xref: /freebsd/sys/compat/linuxkpi/common/src/linux_80211.c (revision 33acf0f26b490ea4887d820a3f45c56e3913a17d) 
1 /*-
2  * Copyright (c) 2020-2026 The FreeBSD Foundation
3  * Copyright (c) 2020-2025 Bjoern A. Zeeb
4  *
5  * This software was developed by Björn Zeeb under sponsorship from
6  * the FreeBSD Foundation.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 /*
31  * Public functions are called linuxkpi_*().
32  * Internal (static) functions are called lkpi_*().
33  *
34  * The internal structures holding metadata over public structures are also
35  * called lkpi_xxx (usually with a member at the end called xxx).
36  * Note: we do not replicate the structure names but the general variable names
37  * for these (e.g., struct hw -> struct lkpi_hw, struct sta -> struct lkpi_sta).
38  * There are macros to access one from the other.
39  * We call the internal versions lxxx (e.g., hw -> lhw, sta -> lsta).
40  */
41 
42 /*
43  * TODO:
44  * - lots :)
45  * - HW_CRYPTO: we need a "keystore" and an ordered list for suspend/resume.
46  */
47 
48 #include <sys/param.h>
49 #include <sys/types.h>
50 #include <sys/kernel.h>
51 #include <sys/errno.h>
52 #include <sys/malloc.h>
53 #include <sys/module.h>
54 #include <sys/mutex.h>
55 #include <sys/sbuf.h>
56 #include <sys/socket.h>
57 #include <sys/sysctl.h>
58 #include <sys/queue.h>
59 #include <sys/taskqueue.h>
60 #include <sys/libkern.h>
61 
62 #include <net/if.h>
63 #include <net/if_var.h>
64 #include <net/if_media.h>
65 #include <net/ethernet.h>
66 
67 #include <net80211/ieee80211_var.h>
68 #include <net80211/ieee80211_proto.h>
69 #include <net80211/ieee80211_ratectl.h>
70 #include <net80211/ieee80211_radiotap.h>
71 #include <net80211/ieee80211_vht.h>
72 
73 #define	LINUXKPI_NET80211
74 #include <net/mac80211.h>
75 
76 #include <linux/workqueue.h>
77 #include <linux/rculist.h>
78 #include "linux_80211.h"
79 
80 /* #define	LKPI_80211_USE_SCANLIST */
81 /* #define	LKPI_80211_BGSCAN */
82 #define	LKPI_80211_WME
83 #define	LKPI_80211_HW_CRYPTO
84 #define	LKPI_80211_HT
85 #define	LKPI_80211_VHT
86 
87 #if defined(LKPI_80211_VHT) && !defined(LKPI_80211_HT)
88 #define	LKPI_80211_HT
89 #endif
90 #if defined(LKPI_80211_HT) && !defined(LKPI_80211_HW_CRYPTO)
91 #define	LKPI_80211_HW_CRYPTO
92 #endif
93 
94 static MALLOC_DEFINE(M_LKPI80211, "lkpi80211", "LinuxKPI 80211 compat");
95 
96 /* XXX-BZ really want this and others in queue.h */
97 #define	TAILQ_ELEM_INIT(elm, field) do {				\
98 	(elm)->field.tqe_next = NULL;					\
99 	(elm)->field.tqe_prev = NULL;					\
100 } while (0)
101 
102 /* -------------------------------------------------------------------------- */
103 
104 SYSCTL_DECL(_compat_linuxkpi);
105 SYSCTL_NODE(_compat_linuxkpi, OID_AUTO, 80211, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
106     "LinuxKPI 802.11 compatibility layer");
107 
108 static int lkpi_suspend_type = 1;
109 SYSCTL_INT(_compat_linuxkpi_80211, OID_AUTO, suspend_type, CTLFLAG_RW,
110     &lkpi_suspend_type, 0,
111     "LinuxKPI 802.11 suspend type bitmask (0=off, 1=net80211, 2=wowlan");
112 
113 static bool lkpi_order_scanlist = false;
114 SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, order_scanlist, CTLFLAG_RW,
115     &lkpi_order_scanlist, 0, "Enable LinuxKPI 802.11 scan list shuffeling");
116 
117 #if defined(LKPI_80211_HW_CRYPTO)
118 static bool lkpi_hwcrypto = false;
119 SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, hw_crypto, CTLFLAG_RDTUN,
120     &lkpi_hwcrypto, 0, "Enable LinuxKPI 802.11 hardware crypto offload");
121 
122 static bool lkpi_hwcrypto_tkip = false;
123 SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, tkip, CTLFLAG_RDTUN,
124     &lkpi_hwcrypto_tkip, 0, "Enable LinuxKPI 802.11 TKIP crypto offload");
125 #endif
126 
127 /* Keep public for as long as header files are using it too. */
128 int linuxkpi_debug_80211;
129 
130 #ifdef LINUXKPI_DEBUG_80211
131 SYSCTL_INT(_compat_linuxkpi_80211, OID_AUTO, debug, CTLFLAG_RWTUN,
132     &linuxkpi_debug_80211, 0, "LinuxKPI 802.11 debug level");
133 
134 #define	UNIMPLEMENTED		if (linuxkpi_debug_80211 & D80211_TODO)		\
135     printf("XXX-TODO %s:%d: UNIMPLEMENTED\n", __func__, __LINE__)
136 #define	TRACEOK(_fmt, ...)	if (linuxkpi_debug_80211 & D80211_TRACEOK)	\
137     printf("%s:%d: TRACEPOINT " _fmt "\n", __func__, __LINE__, ##__VA_ARGS__)
138 #else
139 #define	UNIMPLEMENTED		do { } while (0)
140 #define	TRACEOK(...)		do { } while (0)
141 #endif
142 
143 /* #define	PREP_TX_INFO_DURATION	(IEEE80211_TRANS_WAIT * 1000) */
144 #ifndef PREP_TX_INFO_DURATION
145 #define	PREP_TX_INFO_DURATION	0 /* Let the driver do its thing. */
146 #endif
147 
148 /* This is DSAP | SSAP | CTRL | ProtoID/OrgCode{3}. */
149 const uint8_t rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
150 
151 /* IEEE 802.11-05/0257r1 */
152 const uint8_t bridge_tunnel_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
153 
154 /* IEEE 802.11e Table 20i-UP-to-AC mappings. */
155 static const uint8_t ieee80211e_up_to_ac[] = {
156 	IEEE80211_AC_BE,
157 	IEEE80211_AC_BK,
158 	IEEE80211_AC_BK,
159 	IEEE80211_AC_BE,
160 	IEEE80211_AC_VI,
161 	IEEE80211_AC_VI,
162 	IEEE80211_AC_VO,
163 	IEEE80211_AC_VO,
164 #if 0
165 	IEEE80211_AC_VO, /* We treat MGMT as TID 8, which is set as AC_VO */
166 #endif
167 };
168 
169 const struct cfg80211_ops linuxkpi_mac80211cfgops = {
170 	/*
171 	 * XXX TODO need a "glue layer" to link cfg80211 ops to
172 	 * mac80211 and to the driver or net80211.
173 	 * Can we pass some on 1:1? Need to compare the (*f)().
174 	 */
175 };
176 
177 #if 0
178 static struct lkpi_sta *lkpi_find_lsta_by_ni(struct lkpi_vif *,
179     struct ieee80211_node *);
180 #endif
181 static void lkpi_sw_scan_task(void *, int);
182 static void lkpi_80211_txq_tx_one(struct lkpi_sta *, struct mbuf *);
183 static void lkpi_80211_txq_task(void *, int);
184 static void lkpi_80211_lhw_rxq_task(void *, int);
185 static void lkpi_ieee80211_free_skb_mbuf(void *);
186 #ifdef LKPI_80211_WME
187 static int lkpi_wme_update(struct lkpi_hw *, struct ieee80211vap *, bool);
188 #endif
189 static int lkpi_80211_update_chandef(struct ieee80211_hw *,
190     struct ieee80211_chanctx_conf *);
191 static void lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *);
192 
193 static const char *
194 lkpi_rate_info_bw_to_str(enum rate_info_bw bw)
195 {
196 
197 	switch (bw) {
198 
199         case RATE_INFO_BW_20:
200 		return ("20");
201 		break;
202         case RATE_INFO_BW_5:
203 		return ("5");
204 		break;
205         case RATE_INFO_BW_10:
206 		return ("10");
207 		break;
208         case RATE_INFO_BW_40:
209 		return ("40");
210 		break;
211         case RATE_INFO_BW_80:
212 		return ("80");
213 		break;
214         case RATE_INFO_BW_160:
215 		return ("160");
216 		break;
217         case RATE_INFO_BW_HE_RU:
218 		IMPROVE("nl80211_he_ru_alloc");
219 		return ("HE_RU");
220 		break;
221         case RATE_INFO_BW_320:
222 		return ("320");
223 		break;
224         case RATE_INFO_BW_EHT_RU:
225 		IMPROVE("nl80211_eht_ru_alloc");
226 		return ("EHT_RU");
227 		break;
228 	default:
229 		return ("?");
230 		break;
231 	}
232 }
233 
234 static void
235 lkpi_nl80211_sta_info_to_str(struct sbuf *s, const char *prefix,
236     const uint64_t flags)
237 {
238 	int bit, i;
239 
240 	sbuf_printf(s, "%s %#010jx", prefix, flags);
241 
242 	i = 0;
243 	for (bit = 0; bit < BITS_PER_TYPE(flags); bit++) {
244 
245 		if ((flags & BIT_ULL(bit)) == 0)
246 			continue;
247 
248 #define	EXPAND_CASE(_flag)						\
249 	case NL80211_STA_INFO_ ## _flag:				\
250 		sbuf_printf(s, "%c%s", (i == 0) ? '<' : ',', #_flag);	\
251 		i++;							\
252 		break;
253 
254 		switch (bit) {
255 		EXPAND_CASE(BEACON_RX)
256 		EXPAND_CASE(BEACON_SIGNAL_AVG)
257 		EXPAND_CASE(BSS_PARAM)
258 		EXPAND_CASE(CHAIN_SIGNAL)
259 		EXPAND_CASE(CHAIN_SIGNAL_AVG)
260 		EXPAND_CASE(CONNECTED_TIME)
261 		EXPAND_CASE(INACTIVE_TIME)
262 		EXPAND_CASE(SIGNAL)
263 		EXPAND_CASE(SIGNAL_AVG)
264 		EXPAND_CASE(STA_FLAGS)
265 		EXPAND_CASE(RX_BITRATE)
266 		EXPAND_CASE(RX_PACKETS)
267 		EXPAND_CASE(RX_BYTES)
268 		EXPAND_CASE(RX_DROP_MISC)
269 		EXPAND_CASE(TX_BITRATE)
270 		EXPAND_CASE(TX_PACKETS)
271 		EXPAND_CASE(TX_BYTES)
272 		EXPAND_CASE(TX_BYTES64)
273 		EXPAND_CASE(RX_BYTES64)
274 		EXPAND_CASE(TX_FAILED)
275 		EXPAND_CASE(TX_RETRIES)
276 		EXPAND_CASE(RX_DURATION)
277 		EXPAND_CASE(TX_DURATION)
278 		EXPAND_CASE(ACK_SIGNAL)
279 		EXPAND_CASE(ACK_SIGNAL_AVG)
280 		default:
281 			sbuf_printf(s, "%c?%d", (i == 0) ? '<' : ',', bit);
282 			break;
283 		}
284 	}
285 #undef	EXPAND_CASE
286 	if (i > 0)
287 		sbuf_printf(s, ">");
288 	sbuf_printf(s, "\n");
289 }
290 
291 static void
292 lkpi_80211_dump_lvif_stas(struct lkpi_vif *lvif, struct sbuf *s, bool dump_queues)
293 {
294 	struct lkpi_hw *lhw;
295 	struct ieee80211_hw *hw;
296 	struct ieee80211vap *vap;
297 	struct ieee80211_vif *vif;
298 	struct lkpi_sta *lsta;
299 	struct ieee80211_sta *sta;
300 	struct station_info sinfo;
301 	int error;
302 	uint8_t tid;
303 
304 	vif = LVIF_TO_VIF(lvif);
305 	vap = LVIF_TO_VAP(lvif);
306 	lhw = vap->iv_ic->ic_softc;
307 	hw = LHW_TO_HW(lhw);
308 
309 	wiphy_lock(hw->wiphy);
310 	list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
311 		sta = LSTA_TO_STA(lsta);
312 
313 		sbuf_putc(s, '\n');
314 		sbuf_printf(s, "lsta %p sta %p added_to_drv %d\n", lsta, sta, lsta->added_to_drv);
315 
316 		memset(&sinfo, 0, sizeof(sinfo));
317 		error = lkpi_80211_mo_sta_statistics(hw, vif, sta, &sinfo);
318 		if (error == EEXIST)	/* Not added to driver. */
319 			continue;
320 		if (error == ENOTSUPP) {
321 			sbuf_printf(s, " sta_statistics not supported\n");
322 			continue;
323 		}
324 		if (error != 0) {
325 			sbuf_printf(s, " sta_statistics failed: %d\n", error);
326 			continue;
327 		}
328 
329 		/* If no RX_BITRATE is reported, try to fill it in from the lsta sinfo. */
330 		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) == 0 &&
331 		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) != 0) {
332 			memcpy(&sinfo.rxrate, &lsta->sinfo.rxrate, sizeof(sinfo.rxrate));
333 			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
334 		}
335 		/* If no CHAIN_SIGNAL is reported,  try to fill it in from the lsta sinfo. */
336 		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) == 0 &&
337 		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) != 0) {
338 			sinfo.chains = lsta->sinfo.chains;
339 			memcpy(sinfo.chain_signal, lsta->sinfo.chain_signal,
340 			    sizeof(sinfo.chain_signal));
341 			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
342 		}
343 
344 		lkpi_nl80211_sta_info_to_str(s, " nl80211_sta_info (valid fields)", sinfo.filled);
345 		sbuf_printf(s, " connected_time %u inactive_time %u\n",
346 		    sinfo.connected_time, sinfo.inactive_time);
347 		sbuf_printf(s, " rx_bytes %ju rx_packets %u rx_dropped_misc %u\n",
348 		    (uintmax_t)sinfo.rx_bytes, sinfo.rx_packets, sinfo.rx_dropped_misc);
349 		sbuf_printf(s, " rx_duration %ju rx_beacon %u rx_beacon_signal_avg %d\n",
350 		    (uintmax_t)sinfo.rx_duration, sinfo.rx_beacon, (int8_t)sinfo.rx_beacon_signal_avg);
351 
352 		sbuf_printf(s, " tx_bytes %ju tx_packets %u tx_failed %u\n",
353 		    (uintmax_t)sinfo.tx_bytes, sinfo.tx_packets, sinfo.tx_failed);
354 		sbuf_printf(s, " tx_duration %ju tx_retries %u\n",
355 		    (uintmax_t)sinfo.tx_duration, sinfo.tx_retries);
356 
357 		sbuf_printf(s, " signal %d signal_avg %d ack_signal %d avg_ack_signal %d\n",
358 		    sinfo.signal, sinfo.signal_avg, sinfo.ack_signal, sinfo.avg_ack_signal);
359 		sbuf_printf(s, " generation %d assoc_req_ies_len %zu chains %#04x\n",
360 		    sinfo.generation, sinfo.assoc_req_ies_len, sinfo.chains);
361 
362 		for (int i = 0; i < nitems(sinfo.chain_signal) && i < IEEE80211_MAX_CHAINS; i++) {
363 			if (!(sinfo.chains & BIT(i)))
364 				continue;
365 			sbuf_printf(s, "  chain[%d] signal %d signal_avg %d\n",
366 			    i, (int8_t)sinfo.chain_signal[i], (int8_t)sinfo.chain_signal_avg[i]);
367 		}
368 
369 		/* assoc_req_ies, bss_param, sta_flags */
370 
371 		sbuf_printf(s, " rxrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
372 		    sinfo.rxrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
373 		    sinfo.rxrate.bw, lkpi_rate_info_bw_to_str(sinfo.rxrate.bw),
374 		    sinfo.rxrate.legacy * 100,
375 		    sinfo.rxrate.mcs, sinfo.rxrate.nss);
376 		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
377 		    sinfo.rxrate.he_dcm, sinfo.rxrate.he_gi, sinfo.rxrate.he_ru_alloc,
378 		    sinfo.rxrate.eht_gi);
379 		sbuf_printf(s, " txrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
380 		    sinfo.txrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
381 		    sinfo.txrate.bw, lkpi_rate_info_bw_to_str(sinfo.txrate.bw),
382 		    sinfo.txrate.legacy * 100,
383 		    sinfo.txrate.mcs, sinfo.txrate.nss);
384 		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
385 		    sinfo.txrate.he_dcm, sinfo.txrate.he_gi, sinfo.txrate.he_ru_alloc,
386 		    sinfo.txrate.eht_gi);
387 
388 		if (!dump_queues)
389 			continue;
390 
391 		/* Dump queue information. */
392 		sbuf_printf(s, " Queue information:\n");
393 		sbuf_printf(s, "  frms direct tx %ju\n", lsta->frms_tx);
394 		for (tid = 0; tid <= IEEE80211_NUM_TIDS; tid++) {
395 			struct lkpi_txq *ltxq;
396 
397 			if (sta->txq[tid] == NULL) {
398 				sbuf_printf(s, "  tid %-2u NOQ\n", tid);
399 				continue;
400 			}
401 
402 			ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
403 #ifdef __notyet__
404 			sbuf_printf(s, "  tid %-2u flags: %b "
405 			    "txq_generation %u skbq len %d\n",
406 			    tid, ltxq->flags, LKPI_TXQ_FLAGS_BITS,
407 			    ltxq->txq_generation,
408 			    skb_queue_len_lockless(&ltxq->skbq));
409 #else
410 			sbuf_printf(s, "  tid %-2u "
411 			    "txq_generation %u skbq len %d\n",
412 			    tid,
413 			    ltxq->txq_generation,
414 			    skb_queue_len_lockless(&ltxq->skbq));
415 #endif
416 			sbuf_printf(s, "         frms_enqueued %ju frms_dequeued %ju "
417 			    "frms_tx %ju\n",
418 			    ltxq->frms_enqueued, ltxq->frms_dequeued, ltxq->frms_tx);
419 		}
420 	}
421 	wiphy_unlock(hw->wiphy);
422 }
423 
424 static int
425 lkpi_80211_dump_stas(SYSCTL_HANDLER_ARGS)
426 {
427 	struct lkpi_vif *lvif;
428 	struct sbuf s;
429 
430 	if (req->newptr)
431 		return (EPERM);
432 
433 	lvif = (struct lkpi_vif *)arg1;
434 
435 	sbuf_new_for_sysctl(&s, NULL, 1024, req);
436 
437 	lkpi_80211_dump_lvif_stas(lvif, &s, false);
438 
439 	sbuf_finish(&s);
440 	sbuf_delete(&s);
441 
442 	return (0);
443 }
444 
445 static int
446 lkpi_80211_dump_sta_queues(SYSCTL_HANDLER_ARGS)
447 {
448 	struct lkpi_vif *lvif;
449 	struct sbuf s;
450 
451 	if (req->newptr)
452 		return (EPERM);
453 
454 	lvif = (struct lkpi_vif *)arg1;
455 
456 	sbuf_new_for_sysctl(&s, NULL, 1024, req);
457 
458 	lkpi_80211_dump_lvif_stas(lvif, &s, true);
459 
460 	sbuf_finish(&s);
461 	sbuf_delete(&s);
462 
463 	return (0);
464 }
465 
466 static enum ieee80211_sta_rx_bandwidth
467 lkpi_cw_to_rx_bw(enum nl80211_chan_width cw)
468 {
469 	switch (cw) {
470 	case NL80211_CHAN_WIDTH_320:
471 		return (IEEE80211_STA_RX_BW_320);
472 	case NL80211_CHAN_WIDTH_160:
473 	case NL80211_CHAN_WIDTH_80P80:
474 		return (IEEE80211_STA_RX_BW_160);
475 	case NL80211_CHAN_WIDTH_80:
476 		return (IEEE80211_STA_RX_BW_80);
477 	case NL80211_CHAN_WIDTH_40:
478 		return (IEEE80211_STA_RX_BW_40);
479 	case NL80211_CHAN_WIDTH_20:
480 	case NL80211_CHAN_WIDTH_20_NOHT:
481 		return (IEEE80211_STA_RX_BW_20);
482 	case NL80211_CHAN_WIDTH_5:
483 	case NL80211_CHAN_WIDTH_10:
484 		/* Unsupported input. */
485 		return (IEEE80211_STA_RX_BW_20);
486 	}
487 }
488 
489 static enum nl80211_chan_width
490 lkpi_rx_bw_to_cw(enum ieee80211_sta_rx_bandwidth rx_bw)
491 {
492 	switch (rx_bw) {
493 	case IEEE80211_STA_RX_BW_20:
494 		return (NL80211_CHAN_WIDTH_20);	/* _NOHT */
495 	case IEEE80211_STA_RX_BW_40:
496 		return (NL80211_CHAN_WIDTH_40);
497 	case IEEE80211_STA_RX_BW_80:
498 		return (NL80211_CHAN_WIDTH_80);
499 	case IEEE80211_STA_RX_BW_160:
500 		return (NL80211_CHAN_WIDTH_160); /* 80P80 */
501 	case IEEE80211_STA_RX_BW_320:
502 		return (NL80211_CHAN_WIDTH_320);
503 	}
504 }
505 
506 static void
507 lkpi_sync_chanctx_cw_from_rx_bw(struct ieee80211_hw *hw,
508     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
509 {
510 	struct ieee80211_chanctx_conf *chanctx_conf;
511 	enum ieee80211_sta_rx_bandwidth old_bw;
512 	uint32_t changed;
513 
514 	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
515 	    lockdep_is_held(&hw->wiphy->mtx));
516 	if (chanctx_conf == NULL)
517 		return;
518 
519 	old_bw = lkpi_cw_to_rx_bw(chanctx_conf->def.width);
520 	if (old_bw == sta->deflink.bandwidth)
521 		return;
522 
523 	chanctx_conf->def.width = lkpi_rx_bw_to_cw(sta->deflink.bandwidth);
524 	if (chanctx_conf->def.width == NL80211_CHAN_WIDTH_20 &&
525 	    !sta->deflink.ht_cap.ht_supported)
526 		chanctx_conf->def.width = NL80211_CHAN_WIDTH_20_NOHT;
527 
528 	chanctx_conf->min_def = chanctx_conf->def;
529 
530 	vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
531 
532 	changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
533 	changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
534 	lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
535 }
536 
537 #if defined(LKPI_80211_HT)
538 static void
539 lkpi_sta_sync_ht_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
540     struct ieee80211_sta *sta, struct ieee80211_node *ni)
541 {
542 	struct ieee80211vap *vap;
543 	uint8_t *ie;
544 	struct ieee80211_ht_cap *htcap;
545 	struct ieee80211_sta_ht_cap *ht_cap, *sta_ht_cap;
546 	enum nl80211_band band;
547 	int i, rx_nss;
548 
549 	if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) {
550 		sta->deflink.ht_cap.ht_supported = false;
551 		return;
552 	}
553 
554 	sta->deflink.ht_cap.ht_supported = true;
555 
556 	/* htcap->ampdu_params_info */
557 	vap = ni->ni_vap;
558 	sta->deflink.ht_cap.ampdu_density = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MPDUDENSITY);
559 	if (sta->deflink.ht_cap.ampdu_density > vap->iv_ampdu_density)
560 		sta->deflink.ht_cap.ampdu_density = vap->iv_ampdu_density;
561 	sta->deflink.ht_cap.ampdu_factor = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MAXRXAMPDU);
562 	if (sta->deflink.ht_cap.ampdu_factor > vap->iv_ampdu_rxmax)
563 		sta->deflink.ht_cap.ampdu_factor = vap->iv_ampdu_rxmax;
564 
565 	ie = ni->ni_ies.htcap_ie;
566 	KASSERT(ie != NULL, ("%s: HT but no htcap_ie on ni %p\n", __func__, ni));
567 	if (ie[0] == IEEE80211_ELEMID_VENDOR)
568 		ie += 4;
569 	ie += 2;
570 	htcap = (struct ieee80211_ht_cap *)ie;
571 	sta->deflink.ht_cap.cap = htcap->cap_info;
572 	sta->deflink.ht_cap.mcs = htcap->mcs;
573 
574 	/*
575 	 * 802.11n-2009 20.6 Parameters for HT MCSs gives the mandatory/
576 	 * optional MCS for Nss=1..4.  We need to check the first four
577 	 * MCS sets from the Rx MCS Bitmask; then there is MCS 32 and
578 	 * MCS33.. is UEQM.
579 	 */
580 	band = vif->bss_conf.chanctx_conf->def.chan->band;
581 	ht_cap = &hw->wiphy->bands[band]->ht_cap;
582 	sta_ht_cap = &sta->deflink.ht_cap;
583 	rx_nss = 0;
584 	for (i = 0; i < 4; i++) {
585 		TRACEOK("HT rx_mask[%d] sta %#04x & hw %#04x", i,
586 		    sta_ht_cap->mcs.rx_mask[i], ht_cap->mcs.rx_mask[i]);
587 		sta_ht_cap->mcs.rx_mask[i] =
588 			sta_ht_cap->mcs.rx_mask[i] & ht_cap->mcs.rx_mask[i];
589 		/* XXX-BZ masking unequal modulation? */
590 
591 		if (sta_ht_cap->mcs.rx_mask[i] != 0)
592 			rx_nss++;
593 	}
594 	if (rx_nss > 0) {
595 		TRACEOK("HT rx_nss = max(%d, %d)", rx_nss, sta->deflink.rx_nss);
596 		sta->deflink.rx_nss = MAX(rx_nss, sta->deflink.rx_nss);
597 	} else {
598 		sta->deflink.ht_cap.ht_supported = false;
599 		return;
600 	}
601 
602 	if ((sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) != 0 &&
603 	    IEEE80211_IS_CHAN_HT40(ni->ni_chan))
604 		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_40;
605 	else
606 		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
607 
608 	IMPROVE("sta->wme");
609 
610 	if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_MAX_AMSDU)
611 		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_7935;
612 	else
613 		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_3839;
614 	sta->deflink.agg.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
615 #ifdef __handled_by_driver__	/* iwlwifi only? actually unused? */
616 	for (i = 0; i < nitems(sta.deflink.agg.max_tid_amsdu_len); i++) {
617 		sta->deflink.agg.max_tid_amsdu_len[j] = ;
618 	}
619 #endif
620 }
621 #endif
622 
623 #if defined(LKPI_80211_VHT)
624 static void
625 lkpi_sta_sync_vht_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
626     struct ieee80211_sta *sta, struct ieee80211_node *ni)
627 {
628 	struct ieee80211_sta_vht_cap *vht_cap, *sta_vht_cap;;
629 	enum ieee80211_sta_rx_bandwidth bw;
630 	enum nl80211_band band;
631 	uint32_t width;
632 	int rx_nss;
633 	uint16_t rx_map, tx_map;
634 
635 	if ((ni->ni_flags & IEEE80211_NODE_VHT) == 0 ||
636 	    !IEEE80211_IS_CHAN_VHT_5GHZ(ni->ni_chan)) {
637 		sta->deflink.vht_cap.vht_supported = false;
638 		return;
639 	}
640 
641 	sta->deflink.vht_cap.vht_supported = true;
642 
643 	sta->deflink.vht_cap.cap = ni->ni_vhtcap;
644 	sta->deflink.vht_cap.vht_mcs = ni->ni_vht_mcsinfo;
645 
646 	/*
647 	 * If VHT20/40 are selected do not update the bandwidth
648 	 * from HT but stya on VHT.
649 	 */
650 	if (ni->ni_vht_chanwidth == IEEE80211_VHT_CHANWIDTH_USE_HT)
651 		goto skip_bw;
652 
653 	bw = sta->deflink.bandwidth;
654 	width = (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK);
655 	switch (width) {
656 	/* Deprecated. */
657 	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
658 	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
659 		bw = IEEE80211_STA_RX_BW_160;
660 		break;
661 	default:
662 		/* Check if we do support 160Mhz somehow after all. */
663 		if ((sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_EXT_NSS_BW_MASK) != 0)
664 			bw = IEEE80211_STA_RX_BW_160;
665 		else
666 			bw = IEEE80211_STA_RX_BW_80;
667 	}
668 	/*
669 	 * While we can set what is possibly supported we also need to be
670 	 * on a channel which supports that bandwidth; e.g., we can support
671 	 * VHT160 but the AP only does VHT80.
672 	 * Further ni_chan will also have filtered out what we disabled
673 	 * by configuration.
674 	 * Once net80211 channel selection is fixed for 802.11-2020 and
675 	 * VHT160 we can possibly spare ourselves the above.
676 	 */
677 	if (bw == IEEE80211_STA_RX_BW_160 &&
678 	    !IEEE80211_IS_CHAN_VHT160(ni->ni_chan) &&
679 	    !IEEE80211_IS_CHAN_VHT80P80(ni->ni_chan))
680 		bw = IEEE80211_STA_RX_BW_80;
681 	if (bw == IEEE80211_STA_RX_BW_80 &&
682 	    !IEEE80211_IS_CHAN_VHT80(ni->ni_chan))
683 		bw = sta->deflink.bandwidth;
684 	sta->deflink.bandwidth = bw;
685 skip_bw:
686 
687 	band = vif->bss_conf.chanctx_conf->def.chan->band;
688 	vht_cap = &hw->wiphy->bands[band]->vht_cap;
689 	sta_vht_cap = &sta->deflink.vht_cap;
690 
691 	rx_nss = 0;
692 	rx_map = tx_map = 0;
693 	for (int i = 7; i >= 0; i--) {
694 		uint8_t card, sta;
695 
696 		card = (vht_cap->vht_mcs.rx_mcs_map >> (2 * i)) & 0x3;
697 		sta  = (sta_vht_cap->vht_mcs.rx_mcs_map >> (2 * i)) & 0x3;
698 		if (sta != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
699 			if (card == IEEE80211_VHT_MCS_NOT_SUPPORTED)
700 				sta = IEEE80211_VHT_MCS_NOT_SUPPORTED;
701 			else {
702 				sta = MIN(sta, card);
703 				if (rx_nss == 0)
704 					rx_nss = i + 1;
705 			}
706 		}
707 		rx_map |= (sta << (2 * i));
708 
709 		card = (vht_cap->vht_mcs.tx_mcs_map >> (2 * i)) & 0x3;
710 		sta  = (sta_vht_cap->vht_mcs.tx_mcs_map >> (2 * i)) & 0x3;
711 		if (sta != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
712 			if (card == IEEE80211_VHT_MCS_NOT_SUPPORTED)
713 				sta = IEEE80211_VHT_MCS_NOT_SUPPORTED;
714 			else
715 				sta = MIN(sta, card);
716 		}
717 		tx_map |= (sta << (2 * i));
718 	}
719 	TRACEOK("VHT rx_mcs_map %#010x->%#010x, tx_mcs_map %#010x->%#010x, rx_nss = %d",
720 	    sta_vht_cap->vht_mcs.rx_mcs_map, rx_map,
721 	    sta_vht_cap->vht_mcs.tx_mcs_map, tx_map, rx_nss);
722 	sta_vht_cap->vht_mcs.rx_mcs_map = rx_map;
723 	sta_vht_cap->vht_mcs.tx_mcs_map = tx_map;
724 	if (rx_nss > 0) {
725 		TRACEOK("VHT rx_nss = max(%d, %d)", rx_nss, sta->deflink.rx_nss);
726 		sta->deflink.rx_nss = MAX(rx_nss, sta->deflink.rx_nss);
727 	} else {
728 		sta->deflink.vht_cap.vht_supported = false;
729 		return;
730 	}
731 
732 	switch (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MAX_MPDU_MASK) {
733 	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454:
734 		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_11454;
735 		break;
736 	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991:
737 		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_7991;
738 		break;
739 	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895:
740 	default:
741 		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_3895;
742 		break;
743 	}
744 }
745 #endif
746 
747 static void
748 lkpi_sta_sync_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
749     struct ieee80211_sta *sta, struct ieee80211_node *ni, bool updchnctx)
750 {
751 
752 	/*
753 	 * Ensure rx_nss is at least 1 as otherwise drivers run into
754 	 * unexpected problems.
755 	 */
756 	sta->deflink.rx_nss = 1;
757 
758 #if defined(LKPI_80211_HT)
759 	lkpi_sta_sync_ht_from_ni(hw, vif, sta, ni);
760 #endif
761 #if defined(LKPI_80211_VHT)
762 	lkpi_sta_sync_vht_from_ni(hw, vif, sta, ni);
763 #endif
764 
765 	/*
766 	 * We are also called from node allocation which net80211
767 	 * can do even on `ifconfig down`; in that case the chanctx
768 	 * may still be valid and we get a discrepancy between
769 	 * sta and chanctx.  Thus do not try to update the chanctx
770 	 * when called from lkpi_lsta_alloc().
771 	 */
772 	if (updchnctx)
773 		lkpi_sync_chanctx_cw_from_rx_bw(hw, vif, sta);
774 }
775 
776 #if 0
777 static uint8_t
778 lkpi_get_max_rx_chains(struct ieee80211_node *ni)
779 {
780 	uint8_t chains;
781 #if defined(LKPI_80211_HT) || defined(LKPI_80211_VHT)
782 	struct lkpi_sta *lsta;
783 	struct ieee80211_sta *sta;
784 
785 	lsta = ni->ni_drv_data;
786 	sta = LSTA_TO_STA(lsta);
787 #endif
788 
789 	chains = 1;
790 #if defined(LKPI_80211_HT)
791 	IMPROVE("We should factor counting MCS/NSS out for sync and here");
792 	if (sta->deflink.ht_cap.ht_supported)
793 		chains = MAX(chains, sta->deflink.rx_nss);
794 #endif
795 
796 #if defined(LKPI_80211_VHT)
797 	if (sta->deflink.vht_cap.vht_supported)
798 		chains = MAX(chains, sta->deflink.rx_nss);
799 #endif
800 
801 	return (chains);
802 }
803 #endif
804 
805 static void
806 lkpi_lsta_dump(struct lkpi_sta *lsta, struct ieee80211_node *ni,
807     const char *_f, int _l)
808 {
809 
810 #ifdef LINUXKPI_DEBUG_80211
811 	if ((linuxkpi_debug_80211 & D80211_TRACE_STA) == 0)
812 		return;
813 	if (lsta == NULL)
814 		return;
815 
816 	printf("%s:%d lsta %p ni %p sta %p\n",
817 	    _f, _l, lsta, ni, &lsta->sta);
818 	if (ni != NULL)
819 		ieee80211_dump_node(NULL, ni);
820 	printf("\ttxq_task txq len %d mtx\n", mbufq_len(&lsta->txq));
821 	printf("\tkc %p state %d added_to_drv %d in_mgd %d\n",
822 		&lsta->kc[0], lsta->state, lsta->added_to_drv, lsta->in_mgd);
823 #endif
824 }
825 
826 static void
827 lkpi_lsta_remove(struct lkpi_sta *lsta, struct lkpi_vif *lvif)
828 {
829 
830 	lockdep_assert_wiphy(lsta->hw->wiphy);
831 
832 	KASSERT(!list_empty(&lsta->lsta_list),
833 	    ("%s: lsta %p ni %p\n", __func__, lsta, lsta->ni));
834 	list_del_init(&lsta->lsta_list);
835 }
836 
837 static struct lkpi_sta *
838 lkpi_lsta_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN],
839     struct ieee80211_hw *hw, struct ieee80211_node *ni)
840 {
841 	struct lkpi_sta *lsta;
842 	struct lkpi_vif *lvif;
843 	struct ieee80211_vif *vif;
844 	struct ieee80211_sta *sta;
845 	int band, i, tid;
846 
847 	lsta = malloc(sizeof(*lsta) + hw->sta_data_size, M_LKPI80211,
848 	    M_NOWAIT | M_ZERO);
849 	if (lsta == NULL)
850 		return (NULL);
851 
852 	lsta->hw = hw;
853 	lsta->added_to_drv = false;
854 	lsta->state = IEEE80211_STA_NOTEXIST;
855 	/*
856 	 * Link the ni to the lsta here without taking a reference.
857 	 * For one we would have to take the reference in node_init()
858 	 * as ieee80211_alloc_node() will initialise the refcount after us.
859 	 * For the other a ni and an lsta are 1:1 mapped and always together
860 	 * from [ic_]node_alloc() to [ic_]node_free() so we are essentally
861 	 * using the ni references for the lsta as well despite it being
862 	 * two separate allocations.
863 	 */
864 	lsta->ni = ni;
865 	/* The back-pointer "drv_data" to net80211_node let's us get lsta. */
866 	ni->ni_drv_data = lsta;
867 
868 	lvif = VAP_TO_LVIF(vap);
869 	vif = LVIF_TO_VIF(lvif);
870 	sta = LSTA_TO_STA(lsta);
871 
872 	IEEE80211_ADDR_COPY(sta->addr, mac);
873 
874 	/* TXQ */
875 	for (tid = 0; tid < nitems(sta->txq); tid++) {
876 		struct lkpi_txq *ltxq;
877 
878 		/* We are not limiting ourselves to hw.queues here. */
879 		ltxq = malloc(sizeof(*ltxq) + hw->txq_data_size,
880 		    M_LKPI80211, M_NOWAIT | M_ZERO);
881 		if (ltxq == NULL)
882 			goto cleanup;
883 		/* iwlwifi//mvm/sta.c::tid_to_mac80211_ac[] */
884 		if (tid == IEEE80211_NUM_TIDS) {
885 			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ)) {
886 				free(ltxq, M_LKPI80211);
887 				continue;
888 			}
889 			IMPROVE("AP/if we support non-STA here too");
890 			ltxq->txq.ac = IEEE80211_AC_VO;
891 		} else {
892 			ltxq->txq.ac = ieee80211e_up_to_ac[tid & 7];
893 		}
894 		ltxq->seen_dequeue = false;
895 		ltxq->stopped = false;
896 		ltxq->txq.vif = vif;
897 		ltxq->txq.tid = tid;
898 		ltxq->txq.sta = sta;
899 		TAILQ_ELEM_INIT(ltxq, txq_entry);
900 		skb_queue_head_init(&ltxq->skbq);
901 		LKPI_80211_LTXQ_LOCK_INIT(ltxq);
902 		sta->txq[tid] = &ltxq->txq;
903 	}
904 
905 	/* Deflink information. */
906 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
907 		struct ieee80211_supported_band *supband;
908 		uint32_t rate_mandatory;;
909 
910 		supband = hw->wiphy->bands[band];
911 		if (supband == NULL)
912 			continue;
913 
914 		switch (band) {
915 		case NL80211_BAND_2GHZ:
916 			/* We have to assume 11g support here. */
917 			rate_mandatory = IEEE80211_RATE_MANDATORY_G |
918 			    IEEE80211_RATE_MANDATORY_B;
919 			break;
920 		case NL80211_BAND_5GHZ:
921 			rate_mandatory = IEEE80211_RATE_MANDATORY_A;
922 			break;
923 		default:
924 			continue;
925 		}
926 
927 		for (i = 0; i < supband->n_bitrates; i++) {
928 			if ((supband->bitrates[i].flags & rate_mandatory) != 0)
929 				sta->deflink.supp_rates[band] |= BIT(i);
930 		}
931 	}
932 
933 	sta->deflink.smps_mode = IEEE80211_SMPS_OFF;
934 	sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
935 	sta->deflink.agg.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
936 	sta->deflink.rx_nss = 1;
937 	sta->deflink.sta = sta;
938 
939 	lkpi_sta_sync_from_ni(hw, vif, sta, ni, false);
940 
941 	IMPROVE("he, eht, bw_320, ... smps_mode, ..");
942 
943 	/* Link configuration. */
944 	IEEE80211_ADDR_COPY(sta->deflink.addr, sta->addr);
945 	sta->link[0] = &sta->deflink;
946 	for (i = 1; i < nitems(sta->link); i++) {
947 		IMPROVE("more links; only link[0] = deflink currently.");
948 	}
949 	IMPROVE("11be");
950 	sta->mlo = false;
951 
952 	/* Deferred TX path. */
953 	LKPI_80211_LSTA_TXQ_LOCK_INIT(lsta);
954 	TASK_INIT(&lsta->txq_task, 0, lkpi_80211_txq_task, lsta);
955 	mbufq_init(&lsta->txq, 32 * NAPI_POLL_WEIGHT);
956 	lsta->txq_ready = true;
957 
958 	return (lsta);
959 
960 cleanup:
961 	for (; tid >= 0; tid--) {
962 		struct lkpi_txq *ltxq;
963 
964 		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
965 		LKPI_80211_LTXQ_LOCK_DESTROY(ltxq);
966 		free(sta->txq[tid], M_LKPI80211);
967 	}
968 	free(lsta, M_LKPI80211);
969 	return (NULL);
970 }
971 
972 static void
973 lkpi_lsta_free(struct lkpi_sta *lsta, struct ieee80211_node *ni)
974 {
975 	struct mbuf *m;
976 
977 	if (lsta->added_to_drv)
978 		panic("%s: Trying to free an lsta still known to firmware: "
979 		    "lsta %p ni %p added_to_drv %d\n",
980 		    __func__, lsta, ni, lsta->added_to_drv);
981 
982 	/* XXX-BZ free resources, ... */
983 	IMPROVE();
984 
985 	/* Drain sta->txq[] */
986 
987 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
988 	lsta->txq_ready = false;
989 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
990 
991 	/* Drain taskq, won't be restarted until added_to_drv is set again. */
992 	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
993 		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
994 
995 	/* Flush mbufq (make sure to release ni refs!). */
996 	m = mbufq_dequeue(&lsta->txq);
997 	while (m != NULL) {
998 		struct ieee80211_node *nim;
999 
1000 		nim = (struct ieee80211_node *)m->m_pkthdr.rcvif;
1001 		if (nim != NULL)
1002 			ieee80211_free_node(nim);
1003 		m_freem(m);
1004 		m = mbufq_dequeue(&lsta->txq);
1005 	}
1006 	KASSERT(mbufq_empty(&lsta->txq), ("%s: lsta %p has txq len %d != 0\n",
1007 	    __func__, lsta, mbufq_len(&lsta->txq)));
1008 	LKPI_80211_LSTA_TXQ_LOCK_DESTROY(lsta);
1009 
1010 	/* Remove lsta from vif; that is done by the state machine.  Should assert it? */
1011 
1012 	IMPROVE("Make sure everything is cleaned up.");
1013 
1014 	/* Free lsta. */
1015 	lsta->ni = NULL;
1016 	ni->ni_drv_data = NULL;
1017 	free(lsta, M_LKPI80211);
1018 }
1019 
1020 
1021 static enum nl80211_band
1022 lkpi_net80211_chan_to_nl80211_band(struct ieee80211_channel *c)
1023 {
1024 
1025 	if (IEEE80211_IS_CHAN_2GHZ(c))
1026 		return (NL80211_BAND_2GHZ);
1027 	else if (IEEE80211_IS_CHAN_5GHZ(c))
1028 		return (NL80211_BAND_5GHZ);
1029 #ifdef __notyet__
1030 	else if ()
1031 		return (NL80211_BAND_6GHZ);
1032 	else if ()
1033 		return (NL80211_BAND_60GHZ);
1034 	else if (IEEE80211_IS_CHAN_GSM(c))
1035 		return (NL80211_BAND_XXX);
1036 #endif
1037 	else
1038 		panic("%s: unsupported band. c %p flags %#x\n",
1039 		    __func__, c, c->ic_flags);
1040 }
1041 
1042 static uint32_t
1043 lkpi_nl80211_band_to_net80211_band(enum nl80211_band band)
1044 {
1045 
1046 	/* XXX-BZ this is just silly; net80211 is too convoluted. */
1047 	/* IEEE80211_CHAN_A / _G / .. doesn't really work either. */
1048 	switch (band) {
1049 	case NL80211_BAND_2GHZ:
1050 		return (IEEE80211_CHAN_2GHZ);
1051 		break;
1052 	case NL80211_BAND_5GHZ:
1053 		return (IEEE80211_CHAN_5GHZ);
1054 		break;
1055 	case NL80211_BAND_60GHZ:
1056 		break;
1057 	case NL80211_BAND_6GHZ:
1058 		break;
1059 	default:
1060 		panic("%s: unsupported band %u\n", __func__, band);
1061 		break;
1062 	}
1063 
1064 	IMPROVE();
1065 	return (0x00);
1066 }
1067 
1068 #ifdef LINUXKPI_DEBUG_80211
1069 static const char *
1070 lkpi_nl80211_band_name(enum nl80211_band band)
1071 {
1072 	switch (band) {
1073 	case NL80211_BAND_2GHZ:
1074 		return "2Ghz";
1075 		break;
1076 	case NL80211_BAND_5GHZ:
1077 		return "5Ghz";
1078 		break;
1079 	case NL80211_BAND_60GHZ:
1080 		return "60Ghz";
1081 		break;
1082 	case NL80211_BAND_6GHZ:
1083 		return "6Ghz";
1084 		break;
1085 	default:
1086 		panic("%s: unsupported band %u\n", __func__, band);
1087 		break;
1088 	}
1089 }
1090 #endif
1091 
1092 #if 0
1093 static enum ieee80211_ac_numbers
1094 lkpi_ac_net_to_l80211(int ac)
1095 {
1096 
1097 	switch (ac) {
1098 	case WME_AC_VO:
1099 		return (IEEE80211_AC_VO);
1100 	case WME_AC_VI:
1101 		return (IEEE80211_AC_VI);
1102 	case WME_AC_BE:
1103 		return (IEEE80211_AC_BE);
1104 	case WME_AC_BK:
1105 		return (IEEE80211_AC_BK);
1106 	default:
1107 		printf("%s: invalid WME_AC_* input: ac = %d\n", __func__, ac);
1108 		return (IEEE80211_AC_BE);
1109 	}
1110 }
1111 #endif
1112 
1113 static enum nl80211_iftype
1114 lkpi_opmode_to_vif_type(enum ieee80211_opmode opmode)
1115 {
1116 
1117 	switch (opmode) {
1118 	case IEEE80211_M_IBSS:
1119 		return (NL80211_IFTYPE_ADHOC);
1120 		break;
1121 	case IEEE80211_M_STA:
1122 		return (NL80211_IFTYPE_STATION);
1123 		break;
1124 	case IEEE80211_M_WDS:
1125 		return (NL80211_IFTYPE_WDS);
1126 		break;
1127 	case IEEE80211_M_HOSTAP:
1128 		return (NL80211_IFTYPE_AP);
1129 		break;
1130 	case IEEE80211_M_MONITOR:
1131 		return (NL80211_IFTYPE_MONITOR);
1132 		break;
1133 	case IEEE80211_M_MBSS:
1134 		return (NL80211_IFTYPE_MESH_POINT);
1135 		break;
1136 	case IEEE80211_M_AHDEMO:
1137 		/* FALLTHROUGH */
1138 	default:
1139 		printf("ERROR: %s: unsupported opmode %d\n", __func__, opmode);
1140 		/* FALLTHROUGH */
1141 	}
1142 	return (NL80211_IFTYPE_UNSPECIFIED);
1143 }
1144 
1145 #ifdef LKPI_80211_HW_CRYPTO
1146 static const char *
1147 lkpi_cipher_suite_to_name(uint32_t wlan_cipher_suite)
1148 {
1149 	switch (wlan_cipher_suite) {
1150 	case WLAN_CIPHER_SUITE_WEP40:
1151 		return ("WEP40");
1152 	case WLAN_CIPHER_SUITE_WEP104:
1153 		return ("WEP104");
1154 	case WLAN_CIPHER_SUITE_TKIP:
1155 		return ("TKIP");
1156 	case WLAN_CIPHER_SUITE_CCMP:
1157 		return ("CCMP");
1158 	case WLAN_CIPHER_SUITE_CCMP_256:
1159 		return ("CCMP_256");
1160 	case WLAN_CIPHER_SUITE_GCMP:
1161 		return ("GCMP");
1162 	case WLAN_CIPHER_SUITE_GCMP_256:
1163 		return ("GCMP_256");
1164 	case WLAN_CIPHER_SUITE_AES_CMAC:
1165 		return ("AES_CMAC");
1166 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1167 		return ("BIP_CMAC_256");
1168 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1169 		return ("BIP_GMAC_128");
1170 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1171 		return ("BIP_GMAC_256");
1172 	default:
1173 		return ("??");
1174 	}
1175 }
1176 
1177 static uint32_t
1178 lkpi_l80211_to_net80211_cyphers(struct ieee80211com *ic,
1179     uint32_t wlan_cipher_suite)
1180 {
1181 	switch (wlan_cipher_suite) {
1182 	case WLAN_CIPHER_SUITE_WEP40:
1183 		return (IEEE80211_CRYPTO_WEP);
1184 	case WLAN_CIPHER_SUITE_WEP104:
1185 		return (IEEE80211_CRYPTO_WEP);
1186 	case WLAN_CIPHER_SUITE_TKIP:
1187 		return (IEEE80211_CRYPTO_TKIP);
1188 	case WLAN_CIPHER_SUITE_CCMP:
1189 		return (IEEE80211_CRYPTO_AES_CCM);
1190 	case WLAN_CIPHER_SUITE_CCMP_256:
1191 		return (IEEE80211_CRYPTO_AES_CCM_256);
1192 	case WLAN_CIPHER_SUITE_GCMP:
1193 		return (IEEE80211_CRYPTO_AES_GCM_128);
1194 	case WLAN_CIPHER_SUITE_GCMP_256:
1195 		return (IEEE80211_CRYPTO_AES_GCM_256);
1196 	case WLAN_CIPHER_SUITE_AES_CMAC:
1197 		return (IEEE80211_CRYPTO_BIP_CMAC_128);
1198 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1199 		return (IEEE80211_CRYPTO_BIP_CMAC_256);
1200 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1201 		return (IEEE80211_CRYPTO_BIP_GMAC_128);
1202 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1203 		return (IEEE80211_CRYPTO_BIP_GMAC_256);
1204 	default:
1205 		ic_printf(ic, "%s: unknown WLAN Cipher Suite %#08x | %u (%s)\n",
1206 		    __func__,
1207 		    wlan_cipher_suite >> 8, wlan_cipher_suite & 0xff,
1208 		    lkpi_cipher_suite_to_name(wlan_cipher_suite));
1209 		return (0);
1210 	}
1211 }
1212 
1213 static uint32_t
1214 lkpi_net80211_to_l80211_cipher_suite(uint32_t cipher, uint8_t keylen)
1215 {
1216 
1217 	switch (cipher) {
1218 	case IEEE80211_CIPHER_WEP:
1219 		if (keylen == (40/NBBY))
1220 			return (WLAN_CIPHER_SUITE_WEP40);
1221 		else if (keylen == (104/NBBY))
1222 			return (WLAN_CIPHER_SUITE_WEP104);
1223 		else {
1224 			printf("%s: WEP with unsupported keylen %d\n",
1225 			    __func__, keylen * NBBY);
1226 			return (0);
1227 		}
1228 		break;
1229 	case IEEE80211_CIPHER_TKIP:
1230 		return (WLAN_CIPHER_SUITE_TKIP);
1231 	case IEEE80211_CIPHER_AES_CCM:
1232 		return (WLAN_CIPHER_SUITE_CCMP);
1233 	case IEEE80211_CIPHER_AES_CCM_256:
1234 		return (WLAN_CIPHER_SUITE_CCMP_256);
1235 	case IEEE80211_CIPHER_AES_GCM_128:
1236 		return (WLAN_CIPHER_SUITE_GCMP);
1237 	case IEEE80211_CIPHER_AES_GCM_256:
1238 		return (WLAN_CIPHER_SUITE_GCMP_256);
1239 	case IEEE80211_CIPHER_BIP_CMAC_128:
1240 		return (WLAN_CIPHER_SUITE_AES_CMAC);
1241 	case IEEE80211_CIPHER_BIP_CMAC_256:
1242 		return (WLAN_CIPHER_SUITE_BIP_CMAC_256);
1243 	case IEEE80211_CIPHER_BIP_GMAC_128:
1244 		return (WLAN_CIPHER_SUITE_BIP_GMAC_128);
1245 	case IEEE80211_CIPHER_BIP_GMAC_256:
1246 		return (WLAN_CIPHER_SUITE_BIP_GMAC_256);
1247 
1248 	case IEEE80211_CIPHER_AES_OCB:
1249 	case IEEE80211_CIPHER_TKIPMIC:
1250 		/*
1251 		 * TKIP w/ hw MIC support
1252 		 * (gone wrong; should really be a crypto flag in net80211).
1253 		 */
1254 	case IEEE80211_CIPHER_CKIP:
1255 	case IEEE80211_CIPHER_NONE:
1256 		printf("%s: unsupported cipher %#010x\n", __func__, cipher);
1257 		break;
1258 	default:
1259 		printf("%s: unknown cipher %#010x\n", __func__, cipher);
1260 	};
1261 	return (0);
1262 }
1263 #endif
1264 
1265 #ifdef __notyet__
1266 static enum ieee80211_sta_state
1267 lkpi_net80211_state_to_sta_state(enum ieee80211_state state)
1268 {
1269 
1270 	/*
1271 	 * XXX-BZ The net80211 states are "try to ..", the lkpi8011 states are
1272 	 * "done".  Also ASSOC/AUTHORIZED are both "RUN" then?
1273 	 */
1274 	switch (state) {
1275 	case IEEE80211_S_INIT:
1276 		return (IEEE80211_STA_NOTEXIST);
1277 	case IEEE80211_S_SCAN:
1278 		return (IEEE80211_STA_NONE);
1279 	case IEEE80211_S_AUTH:
1280 		return (IEEE80211_STA_AUTH);
1281 	case IEEE80211_S_ASSOC:
1282 		return (IEEE80211_STA_ASSOC);
1283 	case IEEE80211_S_RUN:
1284 		return (IEEE80211_STA_AUTHORIZED);
1285 	case IEEE80211_S_CAC:
1286 	case IEEE80211_S_CSA:
1287 	case IEEE80211_S_SLEEP:
1288 	default:
1289 		UNIMPLEMENTED;
1290 	};
1291 
1292 	return (IEEE80211_STA_NOTEXIST);
1293 }
1294 #endif
1295 
1296 static struct linuxkpi_ieee80211_channel *
1297 lkpi_find_lkpi80211_chan(struct lkpi_hw *lhw,
1298     struct ieee80211_channel *c)
1299 {
1300 	struct ieee80211_hw *hw;
1301 	struct linuxkpi_ieee80211_channel *channels;
1302 	enum nl80211_band band;
1303 	int i, nchans;
1304 
1305 	hw = LHW_TO_HW(lhw);
1306 	band = lkpi_net80211_chan_to_nl80211_band(c);
1307 	if (hw->wiphy->bands[band] == NULL)
1308 		return (NULL);
1309 
1310 	nchans = hw->wiphy->bands[band]->n_channels;
1311 	if (nchans <= 0)
1312 		return (NULL);
1313 
1314 	channels = hw->wiphy->bands[band]->channels;
1315 	for (i = 0; i < nchans; i++) {
1316 		if (channels[i].center_freq == c->ic_freq)
1317 			return (&channels[i]);
1318 	}
1319 
1320 	return (NULL);
1321 }
1322 
1323 #if 0
1324 static struct linuxkpi_ieee80211_channel *
1325 lkpi_get_lkpi80211_chan(struct ieee80211com *ic, struct ieee80211_node *ni)
1326 {
1327 	struct linuxkpi_ieee80211_channel *chan;
1328 	struct ieee80211_channel *c;
1329 	struct lkpi_hw *lhw;
1330 
1331 	chan = NULL;
1332 	if (ni != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC)
1333 		c = ni->ni_chan;
1334 	else if (ic->ic_bsschan != IEEE80211_CHAN_ANYC)
1335 		c = ic->ic_bsschan;
1336 	else if (ic->ic_curchan != IEEE80211_CHAN_ANYC)
1337 		c = ic->ic_curchan;
1338 	else
1339 		c = NULL;
1340 
1341 	if (c != NULL && c != IEEE80211_CHAN_ANYC) {
1342 		lhw = ic->ic_softc;
1343 		chan = lkpi_find_lkpi80211_chan(lhw, c);
1344 	}
1345 
1346 	return (chan);
1347 }
1348 #endif
1349 
1350 struct linuxkpi_ieee80211_channel *
1351 linuxkpi_ieee80211_get_channel(struct wiphy *wiphy, uint32_t freq)
1352 {
1353 	enum nl80211_band band;
1354 
1355 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
1356 		struct ieee80211_supported_band *supband;
1357 		struct linuxkpi_ieee80211_channel *channels;
1358 		int i;
1359 
1360 		supband = wiphy->bands[band];
1361 		if (supband == NULL || supband->n_channels == 0)
1362 			continue;
1363 
1364 		channels = supband->channels;
1365 		for (i = 0; i < supband->n_channels; i++) {
1366 			if (channels[i].center_freq == freq)
1367 				return (&channels[i]);
1368 		}
1369 	}
1370 
1371 	return (NULL);
1372 }
1373 
1374 #ifdef LKPI_80211_HW_CRYPTO
1375 static int
1376 lkpi_sta_del_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1377     struct lkpi_sta *lsta)
1378 {
1379 	int error;
1380 
1381 	if (!lkpi_hwcrypto)
1382 		return (0);
1383 
1384 	lockdep_assert_wiphy(hw->wiphy);
1385 
1386 	if (vif->cfg.assoc && lsta->state == IEEE80211_STA_AUTHORIZED) {
1387 		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1388 			ic_printf(lsta->ni->ni_ic,
1389 			    "%d %lu %s: vif still assoc; not deleting keys\n",
1390 			    curthread->td_tid, jiffies, __func__);
1391 		return (0);
1392 	}
1393 
1394 	ieee80211_ref_node(lsta->ni);
1395 
1396 	error = 0;
1397 	for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc); keyix++) {
1398 		struct ieee80211_key_conf *kc;
1399 		int err;
1400 
1401 		if (lsta->kc[keyix] == NULL)
1402 			continue;
1403 		kc = lsta->kc[keyix];
1404 
1405 #ifdef LINUXKPI_DEBUG_80211
1406 		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1407 			ic_printf(lsta->ni->ni_ic, "%d %lu %s: running set_key cmd %d(%s) for "
1408 			    "sta %6D: keyidx %u hw_key_idx %u flags %b\n",
1409 			    curthread->td_tid, jiffies, __func__,
1410 			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1411 			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1412 #endif
1413 
1414 		err = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif,
1415 		    LSTA_TO_STA(lsta), kc);
1416 		if (err != 0) {
1417 			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1418 			    "sta %6D failed: %d\n", curthread->td_tid, jiffies, __func__,
1419 			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":", err);
1420 			error++;
1421 
1422 			/*
1423 			 * If we free the key here we will never be able to get it
1424 			 * removed from the driver/fw which will likely make us
1425 			 * crash (firmware).
1426 			 */
1427 			continue;
1428 		}
1429 #ifdef LINUXKPI_DEBUG_80211
1430 		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1431 			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1432 			    "sta %6D succeeded: keyidx %u hw_key_idx %u flags %b\n",
1433 			    curthread->td_tid, jiffies, __func__,
1434 			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1435 			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1436 #endif
1437 
1438 		lsta->kc[keyix] = NULL;
1439 		free(kc, M_LKPI80211);
1440 	}
1441 	ieee80211_free_node(lsta->ni);
1442 	return (error);
1443 }
1444 
1445 /* XXX-BZ one day we should replace this iterating over VIFs, or node list? */
1446 /* See also lkpi_sta_del_keys() these days. */
1447 static int
1448 lkpi_iv_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
1449 {
1450 	struct ieee80211com *ic;
1451 	struct lkpi_hw *lhw;
1452 	struct ieee80211_hw *hw;
1453 	struct lkpi_vif *lvif;
1454 	struct lkpi_sta *lsta;
1455 	struct ieee80211_vif *vif;
1456 	struct ieee80211_sta *sta;
1457 	struct ieee80211_node *ni;
1458 	struct ieee80211_key_conf *kc;
1459 	int error;
1460 
1461 	ic = vap->iv_ic;
1462 	lhw = ic->ic_softc;
1463 	hw = LHW_TO_HW(lhw);
1464 	lvif = VAP_TO_LVIF(vap);
1465 	vif = LVIF_TO_VIF(lvif);
1466 
1467 	/*
1468 	 * Make sure we do not make it here without going through
1469 	 * lkpi_iv_key_update_begin() first.
1470 	 */
1471 	lockdep_assert_wiphy(hw->wiphy);
1472 
1473 	ni = ieee80211_ref_node(vap->iv_bss);
1474 	lsta = ni->ni_drv_data;
1475 	if (lsta == NULL) {
1476 		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1477 		    __func__, ni, ni->ni_bssid, ":");
1478 		ieee80211_free_node(ni);
1479 		return (0);
1480 	}
1481 
1482 	/*
1483 	 * While we are assoc we may still send packets.  We cannot delete the
1484 	 * keys as otherwise packets could go out unencrypted.  Some firmware
1485 	 * does not like this and will fire an assert.
1486 	 * net80211 needs to drive this better but given we want the disassoc
1487 	 * frame out and have to unlock we are open to a race currently.
1488 	 * This check should prevent problems.
1489 	 * How to test: run 800Mbit/s UDP traffic and during that restart your
1490 	 * supplicant.  You want to survive that.
1491 	 */
1492 	if (vif->cfg.assoc && lsta->state == IEEE80211_STA_AUTHORIZED) {
1493 		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1494 			ic_printf(ic, "%d %lu %s: vif still assoc; not deleting keys\n",
1495 			    curthread->td_tid, jiffies, __func__);
1496 		ieee80211_free_node(ni);
1497 		return (0);
1498 	}
1499 
1500 	if (IEEE80211_KEY_UNDEFINED(k)) {
1501 		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1502 		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1503 		ieee80211_free_node(ni);
1504 		return (0);
1505 	}
1506 
1507 	if (vap->iv_bss == NULL) {
1508 		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1509 		    __func__, vap->iv_bss, vap);
1510 		ieee80211_free_node(ni);
1511 		return (0);
1512 	}
1513 	sta = LSTA_TO_STA(lsta);
1514 
1515 	if (lsta->kc[k->wk_keyix] == NULL) {
1516 #ifdef LINUXKPI_DEBUG_80211
1517 		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1518 			ic_printf(ic, "%d %lu %s: sta %6D and no key information, "
1519 			    "keyidx %u wk_macaddr %6D; returning success\n",
1520 			    curthread->td_tid, jiffies, __func__, sta->addr, ":",
1521 			    k->wk_keyix, k->wk_macaddr, ":");
1522 #endif
1523 		ieee80211_free_node(ni);
1524 		return (1);
1525 	}
1526 	kc = lsta->kc[k->wk_keyix];
1527 
1528 #ifdef LINUXKPI_DEBUG_80211
1529 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1530 		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1531 		    "keyidx %u hw_key_idx %u flags %b\n",
1532 		    curthread->td_tid, jiffies, __func__,
1533 		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1534 		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1535 #endif
1536 
1537 	error = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif, sta, kc);
1538 	if (error != 0) {
1539 		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1540 		    curthread->td_tid, jiffies, __func__,
1541 		    DISABLE_KEY, "DISABLE", sta->addr, ":", error);
1542 		error = 0;
1543 		goto out;
1544 	}
1545 
1546 #ifdef LINUXKPI_DEBUG_80211
1547 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1548 		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1549 		    "keyidx %u hw_key_idx %u flags %b\n",
1550 		    curthread->td_tid, jiffies, __func__,
1551 		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1552 		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1553 #endif
1554 	lsta->kc[k->wk_keyix] = NULL;
1555 	free(kc, M_LKPI80211);
1556 	error = 1;
1557 out:
1558 	ieee80211_free_node(ni);
1559 	return (error);
1560 }
1561 
1562 static int
1563 lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
1564 {
1565 	struct ieee80211com *ic;
1566 	struct lkpi_hw *lhw;
1567 	struct ieee80211_hw *hw;
1568 	struct lkpi_vif *lvif;
1569 	struct lkpi_sta *lsta;
1570 	struct ieee80211_vif *vif;
1571 	struct ieee80211_sta *sta;
1572 	struct ieee80211_node *ni;
1573 	struct ieee80211_key_conf *kc;
1574 	uint32_t lcipher;
1575 	uint16_t exp_flags;
1576 	uint8_t keylen;
1577 	int error;
1578 
1579 	ic = vap->iv_ic;
1580 	lhw = ic->ic_softc;
1581 	hw = LHW_TO_HW(lhw);
1582 
1583 	/*
1584 	 * Make sure we do not make it here without going through
1585 	 * lkpi_iv_key_update_begin() first.
1586 	 */
1587 	lockdep_assert_wiphy(hw->wiphy);
1588 
1589 	if (IEEE80211_KEY_UNDEFINED(k)) {
1590 		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1591 		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1592 		return (0);
1593 	}
1594 
1595 	if (vap->iv_bss == NULL) {
1596 		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1597 		    __func__, vap->iv_bss, vap);
1598 		return (0);
1599 	}
1600 	ni = ieee80211_ref_node(vap->iv_bss);
1601 	lsta = ni->ni_drv_data;
1602 	if (lsta == NULL) {
1603 		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1604 		    __func__, ni, ni->ni_bssid, ":");
1605 		ieee80211_free_node(ni);
1606 		return (0);
1607 	}
1608 	sta = LSTA_TO_STA(lsta);
1609 
1610 	keylen = k->wk_keylen;
1611 	lcipher = lkpi_net80211_to_l80211_cipher_suite(
1612 	    k->wk_cipher->ic_cipher, k->wk_keylen);
1613 	switch (lcipher) {
1614 	case WLAN_CIPHER_SUITE_TKIP:
1615 		keylen += 2 * k->wk_cipher->ic_miclen;
1616 		break;
1617 	case WLAN_CIPHER_SUITE_CCMP:
1618 	case WLAN_CIPHER_SUITE_GCMP:
1619 		break;
1620 	default:
1621 		ic_printf(ic, "%s: CIPHER SUITE %#x (%s) not supported\n",
1622 		    __func__, lcipher, lkpi_cipher_suite_to_name(lcipher));
1623 		IMPROVE();
1624 		ieee80211_free_node(ni);
1625 		return (0);
1626 	}
1627 
1628 	if (lsta->kc[k->wk_keyix] != NULL) {
1629 		IMPROVE("Still in firmware? Del first. Can we assert this cannot happen?");
1630 		ic_printf(ic, "%s: sta %6D found with key information\n",
1631 		    __func__, sta->addr, ":");
1632 		kc = lsta->kc[k->wk_keyix];
1633 		lsta->kc[k->wk_keyix] = NULL;
1634 		free(kc, M_LKPI80211);
1635 		kc = NULL;	/* safeguard */
1636 	}
1637 
1638 	kc = malloc(sizeof(*kc) + keylen, M_LKPI80211, M_WAITOK | M_ZERO);
1639 	kc->_k = k;		/* Save the pointer to net80211. */
1640 	kc->cipher = lcipher;
1641 	kc->keyidx = k->wk_keyix;
1642 #if 0
1643 	kc->hw_key_idx = /* set by hw and needs to be passed for TX */;
1644 #endif
1645 	atomic64_set(&kc->tx_pn, k->wk_keytsc);
1646 	kc->keylen = k->wk_keylen;
1647 	memcpy(kc->key, k->wk_key, k->wk_keylen);
1648 
1649 	if (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))
1650 		kc->flags |= IEEE80211_KEY_FLAG_PAIRWISE;
1651 	if (k->wk_flags & IEEE80211_KEY_GROUP)
1652 		kc->flags &= ~IEEE80211_KEY_FLAG_PAIRWISE;
1653 
1654 	kc->iv_len = k->wk_cipher->ic_header;
1655 	kc->icv_len = k->wk_cipher->ic_trailer;
1656 
1657 	switch (kc->cipher) {
1658 	case WLAN_CIPHER_SUITE_TKIP:
1659 		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, k->wk_txmic, k->wk_cipher->ic_miclen);
1660 		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY, k->wk_rxmic, k->wk_cipher->ic_miclen);
1661 		break;
1662 	case WLAN_CIPHER_SUITE_CCMP:
1663 	case WLAN_CIPHER_SUITE_GCMP:
1664 		break;
1665 	default:
1666 		/* currently UNREACH */
1667 		IMPROVE();
1668 		break;
1669 	};
1670 	lsta->kc[k->wk_keyix] = kc;
1671 
1672 #ifdef LINUXKPI_DEBUG_80211
1673 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1674 		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1675 		    "kc %p keyidx %u hw_key_idx %u keylen %u flags %b\n",
1676 		    curthread->td_tid, jiffies, __func__,
1677 		    SET_KEY, "SET", sta->addr, ":", kc, kc->keyidx, kc->hw_key_idx,
1678 		    kc->keylen, kc->flags, IEEE80211_KEY_FLAG_BITS);
1679 #endif
1680 
1681 	lvif = VAP_TO_LVIF(vap);
1682 	vif = LVIF_TO_VIF(lvif);
1683 	error = lkpi_80211_mo_set_key(hw, SET_KEY, vif, sta, kc);
1684 	if (error != 0) {
1685 		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1686 		    curthread->td_tid, jiffies, __func__,
1687 		    SET_KEY, "SET", sta->addr, ":", error);
1688 		lsta->kc[k->wk_keyix] = NULL;
1689 		free(kc, M_LKPI80211);
1690 		ieee80211_free_node(ni);
1691 		return (0);
1692 	}
1693 
1694 #ifdef LINUXKPI_DEBUG_80211
1695 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1696 		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1697 		    "kc %p keyidx %u hw_key_idx %u flags %b\n",
1698 		    curthread->td_tid, jiffies, __func__,
1699 		    SET_KEY, "SET", sta->addr, ":",
1700 		    kc, kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1701 #endif
1702 
1703 	exp_flags = 0;
1704 	switch (kc->cipher) {
1705 	case WLAN_CIPHER_SUITE_TKIP:
1706 		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1707 			IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1708 			IEEE80211_KEY_FLAG_GENERATE_MMIC |
1709 			IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
1710 #define	TKIP_INVAL_COMBINATION						\
1711      (IEEE80211_KEY_FLAG_PUT_MIC_SPACE|IEEE80211_KEY_FLAG_GENERATE_MMIC)
1712 		if ((kc->flags & TKIP_INVAL_COMBINATION) == TKIP_INVAL_COMBINATION) {
1713 			ic_printf(ic, "%s: SET_KEY for %s returned invalid "
1714 			    "combination %b\n", __func__,
1715 			    lkpi_cipher_suite_to_name(kc->cipher),
1716 			    kc->flags, IEEE80211_KEY_FLAG_BITS);
1717 		}
1718 #undef	TKIP_INVAL_COMBINATION
1719 #ifdef __notyet__
1720 		/* Do flags surgery; special see linuxkpi_ieee80211_ifattach(). */
1721 		if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) != 0) {
1722 			k->wk_flags &= ~(IEEE80211_KEY_NOMICMGT|IEEE80211_KEY_NOMIC);
1723 			k->wk_flags |= IEEE80211_KEY_SWMIC;
1724 			ic->ic_cryptocaps &= ~IEEE80211_CRYPTO_TKIPMIC
1725 		}
1726 #endif
1727 		break;
1728 	case WLAN_CIPHER_SUITE_CCMP:
1729 	case WLAN_CIPHER_SUITE_GCMP:
1730 		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1731 		    IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1732 		    IEEE80211_KEY_FLAG_GENERATE_IV |
1733 		    IEEE80211_KEY_FLAG_GENERATE_IV_MGMT |	/* Only needs IV geeration for MGMT frames. */
1734 		    IEEE80211_KEY_FLAG_SW_MGMT_TX);		/* MFP in software */
1735 		break;
1736 	}
1737 	if ((kc->flags & ~exp_flags) != 0)
1738 		ic_printf(ic, "%s: SET_KEY for %s returned unexpected key flags: "
1739 		    " %#06x & ~%#06x = %b\n", __func__,
1740 		    lkpi_cipher_suite_to_name(kc->cipher), kc->flags, exp_flags,
1741 		    (kc->flags & ~exp_flags), IEEE80211_KEY_FLAG_BITS);
1742 
1743 #ifdef __notyet__
1744 	/* Do flags surgery. */
1745 	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) == 0)
1746 		k->wk_flags |= IEEE80211_KEY_NOIVMGT;
1747 	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
1748 		k->wk_flags |= IEEE80211_KEY_NOIV;
1749 #endif
1750 
1751 	ieee80211_free_node(ni);
1752 	return (1);
1753 }
1754 
1755 static void
1756 lkpi_iv_key_update_begin(struct ieee80211vap *vap)
1757 {
1758 	struct ieee80211_node_table *nt;
1759 	struct ieee80211com *ic;
1760 	struct lkpi_hw *lhw;
1761 	struct ieee80211_hw *hw;
1762 	struct lkpi_vif *lvif;
1763 	struct ieee80211_node *ni;
1764 	bool icislocked, ntislocked;
1765 
1766 	ic = vap->iv_ic;
1767 	lhw = ic->ic_softc;
1768 	hw = LHW_TO_HW(lhw);
1769 	lvif = VAP_TO_LVIF(vap);
1770 	nt = &ic->ic_sta;
1771 
1772 	icislocked = IEEE80211_IS_LOCKED(ic);
1773 	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1774 
1775 #ifdef LINUXKPI_DEBUG_80211
1776 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1777 		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1778 		    "lvif ic_unlocked %d nt_unlocked %d\n",
1779 		    curthread->td_tid, jiffies, __func__, vap,
1780 		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1781 		    lvif->ic_unlocked, lvif->nt_unlocked);
1782 #endif
1783 
1784 	/*
1785 	 * This is inconsistent net80211 locking to be fixed one day.
1786 	 */
1787 	/* Try to make sure the node does not go away while possibly unlocked. */
1788 	ni = NULL;
1789 	if (icislocked || ntislocked) {
1790 		if (vap->iv_bss != NULL)
1791 			ni = ieee80211_ref_node(vap->iv_bss);
1792 	}
1793 
1794 	if (icislocked)
1795 		IEEE80211_UNLOCK(ic);
1796 	if (ntislocked)
1797 		IEEE80211_NODE_UNLOCK(nt);
1798 
1799 	wiphy_lock(hw->wiphy);
1800 
1801 	KASSERT(lvif->key_update_iv_bss == NULL, ("%s: key_update_iv_bss not NULL %p",
1802 	    __func__, lvif->key_update_iv_bss));
1803 	lvif->key_update_iv_bss = ni;
1804 
1805 	/*
1806 	 * ic/nt_unlocked could be a bool given we are under the lock and there
1807 	 * must only be a single thread.
1808 	 * In case anything in the future disturbs the order the refcnt will
1809 	 * help us catching problems a lot easier.
1810 	 */
1811 	if (icislocked)
1812 		refcount_acquire(&lvif->ic_unlocked);
1813 	if (ntislocked)
1814 		refcount_acquire(&lvif->nt_unlocked);
1815 
1816 	/*
1817 	 * Stop the queues while doing key updates.
1818 	 */
1819 	ieee80211_stop_queues(hw);
1820 }
1821 
1822 static void
1823 lkpi_iv_key_update_end(struct ieee80211vap *vap)
1824 {
1825 	struct ieee80211_node_table *nt;
1826 	struct ieee80211com *ic;
1827 	struct lkpi_hw *lhw;
1828 	struct ieee80211_hw *hw;
1829 	struct lkpi_vif *lvif;
1830 	bool icislocked, ntislocked;
1831 
1832 	ic = vap->iv_ic;
1833 	lhw = ic->ic_softc;
1834 	hw = LHW_TO_HW(lhw);
1835 	lvif = VAP_TO_LVIF(vap);
1836 	nt = &ic->ic_sta;
1837 
1838 	/*
1839 	 * Re-enabled the queues after the key update.
1840 	 */
1841 	lkpi_ieee80211_wake_queues_locked(hw);
1842 
1843 	icislocked = IEEE80211_IS_LOCKED(ic);
1844 	MPASS(!icislocked);
1845 	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1846 	MPASS(!ntislocked);
1847 
1848 #ifdef LINUXKPI_DEBUG_80211
1849 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1850 		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1851 		    "lvif ic_unlocked %d nt_unlocked %d\n",
1852 		    curthread->td_tid, jiffies, __func__, vap,
1853 		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1854 		    lvif->ic_unlocked, lvif->nt_unlocked);
1855 #endif
1856 
1857 	/*
1858 	 * Check under lock; see comment in lkpi_iv_key_update_begin().
1859 	 * In case the refcnt gets out of sync locking in net80211 will
1860 	 * quickly barf as well (trying to unlock a lock not held).
1861 	 */
1862 	icislocked = refcount_release_if_last(&lvif->ic_unlocked);
1863 	ntislocked = refcount_release_if_last(&lvif->nt_unlocked);
1864 
1865 	if (lvif->key_update_iv_bss != NULL) {
1866 		ieee80211_free_node(lvif->key_update_iv_bss);
1867 		lvif->key_update_iv_bss = NULL;
1868 	}
1869 
1870 	wiphy_unlock(hw->wiphy);
1871 
1872 	/*
1873 	 * This is inconsistent net80211 locking to be fixed one day.
1874 	 * ic before nt to avoid a LOR.
1875 	 */
1876 	if (icislocked)
1877 		IEEE80211_LOCK(ic);
1878 	if (ntislocked)
1879 		IEEE80211_NODE_LOCK(nt);
1880 }
1881 #endif
1882 
1883 static void
1884 lkpi_cleanup_mcast_list_locked(struct lkpi_hw *lhw)
1885 {
1886 	struct list_head *le, *next;
1887 	struct netdev_hw_addr *addr;
1888 
1889 	if (lhw->mc_list.count != 0) {
1890 		list_for_each_safe(le, next, &lhw->mc_list.addr_list) {
1891 			addr = list_entry(le, struct netdev_hw_addr, addr_list);
1892 			list_del(le);
1893 			lhw->mc_list.count--;
1894 			free(addr, M_LKPI80211);
1895 		}
1896 	}
1897 	KASSERT(lhw->mc_list.count == 0, ("%s: mc_list %p count %d != 0\n",
1898 	    __func__, &lhw->mc_list, lhw->mc_list.count));
1899 }
1900 
1901 static u_int
1902 lkpi_ic_update_mcast_copy(void *arg, struct sockaddr_dl *sdl, u_int cnt)
1903 {
1904 	struct netdev_hw_addr_list *mc_list;
1905 	struct netdev_hw_addr *addr;
1906 
1907 	KASSERT(arg != NULL && sdl != NULL, ("%s: arg %p sdl %p cnt %u\n",
1908 	    __func__, arg, sdl, cnt));
1909 
1910 	mc_list = arg;
1911 	/* If it is on the list already skip it. */
1912 	netdev_hw_addr_list_for_each(addr, mc_list) {
1913 		if (!memcmp(addr->addr, LLADDR(sdl), sdl->sdl_alen))
1914 			return (0);
1915 	}
1916 
1917 	addr = malloc(sizeof(*addr), M_LKPI80211, M_NOWAIT | M_ZERO);
1918 	if (addr == NULL)
1919 		return (0);
1920 
1921 	INIT_LIST_HEAD(&addr->addr_list);
1922 	memcpy(addr->addr, LLADDR(sdl), sdl->sdl_alen);
1923 	/* XXX this should be a netdev function? */
1924 	list_add(&addr->addr_list, &mc_list->addr_list);
1925 	mc_list->count++;
1926 
1927 #ifdef LINUXKPI_DEBUG_80211
1928 	if (linuxkpi_debug_80211 & D80211_TRACE)
1929 		printf("%s:%d: mc_list count %d: added %6D\n",
1930 		    __func__, __LINE__, mc_list->count, addr->addr, ":");
1931 #endif
1932 
1933 	return (1);
1934 }
1935 
1936 static void
1937 lkpi_update_mcast_filter(struct ieee80211com *ic)
1938 {
1939 	struct lkpi_hw *lhw;
1940 	struct ieee80211_hw *hw;
1941 	u64 mc;
1942 	unsigned int changed_flags, flags;
1943 	bool scanning;
1944 
1945 	lhw = ic->ic_softc;
1946 
1947 	LKPI_80211_LHW_SCAN_LOCK(lhw);
1948 	scanning = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
1949 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
1950 
1951 	LKPI_80211_LHW_MC_LOCK(lhw);
1952 
1953 	flags = 0;
1954 	if (scanning)
1955 		flags |= FIF_BCN_PRBRESP_PROMISC;
1956 	/* The latter condition may not be as expected but seems wise. */
1957 	if (lhw->mc_all_multi || lhw->ops->prepare_multicast == NULL)
1958 		flags |= FIF_ALLMULTI;
1959 
1960 	hw = LHW_TO_HW(lhw);
1961 	mc = lkpi_80211_mo_prepare_multicast(hw, &lhw->mc_list);
1962 
1963 	changed_flags = (lhw->mc_flags ^ flags) & FIF_FLAGS_MASK;
1964 	lkpi_80211_mo_configure_filter(hw, changed_flags, &flags, mc);
1965 	lhw->mc_flags = flags;
1966 
1967 #ifdef LINUXKPI_DEBUG_80211
1968 	if (linuxkpi_debug_80211 & D80211_TRACE)
1969 		printf("%s: changed_flags %#06x count %d mc_flags %#010x\n",
1970 		    __func__, changed_flags, lhw->mc_list.count, lhw->mc_flags);
1971 #endif
1972 
1973 	LKPI_80211_LHW_MC_UNLOCK(lhw);
1974 }
1975 
1976 static enum ieee80211_bss_changed
1977 lkpi_update_dtim_tsf(struct ieee80211_vif *vif, struct ieee80211_node *ni,
1978     struct ieee80211vap *vap, const char *_f, int _l)
1979 {
1980 	enum ieee80211_bss_changed bss_changed;
1981 
1982 	bss_changed = 0;
1983 
1984 #ifdef LINUXKPI_DEBUG_80211
1985 	if (linuxkpi_debug_80211 & D80211_TRACE)
1986 		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
1987 		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
1988 		    "sync_device_ts %u bss_changed %#010jx\n",
1989 			__func__, __LINE__, _f, _l,
1990 			vif->cfg.assoc, vif->cfg.aid,
1991 			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
1992 			vif->bss_conf.sync_dtim_count,
1993 			(uintmax_t)vif->bss_conf.sync_tsf,
1994 			vif->bss_conf.sync_device_ts,
1995 			(uintmax_t)bss_changed);
1996 #endif
1997 
1998 	if (vif->bss_conf.beacon_int != ni->ni_intval) {
1999 		vif->bss_conf.beacon_int = ni->ni_intval;
2000 		/* iwlwifi FW bug workaround; iwl_mvm_mac_sta_state. */
2001 		if (vif->bss_conf.beacon_int < 16)
2002 			vif->bss_conf.beacon_int = 16;
2003 		bss_changed |= BSS_CHANGED_BEACON_INT;
2004 	}
2005 
2006 	/*
2007 	 * lkpi_iv_sta_recv_mgmt() will directly call into this function.
2008 	 * iwlwifi(4) in iwl_mvm_bss_info_changed_station_common() will
2009 	 * stop seesion protection the moment it sees
2010 	 * BSS_CHANGED_BEACON_INFO (with the expectations that it was
2011 	 * "a beacon from the associated AP"). It will also update
2012 	 * the beacon filter in that case.  This is the only place
2013 	 * we set the BSS_CHANGED_BEACON_INFO on the non-teardown
2014 	 * path so make sure we only do run this check once we are
2015 	 * assoc. (*iv_recv_mgmt)() will be called before we enter
2016 	 * here so the ni will be updated with information from the
2017 	 * beacon via net80211::sta_recv_mgmt().  We also need to
2018 	 * make sure we do not do it on every beacon we still may
2019 	 * get so only do if something changed.  vif->bss_conf.dtim_period
2020 	 * should be 0 as we start up (we also reset it on teardown).
2021 	 *
2022 	 * If we are assoc we need to make sure dtim_period is non-0.
2023 	 * 0 is a reserved value and drivers assume they can DIV by it.
2024 	 * In theory this means we need to wait for the first beacon
2025 	 * before we finalize the vif being assoc.  In practise that
2026 	 * is harder until net80211 learns how to.  Work around like
2027 	 * this for the moment.
2028 	 */
2029 	if (vif->cfg.assoc) {
2030 		if (vif->bss_conf.dtim_period != ni->ni_dtim_period &&
2031 	            ni->ni_dtim_period > 0) {
2032 			vif->bss_conf.dtim_period = ni->ni_dtim_period;
2033 			bss_changed |= BSS_CHANGED_BEACON_INFO;
2034 		} else if (vif->bss_conf.dtim_period == 0) {
2035 			vif->bss_conf.dtim_period = 1;
2036 			bss_changed |= BSS_CHANGED_BEACON_INFO;
2037 		}
2038 	}
2039 
2040 	vif->bss_conf.sync_dtim_count = ni->ni_dtim_count;
2041 	vif->bss_conf.sync_tsf = le64toh(ni->ni_tstamp.tsf);
2042 	/* vif->bss_conf.sync_device_ts = set in linuxkpi_ieee80211_rx. */
2043 
2044 #ifdef LINUXKPI_DEBUG_80211
2045 	if (linuxkpi_debug_80211 & D80211_TRACE)
2046 		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
2047 		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
2048 		    "sync_device_ts %u bss_changed %#010jx\n",
2049 			__func__, __LINE__, _f, _l,
2050 			vif->cfg.assoc, vif->cfg.aid,
2051 			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
2052 			vif->bss_conf.sync_dtim_count,
2053 			(uintmax_t)vif->bss_conf.sync_tsf,
2054 			vif->bss_conf.sync_device_ts,
2055 			(uintmax_t)bss_changed);
2056 #endif
2057 
2058 	return (bss_changed);
2059 }
2060 
2061 static void
2062 lkpi_stop_hw_scan(struct lkpi_hw *lhw, struct ieee80211_vif *vif)
2063 {
2064 	struct ieee80211_hw *hw;
2065 	int error;
2066 	bool cancel;
2067 
2068 	TRACE_SCAN(lhw->ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
2069 
2070 	LKPI_80211_LHW_SCAN_LOCK(lhw);
2071 	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
2072 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
2073 	if (!cancel)
2074 		return;
2075 
2076 	hw = LHW_TO_HW(lhw);
2077 
2078 	IEEE80211_UNLOCK(lhw->ic);
2079 	wiphy_lock(hw->wiphy);
2080 	/* Need to cancel the scan. */
2081 	lkpi_80211_mo_cancel_hw_scan(hw, vif);
2082 	wiphy_unlock(hw->wiphy);
2083 
2084 	/* Need to make sure we see ieee80211_scan_completed. */
2085 	LKPI_80211_LHW_SCAN_LOCK(lhw);
2086 	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0)
2087 		error = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz/2);
2088 	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
2089 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
2090 
2091 	IEEE80211_LOCK(lhw->ic);
2092 
2093 	if (cancel)
2094 		ic_printf(lhw->ic, "%s: failed to cancel scan: %d (%p, %p)\n",
2095 		    __func__, error, lhw, vif);
2096 }
2097 
2098 static void
2099 lkpi_hw_conf_idle(struct ieee80211_hw *hw, bool new)
2100 {
2101 	struct lkpi_hw *lhw;
2102 	int error;
2103 	bool old;
2104 
2105 	old = hw->conf.flags & IEEE80211_CONF_IDLE;
2106 	if (old == new)
2107 		return;
2108 
2109 	hw->conf.flags ^= IEEE80211_CONF_IDLE;
2110 	error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_IDLE);
2111 	if (error != 0 && error != EOPNOTSUPP) {
2112 		lhw = HW_TO_LHW(hw);
2113 		ic_printf(lhw->ic, "ERROR: %s: config %#0x returned %d\n",
2114 		    __func__, IEEE80211_CONF_CHANGE_IDLE, error);
2115 	}
2116 }
2117 
2118 static enum ieee80211_bss_changed
2119 lkpi_disassoc(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
2120     struct lkpi_hw *lhw)
2121 {
2122 	enum ieee80211_bss_changed changed;
2123 	struct lkpi_vif *lvif;
2124 
2125 	changed = 0;
2126 	sta->aid = 0;
2127 	if (vif->cfg.assoc) {
2128 
2129 		vif->cfg.assoc = false;
2130 		vif->cfg.aid = 0;
2131 		changed |= BSS_CHANGED_ASSOC;
2132 		IMPROVE();
2133 
2134 		lkpi_update_mcast_filter(lhw->ic);
2135 
2136 		/*
2137 		 * Executing the bss_info_changed(BSS_CHANGED_ASSOC) with
2138 		 * assoc = false right away here will remove the sta from
2139 		 * firmware for iwlwifi.
2140 		 * We no longer do this but only return the BSS_CHNAGED value.
2141 		 * The caller is responsible for removing the sta gong to
2142 		 * IEEE80211_STA_NOTEXIST and then executing the
2143 		 * bss_info_changed() update.
2144 		 * See DOWN4 for more detailed comment.
2145 		 */
2146 
2147 		lvif = VIF_TO_LVIF(vif);
2148 		lvif->beacons = 0;
2149 	}
2150 
2151 	return (changed);
2152 }
2153 
2154 static void
2155 lkpi_wake_tx_queues(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
2156     bool dequeue_seen, bool no_emptyq)
2157 {
2158 	struct lkpi_txq *ltxq;
2159 	int tid;
2160 	bool ltxq_empty;
2161 
2162 	/* Wake up all queues to know they are allocated in the driver. */
2163 	for (tid = 0; tid < nitems(sta->txq); tid++) {
2164 
2165 		if (tid == IEEE80211_NUM_TIDS) {
2166 			IMPROVE("station specific?");
2167 			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ))
2168 				continue;
2169 		} else if (tid >= hw->queues)
2170 			continue;
2171 
2172 		if (sta->txq[tid] == NULL)
2173 			continue;
2174 
2175 		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
2176 		if (dequeue_seen && !ltxq->seen_dequeue)
2177 			continue;
2178 
2179 		LKPI_80211_LTXQ_LOCK(ltxq);
2180 		ltxq_empty = skb_queue_empty(&ltxq->skbq);
2181 		LKPI_80211_LTXQ_UNLOCK(ltxq);
2182 		if (no_emptyq && ltxq_empty)
2183 			continue;
2184 
2185 		lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid], false);
2186 	}
2187 }
2188 
2189 /*
2190  * On the way down from RUN -> ASSOC -> AUTH we may send a DISASSOC or DEAUTH
2191  * packet.  The problem is that the state machine functions tend to hold the
2192  * LHW lock which will prevent lkpi_80211_txq_tx_one() from sending the packet.
2193  * We call this after dropping the ic lock and before acquiring the LHW lock.
2194  * we make sure no further packets are queued and if they are queued the task
2195  * will finish or be cancelled.  At the end if a packet is left we manually
2196  * send it.  scan_to_auth() would re-enable sending if the lsta would be
2197  * re-used.
2198  */
2199 static void
2200 lkpi_80211_flush_tx(struct lkpi_hw *lhw, struct lkpi_sta *lsta)
2201 {
2202 	struct ieee80211_hw *hw;
2203 	struct mbufq mq;
2204 	struct mbuf *m;
2205 	int len;
2206 
2207 	/* There is no lockdep_assert_not_held_wiphy(). */
2208 	hw = LHW_TO_HW(lhw);
2209 	lockdep_assert_not_held(&hw->wiphy->mtx);
2210 
2211 	/* Do not accept any new packets until scan_to_auth or lsta_free(). */
2212 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2213 	lsta->txq_ready = false;
2214 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2215 
2216 	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
2217 		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
2218 
2219 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2220 	len = mbufq_len(&lsta->txq);
2221 	if (len <= 0) {
2222 		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2223 		return;
2224 	}
2225 
2226 	mbufq_init(&mq, IFQ_MAXLEN);
2227 	mbufq_concat(&mq, &lsta->txq);
2228 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2229 
2230 	m = mbufq_dequeue(&mq);
2231 	while (m != NULL) {
2232 		lkpi_80211_txq_tx_one(lsta, m);
2233 		m = mbufq_dequeue(&mq);
2234 	}
2235 }
2236 
2237 static void
2238 lkpi_init_chandef(struct ieee80211com *ic __unused,
2239     struct cfg80211_chan_def *chandef,
2240     struct linuxkpi_ieee80211_channel *chan, struct ieee80211_channel *c,
2241     bool can_ht)
2242 {
2243 
2244 	cfg80211_chandef_create(chandef, chan,
2245 	    (can_ht) ? NL80211_CHAN_HT20 : NL80211_CHAN_NO_HT);
2246 	chandef->center_freq1 = ieee80211_get_channel_center_freq1(c);
2247 	chandef->center_freq2 = ieee80211_get_channel_center_freq2(c);
2248 
2249 	IMPROVE("Check ht/vht_cap from band not just chan? See lkpi_sta_sync_from_ni...");
2250 #ifdef LKPI_80211_HT
2251 	if (IEEE80211_IS_CHAN_HT(c)) {
2252 		if (IEEE80211_IS_CHAN_HT40(c))
2253 			chandef->width = NL80211_CHAN_WIDTH_40;
2254 		else
2255 			chandef->width = NL80211_CHAN_WIDTH_20;
2256 	}
2257 #endif
2258 #ifdef LKPI_80211_VHT
2259 	if (IEEE80211_IS_CHAN_VHT_5GHZ(c)) {
2260 		if (IEEE80211_IS_CHAN_VHT80P80(c))
2261 			chandef->width = NL80211_CHAN_WIDTH_80P80;
2262 		else if (IEEE80211_IS_CHAN_VHT160(c))
2263 			chandef->width = NL80211_CHAN_WIDTH_160;
2264 		else if (IEEE80211_IS_CHAN_VHT80(c))
2265 			chandef->width = NL80211_CHAN_WIDTH_80;
2266 	}
2267 #endif
2268 
2269 #ifdef LINUXKPI_DEBUG_80211
2270 	if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
2271 		ic_printf(ic, "%s:%d: chandef %p { chan %p { %u }, "
2272 		    "width %d cfreq1 %u cfreq2 %u punctured %u }\n",
2273 		    __func__, __LINE__, chandef,
2274 		    chandef->chan, chandef->chan->center_freq,
2275 		    chandef->width,
2276 		    chandef->center_freq1, chandef->center_freq2,
2277 		    chandef->punctured);
2278 #endif
2279 }
2280 
2281 static uint32_t
2282 lkpi_init_chanctx_conf(struct ieee80211_hw *hw,
2283     struct cfg80211_chan_def *chandef,
2284     struct ieee80211_chanctx_conf *chanctx_conf)
2285 {
2286 	uint32_t changed;
2287 
2288 	lockdep_assert_wiphy(hw->wiphy);
2289 
2290 	changed = 0;
2291 
2292 	chanctx_conf->rx_chains_static = 1;
2293 	chanctx_conf->rx_chains_dynamic = 1;
2294 	changed |= IEEE80211_CHANCTX_CHANGE_RX_CHAINS;
2295 
2296 	if (chanctx_conf->radar_enabled != hw->conf.radar_enabled) {
2297 		chanctx_conf->radar_enabled = hw->conf.radar_enabled;
2298 		changed |= IEEE80211_CHANCTX_CHANGE_RADAR;
2299 	}
2300 
2301 	chanctx_conf->def = *chandef;
2302 	changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
2303 
2304 	/* One day we should figure this out; is for iwlwifi-only. */
2305 	chanctx_conf->min_def = chanctx_conf->def;
2306 	changed |= IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
2307 
2308 	/* chanctx_conf->ap = */
2309 
2310 	return (changed);
2311 }
2312 
2313 static struct lkpi_chanctx *
2314 lkpi_alloc_lchanctx(struct ieee80211_hw *hw, struct lkpi_vif *lvif)
2315 {
2316 	struct lkpi_chanctx *lchanctx;
2317 
2318 	lchanctx = malloc(sizeof(*lchanctx) + hw->chanctx_data_size,
2319 	    M_LKPI80211, M_WAITOK | M_ZERO);
2320 	lchanctx->lvif = lvif;
2321 
2322 	return (lchanctx);
2323 }
2324 
2325 static struct lkpi_chanctx *
2326 lkpi_find_lchanctx_reserved(struct ieee80211_hw *hw, struct lkpi_vif *lvif)
2327 {
2328 	struct lkpi_hw *lhw;
2329 	struct lkpi_chanctx *lchanctx;
2330 	bool found;
2331 
2332 	lhw = HW_TO_LHW(hw);
2333 
2334 	found = false;
2335 	rcu_read_lock();
2336 	list_for_each_entry_rcu(lchanctx, &lhw->lchanctx_list_reserved, entry) {
2337 		if (lchanctx->lvif == lvif) {
2338 			found = true;
2339 			break;
2340 		}
2341 	}
2342 	rcu_read_unlock();
2343 
2344 	if (!found) {
2345 		lchanctx = lkpi_alloc_lchanctx(hw, lvif);
2346 		list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list_reserved);
2347 	}
2348 
2349 	return (lchanctx);
2350 }
2351 
2352 static struct ieee80211_chanctx_conf *
2353 lkpi_get_chanctx_conf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2354 {
2355 	struct ieee80211_chanctx_conf *chanctx_conf;
2356 
2357 	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2358 	    lockdep_is_held(&hw->wiphy->mtx));
2359 	if (chanctx_conf == NULL) {
2360 		struct lkpi_chanctx *lchanctx;
2361 		struct lkpi_vif *lvif;
2362 
2363 		lvif = VIF_TO_LVIF(vif);
2364 		lchanctx = lkpi_find_lchanctx_reserved(hw, lvif);
2365 		KASSERT(lchanctx != NULL, ("%s: hw %p, vif %p no lchanctx\n",
2366 		    __func__, hw, vif));
2367 		list_del(&lchanctx->entry);
2368 		chanctx_conf = &lchanctx->chanctx_conf;
2369 	}
2370 	/* else { IMPROVE("diff changes for changed, working on live copy, rcu"); } */
2371 
2372 	return (chanctx_conf);
2373 }
2374 
2375 static int
2376 lkpi_set_chanctx_conf(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2377     struct ieee80211_chanctx_conf *chanctx_conf,
2378     uint32_t changed, bool changed_set)
2379 {
2380 	struct lkpi_hw *lhw;
2381 	struct lkpi_chanctx *lchanctx;
2382 	int error;
2383 
2384 	if (vif->bss_conf.chanctx_conf == chanctx_conf) {
2385 		if (!changed_set) {
2386 			IMPROVE("OBSOLETE?");
2387 			changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
2388 			changed |= IEEE80211_CHANCTX_CHANGE_RADAR;
2389 			changed |= IEEE80211_CHANCTX_CHANGE_RX_CHAINS;
2390 			changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
2391 		}
2392 		lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
2393 
2394 		return (0);
2395 	}
2396 
2397 	lhw = HW_TO_LHW(hw);
2398 
2399 	/* The device is no longer idle. */
2400 	IMPROVE("Once we do multi-vif, only do for 1st chanctx");
2401 	lkpi_hw_conf_idle(hw, false);
2402 
2403 	error = lkpi_80211_mo_add_chanctx(hw, chanctx_conf);
2404 	if (error != 0 && error != EOPNOTSUPP) {
2405 		ic_printf(lhw->ic, "%s:%d: mo_add_chanctx "
2406 		    "failed: %d\n", __func__, __LINE__, error);
2407 		return (error);
2408 	}
2409 
2410 	vif->bss_conf.chanreq.oper.chan = chanctx_conf->def.chan;
2411 	vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
2412 	vif->bss_conf.chanreq.oper.center_freq1 =
2413 	    chanctx_conf->def.center_freq1;
2414 	vif->bss_conf.chanreq.oper.center_freq2 =
2415 	    chanctx_conf->def.center_freq2;
2416 
2417 	lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2418 	list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list);
2419 	rcu_assign_pointer(vif->bss_conf.chanctx_conf, chanctx_conf);
2420 
2421 	/* Assign vif chanctx. */
2422 	if (error == 0)
2423 		error = lkpi_80211_mo_assign_vif_chanctx(hw, vif,
2424 		    &vif->bss_conf, chanctx_conf);
2425 	if (error == EOPNOTSUPP)
2426 		error = 0;
2427 	if (error != 0) {
2428 		ic_printf(lhw->ic, "%s:%d: mo_assign_vif_chanctx "
2429 		    "failed: %d\n", __func__, __LINE__, error);
2430 		lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2431 		rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2432 		lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2433 		list_del(&lchanctx->entry);
2434 		memset(lchanctx, 0, sizeof(*lchanctx));
2435 		lchanctx->lvif = VIF_TO_LVIF(vif);
2436 		list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list_reserved);
2437 	}
2438 
2439 	return (error);
2440 }
2441 
2442 static void
2443 lkpi_remove_chanctx(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2444 {
2445 	struct lkpi_hw *lhw;
2446 	struct ieee80211_chanctx_conf *chanctx_conf;
2447 	struct lkpi_chanctx *lchanctx;
2448 
2449 	lockdep_assert_wiphy(hw->wiphy);
2450 
2451 	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2452 	    lockdep_is_held(&hw->wiphy->mtx));
2453 
2454 	if (chanctx_conf == NULL)
2455 		return;
2456 
2457 	/* Remove vif context. */
2458 	lkpi_80211_mo_unassign_vif_chanctx(hw, vif, &vif->bss_conf, chanctx_conf);
2459 
2460 	lkpi_hw_conf_idle(hw, true);
2461 
2462 	/* Remove chan ctx. */
2463 	lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2464 
2465 	/* Cleanup. */
2466 	rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2467 	lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2468 	list_del(&lchanctx->entry);
2469 	lhw = HW_TO_LHW(hw);
2470 	memset(lchanctx, 0, sizeof(*lchanctx));
2471 	lchanctx->lvif = VIF_TO_LVIF(vif);
2472 	list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list_reserved);
2473 }
2474 
2475 /* -------------------------------------------------------------------------- */
2476 
2477 /* Any other options belong here? Check more drivers. */
2478 #define	BSS_CHANGED_VIF_CFG_BITS					\
2479     (BSS_CHANGED_SSID | BSS_CHANGED_IDLE | BSS_CHANGED_PS | BSS_CHANGED_ASSOC | \
2480     BSS_CHANGED_ARP_FILTER | BSS_CHANGED_MLD_VALID_LINKS | BSS_CHANGED_MLD_TTLM)
2481 
2482 static void
2483 lkpi_bss_info_change(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2484     enum ieee80211_bss_changed bss_changed)
2485 {
2486 	struct lkpi_vif *lvif;
2487 	enum ieee80211_bss_changed vif_cfg_bits, link_info_bits;
2488 
2489 	if (ieee80211_vif_is_mld(vif)) {
2490 		TODO("This likely needs a subset only; split up into 3 parts.");
2491 	}
2492 
2493 	/* Nothing to do? */
2494 	if (bss_changed == 0)
2495 		return;
2496 
2497 	/*
2498 	 * If the vif is not known to the driver there is nothing to notifiy for.
2499 	 * We MUST NOT check for !lvif_bss_synched here (the reasonable it seems)
2500 	 * as we need to execute the update(s) or we will have follow-up issues.
2501 	 */
2502 	lvif = VIF_TO_LVIF(vif);
2503 	if (!lvif->added_to_drv)
2504 		return;
2505 
2506 	/*
2507 	 * With the advent of MLO bss_conf got split up into vif and link
2508 	 * change notfications, while historically it was one.
2509 	 * We now need to support all possible models.
2510 	 */
2511 	vif_cfg_bits = bss_changed & BSS_CHANGED_VIF_CFG_BITS;
2512 	if (vif_cfg_bits != 0)
2513 		lkpi_80211_mo_vif_cfg_changed(hw, vif, vif_cfg_bits, false);
2514 
2515 	link_info_bits = bss_changed & ~(BSS_CHANGED_VIF_CFG_BITS);
2516 	if (link_info_bits != 0)
2517 		lkpi_80211_mo_link_info_changed(hw, vif, &vif->bss_conf,
2518 		    link_info_bits, 0, false);
2519 
2520 	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2521 }
2522 
2523 /* -------------------------------------------------------------------------- */
2524 
2525 static int
2526 lkpi_sta_state_do_nada(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2527 {
2528 	return (0);
2529 }
2530 
2531 /* UP1 */
2532 static int
2533 lkpi_sta_init_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2534 {
2535 	return (lkpi_sta_state_do_nada(vap, nstate, arg));
2536 }
2537 
2538 /* UP2 */
2539 static int
2540 lkpi_sta_scan_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2541 {
2542 	struct linuxkpi_ieee80211_channel *chan;
2543 	struct cfg80211_chan_def chandef;
2544 	struct ieee80211_chanctx_conf *chanctx_conf;
2545 	struct lkpi_hw *lhw;
2546 	struct ieee80211_hw *hw;
2547 	struct lkpi_vif *lvif;
2548 	struct ieee80211_vif *vif;
2549 	struct ieee80211_node *ni;
2550 	struct lkpi_sta *lsta;
2551 	enum ieee80211_bss_changed bss_changed;
2552 	struct ieee80211_prep_tx_info prep_tx_info;
2553 	uint32_t changed;
2554 	int error;
2555 	bool synched, can_ht;
2556 
2557 	/*
2558 	 * In here we use vap->iv_bss until lvif->lvif_bss is set.
2559 	 * For all later (STATE >= AUTH) functions we need to use the lvif
2560 	 * cache which will be tracked even through (*iv_update_bss)().
2561 	 */
2562 
2563 	if (vap->iv_bss == NULL) {
2564 		ic_printf(vap->iv_ic, "%s: no iv_bss for vap %p\n", __func__, vap);
2565 		return (EINVAL);
2566 	}
2567 	/*
2568 	 * Keep the ni alive locally.  In theory (and practice) iv_bss can change
2569 	 * once we unlock here.  This is due to net80211 allowing state changes
2570 	 * and new join1() despite having an active node as well as due to
2571 	 * the fact that the iv_bss can be swapped under the hood in (*iv_update_bss).
2572 	 */
2573 	ni = ieee80211_ref_node(vap->iv_bss);
2574 	if (ni->ni_chan == NULL || ni->ni_chan == IEEE80211_CHAN_ANYC) {
2575 		ic_printf(vap->iv_ic, "%s: no channel set for iv_bss ni %p "
2576 		    "on vap %p\n", __func__, ni, vap);
2577 		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2578 		return (EINVAL);
2579 	}
2580 
2581 	lhw = vap->iv_ic->ic_softc;
2582 	chan = lkpi_find_lkpi80211_chan(lhw, ni->ni_chan);
2583 	if (chan == NULL) {
2584 		ic_printf(vap->iv_ic, "%s: failed to get LKPI channel from "
2585 		    "iv_bss ni %p on vap %p\n", __func__, ni, vap);
2586 		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2587 		return (ESRCH);
2588 	}
2589 
2590 	hw = LHW_TO_HW(lhw);
2591 	lvif = VAP_TO_LVIF(vap);
2592 	vif = LVIF_TO_VIF(lvif);
2593 
2594 	LKPI_80211_LVIF_LOCK(lvif);
2595 	/* XXX-BZ KASSERT later? */
2596 	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL) {
2597 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2598 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2599 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2600 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2601 		    lvif->lvif_bss_synched);
2602 		LKPI_80211_LVIF_UNLOCK(lvif);
2603 		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2604 		return (EBUSY);
2605 	}
2606 	LKPI_80211_LVIF_UNLOCK(lvif);
2607 
2608 	IEEE80211_UNLOCK(vap->iv_ic);
2609 	wiphy_lock(hw->wiphy);
2610 
2611 	/* Add chanctx (or if exists, change it). */
2612 	chanctx_conf = lkpi_get_chanctx_conf(hw, vif);
2613 
2614 	KASSERT(ni->ni_chan != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC,
2615 	   ("%s:%d: ni %p ni_chan %p\n", __func__, __LINE__, ni, ni->ni_chan));
2616 
2617 #ifdef LKPI_80211_HT
2618 	can_ht = (vap->iv_ic->ic_flags_ht & IEEE80211_FHT_HT) != 0;
2619 #else
2620 	can_ht = false;
2621 #endif
2622 	lkpi_init_chandef(vap->iv_ic, &chandef, chan, ni->ni_chan, can_ht);
2623 	hw->conf.radar_enabled =
2624 	    ((chan->flags & IEEE80211_CHAN_RADAR) != 0) ? true : false;
2625 	hw->conf.chandef = chandef;
2626 	vif->bss_conf.chanreq.oper = hw->conf.chandef;
2627 #ifdef LINUXKPI_DEBUG_80211
2628 	if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
2629 		ic_printf(vap->iv_ic, "%s:%d: hw->conf.chandef %p = chandef %p = "
2630 		    "vif->bss_conf.chanreq.oper %p\n", __func__, __LINE__,
2631 		    &hw->conf.chandef, &chandef, &vif->bss_conf.chanreq.oper);
2632 #endif
2633 
2634 	changed = lkpi_init_chanctx_conf(hw, &chandef, chanctx_conf);
2635 
2636 	/* Responder ... */
2637 
2638 	/* Set bss info (bss_info_changed). */
2639 	bss_changed = 0;
2640 	IEEE80211_ADDR_COPY(vif->cfg.ap_addr, ni->ni_bssid);
2641 	vif->bss_conf.bssid = ni->ni_bssid;
2642 	bss_changed |= BSS_CHANGED_BSSID;
2643 	vif->bss_conf.txpower = ni->ni_txpower;
2644 	bss_changed |= BSS_CHANGED_TXPOWER;
2645 	vif->cfg.idle = false;
2646 	bss_changed |= BSS_CHANGED_IDLE;
2647 
2648 	/* vif->bss_conf.basic_rates ? Where exactly? */
2649 
2650 	lvif->beacons = 0;
2651 	/* Should almost assert it is this. */
2652 	vif->cfg.assoc = false;
2653 	vif->cfg.aid = 0;
2654 
2655 	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
2656 
2657 	error = lkpi_set_chanctx_conf(hw, vif, chanctx_conf, changed, true);
2658 	if (error != 0)
2659 		goto out;
2660 
2661 	IMPROVE("update radiotap chan fields too");
2662 
2663 	/* RATES */
2664 	IMPROVE("bss info: not all needs to come now and rates are missing");
2665 	lkpi_bss_info_change(hw, vif, bss_changed);
2666 
2667 	/*
2668 	 * Given ni and lsta are 1:1 from alloc to free we can assert that
2669 	 * ni always has lsta data attach despite net80211 node swapping
2670 	 * under the hoods.
2671 	 */
2672 	KASSERT(ni->ni_drv_data != NULL, ("%s: ni %p ni_drv_data %p\n",
2673 	    __func__, ni, ni->ni_drv_data));
2674 	lsta = ni->ni_drv_data;
2675 
2676 	/* Insert the [l]sta into the list of known stations. */
2677 	list_add_tail(&lsta->lsta_list, &lvif->lsta_list);
2678 
2679 	/* Add (or adjust) sta and change state (from NOTEXIST) to NONE. */
2680 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2681 	KASSERT(lsta->state == IEEE80211_STA_NOTEXIST, ("%s: lsta %p state not "
2682 	    "NOTEXIST: %#x\n", __func__, lsta, lsta->state));
2683 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
2684 	if (error != 0) {
2685 		IMPROVE("do we need to undo the chan ctx?");
2686 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
2687 		    "failed: %d\n", __func__, __LINE__, error);
2688 		goto out;
2689 	}
2690 #if 0
2691 	lsta->added_to_drv = true;	/* mo manages. */
2692 #endif
2693 
2694 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2695 
2696 #if 0
2697 	/*
2698 	 * Wakeup all queues now that sta is there so we have as much time to
2699 	 * possibly prepare the queue in the driver to be ready for the 1st
2700 	 * packet;  lkpi_80211_txq_tx_one() still has a workaround as there
2701 	 * is no guarantee or way to check.
2702 	 * XXX-BZ and by now we know that this does not work on all drivers
2703 	 * for all queues.
2704 	 */
2705 	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, false);
2706 #endif
2707 
2708 	/* Start mgd_prepare_tx. */
2709 	memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2710 	prep_tx_info.duration = PREP_TX_INFO_DURATION;		/* SAE */
2711 	prep_tx_info.subtype = IEEE80211_STYPE_AUTH;
2712 	prep_tx_info.link_id = 0;
2713 	lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2714 	lsta->in_mgd = true;
2715 
2716 	/*
2717 	 * What is going to happen next:
2718 	 * - <twiddle> .. we should end up in "auth_to_assoc"
2719 	 * - event_callback
2720 	 * - update sta_state (NONE to AUTH)
2721 	 * - mgd_complete_tx
2722 	 * (ideally we'd do that on a callback for something else ...)
2723 	 */
2724 
2725 	wiphy_unlock(hw->wiphy);
2726 	IEEE80211_LOCK(vap->iv_ic);
2727 
2728 	LKPI_80211_LVIF_LOCK(lvif);
2729 	/* Re-check given (*iv_update_bss) could have happened while we were unlocked. */
2730 	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL ||
2731 	    lsta->ni != vap->iv_bss)
2732 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2733 		    "lvif_bss->ni %p synched %d, ni %p lsta %p\n", __func__, __LINE__,
2734 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2735 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2736 		    lvif->lvif_bss_synched, ni, lsta);
2737 
2738 	/*
2739 	 * Reference the "ni" for caching the lsta/ni in lvif->lvif_bss.
2740 	 * Given we cache lsta we use lsta->ni instead of ni here (even though
2741 	 * lsta->ni == ni) to be distinct from the rest of the code where we do
2742 	 * assume that ni == vap->iv_bss which it may or may not be.
2743 	 * So do NOT use iv_bss here anymore as that may have diverged from our
2744 	 * function local ni already while ic was unlocked and would lead to
2745 	 * inconsistencies.  Go and see if we lost a race and do not update
2746 	 * lvif_bss_synched in that case.
2747 	 */
2748 	ieee80211_ref_node(lsta->ni);
2749 	lvif->lvif_bss = lsta;
2750 	if (lsta->ni == vap->iv_bss) {
2751 		lvif->lvif_bss_synched = synched = true;
2752 	} else {
2753 		/* Set to un-synched no matter what. */
2754 		lvif->lvif_bss_synched = synched = false;
2755 		/*
2756 		 * We do not error as someone has to take us down.
2757 		 * If we are followed by a 2nd, new net80211::join1() going to
2758 		 * AUTH lkpi_sta_a_to_a() will error, lkpi_sta_auth_to_{scan,init}()
2759 		 * will take the lvif->lvif_bss node down eventually.
2760 		 * What happens with the vap->iv_bss node will entirely be up
2761 		 * to net80211 as we never used the node beyond alloc()/free()
2762 		 * and we do not hold an extra reference for that anymore given
2763 		 * ni : lsta == 1:1.
2764 		 * Problem is if we do not error a MGMT/AUTH frame will be
2765 		 * sent from net80211::sta_newstate(); disable lsta queue below.
2766 		 */
2767 	}
2768 	LKPI_80211_LVIF_UNLOCK(lvif);
2769 	/*
2770 	 * Make sure in case the sta did not change and we re-added it,
2771 	 * that we can tx again but only if the vif/iv_bss are in sync.
2772 	 * Otherwise this should prevent the MGMT/AUTH frame from being
2773 	 * sent triggering a warning in iwlwifi.
2774 	 */
2775 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2776 	lsta->txq_ready = synched;
2777 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2778 	goto out_relocked;
2779 
2780 out:
2781 	wiphy_unlock(hw->wiphy);
2782 	IEEE80211_LOCK(vap->iv_ic);
2783 out_relocked:
2784 	/*
2785 	 * Release the reference that kept the ni stable locally
2786 	 * during the work of this function.
2787 	 */
2788 	if (ni != NULL)
2789 		ieee80211_free_node(ni);
2790 	return (error);
2791 }
2792 
2793 /* UP3.1 */
2794 static int
2795 lkpi_sta_auth_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2796 {
2797 	struct lkpi_hw *lhw;
2798 	struct ieee80211_hw *hw;
2799 	struct lkpi_vif *lvif;
2800 	struct ieee80211_vif *vif;
2801 	struct lkpi_sta *lsta;
2802 	struct ieee80211_prep_tx_info prep_tx_info;
2803 	int error;
2804 
2805 	lhw = vap->iv_ic->ic_softc;
2806 	hw = LHW_TO_HW(lhw);
2807 	lvif = VAP_TO_LVIF(vap);
2808 	vif = LVIF_TO_VIF(lvif);
2809 
2810 	IEEE80211_UNLOCK(vap->iv_ic);
2811 	wiphy_lock(hw->wiphy);
2812 
2813 	LKPI_80211_LVIF_LOCK(lvif);
2814 	/* XXX-BZ KASSERT later? */
2815 	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2816 #ifdef LINUXKPI_DEBUG_80211
2817 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2818 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2819 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2820 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2821 		    lvif->lvif_bss_synched);
2822 #endif
2823 		error = ENOTRECOVERABLE;
2824 		LKPI_80211_LVIF_UNLOCK(lvif);
2825 		goto out;
2826 	}
2827 	lsta = lvif->lvif_bss;
2828 	LKPI_80211_LVIF_UNLOCK(lvif);
2829 
2830 	KASSERT(lsta != NULL, ("%s: lsta %p\n", __func__, lsta));
2831 
2832 	/* Finish auth. */
2833 	IMPROVE("event callback");
2834 
2835 	/* Update sta_state (NONE to AUTH). */
2836 	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2837 	    "NONE: %#x\n", __func__, lsta, lsta->state));
2838 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
2839 	if (error != 0) {
2840 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
2841 		    "failed: %d\n", __func__, __LINE__, error);
2842 		goto out;
2843 	}
2844 
2845 	/* End mgd_complete_tx. */
2846 	if (lsta->in_mgd) {
2847 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2848 		prep_tx_info.subtype = IEEE80211_STYPE_AUTH;
2849 		prep_tx_info.success = true;
2850 		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2851 		lsta->in_mgd = false;
2852 	}
2853 
2854 	/* Now start assoc. unless nstate=RUN (auth_to_run). */
2855 
2856 	/* Start mgd_prepare_tx. */
2857 	if (nstate == IEEE80211_S_ASSOC && !lsta->in_mgd) {
2858 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2859 		prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
2860 		prep_tx_info.link_id = 0;
2861 		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2862 		lsta->in_mgd = true;
2863 	}
2864 
2865 #if 0
2866 	/* We do not yet have a packet to go out. */
2867 	/* Wake tx queue to get packet out. */
2868 	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, true);
2869 #endif
2870 
2871 	/*
2872 	 * <twiddle> .. we end up in "assoc_to_run"
2873 	 * - update sta_state (AUTH to ASSOC)
2874 	 * - conf_tx [all]
2875 	 * - bss_info_changed (assoc, aid, ssid, ..)
2876 	 * - change_chanctx (if needed)
2877 	 * - event_callback
2878 	 * - mgd_complete_tx
2879 	 */
2880 
2881 out:
2882 	wiphy_unlock(hw->wiphy);
2883 	IEEE80211_LOCK(vap->iv_ic);
2884 	return (error);
2885 }
2886 
2887 static int lkpi_sta_assoc_to_run(struct ieee80211vap *, enum ieee80211_state, int);
2888 
2889 /* UP3.2 */
2890 static int
2891 lkpi_sta_auth_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2892 {
2893 	int error;
2894 
2895 	error = lkpi_sta_auth_to_assoc(vap, nstate, arg);
2896 	if (error == 0)
2897 		error = lkpi_sta_assoc_to_run(vap, nstate, arg);
2898 	return (error);
2899 }
2900 
2901 /* UP4 */
2902 static int
2903 lkpi_sta_assoc_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2904 {
2905 	struct lkpi_hw *lhw;
2906 	struct ieee80211_hw *hw;
2907 	struct lkpi_vif *lvif;
2908 	struct ieee80211_vif *vif;
2909 	struct ieee80211_node *ni;
2910 	struct lkpi_sta *lsta;
2911 	struct ieee80211_sta *sta;
2912 	struct ieee80211_prep_tx_info prep_tx_info;
2913 	enum ieee80211_bss_changed bss_changed;
2914 	int error;
2915 
2916 	lhw = vap->iv_ic->ic_softc;
2917 	hw = LHW_TO_HW(lhw);
2918 	lvif = VAP_TO_LVIF(vap);
2919 	vif = LVIF_TO_VIF(lvif);
2920 
2921 	IEEE80211_UNLOCK(vap->iv_ic);
2922 	wiphy_lock(hw->wiphy);
2923 
2924 	LKPI_80211_LVIF_LOCK(lvif);
2925 	/* XXX-BZ KASSERT later? */
2926 	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2927 #ifdef LINUXKPI_DEBUG_80211
2928 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2929 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2930 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2931 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2932 		    lvif->lvif_bss_synched);
2933 #endif
2934 		LKPI_80211_LVIF_UNLOCK(lvif);
2935 		error = ENOTRECOVERABLE;
2936 		goto out;
2937 	}
2938 	lsta = lvif->lvif_bss;
2939 	LKPI_80211_LVIF_UNLOCK(lvif);
2940 	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
2941 	    "lvif %p vap %p\n", __func__,
2942 	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
2943 
2944 	ni = lsta->ni;		/* Reference held for lvif_bss. */
2945 
2946 	IMPROVE("ponder some of this moved to ic_newassoc, scan_assoc_success, "
2947 	    "and to lesser extend ieee80211_notify_node_join");
2948 
2949 	/* Finish assoc. (even if this is auth_to_run!) */
2950 	/* Update sta_state (AUTH to ASSOC) and set aid. */
2951 	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
2952 	    "AUTH: %#x\n", __func__, lsta, lsta->state));
2953 	sta = LSTA_TO_STA(lsta);
2954 	sta->aid = IEEE80211_NODE_AID(ni);
2955 #ifdef LKPI_80211_WME
2956 	if (vap->iv_flags & IEEE80211_F_WME)
2957 		sta->wme = true;
2958 #endif
2959 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
2960 	if (error != 0) {
2961 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
2962 		    "failed: %d\n", __func__, __LINE__, error);
2963 		goto out;
2964 	}
2965 
2966 	IMPROVE("wme / conf_tx [all]");
2967 
2968 	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
2969 	bss_changed = 0;
2970 #ifdef LKPI_80211_WME
2971 	bss_changed |= lkpi_wme_update(lhw, vap, true);
2972 #endif
2973 	if (!vif->cfg.assoc || vif->cfg.aid != IEEE80211_NODE_AID(ni)) {
2974 		lvif->beacons = 0;
2975 		vif->cfg.assoc = true;
2976 		vif->cfg.aid = IEEE80211_NODE_AID(ni);
2977 		bss_changed |= BSS_CHANGED_ASSOC;
2978 	}
2979 	/* We set SSID but this is not BSSID! */
2980 	vif->cfg.ssid_len = ni->ni_esslen;
2981 	memcpy(vif->cfg.ssid, ni->ni_essid, ni->ni_esslen);
2982 	if ((vap->iv_flags & IEEE80211_F_SHPREAMBLE) !=
2983 	    vif->bss_conf.use_short_preamble) {
2984 		vif->bss_conf.use_short_preamble ^= 1;
2985 		/* bss_changed |= BSS_CHANGED_??? */
2986 	}
2987 	if ((vap->iv_flags & IEEE80211_F_SHSLOT) !=
2988 	    vif->bss_conf.use_short_slot) {
2989 		vif->bss_conf.use_short_slot ^= 1;
2990 		/* bss_changed |= BSS_CHANGED_??? */
2991 	}
2992 	if ((ni->ni_flags & IEEE80211_NODE_QOS) !=
2993 	    vif->bss_conf.qos) {
2994 		vif->bss_conf.qos ^= 1;
2995 		bss_changed |= BSS_CHANGED_QOS;
2996 	}
2997 
2998 	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
2999 	lkpi_bss_info_change(hw, vif, bss_changed);
3000 
3001 	/* - change_chanctx (if needed)
3002 	 * - event_callback
3003 	 */
3004 
3005 	/* End mgd_complete_tx. (we do not have to check ostate == IEEE80211_S_ASSOC). */
3006 	if (lsta->in_mgd) {
3007 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3008 		prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
3009 		prep_tx_info.success = true;	/* Needs vif->cfg.assoc set! */
3010 		prep_tx_info.link_id = 0;
3011 		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3012 		lsta->in_mgd = false;
3013 	}
3014 
3015 	/*
3016 	 * And then:
3017 	 * - (more packets)?
3018 	 * - set_key
3019 	 * - set_default_unicast_key
3020 	 * - set_key (?)
3021 	 * - ipv6_addr_change (?)
3022 	 */
3023 
3024 	if (!ieee80211_node_is_authorized(ni)) {
3025 		IMPROVE("net80211 does not consider node authorized");
3026 	}
3027 
3028 	IMPROVE("Is this the right spot, has net80211 done all updates already?");
3029 	lkpi_sta_sync_from_ni(hw, vif, sta, ni, true);
3030 
3031 	/* Update thresholds. */
3032 	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
3033 	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
3034 	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
3035 	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
3036 
3037 	/* Update sta_state (ASSOC to AUTHORIZED). */
3038 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3039 	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3040 	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3041 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTHORIZED);
3042 	if (error != 0) {
3043 		IMPROVE("undo some changes?");
3044 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTHORIZED) "
3045 		    "failed: %d\n", __func__, __LINE__, error);
3046 		goto out;
3047 	}
3048 
3049 	/* - drv_config (?)
3050 	 * - bss_info_changed
3051 	 * - set_rekey_data (?)
3052 	 *
3053 	 * And now we should be passing packets.
3054 	 */
3055 	IMPROVE("Need that bssid setting, and the keys");
3056 
3057 	bss_changed = 0;
3058 	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
3059 	lkpi_bss_info_change(hw, vif, bss_changed);
3060 
3061 	/* Prepare_multicast && configure_filter. */
3062 	lkpi_update_mcast_filter(vap->iv_ic);
3063 
3064 out:
3065 	wiphy_unlock(hw->wiphy);
3066 	IEEE80211_LOCK(vap->iv_ic);
3067 	return (error);
3068 }
3069 
3070 /*
3071  * DOWN1
3072  * "to assoc" means we are going back to State 2 from State 4[/3].
3073  * This means ni still is authenticated, so we keep sta, chanctx, ..
3074  * We will send a (Re)Assoc Request in case net80211 handles roadming.
3075  * Note: this can be called as part of a DEAUTH going to State 1 as well,
3076  * so for RoC prep_tx_info we need to check nstate (see run_to_{auth,scan,init}).
3077  */
3078 static int
3079 lkpi_sta_run_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3080 {
3081 	struct lkpi_hw *lhw;
3082 	struct ieee80211_hw *hw;
3083 	struct lkpi_vif *lvif;
3084 	struct ieee80211_vif *vif;
3085 	struct ieee80211_node *ni;
3086 	struct lkpi_sta *lsta;
3087 	struct ieee80211_sta *sta;
3088 	struct ieee80211_prep_tx_info prep_tx_info;
3089 #if 0
3090 	enum ieee80211_bss_changed bss_changed;
3091 #endif
3092 	struct ieee80211_rx_ampdu *rap;
3093 	int error;
3094 
3095 	lhw = vap->iv_ic->ic_softc;
3096 	hw = LHW_TO_HW(lhw);
3097 	lvif = VAP_TO_LVIF(vap);
3098 	vif = LVIF_TO_VIF(lvif);
3099 
3100 	IEEE80211_UNLOCK(vap->iv_ic);
3101 	wiphy_lock(hw->wiphy);
3102 
3103 	LKPI_80211_LVIF_LOCK(lvif);
3104 #ifdef LINUXKPI_DEBUG_80211
3105 	/* XXX-BZ KASSERT later; state going down so no action. */
3106 	if (lvif->lvif_bss == NULL)
3107 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3108 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3109 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3110 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3111 		    lvif->lvif_bss_synched);
3112 #endif
3113 	lsta = lvif->lvif_bss;
3114 	LKPI_80211_LVIF_UNLOCK(lvif);
3115 	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3116 	    "lvif %p vap %p\n", __func__,
3117 	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3118 
3119 	ni = lsta->ni;		/* Reference held for lvif_bss. */
3120 	sta = LSTA_TO_STA(lsta);
3121 
3122 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3123 
3124 	/* flush, drop. */
3125 	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3126 
3127 	/* We should make this a KASSERT. */
3128 	if (lsta->in_mgd) {
3129 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p lsta %p in_mgd\n",
3130 		    __func__, __LINE__, lvif, vap, lsta);
3131 	}
3132 	/*
3133 	 * Problem is that we should hook into the tx/rx flow and not
3134 	 * try to re-model the state machine parts.  We may miss a SME
3135 	 * triggered frame this way.
3136 	 */
3137 	memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3138 	if (nstate == IEEE80211_S_ASSOC) {
3139 		if (vap->iv_roaming == IEEE80211_ROAMING_AUTO) {
3140 			if (arg)
3141 				prep_tx_info.subtype = IEEE80211_STYPE_REASSOC_REQ;
3142 			else
3143 				prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
3144 		} else {
3145 			/* wpa_supplicant upon RTM_IEEE80211_LEAVE. */
3146 			prep_tx_info.subtype = IEEE80211_STYPE_DISASSOC;
3147 		}
3148 	} else
3149 		prep_tx_info.subtype = IEEE80211_STYPE_DEAUTH;
3150 	prep_tx_info.was_assoc = true;
3151 	prep_tx_info.link_id = 0;
3152 	lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3153 	lsta->in_mgd = true;
3154 
3155 	wiphy_unlock(hw->wiphy);
3156 	IEEE80211_LOCK(vap->iv_ic);
3157 
3158 	/* Call iv_newstate first so we get potential (RE-)ASSOC/DEAUTH? packet out. */
3159 	error = lvif->iv_newstate(vap, nstate, arg);
3160 	if (error != 0) {
3161 		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
3162 		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
3163 		goto outni;
3164 	}
3165 
3166 	/* Stop any BA sessions if still active. */
3167 	for (int rapn = 0; rapn < WME_NUM_TID; rapn++) {
3168 		rap = &ni->ni_rx_ampdu[rapn];
3169 
3170 		if ((rap->rxa_flags & IEEE80211_AGGR_RUNNING) == 0)
3171 			continue;
3172 
3173 		vap->iv_ic->ic_ampdu_rx_stop(ni, rap);
3174 	}
3175 
3176 	IEEE80211_UNLOCK(vap->iv_ic);
3177 
3178 	/* Ensure the packets get out. */
3179 	lkpi_80211_flush_tx(lhw, lsta);
3180 
3181 	wiphy_lock(hw->wiphy);
3182 
3183 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3184 
3185 	/* Wake tx queues to get packet(s) out. */
3186 	lkpi_wake_tx_queues(hw, sta, false, true);
3187 
3188 	/* flush, no drop */
3189 	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3190 
3191 	/* End mgd_complete_tx. */
3192 	/* We should make this a KASSERT. */
3193 	if (!lsta->in_mgd) {
3194 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p lsta %p !in_mgd\n",
3195 		    __func__, __LINE__, lvif, vap, lsta);
3196 	}
3197 	lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3198 	lsta->in_mgd = false;
3199 
3200 #if 0
3201 	/* sync_rx_queues */
3202 	lkpi_80211_mo_sync_rx_queues(hw);
3203 
3204 	/* sta_pre_rcu_remove */
3205 	lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3206 #endif
3207 
3208 	/* Take the station down. */
3209 
3210 	/* Adjust sta and change state (from AUTHORIZED) to ASSOC. */
3211 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3212 	KASSERT(lsta->state == IEEE80211_STA_AUTHORIZED, ("%s: lsta %p state not "
3213 	    "AUTHORIZED: %#x\n", __func__, lsta, lsta->state));
3214 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3215 	if (error != 0) {
3216 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3217 		    "failed: %d\n", __func__, __LINE__, error);
3218 		goto out;
3219 	}
3220 
3221 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3222 
3223 #ifdef LKPI_80211_HW_CRYPTO
3224 	if (lkpi_hwcrypto) {
3225 		error = lkpi_sta_del_keys(hw, vif, lsta);
3226 		if (error != 0) {
3227 			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3228 			    "failed: %d\n", __func__, __LINE__, error);
3229 			/*
3230 			 * Either drv/fw will crash or cleanup itself,
3231 			 * otherwise net80211 will delete the keys (at a
3232 			 * less appropriate time).
3233 			 */
3234 			/* goto out; */
3235 		}
3236 	}
3237 #endif
3238 
3239 	/* Update sta_state (ASSOC to AUTH). */
3240 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3241 	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3242 	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3243 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
3244 	if (error != 0) {
3245 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
3246 		    "failed: %d\n", __func__, __LINE__, error);
3247 		goto out;
3248 	}
3249 
3250 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3251 
3252 #if 0
3253 	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
3254 	/* See comment in DOWN4. */
3255 	lkpi_disassoc(sta, vif, lhw);
3256 #endif
3257 
3258 	error = EALREADY;
3259 out:
3260 	wiphy_unlock(hw->wiphy);
3261 	IEEE80211_LOCK(vap->iv_ic);
3262 outni:
3263 	return (error);
3264 }
3265 
3266 /*
3267  * DOWN2
3268  * We are in state 2 and go back to state 1 and will try to auth again
3269  * (to IEEE80211_S_AUTH in FreeBSD means "try to auth").  This should be
3270  * like scan_to_auth but that we keep the "ni" and with that chanctx/bssid,
3271  * which essentially makes this "a_to_a" in LinuxKPI.
3272  */
3273 static int
3274 lkpi_sta_assoc_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3275 {
3276 	struct lkpi_hw *lhw;
3277 	struct ieee80211_hw *hw;
3278 	struct lkpi_vif *lvif;
3279 	struct ieee80211_vif *vif;
3280 	struct ieee80211_node *ni;
3281 	struct lkpi_sta *lsta;
3282 	struct ieee80211_prep_tx_info prep_tx_info;
3283 	int error;
3284 
3285 	lhw = vap->iv_ic->ic_softc;
3286 	hw = LHW_TO_HW(lhw);
3287 	lvif = VAP_TO_LVIF(vap);
3288 	vif = LVIF_TO_VIF(lvif);
3289 
3290 	IEEE80211_UNLOCK(vap->iv_ic);
3291 	wiphy_lock(hw->wiphy);
3292 
3293 	LKPI_80211_LVIF_LOCK(lvif);
3294 #ifdef LINUXKPI_DEBUG_80211
3295 	/* XXX-BZ KASSERT later; state going down so no action. */
3296 	if (lvif->lvif_bss == NULL)
3297 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3298 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3299 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3300 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3301 		    lvif->lvif_bss_synched);
3302 #endif
3303 	lsta = lvif->lvif_bss;
3304 	LKPI_80211_LVIF_UNLOCK(lvif);
3305 	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3306 	    "lvif %p vap %p\n", __func__,
3307 	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3308 
3309 	ni = lsta->ni;		/* Reference held for lvif_bss. */
3310 
3311 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3312 
3313 	/* End mgd_complete_tx. */
3314 	if (lsta->in_mgd && vap->iv_state == IEEE80211_S_ASSOC) {
3315 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3316 		prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
3317 		prep_tx_info.link_id = 0;
3318 		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3319 		lsta->in_mgd = false;
3320 	} else if (lsta->in_mgd) {
3321 		ic_printf(vap->iv_ic, "%s:%d: in_mgd %d (%s) -> %d (%s) %d\n",
3322 		    __func__, __LINE__,
3323 		    vap->iv_state, ieee80211_state_name[vap->iv_state],
3324 		    nstate, ieee80211_state_name[nstate], arg);
3325 	}
3326 
3327 	/* Take the station down. */
3328 	/* Update sta_state (AUTH to NONE). */
3329 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3330 	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
3331 	    "AUTH: %#x\n", __func__, lsta, lsta->state));
3332 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
3333 	if (error != 0) {
3334 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
3335 		    "failed: %d\n", __func__, __LINE__, error);
3336 		goto out;
3337 	}
3338 
3339 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3340 
3341 out:
3342 	wiphy_unlock(hw->wiphy);
3343 	IEEE80211_LOCK(vap->iv_ic);
3344 	return (error);
3345 }
3346 
3347 /*
3348  * DOWN3
3349  * We are in state 1.  Either auth timed out (arg != 0) or we have an internal
3350  * state change forcing us to give up trying to authenticate.
3351  * Cleanup and remove chanctx, sta, ...
3352  */
3353 static int
3354 lkpi_sta_auth_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3355 {
3356 	struct lkpi_hw *lhw;
3357 	struct ieee80211_hw *hw;
3358 	struct lkpi_vif *lvif;
3359 	struct ieee80211_vif *vif;
3360 	struct ieee80211_node *ni;
3361 	struct lkpi_sta *lsta;
3362 	struct ieee80211_sta *sta;
3363 	struct ieee80211_prep_tx_info prep_tx_info;
3364 	enum ieee80211_bss_changed bss_changed;
3365 	int error;
3366 
3367 	lhw = vap->iv_ic->ic_softc;
3368 	hw = LHW_TO_HW(lhw);
3369 	lvif = VAP_TO_LVIF(vap);
3370 	vif = LVIF_TO_VIF(lvif);
3371 
3372 	IEEE80211_UNLOCK(vap->iv_ic);
3373 	wiphy_lock(hw->wiphy);
3374 
3375 	LKPI_80211_LVIF_LOCK(lvif);
3376 	/*
3377 	 * XXX-BZ KASSERT later; state going down so no action in theory
3378 	 * but try to avoid a NULL-pointer derref for now and gracefully
3379 	 * fail for non-debug kernels.
3380 	 */
3381 	if (lvif->lvif_bss == NULL) {
3382 		ic_printf(vap->iv_ic, "%s:%d: ERROR: lvif %p vap %p iv_bss %p "
3383 		    "lvif_bss %p lvif_bss->ni %p synched %d; "
3384 		    "expect follow-up problems\n", __func__, __LINE__,
3385 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3386 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3387 		    lvif->lvif_bss_synched);
3388 		LKPI_80211_LVIF_UNLOCK(lvif);
3389 		/*
3390 		 * This will likely lead to a firmware crash (if there
3391 		 * was not one before already) and need a
3392 		 * ieee80211_restart_hw() but still better than a panic
3393 		 * for users as they can at least recover.
3394 		 */
3395 		error = ENOTRECOVERABLE;
3396 		goto out;
3397 	}
3398 	lsta = lvif->lvif_bss;
3399 	LKPI_80211_LVIF_UNLOCK(lvif);
3400 	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3401 	    "lvif %p vap %p\n", __func__,
3402 	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3403 	ni = lsta->ni;			/* Reference held for lvif_bss. */
3404 	sta = LSTA_TO_STA(lsta);
3405 
3406 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3407 
3408 	/* flush, drop. */
3409 	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3410 
3411 	/* Wake tx queues to get packet(s) out. */
3412 	lkpi_wake_tx_queues(hw, sta, false, true);
3413 
3414 	/* flush, no drop */
3415 	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3416 
3417 	/* End mgd_complete_tx. */
3418 	if (lsta->in_mgd) {
3419 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3420 		prep_tx_info.subtype = IEEE80211_STYPE_AUTH;
3421 		prep_tx_info.link_id = 0;
3422 		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3423 		lsta->in_mgd = false;
3424 	}
3425 
3426 	/* sync_rx_queues */
3427 	lkpi_80211_mo_sync_rx_queues(hw);
3428 
3429 #ifdef LKPI_80211_HW_CRYPTO
3430 	if (lkpi_hwcrypto) {
3431 		error = lkpi_sta_del_keys(hw, vif, lsta);
3432 		if (error != 0) {
3433 			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3434 			    "failed: %d\n", __func__, __LINE__, error);
3435 			/*
3436 			 * Either drv/fw will crash or cleanup itself,
3437 			 * otherwise net80211 will delete the keys (at a
3438 			 * less appropriate time).
3439 			 */
3440 			/* goto out; */
3441 		}
3442 	}
3443 #endif
3444 
3445 	/* sta_pre_rcu_remove */
3446         lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3447 
3448 	synchronize_net();
3449 
3450 	/* Take the station down. */
3451 
3452 	bss_changed = 0;
3453 	/*
3454 	 * Start updating bss info (*bss_info_changed) (assoc, aid, ..).
3455 	 *
3456 	 * One would expect this to happen when going off AUTHORIZED but
3457 	 * not so.
3458 	 *
3459 	 * Immediately issuing the (*bss_info_changed) used to also remove the
3460 	 * sta from firmware for iwlwifi; or we have problems with the sta
3461 	 * silently not being removed and then crash upon the next sta add.
3462 	 * Neither seems to be the case or a problem still.
3463 	 *
3464 	 * Contrary for BE200 (iwlwifi/mld) if we do not issue the
3465 	 * (*vif_cfg_change) to tell FW that we are no longer assoc
3466 	 * it will crash now upon sta rm.  So the order now is as we once
3467 	 * expected it:
3468 	 *
3469 	 * 1) lkpi_disassoc(): set vif->cfg.assoc = false and .aid=0
3470 	 * 2) add the remaining BSS_CHANGED changes and call (*bss_info_changed)
3471 	 *    (which may be split up into (*vif_cfg_change) and
3472 	 *    (*link_info_changed) for more modern drivers).
3473 	 * 3) call the last sta_state update -> IEEE80211_STA_NOTEXIST
3474 	 *    (removes the sta given assoc is false) and tidy up our lists.
3475 	 * 4) call unassign_vif_chanctx
3476 	 * 5) call lkpi_hw_conf_idle
3477 	 * 6) call remove_chanctx
3478 	 *
3479 	 * Note: vif->driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC
3480 	 * might change this.
3481 	 */
3482 	bss_changed |= lkpi_disassoc(sta, vif, lhw);
3483 
3484 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3485 
3486 	IMPROVE("Any bss_info changes to announce?");
3487 	vif->bss_conf.qos = false;
3488 	bss_changed |= BSS_CHANGED_QOS;
3489 	vif->cfg.ssid_len = 0;
3490 	memset(vif->cfg.ssid, '\0', sizeof(vif->cfg.ssid));
3491 	IEEE80211_ADDR_COPY(vif->cfg.ap_addr, ieee80211broadcastaddr);
3492 	bss_changed |= BSS_CHANGED_BSSID;
3493 	vif->bss_conf.use_short_preamble = false;
3494 	/* XXX BSS_CHANGED_???? */
3495 	vif->bss_conf.dtim_period = 0; /* go back to 0. */
3496 	bss_changed |= BSS_CHANGED_BEACON_INFO;
3497 	lkpi_bss_info_change(hw, vif, bss_changed);
3498 
3499 	/* Adjust sta and change state (from NONE) to NOTEXIST. */
3500 	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3501 	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
3502 	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
3503 	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
3504 	if (error != 0) {
3505 		IMPROVE("do we need to undo the chan ctx?");
3506 		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
3507 		    "failed: %d\n", __func__, __LINE__, error);
3508 		goto out;
3509 	}
3510 
3511 	lkpi_lsta_remove(lsta, lvif);
3512 
3513 	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3514 
3515 	LKPI_80211_LVIF_LOCK(lvif);
3516 	/* Remove ni reference for this cache of lsta. */
3517 	lvif->lvif_bss = NULL;
3518 	lvif->lvif_bss_synched = false;
3519 	LKPI_80211_LVIF_UNLOCK(lvif);
3520 
3521 	/* conf_tx */
3522 
3523 	lkpi_remove_chanctx(hw, vif);
3524 
3525 out:
3526 	wiphy_unlock(hw->wiphy);
3527 	IEEE80211_LOCK(vap->iv_ic);
3528 	if (error == 0) {
3529 		/*
3530 		 * We do this outside the wiphy lock as net80211::node_free() may call
3531 		 * into crypto code to delete keys and we have a recursed on
3532 		 * non-recursive sx panic.  Also only do this if we get here w/o error.
3533 		 *
3534 		 * The very last release the reference on the ni for the ni/lsta on
3535 		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
3536 		 * and potentially freed.
3537 		 */
3538 		ieee80211_free_node(ni);
3539 	}
3540 	return (error);
3541 }
3542 
3543 /* DOWN4 */
3544 static int
3545 lkpi_sta_scan_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3546 {
3547 	/* lkpi_iv_newstate() handles the stop scan case in common code. */
3548 	return (lkpi_sta_state_do_nada(vap, nstate, arg));
3549 }
3550 
3551 /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
3552 
3553 static int
3554 lkpi_sta_auth_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3555 {
3556 	int error;
3557 
3558 	error = lkpi_sta_auth_to_scan(vap, nstate, arg);
3559 	if (error == 0)
3560 		error = lkpi_sta_scan_to_init(vap, nstate, arg);
3561 	return (error);
3562 }
3563 
3564 /* auth_to_auth, assoc_to_assoc. */
3565 static int
3566 lkpi_sta_a_to_a(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3567 {
3568 	struct lkpi_hw *lhw;
3569 	struct ieee80211_hw *hw;
3570 	struct lkpi_vif *lvif;
3571 	struct ieee80211_vif *vif;
3572 	struct lkpi_sta *lsta;
3573 	struct ieee80211_prep_tx_info prep_tx_info;
3574 	int error;
3575 
3576 	lhw = vap->iv_ic->ic_softc;
3577 	hw = LHW_TO_HW(lhw);
3578 	lvif = VAP_TO_LVIF(vap);
3579 	vif = LVIF_TO_VIF(lvif);
3580 
3581 	IEEE80211_UNLOCK(vap->iv_ic);
3582 	wiphy_lock(hw->wiphy);
3583 
3584 	LKPI_80211_LVIF_LOCK(lvif);
3585 	/* XXX-BZ KASSERT later? */
3586 	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
3587 #ifdef LINUXKPI_DEBUG_80211
3588 		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3589 		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3590 		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3591 		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3592 		    lvif->lvif_bss_synched);
3593 #endif
3594 		LKPI_80211_LVIF_UNLOCK(lvif);
3595 		error = ENOTRECOVERABLE;
3596 		goto out;
3597 	}
3598 	lsta = lvif->lvif_bss;
3599 	LKPI_80211_LVIF_UNLOCK(lvif);
3600 
3601 	KASSERT(lsta != NULL, ("%s: lsta %p! lvif %p vap %p\n", __func__,
3602 	    lsta, lvif, vap));
3603 
3604 	IMPROVE("event callback?");
3605 
3606 	/* End mgd_complete_tx. */
3607 	if (lsta->in_mgd) {
3608 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3609 		if (vap->iv_state == IEEE80211_S_AUTH)
3610 			prep_tx_info.subtype = IEEE80211_STYPE_AUTH;
3611 		else
3612 			prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
3613 		prep_tx_info.link_id = 0;
3614 		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3615 		lsta->in_mgd = false;
3616 	}
3617 
3618 	/* Now start auth/assoc. */
3619 
3620 	/* Start mgd_prepare_tx. */
3621 	if (!lsta->in_mgd) {
3622 		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3623 		if (nstate == IEEE80211_S_AUTH)
3624 			prep_tx_info.subtype = IEEE80211_STYPE_AUTH;
3625 		else
3626 			prep_tx_info.subtype = IEEE80211_STYPE_ASSOC_REQ;
3627 		prep_tx_info.link_id = 0;
3628 		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3629 		lsta->in_mgd = true;
3630 	}
3631 
3632 	error = 0;
3633 out:
3634 	wiphy_unlock(hw->wiphy);
3635 	IEEE80211_LOCK(vap->iv_ic);
3636 
3637 	return (error);
3638 }
3639 
3640 static int
3641 lkpi_sta_assoc_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3642 {
3643 	int error;
3644 
3645 	error = lkpi_sta_assoc_to_auth(vap, nstate, arg);
3646 	if (error != 0 && error != EALREADY)
3647 		return (error);
3648 
3649 	error = lkpi_sta_auth_to_scan(vap, nstate, arg);
3650 	return (error);
3651 }
3652 
3653 static int
3654 lkpi_sta_assoc_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3655 {
3656 	int error;
3657 
3658 	error = lkpi_sta_assoc_to_scan(vap, nstate, arg);
3659 	if (error != 0 && error != EALREADY)
3660 		return (error);
3661 
3662 	error = lkpi_sta_scan_to_init(vap, nstate, arg);	/* do_nada */
3663 	return (error);
3664 }
3665 
3666 static int
3667 lkpi_sta_run_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3668 {
3669 	int error;
3670 
3671 	error = lkpi_sta_run_to_assoc(vap, nstate, arg);
3672 	if (error != 0 && error != EALREADY)
3673 		return (error);
3674 
3675 	error = lkpi_sta_assoc_to_init(vap, nstate, arg);
3676 	return (error);
3677 }
3678 
3679 static int
3680 lkpi_sta_run_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3681 {
3682 	int error;
3683 
3684 	error = lkpi_sta_run_to_assoc(vap, nstate, arg);
3685 	if (error != 0 && error != EALREADY)
3686 		return (error);
3687 
3688 	error = lkpi_sta_assoc_to_scan(vap, nstate, arg);
3689 	return (error);
3690 }
3691 
3692 static int
3693 lkpi_sta_run_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3694 {
3695 	int error;
3696 
3697 	error = lkpi_sta_run_to_assoc(vap, nstate, arg);
3698 	if (error != 0 && error != EALREADY)
3699 		return (error);
3700 
3701 	error = lkpi_sta_assoc_to_auth(vap, nstate, arg);
3702 	return (error);
3703 }
3704 
3705 /* -------------------------------------------------------------------------- */
3706 
3707 /*
3708  * The matches the documented state changes in net80211::sta_newstate().
3709  * XXX (1) without CSA and SLEEP yet, * XXX (2) not all unhandled cases
3710  * there are "invalid" (so there is a room for failure here).
3711  */
3712 struct fsm_state {
3713 	/* INIT, SCAN, AUTH, ASSOC, CAC, RUN, CSA, SLEEP */
3714 	enum ieee80211_state ostate;
3715 	enum ieee80211_state nstate;
3716 	int (*handler)(struct ieee80211vap *, enum ieee80211_state, int);
3717 } sta_state_fsm[] = {
3718 	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },
3719 	{ IEEE80211_S_SCAN,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },	/* DOWN4 scan_to_init */
3720 	{ IEEE80211_S_AUTH,	IEEE80211_S_INIT, lkpi_sta_auth_to_init },	/* not explicitly in sta_newstate() */
3721 	{ IEEE80211_S_ASSOC,	IEEE80211_S_INIT, lkpi_sta_assoc_to_init },	/* Send DEAUTH. */
3722 	{ IEEE80211_S_RUN,	IEEE80211_S_INIT, lkpi_sta_run_to_init },	/* Send DISASSOC. */
3723 
3724 	{ IEEE80211_S_INIT,	IEEE80211_S_SCAN, lkpi_sta_init_to_scan },	/* UP1 */
3725 	{ IEEE80211_S_SCAN,	IEEE80211_S_SCAN, lkpi_sta_state_do_nada },
3726 	{ IEEE80211_S_AUTH,	IEEE80211_S_SCAN, lkpi_sta_auth_to_scan },	/* DOWN3 */
3727 	{ IEEE80211_S_ASSOC,	IEEE80211_S_SCAN, lkpi_sta_assoc_to_scan },
3728 	{ IEEE80211_S_RUN,	IEEE80211_S_SCAN, lkpi_sta_run_to_scan },	/* Beacon miss. */
3729 
3730 	{ IEEE80211_S_INIT,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* Send AUTH. */
3731 	{ IEEE80211_S_SCAN,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* UP2 Send AUTH. */
3732 	{ IEEE80211_S_AUTH,	IEEE80211_S_AUTH, lkpi_sta_a_to_a },		/* Send ?AUTH. */
3733 	{ IEEE80211_S_ASSOC,	IEEE80211_S_AUTH, lkpi_sta_assoc_to_auth },	/* DOWN2 Send ?AUTH. */
3734 	{ IEEE80211_S_RUN,	IEEE80211_S_AUTH, lkpi_sta_run_to_auth },	/* Send ?AUTH. */
3735 
3736 	{ IEEE80211_S_AUTH,	IEEE80211_S_ASSOC, lkpi_sta_auth_to_assoc },	/* UP3.1 Send ASSOCREQ. */
3737 	{ IEEE80211_S_ASSOC,	IEEE80211_S_ASSOC, lkpi_sta_a_to_a },		/* Send ASSOCREQ. */
3738 	{ IEEE80211_S_RUN,	IEEE80211_S_ASSOC, lkpi_sta_run_to_assoc },	/* DOWN1 Send ASSOCREQ/REASSOCREQ. */
3739 
3740 	{ IEEE80211_S_AUTH,	IEEE80211_S_RUN, lkpi_sta_auth_to_run },	/* UP3.2 */
3741 	{ IEEE80211_S_ASSOC,	IEEE80211_S_RUN, lkpi_sta_assoc_to_run },	/* UP4 */
3742 	{ IEEE80211_S_RUN,	IEEE80211_S_RUN, lkpi_sta_state_do_nada },
3743 
3744 	/* Dummy at the end without handler. */
3745 	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, NULL },
3746 };
3747 
3748 static int
3749 lkpi_iv_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3750 {
3751 	struct ieee80211com *ic;
3752 	struct lkpi_hw *lhw;
3753 	struct lkpi_vif *lvif;
3754 	struct ieee80211_vif *vif;
3755 	struct fsm_state *s;
3756 	enum ieee80211_state ostate;
3757 	int error;
3758 
3759 	ic = vap->iv_ic;
3760 	IEEE80211_LOCK_ASSERT(ic);
3761 	ostate = vap->iv_state;
3762 
3763 #ifdef LINUXKPI_DEBUG_80211
3764 	if (linuxkpi_debug_80211 & D80211_TRACE)
3765 		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x\n",
3766 		    __func__, __LINE__, vap, nstate, arg);
3767 #endif
3768 
3769 	if (vap->iv_opmode == IEEE80211_M_STA) {
3770 
3771 		lhw = ic->ic_softc;
3772 		lvif = VAP_TO_LVIF(vap);
3773 		vif = LVIF_TO_VIF(lvif);
3774 
3775 		/* No need to replicate this in most state handlers. */
3776 		if (nstate > IEEE80211_S_SCAN)
3777 			lkpi_stop_hw_scan(lhw, vif);
3778 
3779 		s = sta_state_fsm;
3780 
3781 	} else {
3782 		ic_printf(vap->iv_ic, "%s: only station mode currently supported: "
3783 		    "vap %p iv_opmode %d\n", __func__, vap, vap->iv_opmode);
3784 		return (ENOSYS);
3785 	}
3786 
3787 	error = 0;
3788 	for (; s->handler != NULL; s++) {
3789 		if (ostate == s->ostate && nstate == s->nstate) {
3790 #ifdef LINUXKPI_DEBUG_80211
3791 			if (linuxkpi_debug_80211 & D80211_TRACE)
3792 				ic_printf(vap->iv_ic, "%s: new state %d (%s) ->"
3793 				    " %d (%s): arg %d.\n", __func__,
3794 				    ostate, ieee80211_state_name[ostate],
3795 				    nstate, ieee80211_state_name[nstate], arg);
3796 #endif
3797 			error = s->handler(vap, nstate, arg);
3798 			break;
3799 		}
3800 	}
3801 	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3802 
3803 	if (s->handler == NULL) {
3804 		IMPROVE("turn this into a KASSERT\n");
3805 		ic_printf(vap->iv_ic, "%s: unsupported state transition "
3806 		    "%d (%s) -> %d (%s)\n", __func__,
3807 		    ostate, ieee80211_state_name[ostate],
3808 		    nstate, ieee80211_state_name[nstate]);
3809 		return (ENOSYS);
3810 	}
3811 
3812 	if (error == EALREADY) {
3813 #ifdef LINUXKPI_DEBUG_80211
3814 		if (linuxkpi_debug_80211 & D80211_TRACE)
3815 			ic_printf(vap->iv_ic, "%s: state transition %d (%s) -> "
3816 			    "%d (%s): iv_newstate already handled: %d.\n",
3817 			    __func__, ostate, ieee80211_state_name[ostate],
3818 			    nstate, ieee80211_state_name[nstate], error);
3819 #endif
3820 		return (0);
3821 	}
3822 
3823 	if (error != 0) {
3824 		ic_printf(vap->iv_ic, "%s: error %d during state transition "
3825 		    "%d (%s) -> %d (%s)\n", __func__, error,
3826 		    ostate, ieee80211_state_name[ostate],
3827 		    nstate, ieee80211_state_name[nstate]);
3828 		return (error);
3829 	}
3830 
3831 #ifdef LINUXKPI_DEBUG_80211
3832 	if (linuxkpi_debug_80211 & D80211_TRACE)
3833 		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x "
3834 		    "calling net80211 parent\n",
3835 		    __func__, __LINE__, vap, nstate, arg);
3836 #endif
3837 
3838 	return (lvif->iv_newstate(vap, nstate, arg));
3839 }
3840 
3841 /* -------------------------------------------------------------------------- */
3842 
3843 /*
3844  * We overload (*iv_update_bss) as otherwise we have cases in, e.g.,
3845  * net80211::ieee80211_sta_join1() where vap->iv_bss gets replaced by a
3846  * new node without us knowing and thus our ni/lsta are out of sync.
3847  */
3848 static struct ieee80211_node *
3849 lkpi_iv_update_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
3850 {
3851 	struct lkpi_vif *lvif;
3852 	struct ieee80211_node *rni;
3853 
3854 	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3855 
3856 	lvif = VAP_TO_LVIF(vap);
3857 
3858 	LKPI_80211_LVIF_LOCK(lvif);
3859 	lvif->lvif_bss_synched = false;
3860 	LKPI_80211_LVIF_UNLOCK(lvif);
3861 
3862 	rni = lvif->iv_update_bss(vap, ni);
3863 	return (rni);
3864 }
3865 
3866 #ifdef LKPI_80211_WME
3867 static int
3868 lkpi_wme_update(struct lkpi_hw *lhw, struct ieee80211vap *vap, bool planned)
3869 {
3870 	struct ieee80211com *ic;
3871 	struct ieee80211_hw *hw;
3872 	struct lkpi_vif *lvif;
3873 	struct ieee80211_vif *vif;
3874 	struct chanAccParams chp;
3875 	struct wmeParams wmeparr[WME_NUM_AC];
3876 	struct ieee80211_tx_queue_params txqp;
3877 	enum ieee80211_bss_changed bss_changed;
3878 	int error;
3879 	uint16_t ac;
3880 
3881 	hw = LHW_TO_HW(lhw);
3882 	lockdep_assert_wiphy(hw->wiphy);
3883 
3884 	IMPROVE();
3885 	KASSERT(WME_NUM_AC == IEEE80211_NUM_ACS, ("%s: WME_NUM_AC %d != "
3886 	    "IEEE80211_NUM_ACS %d\n", __func__, WME_NUM_AC, IEEE80211_NUM_ACS));
3887 
3888 	if (vap == NULL)
3889 		return (0);
3890 
3891 	if ((vap->iv_flags & IEEE80211_F_WME) == 0)
3892 		return (0);
3893 
3894 	if (lhw->ops->conf_tx == NULL)
3895 		return (0);
3896 
3897 	if (!planned && (vap->iv_state != IEEE80211_S_RUN)) {
3898 		lhw->update_wme = true;
3899 		return (0);
3900 	}
3901 	lhw->update_wme = false;
3902 
3903 	ic = lhw->ic;
3904 	ieee80211_wme_ic_getparams(ic, &chp);
3905 	IEEE80211_LOCK(ic);
3906 	for (ac = 0; ac < WME_NUM_AC; ac++)
3907 		wmeparr[ac] = chp.cap_wmeParams[ac];
3908 	IEEE80211_UNLOCK(ic);
3909 
3910 	lvif = VAP_TO_LVIF(vap);
3911 	vif = LVIF_TO_VIF(lvif);
3912 
3913 	/* Configure tx queues (conf_tx) & send BSS_CHANGED_QOS. */
3914 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3915 		struct wmeParams *wmep;
3916 
3917 		wmep = &wmeparr[ac];
3918 		bzero(&txqp, sizeof(txqp));
3919 		txqp.cw_min = wmep->wmep_logcwmin;
3920 		txqp.cw_max = wmep->wmep_logcwmax;
3921 		txqp.txop = wmep->wmep_txopLimit;
3922 		txqp.aifs = wmep->wmep_aifsn;
3923 		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
3924 		if (error != 0)
3925 			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
3926 			    __func__, ac, error);
3927 	}
3928 	bss_changed = BSS_CHANGED_QOS;
3929 	if (!planned)
3930 		lkpi_bss_info_change(hw, vif, bss_changed);
3931 
3932 	return (bss_changed);
3933 }
3934 #endif
3935 
3936 static int
3937 lkpi_ic_wme_update(struct ieee80211com *ic)
3938 {
3939 #ifdef LKPI_80211_WME
3940 	struct ieee80211vap *vap;
3941 	struct lkpi_hw *lhw;
3942 	struct ieee80211_hw *hw;
3943 
3944 	IMPROVE("Use the per-VAP callback in net80211.");
3945 	vap = TAILQ_FIRST(&ic->ic_vaps);
3946 	if (vap == NULL)
3947 		return (0);
3948 
3949 	lhw = ic->ic_softc;
3950 	hw = LHW_TO_HW(lhw);
3951 
3952 	wiphy_lock(hw->wiphy);
3953 	lkpi_wme_update(lhw, vap, false);
3954 	wiphy_unlock(hw->wiphy);
3955 #endif
3956 	return (0);	/* unused */
3957 }
3958 
3959 static void
3960 lkpi_iv_sta_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
3961     int subtype, const struct ieee80211_rx_stats *rxs, int rssi, int nf)
3962 {
3963 	struct lkpi_hw *lhw;
3964 	struct ieee80211_hw *hw;
3965 	struct lkpi_vif *lvif;
3966 	struct ieee80211_vif *vif;
3967 	enum ieee80211_bss_changed bss_changed;
3968 
3969 	lvif = VAP_TO_LVIF(ni->ni_vap);
3970 	vif = LVIF_TO_VIF(lvif);
3971 
3972 	lvif->iv_recv_mgmt(ni, m0, subtype, rxs, rssi, nf);
3973 
3974 	switch (subtype) {
3975 	case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
3976 		break;
3977 	case IEEE80211_FC0_SUBTYPE_BEACON:
3978 		/*
3979 		 * Only count beacons when assoc. SCAN has its own logging.
3980 		 * This is for connection/beacon loss/session protection almost
3981 		 * over debugging when trying to get into a stable RUN state.
3982 		 */
3983 		if (vif->cfg.assoc)
3984 			lvif->beacons++;
3985 		break;
3986 	default:
3987 		return;
3988 	}
3989 
3990 	lhw = ni->ni_ic->ic_softc;
3991 	hw = LHW_TO_HW(lhw);
3992 
3993 	/*
3994 	 * If this direct call to mo_bss_info_changed will not work due to
3995 	 * locking, see if queue_work() is fast enough.
3996 	 */
3997 	bss_changed = lkpi_update_dtim_tsf(vif, ni, ni->ni_vap, __func__, __LINE__);
3998 	lkpi_bss_info_change(hw, vif, bss_changed);
3999 }
4000 
4001 /*
4002  * Change link-layer address on the vif (if the vap is not started/"UP").
4003  * This can happen if a user changes 'ether' using ifconfig.
4004  * The code is based on net80211/ieee80211_freebsd.c::wlan_iflladdr() but
4005  * we do use a per-[l]vif event handler to be sure we exist as we
4006  * cannot assume that from every vap derives a vif and we have a hard
4007  * time checking based on net80211 information.
4008  * Should this ever become a real problem we could add a callback function
4009  * to wlan_iflladdr() to be set optionally but that would be for a
4010  * single-consumer (or needs a list) -- was just too complicated for an
4011  * otherwise perfect mechanism FreeBSD already provides.
4012  */
4013 static void
4014 lkpi_vif_iflladdr(void *arg, struct ifnet *ifp)
4015 {
4016 	struct epoch_tracker et;
4017 	struct ieee80211_vif *vif;
4018 
4019 	NET_EPOCH_ENTER(et);
4020 	/* NB: identify vap's by if_transmit; left as an extra check. */
4021 	if (if_gettransmitfn(ifp) != ieee80211_vap_transmit ||
4022 	    (if_getflags(ifp) & IFF_UP) != 0) {
4023 		NET_EPOCH_EXIT(et);
4024 		return;
4025 	}
4026 
4027 	vif = arg;
4028 	IEEE80211_ADDR_COPY(vif->bss_conf.addr, if_getlladdr(ifp));
4029 	NET_EPOCH_EXIT(et);
4030 }
4031 
4032 static struct ieee80211vap *
4033 lkpi_ic_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ],
4034     int unit, enum ieee80211_opmode opmode, int flags,
4035     const uint8_t bssid[IEEE80211_ADDR_LEN],
4036     const uint8_t mac[IEEE80211_ADDR_LEN])
4037 {
4038 	struct lkpi_hw *lhw;
4039 	struct ieee80211_hw *hw;
4040 	struct lkpi_vif *lvif;
4041 	struct ieee80211vap *vap;
4042 	struct ieee80211_vif *vif;
4043 	struct ieee80211_tx_queue_params txqp;
4044 	enum ieee80211_bss_changed bss_changed;
4045 	struct sysctl_oid *node;
4046 	size_t len;
4047 	int error, i;
4048 	uint16_t ac;
4049 
4050 	if (!TAILQ_EMPTY(&ic->ic_vaps))	/* 1 so far. Add <n> once this works. */
4051 		return (NULL);
4052 
4053 	lhw = ic->ic_softc;
4054 	hw = LHW_TO_HW(lhw);
4055 
4056 	len = sizeof(*lvif);
4057 	len += hw->vif_data_size;	/* vif->drv_priv */
4058 
4059 	lvif = malloc(len, M_80211_VAP, M_WAITOK | M_ZERO);
4060 	mtx_init(&lvif->mtx, "lvif", NULL, MTX_DEF);
4061 	TASK_INIT(&lvif->sw_scan_task, 0, lkpi_sw_scan_task, lvif);
4062 	INIT_LIST_HEAD(&lvif->lsta_list);
4063 	lvif->lvif_bss = NULL;
4064 	refcount_init(&lvif->nt_unlocked, 0);
4065 	lvif->lvif_bss_synched = false;
4066 	vap = LVIF_TO_VAP(lvif);
4067 
4068 	vif = LVIF_TO_VIF(lvif);
4069 	memcpy(vif->addr, mac, IEEE80211_ADDR_LEN);
4070 	vif->p2p = false;
4071 	vif->probe_req_reg = false;
4072 	vif->type = lkpi_opmode_to_vif_type(opmode);
4073 	lvif->wdev.iftype = vif->type;
4074 	/* Need to fill in other fields as well. */
4075 	IMPROVE();
4076 
4077 	/* Create a chanctx to be used later. */
4078 	IMPROVE("lkpi_alloc_lchanctx reserved as many as can be");
4079 	(void) lkpi_find_lchanctx_reserved(hw, lvif);
4080 
4081 	/* XXX-BZ hardcoded for now! */
4082 #if 1
4083 	RCU_INIT_POINTER(vif->bss_conf.chanctx_conf, NULL);
4084 	vif->bss_conf.vif = vif;
4085 	/* vap->iv_myaddr is not set until net80211::vap_setup or vap_attach. */
4086 	IEEE80211_ADDR_COPY(vif->bss_conf.addr, mac);
4087 	lvif->lvif_ifllevent = EVENTHANDLER_REGISTER(iflladdr_event,
4088 	    lkpi_vif_iflladdr, vif, EVENTHANDLER_PRI_ANY);
4089 	vif->bss_conf.link_id = 0;	/* Non-MLO operation. */
4090 	vif->bss_conf.chanreq.oper.chan = lhw->dflt_chandef.chan;
4091 	vif->bss_conf.chanreq.oper.width = NL80211_CHAN_WIDTH_20_NOHT;
4092 	vif->bss_conf.use_short_preamble = false;	/* vap->iv_flags IEEE80211_F_SHPREAMBLE */
4093 	vif->bss_conf.use_short_slot = false;		/* vap->iv_flags IEEE80211_F_SHSLOT */
4094 	vif->bss_conf.qos = false;
4095 	vif->bss_conf.use_cts_prot = false;		/* vap->iv_protmode */
4096 	vif->bss_conf.ht_operation_mode = IEEE80211_HT_OP_MODE_PROTECTION_NONE;
4097 	IEEE80211_ADDR_COPY(vif->cfg.ap_addr, ieee80211broadcastaddr);
4098 	vif->cfg.aid = 0;
4099 	vif->cfg.assoc = false;
4100 	vif->cfg.idle = true;
4101 	vif->cfg.ps = false;
4102 	IMPROVE("Check other fields and then figure out whats is left elsewhere of them");
4103 	/*
4104 	 * We need to initialize it to something as the bss_info_changed call
4105 	 * will try to copy from it in iwlwifi and NULL is a panic.
4106 	 * We will set the proper one in scan_to_auth() before being assoc.
4107 	 */
4108 	vif->bss_conf.bssid = ieee80211broadcastaddr;
4109 #endif
4110 #if 0
4111 	vif->bss_conf.dtim_period = 0; /* IEEE80211_DTIM_DEFAULT ; must stay 0. */
4112 	IEEE80211_ADDR_COPY(vif->bss_conf.bssid, bssid);
4113 	vif->bss_conf.beacon_int = ic->ic_bintval;
4114 	/* iwlwifi bug. */
4115 	if (vif->bss_conf.beacon_int < 16)
4116 		vif->bss_conf.beacon_int = 16;
4117 #endif
4118 
4119 	/* Link Config */
4120 	vif->link_conf[0] = &vif->bss_conf;
4121 	for (i = 0; i < nitems(vif->link_conf); i++) {
4122 		IMPROVE("more than 1 link one day");
4123 	}
4124 
4125 	/* Setup queue defaults; driver may override in (*add_interface). */
4126 	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
4127 		if (ieee80211_hw_check(hw, QUEUE_CONTROL))
4128 			vif->hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
4129 		else if (hw->queues >= IEEE80211_NUM_ACS)
4130 			vif->hw_queue[i] = i;
4131 		else
4132 			vif->hw_queue[i] = 0;
4133 
4134 		/* Initialize the queue to running. Stopped? */
4135 		lvif->hw_queue_stopped[i] = false;
4136 	}
4137 	vif->cab_queue = IEEE80211_INVAL_HW_QUEUE;
4138 
4139 	IMPROVE();
4140 
4141 	wiphy_lock(hw->wiphy);
4142 	error = lkpi_80211_mo_start(hw);
4143 	if (error != 0) {
4144 		wiphy_unlock(hw->wiphy);
4145 		ic_printf(ic, "%s: failed to start hw: %d\n", __func__, error);
4146 		mtx_destroy(&lvif->mtx);
4147 		free(lvif, M_80211_VAP);
4148 		return (NULL);
4149 	}
4150 
4151 	error = lkpi_80211_mo_add_interface(hw, vif);
4152 	if (error != 0) {
4153 		IMPROVE();	/* XXX-BZ mo_stop()? */
4154 		wiphy_unlock(hw->wiphy);
4155 		ic_printf(ic, "%s: failed to add interface: %d\n", __func__, error);
4156 		mtx_destroy(&lvif->mtx);
4157 		free(lvif, M_80211_VAP);
4158 		return (NULL);
4159 	}
4160 	wiphy_unlock(hw->wiphy);
4161 
4162 	LKPI_80211_LHW_LVIF_LOCK(lhw);
4163 	TAILQ_INSERT_TAIL(&lhw->lvif_head, lvif, lvif_entry);
4164 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4165 
4166 	/* Set bss_info. */
4167 	bss_changed = 0;
4168 	lkpi_bss_info_change(hw, vif, bss_changed);
4169 
4170 	/* Configure tx queues (conf_tx), default WME & send BSS_CHANGED_QOS. */
4171 	IMPROVE("Hardcoded values; to fix see 802.11-2016, 9.4.2.29 EDCA Parameter Set element");
4172 	wiphy_lock(hw->wiphy);
4173 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4174 
4175 		bzero(&txqp, sizeof(txqp));
4176 		txqp.cw_min = 15;
4177 		txqp.cw_max = 1023;
4178 		txqp.txop = 0;
4179 		txqp.aifs = 2;
4180 		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
4181 		if (error != 0)
4182 			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
4183 			    __func__, ac, error);
4184 	}
4185 	wiphy_unlock(hw->wiphy);
4186 	bss_changed = BSS_CHANGED_QOS;
4187 	lkpi_bss_info_change(hw, vif, bss_changed);
4188 
4189 	/* Force MC init. */
4190 	lkpi_update_mcast_filter(ic);
4191 
4192 	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
4193 
4194 	/* Now we have a valid vap->iv_ifp.  Any checksum offloading goes below. */
4195 
4196 	IMPROVE();
4197 
4198 	/* Override with LinuxKPI method so we can drive mac80211/cfg80211. */
4199 	lvif->iv_newstate = vap->iv_newstate;
4200 	vap->iv_newstate = lkpi_iv_newstate;
4201 	lvif->iv_update_bss = vap->iv_update_bss;
4202 	vap->iv_update_bss = lkpi_iv_update_bss;
4203 	lvif->iv_recv_mgmt = vap->iv_recv_mgmt;
4204 	vap->iv_recv_mgmt = lkpi_iv_sta_recv_mgmt;
4205 
4206 #ifdef LKPI_80211_HW_CRYPTO
4207 	/* Key management. */
4208 	if (lkpi_hwcrypto && lhw->ops->set_key != NULL) {
4209 		vap->iv_key_set = lkpi_iv_key_set;
4210 		vap->iv_key_delete = lkpi_iv_key_delete;
4211 		vap->iv_key_update_begin = lkpi_iv_key_update_begin;
4212 		vap->iv_key_update_end = lkpi_iv_key_update_end;
4213 	}
4214 #endif
4215 
4216 #ifdef LKPI_80211_HT
4217 	/* Stay with the iv_ampdu_rxmax,limit / iv_ampdu_density defaults until later. */
4218 #endif
4219 
4220 	ieee80211_ratectl_init(vap);
4221 
4222 	/* Complete setup. */
4223 	ieee80211_vap_attach(vap, ieee80211_media_change,
4224 	    ieee80211_media_status, mac);
4225 
4226 #ifdef LKPI_80211_HT
4227 	/*
4228 	 * Modern chipset/fw/drv will do A-MPDU in drv/fw and fail
4229 	 * to do so if they cannot do the crypto too.
4230 	 */
4231 	if (!lkpi_hwcrypto && IEEE80211_CONF_AMPDU_OFFLOAD(ic))
4232 		vap->iv_flags_ht &= ~IEEE80211_FHT_AMPDU_RX;
4233 #endif
4234 
4235 	if (hw->max_listen_interval == 0)
4236 		hw->max_listen_interval = 7 * (ic->ic_lintval / ic->ic_bintval);
4237 	hw->conf.listen_interval = hw->max_listen_interval;
4238 
4239 	/* XXX-BZ do we need to be able to update these? */
4240 	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
4241 	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
4242 	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
4243 	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
4244 	/* any others? */
4245 
4246 	/* Add per-VIF/VAP sysctls. */
4247 	sysctl_ctx_init(&lvif->sysctl_ctx);
4248 
4249 	node = SYSCTL_ADD_NODE(&lvif->sysctl_ctx,
4250 	    SYSCTL_CHILDREN(&sysctl___compat_linuxkpi_80211),
4251 	    OID_AUTO, if_name(vap->iv_ifp),
4252 	    CTLFLAG_RD | CTLFLAG_SKIP | CTLFLAG_MPSAFE, NULL, "VIF Information");
4253 
4254 	SYSCTL_ADD_PROC(&lvif->sysctl_ctx,
4255 	    SYSCTL_CHILDREN(node), OID_AUTO, "dump_stas",
4256 	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, lvif, 0,
4257 	    lkpi_80211_dump_stas, "A", "Dump sta statistics of this vif");
4258 	SYSCTL_ADD_PROC(&lvif->sysctl_ctx,
4259 	    SYSCTL_CHILDREN(node), OID_AUTO, "dump_stas_queues",
4260 	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_SKIP, lvif, 0,
4261 	    lkpi_80211_dump_sta_queues, "A",
4262 	    "Dump queue statistics for any sta of this vif");
4263 
4264 	IMPROVE();
4265 
4266 	return (vap);
4267 }
4268 
4269 void
4270 linuxkpi_ieee80211_unregister_hw(struct ieee80211_hw *hw)
4271 {
4272 
4273 	wiphy_unregister(hw->wiphy);
4274 	linuxkpi_ieee80211_ifdetach(hw);
4275 
4276 	IMPROVE();
4277 }
4278 
4279 void
4280 linuxkpi_ieee80211_restart_hw(struct ieee80211_hw *hw)
4281 {
4282 
4283 	TODO();
4284 }
4285 
4286 static void
4287 lkpi_ic_vap_delete(struct ieee80211vap *vap)
4288 {
4289 	struct ieee80211com *ic;
4290 	struct lkpi_hw *lhw;
4291 	struct ieee80211_hw *hw;
4292 	struct lkpi_vif *lvif;
4293 	struct ieee80211_vif *vif;
4294 
4295 	lvif = VAP_TO_LVIF(vap);
4296 	vif = LVIF_TO_VIF(lvif);
4297 	ic = vap->iv_ic;
4298 	lhw = ic->ic_softc;
4299 	hw = LHW_TO_HW(lhw);
4300 
4301 	EVENTHANDLER_DEREGISTER(iflladdr_event, lvif->lvif_ifllevent);
4302 
4303 	/* Clear up per-VIF/VAP sysctls. */
4304 	sysctl_ctx_free(&lvif->sysctl_ctx);
4305 
4306 	ieee80211_draintask(ic, &lvif->sw_scan_task);
4307 
4308 	LKPI_80211_LHW_LVIF_LOCK(lhw);
4309 	TAILQ_REMOVE(&lhw->lvif_head, lvif, lvif_entry);
4310 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4311 
4312 	ieee80211_ratectl_deinit(vap);
4313 	ieee80211_vap_detach(vap);
4314 
4315 	IMPROVE("clear up other bits in this state");
4316 
4317 	lkpi_80211_mo_remove_interface(hw, vif);
4318 
4319 	/* Single VAP, so we can do this here. */
4320 	lkpi_80211_mo_stop(hw, false);			/* XXX SUSPEND */
4321 
4322 	mtx_destroy(&lvif->mtx);
4323 	free(lvif, M_80211_VAP);
4324 }
4325 
4326 static void
4327 lkpi_ic_update_mcast(struct ieee80211com *ic)
4328 {
4329 	struct ieee80211vap *vap;
4330 	struct lkpi_hw *lhw;
4331 
4332 	lhw = ic->ic_softc;
4333 
4334 	LKPI_80211_LHW_MC_LOCK(lhw);
4335 	/* Cleanup anything on the current list. */
4336 	lkpi_cleanup_mcast_list_locked(lhw);
4337 
4338 	/* Build up the new list (or allmulti). */
4339 	if (ic->ic_allmulti == 0) {
4340 		TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
4341 			if_foreach_llmaddr(vap->iv_ifp,
4342 			    lkpi_ic_update_mcast_copy, &lhw->mc_list);
4343 		lhw->mc_all_multi = false;
4344 	} else {
4345 		lhw->mc_all_multi = true;
4346 	}
4347 	LKPI_80211_LHW_MC_UNLOCK(lhw);
4348 
4349 	lkpi_update_mcast_filter(ic);
4350 	TRACEOK();
4351 }
4352 
4353 static void
4354 lkpi_ic_update_promisc(struct ieee80211com *ic)
4355 {
4356 
4357 	UNIMPLEMENTED;
4358 }
4359 
4360 static void
4361 lkpi_ic_update_chw(struct ieee80211com *ic)
4362 {
4363 
4364 	UNIMPLEMENTED;
4365 }
4366 
4367 /* Start / stop device. */
4368 static void
4369 lkpi_ic_parent(struct ieee80211com *ic)
4370 {
4371 	struct lkpi_hw *lhw;
4372 	struct ieee80211_hw *hw;
4373 #ifdef HW_START_STOP
4374 	int error;
4375 #endif
4376 	bool start_all;
4377 
4378 	IMPROVE();
4379 
4380 	lhw = ic->ic_softc;
4381 	hw = LHW_TO_HW(lhw);
4382 	start_all = false;
4383 
4384 	/* IEEE80211_UNLOCK(ic); */
4385 	wiphy_lock(hw->wiphy);
4386 	if (ic->ic_nrunning > 0) {
4387 #ifdef HW_START_STOP
4388 		error = lkpi_80211_mo_start(hw);
4389 		if (error == 0)
4390 #endif
4391 			start_all = true;
4392 	} else {
4393 #ifdef HW_START_STOP
4394 		lkpi_80211_mo_stop(hw, false);		/* XXX SUSPEND */
4395 #endif
4396 	}
4397 	wiphy_unlock(hw->wiphy);
4398 	/* IEEE80211_LOCK(ic); */
4399 
4400 	if (start_all)
4401 		ieee80211_start_all(ic);
4402 }
4403 
4404 bool
4405 linuxkpi_ieee80211_is_ie_id_in_ie_buf(const u8 ie, const u8 *ie_ids,
4406     size_t ie_ids_len)
4407 {
4408 	int i;
4409 
4410 	for (i = 0; i < ie_ids_len; i++) {
4411 		if (ie == *ie_ids)
4412 			return (true);
4413 	}
4414 
4415 	return (false);
4416 }
4417 
4418 /* Return true if skipped; false if error. */
4419 bool
4420 linuxkpi_ieee80211_ie_advance(size_t *xp, const u8 *ies, size_t ies_len)
4421 {
4422 	size_t x;
4423 	uint8_t l;
4424 
4425 	x = *xp;
4426 
4427 	KASSERT(x < ies_len, ("%s: x %zu ies_len %zu ies %p\n",
4428 	    __func__, x, ies_len, ies));
4429 	l = ies[x + 1];
4430 	x += 2 + l;
4431 
4432 	if (x > ies_len)
4433 		return (false);
4434 
4435 	*xp = x;
4436 	return (true);
4437 }
4438 
4439 static uint8_t *
4440 lkpi_scan_ies_add(uint8_t *p, struct ieee80211_scan_ies *scan_ies,
4441     uint32_t band_mask, struct ieee80211vap *vap, struct ieee80211_hw *hw)
4442 {
4443 	struct ieee80211_supported_band *supband;
4444 	struct linuxkpi_ieee80211_channel *channels;
4445 	struct ieee80211com *ic;
4446 	const struct ieee80211_channel *chan;
4447 	const struct ieee80211_rateset *rs;
4448 	uint8_t *pb;
4449 	int band, i;
4450 
4451 	ic = vap->iv_ic;
4452 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
4453 		if ((band_mask & (1 << band)) == 0)
4454 			continue;
4455 
4456 		supband = hw->wiphy->bands[band];
4457 		/*
4458 		 * This should not happen;
4459 		 * band_mask is a bitmask of valid bands to scan on.
4460 		 */
4461 		if (supband == NULL || supband->n_channels == 0)
4462 			continue;
4463 
4464 		/* Find a first channel to get the mode and rates from. */
4465 		channels = supband->channels;
4466 		chan = NULL;
4467 		for (i = 0; i < supband->n_channels; i++) {
4468 			uint32_t flags;
4469 
4470 			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
4471 				continue;
4472 
4473 			flags = 0;
4474 			switch (band) {
4475 			case NL80211_BAND_2GHZ:
4476 				flags |= IEEE80211_CHAN_G;
4477 				break;
4478 			case NL80211_BAND_5GHZ:
4479 				flags |= IEEE80211_CHAN_A;
4480 				break;
4481 			default:
4482 				panic("%s:%d: unupported band %d\n",
4483 				    __func__, __LINE__, band);
4484 			}
4485 
4486 			chan = ieee80211_find_channel(ic,
4487 			    channels[i].center_freq, flags);
4488 			if (chan != NULL)
4489 				break;
4490 		}
4491 
4492 		/* This really should not happen. */
4493 		if (chan == NULL)
4494 			continue;
4495 
4496 		pb = p;
4497 		rs = ieee80211_get_suprates(ic, chan);	/* calls chan2mode */
4498 		p = ieee80211_add_rates(p, rs);
4499 		p = ieee80211_add_xrates(p, rs);
4500 
4501 #if defined(LKPI_80211_HT)
4502 		if ((vap->iv_flags_ht & IEEE80211_FHT_HT) != 0) {
4503 			struct ieee80211_channel *c;
4504 
4505 			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4506 			    vap->iv_flags_ht);
4507 			p = ieee80211_add_htcap_ch(p, vap, c);
4508 		}
4509 #endif
4510 #if defined(LKPI_80211_VHT)
4511 		if (band == NL80211_BAND_5GHZ &&
4512 		    (vap->iv_vht_flags & IEEE80211_FVHT_VHT) != 0) {
4513 			struct ieee80211_channel *c;
4514 
4515 			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4516 			    vap->iv_flags_ht);
4517 			c = ieee80211_vht_adjust_channel(ic, c,
4518 			    vap->iv_vht_flags);
4519 			p = ieee80211_add_vhtcap_ch(p, vap, c);
4520 		}
4521 #endif
4522 
4523 		scan_ies->ies[band] = pb;
4524 		scan_ies->len[band] = p - pb;
4525 	}
4526 
4527 	/* Add common_ies */
4528 	pb = p;
4529 	if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4530 	    vap->iv_wpa_ie != NULL) {
4531 		memcpy(p, vap->iv_wpa_ie, 2 + vap->iv_wpa_ie[1]);
4532 		p += 2 + vap->iv_wpa_ie[1];
4533 	}
4534 	if (vap->iv_appie_probereq != NULL) {
4535 		memcpy(p, vap->iv_appie_probereq->ie_data,
4536 		    vap->iv_appie_probereq->ie_len);
4537 		p += vap->iv_appie_probereq->ie_len;
4538 	}
4539 	scan_ies->common_ies = pb;
4540 	scan_ies->common_ie_len = p - pb;
4541 
4542 	return (p);
4543 }
4544 
4545 static void
4546 lkpi_enable_hw_scan(struct lkpi_hw *lhw)
4547 {
4548 
4549 	if (lhw->ops->hw_scan) {
4550 		/*
4551 		 * Advertise full-offload scanning.
4552 		 *
4553 		 * Not limiting to SINGLE_SCAN_ON_ALL_BANDS here as otherwise
4554 		 * we essentially disable hw_scan for all drivers not setting
4555 		 * the flag.
4556 		 */
4557 		lhw->ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD;
4558 		lhw->scan_flags |= LKPI_LHW_SCAN_HW;
4559 	}
4560 }
4561 
4562 #ifndef LKPI_80211_USE_SCANLIST
4563 static const uint32_t chan_pri[] = {
4564 	5180, 5500, 5745,
4565 	5260, 5580, 5660, 5825,
4566 	5220, 5300, 5540, 5620, 5700, 5785, 5865,
4567 	2437, 2412, 2422, 2462, 2472, 2432, 2452
4568 };
4569 
4570 static int
4571 lkpi_scan_chan_list_idx(const struct linuxkpi_ieee80211_channel *lc)
4572 {
4573 	int i;
4574 
4575 	for (i = 0; i < nitems(chan_pri); i++) {
4576 		if (lc->center_freq == chan_pri[i])
4577 			return (i);
4578 	}
4579 
4580 	return (-1);
4581 }
4582 
4583 static int
4584 lkpi_scan_chan_list_comp(const  struct linuxkpi_ieee80211_channel *lc1,
4585     const  struct linuxkpi_ieee80211_channel *lc2)
4586 {
4587 	int idx1, idx2;
4588 
4589 	/* Find index in list. */
4590 	idx1 = lkpi_scan_chan_list_idx(lc1);
4591 	idx2 = lkpi_scan_chan_list_idx(lc2);
4592 
4593 	if (idx1 == -1 && idx2 != -1)
4594 		return (1);
4595 	if (idx1 != -1 && idx2 == -1)
4596 		return (-1);
4597 
4598 	/* Neither on the list, use center_freq. */
4599 	if (idx1 == -1 && idx2 == -1)
4600 		return (lc1->center_freq - lc2->center_freq);
4601 
4602 	/* Whichever is first in the list. */
4603 	return (idx1 - idx2);
4604 }
4605 
4606 static void
4607 lkpi_scan_chan_list_resort(struct linuxkpi_ieee80211_channel **cpp, size_t nchan)
4608 {
4609 	struct linuxkpi_ieee80211_channel *lc, *nc;
4610 	size_t i, j;
4611 	int rc;
4612 
4613 	for (i = (nchan - 1); i > 0; i--) {
4614 		for (j = i; j > 0 ; j--) {
4615 			lc = *(cpp + j);
4616 			nc = *(cpp + j - 1);
4617 			rc = lkpi_scan_chan_list_comp(lc, nc);
4618 			if (rc < 0) {
4619 				*(cpp + j) = nc;
4620 				*(cpp + j - 1) = lc;
4621 			}
4622 		}
4623 	}
4624 }
4625 
4626 static bool
4627 lkpi_scan_chan(struct linuxkpi_ieee80211_channel *c,
4628     struct ieee80211com *ic, bool log)
4629 {
4630 
4631 	if ((c->flags & IEEE80211_CHAN_DISABLED) != 0) {
4632 		if (log)
4633 			TRACE_SCAN(ic, "Skipping disabled chan "
4634 			    "on band %s [%#x/%u/%#x]",
4635 			    lkpi_nl80211_band_name(c->band), c->hw_value,
4636 			    c->center_freq, c->flags);
4637 		return (false);
4638 	}
4639 	if (isclr(ic->ic_chan_active, ieee80211_mhz2ieee(c->center_freq,
4640 	    lkpi_nl80211_band_to_net80211_band(c->band)))) {
4641 		if (log)
4642 			TRACE_SCAN(ic, "Skipping !active chan "
4643 			    "on band %s [%#x/%u/%#x]",
4644 			    lkpi_nl80211_band_name(c->band), c->hw_value,
4645 			    c->center_freq, c->flags);
4646 		return (false);
4647 	}
4648 	return (true);
4649 }
4650 #endif
4651 
4652 static void
4653 lkpi_ic_scan_start(struct ieee80211com *ic)
4654 {
4655 	struct lkpi_hw *lhw;
4656 	struct ieee80211_hw *hw;
4657 	struct lkpi_vif *lvif;
4658 	struct ieee80211_vif *vif;
4659 	struct ieee80211_scan_state *ss;
4660 	struct ieee80211vap *vap;
4661 	int error;
4662 	bool is_hw_scan;
4663 
4664 	lhw = ic->ic_softc;
4665 	ss = ic->ic_scan;
4666 	vap = ss->ss_vap;
4667 	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4668 
4669 	LKPI_80211_LHW_SCAN_LOCK(lhw);
4670 	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4671 		/* A scan is still running. */
4672 		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4673 		TRACE_SCAN(ic, "Trying to start new scan while still running; "
4674 		    "cancelling new net80211 scan; scan_flags %b",
4675 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4676 		ieee80211_cancel_scan(vap);
4677 		return;
4678 	}
4679 	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
4680 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4681 
4682 #if 0
4683 	if (vap->iv_state != IEEE80211_S_SCAN) {
4684 		TODO("We need to be able to scan if not in S_SCAN");
4685 		TRACE_SCAN(ic, "scan_flags %b iv_state %d",
4686 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, vap->iv_state);
4687 		ieee80211_cancel_scan(vap);
4688 		return;
4689 	}
4690 #endif
4691 
4692 	hw = LHW_TO_HW(lhw);
4693 	if (!is_hw_scan) {
4694 		/* If hw_scan is cleared clear FEXT_SCAN_OFFLOAD too. */
4695 		vap->iv_flags_ext &= ~IEEE80211_FEXT_SCAN_OFFLOAD;
4696 
4697 		lvif = VAP_TO_LVIF(vap);
4698 		vif = LVIF_TO_VIF(lvif);
4699 
4700 		if (vap->iv_state == IEEE80211_S_SCAN)
4701 			lkpi_hw_conf_idle(hw, false);
4702 
4703 		LKPI_80211_LHW_SCAN_LOCK(lhw);
4704 		lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4705 		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4706 
4707 		lkpi_update_mcast_filter(ic);
4708 
4709 		TRACE_SCAN(vap->iv_ic, "Starting SW_SCAN: scan_flags %b",
4710 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4711 		lkpi_80211_mo_sw_scan_start(hw, vif, vif->addr);
4712 		/* net80211::scan_start() handled PS for us. */
4713 		IMPROVE();
4714 		/* XXX Also means it is too late to flush queues?
4715 		 * need to check iv_sta_ps or overload? */
4716 		/* XXX want to adjust ss end time/ maxdwell? */
4717 
4718 	} else {
4719 		struct ieee80211_scan_request *hw_req;
4720 		struct linuxkpi_ieee80211_channel *lc, **cpp;
4721 		struct cfg80211_ssid *ssids;
4722 		struct cfg80211_scan_6ghz_params *s6gp;
4723 		size_t chan_len, nchan, ssids_len, s6ghzlen;
4724 		int band, i, ssid_count, common_ie_len;
4725 #ifndef LKPI_80211_USE_SCANLIST
4726 		int n;
4727 #endif
4728 		uint32_t band_mask;
4729 		uint8_t *ie, *ieend;
4730 		bool running;
4731 
4732 		ssid_count = min(ss->ss_nssid, hw->wiphy->max_scan_ssids);
4733 		ssids_len = ssid_count * sizeof(*ssids);
4734 		s6ghzlen = 0 * (sizeof(*s6gp));			/* XXX-BZ */
4735 
4736 		band_mask = 0;
4737 		nchan = 0;
4738 		if (ieee80211_hw_check(hw, SINGLE_SCAN_ON_ALL_BANDS)) {
4739 #ifdef LKPI_80211_USE_SCANLIST
4740 		/* Avoid net80211 scan lists until it has proper scan offload support. */
4741 			for (i = ss->ss_next; i < ss->ss_last; i++) {
4742 				nchan++;
4743 				band = lkpi_net80211_chan_to_nl80211_band(
4744 				    ss->ss_chans[ss->ss_next + i]);
4745 				band_mask |= (1 << band);
4746 			}
4747 #else
4748 			/* Instead we scan for all channels all the time. */
4749 			for (band = 0; band < NUM_NL80211_BANDS; band++) {
4750 				switch (band) {
4751 				case NL80211_BAND_2GHZ:
4752 				case NL80211_BAND_5GHZ:
4753 					break;
4754 				default:
4755 					continue;
4756 				}
4757 				if (hw->wiphy->bands[band] != NULL) {
4758 					struct linuxkpi_ieee80211_channel *channels;
4759 					int n;
4760 
4761 					band_mask |= (1 << band);
4762 
4763 					channels = hw->wiphy->bands[band]->channels;
4764 					n = hw->wiphy->bands[band]->n_channels;
4765 					for (i = 0; i < n; i++) {
4766 						if (lkpi_scan_chan(&channels[i], ic, true))
4767 							nchan++;
4768 					}
4769 				}
4770 			}
4771 #endif
4772 		} else {
4773 			IMPROVE("individual band scans not yet supported, only scanning first band");
4774 			/* In theory net80211 should drive this. */
4775 			/* Probably we need to add local logic for now;
4776 			 * need to deal with scan_complete
4777 			 * and cancel_scan and keep local state.
4778 			 * Also cut the nchan down above.
4779 			 */
4780 			/* XXX-BZ ath10k does not set this but still does it? &$%^ */
4781 		}
4782 
4783 		chan_len = nchan * (sizeof(lc) + sizeof(*lc));
4784 
4785 		common_ie_len = 0;
4786 		if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4787 		    vap->iv_wpa_ie != NULL)
4788 			common_ie_len += vap->iv_wpa_ie[1];
4789 		if (vap->iv_appie_probereq != NULL)
4790 			common_ie_len += vap->iv_appie_probereq->ie_len;
4791 
4792 		/* We would love to check this at an earlier stage... */
4793 		if (common_ie_len >  hw->wiphy->max_scan_ie_len) {
4794 			ic_printf(ic, "WARNING: %s: common_ie_len %d > "
4795 			    "wiphy->max_scan_ie_len %d\n", __func__,
4796 			    common_ie_len, hw->wiphy->max_scan_ie_len);
4797 		}
4798 
4799 		hw_req = malloc(sizeof(*hw_req) + ssids_len +
4800 		    s6ghzlen + chan_len + lhw->supbands * lhw->scan_ie_len +
4801 		    common_ie_len, M_LKPI80211, M_WAITOK | M_ZERO);
4802 
4803 		hw_req->req.flags = 0;			/* XXX ??? */
4804 		/* hw_req->req.wdev */
4805 		hw_req->req.wiphy = hw->wiphy;
4806 		hw_req->req.no_cck = false;		/* XXX */
4807 
4808 		/*
4809 		 * In general setting duration[_mandatory] seems to pessimise
4810 		 * default scanning behaviour.  We only use it for BGSCANnig
4811 		 * to keep the dwell times small.
4812 		 * Setting duration_mandatory makes this the maximum dwell
4813 		 * time (otherwise may be shorter).  Duration is in TU.
4814 		 */
4815 		if ((ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN) != 0) {
4816 			unsigned long dwell;
4817 
4818 			if ((ic->ic_caps & IEEE80211_C_BGSCAN) == 0 ||
4819 			    (vap->iv_flags & IEEE80211_F_BGSCAN) == 0)
4820 				ic_printf(ic, "BGSCAN despite off: %b, %b, %b\n",
4821 				    ic->ic_flags_ext, IEEE80211_FEXT_BITS,
4822 				    vap->iv_flags, IEEE80211_F_BITS,
4823 				    ic->ic_caps, IEEE80211_C_BITS);
4824 
4825 			dwell = ss->ss_mindwell;
4826 			if (dwell == 0)
4827 				dwell = msecs_to_ticks(20);
4828 
4829 			hw_req->req.duration_mandatory = true;
4830 			hw_req->req.duration = TICKS_2_USEC(dwell) / 1024;
4831 		}
4832 
4833 #ifdef __notyet__
4834 		hw_req->req.flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
4835 		memcpy(hw_req->req.mac_addr, xxx, IEEE80211_ADDR_LEN);
4836 		memset(hw_req->req.mac_addr_mask, 0xxx, IEEE80211_ADDR_LEN);
4837 #endif
4838 		eth_broadcast_addr(hw_req->req.bssid);
4839 
4840 		hw_req->req.n_channels = nchan;
4841 		cpp = (struct linuxkpi_ieee80211_channel **)(hw_req + 1);
4842 		lc = (struct linuxkpi_ieee80211_channel *)(cpp + nchan);
4843 #ifdef LKPI_80211_USE_SCANLIST
4844 		for (i = 0; i < nchan; i++) {
4845 			*(cpp + i) =
4846 			    (struct linuxkpi_ieee80211_channel *)(lc + i);
4847 		}
4848 		/* Avoid net80211 scan lists until it has proper scan offload support. */
4849 		for (i = 0; i < nchan; i++) {
4850 			struct ieee80211_channel *c;
4851 
4852 			c = ss->ss_chans[ss->ss_next + i];
4853 			lc->center_freq = c->ic_freq;	/* XXX */
4854 			/* lc->flags */
4855 			lc->band = lkpi_net80211_chan_to_nl80211_band(c);
4856 			lc->max_power = c->ic_maxpower;
4857 			/* lc-> ... */
4858 			lc++;
4859 		}
4860 #else
4861 		/* Add bands in reverse order for scanning. */
4862 		n = 0;
4863 		for (band = NUM_NL80211_BANDS - 1; band >= 0; band--) {
4864 			struct ieee80211_supported_band *supband;
4865 			struct linuxkpi_ieee80211_channel *channels;
4866 
4867 			/* Band disabled for scanning? */
4868 			if ((band_mask & (1 << band)) == 0)
4869 				continue;
4870 
4871 			/* Nothing to scan in band? */
4872 			supband = hw->wiphy->bands[band];
4873 			if (supband == NULL || supband->n_channels == 0)
4874 				continue;
4875 
4876 			channels = supband->channels;
4877 			for (i = 0; i < supband->n_channels; i++) {
4878 				if (lkpi_scan_chan(&channels[i], ic, false))
4879 					*(cpp + n++) = &channels[i];
4880 			}
4881 		}
4882 		if (lkpi_order_scanlist)
4883 			lkpi_scan_chan_list_resort(cpp, nchan);
4884 
4885 		if ((linuxkpi_debug_80211 & D80211_SCAN) != 0) {
4886 			printf("%s:%d: %s SCAN Channel List (nchan=%zu): ",
4887 			    __func__, __LINE__, ic->ic_name, nchan);
4888 			for (i = 0; i < nchan; i++) {
4889 				struct linuxkpi_ieee80211_channel *xc;
4890 
4891 				xc = *(cpp + i);
4892 				printf(" %d(%d)",
4893 				    ieee80211_mhz2ieee(xc->center_freq,
4894 				        lkpi_nl80211_band_to_net80211_band(
4895 					xc->band)),
4896 				    xc->center_freq);
4897 			}
4898 			printf("\n");
4899 		}
4900 #endif
4901 
4902 		hw_req->req.n_ssids = ssid_count;
4903 		if (hw_req->req.n_ssids > 0) {
4904 			ssids = (struct cfg80211_ssid *)lc;
4905 			hw_req->req.ssids = ssids;
4906 			for (i = 0; i < ssid_count; i++) {
4907 				ssids->ssid_len = ss->ss_ssid[i].len;
4908 				memcpy(ssids->ssid, ss->ss_ssid[i].ssid,
4909 				    ss->ss_ssid[i].len);
4910 				ssids++;
4911 			}
4912 			s6gp = (struct cfg80211_scan_6ghz_params *)ssids;
4913 		} else {
4914 			s6gp = (struct cfg80211_scan_6ghz_params *)lc;
4915 		}
4916 
4917 		/* 6GHz one day. */
4918 		hw_req->req.n_6ghz_params = 0;
4919 		hw_req->req.scan_6ghz_params = NULL;
4920 		hw_req->req.scan_6ghz = false;	/* Weird boolean; not what you think. */
4921 		/* s6gp->... */
4922 
4923 		ie = ieend = (uint8_t *)s6gp;
4924 		/* Copy per-band IEs, copy common IEs */
4925 		ieend = lkpi_scan_ies_add(ie, &hw_req->ies, band_mask, vap, hw);
4926 		hw_req->req.ie = ie;
4927 		hw_req->req.ie_len = ieend - ie;
4928 		hw_req->req.scan_start = jiffies;
4929 
4930 		lvif = VAP_TO_LVIF(vap);
4931 		vif = LVIF_TO_VIF(lvif);
4932 
4933 		LKPI_80211_LHW_SCAN_LOCK(lhw);
4934 		/* Re-check under lock. */
4935 		running = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
4936 		if (!running) {
4937 			KASSERT(lhw->hw_req == NULL, ("%s: ic %p lhw %p hw_req %p "
4938 			    "!= NULL\n", __func__, ic, lhw, lhw->hw_req));
4939 
4940 			lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4941 			lhw->hw_req = hw_req;
4942 		}
4943 		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4944 		if (running) {
4945 			free(hw_req, M_LKPI80211);
4946 			TRACE_SCAN(ic, "Trying to start new scan while still "
4947 			    "running (2); cancelling new net80211 scan; "
4948 			    "scan_flags %b",
4949 			    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4950 			ieee80211_cancel_scan(vap);
4951 			return;
4952 		}
4953 
4954 		lkpi_update_mcast_filter(ic);
4955 		TRACE_SCAN(ic, "Starting HW_SCAN: scan_flags %b, "
4956 		    "ie_len %d, n_ssids %d, n_chan %d, common_ie_len %d [%d, %d]",
4957 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, hw_req->req.ie_len,
4958 		    hw_req->req.n_ssids, hw_req->req.n_channels,
4959 		    hw_req->ies.common_ie_len,
4960 		    hw_req->ies.len[NL80211_BAND_2GHZ],
4961 		    hw_req->ies.len[NL80211_BAND_5GHZ]);
4962 
4963 		error = lkpi_80211_mo_hw_scan(hw, vif, hw_req);
4964 		if (error != 0) {
4965 			bool scan_done;
4966 			int e;
4967 
4968 			TRACE_SCAN(ic, "hw_scan failed; scan_flags %b, error %d",
4969 			    lhw->scan_flags, LKPI_LHW_SCAN_BITS, error);
4970 			ieee80211_cancel_scan(vap);
4971 
4972 			/*
4973 			 * ieee80211_scan_completed must be called in either
4974 			 * case of error or none.  So let the free happen there
4975 			 * and only there.
4976 			 * That would be fine in theory but in practice drivers
4977 			 * behave differently:
4978 			 * ath10k does not return hw_scan until after scan_complete
4979 			 *        and can then still return an error.
4980 			 * rtw88 can return 1 or -EBUSY without scan_complete
4981 			 * iwlwifi can return various errors before scan starts
4982 			 * ...
4983 			 * So we cannot rely on that behaviour and have to check
4984 			 * and balance between both code paths.
4985 			 */
4986 			e = 0;
4987 			scan_done = true;
4988 			LKPI_80211_LHW_SCAN_LOCK(lhw);
4989 			if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4990 
4991 				free(lhw->hw_req, M_LKPI80211);
4992 				lhw->hw_req = NULL;
4993 				/*
4994 				 * The ieee80211_cancel_scan() above runs in a
4995 				 * taskq and it may take ages for the previous
4996 				 * scan to clear;  starting a new one right away
4997 				 * we run into the problem that the old one is
4998 				 * still active.
4999 				 */
5000 				e = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz);
5001 				scan_done = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
5002 
5003 				/*
5004 				 * Now we can clear running if no one else did.
5005 				 */
5006 				lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
5007 			}
5008 			LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5009 			lkpi_update_mcast_filter(ic);
5010 			if (!scan_done) {
5011 				ic_printf(ic, "ERROR: %s: timeout/error to wait "
5012 				    "for ieee80211_cancel_scan: %d\n", __func__, e);
5013 				return;
5014 			}
5015 
5016 			/*
5017 			 * XXX-SIGH magic number.
5018 			 * rtw88 has a magic "return 1" if offloading scan is
5019 			 * not possible.  Fall back to sw scan in that case.
5020 			 */
5021 			if (error == 1) {
5022 				/*
5023 				 * We need to put this into some defered context
5024 				 * the net80211 scan may not be done yet
5025 				 * (ic_flags & IEEE80211_F_SCAN) and we cannot
5026 				 * wait here; if we do scan_curchan_task always
5027 				 * runs after our timeout to finalize the scan.
5028 				 */
5029 				ieee80211_runtask(ic, &lvif->sw_scan_task);
5030 				return;
5031 			}
5032 
5033 			ic_printf(ic, "ERROR: %s: hw_scan returned %d\n",
5034 			    __func__, error);
5035 		}
5036 	}
5037 }
5038 
5039 static void
5040 lkpi_sw_scan_task(void *arg, int pending __unused)
5041 {
5042 	struct lkpi_hw *lhw;
5043 	struct lkpi_vif *lvif;
5044 	struct ieee80211vap *vap;
5045 	struct ieee80211_scan_state *ss;
5046 
5047 	lvif = arg;
5048 	vap = LVIF_TO_VAP(lvif);
5049 	lhw = vap->iv_ic->ic_softc;
5050 	ss = vap->iv_ic->ic_scan;
5051 
5052 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5053 	/*
5054 	 * We will re-enable this at scan_end calling lkpi_enable_hw_scan().
5055 	 * IEEE80211_FEXT_SCAN_OFFLOAD will be cleared by lkpi_ic_scan_start.
5056 	 */
5057 	lhw->scan_flags &= ~LKPI_LHW_SCAN_HW;
5058 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5059 
5060 	TRACE_SCAN(vap->iv_ic, "Triggering SW_SCAN: pending %d, scan_flags %b",
5061 	    pending, lhw->scan_flags, LKPI_LHW_SCAN_BITS);
5062 
5063 	/*
5064 	 * This will call ic_scan_start() and we will get into the right path
5065 	 * unless other scans started in between.
5066 	 */
5067 	ieee80211_start_scan(vap,
5068 	    IEEE80211_SCAN_ONCE,
5069 	    msecs_to_ticks(10000), /* 10000 ms (=~ 50 chan * 200 ms) */
5070 	    ss->ss_mindwell ? ss->ss_mindwell : msecs_to_ticks(20),
5071 	    ss->ss_maxdwell ? ss->ss_maxdwell : msecs_to_ticks(200),
5072 	    vap->iv_des_nssid, vap->iv_des_ssid);
5073 }
5074 
5075 static void
5076 lkpi_ic_scan_end(struct ieee80211com *ic)
5077 {
5078 	struct lkpi_hw *lhw;
5079 	bool is_hw_scan;
5080 
5081 	lhw = ic->ic_softc;
5082 	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
5083 
5084 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5085 	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) == 0) {
5086 		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5087 		return;
5088 	}
5089 	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5090 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5091 
5092 	if (!is_hw_scan) {
5093 		struct ieee80211_scan_state *ss;
5094 		struct ieee80211vap *vap;
5095 		struct ieee80211_hw *hw;
5096 		struct lkpi_vif *lvif;
5097 		struct ieee80211_vif *vif;
5098 
5099 		ss = ic->ic_scan;
5100 		vap = ss->ss_vap;
5101 		hw = LHW_TO_HW(lhw);
5102 		lvif = VAP_TO_LVIF(vap);
5103 		vif = LVIF_TO_VIF(lvif);
5104 
5105 		lkpi_80211_mo_sw_scan_complete(hw, vif);
5106 
5107 		/* Send PS to stop buffering if n80211 does not for us? */
5108 
5109 		if (vap->iv_state == IEEE80211_S_SCAN)
5110 			lkpi_hw_conf_idle(hw, true);
5111 	}
5112 
5113 	/*
5114 	 * In case we disabled the hw_scan in lkpi_ic_scan_start() and
5115 	 * switched to swscan, re-enable hw_scan if available.
5116 	 */
5117 	lkpi_enable_hw_scan(lhw);
5118 
5119 	/* Clear the scanning chandef. */
5120 	memset(&lhw->scan_chandef, 0, sizeof(lhw->scan_chandef));
5121 
5122 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5123 	wakeup(lhw);
5124 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5125 }
5126 
5127 static void
5128 lkpi_ic_scan_curchan(struct ieee80211_scan_state *ss,
5129     unsigned long maxdwell)
5130 {
5131 	struct lkpi_hw *lhw;
5132 	bool is_hw_scan;
5133 
5134 	lhw = ss->ss_ic->ic_softc;
5135 	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d maxdwell %lu",
5136 	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5137 	    ss->ss_ic->ic_curchan->ic_ieee, maxdwell);
5138 
5139 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5140 	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5141 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5142 	if (!is_hw_scan)
5143 		lhw->ic_scan_curchan(ss, maxdwell);
5144 }
5145 
5146 static void
5147 lkpi_ic_scan_mindwell(struct ieee80211_scan_state *ss)
5148 {
5149 	struct lkpi_hw *lhw;
5150 	bool is_hw_scan;
5151 
5152 	lhw = ss->ss_ic->ic_softc;
5153 	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d mindwell %lu",
5154 	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5155 	    ss->ss_ic->ic_curchan->ic_ieee, ss->ss_mindwell);
5156 
5157 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5158 	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5159 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5160 	if (!is_hw_scan)
5161 		lhw->ic_scan_mindwell(ss);
5162 }
5163 
5164 struct lkpi_ic_set_channel_iter_arg {
5165 	struct linuxkpi_ieee80211_channel *chan;
5166 	struct ieee80211_chanctx_conf *chanctx_conf;
5167 };
5168 
5169 static void
5170 lkpi_ic_set_channel_chanctx_iterf(struct ieee80211_hw *hw,
5171     struct ieee80211_chanctx_conf *chanctx_conf, void *arg)
5172 {
5173 	struct lkpi_ic_set_channel_iter_arg *chanctx_iter_arg;
5174 
5175 	chanctx_iter_arg = arg;
5176 	if (chanctx_iter_arg->chanctx_conf != NULL)
5177 		return;
5178 
5179 	if (chanctx_iter_arg->chan == chanctx_conf->def.chan)
5180 		chanctx_iter_arg->chanctx_conf = chanctx_conf;
5181 }
5182 
5183 static void
5184 lkpi_ic_set_channel(struct ieee80211com *ic)
5185 {
5186 	struct lkpi_hw *lhw;
5187 	struct ieee80211_hw *hw;
5188 	struct ieee80211_channel *c;
5189 	struct linuxkpi_ieee80211_channel *chan;
5190 	struct ieee80211_chanctx_conf *chanctx_conf;
5191 	uint32_t changed;
5192 	int error;
5193 	bool hw_scan, scan_running;
5194 
5195 	IEEE80211_UNLOCK_ASSERT(ic);
5196 
5197 	lhw = ic->ic_softc;
5198 
5199 	c = ic->ic_curchan;
5200 	if (c == NULL || c == IEEE80211_CHAN_ANYC) {
5201 		ic_printf(ic, "%s: Unset channel: c %p, ignoring update\n",
5202 		    __func__, c);
5203 		return;
5204 	}
5205 
5206 	chan = lkpi_find_lkpi80211_chan(lhw, c);
5207 	if (chan == NULL) {
5208 		ic_printf(ic, "%s: No channel found for c %p(%d) chan %p\n",
5209 		    __func__, c, c->ic_ieee, chan);
5210 		return;
5211 	}
5212 
5213 	/*
5214 	 * All net80211 callers call ieee80211_radiotap_chan_change().
5215 	 * That means we have nothing to do ourselves.
5216 	 */
5217 
5218 	/* If we have a hw_scan running do not switch channels. */
5219 	LKPI_80211_LHW_SCAN_LOCK(lhw);
5220 	scan_running = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
5221 	hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5222 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5223 	if (scan_running && hw_scan) {
5224 		TRACE_SCAN(ic, "scan_flags %b chan %d nothing to do.",
5225 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5226 		    c->ic_ieee);
5227 		/* Let us hope we set tx power levels elsewhere. */
5228 		return;
5229 	}
5230 
5231 	hw = LHW_TO_HW(lhw);
5232 	wiphy_lock(hw->wiphy);
5233 	if (scan_running) {
5234 		struct ieee80211vap *vap;
5235 		struct lkpi_vif *lvif;
5236 		struct ieee80211_vif *vif;
5237 
5238 		/*
5239 		 * For now and for scanning just pick the first VIF.
5240 		 * net80211 will need to grow DBDC/link_id support
5241 		 * for us to find the vif/chanctx otherwise.
5242 		 */
5243 		vap = TAILQ_FIRST(&ic->ic_vaps);
5244 		lvif = VAP_TO_LVIF(vap);
5245 		vif = LVIF_TO_VIF(lvif);
5246 
5247 		/* We always set the chandef to no-HT for scanning. */
5248 		cfg80211_chandef_create(&lhw->scan_chandef, chan,
5249 		    NL80211_CHAN_NO_HT);
5250 #ifdef LINUXKPI_DEBUG_80211
5251 		if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
5252 			ic_printf(ic, "%s:%d: initialized lhw->scan_chandef\n",
5253 			    __func__, __LINE__);
5254 #endif
5255 
5256 		/*
5257 		 * This works for as long as we do not do BGSCANs; otherwise
5258 		 * it'll have to be offchan work.
5259 		 */
5260 		chanctx_conf = lkpi_get_chanctx_conf(hw, vif);
5261 		changed = lkpi_init_chanctx_conf(hw, &lhw->scan_chandef, chanctx_conf);
5262 		error = lkpi_set_chanctx_conf(hw, vif, chanctx_conf, changed, true);
5263 
5264 		TRACE_SCAN(ic, "scan_flags %b chan %d ???, error %d",
5265 		    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5266 		    c->ic_ieee, error);
5267 
5268 		IMPROVE("max power for scanning; TODO in lkpi_80211_update_chandef");
5269 
5270 	} else if (lhw->emulate_chanctx) {
5271 		/*
5272 		 * We do not set the channel here for normal chanctx operation.
5273 		 * That's just a setup to fail. scan_to_auth will setup all the
5274 		 * other neccessary options for this to work.
5275 		 */
5276 		struct lkpi_ic_set_channel_iter_arg chanctx_iter_arg = {
5277 			.chan		= chan,
5278 			.chanctx_conf	= NULL,
5279 		};
5280 		struct cfg80211_chan_def chandef;
5281 
5282 		lkpi_init_chandef(ic, &chandef, chan, c, false);
5283 
5284 		ieee80211_iter_chan_contexts_mtx(hw,
5285 		    lkpi_ic_set_channel_chanctx_iterf, &chanctx_iter_arg);
5286 
5287 		if (chanctx_iter_arg.chanctx_conf == NULL) {
5288 			/* No chanctx found for this channel. */
5289 			struct ieee80211vap *vap;
5290 			struct lkpi_vif *lvif;
5291 			struct ieee80211_vif *vif;
5292 
5293 			/*
5294 			 * For now just pick the first VIF.
5295 			 * net80211 will need to grow DBDC/link_id support
5296 			 * for us to find the vif/chanctx otherwise.
5297 			 */
5298 			vap = TAILQ_FIRST(&ic->ic_vaps);
5299 			lvif = VAP_TO_LVIF(vap);
5300 			vif = LVIF_TO_VIF(lvif);
5301 
5302 #ifdef LINUXKPI_DEBUG_80211
5303 			if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
5304 				ic_printf(ic, "%s:%d: using on stack chandef\n",
5305 				    __func__, __LINE__);
5306 #endif
5307 			chanctx_conf = lkpi_get_chanctx_conf(hw, vif);
5308 			changed = lkpi_init_chanctx_conf(hw, &chandef, chanctx_conf);
5309 			IMPROVE("update HT, VHT, bw, ...");
5310 			error = lkpi_set_chanctx_conf(hw, vif, chanctx_conf, changed, true);
5311 
5312 		} else {
5313 			/*
5314 			 * We know we are on the same channel.
5315 			 * Do we really have to reset everything?
5316 			 */
5317 			IMPROVE("update HT, VHT, bw, ...");
5318 
5319 #ifdef LINUXKPI_DEBUG_80211
5320 			if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
5321 				ic_printf(ic, "%s:%d: using on stack chandef\n",
5322 				    __func__, __LINE__);
5323 #endif
5324 
5325 			chanctx_conf = chanctx_iter_arg.chanctx_conf;
5326 			changed = lkpi_init_chanctx_conf(hw, &chandef, chanctx_conf);
5327 			lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
5328 		}
5329 	}
5330 
5331 	/* Currently PS is hard coded off! Not sure it belongs here. */
5332 	IMPROVE("PS");
5333 	if (ieee80211_hw_check(hw, SUPPORTS_PS) &&
5334 	    (hw->conf.flags & IEEE80211_CONF_PS) != 0) {
5335 		hw->conf.flags &= ~IEEE80211_CONF_PS;
5336 		error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_PS);
5337 		if (error != 0 && error != EOPNOTSUPP)
5338 			ic_printf(ic, "ERROR: %s: config %#0x returned "
5339 			    "%d\n", __func__, IEEE80211_CONF_CHANGE_PS,
5340 			    error);
5341 	}
5342 
5343 	wiphy_unlock(hw->wiphy);
5344 }
5345 
5346 static struct ieee80211_node *
5347 lkpi_ic_node_alloc(struct ieee80211vap *vap,
5348     const uint8_t mac[IEEE80211_ADDR_LEN])
5349 {
5350 	struct ieee80211com *ic;
5351 	struct lkpi_hw *lhw;
5352 	struct ieee80211_node *ni;
5353 	struct ieee80211_hw *hw;
5354 	struct lkpi_sta *lsta;
5355 
5356 	ic = vap->iv_ic;
5357 	lhw = ic->ic_softc;
5358 
5359 	/* We keep allocations de-coupled so we can deal with the two worlds. */
5360 	if (lhw->ic_node_alloc == NULL)
5361 		return (NULL);
5362 
5363 	ni = lhw->ic_node_alloc(vap, mac);
5364 	if (ni == NULL)
5365 		return (NULL);
5366 
5367 	hw = LHW_TO_HW(lhw);
5368 	lsta = lkpi_lsta_alloc(vap, mac, hw, ni);
5369 	if (lsta == NULL) {
5370 		if (lhw->ic_node_free != NULL)
5371 			lhw->ic_node_free(ni);
5372 		return (NULL);
5373 	}
5374 
5375 	return (ni);
5376 }
5377 
5378 static int
5379 lkpi_ic_node_init(struct ieee80211_node *ni)
5380 {
5381 	struct ieee80211com *ic;
5382 	struct lkpi_hw *lhw;
5383 	int error;
5384 
5385 	ic = ni->ni_ic;
5386 	lhw = ic->ic_softc;
5387 
5388 	if (lhw->ic_node_init != NULL) {
5389 		error = lhw->ic_node_init(ni);
5390 		if (error != 0)
5391 			return (error);
5392 	}
5393 
5394 	/* XXX-BZ Sync other state over. */
5395 	IMPROVE();
5396 
5397 	return (0);
5398 }
5399 
5400 static void
5401 lkpi_ic_node_cleanup(struct ieee80211_node *ni)
5402 {
5403 	struct ieee80211com *ic;
5404 	struct lkpi_hw *lhw;
5405 
5406 	ic = ni->ni_ic;
5407 	lhw = ic->ic_softc;
5408 
5409 	/* XXX-BZ remove from driver, ... */
5410 	IMPROVE();
5411 
5412 	if (lhw->ic_node_cleanup != NULL)
5413 		lhw->ic_node_cleanup(ni);
5414 }
5415 
5416 static void
5417 lkpi_ic_node_free(struct ieee80211_node *ni)
5418 {
5419 	struct ieee80211com *ic;
5420 	struct lkpi_hw *lhw;
5421 	struct lkpi_sta *lsta;
5422 
5423 	ic = ni->ni_ic;
5424 	lhw = ic->ic_softc;
5425 	lsta = ni->ni_drv_data;
5426 
5427 	/* KASSERT lsta is not NULL here. Print ni/ni__refcnt. */
5428 
5429 	/*
5430 	 * Pass in the original ni just in case of error we could check that
5431 	 * it is the same as lsta->ni.
5432 	 */
5433 	lkpi_lsta_free(lsta, ni);
5434 
5435 	if (lhw->ic_node_free != NULL)
5436 		lhw->ic_node_free(ni);
5437 }
5438 
5439 /*
5440  * lkpi_xmit() called from both the (*ic_raw_xmit) as well as the (*ic_transmit)
5441  * call path.
5442  * Unfortunately they have slightly different invariants.  See
5443  * ieee80211_raw_output() and ieee80211_parent_xmitpkt().
5444  * Both take care of the ni reference in case of error, and otherwise during
5445  * the callback after transmit.
5446  * The difference is that in case of error (*ic_raw_xmit) needs us to release
5447  * the mbuf, while (*ic_transmit) will free the mbuf itself.
5448  */
5449 static int
5450 lkpi_xmit(struct ieee80211_node *ni, struct mbuf *m,
5451     const struct ieee80211_bpf_params *params __unused,
5452     bool freem)
5453 {
5454 	struct lkpi_sta *lsta;
5455 	int error;
5456 
5457 	lsta = ni->ni_drv_data;
5458 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5459 #if 0
5460 	if (!lsta->added_to_drv || !lsta->txq_ready) {
5461 #else
5462 	/*
5463 	 * Backout this part of 886653492945f which breaks rtw88 or
5464 	 * in general drivers without (*sta_state)() but only the
5465 	 * legacy fallback to (*sta_add)().
5466 	 */
5467 	if (!lsta->txq_ready) {
5468 #endif
5469 		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5470 		if (freem)
5471 			m_free(m);
5472 		return (ENETDOWN);
5473 	}
5474 
5475 	/* Queue the packet and enqueue the task to handle it. */
5476 	error = mbufq_enqueue(&lsta->txq, m);
5477 	if (error != 0) {
5478 		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5479 		if (freem)
5480 			m_free(m);
5481 #ifdef LINUXKPI_DEBUG_80211
5482 		if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5483 			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
5484 			    __func__, error);
5485 #endif
5486 		return (ENETDOWN);
5487 	}
5488 	taskqueue_enqueue(taskqueue_thread, &lsta->txq_task);
5489 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5490 
5491 #ifdef LINUXKPI_DEBUG_80211
5492 	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5493 		printf("%s:%d lsta %p ni %p %6D mbuf_qlen %d\n",
5494 		    __func__, __LINE__, lsta, ni, ni->ni_macaddr, ":",
5495 		    mbufq_len(&lsta->txq));
5496 #endif
5497 
5498 	return (0);
5499 }
5500 
5501 static int
5502 lkpi_ic_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
5503         const struct ieee80211_bpf_params *params __unused)
5504 {
5505 	return (lkpi_xmit(ni, m, NULL, true));
5506 }
5507 
5508 #ifdef LKPI_80211_HW_CRYPTO
5509 /*
5510  * This is a bit of a hack given we know we are operating on a
5511  * single frame and we know that hardware will deal with it.
5512  * But otherwise the enmic bit and the encrypt bit need to be
5513  * decoupled.
5514  */
5515 static int
5516 lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
5517     struct ieee80211_key_conf *kc, struct sk_buff *skb)
5518 {
5519 	struct ieee80211_hdr *hdr;
5520 	uint32_t hlen, hdrlen;
5521 	uint8_t *p;
5522 
5523 	/*
5524 	 * TKIP only happens on data.
5525 	 */
5526 	hdr = (void *)skb->data;
5527 	if (!ieee80211_is_data_present(hdr->frame_control))
5528 		return (0);
5529 
5530 	/*
5531 	 * "enmic" (though we do not do that).
5532 	 */
5533 	/* any conditions to not apply this? */
5534 	if (skb_tailroom(skb) < k->wk_cipher->ic_miclen)
5535 		return (ENOBUFS);
5536 
5537 	p = skb_put(skb, k->wk_cipher->ic_miclen);
5538 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) != 0)
5539 		goto encrypt;
5540 
5541 	/*
5542 	 * (*enmic) which we hopefully do not have to do with hw accel.
5543 	 * That means if we make it here we have a problem.
5544 	 */
5545 	TODO("(*enmic)");
5546 	return (ENXIO);
5547 
5548 encrypt:
5549 	/*
5550 	 * "encrypt" (though we do not do that).
5551 	 */
5552 	/*
5553 	 * Check if we have anything to do as requested by driver
5554 	 * or if we are done?
5555 	 */
5556 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5557 	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
5558 			return (0);
5559 
5560 	hlen = k->wk_cipher->ic_header;
5561 	if (skb_headroom(skb) < hlen)
5562 		return (ENOBUFS);
5563 
5564 	hdr = (void *)skb->data;
5565 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5566 	p = skb_push(skb, hlen);
5567 	memmove(p, p + hlen, hdrlen);
5568 
5569 	/* If driver request space only we are done. */
5570 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5571 		return (0);
5572 
5573 	p += hdrlen;
5574 	k->wk_cipher->ic_setiv(k, p);
5575 
5576 	/* If we make it hear we do sw encryption. */
5577 	TODO("sw encrypt");
5578 	return (ENXIO);
5579 }
5580 
5581 static int
5582 lkpi_hw_crypto_prepare_ccmp(struct ieee80211_key *k,
5583     struct ieee80211_key_conf *kc, struct sk_buff *skb)
5584 {
5585 	struct ieee80211_hdr *hdr;
5586 	uint32_t hlen, hdrlen;
5587 	uint8_t *p;
5588 
5589 	hdr = (void *)skb->data;
5590 
5591 	/*
5592 	 * Check if we have anythig to do as requested by driver
5593 	 * or if we are done?
5594 	 */
5595 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5596 	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0 &&
5597 	    /* MFP */
5598 	    !((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) != 0 &&
5599 		ieee80211_is_mgmt(hdr->frame_control)))
5600 			return (0);
5601 
5602 	hlen = k->wk_cipher->ic_header;
5603 	if (skb_headroom(skb) < hlen)
5604 		return (ENOBUFS);
5605 
5606 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5607 	p = skb_push(skb, hlen);
5608 	memmove(p, p + hlen, hdrlen);
5609 
5610 	/* If driver request space only we are done. */
5611 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5612 		return (0);
5613 
5614 	p += hdrlen;
5615 	k->wk_cipher->ic_setiv(k, p);
5616 
5617 	return (0);
5618 }
5619 
5620 static int
5621 lkpi_hw_crypto_prepare(struct lkpi_sta *lsta, struct ieee80211_key *k,
5622     struct sk_buff *skb)
5623 {
5624 	struct ieee80211_tx_info *info;
5625 	struct ieee80211_key_conf *kc;
5626 
5627 	KASSERT(lsta != NULL, ("%s: lsta is NULL", __func__));
5628 	KASSERT(k != NULL, ("%s: key is NULL", __func__));
5629 	KASSERT(skb != NULL, ("%s: skb is NULL", __func__));
5630 
5631 	kc = lsta->kc[k->wk_keyix];
5632 
5633 	info = IEEE80211_SKB_CB(skb);
5634 	info->control.hw_key = kc;
5635 
5636 	/* MUST NOT happen. KASSERT? */
5637 	if (kc == NULL) {
5638 		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p skb %p, "
5639 		    "kc is NULL on hw crypto offload\n", __func__, lsta, k, skb);
5640 		return (ENXIO);
5641 	}
5642 
5643 	switch (kc->cipher) {
5644 	case WLAN_CIPHER_SUITE_TKIP:
5645 		return (lkpi_hw_crypto_prepare_tkip(k, kc, skb));
5646 	case WLAN_CIPHER_SUITE_CCMP:
5647 		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5648 	case WLAN_CIPHER_SUITE_GCMP:
5649 		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5650 	case WLAN_CIPHER_SUITE_WEP40:
5651 	case WLAN_CIPHER_SUITE_WEP104:
5652 	case WLAN_CIPHER_SUITE_CCMP_256:
5653 	case WLAN_CIPHER_SUITE_GCMP_256:
5654 	case WLAN_CIPHER_SUITE_AES_CMAC:
5655 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
5656 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
5657 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
5658 	default:
5659 		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p kc %p skb %p, "
5660 		    "unsupported cipher suite %u (%s)\n", __func__, lsta, k, kc,
5661 		    skb, kc->cipher, lkpi_cipher_suite_to_name(kc->cipher));
5662 		return (EOPNOTSUPP);
5663 	}
5664 }
5665 
5666 static uint8_t
5667 lkpi_hw_crypto_tailroom(struct lkpi_sta *lsta, struct ieee80211_key *k)
5668 {
5669 	struct ieee80211_key_conf *kc;
5670 
5671 	kc = lsta->kc[k->wk_keyix];
5672 	if (kc == NULL)
5673 		return (0);
5674 
5675 	IMPROVE("which other flags need tailroom?");
5676 	if (kc->flags & (IEEE80211_KEY_FLAG_PUT_MIC_SPACE))
5677 		return (32);	/* Large enough to hold everything and pow2. */
5678 
5679 	return (0);
5680 }
5681 #endif
5682 
5683 static void
5684 lkpi_80211_txq_tx_one(struct lkpi_sta *lsta, struct mbuf *m)
5685 {
5686 	struct ieee80211_node *ni;
5687 	struct ieee80211_frame *wh;
5688 	struct ieee80211_key *k;
5689 	struct sk_buff *skb;
5690 	struct ieee80211com *ic;
5691 	struct lkpi_hw *lhw;
5692 	struct ieee80211_hw *hw;
5693 	struct lkpi_vif *lvif;
5694 	struct ieee80211_vif *vif;
5695 	struct ieee80211_channel *c;
5696 	struct ieee80211_tx_control control;
5697 	struct ieee80211_tx_info *info;
5698 	struct ieee80211_sta *sta;
5699 	struct ieee80211_hdr *hdr;
5700 	struct lkpi_txq *ltxq;
5701 	void *buf;
5702 	ieee80211_keyix keyix;
5703 	uint8_t ac, tid, tailroom;
5704 
5705 	M_ASSERTPKTHDR(m);
5706 #ifdef LINUXKPI_DEBUG_80211
5707 	if (linuxkpi_debug_80211 & D80211_TRACE_TX_DUMP)
5708 		hexdump(mtod(m, const void *), m->m_len, "RAW TX (plain) ", 0);
5709 #endif
5710 
5711 	ni = lsta->ni;
5712 	ieee80211_output_seqno_assign(ni, -1, m);
5713 
5714 	k = NULL;
5715 	keyix = IEEE80211_KEYIX_NONE;
5716 	wh = mtod(m, struct ieee80211_frame *);
5717 	if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
5718 
5719 #ifdef LKPI_80211_HW_CRYPTO
5720 		if (lkpi_hwcrypto) {
5721 			k = ieee80211_crypto_get_txkey(ni, m);
5722 			if (k != NULL && lsta->kc[k->wk_keyix] != NULL)
5723 				keyix = k->wk_keyix;
5724 		}
5725 #endif
5726 
5727 		/* Encrypt the frame if need be. */
5728 		if (keyix == IEEE80211_KEYIX_NONE) {
5729 			/* Retrieve key for TX && do software encryption. */
5730 			k = ieee80211_crypto_encap(ni, m);
5731 			if (k == NULL) {
5732 				ieee80211_free_node(ni);
5733 				m_freem(m);
5734 				return;
5735 			}
5736 		}
5737 	}
5738 
5739 	ic = ni->ni_ic;
5740 	lhw = ic->ic_softc;
5741 	hw = LHW_TO_HW(lhw);
5742 	c = ni->ni_chan;
5743 
5744 	if (ieee80211_radiotap_active_vap(ni->ni_vap)) {
5745 		struct lkpi_radiotap_tx_hdr *rtap;
5746 
5747 		rtap = &lhw->rtap_tx;
5748 		rtap->wt_flags = 0;
5749 		if (k != NULL)
5750 			rtap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
5751 		if (m->m_flags & M_FRAG)
5752 			rtap->wt_flags |= IEEE80211_RADIOTAP_F_FRAG;
5753 		IMPROVE();
5754 		rtap->wt_rate = 0;
5755 		if (c != NULL && c != IEEE80211_CHAN_ANYC) {
5756 			rtap->wt_chan_freq = htole16(c->ic_freq);
5757 			rtap->wt_chan_flags = htole16(c->ic_flags);
5758 		}
5759 
5760 		ieee80211_radiotap_tx(ni->ni_vap, m);
5761 	}
5762 
5763 #ifdef LKPI_80211_HW_CRYPTO
5764 	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE)
5765 		tailroom = lkpi_hw_crypto_tailroom(lsta, k);
5766 	else
5767 #endif
5768 		tailroom = 0;
5769 
5770 	/*
5771 	 * net80211 should handle hw->extra_tx_headroom.
5772 	 * Though for as long as we are copying we don't mind.
5773 	 * XXX-BZ rtw88 asks for too much headroom for ipv6+tcp:
5774 	 * https://lists.freebsd.org/archives/freebsd-transport/2022-February/000012.html
5775 	 */
5776 	skb = dev_alloc_skb(hw->extra_tx_headroom + tailroom + m->m_pkthdr.len);
5777 	if (skb == NULL) {
5778 		static uint8_t skb_alloc_failures = 0;
5779 
5780 		if (skb_alloc_failures++ == 0) {
5781 			int tid;
5782 
5783 			sta = LSTA_TO_STA(lsta);
5784 			ic_printf(ic, "ERROR %s: skb alloc failed %d + %d, lsta %p sta %p ni %p\n",
5785 			    __func__, hw->extra_tx_headroom, m->m_pkthdr.len, lsta, sta, ni);
5786 			for (tid = 0; tid < nitems(sta->txq); tid++) {
5787 				if (sta->txq[tid] == NULL)
5788 					continue;
5789 				ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
5790 				ic_printf(ic, "  tid %d ltxq %p seen_dequeue %d stopped %d skb_queue_len %u\n",
5791 				    tid, ltxq, ltxq->seen_dequeue, ltxq->stopped, skb_queue_len(&ltxq->skbq));
5792 			}
5793 		}
5794 		ieee80211_free_node(ni);
5795 		m_freem(m);
5796 		return;
5797 	}
5798 	skb_reserve(skb, hw->extra_tx_headroom);
5799 
5800 	/* XXX-BZ we need a SKB version understanding mbuf. */
5801 	/* Save the mbuf for ieee80211_tx_complete(). */
5802 	skb->m_free_func = lkpi_ieee80211_free_skb_mbuf;
5803 	skb->m = m;
5804 #if 0
5805 	skb_put_data(skb, m->m_data, m->m_pkthdr.len);
5806 #else
5807 	buf = skb_put(skb, m->m_pkthdr.len);
5808 	m_copydata(m, 0, m->m_pkthdr.len, buf);
5809 #endif
5810 	/* Save the ni. */
5811 	m->m_pkthdr.PH_loc.ptr = ni;
5812 
5813 	lvif = VAP_TO_LVIF(ni->ni_vap);
5814 	vif = LVIF_TO_VIF(lvif);
5815 
5816 	hdr = (void *)skb->data;
5817 	tid = linuxkpi_ieee80211_get_tid(hdr, true);
5818 	if (tid == IEEE80211_NONQOS_TID) { /* == IEEE80211_NUM_TIDS */
5819 		if (!ieee80211_is_data(hdr->frame_control)) {
5820 			/* MGMT and CTRL frames go on TID 7/VO. */
5821 			skb->priority = 7;
5822 			ac = IEEE80211_AC_VO;
5823 		} else {
5824 			/* Other non-QOS traffic goes to BE. */
5825 			/* Contrary to net80211 we MUST NOT promote M_EAPOL. */
5826 			skb->priority = 0;
5827 			ac = IEEE80211_AC_BE;
5828 		}
5829 	} else {
5830 		skb->priority = tid & IEEE80211_QOS_CTL_TID_MASK;
5831 		ac = ieee80211e_up_to_ac[tid & 7];
5832 	}
5833 	skb_set_queue_mapping(skb, ac);
5834 
5835 	info = IEEE80211_SKB_CB(skb);
5836 	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
5837 	/* Slight delay; probably only happens on scanning so fine? */
5838 	if (c == NULL || c == IEEE80211_CHAN_ANYC)
5839 		c = ic->ic_curchan;
5840 	info->band = lkpi_net80211_chan_to_nl80211_band(c);
5841 	info->hw_queue = vif->hw_queue[ac];
5842 	if ((m->m_flags & M_EAPOL) != 0) {
5843 		info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
5844 		info->flags |= IEEE80211_TX_CTL_USE_MINRATE;	/* mt76 */
5845 	}
5846 	info->control.vif = vif;
5847 	/* XXX-BZ info->control.rates */
5848 #ifdef __notyet__
5849 #ifdef LKPI_80211_HT
5850 	info->control.rts_cts_rate_idx=
5851 	info->control.use_rts= /* RTS */
5852 	info->control.use_cts_prot= /* RTS/CTS*/
5853 #endif
5854 #endif
5855 
5856 	sta = LSTA_TO_STA(lsta);
5857 #ifdef LKPI_80211_HW_CRYPTO
5858 	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE) {
5859 		int error;
5860 
5861 		error = lkpi_hw_crypto_prepare(lsta, k, skb);
5862 		if (error != 0) {
5863 			/*
5864 			 * We only have to free the skb which will free the
5865 			 * mbuf and release the reference on the ni.
5866 			 */
5867 			dev_kfree_skb(skb);
5868 			return;
5869 		}
5870 		/* Reset header as data might have moved. */
5871 		hdr = (void *)skb->data;
5872 	}
5873 #endif
5874 
5875 	IMPROVE();
5876 
5877 	ltxq = NULL;
5878 	if (!ieee80211_is_data_present(hdr->frame_control)) {
5879 		if (vif->type == NL80211_IFTYPE_STATION &&
5880 		    lsta->added_to_drv &&
5881 		    sta->txq[IEEE80211_NUM_TIDS] != NULL)
5882 			ltxq = TXQ_TO_LTXQ(sta->txq[IEEE80211_NUM_TIDS]);
5883 	} else if (lsta->added_to_drv &&
5884 	    sta->txq[skb->priority] != NULL) {
5885 		ltxq = TXQ_TO_LTXQ(sta->txq[skb->priority]);
5886 	}
5887 	if (ltxq == NULL)
5888 		goto ops_tx;
5889 
5890 	KASSERT(ltxq != NULL, ("%s: lsta %p sta %p m %p skb %p "
5891 	    "ltxq %p != NULL\n", __func__, lsta, sta, m, skb, ltxq));
5892 
5893 	LKPI_80211_LTXQ_LOCK(ltxq);
5894 	skb_queue_tail(&ltxq->skbq, skb);
5895 	ltxq->frms_enqueued++;
5896 #ifdef LINUXKPI_DEBUG_80211
5897 	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5898 		printf("%s:%d mo_wake_tx_queue :: %d %lu lsta %p sta %p "
5899 		    "ni %p %6D skb %p lxtq %p { qlen %u, ac %d tid %u } "
5900 		    "WAKE_TX_Q ac %d prio %u qmap %u\n",
5901 		    __func__, __LINE__,
5902 		    curthread->td_tid, jiffies,
5903 		    lsta, sta, ni, ni->ni_macaddr, ":", skb, ltxq,
5904 		    skb_queue_len(&ltxq->skbq), ltxq->txq.ac,
5905 		    ltxq->txq.tid, ac, skb->priority, skb->qmap);
5906 #endif
5907 	LKPI_80211_LTXQ_UNLOCK(ltxq);
5908 	wiphy_lock(hw->wiphy);
5909 	lkpi_80211_mo_wake_tx_queue(hw, &ltxq->txq, true);
5910 	wiphy_unlock(hw->wiphy);
5911 	return;
5912 
5913 ops_tx:
5914 #ifdef LINUXKPI_DEBUG_80211
5915 	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5916 		printf("%s:%d mo_tx :: lsta %p sta %p ni %p %6D skb %p "
5917 		    "TX ac %d prio %u qmap %u\n",
5918 		    __func__, __LINE__, lsta, sta, ni, ni->ni_macaddr, ":",
5919 		    skb, ac, skb->priority, skb->qmap);
5920 #endif
5921 	memset(&control, 0, sizeof(control));
5922 	control.sta = sta;
5923 	wiphy_lock(hw->wiphy);
5924 	lkpi_80211_mo_tx(hw, &control, skb);
5925 	lsta->frms_tx++;
5926 	wiphy_unlock(hw->wiphy);
5927 }
5928 
5929 static void
5930 lkpi_80211_txq_task(void *ctx, int pending)
5931 {
5932 	struct lkpi_sta *lsta;
5933 	struct mbufq mq;
5934 	struct mbuf *m;
5935 	bool shall_tx;
5936 
5937 	lsta = ctx;
5938 
5939 #ifdef LINUXKPI_DEBUG_80211
5940 	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5941 		printf("%s:%d lsta %p ni %p %6D pending %d mbuf_qlen %d\n",
5942 		    __func__, __LINE__, lsta, lsta->ni, lsta->ni->ni_macaddr, ":",
5943 		    pending, mbufq_len(&lsta->txq));
5944 #endif
5945 
5946 	mbufq_init(&mq, IFQ_MAXLEN);
5947 
5948 	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5949 	/*
5950 	 * Do not re-check lsta->txq_ready here; we may have a pending
5951 	 * disassoc/deauth frame still.  On the contrary if txq_ready is
5952 	 * false we do not have a valid sta anymore in the firmware so no
5953 	 * point to try to TX.
5954 	 * We also use txq_ready as a semaphore and will drain the txq manually
5955 	 * if needed on our way towards SCAN/INIT in the state machine.
5956 	 */
5957 #if 0
5958 	shall_tx = lsta->added_to_drv && lsta->txq_ready;
5959 #else
5960 	/*
5961 	 * Backout this part of 886653492945f which breaks rtw88 or
5962 	 * in general drivers without (*sta_state)() but only the
5963 	 * legacy fallback to (*sta_add)().
5964 	 */
5965 	shall_tx = lsta->txq_ready;
5966 #endif
5967 	if (__predict_true(shall_tx))
5968 		mbufq_concat(&mq, &lsta->txq);
5969 	/*
5970 	 * else a state change will push the packets out manually or
5971 	 * lkpi_lsta_free() will drain the lsta->txq and free the mbufs.
5972 	 */
5973 	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5974 
5975 	m = mbufq_dequeue(&mq);
5976 	while (m != NULL) {
5977 		lkpi_80211_txq_tx_one(lsta, m);
5978 		m = mbufq_dequeue(&mq);
5979 	}
5980 }
5981 
5982 static int
5983 lkpi_ic_transmit(struct ieee80211com *ic, struct mbuf *m)
5984 {
5985 
5986 	/* XXX TODO */
5987 	IMPROVE();
5988 
5989 	/* Quick and dirty cheating hack. */
5990 	struct ieee80211_node *ni;
5991 
5992 	ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5993 	return (lkpi_xmit(ni, m, NULL, false));
5994 }
5995 
5996 #ifdef LKPI_80211_HT
5997 static int
5998 lkpi_ic_recv_action(struct ieee80211_node *ni, const struct ieee80211_frame *wh,
5999     const uint8_t *frm, const uint8_t *efrm)
6000 {
6001 	struct ieee80211com *ic;
6002 	struct lkpi_hw *lhw;
6003 
6004 	ic = ni->ni_ic;
6005 	lhw = ic->ic_softc;
6006 
6007 	IMPROVE_HT("recv_action called; nothing to do in lkpi; make debugging");
6008 
6009 	return (lhw->ic_recv_action(ni, wh, frm, efrm));
6010 }
6011 
6012 static int
6013 lkpi_ic_send_action(struct ieee80211_node *ni, int category, int action, void *sa)
6014 {
6015 	struct ieee80211com *ic;
6016 	struct lkpi_hw *lhw;
6017 
6018 	ic = ni->ni_ic;
6019 	lhw = ic->ic_softc;
6020 
6021 	IMPROVE_HT("send_action called; nothing to do in lkpi; make debugging");
6022 
6023 	return (lhw->ic_send_action(ni, category, action, sa));
6024 }
6025 
6026 
6027 static int
6028 lkpi_ic_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6029 {
6030 	struct ieee80211com *ic;
6031 	struct lkpi_hw *lhw;
6032 
6033 	ic = ni->ni_ic;
6034 	lhw = ic->ic_softc;
6035 
6036 	IMPROVE_HT("ieee80211_ampdu_enable called; nothing to do in lkpi for now; make debugging");
6037 
6038 	return (lhw->ic_ampdu_enable(ni, tap));
6039 }
6040 
6041 /*
6042  * (*ic_addba_request)() is called by ieee80211_ampdu_request() before
6043  * calling send_action(CAT_BA, BA_ADDBA_REQUEST).
6044  *
6045  * NB: returns 0 on ERROR!
6046  */
6047 static int
6048 lkpi_ic_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6049     int dialogtoken, int baparamset, int batimeout)
6050 {
6051 	struct ieee80211com *ic;
6052 	struct lkpi_hw *lhw;
6053 	struct ieee80211_hw *hw;
6054 	struct ieee80211vap *vap;
6055 	struct lkpi_vif *lvif;
6056 	struct ieee80211_vif *vif;
6057 	struct lkpi_sta *lsta;
6058 	struct ieee80211_sta *sta;
6059 	struct ieee80211_ampdu_params params = { };
6060 	int error;
6061 
6062 	ic = ni->ni_ic;
6063 	lhw = ic->ic_softc;
6064 	hw = LHW_TO_HW(lhw);
6065 	vap = ni->ni_vap;
6066 	lvif = VAP_TO_LVIF(vap);
6067 	vif = LVIF_TO_VIF(lvif);
6068 	lsta = ni->ni_drv_data;
6069 	sta = LSTA_TO_STA(lsta);
6070 
6071 	if (!lsta->added_to_drv) {
6072 		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
6073 		    __func__, lsta, ni, sta);
6074 		return (0);
6075 	}
6076 
6077 	params.sta = sta;
6078 	params.action = IEEE80211_AMPDU_TX_START;
6079 	/* Keep 0 here! */
6080 	params.buf_size = 0;
6081 	params.timeout = 0;
6082 	params.ssn = tap->txa_start & (IEEE80211_SEQ_RANGE-1);
6083 	params.tid = tap->txa_tid;
6084 	params.amsdu = false;
6085 
6086 	IEEE80211_UNLOCK(ic);
6087 	wiphy_lock(hw->wiphy);
6088 	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6089 	wiphy_unlock(hw->wiphy);
6090 	IEEE80211_LOCK(ic);
6091 	if (error != 0) {
6092 		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
6093 		    __func__, error, ni, tap);
6094 		return (0);
6095 	}
6096 
6097 	return (lhw->ic_addba_request(ni, tap, dialogtoken, baparamset, batimeout));
6098 }
6099 
6100 /*
6101  * (*ic_addba_response)() is called from ht_recv_action_ba_addba_response()
6102  * and calls the default ieee80211_addba_response() which always returns 1.
6103  *
6104  * NB: No error checking in net80211!
6105  * Staying with 0 is an error.
6106  */
6107 static int
6108 lkpi_ic_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6109     int status, int baparamset, int batimeout)
6110 {
6111 	struct ieee80211com *ic;
6112 	struct lkpi_hw *lhw;
6113 	struct ieee80211_hw *hw;
6114 	struct ieee80211vap *vap;
6115 	struct lkpi_vif *lvif;
6116 	struct ieee80211_vif *vif;
6117 	struct lkpi_sta *lsta;
6118 	struct ieee80211_sta *sta;
6119 	struct ieee80211_ampdu_params params = { };
6120 	int error;
6121 
6122 	ic = ni->ni_ic;
6123 	lhw = ic->ic_softc;
6124 	hw = LHW_TO_HW(lhw);
6125 	vap = ni->ni_vap;
6126 	lvif = VAP_TO_LVIF(vap);
6127 	vif = LVIF_TO_VIF(lvif);
6128 	lsta = ni->ni_drv_data;
6129 	sta = LSTA_TO_STA(lsta);
6130 
6131 	if (!lsta->added_to_drv) {
6132 		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
6133 		    __func__, lsta, ni, sta);
6134 		return (0);
6135 	}
6136 
6137 	if (status == IEEE80211_STATUS_SUCCESS) {
6138 		params.sta = sta;
6139 		params.action = IEEE80211_AMPDU_TX_OPERATIONAL;
6140 		params.buf_size = tap->txa_wnd;
6141 		params.timeout = 0;
6142 		params.ssn = 0;
6143 		params.tid = tap->txa_tid;
6144 		if ((tap->txa_flags & IEEE80211_AGGR_AMSDU) != 0)
6145 			params.amsdu = true;
6146 		else
6147 			params.amsdu = false;
6148 	} else {
6149 		/* We need to free the allocated resources. */
6150 		params.sta = sta;
6151 		switch (status) {
6152 			/* params.action = FLUSH, FLUSH_CONT */
6153 		default:
6154 			params.action = IEEE80211_AMPDU_TX_STOP_CONT;
6155 			break;
6156 		}
6157 		params.buf_size = 0;
6158 		params.timeout = 0;
6159 		params.ssn = 0;
6160 		params.tid = tap->txa_tid;
6161 		params.amsdu = false;
6162 	}
6163 
6164 	IEEE80211_UNLOCK(ic);
6165 	wiphy_lock(hw->wiphy);
6166 	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6167 	wiphy_unlock(hw->wiphy);
6168 	IEEE80211_LOCK(ic);
6169 	if (error != 0) {
6170 		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
6171 		    __func__, error, ni, tap);
6172 		return (0);
6173 	}
6174 
6175 	IMPROVE_HT("who unleashes the TXQ? and when?, do we need to ni->ni_txseqs[tid] = tap->txa_start & 0xfff;");
6176 
6177 	return (lhw->ic_addba_response(ni, tap, status, baparamset, batimeout));
6178 }
6179 
6180 /*
6181  * (*ic_addba_stop)() is called from ampdu_tx_stop(), ht_recv_action_ba_delba(),
6182  * and ieee80211_ampdu_stop() and calls the default ieee80211_addba_stop().
6183  */
6184 static void
6185 lkpi_ic_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6186 {
6187 	struct ieee80211com *ic;
6188 	struct lkpi_hw *lhw;
6189 	struct ieee80211_hw *hw;
6190 	struct ieee80211vap *vap;
6191 	struct lkpi_vif *lvif;
6192 	struct ieee80211_vif *vif;
6193 	struct lkpi_sta *lsta;
6194 	struct ieee80211_sta *sta;
6195 	struct ieee80211_ampdu_params params = { };
6196 	int error;
6197 
6198 	ic = ni->ni_ic;
6199 	lhw = ic->ic_softc;
6200 	hw = LHW_TO_HW(lhw);
6201 	vap = ni->ni_vap;
6202 	lvif = VAP_TO_LVIF(vap);
6203 	vif = LVIF_TO_VIF(lvif);
6204 	lsta = ni->ni_drv_data;
6205 	sta = LSTA_TO_STA(lsta);
6206 
6207 	if (!lsta->added_to_drv) {
6208 		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
6209 		    __func__, lsta, ni, sta);
6210 		goto n80211;
6211 	}
6212 
6213 	/* We need to free the allocated resources. */
6214 	params.sta = sta;
6215 	IMPROVE("net80211 does not provide a reason to us");
6216 	params.action = IEEE80211_AMPDU_TX_STOP_CONT; /* params.action = FLUSH, FLUSH_CONT */
6217 	params.buf_size = 0;
6218 	params.timeout = 0;
6219 	params.ssn = 0;
6220 	params.tid = tap->txa_tid;
6221 	params.amsdu = false;
6222 
6223 	IEEE80211_UNLOCK(ic);
6224 	wiphy_lock(hw->wiphy);
6225 	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6226 	wiphy_unlock(hw->wiphy);
6227 	IEEE80211_LOCK(ic);
6228 	if (error != 0) {
6229 		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
6230 		    __func__, error, ni, tap);
6231 		goto n80211;
6232 	}
6233 
6234 	IMPROVE_HT("anyting else?");
6235 
6236 n80211:
6237 	lhw->ic_addba_stop(ni, tap);
6238 }
6239 
6240 static void
6241 lkpi_ic_addba_response_timeout(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6242 {
6243 	struct ieee80211com *ic;
6244 	struct lkpi_hw *lhw;
6245 
6246 	ic = ni->ni_ic;
6247 	lhw = ic->ic_softc;
6248 
6249 	IMPROVE_HT();
6250 
6251 	lhw->ic_addba_response_timeout(ni, tap);
6252 }
6253 
6254 static void
6255 lkpi_ic_bar_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6256     int status)
6257 {
6258 	struct ieee80211com *ic;
6259 	struct lkpi_hw *lhw;
6260 
6261 	ic = ni->ni_ic;
6262 	lhw = ic->ic_softc;
6263 
6264 	IMPROVE_HT();
6265 
6266 	lhw->ic_bar_response(ni, tap, status);
6267 }
6268 
6269 static int
6270 lkpi_ic_ampdu_rx_start(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap,
6271     int baparamset, int batimeout, int baseqctl)
6272 {
6273 	struct ieee80211com *ic;
6274 	struct lkpi_hw *lhw;
6275 	struct ieee80211_hw *hw;
6276 	struct ieee80211vap *vap;
6277 	struct lkpi_vif *lvif;
6278 	struct ieee80211_vif *vif;
6279 	struct lkpi_sta *lsta;
6280 	struct ieee80211_sta *sta;
6281 	struct ieee80211_ampdu_params params = { };
6282 	int error;
6283 
6284 	ic = ni->ni_ic;
6285 	lhw = ic->ic_softc;
6286 	hw = LHW_TO_HW(lhw);
6287 	vap = ni->ni_vap;
6288 	lvif = VAP_TO_LVIF(vap);
6289 	vif = LVIF_TO_VIF(lvif);
6290 	lsta = ni->ni_drv_data;
6291 	sta = LSTA_TO_STA(lsta);
6292 
6293 	IEEE80211_UNLOCK_ASSERT(ic);
6294 
6295 	if (!lsta->added_to_drv) {
6296 		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6297 		    __func__, lsta, ni, vap, sta);
6298 		return (-ENXIO);
6299 	}
6300 
6301 	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6302 		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6303 		    __func__, lsta, ni, vap, sta, lsta->state);
6304 		return (-ENXIO);
6305 	}
6306 
6307 	params.sta = sta;
6308 	params.action = IEEE80211_AMPDU_RX_START;
6309 	params.buf_size = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_BUFSIZ);
6310 	if (params.buf_size == 0)
6311 		params.buf_size = IEEE80211_MAX_AMPDU_BUF_HT;
6312 	else
6313 		params.buf_size = min(params.buf_size, IEEE80211_MAX_AMPDU_BUF_HT);
6314 	if (hw->max_rx_aggregation_subframes > 0 &&
6315 	    params.buf_size > hw->max_rx_aggregation_subframes)
6316 		params.buf_size = hw->max_rx_aggregation_subframes;
6317 	params.timeout = le16toh(batimeout);
6318 	params.ssn = _IEEE80211_MASKSHIFT(le16toh(baseqctl), IEEE80211_BASEQ_START);
6319 	params.tid = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_TID);
6320 
6321 	/* Based on net80211::ampdu_rx_start(). */
6322 	if ((vap->iv_htcaps & IEEE80211_HTC_RX_AMSDU_AMPDU) &&
6323 	    (_IEEE80211_MASKSHIFT(baparamset, IEEE80211_BAPS_AMSDU)))
6324 		params.amsdu = true;
6325 	else
6326 		params.amsdu = false;
6327 
6328 	wiphy_lock(hw->wiphy);
6329 	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6330 	wiphy_unlock(hw->wiphy);
6331 	if (error != 0) {
6332 		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6333 		    __func__, error, ni, rap);
6334 		return (error);
6335 	}
6336 
6337 	if (!ieee80211_hw_check(hw, SUPPORTS_REORDERING_BUFFER)) {
6338 		IMPROVE("%s: TODO: SUPPORTS_REORDERING_BUFFER not set; check net80211\n", __func__);
6339 	}
6340 
6341 	IMPROVE_HT("net80211 is missing the error check on return and assumes success");
6342 
6343 	error = lhw->ic_ampdu_rx_start(ni, rap, baparamset, batimeout, baseqctl);
6344 	return (error);
6345 }
6346 
6347 static void
6348 lkpi_ic_ampdu_rx_stop(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap)
6349 {
6350 	struct ieee80211com *ic;
6351 	struct lkpi_hw *lhw;
6352 	struct ieee80211_hw *hw;
6353 	struct ieee80211vap *vap;
6354 	struct lkpi_vif *lvif;
6355 	struct ieee80211_vif *vif;
6356 	struct lkpi_sta *lsta;
6357 	struct ieee80211_sta *sta;
6358 	struct ieee80211_ampdu_params params = { };
6359 	int error;
6360 	uint8_t tid;
6361 	bool ic_locked;
6362 
6363 	ic = ni->ni_ic;
6364 	lhw = ic->ic_softc;
6365 
6366 	/*
6367 	 * We should not (cannot) call into mac80211 ops with AMPDU_RX_STOP if
6368 	 * we did not START.  Some drivers pass it down to firmware which will
6369 	 * simply barf and net80211 calls ieee80211_ht_node_cleanup() from
6370 	 * ieee80211_ht_node_init() amongst others which will iterate over all
6371 	 * tid and call ic_ampdu_rx_stop() unconditionally.
6372 	 * XXX net80211 should probably be more "gentle" in these cases and
6373 	 * track some state itself.
6374 	 */
6375 	if ((rap->rxa_flags & IEEE80211_AGGR_RUNNING) == 0)
6376 		goto net80211_only;
6377 
6378 	hw = LHW_TO_HW(lhw);
6379 	vap = ni->ni_vap;
6380 	lvif = VAP_TO_LVIF(vap);
6381 	vif = LVIF_TO_VIF(lvif);
6382 	lsta = ni->ni_drv_data;
6383 	if (lsta == NULL) {
6384 		ic_printf(ic, "%s: lsta %p ni %p vap %p, lsta is NULL\n",
6385 		    __func__, lsta, ni, vap);
6386 		goto net80211_only;
6387 	}
6388 	sta = LSTA_TO_STA(lsta);
6389 
6390 	if (!lsta->added_to_drv) {
6391 		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6392 		    __func__, lsta, ni, vap, sta);
6393 		goto net80211_only;
6394 	}
6395 
6396 	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6397 		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6398 		    __func__, lsta, ni, vap, sta, lsta->state);
6399 		goto net80211_only;
6400 	}
6401 
6402 	IMPROVE_HT("This really should be passed from ht_recv_action_ba_delba.");
6403 	for (tid = 0; tid < WME_NUM_TID; tid++) {
6404 		if (&ni->ni_rx_ampdu[tid] == rap)
6405 			break;
6406 	}
6407 	if (tid == WME_NUM_TID) {
6408 		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p TID not found\n",
6409 		    __func__, lsta, ni, vap, sta);
6410 		goto net80211_only;
6411 	}
6412 
6413 	params.sta = sta;
6414 	params.action = IEEE80211_AMPDU_RX_STOP;
6415 	params.buf_size = 0;
6416 	params.timeout = 0;
6417 	params.ssn = 0;
6418 	params.tid = tid;
6419 	params.amsdu = false;
6420 
6421 	ic_locked = IEEE80211_IS_LOCKED(ic);
6422 	if (ic_locked)
6423 		IEEE80211_UNLOCK(ic);
6424 	wiphy_lock(hw->wiphy);
6425 	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6426 	wiphy_unlock(hw->wiphy);
6427 	if (ic_locked)
6428 		IEEE80211_LOCK(ic);
6429 	if (error != 0)
6430 		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6431 		    __func__, error, ni, rap);
6432 
6433 net80211_only:
6434 	lhw->ic_ampdu_rx_stop(ni, rap);
6435 }
6436 #endif
6437 
6438 static void
6439 lkpi_ic_getradiocaps_ht(struct ieee80211com *ic, struct ieee80211_hw *hw,
6440     uint8_t *bands, int *chan_flags, enum nl80211_band band)
6441 {
6442 #ifdef LKPI_80211_HT
6443 	struct ieee80211_sta_ht_cap *ht_cap;
6444 
6445 	ht_cap = &hw->wiphy->bands[band]->ht_cap;
6446 	if (!ht_cap->ht_supported)
6447 		return;
6448 
6449 	switch (band) {
6450 	case NL80211_BAND_2GHZ:
6451 		setbit(bands, IEEE80211_MODE_11NG);
6452 		break;
6453 	case NL80211_BAND_5GHZ:
6454 		setbit(bands, IEEE80211_MODE_11NA);
6455 		break;
6456 	default:
6457 		IMPROVE("Unsupported band %d", band);
6458 		return;
6459 	}
6460 
6461 	ic->ic_htcaps = IEEE80211_HTC_HT;	/* HT operation */
6462 
6463 	/*
6464 	 * Rather than manually checking each flag and
6465 	 * translating IEEE80211_HT_CAP_ to IEEE80211_HTCAP_,
6466 	 * simply copy the 16bits.
6467 	 */
6468 	ic->ic_htcaps |= ht_cap->cap;
6469 
6470 	/* Then deal with the other flags. */
6471 	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6472 		ic->ic_htcaps |= IEEE80211_HTC_AMPDU;
6473 #ifdef __notyet__
6474 	if (ieee80211_hw_check(hw, TX_AMSDU))
6475 		ic->ic_htcaps |= IEEE80211_HTC_AMSDU;
6476 	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6477 		ic->ic_htcaps |= (IEEE80211_HTC_RX_AMSDU_AMPDU |
6478 		    IEEE80211_HTC_TX_AMSDU_AMPDU);
6479 #endif
6480 
6481 	IMPROVE("PS, ampdu_*, ht_cap.mcs.tx_params, ...");
6482 
6483 	/* Only add HT40 channels if supported. */
6484 	if ((ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) != 0 &&
6485 	    chan_flags != NULL)
6486 		*chan_flags |= NET80211_CBW_FLAG_HT40;
6487 #endif
6488 }
6489 
6490 static void
6491 lkpi_ic_getradiocaps(struct ieee80211com *ic, int maxchan,
6492     int *n, struct ieee80211_channel *c)
6493 {
6494 	struct lkpi_hw *lhw;
6495 	struct ieee80211_hw *hw;
6496 	struct linuxkpi_ieee80211_channel *channels;
6497 	uint8_t bands[IEEE80211_MODE_BYTES];
6498 	int chan_flags, error, i, nchans;
6499 
6500 	/* Channels */
6501 	lhw = ic->ic_softc;
6502 	hw = LHW_TO_HW(lhw);
6503 
6504 	/* NL80211_BAND_2GHZ */
6505 	nchans = 0;
6506 	if (hw->wiphy->bands[NL80211_BAND_2GHZ] != NULL)
6507 		nchans = hw->wiphy->bands[NL80211_BAND_2GHZ]->n_channels;
6508 	if (nchans > 0) {
6509 		memset(bands, 0, sizeof(bands));
6510 		chan_flags = 0;
6511 		setbit(bands, IEEE80211_MODE_11B);
6512 		/* XXX-BZ unclear how to check for 11g. */
6513 
6514 		IMPROVE("the bitrates may have flags?");
6515 		setbit(bands, IEEE80211_MODE_11G);
6516 
6517 		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6518 		    NL80211_BAND_2GHZ);
6519 
6520 		channels = hw->wiphy->bands[NL80211_BAND_2GHZ]->channels;
6521 		for (i = 0; i < nchans && *n < maxchan; i++) {
6522 			uint32_t nflags = 0;
6523 			int cflags = chan_flags;
6524 
6525 			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6526 				ic_printf(ic, "%s: Skipping disabled chan "
6527 				    "[%u/%u/%#x]\n", __func__,
6528 				    channels[i].hw_value,
6529 				    channels[i].center_freq, channels[i].flags);
6530 				continue;
6531 			}
6532 			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6533 				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6534 			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6535 				nflags |= IEEE80211_CHAN_DFS;
6536 			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6537 				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6538 			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6539 				cflags &= ~NET80211_CBW_FLAG_VHT80;
6540 			/* XXX how to map the remaining enum ieee80211_channel_flags? */
6541 			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6542 				cflags &= ~NET80211_CBW_FLAG_HT40;
6543 
6544 			error = ieee80211_add_channel_cbw(c, maxchan, n,
6545 			    ieee80211_mhz2ieee(channels[i].center_freq,
6546 				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6547 			    channels[i].center_freq, channels[i].max_power,
6548 			    nflags, bands, cflags);
6549 			/* net80211::ENOBUFS: *n >= maxchans */
6550 			if (error != 0 && error != ENOBUFS)
6551 				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6552 				    "returned error %d\n",
6553 				    __func__, channels[i].hw_value,
6554 				    channels[i].center_freq, channels[i].flags,
6555 				    nflags, chan_flags, cflags, error);
6556 			if (error != 0)
6557 				break;
6558 		}
6559 	}
6560 
6561 	/* NL80211_BAND_5GHZ */
6562 	nchans = 0;
6563 	if (hw->wiphy->bands[NL80211_BAND_5GHZ] != NULL)
6564 		nchans = hw->wiphy->bands[NL80211_BAND_5GHZ]->n_channels;
6565 	if (nchans > 0) {
6566 		memset(bands, 0, sizeof(bands));
6567 		chan_flags = 0;
6568 		setbit(bands, IEEE80211_MODE_11A);
6569 
6570 		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6571 		    NL80211_BAND_5GHZ);
6572 
6573 #ifdef LKPI_80211_VHT
6574 		if (hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_supported) {
6575 
6576 			ic->ic_flags_ext |= IEEE80211_FEXT_VHT;
6577 			ic->ic_vht_cap.vht_cap_info =
6578 			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.cap;
6579 			ic->ic_vht_cap.supp_mcs =
6580 			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_mcs;
6581 
6582 			setbit(bands, IEEE80211_MODE_VHT_5GHZ);
6583 			chan_flags |= NET80211_CBW_FLAG_VHT80;
6584 			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160MHZ(
6585 			    ic->ic_vht_cap.vht_cap_info))
6586 				chan_flags |= NET80211_CBW_FLAG_VHT160;
6587 			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160_80P80MHZ(
6588 			    ic->ic_vht_cap.vht_cap_info))
6589 				chan_flags |= NET80211_CBW_FLAG_VHT80P80;
6590 		}
6591 #endif
6592 
6593 		channels = hw->wiphy->bands[NL80211_BAND_5GHZ]->channels;
6594 		for (i = 0; i < nchans && *n < maxchan; i++) {
6595 			uint32_t nflags = 0;
6596 			int cflags = chan_flags;
6597 
6598 			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6599 				ic_printf(ic, "%s: Skipping disabled chan "
6600 				    "[%u/%u/%#x]\n", __func__,
6601 				    channels[i].hw_value,
6602 				    channels[i].center_freq, channels[i].flags);
6603 				continue;
6604 			}
6605 			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6606 				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6607 			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6608 				nflags |= IEEE80211_CHAN_DFS;
6609 			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6610 				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6611 			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6612 				cflags &= ~NET80211_CBW_FLAG_VHT80;
6613 			/* XXX hwo to map the remaining enum ieee80211_channel_flags? */
6614 			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6615 				cflags &= ~NET80211_CBW_FLAG_HT40;
6616 
6617 			error = ieee80211_add_channel_cbw(c, maxchan, n,
6618 			    ieee80211_mhz2ieee(channels[i].center_freq,
6619 				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6620 			    channels[i].center_freq, channels[i].max_power,
6621 			    nflags, bands, cflags);
6622 			/* net80211::ENOBUFS: *n >= maxchans */
6623 			if (error != 0 && error != ENOBUFS)
6624 				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6625 				    "returned error %d\n",
6626 				    __func__, channels[i].hw_value,
6627 				    channels[i].center_freq, channels[i].flags,
6628 				    nflags, chan_flags, cflags, error);
6629 			if (error != 0)
6630 				break;
6631 		}
6632 	}
6633 }
6634 
6635 static void *
6636 lkpi_ieee80211_ifalloc(void)
6637 {
6638 	struct ieee80211com *ic;
6639 
6640 	ic = malloc(sizeof(*ic), M_LKPI80211, M_WAITOK | M_ZERO);
6641 
6642 	/* Setting these happens later when we have device information. */
6643 	ic->ic_softc = NULL;
6644 	ic->ic_name = "linuxkpi";
6645 
6646 	return (ic);
6647 }
6648 
6649 struct ieee80211_hw *
6650 linuxkpi_ieee80211_alloc_hw(size_t priv_len, const struct ieee80211_ops *ops)
6651 {
6652 	struct ieee80211_hw *hw;
6653 	struct lkpi_hw *lhw;
6654 	struct wiphy *wiphy;
6655 	int ac;
6656 	bool emuchanctx;
6657 
6658 	/*
6659 	 * Do certain checks before starting to allocate resources.
6660 	 * Store results in temporary variables.
6661 	 */
6662 
6663 	/* ac1d519c01ca introduced emulating chanctx changes. */
6664 	emuchanctx = false;
6665 	if (ops->add_chanctx == ieee80211_emulate_add_chanctx &&
6666 	    ops->change_chanctx == ieee80211_emulate_change_chanctx &&
6667 	    ops->remove_chanctx == ieee80211_emulate_remove_chanctx) {
6668 		/*
6669 		 * If we emulate the chanctx ops, we must not have
6670 		 * assign_vif_chanctx and unassign_vif_chanctx.
6671 		 */
6672 		if (ops->assign_vif_chanctx != NULL ||
6673 		    ops->unassign_vif_chanctx != NULL) {
6674 			/* Fail gracefully. */
6675 			printf("%s: emulate_chanctx but "
6676 			    "assign_vif_chanctx %p != NULL || "
6677 			    "unassign_vif_chanctx %p != NULL\n", __func__,
6678 			    ops->assign_vif_chanctx, ops->unassign_vif_chanctx);
6679 			return (NULL);
6680 		}
6681 		emuchanctx = true;
6682 	}
6683 	if (!emuchanctx && (ops->add_chanctx == ieee80211_emulate_add_chanctx ||
6684 	    ops->change_chanctx == ieee80211_emulate_change_chanctx ||
6685 	    ops->remove_chanctx == ieee80211_emulate_remove_chanctx)) {
6686 		printf("%s: not emulating chanctx changes but emulating "
6687 		    "function set: %d/%d/%d\n", __func__,
6688 		    ops->add_chanctx == ieee80211_emulate_add_chanctx,
6689 		    ops->change_chanctx == ieee80211_emulate_change_chanctx,
6690 		    ops->remove_chanctx == ieee80211_emulate_remove_chanctx);
6691 		return (NULL);
6692 	}
6693 	if (!emuchanctx && (ops->add_chanctx == NULL || ops->change_chanctx == NULL ||
6694 	    ops->remove_chanctx == NULL || ops->assign_vif_chanctx == NULL ||
6695 	    ops->unassign_vif_chanctx == NULL)) {
6696 		printf("%s: not all functions set for chanctx operations "
6697 		    "(emulating chanctx %d): %p/%p/%p %p/%p\n",
6698 		    __func__, emuchanctx,
6699 		    ops->add_chanctx, ops->change_chanctx, ops->remove_chanctx,
6700 		    ops->assign_vif_chanctx, ops->unassign_vif_chanctx);
6701 		return (NULL);
6702 	}
6703 
6704 	/* Get us and the driver data also allocated. */
6705 	wiphy = wiphy_new(&linuxkpi_mac80211cfgops, sizeof(*lhw) + priv_len);
6706 	if (wiphy == NULL)
6707 		return (NULL);
6708 
6709 	lhw = wiphy_priv(wiphy);
6710 	lhw->ops = ops;
6711 
6712 	LKPI_80211_LHW_SCAN_LOCK_INIT(lhw);
6713 	LKPI_80211_LHW_TXQ_LOCK_INIT(lhw);
6714 	spin_lock_init(&lhw->txq_lock);
6715 	sx_init_flags(&lhw->lvif_sx, "lhw-lvif", SX_RECURSE | SX_DUPOK);
6716 	LKPI_80211_LHW_MC_LOCK_INIT(lhw);
6717 	TAILQ_INIT(&lhw->lvif_head);
6718 	__hw_addr_init(&lhw->mc_list);
6719 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
6720 		spin_lock_init(&lhw->txq_scheduled_lock[ac]);
6721 		lhw->txq_generation[ac] = 1;
6722 		TAILQ_INIT(&lhw->txq_scheduled[ac]);
6723 	}
6724 
6725 	/* Chanctx_conf */
6726 	INIT_LIST_HEAD(&lhw->lchanctx_list);
6727 	INIT_LIST_HEAD(&lhw->lchanctx_list_reserved);
6728 	lhw->emulate_chanctx = emuchanctx;
6729 
6730 	/* Deferred RX path. */
6731 	LKPI_80211_LHW_RXQ_LOCK_INIT(lhw);
6732 	TASK_INIT(&lhw->rxq_task, 0, lkpi_80211_lhw_rxq_task, lhw);
6733 	mbufq_init(&lhw->rxq, 32 * NAPI_POLL_WEIGHT);
6734 	lhw->rxq_stopped = false;
6735 
6736 	/*
6737 	 * XXX-BZ TODO make sure there is a "_null" function to all ops
6738 	 * not initialized.
6739 	 */
6740 	hw = LHW_TO_HW(lhw);
6741 	hw->wiphy = wiphy;
6742 	hw->conf.flags |= IEEE80211_CONF_IDLE;
6743 	hw->priv = (void *)(lhw + 1);
6744 
6745 	/* BSD Specific. */
6746 	lhw->ic = lkpi_ieee80211_ifalloc();
6747 
6748 	if (lhw->emulate_chanctx)
6749 		ic_printf(lhw->ic, "Using chanctx emulation.\n");
6750 	IMPROVE();
6751 
6752 	return (hw);
6753 }
6754 
6755 void
6756 linuxkpi_ieee80211_iffree(struct ieee80211_hw *hw)
6757 {
6758 	struct lkpi_hw *lhw;
6759 	struct mbuf *m;
6760 	int ac;
6761 
6762 	lhw = HW_TO_LHW(hw);
6763 	free(lhw->ic, M_LKPI80211);
6764 	lhw->ic = NULL;
6765 
6766 	/*
6767 	 * Drain the deferred RX path.
6768 	 */
6769 	LKPI_80211_LHW_RXQ_LOCK(lhw);
6770 	lhw->rxq_stopped = true;
6771 	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
6772 
6773 	/* Drain taskq, won't be restarted due to rxq_stopped being set. */
6774 	while (taskqueue_cancel(taskqueue_thread, &lhw->rxq_task, NULL) != 0)
6775 		taskqueue_drain(taskqueue_thread, &lhw->rxq_task);
6776 
6777 	/* Flush mbufq (make sure to release ni refs!). */
6778 	m = mbufq_dequeue(&lhw->rxq);
6779 	while (m != NULL) {
6780 #ifdef LKPI_80211_USE_MTAG
6781 		struct m_tag *mtag;
6782 
6783 		mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
6784 		if (mtag != NULL) {
6785 			struct lkpi_80211_tag_rxni *rxni;
6786 
6787 			rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
6788 			ieee80211_free_node(rxni->ni);
6789 		}
6790 #else
6791 		if (m->m_pkthdr.PH_loc.ptr != NULL) {
6792 			struct ieee80211_node *ni;
6793 
6794 			ni = m->m_pkthdr.PH_loc.ptr;
6795 			ieee80211_free_node(ni);
6796 		}
6797 #endif
6798 		m_freem(m);
6799 		m = mbufq_dequeue(&lhw->rxq);
6800 	}
6801 	KASSERT(mbufq_empty(&lhw->rxq), ("%s: lhw %p has rxq len %d != 0\n",
6802 	    __func__, lhw, mbufq_len(&lhw->rxq)));
6803 	LKPI_80211_LHW_RXQ_LOCK_DESTROY(lhw);
6804 
6805 	wiphy_lock(hw->wiphy);
6806 	/* Chanctx_conf. */
6807 	if (!list_empty_careful(&lhw->lchanctx_list)) {
6808 		struct lkpi_chanctx *lchanctx, *next;
6809 		struct ieee80211_chanctx_conf *chanctx_conf;
6810 
6811 		list_for_each_entry_safe(lchanctx, next, &lhw->lchanctx_list, entry) {
6812 			if (lchanctx->added_to_drv) {
6813 				/* In reality we should panic? */
6814 				chanctx_conf = &lchanctx->chanctx_conf;
6815 				lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
6816 			}
6817 			list_del(&lchanctx->entry);
6818 			/* No need to reset the lchanctx here as we will free it below. */
6819 			list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list_reserved);
6820 		}
6821 	}
6822 	if (!list_empty_careful(&lhw->lchanctx_list_reserved)) {
6823 		struct lkpi_chanctx *lchanctx, *next;
6824 
6825 		list_for_each_entry_safe(lchanctx, next, &lhw->lchanctx_list_reserved, entry) {
6826 			list_del(&lchanctx->entry);
6827 			if (lchanctx->added_to_drv)
6828 				panic("%s: lchanctx %p on reserved list still added_to_drv\n",
6829 				    __func__, lchanctx);
6830 			free(lchanctx, M_LKPI80211);
6831 		}
6832 	}
6833 	wiphy_unlock(hw->wiphy);
6834 
6835 	LKPI_80211_LHW_MC_LOCK(lhw);
6836 	lkpi_cleanup_mcast_list_locked(lhw);
6837 	LKPI_80211_LHW_MC_UNLOCK(lhw);
6838 
6839 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6840 		spin_lock_destroy(&lhw->txq_scheduled_lock[ac]);
6841 
6842 	/* Cleanup more of lhw here or in wiphy_free()? */
6843 	spin_lock_destroy(&lhw->txq_lock);
6844 	LKPI_80211_LHW_TXQ_LOCK_DESTROY(lhw);
6845 	LKPI_80211_LHW_SCAN_LOCK_DESTROY(lhw);
6846 	sx_destroy(&lhw->lvif_sx);
6847 	LKPI_80211_LHW_MC_LOCK_DESTROY(lhw)
6848 	IMPROVE();
6849 }
6850 
6851 void
6852 linuxkpi_set_ieee80211_dev(struct ieee80211_hw *hw)
6853 {
6854 	struct lkpi_hw *lhw;
6855 	struct ieee80211com *ic;
6856 	struct device *dev;
6857 
6858 	lhw = HW_TO_LHW(hw);
6859 	ic = lhw->ic;
6860 
6861 	/* Save the backpointer from net80211 to LinuxKPI. */
6862 	ic->ic_softc = lhw;
6863 
6864 	/*
6865 	 * Set a proper name before ieee80211_ifattach() if dev is set.
6866 	 * ath1xk also unset the dev so we need to check.
6867 	 * Also we will (ab)use this opportunity to register the
6868 	 * power management sub-children if thay exist (for suspend/resume).
6869 	 */
6870 	dev = wiphy_dev(hw->wiphy);
6871 	if (dev != NULL) {
6872 		ic->ic_name = dev_name(dev);
6873 		if (dev->bsddev != NULL) {
6874 			bus_identify_children(dev->bsddev);
6875 			bus_enumerate_hinted_children(dev->bsddev);
6876 			bus_topo_lock();
6877 			bus_attach_children(dev->bsddev);
6878 			bus_topo_unlock();
6879 		}
6880 	} else {
6881 		TODO("adjust arguments to still have the old dev or go through "
6882 		    "the hoops of getting the bsddev from hw and detach; "
6883 		    "or do in XXX; check ath1kx drivers");
6884 	}
6885 
6886 	/* XXX-BZ do we also need to set wiphy name? */
6887 }
6888 
6889 struct ieee80211_hw *
6890 linuxkpi_wiphy_to_ieee80211_hw(struct wiphy *wiphy)
6891 {
6892 	struct lkpi_hw *lhw;
6893 
6894 	lhw = wiphy_priv(wiphy);
6895 	return (LHW_TO_HW(lhw));
6896 }
6897 
6898 static void
6899 lkpi_radiotap_attach(struct lkpi_hw *lhw)
6900 {
6901 	struct ieee80211com *ic;
6902 
6903 	ic = lhw->ic;
6904 	ieee80211_radiotap_attach(ic,
6905 	    &lhw->rtap_tx.wt_ihdr, sizeof(lhw->rtap_tx),
6906 	    LKPI_RTAP_TX_FLAGS_PRESENT,
6907 	    &lhw->rtap_rx.wr_ihdr, sizeof(lhw->rtap_rx),
6908 	    LKPI_RTAP_RX_FLAGS_PRESENT);
6909 }
6910 
6911 int
6912 linuxkpi_ieee80211_ifattach(struct ieee80211_hw *hw)
6913 {
6914 	struct ieee80211com *ic;
6915 	struct lkpi_hw *lhw;
6916 	int band, i;
6917 
6918 	lhw = HW_TO_LHW(hw);
6919 	ic = lhw->ic;
6920 
6921 	/* We do it this late as wiphy->dev should be set for the name. */
6922 	lhw->workq = alloc_ordered_workqueue(wiphy_name(hw->wiphy), 0);
6923 	if (lhw->workq == NULL)
6924 		return (-EAGAIN);
6925 
6926 	/* XXX-BZ figure this out how they count his... */
6927 	if (!is_zero_ether_addr(hw->wiphy->perm_addr)) {
6928 		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6929 		    hw->wiphy->perm_addr);
6930 	} else if (hw->wiphy->n_addresses > 0) {
6931 		/* We take the first one. */
6932 		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6933 		    hw->wiphy->addresses[0].addr);
6934 	} else {
6935 		ic_printf(ic, "%s: warning, no hardware address!\n", __func__);
6936 	}
6937 
6938 #ifdef __not_yet__
6939 	/* See comment in lkpi_80211_txq_tx_one(). */
6940 	ic->ic_headroom = hw->extra_tx_headroom;
6941 #endif
6942 
6943 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
6944 	ic->ic_opmode = IEEE80211_M_STA;
6945 
6946 	/* Set device capabilities. */
6947 	/* XXX-BZ we need to get these from linux80211/drivers and convert. */
6948 	ic->ic_caps =
6949 	    IEEE80211_C_STA |
6950 	    IEEE80211_C_MONITOR |
6951 	    IEEE80211_C_WPA |		/* WPA/RSN */
6952 #ifdef LKPI_80211_WME
6953 	    IEEE80211_C_WME |
6954 #endif
6955 #if 0
6956 	    IEEE80211_C_PMGT |
6957 #endif
6958 	    IEEE80211_C_SHSLOT |	/* short slot time supported */
6959 	    IEEE80211_C_SHPREAMBLE	/* short preamble supported */
6960 	    ;
6961 
6962 #ifdef LKPI_80211_BGSCAN
6963 	if (lhw->ops->hw_scan)
6964 		ic->ic_caps |= IEEE80211_C_BGSCAN;
6965 #endif
6966 
6967 	lkpi_enable_hw_scan(lhw);
6968 
6969 	/* Does HW support Fragmentation offload? */
6970 	if (ieee80211_hw_check(hw, SUPPORTS_TX_FRAG))
6971 		ic->ic_flags_ext |= IEEE80211_FEXT_FRAG_OFFLOAD;
6972 
6973 	/* Does HW support full AMPDU[-TX] offload? */
6974 	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6975 		ic->ic_flags_ext |= IEEE80211_FEXT_AMPDU_OFFLOAD;
6976 #ifdef __notyet__
6977 	if (ieee80211_hw_check(hw, TX_AMSDU))
6978 	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6979 #endif
6980 
6981 	/*
6982 	 * The wiphy variables report bitmasks of avail antennas.
6983 	 * (*get_antenna) get the current bitmask sets which can be
6984 	 * altered by (*set_antenna) for some drivers.
6985 	 * XXX-BZ will the count alone do us much good long-term in net80211?
6986 	 */
6987 	if (hw->wiphy->available_antennas_rx ||
6988 	    hw->wiphy->available_antennas_tx) {
6989 		uint32_t rxs, txs;
6990 
6991 		if (lkpi_80211_mo_get_antenna(hw, &txs, &rxs) == 0) {
6992 			ic->ic_rxstream = bitcount32(rxs);
6993 			ic->ic_txstream = bitcount32(txs);
6994 		}
6995 	}
6996 
6997 	ic->ic_cryptocaps = 0;
6998 #ifdef LKPI_80211_HW_CRYPTO
6999 	if (lkpi_hwcrypto && hw->wiphy->n_cipher_suites > 0) {
7000 		uint32_t hwciphers;
7001 
7002 		hwciphers = 0;
7003 		for (i = 0; i < hw->wiphy->n_cipher_suites; i++) {
7004 			uint32_t cs;
7005 
7006 			cs = lkpi_l80211_to_net80211_cyphers(
7007 			    ic, hw->wiphy->cipher_suites[i]);
7008 			if (cs == IEEE80211_CRYPTO_TKIP) {
7009 				/*
7010 				 * We do set this here.  We will only find out
7011 				 * when doing a SET_KEY operation depending on
7012 				 * what the driver returns.
7013 				 * net80211::ieee80211_crypto_newkey()
7014 				 * checks this so we will have to do flags
7015 				 * surgery later.
7016 				 */
7017 				cs |= IEEE80211_CRYPTO_TKIPMIC;
7018 			}
7019 			hwciphers |= cs;
7020 		}
7021 		/*
7022 		 * (20250415) nothing anywhere in the path checks we actually
7023 		 * support all these in net80211.
7024 		 * net80211 supports _256 variants but the ioctl does not.
7025 		 */
7026 		IMPROVE("as net80211 grows more support, enable them");
7027 		hwciphers &= (IEEE80211_CRYPTO_WEP |
7028 		    IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_TKIPMIC |
7029 		    IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_AES_GCM_128);
7030 		/*
7031 		 * We only support CCMP here, so further filter.
7032 		 * Also permit TKIP if turned on.
7033 		 */
7034 		hwciphers &= (IEEE80211_CRYPTO_AES_CCM |
7035 		    IEEE80211_CRYPTO_AES_GCM_128 |
7036 		    (lkpi_hwcrypto_tkip ? (IEEE80211_CRYPTO_TKIP |
7037 		    IEEE80211_CRYPTO_TKIPMIC) : 0));
7038 		ieee80211_set_hardware_ciphers(ic, hwciphers);
7039 	}
7040 #endif
7041 
7042 	lkpi_ic_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
7043 	    ic->ic_channels);
7044 
7045 	ieee80211_ifattach(ic);
7046 
7047 	ic->ic_update_mcast = lkpi_ic_update_mcast;
7048 	ic->ic_update_promisc = lkpi_ic_update_promisc;
7049 	ic->ic_update_chw = lkpi_ic_update_chw;
7050 	ic->ic_parent = lkpi_ic_parent;
7051 	ic->ic_scan_start = lkpi_ic_scan_start;
7052 	ic->ic_scan_end = lkpi_ic_scan_end;
7053 	ic->ic_set_channel = lkpi_ic_set_channel;
7054 	ic->ic_transmit = lkpi_ic_transmit;
7055 	ic->ic_raw_xmit = lkpi_ic_raw_xmit;
7056 	ic->ic_vap_create = lkpi_ic_vap_create;
7057 	ic->ic_vap_delete = lkpi_ic_vap_delete;
7058 	ic->ic_getradiocaps = lkpi_ic_getradiocaps;
7059 	ic->ic_wme.wme_update = lkpi_ic_wme_update;
7060 
7061 	lhw->ic_scan_curchan = ic->ic_scan_curchan;
7062 	ic->ic_scan_curchan = lkpi_ic_scan_curchan;
7063 	lhw->ic_scan_mindwell = ic->ic_scan_mindwell;
7064 	ic->ic_scan_mindwell = lkpi_ic_scan_mindwell;
7065 
7066 	lhw->ic_node_alloc = ic->ic_node_alloc;
7067 	ic->ic_node_alloc = lkpi_ic_node_alloc;
7068 	lhw->ic_node_init = ic->ic_node_init;
7069 	ic->ic_node_init = lkpi_ic_node_init;
7070 	lhw->ic_node_cleanup = ic->ic_node_cleanup;
7071 	ic->ic_node_cleanup = lkpi_ic_node_cleanup;
7072 	lhw->ic_node_free = ic->ic_node_free;
7073 	ic->ic_node_free = lkpi_ic_node_free;
7074 
7075 #ifdef LKPI_80211_HT
7076 	/*
7077 	 * Only attach if the driver/firmware supports (*ampdu_action)().
7078 	 * Otherwise it is in the hands of net80211.
7079 	 */
7080 	if (lhw->ops->ampdu_action != NULL) {
7081 		lhw->ic_recv_action = ic->ic_recv_action;
7082 		ic->ic_recv_action = lkpi_ic_recv_action;
7083 		lhw->ic_send_action = ic->ic_send_action;
7084 		ic->ic_send_action = lkpi_ic_send_action;
7085 
7086 		lhw->ic_ampdu_enable = ic->ic_ampdu_enable;
7087 		ic->ic_ampdu_enable = lkpi_ic_ampdu_enable;
7088 
7089 		lhw->ic_addba_request = ic->ic_addba_request;
7090 		ic->ic_addba_request = lkpi_ic_addba_request;
7091 		lhw->ic_addba_response = ic->ic_addba_response;
7092 		ic->ic_addba_response = lkpi_ic_addba_response;
7093 		lhw->ic_addba_stop = ic->ic_addba_stop;
7094 		ic->ic_addba_stop = lkpi_ic_addba_stop;
7095 		lhw->ic_addba_response_timeout = ic->ic_addba_response_timeout;
7096 		ic->ic_addba_response_timeout = lkpi_ic_addba_response_timeout;
7097 
7098 		lhw->ic_bar_response = ic->ic_bar_response;
7099 		ic->ic_bar_response = lkpi_ic_bar_response;
7100 
7101 		lhw->ic_ampdu_rx_start = ic->ic_ampdu_rx_start;
7102 		ic->ic_ampdu_rx_start = lkpi_ic_ampdu_rx_start;
7103 		lhw->ic_ampdu_rx_stop = ic->ic_ampdu_rx_stop;
7104 		ic->ic_ampdu_rx_stop = lkpi_ic_ampdu_rx_stop;
7105 	}
7106 #endif
7107 
7108 	lkpi_radiotap_attach(lhw);
7109 
7110 	/*
7111 	 * Assign the first possible channel for now;  seems Realtek drivers
7112 	 * expect one.
7113 	 * Also remember the amount of bands we support and the most rates
7114 	 * in any band so we can scale [(ext) sup rates] IE(s) accordingly.
7115 	 */
7116 	lhw->supbands = lhw->max_rates = 0;
7117 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
7118 		struct ieee80211_supported_band *supband;
7119 		struct linuxkpi_ieee80211_channel *channels;
7120 
7121 		supband = hw->wiphy->bands[band];
7122 		if (supband == NULL || supband->n_channels == 0)
7123 			continue;
7124 
7125 		lhw->supbands++;
7126 		lhw->max_rates = max(lhw->max_rates, supband->n_bitrates);
7127 
7128 		/* If we have a channel, we need to keep counting supbands. */
7129 		if (hw->conf.chandef.chan != NULL)
7130 			continue;
7131 
7132 		channels = supband->channels;
7133 		for (i = 0; i < supband->n_channels; i++) {
7134 
7135 			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
7136 				continue;
7137 
7138 			cfg80211_chandef_create(&hw->conf.chandef, &channels[i],
7139 #ifdef LKPI_80211_HT
7140 			    (ic->ic_flags_ht & IEEE80211_FHT_HT) ? NL80211_CHAN_HT20 :
7141 #endif
7142 			    NL80211_CHAN_NO_HT);
7143 			lhw->dflt_chandef = hw->conf.chandef;
7144 #ifdef LINUXKPI_DEBUG_80211
7145 			if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
7146 				ic_printf(ic, "%s:%d: initialized "
7147 				    "hw->conf.chandef and dflt_chandef to %p\n",
7148 				    __func__, __LINE__, &lhw->dflt_chandef);
7149 #endif
7150 			break;
7151 		}
7152 	}
7153 
7154 	IMPROVE("see net80211::ieee80211_chan_init vs. wiphy->bands[].bitrates possibly in lkpi_ic_getradiocaps?");
7155 
7156 	/* Make sure we do not support more than net80211 is willing to take. */
7157 	if (lhw->max_rates > IEEE80211_RATE_MAXSIZE) {
7158 		ic_printf(ic, "%s: limiting max_rates %d to %d!\n", __func__,
7159 		    lhw->max_rates, IEEE80211_RATE_MAXSIZE);
7160 		lhw->max_rates = IEEE80211_RATE_MAXSIZE;
7161 	}
7162 
7163 	/*
7164 	 * The maximum supported bitrates on any band + size for
7165 	 * DSSS Parameter Set give our per-band IE size.
7166 	 * SSID is the responsibility of the driver and goes on the side.
7167 	 * The user specified bits coming from the vap go into the
7168 	 * "common ies" fields.
7169 	 */
7170 	lhw->scan_ie_len = 2 + IEEE80211_RATE_SIZE;
7171 	if (lhw->max_rates > IEEE80211_RATE_SIZE)
7172 		lhw->scan_ie_len += 2 + (lhw->max_rates - IEEE80211_RATE_SIZE);
7173 
7174 	if (hw->wiphy->features & NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) {
7175 		/*
7176 		 * net80211 does not seem to support the DSSS Parameter Set but
7177 		 * some of the drivers insert it so calculate the extra fixed
7178 		 * space in.
7179 		 */
7180 		lhw->scan_ie_len += 2 + 1;
7181 	}
7182 
7183 #if defined(LKPI_80211_HT)
7184 	if ((ic->ic_htcaps & IEEE80211_HTC_HT) != 0)
7185 		lhw->scan_ie_len += sizeof(struct ieee80211_ie_htcap);
7186 #endif
7187 #if defined(LKPI_80211_VHT)
7188 	if (IEEE80211_CONF_VHT(ic))
7189 		lhw->scan_ie_len += 2 + sizeof(struct ieee80211_vht_cap);
7190 #endif
7191 
7192 	/* Reduce the max_scan_ie_len "left" by the amount we consume already. */
7193 	if (hw->wiphy->max_scan_ie_len > 0) {
7194 		if (lhw->scan_ie_len > hw->wiphy->max_scan_ie_len)
7195 			goto err;
7196 		hw->wiphy->max_scan_ie_len -= lhw->scan_ie_len;
7197 	}
7198 
7199 	if (bootverbose) {
7200 		if (hw->netdev_features != 0)
7201 			ic_printf(ic, "netdev_features %b\n",
7202 			    hw->netdev_features, NETIF_F_BITS);
7203 		ieee80211_announce(ic);
7204 	}
7205 
7206 	return (0);
7207 err:
7208 	IMPROVE("TODO FIXME CLEANUP");
7209 	return (-EAGAIN);
7210 }
7211 
7212 void
7213 linuxkpi_ieee80211_ifdetach(struct ieee80211_hw *hw)
7214 {
7215 	struct lkpi_hw *lhw;
7216 	struct ieee80211com *ic;
7217 
7218 	lhw = HW_TO_LHW(hw);
7219 	ic = lhw->ic;
7220 	ieee80211_ifdetach(ic);
7221 }
7222 
7223 void
7224 linuxkpi_ieee80211_iterate_interfaces(struct ieee80211_hw *hw,
7225     enum ieee80211_iface_iter flags,
7226     void(*iterfunc)(void *, uint8_t *, struct ieee80211_vif *),
7227     void *arg)
7228 {
7229 	struct lkpi_hw *lhw;
7230 	struct lkpi_vif *lvif;
7231 	struct ieee80211_vif *vif;
7232 	bool active, atomic, nin_drv;
7233 
7234 	lhw = HW_TO_LHW(hw);
7235 
7236 	if (flags & ~(IEEE80211_IFACE_ITER_NORMAL|
7237 	    IEEE80211_IFACE_ITER_RESUME_ALL|
7238 	    IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER|
7239 	    IEEE80211_IFACE_ITER_ACTIVE|IEEE80211_IFACE_ITER__ATOMIC|
7240 	    IEEE80211_IFACE_ITER__MTX)) {
7241 		ic_printf(lhw->ic, "XXX TODO %s flags(%#x) not yet supported.\n",
7242 		    __func__, flags);
7243 	}
7244 
7245 	if ((flags & IEEE80211_IFACE_ITER__MTX) != 0)
7246 		lockdep_assert_wiphy(hw->wiphy);
7247 
7248 	active = (flags & IEEE80211_IFACE_ITER_ACTIVE) != 0;
7249 	atomic = (flags & IEEE80211_IFACE_ITER__ATOMIC) != 0;
7250 	nin_drv = (flags & IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) != 0;
7251 
7252 	if (atomic) {
7253 		IMPROVE("LKPI_80211_LHW_LVIF_LOCK atomic assume to be rcu?");
7254 		LKPI_80211_LHW_LVIF_LOCK(lhw);
7255 	}
7256 	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
7257 		struct ieee80211vap *vap;
7258 
7259 		vif = LVIF_TO_VIF(lvif);
7260 
7261 		/*
7262 		 * If we want "active" interfaces, we need to distinguish on
7263 		 * whether the driver knows about them or not to be able to
7264 		 * handle the "resume" case correctly.  Skip the ones the
7265 		 * driver does not know about.
7266 		 */
7267 		if (active && !lvif->added_to_drv &&
7268 		    (flags & IEEE80211_IFACE_ITER_RESUME_ALL) != 0)
7269 			continue;
7270 
7271 		/*
7272 		 * If we shall skip interfaces not added to the driver do so
7273 		 * if we haven't yet.
7274 		 */
7275 		if (nin_drv && !lvif->added_to_drv)
7276 			continue;
7277 
7278 		/*
7279 		 * Run the iterator function if we are either not asking
7280 		 * asking for active only or if the VAP is "running".
7281 		 */
7282 		/* XXX-BZ probably should have state in the lvif as well. */
7283 		vap = LVIF_TO_VAP(lvif);
7284 		if (!active || (vap->iv_state != IEEE80211_S_INIT))
7285 			iterfunc(arg, vif->addr, vif);
7286 	}
7287 	if (atomic)
7288 		LKPI_80211_LHW_LVIF_UNLOCK(lhw);
7289 }
7290 
7291 static void
7292 lkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
7293     ieee80211_keyix keyix, struct lkpi_sta *lsta,
7294     void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
7295 	struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
7296     void *arg)
7297 {
7298 #ifdef LINUXKPI_DEBUG_80211
7299 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
7300 		net80211_vap_printf(LVIF_TO_VAP(VIF_TO_LVIF(vif)),
7301 		    "%s:%d: lsta %6D added_to_drv %d kc[keyix %u] %p\n",
7302 		    __func__, __LINE__, LSTA_TO_STA(lsta)->addr, ":",
7303 		    lsta->added_to_drv, keyix, lsta->kc[keyix]);
7304 #endif
7305 
7306 	if (!lsta->added_to_drv)
7307 		return;
7308 
7309 	if (lsta->kc[keyix] == NULL)
7310 		return;
7311 
7312 	iterfunc(hw, vif, LSTA_TO_STA(lsta), lsta->kc[keyix], arg);
7313 }
7314 
7315 void
7316 linuxkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw,
7317     struct ieee80211_vif *vif,
7318     void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
7319         struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
7320     void *arg, bool rcu)
7321 {
7322 	struct lkpi_sta *lsta;
7323 	struct lkpi_vif *lvif;
7324 
7325 	lvif = VIF_TO_LVIF(vif);
7326 
7327 	if (rcu) {
7328 		rcu_read_lock_held();		/* XXX-BZ is this correct? */
7329 
7330 		if (vif == NULL) {
7331 			TODO();
7332 		} else {
7333 			list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7334 				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
7335 				    keyix++)
7336 					lkpi_ieee80211_iterate_keys(hw, vif,
7337 					    keyix, lsta, iterfunc, arg);
7338 			}
7339 		}
7340 	} else {
7341 		TODO("Used by suspend/resume; order of keys as installed to "
7342 		"firmware is important; we'll need to rewrite some code for that");
7343 		lockdep_assert_wiphy(hw->wiphy);
7344 
7345 		if (vif == NULL) {
7346 			TODO();
7347 		} else {
7348 			list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
7349 				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
7350 				    keyix++)
7351 					lkpi_ieee80211_iterate_keys(hw, vif,
7352 					    keyix, lsta, iterfunc, arg);
7353 			}
7354 		}
7355 	}
7356 }
7357 
7358 void
7359 linuxkpi_ieee80211_iterate_chan_contexts(struct ieee80211_hw *hw,
7360     void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_chanctx_conf *,
7361 	void *),
7362     void *arg)
7363 {
7364 	struct lkpi_hw *lhw;
7365 	struct lkpi_chanctx *lchanctx;
7366 
7367 	KASSERT(hw != NULL && iterfunc != NULL,
7368 	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7369 
7370 	lhw = HW_TO_LHW(hw);
7371 
7372 	rcu_read_lock();
7373 	list_for_each_entry_rcu(lchanctx, &lhw->lchanctx_list, entry) {
7374 		if (!lchanctx->added_to_drv)
7375 			continue;
7376 		iterfunc(hw, &lchanctx->chanctx_conf, arg);
7377 	}
7378 	rcu_read_unlock();
7379 }
7380 
7381 void
7382 linuxkpi_ieee80211_iterate_stations_atomic(struct ieee80211_hw *hw,
7383    void (*iterfunc)(void *, struct ieee80211_sta *), void *arg)
7384 {
7385 	struct lkpi_hw *lhw;
7386 	struct lkpi_vif *lvif;
7387 	struct lkpi_sta *lsta;
7388 	struct ieee80211_sta *sta;
7389 
7390 	KASSERT(hw != NULL && iterfunc != NULL,
7391 	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7392 
7393 	lhw = HW_TO_LHW(hw);
7394 
7395 	LKPI_80211_LHW_LVIF_LOCK(lhw);
7396 	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
7397 
7398 		rcu_read_lock();
7399 		list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7400 			if (!lsta->added_to_drv)
7401 				continue;
7402 			sta = LSTA_TO_STA(lsta);
7403 			iterfunc(arg, sta);
7404 		}
7405 		rcu_read_unlock();
7406 	}
7407 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
7408 }
7409 
7410 struct linuxkpi_ieee80211_regdomain *
7411 lkpi_get_linuxkpi_ieee80211_regdomain(size_t n)
7412 {
7413 	struct linuxkpi_ieee80211_regdomain *regd;
7414 
7415 	regd = kzalloc(sizeof(*regd) + n * sizeof(struct ieee80211_reg_rule),
7416 	    GFP_KERNEL);
7417 	return (regd);
7418 }
7419 
7420 int
7421 linuxkpi_regulatory_set_wiphy_regd_sync(struct wiphy *wiphy,
7422     struct linuxkpi_ieee80211_regdomain *regd)
7423 {
7424 	struct lkpi_hw *lhw;
7425 	struct ieee80211com *ic;
7426 	struct ieee80211_regdomain *rd;
7427 
7428 	lhw = wiphy_priv(wiphy);
7429 	ic = lhw->ic;
7430 
7431 	rd = &ic->ic_regdomain;
7432 	if (rd->isocc[0] == '\0') {
7433 		rd->isocc[0] = regd->alpha2[0];
7434 		rd->isocc[1] = regd->alpha2[1];
7435 	}
7436 
7437 	TODO();
7438 	/* XXX-BZ finish the rest. */
7439 
7440 	return (0);
7441 }
7442 
7443 void
7444 linuxkpi_ieee80211_scan_completed(struct ieee80211_hw *hw,
7445     struct cfg80211_scan_info *info)
7446 {
7447 	struct lkpi_hw *lhw;
7448 	struct ieee80211com *ic;
7449 	struct ieee80211_scan_state *ss;
7450 
7451 	lhw = wiphy_priv(hw->wiphy);
7452 	ic = lhw->ic;
7453 	ss = ic->ic_scan;
7454 
7455 	TRACE_SCAN(ic, "scan_flags %b info { %ju, %6D, aborted %d }",
7456 	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7457 	    (uintmax_t)info->scan_start_tsf, info->tsf_bssid, ":",
7458 	    info->aborted);
7459 
7460 	ieee80211_scan_done(ss->ss_vap);
7461 
7462 	LKPI_80211_LHW_SCAN_LOCK(lhw);
7463 	free(lhw->hw_req, M_LKPI80211);
7464 	lhw->hw_req = NULL;
7465 	lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
7466 	/* The wakeup(lhw) will be called from lkpi_ic_scan_end(). */
7467 	/* wakeup(lhw); */
7468 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
7469 
7470 	return;
7471 }
7472 
7473 static void
7474 lkpi_80211_lhw_rxq_rx_one(struct lkpi_hw *lhw, struct mbuf *m)
7475 {
7476 	struct ieee80211_node *ni;
7477 #ifdef LKPI_80211_USE_MTAG
7478 	struct m_tag *mtag;
7479 #endif
7480 	int ok;
7481 
7482 	ni = NULL;
7483 #ifdef LKPI_80211_USE_MTAG
7484         mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
7485 	if (mtag != NULL) {
7486 		struct lkpi_80211_tag_rxni *rxni;
7487 
7488 		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
7489 		ni = rxni->ni;
7490 	}
7491 #else
7492 	if (m->m_pkthdr.PH_loc.ptr != NULL) {
7493 		ni = m->m_pkthdr.PH_loc.ptr;
7494 		m->m_pkthdr.PH_loc.ptr = NULL;
7495 	}
7496 #endif
7497 
7498 	if (ni != NULL) {
7499 		ok = ieee80211_input_mimo(ni, m);
7500 		ieee80211_free_node(ni);		/* Release the reference. */
7501 		if (ok < 0)
7502 			m_freem(m);
7503 	} else {
7504 		ok = ieee80211_input_mimo_all(lhw->ic, m);
7505 		/* mbuf got consumed. */
7506 	}
7507 
7508 #ifdef LINUXKPI_DEBUG_80211
7509 	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7510 		printf("TRACE-RX: %s: handled frame type %#0x\n", __func__, ok);
7511 #endif
7512 }
7513 
7514 static void
7515 lkpi_80211_lhw_rxq_task(void *ctx, int pending)
7516 {
7517 	struct lkpi_hw *lhw;
7518 	struct mbufq mq;
7519 	struct mbuf *m;
7520 
7521 	lhw = ctx;
7522 
7523 #ifdef LINUXKPI_DEBUG_80211
7524 	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7525 		printf("TRACE-RX: %s: lhw %p pending %d mbuf_qlen %d\n",
7526 		    __func__, lhw, pending, mbufq_len(&lhw->rxq));
7527 #endif
7528 
7529 	mbufq_init(&mq, IFQ_MAXLEN);
7530 
7531 	LKPI_80211_LHW_RXQ_LOCK(lhw);
7532 	mbufq_concat(&mq, &lhw->rxq);
7533 	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7534 
7535 	m = mbufq_dequeue(&mq);
7536 	while (m != NULL) {
7537 		lkpi_80211_lhw_rxq_rx_one(lhw, m);
7538 		m = mbufq_dequeue(&mq);
7539 	}
7540 }
7541 
7542 static void
7543 lkpi_convert_rx_status(struct ieee80211_hw *hw, struct lkpi_sta *lsta,
7544     struct ieee80211_rx_status *rx_status,
7545     struct ieee80211_rx_stats *rx_stats,
7546     uint8_t *rssip)
7547 {
7548 	struct ieee80211_supported_band *supband;
7549 	struct rate_info rxrate;
7550 	int i;
7551 	uint8_t rssi;
7552 
7553 	memset(&rxrate, 0, sizeof(rxrate));
7554 	memset(rx_stats, 0, sizeof(*rx_stats));
7555 	rx_stats->r_flags = IEEE80211_R_NF | IEEE80211_R_RSSI;
7556 	/* XXX-BZ correct hardcoded noise floor, survey data? */
7557 	rx_stats->c_nf = -96;
7558 	if (ieee80211_hw_check(hw, SIGNAL_DBM) &&
7559 	    !(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7560 		rssi = rx_status->signal;
7561 	else
7562 		rssi = rx_stats->c_nf;
7563 	/*
7564 	 * net80211 signal strength data are in .5 dBm units relative to
7565 	 * the current noise floor (see comment in ieee80211_node.h).
7566 	 */
7567 	rssi -= rx_stats->c_nf;
7568 	if (rssip != NULL)
7569 		*rssip = rssi;
7570 	rx_stats->c_rssi = rssi * 2;
7571 	rx_stats->r_flags |= IEEE80211_R_BAND;
7572 	rx_stats->c_band =
7573 	    lkpi_nl80211_band_to_net80211_band(rx_status->band);
7574 	rx_stats->r_flags |= IEEE80211_R_FREQ | IEEE80211_R_IEEE;
7575 	rx_stats->c_freq = rx_status->freq;
7576 	rx_stats->c_ieee = ieee80211_mhz2ieee(rx_stats->c_freq, rx_stats->c_band);
7577 
7578 	rx_stats->c_rx_tsf = rx_status->mactime;
7579 
7580 	/* XXX RX_FLAG_MACTIME_IS_RTAP_TS64 ? */
7581 	if ((rx_status->flag & RX_FLAG_MACTIME) ==
7582 	    (RX_FLAG_MACTIME_START|RX_FLAG_MACTIME_END)) {
7583 		rx_stats->r_flags |= IEEE80211_R_TSF64;
7584 		/* XXX RX_FLAG_MACTIME_PLCP_START ? */
7585 		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_START)
7586 			rx_stats->r_flags |= IEEE80211_R_TSF_START;
7587 		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_END)
7588 			rx_stats->r_flags |= IEEE80211_R_TSF_END;
7589 		/* XXX-BZ if TSF_END will net80211 do the unwind of time? */
7590 	}
7591 
7592 	if (rx_status->chains != 0) {
7593 		int cc;
7594 		int8_t crssi;
7595 
7596 		rx_stats->c_chain = rx_status->chains;
7597 		rx_stats->r_flags |= IEEE80211_R_C_CHAIN;
7598 
7599 		cc = 0;
7600 		for (i = 0; i < nitems(rx_status->chain_signal); i++) {
7601 			if (!(rx_status->chains & BIT(i)))
7602 				continue;
7603 			crssi = rx_status->chain_signal[i];
7604 			crssi -= rx_stats->c_nf;
7605 			rx_stats->c_rssi_ctl[i] = crssi * 2;
7606 			rx_stats->c_rssi_ext[i] = crssi * 2;	/* XXX _ext ??? ATH thing? */
7607 			/* We currently only have the global noise floor value. */
7608 			rx_stats->c_nf_ctl[i] = rx_stats->c_nf;
7609 			rx_stats->c_nf_ext[i] = rx_stats->c_nf;
7610 			cc++;
7611 		}
7612 		if (cc > 0)
7613 			 rx_stats->r_flags |= (IEEE80211_R_C_NF | IEEE80211_R_C_RSSI);
7614 	}
7615 
7616 	/* XXX-NET80211 We are not going to populate c_phytype! */
7617 
7618 	switch (rx_status->encoding) {
7619 	case RX_ENC_LEGACY:
7620 	{
7621 		uint32_t legacy = 0;
7622 
7623 		supband = hw->wiphy->bands[rx_status->band];
7624 		if (supband != NULL)
7625 			legacy = supband->bitrates[rx_status->rate_idx].bitrate;
7626 		rx_stats->c_rate = legacy;
7627 		rxrate.legacy = legacy;
7628 		/* Is there a LinuxKPI way of reporting IEEE80211_RX_F_CCK / _OFDM? */
7629 		break;
7630 	}
7631 	case RX_ENC_HT:
7632 		rx_stats->c_pktflags |= IEEE80211_RX_F_HT;
7633 		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7634 		rxrate.flags |= RATE_INFO_FLAGS_MCS;
7635 		rxrate.mcs = rx_status->rate_idx;
7636 		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7637 			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7638 			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7639 		}
7640 		break;
7641 	case RX_ENC_VHT:
7642 		rx_stats->c_pktflags |= IEEE80211_RX_F_VHT;
7643 		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7644 		rx_stats->c_vhtnss = rx_status->nss;
7645 		rxrate.flags |= RATE_INFO_FLAGS_VHT_MCS;
7646 		rxrate.mcs = rx_status->rate_idx;
7647 		rxrate.nss = rx_status->nss;
7648 		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7649 			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7650 			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7651 		}
7652 		break;
7653 	case RX_ENC_HE:
7654 		rxrate.flags |= RATE_INFO_FLAGS_HE_MCS;
7655 		rxrate.mcs = rx_status->rate_idx;
7656 		rxrate.nss = rx_status->nss;
7657 		/* XXX TODO */
7658 		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7659 		break;
7660 	case RX_ENC_EHT:
7661 		rxrate.flags |= RATE_INFO_FLAGS_EHT_MCS;
7662 		rxrate.mcs = rx_status->rate_idx;
7663 		rxrate.nss = rx_status->nss;
7664 		/* XXX TODO */
7665 		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7666 		break;
7667 	}
7668 
7669 	rxrate.bw = rx_status->bw;
7670 	switch (rx_status->bw) {
7671 	case RATE_INFO_BW_20:
7672 		rx_stats->c_width = IEEE80211_RX_FW_20MHZ;
7673 		break;
7674 	case RATE_INFO_BW_40:
7675 		rx_stats->c_width = IEEE80211_RX_FW_40MHZ;
7676 		break;
7677 	case RATE_INFO_BW_80:
7678 		rx_stats->c_width = IEEE80211_RX_FW_80MHZ;
7679 		break;
7680 	case RATE_INFO_BW_160:
7681 		rx_stats->c_width = IEEE80211_RX_FW_160MHZ;
7682 		break;
7683 	case RATE_INFO_BW_320:
7684 	case RATE_INFO_BW_HE_RU:
7685 	case RATE_INFO_BW_EHT_RU:
7686 	case RATE_INFO_BW_5:
7687 	case RATE_INFO_BW_10:
7688 		TODO("net80211 has not matching bandwidth for %u", rx_status->bw);
7689 		break;
7690 	}
7691 
7692 	if ((rx_status->enc_flags & RX_ENC_FLAG_LDPC) != 0)
7693 		rx_stats->c_pktflags |= IEEE80211_RX_F_LDPC;
7694 	if ((rx_status->enc_flags & RX_ENC_FLAG_STBC_MASK) != 0)
7695 		 rx_stats->c_pktflags |= IEEE80211_RX_F_STBC;
7696 
7697 	/*
7698 	 * We only need these for LKPI_80211_HW_CRYPTO in theory but in
7699 	 * case the hardware does something we do not expect always leave
7700 	 * these enabled.  Leaving this commant as documentation for the || 1.
7701 	 */
7702 #if defined(LKPI_80211_HW_CRYPTO) || 1
7703 	if (rx_status->flag & RX_FLAG_DECRYPTED) {
7704 		rx_stats->c_pktflags |= IEEE80211_RX_F_DECRYPTED;
7705 		/* Only valid if decrypted is set. */
7706 		if (rx_status->flag & RX_FLAG_PN_VALIDATED)
7707 			rx_stats->c_pktflags |= IEEE80211_RX_F_PN_VALIDATED;
7708 	}
7709 	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
7710 		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
7711 	if (rx_status->flag & RX_FLAG_ICV_STRIPPED)
7712 		rx_stats->c_pktflags |= IEEE80211_RX_F_ICV_STRIP;
7713 	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
7714 		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
7715 	if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
7716 		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
7717 	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
7718 		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
7719 	if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7720 		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
7721 #endif
7722 
7723 	/* Fill in some sinfo bits to fill gaps not reported byt the driver. */
7724 	if (lsta != NULL) {
7725 		memcpy(&lsta->sinfo.rxrate, &rxrate, sizeof(rxrate));
7726 		lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
7727 
7728 		if (rx_status->chains != 0) {
7729 			lsta->sinfo.chains = rx_status->chains;
7730 			memcpy(lsta->sinfo.chain_signal, rx_status->chain_signal,
7731 			    sizeof(lsta->sinfo.chain_signal));
7732 			lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
7733 		}
7734 	}
7735 }
7736 
7737 #ifdef LINUXKPI_DEBUG_80211
7738 static void
7739 lkpi_rx_log_beacon(struct mbuf *m, struct lkpi_hw *lhw,
7740     struct ieee80211_rx_status *rx_status)
7741 {
7742 	struct ieee80211_mgmt *f;
7743 	uint8_t *e;
7744 	char ssid[IEEE80211_NWID_LEN * 4 + 1];
7745 
7746 	memset(ssid, '\0', sizeof(ssid));
7747 
7748 	f = mtod(m, struct ieee80211_mgmt *);
7749 	e = f->u.beacon.variable;
7750 	/*
7751 	 * Usually SSID is right after the fixed part and for debugging we will
7752 	 * be fine should we miss it if it is not.
7753 	 */
7754 	while ((e - (uint8_t *)f) < m->m_len) {
7755 		if (*e == IEEE80211_ELEMID_SSID)
7756 			break;
7757 		e += (2 + *(e + 1));
7758 	}
7759 	if (*e == IEEE80211_ELEMID_SSID) {
7760 		int i, len;
7761 		char *p;
7762 
7763 		p = ssid;
7764 		len = m->m_len - ((e + 2) - (uint8_t *)f);
7765 		if (len > *(e + 1))
7766 			len = *(e + 1);
7767 		e += 2;
7768 		for (i = 0; i < len; i++) {
7769 			/* Printable character? */
7770 			if (*e >= 0x20 && *e < 0x7f) {
7771 				*p++ = *e++;
7772 			} else {
7773 				snprintf(p, 5, "%#04x", *e++);
7774 				p += 4;
7775 			}
7776 		}
7777 		*p = '\0';
7778 	}
7779 
7780 	/* We print skb, skb->data, m as we are seeing 'ghost beacons'. */
7781 	TRACE_SCAN_BEACON(lhw->ic, "Beacon: scan_flags %b, band %s freq %u chan %-4d "
7782 	    "len %d { %#06x %#06x %6D %6D %6D %#06x %ju %u %#06x SSID '%s' }",
7783 	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7784 	    lkpi_nl80211_band_name(rx_status->band), rx_status->freq,
7785 	    linuxkpi_ieee80211_frequency_to_channel(rx_status->freq, 0),
7786 	    m->m_pkthdr.len, f->frame_control, f->duration_id,
7787 	    f->da, ":", f->sa, ":", f->bssid, ":", f->seq_ctrl,
7788 	    (uintmax_t)le64_to_cpu(f->u.beacon.timestamp),
7789 	    le16_to_cpu(f->u.beacon.beacon_int),
7790 	    le16_to_cpu(f->u.beacon.capab_info), ssid);
7791 }
7792 #endif
7793 
7794 /* For %list see comment towards the end of the function. */
7795 void
7796 linuxkpi_ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
7797     struct ieee80211_sta *sta, struct napi_struct *napi __unused,
7798     struct list_head *list __unused)
7799 {
7800 	struct lkpi_hw *lhw;
7801 	struct ieee80211com *ic;
7802 	struct mbuf *m;
7803 	struct skb_shared_info *shinfo;
7804 	struct ieee80211_rx_status *rx_status;
7805 	struct ieee80211_rx_stats rx_stats;
7806 	struct ieee80211_node *ni;
7807 	struct ieee80211vap *vap;
7808 	struct ieee80211_hdr *hdr;
7809 	struct lkpi_sta *lsta;
7810 	int i, offset, ok, error;
7811 	uint8_t rssi;
7812 	bool is_beacon;
7813 
7814 	lhw = HW_TO_LHW(hw);
7815 	ic = lhw->ic;
7816 
7817 	if (skb->len < 2) {
7818 		/* Need 80211 stats here. */
7819 		counter_u64_add(ic->ic_ierrors, 1);
7820 		IMPROVE();
7821 		goto err;
7822 	}
7823 
7824 	/*
7825 	 * For now do the data copy; we can later improve things. Might even
7826 	 * have an mbuf backing the skb data then?
7827 	 */
7828 	m = m_get3(skb->len, M_NOWAIT, MT_DATA, M_PKTHDR);
7829 	if (m == NULL) {
7830 		counter_u64_add(ic->ic_ierrors, 1);
7831 		goto err;
7832 	}
7833 	m_copyback(m, 0, skb->tail - skb->data, skb->data);
7834 
7835 	shinfo = skb_shinfo(skb);
7836 	offset = m->m_len;
7837 	for (i = 0; i < shinfo->nr_frags; i++) {
7838 		m_copyback(m, offset, shinfo->frags[i].size,
7839 		    (uint8_t *)linux_page_address(shinfo->frags[i].page) +
7840 		    shinfo->frags[i].offset);
7841 		offset += shinfo->frags[i].size;
7842 	}
7843 
7844 	rx_status = IEEE80211_SKB_RXCB(skb);
7845 
7846 	hdr = (void *)skb->data;
7847 	is_beacon = ieee80211_is_beacon(hdr->frame_control);
7848 
7849 #ifdef LINUXKPI_DEBUG_80211
7850 	/*
7851 	 * We use the mbuf here as otherwise the variable part might
7852 	 * be in skb frags.
7853 	 */
7854 	if (is_beacon && ((linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0))
7855 		lkpi_rx_log_beacon(m, lhw, rx_status);
7856 
7857 	if (is_beacon && (linuxkpi_debug_80211 & D80211_TRACE_RX_BEACONS) == 0 &&
7858 	   (linuxkpi_debug_80211 & D80211_SCAN_BEACON) == 0)
7859 		goto no_trace_beacons;
7860 
7861 	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7862 		printf("TRACE-RX: %s: skb %p l/d/t-len (%u/%u/%u) "
7863 		    "h %p d %p t %p e %p sh %p (%u) m %p plen %u len %u%s\n",
7864 		    __func__, skb, skb->len, skb->data_len,
7865 		    skb->truesize, skb->head, skb->data, skb->tail, skb->end,
7866 		    shinfo, shinfo->nr_frags,
7867 		    m, m->m_pkthdr.len, m->m_len, is_beacon ? " beacon" : "");
7868 
7869 	if (linuxkpi_debug_80211 & D80211_TRACE_RX_DUMP)
7870 		hexdump(mtod(m, const void *), m->m_len, "RX (raw) ", 0);
7871 
7872 	/* Implement a dump_rxcb() !!! */
7873 	if ((linuxkpi_debug_80211 & D80211_TRACE_RX) != 0 ||
7874 	    (linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0)
7875 		printf("TRACE-RX: %s: RXCB: %ju %ju %u, %b, %u, %#0x, %#0x, "
7876 		    "%u band %u, %u { %d %d %d %d }, %d, %#x %#x %#x %#x %u %u %u\n",
7877 			__func__,
7878 			(uintmax_t)rx_status->boottime_ns,
7879 			(uintmax_t)rx_status->mactime,
7880 			rx_status->device_timestamp,
7881 			rx_status->flag, IEEE80211_RX_STATUS_FLAGS_BITS,
7882 			rx_status->freq,
7883 			rx_status->bw,
7884 			rx_status->encoding,
7885 			rx_status->ampdu_reference,
7886 			rx_status->band,
7887 			rx_status->chains,
7888 			rx_status->chain_signal[0],
7889 			rx_status->chain_signal[1],
7890 			rx_status->chain_signal[2],
7891 			rx_status->chain_signal[3],
7892 			rx_status->signal,
7893 			rx_status->enc_flags,
7894 			rx_status->he_dcm,
7895 			rx_status->he_gi,
7896 			rx_status->he_ru,
7897 			rx_status->zero_length_psdu_type,
7898 			rx_status->nss,
7899 			rx_status->rate_idx);
7900 no_trace_beacons:
7901 #endif
7902 
7903 	lsta = NULL;
7904 	if (sta != NULL) {
7905 		lsta = STA_TO_LSTA(sta);
7906 		ni = ieee80211_ref_node(lsta->ni);
7907 	} else {
7908 		struct ieee80211_frame_min *wh;
7909 
7910 		wh = mtod(m, struct ieee80211_frame_min *);
7911 		ni = ieee80211_find_rxnode(ic, wh);
7912 		if (ni != NULL)
7913 			lsta = ni->ni_drv_data;
7914 	}
7915 
7916 	rssi = 0;
7917 	lkpi_convert_rx_status(hw, lsta, rx_status, &rx_stats, &rssi);
7918 
7919 	ok = ieee80211_add_rx_params(m, &rx_stats);
7920 	if (ok == 0) {
7921 		m_freem(m);
7922 		counter_u64_add(ic->ic_ierrors, 1);
7923 		goto err;
7924 	}
7925 
7926 	if (ni != NULL)
7927 		vap = ni->ni_vap;
7928 	else
7929 		/*
7930 		 * XXX-BZ can we improve this by looking at the frame hdr
7931 		 * or other meta-data passed up?
7932 		 */
7933 		vap = TAILQ_FIRST(&ic->ic_vaps);
7934 
7935 #ifdef LINUXKPI_DEBUG_80211
7936 	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7937 		printf("TRACE-RX: %s: sta %p lsta %p state %d ni %p vap %p%s\n",
7938 		    __func__, sta, lsta, (lsta != NULL) ? lsta->state : -1,
7939 		    ni, vap, is_beacon ? " beacon" : "");
7940 #endif
7941 
7942 	if (ni != NULL && vap != NULL && is_beacon &&
7943 	    rx_status->device_timestamp > 0 &&
7944 	    m->m_pkthdr.len >= sizeof(struct ieee80211_frame)) {
7945 		struct lkpi_vif *lvif;
7946 		struct ieee80211_vif *vif;
7947 		struct ieee80211_frame *wh;
7948 
7949 		lvif = VAP_TO_LVIF(vap);
7950 		vif = LVIF_TO_VIF(lvif);
7951 
7952 		wh = mtod(m, struct ieee80211_frame *);
7953 		if (!IEEE80211_ADDR_EQ(wh->i_addr2, vif->cfg.ap_addr))
7954 			goto skip_device_ts;
7955 
7956 		IMPROVE("TIMING_BEACON_ONLY?");
7957 		/* mac80211 specific (not net80211) so keep it here. */
7958 		vif->bss_conf.sync_device_ts = rx_status->device_timestamp;
7959 		/*
7960 		 * net80211 should take care of the other information (sync_tsf,
7961 		 * sync_dtim_count) as otherwise we need to parse the beacon.
7962 		 */
7963 skip_device_ts:
7964 		;
7965 	}
7966 
7967 	if (vap != NULL && vap->iv_state > IEEE80211_S_INIT &&
7968 	    ieee80211_radiotap_active_vap(vap)) {
7969 		struct lkpi_radiotap_rx_hdr *rtap;
7970 
7971 		rtap = &lhw->rtap_rx;
7972 		rtap->wr_tsft = rx_status->device_timestamp;
7973 		rtap->wr_flags = 0;
7974 		if (rx_status->enc_flags & RX_ENC_FLAG_SHORTPRE)
7975 			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
7976 		if (rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI)
7977 			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTGI;
7978 #if 0	/* .. or it does not given we strip it below. */
7979 		if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7980 			rtap->wr_flags |= IEEE80211_RADIOTAP_F_FCS;
7981 #endif
7982 		if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7983 			rtap->wr_flags |= IEEE80211_RADIOTAP_F_BADFCS;
7984 		rtap->wr_rate = 0;
7985 		IMPROVE();
7986 		/* XXX TODO status->encoding / rate_index / bw */
7987 		rtap->wr_chan_freq = htole16(rx_stats.c_freq);
7988 		if (ic->ic_curchan->ic_ieee == rx_stats.c_ieee)
7989 			rtap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
7990 		rtap->wr_dbm_antsignal = rssi;
7991 		rtap->wr_dbm_antnoise = rx_stats.c_nf;
7992 	}
7993 
7994 	if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7995 		m_adj(m, -IEEE80211_CRC_LEN);
7996 
7997 #if 0
7998 	if (list != NULL) {
7999 		/*
8000 		* Normally this would be queued up and delivered by
8001 		* netif_receive_skb_list(), napi_gro_receive(), or the like.
8002 		* See mt76::mac80211.c as only current possible consumer.
8003 		*/
8004 		IMPROVE("we simply pass the packet to net80211 to deal with.");
8005 	}
8006 #endif
8007 
8008 	/* Attach meta-information to the mbuf for the deferred RX path. */
8009 	if (ni != NULL) {
8010 #ifdef LKPI_80211_USE_MTAG
8011 		struct m_tag *mtag;
8012 		struct lkpi_80211_tag_rxni *rxni;
8013 
8014 		mtag = m_tag_alloc(MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI,
8015 		    sizeof(*rxni), IEEE80211_M_NOWAIT);
8016 		if (mtag == NULL) {
8017 			m_freem(m);
8018 			counter_u64_add(ic->ic_ierrors, 1);
8019 			goto err;
8020 		}
8021 		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
8022 		rxni->ni = ni;		/* We hold a reference. */
8023 		m_tag_prepend(m, mtag);
8024 #else
8025 		m->m_pkthdr.PH_loc.ptr = ni;	/* We hold a reference. */
8026 #endif
8027 	}
8028 
8029 	LKPI_80211_LHW_RXQ_LOCK(lhw);
8030 	if (lhw->rxq_stopped) {
8031 		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
8032 		m_freem(m);
8033 		counter_u64_add(ic->ic_ierrors, 1);
8034 		goto err;
8035 	}
8036 
8037 	error = mbufq_enqueue(&lhw->rxq, m);
8038 	if (error != 0) {
8039 		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
8040 		m_freem(m);
8041 		counter_u64_add(ic->ic_ierrors, 1);
8042 #ifdef LINUXKPI_DEBUG_80211
8043 		if (linuxkpi_debug_80211 & D80211_TRACE_RX)
8044 			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
8045 			    __func__, error);
8046 #endif
8047 		goto err;
8048 	}
8049 	taskqueue_enqueue(taskqueue_thread, &lhw->rxq_task);
8050 	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
8051 
8052 	IMPROVE();
8053 
8054 err:
8055 	/* The skb is ours so we can free it :-) */
8056 	kfree_skb(skb);
8057 }
8058 
8059 uint8_t
8060 linuxkpi_ieee80211_get_tid(struct ieee80211_hdr *hdr, bool nonqos_ok)
8061 {
8062 	const struct ieee80211_frame *wh;
8063 	uint8_t tid;
8064 
8065 	/* Linux seems to assume this is a QOS-Data-Frame */
8066 	KASSERT(nonqos_ok || ieee80211_is_data_qos(hdr->frame_control),
8067 	   ("%s: hdr %p fc %#06x not qos_data\n", __func__, hdr,
8068 	   hdr->frame_control));
8069 
8070 	wh = (const struct ieee80211_frame *)hdr;
8071 	tid = ieee80211_gettid(wh);
8072 	KASSERT(nonqos_ok || tid == (tid & IEEE80211_QOS_TID), ("%s: tid %u "
8073 	   "not expected (%u?)\n", __func__, tid, IEEE80211_NONQOS_TID));
8074 
8075 	return (tid);
8076 }
8077 
8078 /* -------------------------------------------------------------------------- */
8079 
8080 static void
8081 lkpi_wiphy_work(struct work_struct *work)
8082 {
8083 	struct lkpi_wiphy *lwiphy;
8084 	struct wiphy *wiphy;
8085 	struct wiphy_work *wk;
8086 
8087 	lwiphy = container_of(work, struct lkpi_wiphy, wwk);
8088 	wiphy = LWIPHY_TO_WIPHY(lwiphy);
8089 
8090 	wiphy_lock(wiphy);
8091 
8092 	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
8093 	wk = list_first_entry_or_null(&lwiphy->wwk_list, struct wiphy_work, entry);
8094 	/* If there is nothing we do nothing. */
8095 	if (wk == NULL) {
8096 		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8097 		wiphy_unlock(wiphy);
8098 		return;
8099 	}
8100 	list_del_init(&wk->entry);
8101 
8102 	/* More work to do? */
8103 	if (!list_empty(&lwiphy->wwk_list))
8104 		schedule_work(work);
8105 	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8106 
8107 	/* Finally call the (*wiphy_work_fn)() function. */
8108 	wk->fn(wiphy, wk);
8109 
8110 	wiphy_unlock(wiphy);
8111 }
8112 
8113 void
8114 linuxkpi_wiphy_work_queue(struct wiphy *wiphy, struct wiphy_work *wwk)
8115 {
8116 	struct lkpi_wiphy *lwiphy;
8117 
8118 	lwiphy = WIPHY_TO_LWIPHY(wiphy);
8119 
8120 	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
8121 	/* Do not double-queue. */
8122 	if (list_empty(&wwk->entry))
8123 		list_add_tail(&wwk->entry, &lwiphy->wwk_list);
8124 	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8125 
8126 	/*
8127 	 * See how ieee80211_queue_work() work continues in Linux or if things
8128 	 * migrate here over time?
8129 	 * Use a system queue from linux/workqueue.h for now.
8130 	 */
8131 	queue_work(system_wq, &lwiphy->wwk);
8132 }
8133 
8134 void
8135 linuxkpi_wiphy_work_cancel(struct wiphy *wiphy, struct wiphy_work *wwk)
8136 {
8137 	struct lkpi_wiphy *lwiphy;
8138 
8139 	lwiphy = WIPHY_TO_LWIPHY(wiphy);
8140 
8141 	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
8142 	/* Only cancel if queued. */
8143 	if (!list_empty(&wwk->entry))
8144 		list_del_init(&wwk->entry);
8145 	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8146 }
8147 
8148 void
8149 linuxkpi_wiphy_work_flush(struct wiphy *wiphy, struct wiphy_work *wwk)
8150 {
8151 	struct lkpi_wiphy *lwiphy;
8152 	struct wiphy_work *wk;
8153 
8154 	lwiphy = WIPHY_TO_LWIPHY(wiphy);
8155 	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
8156 	/* If wwk is unset, flush everything; called when wiphy is shut down. */
8157 	if (wwk != NULL && list_empty(&wwk->entry)) {
8158 		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8159 		return;
8160 	}
8161 
8162 	while (!list_empty(&lwiphy->wwk_list)) {
8163 
8164 		wk = list_first_entry(&lwiphy->wwk_list, struct wiphy_work,
8165 		    entry);
8166 		list_del_init(&wk->entry);
8167 		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8168 		wk->fn(wiphy, wk);
8169 		LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
8170 		if (wk == wwk)
8171 			break;
8172 	}
8173 	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
8174 }
8175 
8176 void
8177 lkpi_wiphy_delayed_work_timer(struct timer_list *tl)
8178 {
8179 	struct wiphy_delayed_work *wdwk;
8180 
8181 	wdwk = timer_container_of(wdwk, tl, timer);
8182 	wiphy_work_queue(wdwk->wiphy, &wdwk->work);
8183 }
8184 
8185 void
8186 linuxkpi_wiphy_delayed_work_queue(struct wiphy *wiphy,
8187     struct wiphy_delayed_work *wdwk, unsigned long delay)
8188 {
8189 	if (delay == 0) {
8190 		/* Run right away. */
8191 		del_timer(&wdwk->timer);
8192 		wiphy_work_queue(wiphy, &wdwk->work);
8193 	} else {
8194 		wdwk->wiphy = wiphy;
8195 		mod_timer(&wdwk->timer, jiffies + delay);
8196 	}
8197 }
8198 
8199 void
8200 linuxkpi_wiphy_delayed_work_cancel(struct wiphy *wiphy,
8201     struct wiphy_delayed_work *wdwk)
8202 {
8203 	del_timer_sync(&wdwk->timer);
8204 	wiphy_work_cancel(wiphy, &wdwk->work);
8205 }
8206 
8207 void
8208 linuxkpi_wiphy_delayed_work_flush(struct wiphy *wiphy,
8209     struct wiphy_delayed_work *wdwk)
8210 {
8211 	lockdep_assert_held(&wiphy->mtx);
8212 
8213 	del_timer_sync(&wdwk->timer);
8214 	wiphy_work_flush(wiphy, &wdwk->work);
8215 }
8216 
8217 /* -------------------------------------------------------------------------- */
8218 
8219 struct wiphy *
8220 linuxkpi_wiphy_new(const struct cfg80211_ops *ops, size_t priv_len)
8221 {
8222 	struct lkpi_wiphy *lwiphy;
8223 	struct wiphy *wiphy;
8224 
8225 	lwiphy = kzalloc(sizeof(*lwiphy) + priv_len, GFP_KERNEL);
8226 	if (lwiphy == NULL)
8227 		return (NULL);
8228 	lwiphy->ops = ops;
8229 
8230 	LKPI_80211_LWIPHY_WORK_LOCK_INIT(lwiphy);
8231 	INIT_LIST_HEAD(&lwiphy->wwk_list);
8232 	INIT_WORK(&lwiphy->wwk, lkpi_wiphy_work);
8233 
8234 	wiphy = LWIPHY_TO_WIPHY(lwiphy);
8235 
8236 	mutex_init(&wiphy->mtx);
8237 	TODO();
8238 
8239 	return (wiphy);
8240 }
8241 
8242 void
8243 linuxkpi_wiphy_free(struct wiphy *wiphy)
8244 {
8245 	struct lkpi_wiphy *lwiphy;
8246 
8247 	if (wiphy == NULL)
8248 		return;
8249 
8250 	linuxkpi_wiphy_work_flush(wiphy, NULL);
8251 	mutex_destroy(&wiphy->mtx);
8252 
8253 	lwiphy = WIPHY_TO_LWIPHY(wiphy);
8254 	LKPI_80211_LWIPHY_WORK_LOCK_DESTROY(lwiphy);
8255 
8256 	kfree(lwiphy);
8257 }
8258 
8259 static void
8260 lkpi_wiphy_band_annotate(struct wiphy *wiphy)
8261 {
8262 	int band;
8263 
8264 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
8265 		struct ieee80211_supported_band *supband;
8266 		int i;
8267 
8268 		supband = wiphy->bands[band];
8269 		if (supband == NULL)
8270 			continue;
8271 
8272 		switch (band) {
8273 		case NL80211_BAND_2GHZ:
8274 		case NL80211_BAND_5GHZ:
8275 			break;
8276 		default:
8277 #ifdef LINUXKPI_DEBUG_80211
8278 			IMPROVE("band %d(%s) not yet supported",
8279 			    band, lkpi_nl80211_band_name(band));
8280 			/* For bands added here, also check lkpi_lsta_alloc(). */
8281 #endif
8282 			continue;
8283 		}
8284 
8285 		for (i = 0; i < supband->n_bitrates; i++) {
8286 			switch (band) {
8287 			case NL80211_BAND_2GHZ:
8288 				switch (supband->bitrates[i].bitrate) {
8289 				case 110:
8290 				case 55:
8291 				case 20:
8292 				case 10:
8293 					supband->bitrates[i].flags |=
8294 					    IEEE80211_RATE_MANDATORY_B;
8295 					/* FALLTHROUGH */
8296 				/* 11g only */
8297 				case 240:
8298 				case 120:
8299 				case 60:
8300 					supband->bitrates[i].flags |=
8301 					    IEEE80211_RATE_MANDATORY_G;
8302 					break;
8303 				}
8304 				break;
8305 			case NL80211_BAND_5GHZ:
8306 				switch (supband->bitrates[i].bitrate) {
8307 				case 240:
8308 				case 120:
8309 				case 60:
8310 					supband->bitrates[i].flags |=
8311 					    IEEE80211_RATE_MANDATORY_A;
8312 					break;
8313 				}
8314 				break;
8315 			}
8316 		}
8317 	}
8318 }
8319 
8320 int
8321 linuxkpi_80211_wiphy_register(struct wiphy *wiphy)
8322 {
8323 	TODO("Lots of checks and initialization");
8324 
8325 	lkpi_wiphy_band_annotate(wiphy);
8326 
8327 	return (0);
8328 }
8329 
8330 static uint32_t
8331 lkpi_cfg80211_calculate_bitrate_ht(struct rate_info *rate)
8332 {
8333 	TODO("cfg80211_calculate_bitrate_ht");
8334 	return (rate->legacy);
8335 }
8336 
8337 static uint32_t
8338 lkpi_cfg80211_calculate_bitrate_vht(struct rate_info *rate)
8339 {
8340 	TODO("cfg80211_calculate_bitrate_vht");
8341 	return (rate->legacy);
8342 }
8343 
8344 uint32_t
8345 linuxkpi_cfg80211_calculate_bitrate(struct rate_info *rate)
8346 {
8347 
8348 	/* Beware: order! */
8349 	if (rate->flags & RATE_INFO_FLAGS_MCS)
8350 		return (lkpi_cfg80211_calculate_bitrate_ht(rate));
8351 
8352 	if (rate->flags & RATE_INFO_FLAGS_VHT_MCS)
8353 		return (lkpi_cfg80211_calculate_bitrate_vht(rate));
8354 
8355 	IMPROVE("HE/EHT/...");
8356 
8357 	return (rate->legacy);
8358 }
8359 
8360 uint32_t
8361 linuxkpi_ieee80211_channel_to_frequency(uint32_t channel,
8362     enum nl80211_band band)
8363 {
8364 
8365 	switch (band) {
8366 	case NL80211_BAND_2GHZ:
8367 		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_2GHZ));
8368 		break;
8369 	case NL80211_BAND_5GHZ:
8370 		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_5GHZ));
8371 		break;
8372 	default:
8373 		/* XXX abort, retry, error, panic? */
8374 		break;
8375 	}
8376 
8377 	return (0);
8378 }
8379 
8380 uint32_t
8381 linuxkpi_ieee80211_frequency_to_channel(uint32_t freq, uint32_t flags __unused)
8382 {
8383 
8384 	return (ieee80211_mhz2ieee(freq, 0));
8385 }
8386 
8387 #if 0
8388 static struct lkpi_sta *
8389 lkpi_find_lsta_by_ni(struct lkpi_vif *lvif, struct ieee80211_node *ni)
8390 {
8391 	struct lkpi_sta *lsta, *temp;
8392 
8393 	rcu_read_lock();
8394 	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8395 		if (lsta->ni == ni) {
8396 			rcu_read_unlock();
8397 			return (lsta);
8398 		}
8399 	}
8400 	rcu_read_unlock();
8401 
8402 	return (NULL);
8403 }
8404 #endif
8405 
8406 struct ieee80211_sta *
8407 linuxkpi_ieee80211_find_sta(struct ieee80211_vif *vif, const u8 *peer)
8408 {
8409 	struct lkpi_vif *lvif;
8410 	struct lkpi_sta *lsta;
8411 	struct ieee80211_sta *sta;
8412 
8413 	lvif = VIF_TO_LVIF(vif);
8414 
8415 	rcu_read_lock();
8416 	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8417 		sta = LSTA_TO_STA(lsta);
8418 		if (IEEE80211_ADDR_EQ(sta->addr, peer)) {
8419 			rcu_read_unlock();
8420 			return (sta);
8421 		}
8422 	}
8423 	rcu_read_unlock();
8424 	return (NULL);
8425 }
8426 
8427 struct ieee80211_sta *
8428 linuxkpi_ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
8429     const uint8_t *addr, const uint8_t *ourvifaddr)
8430 {
8431 	struct lkpi_hw *lhw;
8432 	struct lkpi_vif *lvif;
8433 	struct lkpi_sta *lsta;
8434 	struct ieee80211_vif *vif;
8435 	struct ieee80211_sta *sta;
8436 
8437 	lhw = wiphy_priv(hw->wiphy);
8438 	sta = NULL;
8439 
8440 	LKPI_80211_LHW_LVIF_LOCK(lhw);
8441 	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8442 
8443 		/* XXX-BZ check our address from the vif. */
8444 
8445 		vif = LVIF_TO_VIF(lvif);
8446 		if (ourvifaddr != NULL &&
8447 		    !IEEE80211_ADDR_EQ(vif->addr, ourvifaddr))
8448 			continue;
8449 		sta = linuxkpi_ieee80211_find_sta(vif, addr);
8450 		if (sta != NULL)
8451 			break;
8452 	}
8453 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8454 
8455 	if (sta != NULL) {
8456 		lsta = STA_TO_LSTA(sta);
8457 		if (!lsta->added_to_drv)
8458 			return (NULL);
8459 	}
8460 
8461 	return (sta);
8462 }
8463 
8464 struct sk_buff *
8465 linuxkpi_ieee80211_tx_dequeue(struct ieee80211_hw *hw,
8466     struct ieee80211_txq *txq)
8467 {
8468 	struct lkpi_txq *ltxq;
8469 	struct lkpi_vif *lvif;
8470 	struct sk_buff *skb;
8471 
8472 	IMPROVE("wiphy_lock? or assert?");
8473 	skb = NULL;
8474 	ltxq = TXQ_TO_LTXQ(txq);
8475 	ltxq->seen_dequeue = true;
8476 
8477 	if (ltxq->stopped)
8478 		goto stopped;
8479 
8480 	lvif = VIF_TO_LVIF(ltxq->txq.vif);
8481 	if (lvif->hw_queue_stopped[ltxq->txq.ac]) {
8482 		ltxq->stopped = true;
8483 		goto stopped;
8484 	}
8485 
8486 	IMPROVE("hw(TX_FRAG_LIST)");
8487 
8488 	LKPI_80211_LTXQ_LOCK(ltxq);
8489 	skb = skb_dequeue(&ltxq->skbq);
8490 	if (skb != NULL)
8491 		ltxq->frms_dequeued++;
8492 	LKPI_80211_LTXQ_UNLOCK(ltxq);
8493 
8494 stopped:
8495 	return (skb);
8496 }
8497 
8498 void
8499 linuxkpi_ieee80211_txq_get_depth(struct ieee80211_txq *txq,
8500     unsigned long *frame_cnt, unsigned long *byte_cnt)
8501 {
8502 	struct lkpi_txq *ltxq;
8503 	struct sk_buff *skb;
8504 	unsigned long fc, bc;
8505 
8506 	ltxq = TXQ_TO_LTXQ(txq);
8507 
8508 	fc = bc = 0;
8509 	LKPI_80211_LTXQ_LOCK(ltxq);
8510 	skb_queue_walk(&ltxq->skbq, skb) {
8511 		fc++;
8512 		bc += skb->len;
8513 	}
8514 	LKPI_80211_LTXQ_UNLOCK(ltxq);
8515 	if (frame_cnt)
8516 		*frame_cnt = fc;
8517 	if (byte_cnt)
8518 		*byte_cnt = bc;
8519 
8520 	/* Validate that this is doing the correct thing. */
8521 	/* Should we keep track on en/dequeue? */
8522 	IMPROVE();
8523 }
8524 
8525 /*
8526  * We are called from ieee80211_free_txskb() or ieee80211_tx_status().
8527  * The latter tries to derive the success status from the info flags
8528  * passed back from the driver.  rawx_mit() saves the ni on the m and the
8529  * m on the skb for us to be able to give feedback to net80211.
8530  */
8531 static void
8532 _lkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8533     int status)
8534 {
8535 	struct ieee80211_node *ni;
8536 	struct mbuf *m;
8537 
8538 	if (skb == NULL)
8539 		return;
8540 
8541 	m = skb->m;
8542 	skb->m = NULL;
8543 
8544 	if (m != NULL) {
8545 		ni = m->m_pkthdr.PH_loc.ptr;
8546 		/* Status: 0 is ok, != 0 is error. */
8547 		ieee80211_tx_complete(ni, m, status);
8548 		/* ni & mbuf were consumed. */
8549 	}
8550 }
8551 
8552 void
8553 linuxkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8554     int status)
8555 {
8556 
8557 	_lkpi_ieee80211_free_txskb(hw, skb, status);
8558 	kfree_skb(skb);
8559 }
8560 
8561 void
8562 linuxkpi_ieee80211_tx_status_ext(struct ieee80211_hw *hw,
8563     struct ieee80211_tx_status *txstat)
8564 {
8565 	struct sk_buff *skb;
8566 	struct ieee80211_tx_info *info, _info = { };
8567 	struct ieee80211_ratectl_tx_status txs;
8568 	struct ieee80211_node *ni;
8569 	int status;
8570 
8571 	skb = txstat->skb;
8572 	if (skb != NULL && skb->m != NULL) {
8573 		struct mbuf *m;
8574 
8575 		m = skb->m;
8576 		ni = m->m_pkthdr.PH_loc.ptr;
8577 		memset(&txs, 0, sizeof(txs));
8578 	} else {
8579 		ni = NULL;
8580 	}
8581 
8582 	/*
8583 	 * If we have no info information on tx, set info to an all-zero struct
8584 	 * to make the code (and debug output) simpler.
8585 	 */
8586 	info = txstat->info;
8587 	if (info == NULL)
8588 		info = &_info;
8589 	if (info->flags & IEEE80211_TX_STAT_ACK) {
8590 		status = 0;	/* No error. */
8591 		txs.status = IEEE80211_RATECTL_TX_SUCCESS;
8592 	} else {
8593 		status = 1;
8594 		txs.status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
8595 	}
8596 
8597 	if (ni != NULL) {
8598 		txs.pktlen = skb->len;
8599 		txs.flags |= IEEE80211_RATECTL_STATUS_PKTLEN;
8600 		if (info->status.rates[0].count > 1) {
8601 			txs.long_retries = info->status.rates[0].count - 1;	/* 1 + retries in drivers. */
8602 			txs.flags |= IEEE80211_RATECTL_STATUS_LONG_RETRY;
8603 		}
8604 #if 0		/* Unused in net80211 currently. */
8605 		/* XXX-BZ convert check .flags for MCS/VHT/.. */
8606 		txs.final_rate = info->status.rates[0].idx;
8607 		txs.flags |= IEEE80211_RATECTL_STATUS_FINAL_RATE;
8608 #endif
8609 		if (info->status.flags & IEEE80211_TX_STATUS_ACK_SIGNAL_VALID) {
8610 			txs.rssi = info->status.ack_signal;		/* XXX-BZ CONVERT? */
8611 			txs.flags |= IEEE80211_RATECTL_STATUS_RSSI;
8612 		}
8613 
8614 		IMPROVE("only update rate if needed but that requires us to get a proper rate from mo_sta_statistics");
8615 		ieee80211_ratectl_tx_complete(ni, &txs);
8616 		ieee80211_ratectl_rate(ni->ni_vap->iv_bss, NULL, 0);
8617 
8618 #ifdef LINUXKPI_DEBUG_80211
8619 		if (linuxkpi_debug_80211 & D80211_TRACE_TX) {
8620 			printf("TX-RATE: %s: long_retries %d\n", __func__,
8621 			    txs.long_retries);
8622 		}
8623 #endif
8624 	}
8625 
8626 #ifdef LINUXKPI_DEBUG_80211
8627 	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
8628 		printf("TX-STATUS: %s: hw %p skb %p status %d : flags %#x "
8629 		    "band %u hw_queue %u tx_time_est %d : "
8630 		    "rates [ %u %u %#x, %u %u %#x, %u %u %#x, %u %u %#x ] "
8631 		    "ack_signal %u ampdu_ack_len %u ampdu_len %u antenna %u "
8632 		    "tx_time %u flags %#x "
8633 		    "status_driver_data [ %p %p ]\n",
8634 		    __func__, hw, skb, status, info->flags,
8635 		    info->band, info->hw_queue, info->tx_time_est,
8636 		    info->status.rates[0].idx, info->status.rates[0].count,
8637 		    info->status.rates[0].flags,
8638 		    info->status.rates[1].idx, info->status.rates[1].count,
8639 		    info->status.rates[1].flags,
8640 		    info->status.rates[2].idx, info->status.rates[2].count,
8641 		    info->status.rates[2].flags,
8642 		    info->status.rates[3].idx, info->status.rates[3].count,
8643 		    info->status.rates[3].flags,
8644 		    info->status.ack_signal, info->status.ampdu_ack_len,
8645 		    info->status.ampdu_len, info->status.antenna,
8646 		    info->status.tx_time, info->status.flags,
8647 		    info->status.status_driver_data[0],
8648 		    info->status.status_driver_data[1]);
8649 #endif
8650 
8651 	if (txstat->free_list) {
8652 		_lkpi_ieee80211_free_txskb(hw, skb, status);
8653 		if (skb != NULL)
8654 			list_add_tail(&skb->list, txstat->free_list);
8655 	} else {
8656 		linuxkpi_ieee80211_free_txskb(hw, skb, status);
8657 	}
8658 }
8659 
8660 void
8661 linuxkpi_ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
8662 {
8663 	struct ieee80211_tx_status status;
8664 
8665 	memset(&status, 0, sizeof(status));
8666 	status.info = IEEE80211_SKB_CB(skb);
8667 	status.skb = skb;
8668 	/* sta, n_rates, rates, free_list? */
8669 
8670 	ieee80211_tx_status_ext(hw, &status);
8671 }
8672 
8673 /*
8674  * This is an internal bandaid for the moment for the way we glue
8675  * skbs and mbufs together for TX.  Once we have skbs backed by
8676  * mbufs this should go away.
8677  * This is a public function but kept on the private KPI (lkpi_)
8678  * and is not exposed by a header file.
8679  */
8680 static void
8681 lkpi_ieee80211_free_skb_mbuf(void *p)
8682 {
8683 	struct ieee80211_node *ni;
8684 	struct mbuf *m;
8685 
8686 	if (p == NULL)
8687 		return;
8688 
8689 	m = (struct mbuf *)p;
8690 	M_ASSERTPKTHDR(m);
8691 
8692 	ni = m->m_pkthdr.PH_loc.ptr;
8693 	m->m_pkthdr.PH_loc.ptr = NULL;
8694 	if (ni != NULL)
8695 		ieee80211_free_node(ni);
8696 	m_freem(m);
8697 }
8698 
8699 void
8700 linuxkpi_ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
8701     struct delayed_work *w, int delay)
8702 {
8703 	struct lkpi_hw *lhw;
8704 
8705 	/* Need to make sure hw is in a stable (non-suspended) state. */
8706 	IMPROVE();
8707 
8708 	lhw = HW_TO_LHW(hw);
8709 	queue_delayed_work(lhw->workq, w, delay);
8710 }
8711 
8712 void
8713 linuxkpi_ieee80211_queue_work(struct ieee80211_hw *hw,
8714     struct work_struct *w)
8715 {
8716 	struct lkpi_hw *lhw;
8717 
8718 	/* Need to make sure hw is in a stable (non-suspended) state. */
8719 	IMPROVE();
8720 
8721 	lhw = HW_TO_LHW(hw);
8722 	queue_work(lhw->workq, w);
8723 }
8724 
8725 struct sk_buff *
8726 linuxkpi_ieee80211_probereq_get(struct ieee80211_hw *hw, const uint8_t *addr,
8727     const uint8_t *ssid, size_t ssid_len, size_t tailroom)
8728 {
8729 	struct sk_buff *skb;
8730 	struct ieee80211_frame *wh;
8731 	uint8_t *p;
8732 	size_t len;
8733 
8734 	len = sizeof(*wh);
8735 	len += 2 + ssid_len;
8736 
8737 	skb = dev_alloc_skb(hw->extra_tx_headroom + len + tailroom);
8738 	if (skb == NULL)
8739 		return (NULL);
8740 
8741 	skb_reserve(skb, hw->extra_tx_headroom);
8742 
8743 	wh = skb_put_zero(skb, sizeof(*wh));
8744 	wh->i_fc[0] = IEEE80211_FC0_VERSION_0;
8745 	wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PROBE_REQ | IEEE80211_FC0_TYPE_MGT;
8746 	IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
8747 	IEEE80211_ADDR_COPY(wh->i_addr2, addr);
8748 	IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr);
8749 
8750 	p = skb_put(skb, 2 + ssid_len);
8751 	*p++ = IEEE80211_ELEMID_SSID;
8752 	*p++ = ssid_len;
8753 	if (ssid_len > 0)
8754 		memcpy(p, ssid, ssid_len);
8755 
8756 	return (skb);
8757 }
8758 
8759 struct sk_buff *
8760 linuxkpi_ieee80211_pspoll_get(struct ieee80211_hw *hw,
8761     struct ieee80211_vif *vif)
8762 {
8763 	struct lkpi_vif *lvif;
8764 	struct ieee80211vap *vap;
8765 	struct sk_buff *skb;
8766 	struct ieee80211_frame_pspoll *psp;
8767 	uint16_t v;
8768 
8769 	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*psp));
8770 	if (skb == NULL)
8771 		return (NULL);
8772 
8773 	skb_reserve(skb, hw->extra_tx_headroom);
8774 
8775 	lvif = VIF_TO_LVIF(vif);
8776 	vap = LVIF_TO_VAP(lvif);
8777 
8778 	psp = skb_put_zero(skb, sizeof(*psp));
8779 	psp->i_fc[0] = IEEE80211_FC0_VERSION_0;
8780 	psp->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PS_POLL | IEEE80211_FC0_TYPE_CTL;
8781 	v = htole16(vif->cfg.aid | 1<<15 | 1<<16);
8782 	memcpy(&psp->i_aid, &v, sizeof(v));
8783 	IEEE80211_ADDR_COPY(psp->i_bssid, vap->iv_bss->ni_macaddr);
8784 	IEEE80211_ADDR_COPY(psp->i_ta, vif->addr);
8785 
8786 	return (skb);
8787 }
8788 
8789 struct sk_buff *
8790 linuxkpi_ieee80211_nullfunc_get(struct ieee80211_hw *hw,
8791     struct ieee80211_vif *vif, int linkid, bool qos)
8792 {
8793 	struct sk_buff *skb;
8794 	struct ieee80211_frame *nullf;
8795 
8796 	IMPROVE("linkid");
8797 
8798 	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*nullf));
8799 	if (skb == NULL)
8800 		return (NULL);
8801 
8802 	skb_reserve(skb, hw->extra_tx_headroom);
8803 
8804 	nullf = skb_put_zero(skb, sizeof(*nullf));
8805 	nullf->i_fc[0] = IEEE80211_FC0_VERSION_0;
8806 	nullf->i_fc[0] |= IEEE80211_FC0_SUBTYPE_NODATA | IEEE80211_FC0_TYPE_DATA;
8807 	nullf->i_fc[1] = IEEE80211_FC1_DIR_TODS;
8808 
8809 	/* XXX-BZ if link is given, this is different. */
8810 	IEEE80211_ADDR_COPY(nullf->i_addr1, vif->cfg.ap_addr);
8811 	IEEE80211_ADDR_COPY(nullf->i_addr2, vif->addr);
8812 	IEEE80211_ADDR_COPY(nullf->i_addr3, vif->cfg.ap_addr);
8813 
8814 	return (skb);
8815 }
8816 
8817 struct wireless_dev *
8818 linuxkpi_ieee80211_vif_to_wdev(struct ieee80211_vif *vif)
8819 {
8820 	struct lkpi_vif *lvif;
8821 
8822 	lvif = VIF_TO_LVIF(vif);
8823 	return (&lvif->wdev);
8824 }
8825 
8826 void
8827 linuxkpi_ieee80211_connection_loss(struct ieee80211_vif *vif)
8828 {
8829 	struct lkpi_vif *lvif;
8830 	struct ieee80211vap *vap;
8831 	enum ieee80211_state nstate;
8832 	int arg;
8833 
8834 	lvif = VIF_TO_LVIF(vif);
8835 	vap = LVIF_TO_VAP(lvif);
8836 
8837 	/*
8838 	 * Go to init; otherwise we need to elaborately check state and
8839 	 * handle accordingly, e.g., if in RUN we could call iv_bmiss.
8840 	 * Let the statemachine handle all neccessary changes.
8841 	 */
8842 	nstate = IEEE80211_S_INIT;
8843 	arg = 0;	/* Not a valid reason. */
8844 
8845 	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8846 	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8847 	    ieee80211_state_name[vap->iv_state],
8848 	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8849 	    vif->bss_conf.dtim_period);
8850 	ieee80211_new_state(vap, nstate, arg);
8851 }
8852 
8853 void
8854 linuxkpi_ieee80211_beacon_loss(struct ieee80211_vif *vif)
8855 {
8856 	struct lkpi_vif *lvif;
8857 	struct ieee80211vap *vap;
8858 
8859 	lvif = VIF_TO_LVIF(vif);
8860 	vap = LVIF_TO_VAP(lvif);
8861 
8862 	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8863 	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8864 	    ieee80211_state_name[vap->iv_state],
8865 	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8866 	    vif->bss_conf.dtim_period);
8867 	ieee80211_beacon_miss(vap->iv_ic);
8868 }
8869 
8870 /* -------------------------------------------------------------------------- */
8871 
8872 void
8873 linuxkpi_ieee80211_stop_queue(struct ieee80211_hw *hw, int qnum)
8874 {
8875 	struct lkpi_hw *lhw;
8876 	struct lkpi_vif *lvif;
8877 	struct ieee80211_vif *vif;
8878 	int ac_count, ac;
8879 
8880 	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
8881 	    __func__, qnum, hw->queues, hw));
8882 
8883 	lhw = wiphy_priv(hw->wiphy);
8884 
8885 	/* See lkpi_ic_vap_create(). */
8886 	if (hw->queues >= IEEE80211_NUM_ACS)
8887 		ac_count = IEEE80211_NUM_ACS;
8888 	else
8889 		ac_count = 1;
8890 
8891 	LKPI_80211_LHW_LVIF_LOCK(lhw);
8892 	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8893 
8894 		vif = LVIF_TO_VIF(lvif);
8895 		for (ac = 0; ac < ac_count; ac++) {
8896 			IMPROVE_TXQ("LOCKING");
8897 			if (qnum == vif->hw_queue[ac]) {
8898 #ifdef LINUXKPI_DEBUG_80211
8899 				/*
8900 				 * For now log this to better understand
8901 				 * how this is supposed to work.
8902 				 */
8903 				if (lvif->hw_queue_stopped[ac] &&
8904 				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8905 					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8906 					    "lvif %p vif %p ac %d qnum %d already "
8907 					    "stopped\n", __func__, __LINE__,
8908 					    lhw, hw, lvif, vif, ac, qnum);
8909 #endif
8910 				lvif->hw_queue_stopped[ac] = true;
8911 			}
8912 		}
8913 	}
8914 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8915 }
8916 
8917 void
8918 linuxkpi_ieee80211_stop_queues(struct ieee80211_hw *hw)
8919 {
8920 	int i;
8921 
8922 	IMPROVE_TXQ("Locking; do we need further info?");
8923 	for (i = 0; i < hw->queues; i++)
8924 		linuxkpi_ieee80211_stop_queue(hw, i);
8925 }
8926 
8927 
8928 static void
8929 lkpi_ieee80211_wake_queues(struct ieee80211_hw *hw, int hwq)
8930 {
8931 	struct lkpi_hw *lhw;
8932 	struct lkpi_vif *lvif;
8933 	struct lkpi_sta *lsta;
8934 	int ac_count, ac, tid;
8935 
8936 	/* See lkpi_ic_vap_create(). */
8937 	if (hw->queues >= IEEE80211_NUM_ACS)
8938 		ac_count = IEEE80211_NUM_ACS;
8939 	else
8940 		ac_count = 1;
8941 
8942 	lhw = wiphy_priv(hw->wiphy);
8943 
8944 	IMPROVE_TXQ("Locking");
8945 	LKPI_80211_LHW_LVIF_LOCK(lhw);
8946 	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8947 		struct ieee80211_vif *vif;
8948 
8949 		vif = LVIF_TO_VIF(lvif);
8950 		for (ac = 0; ac < ac_count; ac++) {
8951 
8952 			if (hwq == vif->hw_queue[ac]) {
8953 
8954 				/* XXX-BZ what about software scan? */
8955 
8956 #ifdef LINUXKPI_DEBUG_80211
8957 				/*
8958 				 * For now log this to better understand
8959 				 * how this is supposed to work.
8960 				 */
8961 				if (!lvif->hw_queue_stopped[ac] &&
8962 				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8963 					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8964 					    "lvif %p vif %p ac %d hw_q not stopped\n",
8965 					    __func__, __LINE__,
8966 					    lhw, hw, lvif, vif, ac);
8967 #endif
8968 				lvif->hw_queue_stopped[ac] = false;
8969 
8970 				rcu_read_lock();
8971 				list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8972 					struct ieee80211_sta *sta;
8973 
8974 					sta = LSTA_TO_STA(lsta);
8975 					for (tid = 0; tid < nitems(sta->txq); tid++) {
8976 						struct lkpi_txq *ltxq;
8977 
8978 						if (sta->txq[tid] == NULL)
8979 							continue;
8980 
8981 						if (sta->txq[tid]->ac != ac)
8982 							continue;
8983 
8984 						ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
8985 						if (!ltxq->stopped)
8986 							continue;
8987 
8988 						ltxq->stopped = false;
8989 
8990 						if (!skb_queue_empty(&ltxq->skbq))
8991 							lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid], false);
8992 					}
8993 				}
8994 				rcu_read_unlock();
8995 			}
8996 		}
8997 	}
8998 	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8999 }
9000 
9001 static void
9002 lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *hw)
9003 {
9004 	int i;
9005 
9006 	IMPROVE_TXQ("Is this all/enough here?");
9007 	for (i = 0; i < hw->queues; i++)
9008 		lkpi_ieee80211_wake_queues(hw, i);
9009 }
9010 
9011 void
9012 linuxkpi_ieee80211_wake_queues(struct ieee80211_hw *hw)
9013 {
9014 	struct lkpi_hw *lhw;
9015 	unsigned long flags;
9016 
9017 	lhw = HW_TO_LHW(hw);
9018 
9019 	spin_lock_irqsave(&lhw->txq_lock, flags);
9020 	lkpi_ieee80211_wake_queues_locked(hw);
9021 	spin_unlock_irqrestore(&lhw->txq_lock, flags);
9022 }
9023 
9024 void
9025 linuxkpi_ieee80211_wake_queue(struct ieee80211_hw *hw, int qnum)
9026 {
9027 	struct lkpi_hw *lhw;
9028 	unsigned long flags;
9029 
9030 	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
9031 	    __func__, qnum, hw->queues, hw));
9032 
9033 	lhw = HW_TO_LHW(hw);
9034 
9035 	spin_lock_irqsave(&lhw->txq_lock, flags);
9036 	lkpi_ieee80211_wake_queues(hw, qnum);
9037 	spin_unlock_irqrestore(&lhw->txq_lock, flags);
9038 }
9039 
9040 void
9041 linuxkpi_ieee80211_handle_wake_tx_queue(struct ieee80211_hw *hw,
9042     struct ieee80211_txq *txq)
9043 {
9044 	struct lkpi_hw *lhw;
9045 
9046 	lhw = HW_TO_LHW(hw);
9047 
9048 	LKPI_80211_LHW_TXQ_LOCK(lhw);
9049 	ieee80211_txq_schedule_start(hw, txq->ac);
9050 	do {
9051 		struct lkpi_txq *ltxq;
9052 		struct ieee80211_txq *ntxq;
9053 		struct ieee80211_tx_control control;
9054 		struct sk_buff *skb;
9055 
9056 		ntxq = ieee80211_next_txq(hw, txq->ac);
9057 		if (ntxq == NULL)
9058 			break;
9059 		ltxq = TXQ_TO_LTXQ(ntxq);
9060 
9061 		memset(&control, 0, sizeof(control));
9062 		control.sta = ntxq->sta;
9063 		do {
9064 			skb = linuxkpi_ieee80211_tx_dequeue(hw, ntxq);
9065 			if (skb == NULL)
9066 				break;
9067 			ltxq->frms_tx++;
9068 			lkpi_80211_mo_tx(hw, &control, skb);
9069 		} while(1);
9070 
9071 		ieee80211_return_txq(hw, ntxq, false);
9072 	} while (1);
9073 	ieee80211_txq_schedule_end(hw, txq->ac);
9074 	LKPI_80211_LHW_TXQ_UNLOCK(lhw);
9075 }
9076 
9077 /* -------------------------------------------------------------------------- */
9078 
9079 /* This is just hardware queues. */
9080 /*
9081  * Being called from the driver thus use _bh() locking.
9082  */
9083 void
9084 linuxkpi_ieee80211_txq_schedule_start(struct ieee80211_hw *hw, uint8_t ac)
9085 {
9086 	struct lkpi_hw *lhw;
9087 
9088 	lhw = HW_TO_LHW(hw);
9089 
9090 	if (ac >= IEEE80211_NUM_ACS) {
9091 		ic_printf(lhw->ic, "%s: ac %u out of bounds.\n", __func__, ac);
9092 		return;
9093 	}
9094 
9095 	spin_lock_bh(&lhw->txq_scheduled_lock[ac]);
9096 	IMPROVE("check AIRTIME_FAIRNESS");
9097 	if (++lhw->txq_generation[ac] == 0)
9098 		lhw->txq_generation[ac]++;
9099 	spin_unlock_bh(&lhw->txq_scheduled_lock[ac]);
9100 }
9101 
9102 struct ieee80211_txq *
9103 linuxkpi_ieee80211_next_txq(struct ieee80211_hw *hw, uint8_t ac)
9104 {
9105 	struct lkpi_hw *lhw;
9106 	struct ieee80211_txq *txq;
9107 	struct lkpi_txq *ltxq;
9108 
9109 	lhw = HW_TO_LHW(hw);
9110 	txq = NULL;
9111 
9112 	if (ac >= IEEE80211_NUM_ACS) {
9113 		ic_printf(lhw->ic, "%s: ac %u out of bounds.\n", __func__, ac);
9114 		return (NULL);
9115 	}
9116 
9117 	spin_lock_bh(&lhw->txq_scheduled_lock[ac]);
9118 
9119 	/* Check that we are scheduled. */
9120 	if (lhw->txq_generation[ac] == 0)
9121 		goto out;
9122 
9123 	ltxq = TAILQ_FIRST(&lhw->txq_scheduled[ac]);
9124 	if (ltxq == NULL)
9125 		goto out;
9126 	if (ltxq->txq_generation == lhw->txq_generation[ac])
9127 		goto out;
9128 
9129 	IMPROVE("check AIRTIME_FAIRNESS");
9130 
9131 	TAILQ_REMOVE(&lhw->txq_scheduled[ac], ltxq, txq_entry);
9132 	ltxq->txq_generation = lhw->txq_generation[ac];
9133 	txq = &ltxq->txq;
9134 	TAILQ_ELEM_INIT(ltxq, txq_entry);
9135 
9136 out:
9137 	spin_unlock_bh(&lhw->txq_scheduled_lock[ac]);
9138 
9139 	return (txq);
9140 }
9141 
9142 void linuxkpi_ieee80211_schedule_txq(struct ieee80211_hw *hw,
9143     struct ieee80211_txq *txq, bool withoutpkts)
9144 {
9145 	struct lkpi_hw *lhw;
9146 	struct lkpi_txq *ltxq;
9147 	bool ltxq_empty;
9148 
9149 	ltxq = TXQ_TO_LTXQ(txq);
9150 
9151 	/* Only schedule if work to do or asked to anyway. */
9152 	LKPI_80211_LTXQ_LOCK(ltxq);
9153 	ltxq_empty = skb_queue_empty(&ltxq->skbq);
9154 	LKPI_80211_LTXQ_UNLOCK(ltxq);
9155 	if (!withoutpkts && ltxq_empty)
9156 		goto out;
9157 
9158 	lhw = HW_TO_LHW(hw);
9159 	spin_lock_bh(&lhw->txq_scheduled_lock[txq->ac]);
9160 	/*
9161 	 * Make sure we do not double-schedule. We do this by checking tqe_prev,
9162 	 * the previous entry in our tailq. tqe_prev is always valid if this entry
9163 	 * is queued, tqe_next may be NULL if this is the only element in the list.
9164 	 */
9165 	if (ltxq->txq_entry.tqe_prev != NULL)
9166 		goto unlock;
9167 
9168 	TAILQ_INSERT_TAIL(&lhw->txq_scheduled[txq->ac], ltxq, txq_entry);
9169 unlock:
9170 	spin_unlock_bh(&lhw->txq_scheduled_lock[txq->ac]);
9171 
9172 out:
9173 	return;
9174 }
9175 
9176 /* -------------------------------------------------------------------------- */
9177 
9178 struct lkpi_cfg80211_bss {
9179 	u_int refcnt;
9180 	struct cfg80211_bss bss;
9181 };
9182 
9183 struct lkpi_cfg80211_get_bss_iter_lookup {
9184 	struct wiphy *wiphy;
9185 	struct linuxkpi_ieee80211_channel *chan;
9186 	const uint8_t *bssid;
9187 	const uint8_t *ssid;
9188 	size_t ssid_len;
9189 	enum ieee80211_bss_type bss_type;
9190 	enum ieee80211_privacy privacy;
9191 
9192 	/*
9193 	 * Something to store a copy of the result as the net80211 scan cache
9194 	 * is not refoucnted so a scan entry might go away any time.
9195 	 */
9196 	bool match;
9197 	struct cfg80211_bss *bss;
9198 };
9199 
9200 static void
9201 lkpi_cfg80211_get_bss_iterf(void *arg, const struct ieee80211_scan_entry *se)
9202 {
9203 	struct lkpi_cfg80211_get_bss_iter_lookup *lookup;
9204 	size_t ielen;
9205 
9206 	lookup = arg;
9207 
9208 	/* Do not try to find another match. */
9209 	if (lookup->match)
9210 		return;
9211 
9212 	/* Nothing to store result. */
9213 	if (lookup->bss == NULL)
9214 		return;
9215 
9216 	if (lookup->privacy != IEEE80211_PRIVACY_ANY) {
9217 		/* if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) */
9218 		/* We have no idea what to compare to as the drivers only request ANY */
9219 		return;
9220 	}
9221 
9222 	if (lookup->bss_type != IEEE80211_BSS_TYPE_ANY) {
9223 		/* if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS)) */
9224 		/* We have no idea what to compare to as the drivers only request ANY */
9225 		return;
9226 	}
9227 
9228 	if (lookup->chan != NULL) {
9229 		struct linuxkpi_ieee80211_channel *chan;
9230 
9231 		chan = linuxkpi_ieee80211_get_channel(lookup->wiphy,
9232 		    se->se_chan->ic_freq);
9233 		if (chan == NULL || chan != lookup->chan)
9234 			return;
9235 	}
9236 
9237 	if (lookup->bssid && !IEEE80211_ADDR_EQ(lookup->bssid, se->se_bssid))
9238 		return;
9239 
9240 	if (lookup->ssid) {
9241 		if (lookup->ssid_len != se->se_ssid[1] ||
9242 		    se->se_ssid[1] == 0)
9243 			return;
9244 		if (memcmp(lookup->ssid, se->se_ssid+2, lookup->ssid_len) != 0)
9245 			return;
9246 	}
9247 
9248 	ielen = se->se_ies.len;
9249 
9250 	lookup->bss->ies = malloc(sizeof(*lookup->bss->ies) + ielen,
9251 	    M_LKPI80211, M_NOWAIT | M_ZERO);
9252 	if (lookup->bss->ies == NULL)
9253 		return;
9254 
9255 	lookup->bss->ies->data = (uint8_t *)lookup->bss->ies + sizeof(*lookup->bss->ies);
9256 	lookup->bss->ies->len = ielen;
9257 	if (ielen)
9258 		memcpy(lookup->bss->ies->data, se->se_ies.data, ielen);
9259 
9260 	lookup->match = true;
9261 }
9262 
9263 struct cfg80211_bss *
9264 linuxkpi_cfg80211_get_bss(struct wiphy *wiphy, struct linuxkpi_ieee80211_channel *chan,
9265     const uint8_t *bssid, const uint8_t *ssid, size_t ssid_len,
9266     enum ieee80211_bss_type bss_type, enum ieee80211_privacy privacy)
9267 {
9268 	struct lkpi_cfg80211_bss *lbss;
9269 	struct lkpi_cfg80211_get_bss_iter_lookup lookup;
9270 	struct lkpi_hw *lhw;
9271 	struct ieee80211vap *vap;
9272 
9273 	lhw = wiphy_priv(wiphy);
9274 
9275 	/* Let's hope we can alloc. */
9276 	lbss = malloc(sizeof(*lbss), M_LKPI80211, M_NOWAIT | M_ZERO);
9277 	if (lbss == NULL) {
9278 		ic_printf(lhw->ic, "%s: alloc failed.\n", __func__);
9279 		return (NULL);
9280 	}
9281 
9282 	lookup.wiphy = wiphy;
9283 	lookup.chan = chan;
9284 	lookup.bssid = bssid;
9285 	lookup.ssid = ssid;
9286 	lookup.ssid_len = ssid_len;
9287 	lookup.bss_type = bss_type;
9288 	lookup.privacy = privacy;
9289 	lookup.match = false;
9290 	lookup.bss = &lbss->bss;
9291 
9292 	IMPROVE("Iterate over all VAPs comparing perm_addr and addresses?");
9293 	vap = TAILQ_FIRST(&lhw->ic->ic_vaps);
9294 	ieee80211_scan_iterate(vap, lkpi_cfg80211_get_bss_iterf, &lookup);
9295 	if (!lookup.match) {
9296 		free(lbss, M_LKPI80211);
9297 		return (NULL);
9298 	}
9299 
9300 	refcount_init(&lbss->refcnt, 1);
9301 	return (&lbss->bss);
9302 }
9303 
9304 void
9305 linuxkpi_cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *bss)
9306 {
9307 	struct lkpi_cfg80211_bss *lbss;
9308 
9309 	lbss = container_of(bss, struct lkpi_cfg80211_bss, bss);
9310 
9311 	/* Free everything again on refcount ... */
9312 	if (refcount_release(&lbss->refcnt)) {
9313 		free(lbss->bss.ies, M_LKPI80211);
9314 		free(lbss, M_LKPI80211);
9315 	}
9316 }
9317 
9318 void
9319 linuxkpi_cfg80211_bss_flush(struct wiphy *wiphy)
9320 {
9321 	struct lkpi_hw *lhw;
9322 	struct ieee80211com *ic;
9323 	struct ieee80211vap *vap;
9324 
9325 	lhw = wiphy_priv(wiphy);
9326 	ic = lhw->ic;
9327 
9328 	/*
9329 	 * If we haven't called ieee80211_ifattach() yet
9330 	 * or there is no VAP, there are no scans to flush.
9331 	 */
9332 	if (ic == NULL ||
9333 	    (lhw->sc_flags & LKPI_MAC80211_DRV_STARTED) == 0)
9334 		return;
9335 
9336 	/* Should only happen on the current one? Not seen it late enough. */
9337 	IEEE80211_LOCK(ic);
9338 	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
9339 		ieee80211_scan_flush(vap);
9340 	IEEE80211_UNLOCK(ic);
9341 }
9342 
9343 /* -------------------------------------------------------------------------- */
9344 
9345 static bool
9346 cfg80211_chan_def_are_same(struct cfg80211_chan_def *cd1,
9347     struct cfg80211_chan_def *cd2)
9348 {
9349 
9350 	if (cd1 == cd2)
9351 		return (true);
9352 
9353 	if (cd1 == NULL || cd2 == NULL)
9354 		return (false);
9355 
9356 	if (cd1->chan != cd2->chan)
9357 		return (false);
9358 
9359 	if (cd1->width != cd2->width)
9360 		return (false);
9361 
9362 	if (cd1->center_freq1 != cd2->center_freq1)
9363 		return (false);
9364 
9365 	if (cd1->center_freq2 != cd2->center_freq2)
9366 		return (false);
9367 
9368 	if (cd1->punctured != cd2->punctured)
9369 		return (false);
9370 
9371 	return (true);
9372 }
9373 
9374 /*
9375  * hw->conf get initialized/set in various places for us:
9376  * - linuxkpi_ieee80211_alloc_hw(): flags
9377  * - linuxkpi_ieee80211_ifattach(): chandef
9378  * - lkpi_ic_vap_create(): listen_interval
9379  * - lkpi_ic_set_channel(): chandef, flags
9380  */
9381 
9382 static int
9383 lkpi_80211_update_chandef(struct ieee80211_hw *hw,
9384     struct ieee80211_chanctx_conf *new)
9385 {
9386 	struct lkpi_hw *lhw;
9387 	struct cfg80211_chan_def *cd;
9388 	uint32_t changed;
9389 	int error;
9390 	bool same;
9391 
9392 	lockdep_assert_wiphy(hw->wiphy);
9393 
9394 	lhw = HW_TO_LHW(hw);
9395 	if (!lhw->emulate_chanctx)
9396 		return (0);
9397 
9398 	if (new == NULL || new->def.chan == NULL) {
9399 		/*
9400 		 * In case of remove "new" is NULL, we need to get us to some
9401 		 * basic channel width but we'd also need to set the channel
9402 		 * accordingly somewhere.
9403 		 * The same is true if we are scanning in which case the
9404 		 * scan_chandef should have a channel set.
9405 		 */
9406 		if (lhw->scan_chandef.chan != NULL) {
9407 #ifdef LINUXKPI_DEBUG_80211
9408 			if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
9409 				ic_printf(lhw->ic, "%s:%d: using scan_chandef %p\n",
9410 				    __func__, __LINE__, &lhw->scan_chandef);
9411 #endif
9412 			cd = &lhw->scan_chandef;
9413 		} else {
9414 #ifdef LINUXKPI_DEBUG_80211
9415 			if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
9416 				ic_printf(lhw->ic, "%s:%d: using dflt_chandef %p\n",
9417 				    __func__, __LINE__, &lhw->dflt_chandef);
9418 #endif
9419 			cd = &lhw->dflt_chandef;
9420 		}
9421 	} else {
9422 #ifdef LINUXKPI_DEBUG_80211
9423 		if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
9424 			ic_printf(lhw->ic, "%s:%d: using chanctx %p chandef %p\n",
9425 			    __func__, __LINE__, new, &new->def);
9426 #endif
9427 		cd = &new->def;
9428 	}
9429 
9430 	changed = 0;
9431 	same = cfg80211_chan_def_are_same(cd, &hw->conf.chandef);
9432 	if (!same) {
9433 		/* Copy; the chan pointer is fine and will stay valid. */
9434 		hw->conf.chandef = *cd;
9435 		changed |= IEEE80211_CONF_CHANGE_CHANNEL;
9436 	}
9437 	IMPROVE("IEEE80211_CONF_CHANGE_PS, IEEE80211_CONF_CHANGE_POWER");
9438 
9439 #ifdef LINUXKPI_DEBUG_80211
9440 	if ((linuxkpi_debug_80211 & D80211_CHANDEF) != 0)
9441 		ic_printf(lhw->ic, "%s:%d: chanctx %p { %u } cd %p { %u } "
9442 		    "hw->conf.chandef %p { %u %d %u %u %u }, "
9443 		    "changed %#04x same %d\n",
9444 		    __func__, __LINE__,
9445 		    new, (new != NULL && new->def.chan != NULL) ?
9446 			new->def.chan->center_freq : 0,
9447 		    cd, cd->chan->center_freq,
9448 		    &hw->conf.chandef, hw->conf.chandef.chan->center_freq,
9449 		    hw->conf.chandef.width,
9450 		    hw->conf.chandef.center_freq1,
9451 		    hw->conf.chandef.center_freq2,
9452 		    hw->conf.chandef.punctured,
9453 		    changed, same);
9454 #endif
9455 
9456 	if (changed == 0)
9457 		return (0);
9458 
9459 	error = lkpi_80211_mo_config(hw, changed);
9460 	return (error);
9461 }
9462 
9463 int
9464 ieee80211_emulate_add_chanctx(struct ieee80211_hw *hw,
9465     struct ieee80211_chanctx_conf *chanctx_conf)
9466 {
9467 	int error;
9468 
9469 	lockdep_assert_wiphy(hw->wiphy);
9470 
9471 #ifdef LINUXKPI_DEBUG_80211
9472 	if ((linuxkpi_debug_80211 & D80211_TRACE) != 0) {
9473 		struct lkpi_hw *lhw;
9474 
9475 		lhw = HW_TO_LHW(hw);
9476 		ic_printf(lhw->ic, "%s:%d: chanctx_conf %p\n",
9477 		    __func__, __LINE__, chanctx_conf);
9478 	}
9479 #endif
9480 
9481 	hw->conf.radar_enabled = chanctx_conf->radar_enabled;
9482 	error = lkpi_80211_update_chandef(hw, chanctx_conf);
9483 	return (error);
9484 }
9485 
9486 void
9487 ieee80211_emulate_remove_chanctx(struct ieee80211_hw *hw,
9488     struct ieee80211_chanctx_conf *chanctx_conf __unused)
9489 {
9490 
9491 	lockdep_assert_wiphy(hw->wiphy);
9492 
9493 #ifdef LINUXKPI_DEBUG_80211
9494 	if ((linuxkpi_debug_80211 & D80211_TRACE) != 0) {
9495 		struct lkpi_hw *lhw;
9496 
9497 		lhw = HW_TO_LHW(hw);
9498 		ic_printf(lhw->ic, "%s:%d: chanctx_conf %p\n",
9499 		    __func__, __LINE__, chanctx_conf);
9500 	}
9501 #endif
9502 
9503 	hw->conf.radar_enabled = false;
9504 	lkpi_80211_update_chandef(hw, NULL);
9505 }
9506 
9507 void
9508 ieee80211_emulate_change_chanctx(struct ieee80211_hw *hw,
9509     struct ieee80211_chanctx_conf *chanctx_conf, uint32_t changed __unused)
9510 {
9511 
9512 	lockdep_assert_wiphy(hw->wiphy);
9513 
9514 #ifdef LINUXKPI_DEBUG_80211
9515 	if ((linuxkpi_debug_80211 & D80211_TRACE) != 0) {
9516 		struct lkpi_hw *lhw;
9517 
9518 		lhw = HW_TO_LHW(hw);
9519 		ic_printf(lhw->ic, "%s:%d: chanctx_conf %p\n",
9520 		    __func__, __LINE__, chanctx_conf);
9521 	}
9522 #endif
9523 
9524 	hw->conf.radar_enabled = chanctx_conf->radar_enabled;
9525 	lkpi_80211_update_chandef(hw, chanctx_conf);
9526 }
9527 
9528 int
9529 ieee80211_emulate_switch_vif_chanctx(struct ieee80211_hw *hw,
9530     struct ieee80211_vif_chanctx_switch *vifs, int n_vifs,
9531     enum ieee80211_chanctx_switch_mode mode __unused)
9532 {
9533 	struct ieee80211_chanctx_conf *chanctx_conf;
9534 	int error;
9535 
9536 	lockdep_assert_wiphy(hw->wiphy);
9537 
9538 	/* Sanity check. */
9539 	if (n_vifs <= 0)
9540 		return (-EINVAL);
9541 	if (vifs == NULL || vifs[0].new_ctx == NULL)
9542 		return (-EINVAL);
9543 
9544 	/*
9545 	 * What to do if n_vifs > 1?
9546 	 * Does that make sense for drivers not supporting chanctx?
9547 	 */
9548 	hw->conf.radar_enabled = vifs[0].new_ctx->radar_enabled;
9549 	chanctx_conf = vifs[0].new_ctx;
9550 	error = lkpi_80211_update_chandef(hw, chanctx_conf);
9551 	return (error);
9552 }
9553 
9554 /* -------------------------------------------------------------------------- */
9555 /* LinuxKPI 802.11 PM. */
9556 int
9557 lkpi_80211_suspend(struct ieee80211com *ic, pm_message_t state)
9558 {
9559 	struct lkpi_hw *lhw;
9560 	struct ieee80211_hw *hw;
9561 	int error;
9562 
9563 	lhw = ic->ic_softc;
9564 	hw = LHW_TO_HW(lhw);
9565 	error = 0;
9566 
9567 	/* Check:
9568 	 * - device_set_wakeup_capable() / device_can_wakeup()
9569 	 * - hw->wiphy->wowlan to be non-NULL, if so contents.
9570 	 * - hw->wiphy->max_sched_scan_ssids (rtw88)
9571 	 */
9572 	if ((lkpi_suspend_type & 0x2) != 0) {
9573 		struct cfg80211_wowlan wowlan;
9574 
9575 		IMPROVE("various options for WoWLAN");
9576 		memset(&wowlan, 0, sizeof(wowlan));
9577 		wiphy_lock(hw->wiphy);
9578 		error = lkpi_80211_mo_suspend(hw, &wowlan);
9579 		wiphy_unlock(hw->wiphy);
9580 		if (error == EOPNOTSUPP)
9581 			error = 0;
9582 	}
9583 	if ((lkpi_suspend_type & 0x1) != 0) {
9584 		struct lkpi_vif *lvif;
9585 
9586 		ieee80211_suspend_all(ic);
9587 
9588 		wiphy_lock(hw->wiphy);
9589 		/*
9590 		 * At the end of this net80211 will run a task to call
9591 		 * (*ic_parent)() which is entirely unhelpful as we do not
9592 		 * know when it will happen.  So deal with it here.
9593 		 */
9594 		TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
9595 			lkpi_80211_mo_remove_interface(hw, LVIF_TO_VIF(lvif));
9596 		}
9597 
9598 		if ((lhw->sc_flags & LKPI_MAC80211_DRV_STARTED) != 0)
9599 			lkpi_80211_mo_stop(hw, true);
9600 		wiphy_unlock(hw->wiphy);
9601 	}
9602 
9603 	if (error < 0)
9604 		error = -error;
9605 
9606 	if (error != 0)
9607 		ic_printf(ic, "%s: SUSPEND FAILED: %d\n", __func__, error);
9608 
9609 	return (error);
9610 }
9611 
9612 int
9613 lkpi_80211_resume(struct ieee80211com *ic)
9614 {
9615 	struct lkpi_hw *lhw;
9616 	struct ieee80211_hw *hw;
9617 	int error;
9618 	bool hw_scan_running;
9619 
9620 	lhw = ic->ic_softc;
9621 	hw = LHW_TO_HW(lhw);
9622 	error = 0;
9623 
9624 	/*
9625 	 * Ongoing HW scans during suspend are a problem on resume.
9626 	 * Be verbose about that.
9627 	 */
9628 	LKPI_80211_LHW_SCAN_LOCK(lhw);
9629 	hw_scan_running = (lhw->scan_flags & (LKPI_LHW_SCAN_RUNNING|LKPI_LHW_SCAN_HW)) != 0;
9630 	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
9631 	if (hw_scan_running)
9632 		ic_printf(ic, "%s: WARNING: ongoing hw scan on resume!\n", __func__);
9633 
9634 	if ((lkpi_suspend_type & 0x1) != 0) {
9635 		struct lkpi_vif *lvif;
9636 
9637 		wiphy_lock(hw->wiphy);
9638 		error = lkpi_80211_mo_start(hw);
9639 		if (error != 0 && error != EEXIST) {
9640 			ic_printf(ic, "%s: mo_start failed: %d\n",
9641 			    __func__, error);
9642 			wiphy_unlock(hw->wiphy);
9643 			goto err;
9644 		}
9645 
9646 		TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
9647 			error = lkpi_80211_mo_add_interface(hw, LVIF_TO_VIF(lvif));
9648 			if (error != 0) {
9649 				struct ieee80211vap *vap;
9650 
9651 				vap = LVIF_TO_VAP(lvif);
9652 				ic_printf(ic, "%s: mo_add_interface %s failed: %d\n",
9653 				    __func__, if_name(vap->iv_ifp), error);
9654 				wiphy_unlock(hw->wiphy);
9655 				goto err;
9656 			}
9657 		}
9658 		wiphy_unlock(hw->wiphy);
9659 
9660 		ieee80211_resume_all(ic);
9661 	}
9662 
9663 	if ((lkpi_suspend_type & 0x2) != 0) {
9664 		wiphy_lock(hw->wiphy);
9665 		error = lkpi_80211_mo_resume(hw);
9666 		wiphy_unlock(hw->wiphy);
9667 		if (error == EOPNOTSUPP)
9668 			error = 0;
9669 	}
9670 
9671 err:
9672 	if (error < 0)
9673 		error = -error;
9674 
9675 	return (error);
9676 }
9677 
9678 /* -------------------------------------------------------------------------- */
9679 MODULE_VERSION(linuxkpi_wlan, 1);
9680 MODULE_DEPEND(linuxkpi_wlan, linuxkpi, 1, 1, 1);
9681 MODULE_DEPEND(linuxkpi_wlan, wlan, 1, 1, 1);
9682