
 179         { 165, 0x00b03, 0x002ad, 0x2e014, 0x30285 }
 180 }, rum_rf5225[] = {
 181         {   1, 0x00b33, 0x011e1, 0x1a014, 0x30282 },
 182         {   2, 0x00b33, 0x011e1, 0x1a014, 0x30287 },
 183         {   3, 0x00b33, 0x011e2, 0x1a014, 0x30282 },
 184         {   4, 0x00b33, 0x011e2, 0x1a014, 0x30287 },
 185         {   5, 0x00b33, 0x011e3, 0x1a014, 0x30282 },
 186         {   6, 0x00b33, 0x011e3, 0x1a014, 0x30287 },
 187         {   7, 0x00b33, 0x011e4, 0x1a014, 0x30282 },
 188         {   8, 0x00b33, 0x011e4, 0x1a014, 0x30287 },
 189         {   9, 0x00b33, 0x011e5, 0x1a014, 0x30282 },
 190         {  10, 0x00b33, 0x011e5, 0x1a014, 0x30287 },
 191         {  11, 0x00b33, 0x011e6, 0x1a014, 0x30282 },
 192         {  12, 0x00b33, 0x011e6, 0x1a014, 0x30287 },
 193         {  13, 0x00b33, 0x011e7, 0x1a014, 0x30282 },
 194         {  14, 0x00b33, 0x011e8, 0x1a014, 0x30284 },
 195 
 196         {  34, 0x00b33, 0x01266, 0x26014, 0x30282 },
 197         {  38, 0x00b33, 0x01267, 0x26014, 0x30284 },
 198         {  42, 0x00b33, 0x01268, 0x26014, 0x30286 },
 199         {  46, 0x00b33, 0x01269, 0x26014, 0x30288 },
 200 
 201         {  36, 0x00b33, 0x01266, 0x26014, 0x30288 },
 202         {  40, 0x00b33, 0x01268, 0x26014, 0x30280 },
 203         {  44, 0x00b33, 0x01269, 0x26014, 0x30282 },
 204         {  48, 0x00b33, 0x0126a, 0x26014, 0x30284 },
 205         {  52, 0x00b33, 0x0126b, 0x26014, 0x30286 },
 206         {  56, 0x00b33, 0x0126c, 0x26014, 0x30288 },
 207         {  60, 0x00b33, 0x0126e, 0x26014, 0x30280 },
 208         {  64, 0x00b33, 0x0126f, 0x26014, 0x30282 },
 209 
 210         { 100, 0x00b33, 0x0128a, 0x2e014, 0x30280 },
 211         { 104, 0x00b33, 0x0128b, 0x2e014, 0x30282 },
 212         { 108, 0x00b33, 0x0128c, 0x2e014, 0x30284 },
 213         { 112, 0x00b33, 0x0128d, 0x2e014, 0x30286 },
 214         { 116, 0x00b33, 0x0128e, 0x2e014, 0x30288 },
 215         { 120, 0x00b33, 0x012a0, 0x2e014, 0x30280 },
 216         { 124, 0x00b33, 0x012a1, 0x2e014, 0x30282 },
 217         { 128, 0x00b33, 0x012a2, 0x2e014, 0x30284 },
 218         { 132, 0x00b33, 0x012a3, 0x2e014, 0x30286 },
 219         { 136, 0x00b33, 0x012a4, 0x2e014, 0x30288 },
 220         { 140, 0x00b33, 0x012a6, 0x2e014, 0x30280 },
 221 
 222         { 149, 0x00b33, 0x012a8, 0x2e014, 0x30287 },
 223         { 153, 0x00b33, 0x012a9, 0x2e014, 0x30289 },
 224         { 157, 0x00b33, 0x012ab, 0x2e014, 0x30281 },
 225         { 161, 0x00b33, 0x012ac, 0x2e014, 0x30283 },
 226         { 165, 0x00b33, 0x012ad, 0x2e014, 0x30285 }
 227 };
 228 
 229 /*
 230  * device operations
 231  */
 232 static int rum_attach(dev_info_t *, ddi_attach_cmd_t);
 233 static int rum_detach(dev_info_t *, ddi_detach_cmd_t);
 234 
 235 /*
 236  * Module Loading Data & Entry Points
 237  */
 238 DDI_DEFINE_STREAM_OPS(rum_dev_ops, nulldev, nulldev, rum_attach,
 239     rum_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);
 240 
 241 static struct modldrv rum_modldrv = {
 242         &mod_driverops,             /* Type of module.  This one is a driver */
 243         "rum driver v1.2",      /* short description */
 244         &rum_dev_ops                /* driver specific ops */
 245 };
 246 
 247 static struct modlinkage modlinkage = {
 248         MODREV_1,
 249         (void *)&rum_modldrv,
 250         NULL
 251 };
 252 
 253 static int      rum_m_stat(void *,  uint_t, uint64_t *);
 254 static int      rum_m_start(void *);
 255 static void     rum_m_stop(void *);
 256 static int      rum_m_promisc(void *, boolean_t);
 257 static int      rum_m_multicst(void *, boolean_t, const uint8_t *);
 258 static int      rum_m_unicst(void *, const uint8_t *);
 259 static mblk_t   *rum_m_tx(void *, mblk_t *);
 260 static void     rum_m_ioctl(void *, queue_t *, mblk_t *);
 261 static int      rum_m_setprop(void *, const char *, mac_prop_id_t,
 262     uint_t, const void *);
 263 static int      rum_m_getprop(void *, const char *, mac_prop_id_t,
 264     uint_t, void *);
 265 static void     rum_m_propinfo(void *, const char *, mac_prop_id_t,
 266     mac_prop_info_handle_t);
 267 
 268 static mac_callbacks_t rum_m_callbacks = {
 269         MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
 270         rum_m_stat,
 271         rum_m_start,
 272         rum_m_stop,
 273         rum_m_promisc,
 274         rum_m_multicst,
 275         rum_m_unicst,
 276         rum_m_tx,
 277         NULL,
 278         rum_m_ioctl,
 279         NULL,           /* mc_getcapab */
 280         NULL,
 281         NULL,
 282         rum_m_setprop,
 283         rum_m_getprop,
 284         rum_m_propinfo
 285 };
 286 
 287 static void rum_amrr_start(struct rum_softc *, struct ieee80211_node *);
 288 static int  rum_tx_trigger(struct rum_softc *, mblk_t *);
 289 static int  rum_rx_trigger(struct rum_softc *);
 290 
 291 uint32_t rum_dbg_flags = 0;
 292 
 293 void
 294 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
 295 {
 296         va_list args;
 297 
 298         if (dbg_flags & rum_dbg_flags) {
 299                 va_start(args, fmt);
 300                 vcmn_err(CE_CONT, fmt, args);
 301                 va_end(args);
 302         }
 303 }
 304 
 305 static void
 306 rum_read_multi(struct rum_softc *sc, uint16_t reg, void *buf, int len)
 307 {
 308         usb_ctrl_setup_t req;
 309         usb_cr_t cr;
 310         usb_cb_flags_t cf;
 311         mblk_t *mp;
 312         int err;
 313 
 314         bzero(&req, sizeof (req));
 315         req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
 316         req.bRequest = RT2573_READ_MULTI_MAC;
 317         req.wValue = 0;
 318         req.wIndex = reg;
 319         req.wLength = (uint16_t)len;
 320         req.attrs = USB_ATTRS_AUTOCLEARING;
 321 
 322         mp = NULL;
 323         err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
 324             &cr, &cf, 0);
 325 
 326         if (err != USB_SUCCESS) {
 327                 ral_debug(RAL_DBG_ERR,
 328                     "rum_read_multi(): could not read MAC register:"
 329                     "cr:%s(%d), cf:(%x)\n",
 330                     usb_str_cr(cr), cr, cf);
 331                 return;
 332         }
 333 
 334         bcopy(mp->b_rptr, buf, len);
 335         freemsg(mp);
 336 }
 337 
 338 static uint32_t
 339 rum_read(struct rum_softc *sc, uint16_t reg)
 340 {
 341         uint32_t val;
 342 
 343         rum_read_multi(sc, reg, &val, sizeof (val));
 344 
 345         return (LE_32(val));
 346 }
 347 
 348 static void
 349 rum_write_multi(struct rum_softc *sc, uint16_t reg, void *buf, size_t len)
 350 {
 351         usb_ctrl_setup_t req;
 352         usb_cr_t cr;
 353         usb_cb_flags_t cf;
 354         mblk_t *mp;
 355         int err;
 356 
 357         bzero(&req, sizeof (req));
 358         req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
 359         req.bRequest = RT2573_WRITE_MULTI_MAC;
 360         req.wValue = 0;
 361         req.wIndex = reg;
 362         req.wLength = (uint16_t)len;
 363         req.attrs = USB_ATTRS_NONE;
 364 
 365         if ((mp = allocb(len, BPRI_HI)) == NULL) {
 366                 ral_debug(RAL_DBG_ERR, "rum_write_multi(): failed alloc mblk.");
 367                 return;
 368         }
 369 
 370         bcopy(buf, mp->b_wptr, len);
 371         mp->b_wptr += len;
 372 
 373         err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
 374             &cr, &cf, 0);
 375 
 376         if (err != USB_SUCCESS) {
 377                 ral_debug(RAL_DBG_USB,
 378                     "rum_write_multi(): could not write MAC register:"
 379                     "cr:%s(%d), cf:(%x)\n",
 380                     usb_str_cr(cr), cr, cf);
 381         }
 382 
 383         freemsg(mp);
 384 }
 385 
 386 static void
 387 rum_write(struct rum_softc *sc, uint16_t reg, uint32_t val)
 388 {
 389         uint32_t tmp = LE_32(val);
 390 
 391         rum_write_multi(sc, reg, &tmp, sizeof (tmp));
 392 }
 393 
 394 #define UGETDW(w) ((w)[0] | ((w)[1] << 8) | ((w)[2] << 16) | ((w)[3] << 24))
 395 
 396 static int
 397 rum_load_microcode(struct rum_softc *sc)
 398 {
 399         usb_ctrl_setup_t req;
 400         usb_cr_t cr;
 401         usb_cb_flags_t cf;
 402         int err;
 403 
 404         const uint8_t *ucode;
 405         int size;
 406         uint16_t reg = RT2573_MCU_CODE_BASE;
 407 
 408         ucode = rt2573_ucode;
 409         size  = sizeof (rt2573_ucode);
 410 
 411         /* copy firmware image into NIC */
 412         for (; size >= 4; reg += 4, ucode += 4, size -= 4) {
 413                 rum_write(sc, reg, UGETDW(ucode));
 414                 /* rum_write(sc, reg, *(uint32_t *)(ucode)); */
 415         }
 416 
 417         bzero(&req, sizeof (req));
 418         req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
 419         req.bRequest = RT2573_MCU_CNTL;
 420         req.wValue = RT2573_MCU_RUN;
 421         req.wIndex = 0;
 422         req.wLength = 0;
 423         req.attrs = USB_ATTRS_NONE;
 424 
 425         err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
 426             &cr, &cf, 0);
 427 
 428         if (err != USB_SUCCESS) {
 429                 ral_debug(RAL_DBG_ERR,
 430                     "rum_load_microcode(): could not run firmware: "
 431                     "cr:%s(%d), cf:(%x)\n",
 432                     usb_str_cr(cr), cr, cf);
 433         }
 434 
 435         ral_debug(RAL_DBG_MSG,
 436             "rum_load_microcode(%d): done\n", sizeof (rt2573_ucode));
 437 
 438         return (err);
 439 }
 440 
 441 static void
 442 rum_eeprom_read(struct rum_softc *sc, uint16_t addr, void *buf, int len)
 443 {
 444         usb_ctrl_setup_t req;
 445         usb_cr_t cr;
 446         usb_cb_flags_t cf;
 447         mblk_t *mp;
 448         int err;
 449 
 450         bzero(&req, sizeof (req));
 451         req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
 452         req.bRequest = RT2573_READ_EEPROM;
 453         req.wValue = 0;
 454         req.wIndex = addr;
 455         req.wLength = (uint16_t)len;
 456 
 457         mp = NULL;
 458         err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
 459             &cr, &cf, 0);
 460 
 461         if (err != USB_SUCCESS) {
 462                 ral_debug(RAL_DBG_USB,
 463                     "rum_eeprom_read(): could not read EEPROM:"
 464                     "cr:%s(%d), cf:(%x)\n",
 465                     usb_str_cr(cr), cr, cf);
 466                 return;
 467         }
 468 
 469         bcopy(mp->b_rptr, buf, len);
 470         freemsg(mp);
 471 }
 472 
 473 /* ARGSUSED */
 474 static void
 475 rum_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
 476 {
 477         struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
 478         struct ieee80211com *ic = &sc->sc_ic;
 479 
 480         ral_debug(RAL_DBG_TX,
 481             "rum_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
 482             usb_str_cr(req->bulk_completion_reason),
 483             req->bulk_completion_reason,
 484             req->bulk_cb_flags,
 485             sc->tx_queued);
 486 
 487         if (req->bulk_completion_reason != USB_CR_OK)
 488                 sc->sc_tx_err++;
 489 
 490         mutex_enter(&sc->tx_lock);
 491 
 492         sc->tx_queued--;
 493         sc->sc_tx_timer = 0;
 494 
 495         if (sc->sc_need_sched) {
 496                 sc->sc_need_sched = 0;
 497                 mac_tx_update(ic->ic_mach);
 498         }
 499 
 500         mutex_exit(&sc->tx_lock);
 501         usb_free_bulk_req(req);
 502 }
 503 
 504 /* ARGSUSED */
 505 static void
 506 rum_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
 507 {
 508         struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
 509         struct ieee80211com *ic = &sc->sc_ic;
 510 
 511         struct rum_rx_desc *desc;
 512         struct ieee80211_frame *wh;
 513         struct ieee80211_node *ni;
 514 
 515         mblk_t *m, *mp;
 516         int len, pktlen;
 517         char *rxbuf;
 518 
 519         mp = req->bulk_data;
 520         req->bulk_data = NULL;
 521 
 522         ral_debug(RAL_DBG_RX,
 523             "rum_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
 524             usb_str_cr(req->bulk_completion_reason),
 525             req->bulk_completion_reason,
 526             req->bulk_cb_flags,
 527             sc->rx_queued);
 528 
 529         if (req->bulk_completion_reason != USB_CR_OK) {
 530                 sc->sc_rx_err++;
 531                 goto fail;
 532         }
 533 
 534         len = msgdsize(mp);
 535         rxbuf = (char *)mp->b_rptr;
 536 
 537 
 538         if (len < RT2573_RX_DESC_SIZE + sizeof (struct ieee80211_frame_min)) {
 539                 ral_debug(RAL_DBG_ERR,
 540                     "rum_rxeof(): xfer too short %d\n", len);
 541                 sc->sc_rx_err++;
 542                 goto fail;
 543         }
 544 
 545         /* rx descriptor is located at the head, different from RT2500USB */
 546         desc = (struct rum_rx_desc *)rxbuf;
 547 
 548         if (LE_32(desc->flags) & RT2573_RX_CRC_ERROR) {
 549                 /*
 550                  * This should not happen since we did not request to receive
 551                  * those frames when we filled RT2573_TXRX_CSR0.
 552                  */
 553                 ral_debug(RAL_DBG_ERR, "CRC error\n");
 554                 sc->sc_rx_err++;
 555                 goto fail;
 556         }
 557 
 558         pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
 559 
 560         if (pktlen > (len - RT2573_RX_DESC_SIZE)) {
 561                 ral_debug(RAL_DBG_ERR,
 562                     "rum_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
 563                 goto fail;
 564         }
 565 
 566         if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
 567                 ral_debug(RAL_DBG_ERR,
 568                     "rum_rxeof(): allocate mblk failed.\n");
 569                 sc->sc_rx_nobuf++;
 570                 goto fail;
 571         }
 572 
 573         bcopy(rxbuf + RT2573_RX_DESC_SIZE, m->b_rptr, pktlen);
 574         m->b_wptr += pktlen;
 575 
 576         wh = (struct ieee80211_frame *)m->b_rptr;
 577         ni = ieee80211_find_rxnode(ic, wh);
 578 
 579         /* send the frame to the 802.11 layer */
 580         (void) ieee80211_input(ic, m, ni, desc->rssi, 0);
 581 
 582         /* node is no longer needed */
 583         ieee80211_free_node(ni);
 584 
 585 fail:
 586         mutex_enter(&sc->rx_lock);
 587         sc->rx_queued--;
 588         mutex_exit(&sc->rx_lock);
 589 
 590         freemsg(mp);
 591         usb_free_bulk_req(req);
 592 
 593         if (RAL_IS_RUNNING(sc))
 594                 (void) rum_rx_trigger(sc);
 595 }
 596 
 597 /*
 598  * Return the expected ack rate for a frame transmitted at rate `rate'.
 599  */
 600 static int
 601 rum_ack_rate(struct ieee80211com *ic, int rate)
 602 {
 603         switch (rate) {
 604         /* CCK rates */
 605         case 2:
 606                 return (2);
 607         case 4:
 608         case 11:
 609         case 22:
 610                 return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
 611 
 612         /* OFDM rates */
 613         case 12:
 614         case 18:
 615                 return (12);
 616         case 24:
 617         case 36:
 618                 return (24);
 619         case 48:
 620         case 72:
 621         case 96:
 622         case 108:
 623                 return (48);
 624         }
 625 
 626         /* default to 1Mbps */
 627         return (2);
 628 }
 629 
 630 /*
 631  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
 632  * The function automatically determines the operating mode depending on the
 633  * given rate. `flags' indicates whether short preamble is in use or not.
 634  */
 635 static uint16_t
 636 rum_txtime(int len, int rate, uint32_t flags)
 637 {
 638         uint16_t txtime;
 639 
 640         if (RUM_RATE_IS_OFDM(rate)) {
 641                 /* IEEE Std 802.11a-1999, pp. 37 */
 642                 txtime = (8 + 4 * len + 3 + rate - 1) / rate;
 643                 txtime = 16 + 4 + 4 * txtime + 6;
 644         } else {
 645                 /* IEEE Std 802.11b-1999, pp. 28 */
 646                 txtime = (16 * len + rate - 1) / rate;
 647                 if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
 648                         txtime +=  72 + 24;
 649                 else
 650                         txtime += 144 + 48;
 651         }
 652         return (txtime);
 653 }
 654 
 655 static uint8_t
 656 rum_plcp_signal(int rate)
 657 {
 658         switch (rate) {
 659         /* CCK rates (returned values are device-dependent) */
 660         case 2:         return (0x0);
 661         case 4:         return (0x1);
 662         case 11:        return (0x2);
 663         case 22:        return (0x3);
 664 
 665         /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
 666         case 12:        return (0xb);
 667         case 18:        return (0xf);
 668         case 24:        return (0xa);
 669         case 36:        return (0xe);
 670         case 48:        return (0x9);
 671         case 72:        return (0xd);
 672         case 96:        return (0x8);
 673         case 108:       return (0xc);
 674 
 675         /* unsupported rates (should not get there) */
 676         default:        return (0xff);
 677         }
 678 }
 679 
 680 static void
 681 rum_setup_tx_desc(struct rum_softc *sc, struct rum_tx_desc *desc,
 682     uint32_t flags, uint16_t xflags, int len, int rate)
 683 {
 684         struct ieee80211com *ic = &sc->sc_ic;
 685         uint16_t plcp_length;
 686         int remainder;
 687 
 688         desc->flags = LE_32(flags);
 689         desc->flags |= LE_32(RT2573_TX_VALID);
 690         desc->flags |= LE_32(len << 16);
 691 
 692         desc->xflags = LE_16(xflags);
 693 
 694         desc->wme = LE_16(RT2573_QID(0) | RT2573_AIFSN(2) |
 695             RT2573_LOGCWMIN(4) | RT2573_LOGCWMAX(10));
 696 
 697         /* setup PLCP fields */
 698         desc->plcp_signal  = rum_plcp_signal(rate);
 699         desc->plcp_service = 4;
 700 
 701         len += IEEE80211_CRC_LEN;
 702         if (RUM_RATE_IS_OFDM(rate)) {
 703                 desc->flags |= LE_32(RT2573_TX_OFDM);
 704 
 705                 plcp_length = len & 0xfff;
 706                 desc->plcp_length_hi = plcp_length >> 6;
 707                 desc->plcp_length_lo = plcp_length & 0x3f;
 708         } else {
 709                 plcp_length = (16 * len + rate - 1) / rate;
 710                 if (rate == 22) {
 711                         remainder = (16 * len) % 22;
 712                         if (remainder != 0 && remainder < 7)
 713                                 desc->plcp_service |= RT2573_PLCP_LENGEXT;
 714                 }
 715                 desc->plcp_length_hi = plcp_length >> 8;
 716                 desc->plcp_length_lo = plcp_length & 0xff;
 717 
 718                 if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
 719                         desc->plcp_signal |= 0x08;
 720         }
 721 }
 722 
 723 #define RUM_TX_TIMEOUT  5
 724 
 725 static int
 726 rum_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
 727 {
 728         struct rum_softc *sc = (struct rum_softc *)ic;
 729         struct rum_tx_desc *desc;
 730 
 731         struct ieee80211_frame *wh;
 732         struct ieee80211_key *k;
 733 
 734         uint16_t dur;
 735         uint32_t flags = 0;
 736         int rate, err = DDI_SUCCESS, rv;
 737 
 738         struct ieee80211_node *ni = NULL;
 739         mblk_t *m, *m0;
 740         int off, mblen, pktlen, xferlen;
 741 
 742         /* discard packets while suspending or not inited */
 743         if (!RAL_IS_RUNNING(sc)) {
 744                 freemsg(mp);
 745                 return (ENXIO);
 746         }
 747 
 748         mutex_enter(&sc->tx_lock);
 749 
 750         if (sc->tx_queued > RAL_TX_LIST_COUNT) {
 751                 ral_debug(RAL_DBG_TX, "rum_send(): "
 752                     "no TX buffer available!\n");
 753                 if ((type & IEEE80211_FC0_TYPE_MASK) ==
 754                     IEEE80211_FC0_TYPE_DATA) {
 755                         sc->sc_need_sched = 1;
 756                 }
 757                 sc->sc_tx_nobuf++;
 758                 err = ENOMEM;
 759                 goto fail;
 760         }
 761 
 762         m = allocb(RAL_TXBUF_SIZE + RT2573_TX_DESC_SIZE, BPRI_MED);
 763         if (m == NULL) {
 764                 ral_debug(RAL_DBG_ERR, "rum_send(): can't alloc mblk.\n");
 765                 err = DDI_FAILURE;
 766                 goto fail;
 767         }
 768 
 769         m->b_rptr += RT2573_TX_DESC_SIZE;    /* skip TX descriptor */
 770         m->b_wptr += RT2573_TX_DESC_SIZE;
 771 
 772         for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
 773                 mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
 774                 (void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
 775                 off += mblen;
 776         }
 777         m->b_wptr += off;
 778 
 779         wh = (struct ieee80211_frame *)m->b_rptr;
 780 
 781         ni = ieee80211_find_txnode(ic, wh->i_addr1);
 782         if (ni == NULL) {
 783                 err = DDI_FAILURE;
 784                 sc->sc_tx_err++;
 785                 freemsg(m);
 786                 goto fail;
 787         }
 788 
 789         if ((type & IEEE80211_FC0_TYPE_MASK) ==
 790             IEEE80211_FC0_TYPE_DATA) {
 791                 (void) ieee80211_encap(ic, m, ni);
 792         }
 793 
 794         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
 795                 k = ieee80211_crypto_encap(ic, m);
 796                 if (k == NULL) {
 797                         sc->sc_tx_err++;
 798                         err = DDI_FAILURE;
 799                         freemsg(m);
 800                         goto fail;
 801                 }
 802                 /* packet header may have moved, reset our local pointer */
 803                 wh = (struct ieee80211_frame *)m->b_rptr;
 804         }
 805 
 806         m->b_rptr -= RT2573_TX_DESC_SIZE;    /* restore */
 807         desc = (struct rum_tx_desc *)m->b_rptr;
 808 
 809         if ((type & IEEE80211_FC0_TYPE_MASK) ==
 810             IEEE80211_FC0_TYPE_DATA) {  /* DATA */
 811                 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
 812                         rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
 813                 else
 814                         rate = ni->in_rates.ir_rates[ni->in_txrate];
 815 
 816                 rate &= IEEE80211_RATE_VAL;
 817                 if (rate <= 0) {
 818                         rate = 2;       /* basic rate */
 819                 }
 820 
 821 
 822                 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 823                         flags |= RT2573_TX_NEED_ACK;
 824                         flags |= RT2573_TX_MORE_FRAG;
 825 
 826                         dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
 827                             ic->ic_flags) + sc->sifs;
 828                         *(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
 829                 }
 830         } else {        /* MGMT */
 831                 rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
 832 
 833                 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
 834                         flags |= RT2573_TX_NEED_ACK;
 835 
 836                         dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
 837                             ic->ic_flags) + sc->sifs;
 838                         *(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
 839 
 840                         /* tell hardware to add timestamp for probe responses */
 841                         if ((wh->i_fc[0] &
 842                             (IEEE80211_FC0_TYPE_MASK |
 843                             IEEE80211_FC0_SUBTYPE_MASK)) ==
 844                             (IEEE80211_FC0_TYPE_MGT |
 845                             IEEE80211_FC0_SUBTYPE_PROBE_RESP))
 846                                 flags |= RT2573_TX_TIMESTAMP;
 847                 }
 848         }
 849 
 850         pktlen = msgdsize(m) - RT2573_TX_DESC_SIZE;
 851         rum_setup_tx_desc(sc, desc, flags, 0, pktlen, rate);
 852 
 853         /* align end on a 4-bytes boundary */
 854         xferlen = (RT2573_TX_DESC_SIZE + pktlen + 3) & ~3;
 855 
 856         /*
 857          * No space left in the last URB to store the extra 4 bytes, force
 858          * sending of another URB.
 859          */
 860         if ((xferlen % 64) == 0)
 861                 xferlen += 4;
 862 
 863         m->b_wptr = m->b_rptr + xferlen;
 864 
 865         ral_debug(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
 866             pktlen, rate, xferlen);
 867 
 868         rv = rum_tx_trigger(sc, m);
 869 
 870         if (rv == 0) {
 871                 ic->ic_stats.is_tx_frags++;
 872                 ic->ic_stats.is_tx_bytes += pktlen;
 873         }
 874 
 875 fail:
 876         if (ni != NULL)
 877                 ieee80211_free_node(ni);
 878 
 879         if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
 880             err == 0) {
 881                 freemsg(mp);
 882         }
 883 
 884         mutex_exit(&sc->tx_lock);
 885 
 886         return (err);
 887 }
 888 
 889 static mblk_t *
 890 rum_m_tx(void *arg, mblk_t *mp)
 891 {
 892         struct rum_softc *sc = (struct rum_softc *)arg;
 893         struct ieee80211com *ic = &sc->sc_ic;
 894         mblk_t *next;
 895 
 896         /*
 897          * No data frames go out unless we're associated; this
 898          * should not happen as the 802.11 layer does not enable
 899          * the xmit queue until we enter the RUN state.
 900          */
 901         if (ic->ic_state != IEEE80211_S_RUN) {
 902                 ral_debug(RAL_DBG_ERR, "rum_m_tx(): "
 903                     "discard, state %u\n", ic->ic_state);
 904                 freemsgchain(mp);
 905                 return (NULL);
 906         }
 907 
 908         while (mp != NULL) {
 909                 next = mp->b_next;
 910                 mp->b_next = NULL;
 911                 if (rum_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
 912                         mp->b_next = next;
 913                         freemsgchain(mp);
 914                         return (NULL);
 915                 }
 916                 mp = next;
 917         }
 918         return (mp);
 919 }
 920 
 921 static void
 922 rum_bbp_write(struct rum_softc *sc, uint8_t reg, uint8_t val)
 923 {
 924         uint32_t tmp;
 925         int ntries;
 926 
 927         for (ntries = 0; ntries < 5; ntries++) {
 928                 if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
 929                         break;
 930         }
 931         if (ntries == 5) {
 932                 ral_debug(RAL_DBG_ERR,
 933                     "rum_bbp_write(): could not write to BBP\n");
 934                 return;
 935         }
 936 
 937         tmp = RT2573_BBP_BUSY | (reg & 0x7f) << 8 | val;
 938         rum_write(sc, RT2573_PHY_CSR3, tmp);
 939 }
 940 
 941 static uint8_t
 942 rum_bbp_read(struct rum_softc *sc, uint8_t reg)
 943 {
 944         uint32_t val;
 945         int ntries;
 946 
 947         for (ntries = 0; ntries < 5; ntries++) {
 948                 if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
 949                         break;
 950         }
 951         if (ntries == 5) {
 952                 ral_debug(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
 953                 return (0);
 954         }
 955 
 956         val = RT2573_BBP_BUSY | RT2573_BBP_READ | reg << 8;
 957         rum_write(sc, RT2573_PHY_CSR3, val);
 958 
 959         for (ntries = 0; ntries < 100; ntries++) {
 960                 val = rum_read(sc, RT2573_PHY_CSR3);
 961                 if (!(val & RT2573_BBP_BUSY))
 962                         return (val & 0xff);
 963                 drv_usecwait(1);
 964         }
 965 
 966         ral_debug(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
 967         return (0);
 968 }
 969 
 970 static void
 971 rum_rf_write(struct rum_softc *sc, uint8_t reg, uint32_t val)
 972 {
 973         uint32_t tmp;
 974         int ntries;
 975 
 976         for (ntries = 0; ntries < 5; ntries++) {
 977                 if (!(rum_read(sc, RT2573_PHY_CSR4) & RT2573_RF_BUSY))
 978                         break;
 979         }
 980         if (ntries == 5) {
 981                 ral_debug(RAL_DBG_ERR,
 982                     "rum_rf_write(): could not write to RF\n");
 983                 return;
 984         }
 985 
 986         tmp = RT2573_RF_BUSY | RT2573_RF_20BIT | (val & 0xfffff) << 2 |
 987             (reg & 3);
 988         rum_write(sc, RT2573_PHY_CSR4, tmp);
 989 
 990         /* remember last written value in sc */
 991         sc->rf_regs[reg] = val;
 992 
 993         ral_debug(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 3, val & 0xfffff);
 994 }
 995 
 996 static void
 997 rum_select_antenna(struct rum_softc *sc)
 998 {
 999         uint8_t bbp4, bbp77;
1000         uint32_t tmp;
1001 
1002         bbp4  = rum_bbp_read(sc, 4);
1003         bbp77 = rum_bbp_read(sc, 77);
1004 
1005         /* make sure Rx is disabled before switching antenna */
1006         tmp = rum_read(sc, RT2573_TXRX_CSR0);
1007         rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1008 
1009         rum_bbp_write(sc,  4, bbp4);
1010         rum_bbp_write(sc, 77, bbp77);
1011 
1012         rum_write(sc, RT2573_TXRX_CSR0, tmp);
1013 }
1014 
1015 /*
1016  * Enable multi-rate retries for frames sent at OFDM rates.
1017  * In 802.11b/g mode, allow fallback to CCK rates.
1018  */
1019 static void
1020 rum_enable_mrr(struct rum_softc *sc)
1021 {
1022         struct ieee80211com *ic = &sc->sc_ic;
1023         uint32_t tmp;
1024 
1025         tmp = rum_read(sc, RT2573_TXRX_CSR4);
1026 
1027         tmp &= ~RT2573_MRR_CCK_FALLBACK;
1028         if (!IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
1029                 tmp |= RT2573_MRR_CCK_FALLBACK;
1030         tmp |= RT2573_MRR_ENABLED;
1031 
1032         rum_write(sc, RT2573_TXRX_CSR4, tmp);
1033 }
1034 
1035 static void
1036 rum_set_txpreamble(struct rum_softc *sc)
1037 {
1038         uint32_t tmp;
1039 
1040         tmp = rum_read(sc, RT2573_TXRX_CSR4);
1041 
1042         tmp &= ~RT2573_SHORT_PREAMBLE;
1043         if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1044                 tmp |= RT2573_SHORT_PREAMBLE;
1045 
1046         rum_write(sc, RT2573_TXRX_CSR4, tmp);
1047 }
1048 
1049 static void
1050 rum_set_basicrates(struct rum_softc *sc)
1051 {
1052         struct ieee80211com *ic = &sc->sc_ic;
1053 
1054         /* update basic rate set */
1055         if (ic->ic_curmode == IEEE80211_MODE_11B) {
1056                 /* 11b basic rates: 1, 2Mbps */
1057                 rum_write(sc, RT2573_TXRX_CSR5, 0x3);
1058         } else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1059                 /* 11a basic rates: 6, 12, 24Mbps */
1060                 rum_write(sc, RT2573_TXRX_CSR5, 0x150);
1061         } else {
1062                 /* 11b/g basic rates: 1, 2, 5.5, 11Mbps */
1063                 rum_write(sc, RT2573_TXRX_CSR5, 0xf);
1064         }
1065 }
1066 
1067 /*
1068  * Reprogram MAC/BBP to switch to a new band.  Values taken from the reference
1069  * driver.
1070  */
1071 static void
1072 rum_select_band(struct rum_softc *sc, struct ieee80211_channel *c)
1073 {
1074         uint8_t bbp17, bbp35, bbp96, bbp97, bbp98, bbp104;
1075         uint32_t tmp;
1076 
1077         /* update all BBP registers that depend on the band */
1078         bbp17 = 0x20; bbp96 = 0x48; bbp104 = 0x2c;
1079         bbp35 = 0x50; bbp97 = 0x48; bbp98  = 0x48;
1080         if (IEEE80211_IS_CHAN_5GHZ(c)) {
1081                 bbp17 += 0x08; bbp96 += 0x10; bbp104 += 0x0c;
1082                 bbp35 += 0x10; bbp97 += 0x10; bbp98  += 0x10;
1083         }
1084         if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1085             (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1086                 bbp17 += 0x10; bbp96 += 0x10; bbp104 += 0x10;
1087         }
1088 
1089         sc->bbp17 = bbp17;
1090         rum_bbp_write(sc,  17, bbp17);
1091         rum_bbp_write(sc,  96, bbp96);
1092         rum_bbp_write(sc, 104, bbp104);
1093 
1094         if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1095             (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1096                 rum_bbp_write(sc, 75, 0x80);
1097                 rum_bbp_write(sc, 86, 0x80);
1098                 rum_bbp_write(sc, 88, 0x80);
1099         }
1100 
1101         rum_bbp_write(sc, 35, bbp35);
1102         rum_bbp_write(sc, 97, bbp97);
1103         rum_bbp_write(sc, 98, bbp98);
1104 
1105         tmp = rum_read(sc, RT2573_PHY_CSR0);
1106         tmp &= ~(RT2573_PA_PE_2GHZ | RT2573_PA_PE_5GHZ);
1107         if (IEEE80211_IS_CHAN_2GHZ(c))
1108                 tmp |= RT2573_PA_PE_2GHZ;
1109         else
1110                 tmp |= RT2573_PA_PE_5GHZ;
1111         rum_write(sc, RT2573_PHY_CSR0, tmp);
1112 
1113         /* 802.11a uses a 16 microseconds short interframe space */
1114         sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
1115 }
1116 
1117 static void
1118 rum_set_chan(struct rum_softc *sc, struct ieee80211_channel *c)
1119 {
1120         struct ieee80211com *ic = &sc->sc_ic;
1121         const struct rfprog *rfprog;
1122         uint8_t bbp3, bbp94 = RT2573_BBPR94_DEFAULT;
1123         int8_t power;
1124         uint_t i, chan;
1125 
1126         chan = ieee80211_chan2ieee(ic, c);
1127         if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1128                 return;
1129 
1130         /* select the appropriate RF settings based on what EEPROM says */
1131         rfprog = (sc->rf_rev == RT2573_RF_5225 ||
1132             sc->rf_rev == RT2573_RF_2527) ? rum_rf5225 : rum_rf5226;
1133 
1134         /* find the settings for this channel (we know it exists) */
1135         for (i = 0; rfprog[i].chan != chan; i++) {
1136         }
1137 
1138         power = sc->txpow[i];
1139         if (power < 0) {
1140                 bbp94 += power;
1141                 power = 0;
1142         } else if (power > 31) {
1143                 bbp94 += power - 31;
1144                 power = 31;
1145         }
1146 
1147         /*
1148          * If we are switching from the 2GHz band to the 5GHz band or
1149          * vice-versa, BBP registers need to be reprogrammed.
1150          */
1151         if (c->ich_flags != ic->ic_curchan->ich_flags) {
1152                 rum_select_band(sc, c);
1153                 rum_select_antenna(sc);
1154         }
1155         ic->ic_curchan = c;
1156 
1157         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1158         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1159         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1160         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1161 
1162         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1163         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1164         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7 | 1);
1165         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1166 
1167         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1168         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1169         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1170         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1171 
1172         drv_usecwait(10);
1173 
1174         /* enable smart mode for MIMO-capable RFs */
1175         bbp3 = rum_bbp_read(sc, 3);
1176 
1177         bbp3 &= ~RT2573_SMART_MODE;
1178         if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_2527)
1179                 bbp3 |= RT2573_SMART_MODE;
1180 
1181         rum_bbp_write(sc, 3, bbp3);
1182 
1183         if (bbp94 != RT2573_BBPR94_DEFAULT)
1184                 rum_bbp_write(sc, 94, bbp94);
1185 }
1186 
1187 /*
1188  * Enable TSF synchronization and tell h/w to start sending beacons for IBSS
1189  * and HostAP operating modes.
1190  */
1191 static void
1192 rum_enable_tsf_sync(struct rum_softc *sc)
1193 {
1194         struct ieee80211com *ic = &sc->sc_ic;
1195         uint32_t tmp;
1196 
1197         if (ic->ic_opmode != IEEE80211_M_STA) {
1198                 /*
1199                  * Change default 16ms TBTT adjustment to 8ms.
1200                  * Must be done before enabling beacon generation.
1201                  */
1202                 rum_write(sc, RT2573_TXRX_CSR10, 1 << 12 | 8);
1203         }
1204 
1205         tmp = rum_read(sc, RT2573_TXRX_CSR9) & 0xff000000;
1206 
1207         /* set beacon interval (in 1/16ms unit) */
1208         tmp |= ic->ic_bss->in_intval * 16;
1209 
1210         tmp |= RT2573_TSF_TICKING | RT2573_ENABLE_TBTT;
1211         if (ic->ic_opmode == IEEE80211_M_STA)
1212                 tmp |= RT2573_TSF_MODE(1);
1213         else
1214                 tmp |= RT2573_TSF_MODE(2) | RT2573_GENERATE_BEACON;
1215 
1216         rum_write(sc, RT2573_TXRX_CSR9, tmp);
1217 }
1218 
1219 /* ARGSUSED */
1220 static void
1221 rum_update_slot(struct ieee80211com *ic, int onoff)
1222 {
1223         struct rum_softc *sc = (struct rum_softc *)ic;
1224         uint8_t slottime;
1225         uint32_t tmp;
1226 
1227         slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1228 
1229         tmp = rum_read(sc, RT2573_MAC_CSR9);
1230         tmp = (tmp & ~0xff) | slottime;
1231         rum_write(sc, RT2573_MAC_CSR9, tmp);
1232 
1233         ral_debug(RAL_DBG_HW, "setting slot time to %uus\n", slottime);
1234 }
1235 
1236 static void
1237 rum_set_bssid(struct rum_softc *sc, const uint8_t *bssid)
1238 {
1239         uint32_t tmp;
1240 
1241         tmp = bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24;
1242         rum_write(sc, RT2573_MAC_CSR4, tmp);
1243 
1244         tmp = bssid[4] | bssid[5] << 8 | RT2573_ONE_BSSID << 16;
1245         rum_write(sc, RT2573_MAC_CSR5, tmp);
1246 }
1247 
1248 static void
1249 rum_set_macaddr(struct rum_softc *sc, const uint8_t *addr)
1250 {
1251         uint32_t tmp;
1252 
1253         tmp = addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24;
1254         rum_write(sc, RT2573_MAC_CSR2, tmp);
1255 
1256         tmp = addr[4] | addr[5] << 8 | 0xff << 16;
1257         rum_write(sc, RT2573_MAC_CSR3, tmp);
1258 
1259         ral_debug(RAL_DBG_HW,
1260             "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1261 }
1262 
1263 static void
1264 rum_update_promisc(struct rum_softc *sc)
1265 {
1266         uint32_t tmp;
1267 
1268         tmp = rum_read(sc, RT2573_TXRX_CSR0);
1269 
1270         tmp &= ~RT2573_DROP_NOT_TO_ME;
1271         if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1272                 tmp |= RT2573_DROP_NOT_TO_ME;
1273 
1274         rum_write(sc, RT2573_TXRX_CSR0, tmp);
1275 
1276         ral_debug(RAL_DBG_HW, "%s promiscuous mode\n",
1277             (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1278 }
1279 
1280 static const char *
1281 rum_get_rf(int rev)
1282 {
1283         switch (rev) {
1284         case RT2573_RF_2527:    return ("RT2527 (MIMO XR)");
1285         case RT2573_RF_2528:    return ("RT2528");
1286         case RT2573_RF_5225:    return ("RT5225 (MIMO XR)");
1287         case RT2573_RF_5226:    return ("RT5226");
1288         default:                return ("unknown");
1289         }
1290 }
1291 
1292 static void
1293 rum_read_eeprom(struct rum_softc *sc)
1294 {
1295         struct ieee80211com *ic = &sc->sc_ic;
1296         uint16_t val;
1297 
1298         /* read MAC address */
1299         rum_eeprom_read(sc, RT2573_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1300 
1301         rum_eeprom_read(sc, RT2573_EEPROM_ANTENNA, &val, 2);
1302         val = LE_16(val);
1303         sc->rf_rev =   (val >> 11) & 0x1f;
1304         sc->hw_radio = (val >> 10) & 0x1;
1305         sc->rx_ant =   (val >> 4)  & 0x3;
1306         sc->tx_ant =   (val >> 2)  & 0x3;
1307         sc->nb_ant =   val & 0x3;
1308 
1309         ral_debug(RAL_DBG_HW, "RF revision=%d\n", sc->rf_rev);
1310 
1311         rum_eeprom_read(sc, RT2573_EEPROM_CONFIG2, &val, 2);
1312         val = LE_16(val);
1313         sc->ext_5ghz_lna = (val >> 6) & 0x1;
1314         sc->ext_2ghz_lna = (val >> 4) & 0x1;
1315 
1316         ral_debug(RAL_DBG_HW, "External 2GHz LNA=%d\nExternal 5GHz LNA=%d\n",
1317             sc->ext_2ghz_lna, sc->ext_5ghz_lna);
1318 
1319         rum_eeprom_read(sc, RT2573_EEPROM_RSSI_2GHZ_OFFSET, &val, 2);
1320         val = LE_16(val);
1321         if ((val & 0xff) != 0xff)
1322                 sc->rssi_2ghz_corr = (int8_t)(val & 0xff);       /* signed */
1323 
1324         rum_eeprom_read(sc, RT2573_EEPROM_RSSI_5GHZ_OFFSET, &val, 2);
1325         val = LE_16(val);
1326         if ((val & 0xff) != 0xff)
1327                 sc->rssi_5ghz_corr = (int8_t)(val & 0xff);       /* signed */
1328 
1329         ral_debug(RAL_DBG_HW, "RSSI 2GHz corr=%d\nRSSI 5GHz corr=%d\n",
1330             sc->rssi_2ghz_corr, sc->rssi_5ghz_corr);
1331 
1332         rum_eeprom_read(sc, RT2573_EEPROM_FREQ_OFFSET, &val, 2);
1333         val = LE_16(val);
1334         if ((val & 0xff) != 0xff)
1335                 sc->rffreq = val & 0xff;
1336 
1337         ral_debug(RAL_DBG_HW, "RF freq=%d\n", sc->rffreq);
1338 
1339         /* read Tx power for all a/b/g channels */
1340         rum_eeprom_read(sc, RT2573_EEPROM_TXPOWER, sc->txpow, 14);
1341         /* default Tx power for 802.11a channels */
1342         (void) memset(sc->txpow + 14, 24, sizeof (sc->txpow) - 14);
1343 
1344         /* read default values for BBP registers */
1345         rum_eeprom_read(sc, RT2573_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1346 }
1347 
1348 static int
1349 rum_bbp_init(struct rum_softc *sc)
1350 {
1351         int i, ntries;
1352 
1353         /* wait for BBP to be ready */
1354         for (ntries = 0; ntries < 100; ntries++) {
1355                 const uint8_t val = rum_bbp_read(sc, 0);
1356                 if (val != 0 && val != 0xff)
1357                         break;
1358                 drv_usecwait(1000);
1359         }
1360         if (ntries == 100) {
1361                 ral_debug(RAL_DBG_ERR, "timeout waiting for BBP\n");
1362                 return (EIO);
1363         }
1364 
1365         /* initialize BBP registers to default values */
1366         for (i = 0; i < RUM_N(rum_def_bbp); i++)
1367                 rum_bbp_write(sc, rum_def_bbp[i].reg, rum_def_bbp[i].val);
1368 
1369         /* write vendor-specific BBP values (from EEPROM) */
1370         for (i = 0; i < 16; i++) {
1371                 if (sc->bbp_prom[i].reg == 0 || sc->bbp_prom[i].reg == 0xff)
1372                         continue;
1373                 rum_bbp_write(sc, sc->bbp_prom[i].reg, sc->bbp_prom[i].val);
1374         }
1375 
1376         return (0);
1377 }
1378 
1379 /*
1380  * This function is called periodically (every 200ms) during scanning to
1381  * switch from one channel to another.
1382  */
1383 static void
1384 rum_next_scan(void *arg)
1385 {
1386         struct rum_softc *sc = arg;
1387         struct ieee80211com *ic = &sc->sc_ic;
1388 
1389         if (ic->ic_state == IEEE80211_S_SCAN)
1390                 ieee80211_next_scan(ic);
1391 }
1392 
1393 static int
1394 rum_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1395 {
1396         struct rum_softc *sc = (struct rum_softc *)ic;
1397         enum ieee80211_state ostate;
1398         struct ieee80211_node *ni;
1399         int err;
1400         uint32_t tmp;
1401 
1402         RAL_LOCK(sc);
1403 
1404         ostate = ic->ic_state;
1405 
1406         if (sc->sc_scan_id != 0) {
1407                 (void) untimeout(sc->sc_scan_id);
1408                 sc->sc_scan_id = 0;
1409         }
1410 
1411         if (sc->sc_amrr_id != 0) {
1412                 (void) untimeout(sc->sc_amrr_id);
1413                 sc->sc_amrr_id = 0;
1414         }
1415 
1416         switch (nstate) {
1417         case IEEE80211_S_INIT:
1418                 if (ostate == IEEE80211_S_RUN) {
1419                         /* abort TSF synchronization */
1420                         tmp = rum_read(sc, RT2573_TXRX_CSR9);
1421                         rum_write(sc, RT2573_TXRX_CSR9, tmp & ~0x00ffffff);
1422                 }
1423                 break;
1424 
1425         case IEEE80211_S_SCAN:
1426                 rum_set_chan(sc, ic->ic_curchan);
1427                 sc->sc_scan_id = timeout(rum_next_scan, (void *)sc,
1428                     drv_usectohz(sc->dwelltime * 1000));
1429                 break;
1430 
1431         case IEEE80211_S_AUTH:
1432                 rum_set_chan(sc, ic->ic_curchan);
1433                 break;
1434 
1435         case IEEE80211_S_ASSOC:
1436                 rum_set_chan(sc, ic->ic_curchan);
1437                 break;
1438 
1439         case IEEE80211_S_RUN:
1440                 rum_set_chan(sc, ic->ic_curchan);
1441 
1442                 ni = ic->ic_bss;
1443 
1444                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1445                         rum_update_slot(ic, 1);
1446                         rum_enable_mrr(sc);
1447                         rum_set_txpreamble(sc);
1448                         rum_set_basicrates(sc);
1449                         rum_set_bssid(sc, ni->in_bssid);
1450                 }
1451 
1452                 if (ic->ic_opmode != IEEE80211_M_MONITOR)
1453                         rum_enable_tsf_sync(sc);
1454 
1455                 /* enable automatic rate adaptation in STA mode */
1456                 if (ic->ic_opmode == IEEE80211_M_STA &&
1457                     ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1458                         rum_amrr_start(sc, ni);
1459                 break;
1460         }
1461 
1462         RAL_UNLOCK(sc);
1463 
1464         err = sc->sc_newstate(ic, nstate, arg);
1465         /*
1466          * Finally, start any timers.
1467          */
1468         if (nstate == IEEE80211_S_RUN)
1469                 ieee80211_start_watchdog(ic, 1);
1470 
1471         return (err);
1472 }
1473 
1474 static void
1475 rum_close_pipes(struct rum_softc *sc)
1476 {
1477         usb_flags_t flags = USB_FLAGS_SLEEP;
1478 
1479         if (sc->sc_rx_pipeh != NULL) {
1480                 usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1481                 usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1482                 sc->sc_rx_pipeh = NULL;
1483         }
1484 
1485         if (sc->sc_tx_pipeh != NULL) {
1486                 usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1487                 usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1488                 sc->sc_tx_pipeh = NULL;
1489         }
1490 }
1491 
1492 static int
1493 rum_open_pipes(struct rum_softc *sc)
1494 {
1495         usb_ep_data_t *ep_node;
1496         usb_pipe_policy_t policy;
1497         int err;
1498 
1499         ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1500             USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1501 
1502         bzero(&policy, sizeof (usb_pipe_policy_t));
1503         policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1504 
1505         if ((err = usb_pipe_open(sc->sc_dev,
1506             &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1507             &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1508                 ral_debug(RAL_DBG_ERR,
1509                     "rum_open_pipes(): %x failed to open tx pipe\n", err);
1510                 goto fail;
1511         }
1512 
1513         ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1514             USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1515 
1516         bzero(&policy, sizeof (usb_pipe_policy_t));
1517         policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1518 
1519         if ((err = usb_pipe_open(sc->sc_dev,
1520             &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1521             &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1522                 ral_debug(RAL_DBG_ERR,
1523                     "rum_open_pipes(): %x failed to open rx pipe\n", err);
1524                 goto fail;
1525         }
1526 
1527         return (USB_SUCCESS);
1528 
1529 fail:
1530         if (sc->sc_rx_pipeh != NULL) {
1531                 usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1532                     USB_FLAGS_SLEEP, NULL, 0);
1533                 sc->sc_rx_pipeh = NULL;
1534         }
1535 
1536         if (sc->sc_tx_pipeh != NULL) {
1537                 usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1538                     USB_FLAGS_SLEEP, NULL, 0);
1539                 sc->sc_tx_pipeh = NULL;
1540         }
1541 
1542         return (USB_FAILURE);
1543 }
1544 
1545 static int
1546 rum_tx_trigger(struct rum_softc *sc, mblk_t *mp)
1547 {
1548         usb_bulk_req_t *req;
1549         int err;
1550 
1551         sc->sc_tx_timer = RUM_TX_TIMEOUT;
1552 
1553         req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1554         if (req == NULL) {
1555                 ral_debug(RAL_DBG_ERR,
1556                     "rum_tx_trigger(): failed to allocate req");
1557                 freemsg(mp);
1558                 return (-1);
1559         }
1560 
1561         req->bulk_len                = msgdsize(mp);
1562         req->bulk_data               = mp;
1563         req->bulk_client_private = (usb_opaque_t)sc;
1564         req->bulk_timeout    = RUM_TX_TIMEOUT;
1565         req->bulk_attributes = USB_ATTRS_AUTOCLEARING;
1566         req->bulk_cb         = rum_txeof;
1567         req->bulk_exc_cb     = rum_txeof;
1568         req->bulk_completion_reason = 0;
1569         req->bulk_cb_flags   = 0;
1570 
1571         if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1572             != USB_SUCCESS) {
1573 
1574                 ral_debug(RAL_DBG_ERR, "rum_tx_trigger(): "
1575                     "failed to do tx xfer, %d", err);
1576                 usb_free_bulk_req(req);
1577                 return (-1);
1578         }
1579 
1580         sc->tx_queued++;
1581 
1582         return (0);
1583 }
1584 
1585 static int
1586 rum_rx_trigger(struct rum_softc *sc)
1587 {
1588         usb_bulk_req_t *req;
1589         int err;
1590 
1591         req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1592         if (req == NULL) {
1593                 ral_debug(RAL_DBG_ERR,
1594                     "rum_rx_trigger(): failed to allocate req");
1595                 return (-1);
1596         }
1597 
1598         req->bulk_len                = RAL_RXBUF_SIZE;
1599         req->bulk_client_private = (usb_opaque_t)sc;
1600         req->bulk_timeout    = 0;
1601         req->bulk_attributes = USB_ATTRS_SHORT_XFER_OK
1602             | USB_ATTRS_AUTOCLEARING;
1603         req->bulk_cb         = rum_rxeof;
1604         req->bulk_exc_cb     = rum_rxeof;
1605         req->bulk_completion_reason = 0;
1606         req->bulk_cb_flags   = 0;
1607 
1608         err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1609 
1610         if (err != USB_SUCCESS) {
1611                 ral_debug(RAL_DBG_ERR, "rum_rx_trigger(): "
1612                     "failed to do rx xfer, %d", err);
1613                 usb_free_bulk_req(req);
1614 
1615                 return (-1);
1616         }
1617 
1618         mutex_enter(&sc->rx_lock);
1619         sc->rx_queued++;
1620         mutex_exit(&sc->rx_lock);
1621 
1622         return (0);
1623 }
1624 
1625 static void
1626 rum_init_tx_queue(struct rum_softc *sc)
1627 {
1628         sc->tx_queued = 0;
1629 }
1630 
1631 static int
1632 rum_init_rx_queue(struct rum_softc *sc)
1633 {
1634         int     i;
1635 
1636         sc->rx_queued = 0;
1637 
1638         for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1639                 if (rum_rx_trigger(sc) != 0) {
1640                         return (USB_FAILURE);
1641                 }
1642         }
1643 
1644         return (USB_SUCCESS);
1645 }
1646 
1647 static void
1648 rum_stop(struct rum_softc *sc)
1649 {
1650         struct ieee80211com *ic = &sc->sc_ic;
1651         uint32_t tmp;
1652 
1653         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1654         ieee80211_stop_watchdog(ic);    /* stop the watchdog */
1655 
1656         RAL_LOCK(sc);
1657 
1658         sc->sc_tx_timer = 0;
1659         sc->sc_flags &= ~RAL_FLAG_RUNNING;       /* STOP */
1660 
1661         /* disable Rx */
1662         tmp = rum_read(sc, RT2573_TXRX_CSR0);
1663         rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1664 
1665         /* reset ASIC */
1666         rum_write(sc, RT2573_MAC_CSR1, 3);
1667         rum_write(sc, RT2573_MAC_CSR1, 0);
1668 
1669         rum_close_pipes(sc);
1670 
1671         RAL_UNLOCK(sc);
1672 }
1673 
1674 static int
1675 rum_init(struct rum_softc *sc)
1676 {
1677         struct ieee80211com *ic = &sc->sc_ic;
1678         uint32_t tmp;
1679         int i, ntries;
1680 
1681         rum_stop(sc);
1682 
1683         /* initialize MAC registers to default values */
1684         for (i = 0; i < RUM_N(rum_def_mac); i++)
1685                 rum_write(sc, rum_def_mac[i].reg, rum_def_mac[i].val);
1686 
1687         /* set host ready */
1688         rum_write(sc, RT2573_MAC_CSR1, 3);
1689         rum_write(sc, RT2573_MAC_CSR1, 0);
1690 
1691         /* wait for BBP/RF to wakeup */
1692         for (ntries = 0; ntries < 1000; ntries++) {
1693                 if (rum_read(sc, RT2573_MAC_CSR12) & 8)
1694                         break;
1695                 rum_write(sc, RT2573_MAC_CSR12, 4);     /* force wakeup */
1696                 drv_usecwait(1000);
1697         }
1698         if (ntries == 1000) {
1699                 ral_debug(RAL_DBG_ERR,
1700                     "rum_init(): timeout waiting for BBP/RF to wakeup\n");
1701                 goto fail;
1702         }
1703 
1704         if (rum_bbp_init(sc) != 0)
1705                 goto fail;
1706 
1707         /* select default channel */
1708         rum_select_band(sc, ic->ic_curchan);
1709         rum_select_antenna(sc);
1710         rum_set_chan(sc, ic->ic_curchan);
1711 
1712         /* clear STA registers */
1713         rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1714 
1715         rum_set_macaddr(sc, ic->ic_macaddr);
1716 
1717         /* initialize ASIC */
1718         rum_write(sc, RT2573_MAC_CSR1, 4);
1719 
1720         if (rum_open_pipes(sc) != USB_SUCCESS) {
1721                 ral_debug(RAL_DBG_ERR, "rum_init(): "
1722                     "could not open pipes.\n");
1723                 goto fail;
1724         }
1725 
1726         rum_init_tx_queue(sc);
1727 
1728         if (rum_init_rx_queue(sc) != USB_SUCCESS)
1729                 goto fail;
1730 
1731         /* update Rx filter */
1732         tmp = rum_read(sc, RT2573_TXRX_CSR0) & 0xffff;
1733         tmp |= RT2573_DROP_PHY_ERROR | RT2573_DROP_CRC_ERROR;
1734         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1735                 tmp |= RT2573_DROP_CTL | RT2573_DROP_VER_ERROR |
1736                     RT2573_DROP_ACKCTS;
1737                 if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1738                         tmp |= RT2573_DROP_TODS;
1739                 if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1740                         tmp |= RT2573_DROP_NOT_TO_ME;
1741         }
1742 
1743         rum_write(sc, RT2573_TXRX_CSR0, tmp);
1744         sc->sc_flags |= RAL_FLAG_RUNNING;    /* RUNNING */
1745 
1746         return (DDI_SUCCESS);
1747 fail:
1748         rum_stop(sc);
1749         return (DDI_FAILURE);
1750 }
1751 
1752 static int
1753 rum_disconnect(dev_info_t *devinfo)
1754 {
1755         struct rum_softc *sc;
1756         struct ieee80211com *ic;
1757 
1758         /*
1759          * We can't call rum_stop() here, since the hardware is removed,
1760          * we can't access the register anymore.
1761          */
1762         sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1763         ASSERT(sc != NULL);
1764 
1765         if (!RAL_IS_RUNNING(sc))        /* different device or not inited */
1766                 return (DDI_SUCCESS);
1767 
1768         ic = &sc->sc_ic;
1769         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1770         ieee80211_stop_watchdog(ic);    /* stop the watchdog */
1771 
1772         RAL_LOCK(sc);
1773 
1774         sc->sc_tx_timer = 0;
1775         sc->sc_flags &= ~RAL_FLAG_RUNNING;       /* STOP */
1776 
1777         rum_close_pipes(sc);
1778 
1779         RAL_UNLOCK(sc);
1780 
1781         return (DDI_SUCCESS);
1782 }
1783 
1784 static int
1785 rum_reconnect(dev_info_t *devinfo)
1786 {
1787         struct rum_softc *sc;
1788         int err;
1789 
1790         sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1791         ASSERT(sc != NULL);
1792 
1793         /* check device changes after disconnect */
1794         if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1795             USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1796                 ral_debug(RAL_DBG_ERR, "different device connected\n");
1797                 return (DDI_FAILURE);
1798         }
1799 
1800         err = rum_load_microcode(sc);
1801         if (err != USB_SUCCESS) {
1802                 ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
1803                 goto fail;
1804         }
1805 
1806         err = rum_init(sc);
1807 fail:
1808         return (err);
1809 }
1810 
1811 static void
1812 rum_resume(struct rum_softc *sc)
1813 {
1814         int err;
1815 
1816         /* check device changes after suspend */
1817         if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1818             USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1819                 ral_debug(RAL_DBG_ERR, "no or different device connected\n");
1820                 return;
1821         }
1822 
1823         err = rum_load_microcode(sc);
1824         if (err != USB_SUCCESS) {
1825                 ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
1826                 return;
1827         }
1828 
1829         (void) rum_init(sc);
1830 }
1831 
1832 #define RUM_AMRR_MIN_SUCCESS_THRESHOLD  1
1833 #define RUM_AMRR_MAX_SUCCESS_THRESHOLD  10
1834 
1835 /*
1836  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1837  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1838  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1839  * INRIA Sophia - Projet Planete
1840  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1841  *
1842  * This algorithm is particularly well suited for rum since it does not
1843  * require per-frame retry statistics.  Note however that since h/w does
1844  * not provide per-frame stats, we can't do per-node rate adaptation and
1845  * thus automatic rate adaptation is only enabled in STA operating mode.
1846  */
1847 #define is_success(amrr)        \
1848         ((amrr)->retrycnt < (amrr)->txcnt / 10)
1849 #define is_failure(amrr)        \
1850         ((amrr)->retrycnt > (amrr)->txcnt / 3)
1851 #define is_enough(amrr)         \
1852         ((amrr)->txcnt > 10)
1853 #define is_min_rate(ni)         \
1854         ((ni)->in_txrate == 0)
1855 #define is_max_rate(ni)         \
1856         ((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1857 #define increase_rate(ni)       \
1858         ((ni)->in_txrate++)
1859 #define decrease_rate(ni)       \
1860         ((ni)->in_txrate--)
1861 #define reset_cnt(amrr) do {    \
1862         (amrr)->txcnt = (amrr)->retrycnt = 0;     \
1863         _NOTE(CONSTCOND)        \
1864 } while (/* CONSTCOND */0)
1865 
1866 static void
1867 rum_ratectl(struct rum_amrr *amrr, struct ieee80211_node *ni)
1868 {
1869         int need_change = 0;
1870 
1871         if (is_success(amrr) && is_enough(amrr)) {
1872                 amrr->success++;
1873                 if (amrr->success >= amrr->success_threshold &&
1874                     !is_max_rate(ni)) {
1875                         amrr->recovery = 1;
1876                         amrr->success = 0;
1877                         increase_rate(ni);
1878                         need_change = 1;
1879                 } else {
1880                         amrr->recovery = 0;
1881                 }
1882         } else if (is_failure(amrr)) {
1883                 amrr->success = 0;
1884                 if (!is_min_rate(ni)) {
1885                         if (amrr->recovery) {
1886                                 amrr->success_threshold *= 2;
1887                                 if (amrr->success_threshold >
1888                                     RUM_AMRR_MAX_SUCCESS_THRESHOLD)
1889                                         amrr->success_threshold =
1890                                             RUM_AMRR_MAX_SUCCESS_THRESHOLD;
1891                         } else {
1892                                 amrr->success_threshold =
1893                                     RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1894                         }
1895                         decrease_rate(ni);
1896                         need_change = 1;
1897                 }
1898                 amrr->recovery = 0;  /* original paper was incorrect */
1899         }
1900 
1901         if (is_enough(amrr) || need_change)
1902                 reset_cnt(amrr);
1903 }
1904 
1905 static void
1906 rum_amrr_timeout(void *arg)
1907 {
1908         struct rum_softc *sc = (struct rum_softc *)arg;
1909         struct rum_amrr *amrr = &sc->amrr;
1910 
1911         rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1912 
1913         /* count TX retry-fail as Tx errors */
1914         sc->sc_tx_err += LE_32(sc->sta[5]) >> 16;
1915         sc->sc_tx_retries += ((LE_32(sc->sta[4]) >> 16) +
1916             (LE_32(sc->sta[5]) & 0xffff));
1917 
1918         amrr->retrycnt =
1919             (LE_32(sc->sta[4]) >> 16) +                /* TX one-retry ok count */
1920             (LE_32(sc->sta[5]) & 0xffff) +       /* TX more-retry ok count */
1921             (LE_32(sc->sta[5]) >> 16);         /* TX retry-fail count */
1922 
1923         amrr->txcnt =
1924             amrr->retrycnt +
1925             (LE_32(sc->sta[4]) & 0xffff);        /* TX no-retry ok count */
1926 
1927         rum_ratectl(amrr, sc->sc_ic.ic_bss);
1928 
1929         sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1930             drv_usectohz(1000 * 1000)); /* 1 second */
1931 }
1932 
1933 static void
1934 rum_amrr_start(struct rum_softc *sc, struct ieee80211_node *ni)
1935 {
1936         struct rum_amrr *amrr = &sc->amrr;
1937         int i;
1938 
1939         /* clear statistic registers (STA_CSR0 to STA_CSR5) */
1940         rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1941 
1942         amrr->success = 0;
1943         amrr->recovery = 0;
1944         amrr->txcnt = amrr->retrycnt = 0;
1945         amrr->success_threshold = RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1946 
1947         /* set rate to some reasonable initial value */
1948         for (i = ni->in_rates.ir_nrates - 1;
1949             i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1950             i--) {
1951         }
1952 
1953         ni->in_txrate = i;
1954 
1955         sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1956             drv_usectohz(1000 * 1000)); /* 1 second */
1957 }
1958 
1959 void
1960 rum_watchdog(void *arg)
1961 {
1962         struct rum_softc *sc = arg;
1963         struct ieee80211com *ic = &sc->sc_ic;
1964         int ntimer = 0;
1965 
1966         RAL_LOCK(sc);
1967         ic->ic_watchdog_timer = 0;
1968 
1969         if (!RAL_IS_RUNNING(sc)) {
1970                 RAL_UNLOCK(sc);
1971                 return;
1972         }
1973 
1974         if (sc->sc_tx_timer > 0) {
1975                 if (--sc->sc_tx_timer == 0) {
1976                         ral_debug(RAL_DBG_ERR, "tx timer timeout\n");
1977                         RAL_UNLOCK(sc);
1978                         (void) rum_init(sc);
1979                         (void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1980                         return;
1981                 }
1982         }
1983 
1984         if (ic->ic_state == IEEE80211_S_RUN)
1985                 ntimer = 1;
1986 
1987         RAL_UNLOCK(sc);
1988 
1989         ieee80211_watchdog(ic);
1990 
1991         if (ntimer)
1992                 ieee80211_start_watchdog(ic, ntimer);
1993 }
1994 
1995 static int
1996 rum_m_start(void *arg)
1997 {
1998         struct rum_softc *sc = (struct rum_softc *)arg;
1999         int err;
2000 
2001         /*
2002          * initialize RT2501USB hardware
2003          */
2004         err = rum_init(sc);
2005         if (err != DDI_SUCCESS) {
2006                 ral_debug(RAL_DBG_ERR, "device configuration failed\n");
2007                 goto fail;
2008         }
2009         sc->sc_flags |= RAL_FLAG_RUNNING;    /* RUNNING */
2010         return (err);
2011 
2012 fail:
2013         rum_stop(sc);
2014         return (err);
2015 }
2016 
2017 static void
2018 rum_m_stop(void *arg)
2019 {
2020         struct rum_softc *sc = (struct rum_softc *)arg;
2021 
2022         (void) rum_stop(sc);
2023         sc->sc_flags &= ~RAL_FLAG_RUNNING;       /* STOP */
2024 }
2025 
2026 static int
2027 rum_m_unicst(void *arg, const uint8_t *macaddr)
2028 {
2029         struct rum_softc *sc = (struct rum_softc *)arg;
2030         struct ieee80211com *ic = &sc->sc_ic;
2031 
2032         ral_debug(RAL_DBG_MSG, "rum_m_unicst(): " MACSTR "\n",
2033             MAC2STR(macaddr));
2034 
2035         IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2036         (void) rum_set_macaddr(sc, (uint8_t *)macaddr);
2037         (void) rum_init(sc);
2038 
2039         return (0);
2040 }
2041 
2042 /*ARGSUSED*/
2043 static int
2044 rum_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2045 {
2046         return (0);
2047 }
2048 
2049 static int
2050 rum_m_promisc(void *arg, boolean_t on)
2051 {
2052         struct rum_softc *sc = (struct rum_softc *)arg;
2053 
2054         if (on) {
2055                 sc->sc_rcr |= RAL_RCR_PROMISC;
2056                 sc->sc_rcr |= RAL_RCR_MULTI;
2057         } else {
2058                 sc->sc_rcr &= ~RAL_RCR_PROMISC;
2059                 sc->sc_rcr &= ~RAL_RCR_MULTI;
2060         }
2061 
2062         rum_update_promisc(sc);
2063         return (0);
2064 }
2065 
2066 /*
2067  * callback functions for /get/set properties
2068  */
2069 static int
2070 rum_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2071     uint_t wldp_length, const void *wldp_buf)
2072 {
2073         struct rum_softc *sc = (struct rum_softc *)arg;
2074         struct ieee80211com *ic = &sc->sc_ic;
2075         int err;
2076 
2077         err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2078             wldp_length, wldp_buf);
2079         RAL_LOCK(sc);
2080         if (err == ENETRESET) {
2081                 if (RAL_IS_RUNNING(sc)) {
2082                         RAL_UNLOCK(sc);
2083                         (void) rum_init(sc);
2084                         (void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2085                         RAL_LOCK(sc);
2086                 }
2087                 err = 0;
2088         }
2089         RAL_UNLOCK(sc);
2090 
2091         return (err);
2092 }
2093 
2094 static int
2095 rum_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2096     uint_t wldp_length, void *wldp_buf)
2097 {
2098         struct rum_softc *sc = (struct rum_softc *)arg;
2099         int err;
2100 
2101         err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2102             wldp_length, wldp_buf);
2103 
2104         return (err);
2105 }
2106 
2107 static void
2108 rum_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2109     mac_prop_info_handle_t prh)
2110 {
2111         struct rum_softc *sc = (struct rum_softc *)arg;
2112 
2113         ieee80211_propinfo(&sc->sc_ic, pr_name, wldp_pr_num, prh);
2114 }
2115 
2116 static void
2117 rum_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2118 {
2119         struct rum_softc *sc = (struct rum_softc *)arg;
2120         struct ieee80211com *ic = &sc->sc_ic;
2121         int err;
2122 
2123         err = ieee80211_ioctl(ic, wq, mp);
2124         RAL_LOCK(sc);
2125         if (err == ENETRESET) {
2126                 if (RAL_IS_RUNNING(sc)) {
2127                         RAL_UNLOCK(sc);
2128                         (void) rum_init(sc);
2129                         (void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2130                         RAL_LOCK(sc);
2131                 }
2132         }
2133         RAL_UNLOCK(sc);
2134 }
2135 
2136 static int
2137 rum_m_stat(void *arg, uint_t stat, uint64_t *val)
2138 {
2139         struct rum_softc *sc  = (struct rum_softc *)arg;
2140         ieee80211com_t  *ic = &sc->sc_ic;
2141         ieee80211_node_t *ni;
2142         struct ieee80211_rateset *rs;
2143 
2144         RAL_LOCK(sc);
2145 
2146         ni = ic->ic_bss;
2147         rs = &ni->in_rates;
2148 
2149         switch (stat) {
2150         case MAC_STAT_IFSPEED:
2151                 *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2152                     (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2153                     : ic->ic_fixed_rate) * 500000ull;
2154                 break;
2155         case MAC_STAT_NOXMTBUF:
2156                 *val = sc->sc_tx_nobuf;
2157                 break;
2158         case MAC_STAT_NORCVBUF:
2159                 *val = sc->sc_rx_nobuf;
2160                 break;
2161         case MAC_STAT_IERRORS:
2162                 *val = sc->sc_rx_err;
2163                 break;
2164         case MAC_STAT_RBYTES:
2165                 *val = ic->ic_stats.is_rx_bytes;
2166                 break;
2167         case MAC_STAT_IPACKETS:
2168                 *val = ic->ic_stats.is_rx_frags;
2169                 break;
2170         case MAC_STAT_OBYTES:
2171                 *val = ic->ic_stats.is_tx_bytes;
2172                 break;
2173         case MAC_STAT_OPACKETS:
2174                 *val = ic->ic_stats.is_tx_frags;
2175                 break;
2176         case MAC_STAT_OERRORS:
2177         case WIFI_STAT_TX_FAILED:
2178                 *val = sc->sc_tx_err;
2179                 break;
2180         case WIFI_STAT_TX_RETRANS:
2181                 *val = sc->sc_tx_retries;
2182                 break;
2183         case WIFI_STAT_FCS_ERRORS:
2184         case WIFI_STAT_WEP_ERRORS:
2185         case WIFI_STAT_TX_FRAGS:
2186         case WIFI_STAT_MCAST_TX:
2187         case WIFI_STAT_RTS_SUCCESS:
2188         case WIFI_STAT_RTS_FAILURE:
2189         case WIFI_STAT_ACK_FAILURE:
2190         case WIFI_STAT_RX_FRAGS:
2191         case WIFI_STAT_MCAST_RX:
2192         case WIFI_STAT_RX_DUPS:
2193                 RAL_UNLOCK(sc);
2194                 return (ieee80211_stat(ic, stat, val));
2195         default:
2196                 RAL_UNLOCK(sc);
2197                 return (ENOTSUP);
2198         }
2199         RAL_UNLOCK(sc);
2200 
2201         return (0);
2202 }
2203 
2204 static int
2205 rum_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2206 {
2207         struct rum_softc *sc;
2208         struct ieee80211com *ic;
2209         int err, i, ntries;
2210         uint32_t tmp;
2211         int instance;
2212 
2213         char strbuf[32];
2214 
2215         wifi_data_t wd = { 0 };
2216         mac_register_t *macp;
2217 
2218         switch (cmd) {
2219         case DDI_ATTACH:
2220                 break;
2221         case DDI_RESUME:
2222                 sc = ddi_get_soft_state(rum_soft_state_p,
2223                     ddi_get_instance(devinfo));
2224                 ASSERT(sc != NULL);
2225                 rum_resume(sc);
2226                 return (DDI_SUCCESS);
2227         default:
2228                 return (DDI_FAILURE);
2229         }
2230 
2231         instance = ddi_get_instance(devinfo);
2232 
2233         if (ddi_soft_state_zalloc(rum_soft_state_p, instance) != DDI_SUCCESS) {
2234                 ral_debug(RAL_DBG_MSG, "rum_attach(): "
2235                     "unable to alloc soft_state_p\n");
2236                 return (DDI_FAILURE);
2237         }
2238 
2239         sc = ddi_get_soft_state(rum_soft_state_p, instance);
2240         ic = (ieee80211com_t *)&sc->sc_ic;
2241         sc->sc_dev = devinfo;
2242 
2243         if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2244                 ral_debug(RAL_DBG_ERR,
2245                     "rum_attach(): usb_client_attach failed\n");
2246                 goto fail1;
2247         }
2248 
2249         if (usb_get_dev_data(devinfo, &sc->sc_udev,
2250             USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2251                 sc->sc_udev = NULL;
2252                 goto fail2;
2253         }
2254 
2255         mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2256         mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2257         mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2258 
2259         /* retrieve RT2573 rev. no */
2260         for (ntries = 0; ntries < 1000; ntries++) {
2261                 if ((tmp = rum_read(sc, RT2573_MAC_CSR0)) != 0)
2262                         break;
2263                 drv_usecwait(1000);
2264         }
2265         if (ntries == 1000) {
2266                 ral_debug(RAL_DBG_ERR,
2267                     "rum_attach(): timeout waiting for chip to settle\n");
2268                 goto fail3;
2269         }
2270 
2271         /* retrieve MAC address and various other things from EEPROM */
2272         rum_read_eeprom(sc);
2273 
2274         ral_debug(RAL_DBG_MSG, "rum: MAC/BBP RT2573 (rev 0x%05x), RF %s\n",
2275             tmp, rum_get_rf(sc->rf_rev));
2276 
2277         err = rum_load_microcode(sc);
2278         if (err != USB_SUCCESS) {
2279                 ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
2280                 goto fail3;
2281         }
2282 
2283         ic->ic_phytype = IEEE80211_T_OFDM;   /* not only, but not used */
2284         ic->ic_opmode = IEEE80211_M_STA;     /* default to BSS mode */
2285         ic->ic_state = IEEE80211_S_INIT;
2286 
2287         ic->ic_maxrssi = 63;
2288         ic->ic_set_shortslot = rum_update_slot;
2289         ic->ic_xmit = rum_send;
2290 
2291         /* set device capabilities */
2292         ic->ic_caps =
2293             IEEE80211_C_TXPMGT |        /* tx power management */
2294             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
2295             IEEE80211_C_SHSLOT;         /* short slot time supported */
2296 
2297         ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2298 
2299 #define IEEE80211_CHAN_A        \
2300         (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2301 
2302         if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_5226) {
2303                 /* set supported .11a rates */
2304                 ic->ic_sup_rates[IEEE80211_MODE_11A] = rum_rateset_11a;
2305 
2306                 /* set supported .11a channels */
2307                 for (i = 34; i <= 46; i += 4) {
2308                         ic->ic_sup_channels[i].ich_freq =
2309                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2310                         ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2311                 }
2312                 for (i = 36; i <= 64; i += 4) {
2313                         ic->ic_sup_channels[i].ich_freq =
2314                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2315                         ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2316                 }
2317                 for (i = 100; i <= 140; i += 4) {
2318                         ic->ic_sup_channels[i].ich_freq =
2319                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2320                         ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2321                 }
2322                 for (i = 149; i <= 165; i += 4) {
2323                         ic->ic_sup_channels[i].ich_freq =
2324                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2325                         ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2326                 }
2327         }
2328 
2329         /* set supported .11b and .11g rates */
2330         ic->ic_sup_rates[IEEE80211_MODE_11B] = rum_rateset_11b;
2331         ic->ic_sup_rates[IEEE80211_MODE_11G] = rum_rateset_11g;
2332 
2333         /* set supported .11b and .11g channels (1 through 14) */
2334         for (i = 1; i <= 14; i++) {
2335                 ic->ic_sup_channels[i].ich_freq =
2336                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2337                 ic->ic_sup_channels[i].ich_flags =
2338                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2339                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2340         }
2341 
2342         ieee80211_attach(ic);
2343 
2344         /* register WPA door */
2345         ieee80211_register_door(ic, ddi_driver_name(devinfo),
2346             ddi_get_instance(devinfo));
2347 
2348         /* override state transition machine */
2349         sc->sc_newstate = ic->ic_newstate;
2350         ic->ic_newstate = rum_newstate;
2351         ic->ic_watchdog = rum_watchdog;
2352         ieee80211_media_init(ic);
2353         ic->ic_def_txkey = 0;
2354 
2355         sc->sc_rcr = 0;
2356         sc->dwelltime = 300;
2357         sc->sc_flags = 0;
2358 
2359         /*
2360          * Provide initial settings for the WiFi plugin; whenever this
2361          * information changes, we need to call mac_plugindata_update()
2362          */
2363         wd.wd_opmode = ic->ic_opmode;
2364         wd.wd_secalloc = WIFI_SEC_NONE;
2365         IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2366 
2367         if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2368                 ral_debug(RAL_DBG_ERR, "rum_attach(): "
2369                     "MAC version mismatch\n");
2370                 goto fail3;
2371         }
2372 
2373         macp->m_type_ident   = MAC_PLUGIN_IDENT_WIFI;
2374         macp->m_driver               = sc;
2375         macp->m_dip          = devinfo;
2376         macp->m_src_addr     = ic->ic_macaddr;
2377         macp->m_callbacks    = &rum_m_callbacks;
2378         macp->m_min_sdu              = 0;
2379         macp->m_max_sdu              = IEEE80211_MTU;
2380         macp->m_pdata                = &wd;
2381         macp->m_pdata_size   = sizeof (wd);
2382 
2383         err = mac_register(macp, &ic->ic_mach);
2384         mac_free(macp);
2385         if (err != 0) {
2386                 ral_debug(RAL_DBG_ERR, "rum_attach(): "
2387                     "mac_register() err %x\n", err);
2388                 goto fail3;
2389         }
2390 
2391         if (usb_register_hotplug_cbs(devinfo, rum_disconnect,
2392             rum_reconnect) != USB_SUCCESS) {
2393                 ral_debug(RAL_DBG_ERR,
2394                     "rum_attach() failed to register events");
2395                 goto fail4;
2396         }
2397 
2398         /*
2399          * Create minor node of type DDI_NT_NET_WIFI
2400          */
2401         (void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2402             "rum", instance);
2403         err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2404             instance + 1, DDI_NT_NET_WIFI, 0);
2405 
2406         if (err != DDI_SUCCESS)
2407                 ral_debug(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2408 
2409         /*
2410          * Notify link is down now
2411          */
2412         mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2413         return (DDI_SUCCESS);
2414 
2415 fail4:
2416         (void) mac_unregister(ic->ic_mach);
2417 fail3:
2418         mutex_destroy(&sc->sc_genlock);
2419         mutex_destroy(&sc->tx_lock);
2420         mutex_destroy(&sc->rx_lock);
2421 fail2:
2422         usb_client_detach(sc->sc_dev, sc->sc_udev);
2423 fail1:
2424         ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2425 
2426         return (DDI_FAILURE);
2427 }
2428 
2429 static int
2430 rum_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2431 {
2432         struct rum_softc *sc;
2433 
2434         sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
2435         ASSERT(sc != NULL);
2436 
2437         switch (cmd) {
2438         case DDI_DETACH:
2439                 break;
2440         case DDI_SUSPEND:
2441                 if (RAL_IS_RUNNING(sc))
2442                         (void) rum_stop(sc);
2443                 return (DDI_SUCCESS);
2444         default:
2445                 return (DDI_FAILURE);
2446         }
2447 
2448         rum_stop(sc);
2449         usb_unregister_hotplug_cbs(devinfo);
2450 
2451         /*
2452          * Unregister from the MAC layer subsystem
2453          */
2454         if (mac_unregister(sc->sc_ic.ic_mach) != 0)
2455                 return (DDI_FAILURE);
2456 
2457         /*
2458          * detach ieee80211 layer
2459          */
2460         ieee80211_detach(&sc->sc_ic);
2461 
2462         mutex_destroy(&sc->sc_genlock);
2463         mutex_destroy(&sc->tx_lock);
2464         mutex_destroy(&sc->rx_lock);
2465 
2466         /* pipes will be closed in rum_stop() */
2467         usb_client_detach(devinfo, sc->sc_udev);
2468         sc->sc_udev = NULL;
2469 
2470         ddi_remove_minor_node(devinfo, NULL);
2471         ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2472 
2473         return (DDI_SUCCESS);
2474 }
2475 
2476 int
2477 _info(struct modinfo *modinfop)
2478 {
2479         return (mod_info(&modlinkage, modinfop));
2480 }
2481 
2482 int
2483 _init(void)
2484 {
2485         int status;
2486 
2487         status = ddi_soft_state_init(&rum_soft_state_p,
2488             sizeof (struct rum_softc), 1);
2489         if (status != 0)
2490                 return (status);
2491 
2492         mac_init_ops(&rum_dev_ops, "rum");
2493         status = mod_install(&modlinkage);
2494         if (status != 0) {
2495                 mac_fini_ops(&rum_dev_ops);
2496                 ddi_soft_state_fini(&rum_soft_state_p);
2497         }
2498         return (status);
2499 }
2500 
2501 int
2502 _fini(void)
2503 {
2504         int status;
2505 
2506         status = mod_remove(&modlinkage);
2507         if (status == 0) {
2508                 mac_fini_ops(&rum_dev_ops);
2509                 ddi_soft_state_fini(&rum_soft_state_p);
2510         }
2511         return (status);
2512 }