xref: /freebsd/sys/dev/usb/net/if_usie.c (revision 2e5b60079b7d8c3ca68f1390cd90f305e651f8d3)
1 /*-
2  * Copyright (c) 2011 Anybots Inc
3  * written by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4  *  - ucom part is based on u3g.c
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/param.h>
32 #include <sys/systm.h>
33 #include <sys/queue.h>
34 #include <sys/systm.h>
35 #include <sys/socket.h>
36 #include <sys/kernel.h>
37 #include <sys/bus.h>
38 #include <sys/module.h>
39 #include <sys/sockio.h>
40 #include <sys/socket.h>
41 #include <sys/lock.h>
42 #include <sys/mutex.h>
43 #include <sys/condvar.h>
44 #include <sys/sysctl.h>
45 #include <sys/malloc.h>
46 #include <sys/taskqueue.h>
47 
48 #include <net/if.h>
49 #include <net/if_var.h>
50 
51 #include <machine/bus.h>
52 
53 #include <net/if.h>
54 #include <net/if_types.h>
55 #include <net/netisr.h>
56 #include <net/bpf.h>
57 #include <net/ethernet.h>
58 
59 #include <netinet/in.h>
60 #include <netinet/ip.h>
61 #include <netinet/ip6.h>
62 #include <netinet/udp.h>
63 
64 #include <net80211/ieee80211_ioctl.h>
65 
66 #include <dev/usb/usb.h>
67 #include <dev/usb/usbdi.h>
68 #include <dev/usb/usbdi_util.h>
69 #include <dev/usb/usb_cdc.h>
70 #include "usbdevs.h"
71 
72 #define	USB_DEBUG_VAR usie_debug
73 #include <dev/usb/usb_debug.h>
74 #include <dev/usb/usb_process.h>
75 #include <dev/usb/usb_msctest.h>
76 
77 #include <dev/usb/serial/usb_serial.h>
78 
79 #include <dev/usb/net/if_usievar.h>
80 
81 #ifdef	USB_DEBUG
82 static int usie_debug = 0;
83 
84 static SYSCTL_NODE(_hw_usb, OID_AUTO, usie, CTLFLAG_RW, 0, "sierra USB modem");
85 SYSCTL_INT(_hw_usb_usie, OID_AUTO, debug, CTLFLAG_RWTUN, &usie_debug, 0,
86     "usie debug level");
87 #endif
88 
89 /* Sierra Wireless Direct IP modems */
90 static const STRUCT_USB_HOST_ID usie_devs[] = {
91 #define	USIE_DEV(v, d) {				\
92     USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##d) }
93 	USIE_DEV(SIERRA, MC8700),
94 	USIE_DEV(SIERRA, TRUINSTALL),
95 	USIE_DEV(AIRPRIME, USB308),
96 #undef	USIE_DEV
97 };
98 
99 static device_probe_t usie_probe;
100 static device_attach_t usie_attach;
101 static device_detach_t usie_detach;
102 static void usie_free_softc(struct usie_softc *);
103 
104 static void usie_free(struct ucom_softc *);
105 static void usie_uc_update_line_state(struct ucom_softc *, uint8_t);
106 static void usie_uc_cfg_get_status(struct ucom_softc *, uint8_t *, uint8_t *);
107 static void usie_uc_cfg_set_dtr(struct ucom_softc *, uint8_t);
108 static void usie_uc_cfg_set_rts(struct ucom_softc *, uint8_t);
109 static void usie_uc_cfg_open(struct ucom_softc *);
110 static void usie_uc_cfg_close(struct ucom_softc *);
111 static void usie_uc_start_read(struct ucom_softc *);
112 static void usie_uc_stop_read(struct ucom_softc *);
113 static void usie_uc_start_write(struct ucom_softc *);
114 static void usie_uc_stop_write(struct ucom_softc *);
115 
116 static usb_callback_t usie_uc_tx_callback;
117 static usb_callback_t usie_uc_rx_callback;
118 static usb_callback_t usie_uc_status_callback;
119 static usb_callback_t usie_if_tx_callback;
120 static usb_callback_t usie_if_rx_callback;
121 static usb_callback_t usie_if_status_callback;
122 
123 static void usie_if_sync_to(void *);
124 static void usie_if_sync_cb(void *, int);
125 static void usie_if_status_cb(void *, int);
126 
127 static void usie_if_start(struct ifnet *);
128 static int usie_if_output(struct ifnet *, struct mbuf *,
129 	const struct sockaddr *, struct route *);
130 static void usie_if_init(void *);
131 static void usie_if_stop(struct usie_softc *);
132 static int usie_if_ioctl(struct ifnet *, u_long, caddr_t);
133 
134 static int usie_do_request(struct usie_softc *, struct usb_device_request *, void *);
135 static int usie_if_cmd(struct usie_softc *, uint8_t);
136 static void usie_cns_req(struct usie_softc *, uint32_t, uint16_t);
137 static void usie_cns_rsp(struct usie_softc *, struct usie_cns *);
138 static void usie_hip_rsp(struct usie_softc *, uint8_t *, uint32_t);
139 static int usie_driver_loaded(struct module *, int, void *);
140 
141 static const struct usb_config usie_uc_config[USIE_UC_N_XFER] = {
142 	[USIE_UC_STATUS] = {
143 		.type = UE_INTERRUPT,
144 		.endpoint = UE_ADDR_ANY,
145 		.direction = UE_DIR_IN,
146 		.bufsize = 0,		/* use wMaxPacketSize */
147 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
148 		.callback = &usie_uc_status_callback,
149 	},
150 	[USIE_UC_RX] = {
151 		.type = UE_BULK,
152 		.endpoint = UE_ADDR_ANY,
153 		.direction = UE_DIR_IN,
154 		.bufsize = USIE_BUFSIZE,
155 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,.proxy_buffer = 1,},
156 		.callback = &usie_uc_rx_callback,
157 	},
158 	[USIE_UC_TX] = {
159 		.type = UE_BULK,
160 		.endpoint = UE_ADDR_ANY,
161 		.direction = UE_DIR_OUT,
162 		.bufsize = USIE_BUFSIZE,
163 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
164 		.callback = &usie_uc_tx_callback,
165 	}
166 };
167 
168 static const struct usb_config usie_if_config[USIE_IF_N_XFER] = {
169 	[USIE_IF_STATUS] = {
170 		.type = UE_INTERRUPT,
171 		.endpoint = UE_ADDR_ANY,
172 		.direction = UE_DIR_IN,
173 		.bufsize = 0,		/* use wMaxPacketSize */
174 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
175 		.callback = &usie_if_status_callback,
176 	},
177 	[USIE_IF_RX] = {
178 		.type = UE_BULK,
179 		.endpoint = UE_ADDR_ANY,
180 		.direction = UE_DIR_IN,
181 		.bufsize = USIE_BUFSIZE,
182 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
183 		.callback = &usie_if_rx_callback,
184 	},
185 	[USIE_IF_TX] = {
186 		.type = UE_BULK,
187 		.endpoint = UE_ADDR_ANY,
188 		.direction = UE_DIR_OUT,
189 		.bufsize = MAX(USIE_BUFSIZE, MCLBYTES),
190 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
191 		.callback = &usie_if_tx_callback,
192 	}
193 };
194 
195 static device_method_t usie_methods[] = {
196 	DEVMETHOD(device_probe, usie_probe),
197 	DEVMETHOD(device_attach, usie_attach),
198 	DEVMETHOD(device_detach, usie_detach),
199 	DEVMETHOD_END
200 };
201 
202 static driver_t usie_driver = {
203 	.name = "usie",
204 	.methods = usie_methods,
205 	.size = sizeof(struct usie_softc),
206 };
207 
208 static devclass_t usie_devclass;
209 static eventhandler_tag usie_etag;
210 
211 DRIVER_MODULE(usie, uhub, usie_driver, usie_devclass, usie_driver_loaded, 0);
212 MODULE_DEPEND(usie, ucom, 1, 1, 1);
213 MODULE_DEPEND(usie, usb, 1, 1, 1);
214 MODULE_VERSION(usie, 1);
215 
216 static const struct ucom_callback usie_uc_callback = {
217 	.ucom_cfg_get_status = &usie_uc_cfg_get_status,
218 	.ucom_cfg_set_dtr = &usie_uc_cfg_set_dtr,
219 	.ucom_cfg_set_rts = &usie_uc_cfg_set_rts,
220 	.ucom_cfg_open = &usie_uc_cfg_open,
221 	.ucom_cfg_close = &usie_uc_cfg_close,
222 	.ucom_start_read = &usie_uc_start_read,
223 	.ucom_stop_read = &usie_uc_stop_read,
224 	.ucom_start_write = &usie_uc_start_write,
225 	.ucom_stop_write = &usie_uc_stop_write,
226 	.ucom_free = &usie_free,
227 };
228 
229 static void
230 usie_autoinst(void *arg, struct usb_device *udev,
231     struct usb_attach_arg *uaa)
232 {
233 	struct usb_interface *iface;
234 	struct usb_interface_descriptor *id;
235 	struct usb_device_request req;
236 	int err;
237 
238 	if (uaa->dev_state != UAA_DEV_READY)
239 		return;
240 
241 	iface = usbd_get_iface(udev, 0);
242 	if (iface == NULL)
243 		return;
244 
245 	id = iface->idesc;
246 	if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
247 		return;
248 
249 	if (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa) != 0)
250 		return;			/* no device match */
251 
252 	if (bootverbose) {
253 		DPRINTF("Ejecting %s %s\n",
254 		    usb_get_manufacturer(udev),
255 		    usb_get_product(udev));
256 	}
257 	req.bmRequestType = UT_VENDOR;
258 	req.bRequest = UR_SET_INTERFACE;
259 	USETW(req.wValue, UF_DEVICE_REMOTE_WAKEUP);
260 	USETW(req.wIndex, UHF_PORT_CONNECTION);
261 	USETW(req.wLength, 0);
262 
263 	/* at this moment there is no mutex */
264 	err = usbd_do_request_flags(udev, NULL, &req,
265 	    NULL, 0, NULL, 250 /* ms */ );
266 
267 	/* success, mark the udev as disappearing */
268 	if (err == 0)
269 		uaa->dev_state = UAA_DEV_EJECTING;
270 }
271 
272 static int
273 usie_probe(device_t self)
274 {
275 	struct usb_attach_arg *uaa = device_get_ivars(self);
276 
277 	if (uaa->usb_mode != USB_MODE_HOST)
278 		return (ENXIO);
279 	if (uaa->info.bConfigIndex != USIE_CNFG_INDEX)
280 		return (ENXIO);
281 	if (uaa->info.bIfaceIndex != USIE_IFACE_INDEX)
282 		return (ENXIO);
283 	if (uaa->info.bInterfaceClass != UICLASS_VENDOR)
284 		return (ENXIO);
285 
286 	return (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa));
287 }
288 
289 static int
290 usie_attach(device_t self)
291 {
292 	struct usie_softc *sc = device_get_softc(self);
293 	struct usb_attach_arg *uaa = device_get_ivars(self);
294 	struct ifnet *ifp;
295 	struct usb_interface *iface;
296 	struct usb_interface_descriptor *id;
297 	struct usb_device_request req;
298 	int err;
299 	uint16_t fwattr;
300 	uint8_t iface_index;
301 	uint8_t ifidx;
302 	uint8_t start;
303 
304 	device_set_usb_desc(self);
305 	sc->sc_udev = uaa->device;
306 	sc->sc_dev = self;
307 
308 	mtx_init(&sc->sc_mtx, "usie", MTX_NETWORK_LOCK, MTX_DEF);
309 	ucom_ref(&sc->sc_super_ucom);
310 
311 	TASK_INIT(&sc->sc_if_status_task, 0, usie_if_status_cb, sc);
312 	TASK_INIT(&sc->sc_if_sync_task, 0, usie_if_sync_cb, sc);
313 
314 	usb_callout_init_mtx(&sc->sc_if_sync_ch, &sc->sc_mtx, 0);
315 
316 	mtx_lock(&sc->sc_mtx);
317 
318 	/* set power mode to D0 */
319 	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
320 	req.bRequest = USIE_POWER;
321 	USETW(req.wValue, 0);
322 	USETW(req.wIndex, 0);
323 	USETW(req.wLength, 0);
324 	if (usie_do_request(sc, &req, NULL)) {
325 		mtx_unlock(&sc->sc_mtx);
326 		goto detach;
327 	}
328 	/* read fw attr */
329 	fwattr = 0;
330 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
331 	req.bRequest = USIE_FW_ATTR;
332 	USETW(req.wValue, 0);
333 	USETW(req.wIndex, 0);
334 	USETW(req.wLength, sizeof(fwattr));
335 	if (usie_do_request(sc, &req, &fwattr)) {
336 		mtx_unlock(&sc->sc_mtx);
337 		goto detach;
338 	}
339 	mtx_unlock(&sc->sc_mtx);
340 
341 	/* check DHCP supports */
342 	DPRINTF("fwattr=%x\n", fwattr);
343 	if (!(fwattr & USIE_FW_DHCP)) {
344 		device_printf(self, "DHCP is not supported. A firmware upgrade might be needed.\n");
345 	}
346 
347 	/* find available interfaces */
348 	sc->sc_nucom = 0;
349 	for (ifidx = 0; ifidx < USIE_IFACE_MAX; ifidx++) {
350 		iface = usbd_get_iface(uaa->device, ifidx);
351 		if (iface == NULL)
352 			break;
353 
354 		id = usbd_get_interface_descriptor(iface);
355 		if ((id == NULL) || (id->bInterfaceClass != UICLASS_VENDOR))
356 			continue;
357 
358 		/* setup Direct IP transfer */
359 		if (id->bInterfaceNumber >= 7 && id->bNumEndpoints == 3) {
360 			sc->sc_if_ifnum = id->bInterfaceNumber;
361 			iface_index = ifidx;
362 
363 			DPRINTF("ifnum=%d, ifidx=%d\n",
364 			    sc->sc_if_ifnum, ifidx);
365 
366 			err = usbd_transfer_setup(uaa->device,
367 			    &iface_index, sc->sc_if_xfer, usie_if_config,
368 			    USIE_IF_N_XFER, sc, &sc->sc_mtx);
369 
370 			if (err == 0)
371 				continue;
372 
373 			device_printf(self,
374 			    "could not allocate USB transfers on "
375 			    "iface_index=%d, err=%s\n",
376 			    iface_index, usbd_errstr(err));
377 			goto detach;
378 		}
379 
380 		/* setup ucom */
381 		if (sc->sc_nucom >= USIE_UCOM_MAX)
382 			continue;
383 
384 		usbd_set_parent_iface(uaa->device, ifidx,
385 		    uaa->info.bIfaceIndex);
386 
387 		DPRINTF("NumEndpoints=%d bInterfaceNumber=%d\n",
388 		    id->bNumEndpoints, id->bInterfaceNumber);
389 
390 		if (id->bNumEndpoints == 2) {
391 			sc->sc_uc_xfer[sc->sc_nucom][0] = NULL;
392 			start = 1;
393 		} else
394 			start = 0;
395 
396 		err = usbd_transfer_setup(uaa->device, &ifidx,
397 		    sc->sc_uc_xfer[sc->sc_nucom] + start,
398 		    usie_uc_config + start, USIE_UC_N_XFER - start,
399 		    &sc->sc_ucom[sc->sc_nucom], &sc->sc_mtx);
400 
401 		if (err != 0) {
402 			DPRINTF("usbd_transfer_setup error=%s\n", usbd_errstr(err));
403 			continue;
404 		}
405 
406 		mtx_lock(&sc->sc_mtx);
407 		for (; start < USIE_UC_N_XFER; start++)
408 			usbd_xfer_set_stall(sc->sc_uc_xfer[sc->sc_nucom][start]);
409 		mtx_unlock(&sc->sc_mtx);
410 
411 		sc->sc_uc_ifnum[sc->sc_nucom] = id->bInterfaceNumber;
412 
413 		sc->sc_nucom++;		/* found a port */
414 	}
415 
416 	if (sc->sc_nucom == 0) {
417 		device_printf(self, "no comports found\n");
418 		goto detach;
419 	}
420 
421 	err = ucom_attach(&sc->sc_super_ucom, sc->sc_ucom,
422 	    sc->sc_nucom, sc, &usie_uc_callback, &sc->sc_mtx);
423 
424 	if (err != 0) {
425 		DPRINTF("ucom_attach failed\n");
426 		goto detach;
427 	}
428 	DPRINTF("Found %d interfaces.\n", sc->sc_nucom);
429 
430 	/* setup ifnet (Direct IP) */
431 	sc->sc_ifp = ifp = if_alloc(IFT_OTHER);
432 
433 	if (ifp == NULL) {
434 		device_printf(self, "Could not allocate a network interface\n");
435 		goto detach;
436 	}
437 	if_initname(ifp, "usie", device_get_unit(self));
438 
439 	ifp->if_softc = sc;
440 	ifp->if_mtu = USIE_MTU_MAX;
441 	ifp->if_flags |= IFF_NOARP;
442 	ifp->if_init = usie_if_init;
443 	ifp->if_ioctl = usie_if_ioctl;
444 	ifp->if_start = usie_if_start;
445 	ifp->if_output = usie_if_output;
446 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
447 	ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
448 	IFQ_SET_READY(&ifp->if_snd);
449 
450 	if_attach(ifp);
451 	bpfattach(ifp, DLT_RAW, 0);
452 
453 	if (fwattr & USIE_PM_AUTO) {
454 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
455 		DPRINTF("enabling automatic suspend and resume\n");
456 	} else {
457 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_ON);
458 		DPRINTF("USB power is always ON\n");
459 	}
460 
461 	DPRINTF("device attached\n");
462 	return (0);
463 
464 detach:
465 	usie_detach(self);
466 	return (ENOMEM);
467 }
468 
469 static int
470 usie_detach(device_t self)
471 {
472 	struct usie_softc *sc = device_get_softc(self);
473 	uint8_t x;
474 
475 	/* detach ifnet */
476 	if (sc->sc_ifp != NULL) {
477 		usie_if_stop(sc);
478 		usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
479 		bpfdetach(sc->sc_ifp);
480 		if_detach(sc->sc_ifp);
481 		if_free(sc->sc_ifp);
482 		sc->sc_ifp = NULL;
483 	}
484 	/* detach ucom */
485 	if (sc->sc_nucom > 0)
486 		ucom_detach(&sc->sc_super_ucom, sc->sc_ucom);
487 
488 	/* stop all USB transfers */
489 	usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
490 
491 	for (x = 0; x != USIE_UCOM_MAX; x++)
492 		usbd_transfer_unsetup(sc->sc_uc_xfer[x], USIE_UC_N_XFER);
493 
494 
495 	device_claim_softc(self);
496 
497 	usie_free_softc(sc);
498 
499 	return (0);
500 }
501 
502 UCOM_UNLOAD_DRAIN(usie);
503 
504 static void
505 usie_free_softc(struct usie_softc *sc)
506 {
507 	if (ucom_unref(&sc->sc_super_ucom)) {
508 		mtx_destroy(&sc->sc_mtx);
509 		device_free_softc(sc);
510 	}
511 }
512 
513 static void
514 usie_free(struct ucom_softc *ucom)
515 {
516 	usie_free_softc(ucom->sc_parent);
517 }
518 
519 static void
520 usie_uc_update_line_state(struct ucom_softc *ucom, uint8_t ls)
521 {
522 	struct usie_softc *sc = ucom->sc_parent;
523 	struct usb_device_request req;
524 
525 	if (sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS] == NULL)
526 		return;
527 
528 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
529 	req.bRequest = USIE_LINK_STATE;
530 	USETW(req.wValue, ls);
531 	USETW(req.wIndex, sc->sc_uc_ifnum[ucom->sc_subunit]);
532 	USETW(req.wLength, 0);
533 
534 	DPRINTF("sc_uc_ifnum=%d\n", sc->sc_uc_ifnum[ucom->sc_subunit]);
535 
536 	usie_do_request(sc, &req, NULL);
537 }
538 
539 static void
540 usie_uc_cfg_get_status(struct ucom_softc *ucom, uint8_t *lsr, uint8_t *msr)
541 {
542 	struct usie_softc *sc = ucom->sc_parent;
543 
544 	*msr = sc->sc_msr;
545 	*lsr = sc->sc_lsr;
546 }
547 
548 static void
549 usie_uc_cfg_set_dtr(struct ucom_softc *ucom, uint8_t flag)
550 {
551 	uint8_t dtr;
552 
553 	dtr = flag ? USIE_LS_DTR : 0;
554 	usie_uc_update_line_state(ucom, dtr);
555 }
556 
557 static void
558 usie_uc_cfg_set_rts(struct ucom_softc *ucom, uint8_t flag)
559 {
560 	uint8_t rts;
561 
562 	rts = flag ? USIE_LS_RTS : 0;
563 	usie_uc_update_line_state(ucom, rts);
564 }
565 
566 static void
567 usie_uc_cfg_open(struct ucom_softc *ucom)
568 {
569 	struct usie_softc *sc = ucom->sc_parent;
570 
571 	/* usbd_transfer_start() is NULL safe */
572 
573 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
574 }
575 
576 static void
577 usie_uc_cfg_close(struct ucom_softc *ucom)
578 {
579 	struct usie_softc *sc = ucom->sc_parent;
580 
581 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
582 }
583 
584 static void
585 usie_uc_start_read(struct ucom_softc *ucom)
586 {
587 	struct usie_softc *sc = ucom->sc_parent;
588 
589 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
590 }
591 
592 static void
593 usie_uc_stop_read(struct ucom_softc *ucom)
594 {
595 	struct usie_softc *sc = ucom->sc_parent;
596 
597 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
598 }
599 
600 static void
601 usie_uc_start_write(struct ucom_softc *ucom)
602 {
603 	struct usie_softc *sc = ucom->sc_parent;
604 
605 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
606 }
607 
608 static void
609 usie_uc_stop_write(struct ucom_softc *ucom)
610 {
611 	struct usie_softc *sc = ucom->sc_parent;
612 
613 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
614 }
615 
616 static void
617 usie_uc_rx_callback(struct usb_xfer *xfer, usb_error_t error)
618 {
619 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
620 	struct usie_softc *sc = ucom->sc_parent;
621 	struct usb_page_cache *pc;
622 	uint32_t actlen;
623 
624 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
625 
626 	switch (USB_GET_STATE(xfer)) {
627 	case USB_ST_TRANSFERRED:
628 		pc = usbd_xfer_get_frame(xfer, 0);
629 
630 		/* handle CnS response */
631 		if (ucom == sc->sc_ucom && actlen >= USIE_HIPCNS_MIN) {
632 
633 			DPRINTF("transferred=%u\n", actlen);
634 
635 			/* check if it is really CnS reply */
636 			usbd_copy_out(pc, 0, sc->sc_resp_temp, 1);
637 
638 			if (sc->sc_resp_temp[0] == USIE_HIP_FRM_CHR) {
639 
640 				/* verify actlen */
641 				if (actlen > USIE_BUFSIZE)
642 					actlen = USIE_BUFSIZE;
643 
644 				/* get complete message */
645 				usbd_copy_out(pc, 0, sc->sc_resp_temp, actlen);
646 				usie_hip_rsp(sc, sc->sc_resp_temp, actlen);
647 
648 				/* need to fall though */
649 				goto tr_setup;
650 			}
651 			/* else call ucom_put_data() */
652 		}
653 		/* standard ucom transfer */
654 		ucom_put_data(ucom, pc, 0, actlen);
655 
656 		/* fall though */
657 	case USB_ST_SETUP:
658 tr_setup:
659 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
660 		usbd_transfer_submit(xfer);
661 		break;
662 
663 	default:			/* Error */
664 		if (error != USB_ERR_CANCELLED) {
665 			usbd_xfer_set_stall(xfer);
666 			goto tr_setup;
667 		}
668 		break;
669 	}
670 }
671 
672 static void
673 usie_uc_tx_callback(struct usb_xfer *xfer, usb_error_t error)
674 {
675 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
676 	struct usb_page_cache *pc;
677 	uint32_t actlen;
678 
679 	switch (USB_GET_STATE(xfer)) {
680 	case USB_ST_TRANSFERRED:
681 	case USB_ST_SETUP:
682 tr_setup:
683 		pc = usbd_xfer_get_frame(xfer, 0);
684 
685 		/* handle CnS request */
686 		struct mbuf *m = usbd_xfer_get_priv(xfer);
687 
688 		if (m != NULL) {
689 			usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
690 			usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len);
691 			usbd_xfer_set_priv(xfer, NULL);
692 			usbd_transfer_submit(xfer);
693 			m_freem(m);
694 			break;
695 		}
696 		/* standard ucom transfer */
697 		if (ucom_get_data(ucom, pc, 0, USIE_BUFSIZE, &actlen)) {
698 			usbd_xfer_set_frame_len(xfer, 0, actlen);
699 			usbd_transfer_submit(xfer);
700 		}
701 		break;
702 
703 	default:			/* Error */
704 		if (error != USB_ERR_CANCELLED) {
705 			usbd_xfer_set_stall(xfer);
706 			goto tr_setup;
707 		}
708 		break;
709 	}
710 }
711 
712 static void
713 usie_uc_status_callback(struct usb_xfer *xfer, usb_error_t error)
714 {
715 	struct usb_page_cache *pc;
716 	struct {
717 		struct usb_device_request req;
718 		uint16_t param;
719 	}      st;
720 	uint32_t actlen;
721 	uint16_t param;
722 
723 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
724 
725 	switch (USB_GET_STATE(xfer)) {
726 	case USB_ST_TRANSFERRED:
727 		DPRINTFN(4, "info received, actlen=%u\n", actlen);
728 
729 		if (actlen < sizeof(st)) {
730 			DPRINTF("data too short actlen=%u\n", actlen);
731 			goto tr_setup;
732 		}
733 		pc = usbd_xfer_get_frame(xfer, 0);
734 		usbd_copy_out(pc, 0, &st, sizeof(st));
735 
736 		if (st.req.bmRequestType == 0xa1 && st.req.bRequest == 0x20) {
737 			struct ucom_softc *ucom = usbd_xfer_softc(xfer);
738 			struct usie_softc *sc = ucom->sc_parent;
739 
740 			param = le16toh(st.param);
741 			DPRINTF("param=%x\n", param);
742 			sc->sc_msr = sc->sc_lsr = 0;
743 			sc->sc_msr |= (param & USIE_DCD) ? SER_DCD : 0;
744 			sc->sc_msr |= (param & USIE_DSR) ? SER_DSR : 0;
745 			sc->sc_msr |= (param & USIE_RI) ? SER_RI : 0;
746 			sc->sc_msr |= (param & USIE_CTS) ? 0 : SER_CTS;
747 			sc->sc_msr |= (param & USIE_RTS) ? SER_RTS : 0;
748 			sc->sc_msr |= (param & USIE_DTR) ? SER_DTR : 0;
749 		}
750 		/* fall though */
751 	case USB_ST_SETUP:
752 tr_setup:
753 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
754 		usbd_transfer_submit(xfer);
755 		break;
756 
757 	default:			/* Error */
758 		DPRINTF("USB transfer error, %s\n",
759 		    usbd_errstr(error));
760 
761 		if (error != USB_ERR_CANCELLED) {
762 			usbd_xfer_set_stall(xfer);
763 			goto tr_setup;
764 		}
765 		break;
766 	}
767 }
768 
769 static void
770 usie_if_rx_callback(struct usb_xfer *xfer, usb_error_t error)
771 {
772 	struct usie_softc *sc = usbd_xfer_softc(xfer);
773 	struct ifnet *ifp = sc->sc_ifp;
774 	struct mbuf *m0;
775 	struct mbuf *m = NULL;
776 	struct usie_desc *rxd;
777 	uint32_t actlen;
778 	uint16_t err;
779 	uint16_t pkt;
780 	uint16_t ipl;
781 	uint16_t len;
782 	uint16_t diff;
783 	uint8_t pad;
784 	uint8_t ipv;
785 
786 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
787 
788 	switch (USB_GET_STATE(xfer)) {
789 	case USB_ST_TRANSFERRED:
790 		DPRINTFN(15, "rx done, actlen=%u\n", actlen);
791 
792 		if (actlen < sizeof(struct usie_hip)) {
793 			DPRINTF("data too short %u\n", actlen);
794 			goto tr_setup;
795 		}
796 		m = sc->sc_rxm;
797 		sc->sc_rxm = NULL;
798 
799 		/* fall though */
800 	case USB_ST_SETUP:
801 tr_setup:
802 
803 		if (sc->sc_rxm == NULL) {
804 			sc->sc_rxm = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
805 			    MJUMPAGESIZE /* could be bigger than MCLBYTES */ );
806 		}
807 		if (sc->sc_rxm == NULL) {
808 			DPRINTF("could not allocate Rx mbuf\n");
809 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
810 			usbd_xfer_set_stall(xfer);
811 			usbd_xfer_set_frames(xfer, 0);
812 		} else {
813 			/*
814 			 * Directly loading a mbuf cluster into DMA to
815 			 * save some data copying. This works because
816 			 * there is only one cluster.
817 			 */
818 			usbd_xfer_set_frame_data(xfer, 0,
819 			    mtod(sc->sc_rxm, caddr_t), MIN(MJUMPAGESIZE, USIE_RXSZ_MAX));
820 			usbd_xfer_set_frames(xfer, 1);
821 		}
822 		usbd_transfer_submit(xfer);
823 		break;
824 
825 	default:			/* Error */
826 		DPRINTF("USB transfer error, %s\n", usbd_errstr(error));
827 
828 		if (error != USB_ERR_CANCELLED) {
829 			/* try to clear stall first */
830 			usbd_xfer_set_stall(xfer);
831 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
832 			goto tr_setup;
833 		}
834 		if (sc->sc_rxm != NULL) {
835 			m_freem(sc->sc_rxm);
836 			sc->sc_rxm = NULL;
837 		}
838 		break;
839 	}
840 
841 	if (m == NULL)
842 		return;
843 
844 	mtx_unlock(&sc->sc_mtx);
845 
846 	m->m_pkthdr.len = m->m_len = actlen;
847 
848 	err = pkt = 0;
849 
850 	/* HW can aggregate multiple frames in a single USB xfer */
851 	for (;;) {
852 		rxd = mtod(m, struct usie_desc *);
853 
854 		len = be16toh(rxd->hip.len) & USIE_HIP_IP_LEN_MASK;
855 		pad = (rxd->hip.id & USIE_HIP_PAD) ? 1 : 0;
856 		ipl = (len - pad - ETHER_HDR_LEN);
857 		if (ipl >= len) {
858 			DPRINTF("Corrupt frame\n");
859 			m_freem(m);
860 			break;
861 		}
862 		diff = sizeof(struct usie_desc) + ipl + pad;
863 
864 		if (((rxd->hip.id & USIE_HIP_MASK) != USIE_HIP_IP) ||
865 		    (be16toh(rxd->desc_type) & USIE_TYPE_MASK) != USIE_IP_RX) {
866 			DPRINTF("received wrong type of packet\n");
867 			m->m_data += diff;
868 			m->m_pkthdr.len = (m->m_len -= diff);
869 			err++;
870 			if (m->m_pkthdr.len > 0)
871 				continue;
872 			m_freem(m);
873 			break;
874 		}
875 		switch (be16toh(rxd->ethhdr.ether_type)) {
876 		case ETHERTYPE_IP:
877 			ipv = NETISR_IP;
878 			break;
879 #ifdef INET6
880 		case ETHERTYPE_IPV6:
881 			ipv = NETISR_IPV6;
882 			break;
883 #endif
884 		default:
885 			DPRINTF("unsupported ether type\n");
886 			err++;
887 			break;
888 		}
889 
890 		/* the last packet */
891 		if (m->m_pkthdr.len <= diff) {
892 			m->m_data += (sizeof(struct usie_desc) + pad);
893 			m->m_pkthdr.len = m->m_len = ipl;
894 			m->m_pkthdr.rcvif = ifp;
895 			BPF_MTAP(sc->sc_ifp, m);
896 			netisr_dispatch(ipv, m);
897 			break;
898 		}
899 		/* copy aggregated frames to another mbuf */
900 		m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
901 		if (__predict_false(m0 == NULL)) {
902 			DPRINTF("could not allocate mbuf\n");
903 			err++;
904 			m_freem(m);
905 			break;
906 		}
907 		m_copydata(m, sizeof(struct usie_desc) + pad, ipl, mtod(m0, caddr_t));
908 		m0->m_pkthdr.rcvif = ifp;
909 		m0->m_pkthdr.len = m0->m_len = ipl;
910 
911 		BPF_MTAP(sc->sc_ifp, m0);
912 		netisr_dispatch(ipv, m0);
913 
914 		m->m_data += diff;
915 		m->m_pkthdr.len = (m->m_len -= diff);
916 	}
917 
918 	mtx_lock(&sc->sc_mtx);
919 
920 	if_inc_counter(ifp, IFCOUNTER_IERRORS, err);
921 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, pkt);
922 }
923 
924 static void
925 usie_if_tx_callback(struct usb_xfer *xfer, usb_error_t error)
926 {
927 	struct usie_softc *sc = usbd_xfer_softc(xfer);
928 	struct usb_page_cache *pc;
929 	struct ifnet *ifp = sc->sc_ifp;
930 	struct mbuf *m;
931 	uint16_t size;
932 
933 	switch (USB_GET_STATE(xfer)) {
934 	case USB_ST_TRANSFERRED:
935 		DPRINTFN(11, "transfer complete\n");
936 		ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
937 		if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
938 
939 		/* fall though */
940 	case USB_ST_SETUP:
941 tr_setup:
942 
943 		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
944 			break;
945 
946 		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
947 		if (m == NULL)
948 			break;
949 
950 		if (m->m_pkthdr.len > (int)(MCLBYTES - ETHER_HDR_LEN +
951 		    ETHER_CRC_LEN - sizeof(sc->sc_txd))) {
952 			DPRINTF("packet len is too big: %d\n",
953 			    m->m_pkthdr.len);
954 			break;
955 		}
956 		pc = usbd_xfer_get_frame(xfer, 0);
957 
958 		sc->sc_txd.hip.len = htobe16(m->m_pkthdr.len +
959 		    ETHER_HDR_LEN + ETHER_CRC_LEN);
960 		size = sizeof(sc->sc_txd);
961 
962 		usbd_copy_in(pc, 0, &sc->sc_txd, size);
963 		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
964 		usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len +
965 		    size + ETHER_CRC_LEN);
966 
967 		BPF_MTAP(ifp, m);
968 
969 		m_freem(m);
970 
971 		usbd_transfer_submit(xfer);
972 		break;
973 
974 	default:			/* Error */
975 		DPRINTF("USB transfer error, %s\n",
976 		    usbd_errstr(error));
977 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
978 
979 		if (error != USB_ERR_CANCELLED) {
980 			usbd_xfer_set_stall(xfer);
981 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
982 			goto tr_setup;
983 		}
984 		break;
985 	}
986 }
987 
988 static void
989 usie_if_status_callback(struct usb_xfer *xfer, usb_error_t error)
990 {
991 	struct usie_softc *sc = usbd_xfer_softc(xfer);
992 	struct usb_page_cache *pc;
993 	struct usb_cdc_notification cdc;
994 	uint32_t actlen;
995 
996 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
997 
998 	switch (USB_GET_STATE(xfer)) {
999 	case USB_ST_TRANSFERRED:
1000 		DPRINTFN(4, "info received, actlen=%d\n", actlen);
1001 
1002 		/* usb_cdc_notification - .data[16] */
1003 		if (actlen < (sizeof(cdc) - 16)) {
1004 			DPRINTF("data too short %d\n", actlen);
1005 			goto tr_setup;
1006 		}
1007 		pc = usbd_xfer_get_frame(xfer, 0);
1008 		usbd_copy_out(pc, 0, &cdc, (sizeof(cdc) - 16));
1009 
1010 		DPRINTFN(4, "bNotification=%x\n", cdc.bNotification);
1011 
1012 		if (cdc.bNotification & UCDC_N_RESPONSE_AVAILABLE) {
1013 			taskqueue_enqueue(taskqueue_thread,
1014 			    &sc->sc_if_status_task);
1015 		}
1016 		/* fall though */
1017 	case USB_ST_SETUP:
1018 tr_setup:
1019 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1020 		usbd_transfer_submit(xfer);
1021 		break;
1022 
1023 	default:			/* Error */
1024 		DPRINTF("USB transfer error, %s\n",
1025 		    usbd_errstr(error));
1026 
1027 		if (error != USB_ERR_CANCELLED) {
1028 			usbd_xfer_set_stall(xfer);
1029 			goto tr_setup;
1030 		}
1031 		break;
1032 	}
1033 }
1034 
1035 static void
1036 usie_if_sync_to(void *arg)
1037 {
1038 	struct usie_softc *sc = arg;
1039 
1040 	taskqueue_enqueue(taskqueue_thread, &sc->sc_if_sync_task);
1041 }
1042 
1043 static void
1044 usie_if_sync_cb(void *arg, int pending)
1045 {
1046 	struct usie_softc *sc = arg;
1047 
1048 	mtx_lock(&sc->sc_mtx);
1049 
1050 	/* call twice */
1051 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1052 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1053 
1054 	usb_callout_reset(&sc->sc_if_sync_ch, 2 * hz, usie_if_sync_to, sc);
1055 
1056 	mtx_unlock(&sc->sc_mtx);
1057 }
1058 
1059 static void
1060 usie_if_status_cb(void *arg, int pending)
1061 {
1062 	struct usie_softc *sc = arg;
1063 	struct ifnet *ifp = sc->sc_ifp;
1064 	struct usb_device_request req;
1065 	struct usie_hip *hip;
1066 	struct usie_lsi *lsi;
1067 	uint16_t actlen;
1068 	uint8_t ntries;
1069 	uint8_t pad;
1070 
1071 	mtx_lock(&sc->sc_mtx);
1072 
1073 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1074 	req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE;
1075 	USETW(req.wValue, 0);
1076 	USETW(req.wIndex, sc->sc_if_ifnum);
1077 	USETW(req.wLength, sizeof(sc->sc_status_temp));
1078 
1079 	for (ntries = 0; ntries != 10; ntries++) {
1080 		int err;
1081 
1082 		err = usbd_do_request_flags(sc->sc_udev,
1083 		    &sc->sc_mtx, &req, sc->sc_status_temp, USB_SHORT_XFER_OK,
1084 		    &actlen, USB_DEFAULT_TIMEOUT);
1085 
1086 		if (err == 0)
1087 			break;
1088 
1089 		DPRINTF("Control request failed: %s %d/10\n",
1090 		    usbd_errstr(err), ntries);
1091 
1092 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1093 	}
1094 
1095 	if (ntries == 10) {
1096 		mtx_unlock(&sc->sc_mtx);
1097 		DPRINTF("Timeout\n");
1098 		return;
1099 	}
1100 
1101 	hip = (struct usie_hip *)sc->sc_status_temp;
1102 
1103 	pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1104 
1105 	DPRINTF("hip.id=%x hip.len=%d actlen=%u pad=%d\n",
1106 	    hip->id, be16toh(hip->len), actlen, pad);
1107 
1108 	switch (hip->id & USIE_HIP_MASK) {
1109 	case USIE_HIP_SYNC2H:
1110 		usie_if_cmd(sc, USIE_HIP_SYNC2M);
1111 		break;
1112 	case USIE_HIP_RESTR:
1113 		usb_callout_stop(&sc->sc_if_sync_ch);
1114 		break;
1115 	case USIE_HIP_UMTS:
1116 		lsi = (struct usie_lsi *)(
1117 		    sc->sc_status_temp + sizeof(struct usie_hip) + pad);
1118 
1119 		DPRINTF("lsi.proto=%x lsi.len=%d\n", lsi->proto,
1120 		    be16toh(lsi->len));
1121 
1122 		if (lsi->proto != USIE_LSI_UMTS)
1123 			break;
1124 
1125 		if (lsi->area == USIE_LSI_AREA_NO ||
1126 		    lsi->area == USIE_LSI_AREA_NODATA) {
1127 			device_printf(sc->sc_dev, "no service available\n");
1128 			break;
1129 		}
1130 		if (lsi->state == USIE_LSI_STATE_IDLE) {
1131 			DPRINTF("lsi.state=%x\n", lsi->state);
1132 			break;
1133 		}
1134 		DPRINTF("ctx=%x\n", hip->param);
1135 		sc->sc_txd.hip.param = hip->param;
1136 
1137 		sc->sc_net.addr_len = lsi->pdp_addr_len;
1138 		memcpy(&sc->sc_net.dns1_addr, &lsi->dns1_addr, 16);
1139 		memcpy(&sc->sc_net.dns2_addr, &lsi->dns2_addr, 16);
1140 		memcpy(sc->sc_net.pdp_addr, lsi->pdp_addr, 16);
1141 		memcpy(sc->sc_net.gw_addr, lsi->gw_addr, 16);
1142 		ifp->if_flags |= IFF_UP;
1143 		ifp->if_drv_flags |= IFF_DRV_RUNNING;
1144 
1145 		device_printf(sc->sc_dev, "IP Addr=%d.%d.%d.%d\n",
1146 		    *lsi->pdp_addr, *(lsi->pdp_addr + 1),
1147 		    *(lsi->pdp_addr + 2), *(lsi->pdp_addr + 3));
1148 		device_printf(sc->sc_dev, "Gateway Addr=%d.%d.%d.%d\n",
1149 		    *lsi->gw_addr, *(lsi->gw_addr + 1),
1150 		    *(lsi->gw_addr + 2), *(lsi->gw_addr + 3));
1151 		device_printf(sc->sc_dev, "Prim NS Addr=%d.%d.%d.%d\n",
1152 		    *lsi->dns1_addr, *(lsi->dns1_addr + 1),
1153 		    *(lsi->dns1_addr + 2), *(lsi->dns1_addr + 3));
1154 		device_printf(sc->sc_dev, "Scnd NS Addr=%d.%d.%d.%d\n",
1155 		    *lsi->dns2_addr, *(lsi->dns2_addr + 1),
1156 		    *(lsi->dns2_addr + 2), *(lsi->dns2_addr + 3));
1157 
1158 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1159 		break;
1160 
1161 	case USIE_HIP_RCGI:
1162 		/* ignore, workaround for sloppy windows */
1163 		break;
1164 	default:
1165 		DPRINTF("undefined msgid: %x\n", hip->id);
1166 		break;
1167 	}
1168 
1169 	mtx_unlock(&sc->sc_mtx);
1170 }
1171 
1172 static void
1173 usie_if_start(struct ifnet *ifp)
1174 {
1175 	struct usie_softc *sc = ifp->if_softc;
1176 
1177 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1178 		DPRINTF("Not running\n");
1179 		return;
1180 	}
1181 	mtx_lock(&sc->sc_mtx);
1182 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_TX]);
1183 	mtx_unlock(&sc->sc_mtx);
1184 
1185 	DPRINTFN(3, "interface started\n");
1186 }
1187 
1188 static int
1189 usie_if_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
1190     struct route *ro)
1191 {
1192 	int err;
1193 
1194 	DPRINTF("proto=%x\n", dst->sa_family);
1195 
1196 	switch (dst->sa_family) {
1197 #ifdef INET6
1198 	case AF_INET6;
1199 	/* fall though */
1200 #endif
1201 	case AF_INET:
1202 		break;
1203 
1204 		/* silently drop dhclient packets */
1205 	case AF_UNSPEC:
1206 		m_freem(m);
1207 		return (0);
1208 
1209 		/* drop other packet types */
1210 	default:
1211 		m_freem(m);
1212 		return (EAFNOSUPPORT);
1213 	}
1214 
1215 	err = (ifp->if_transmit)(ifp, m);
1216 	if (err) {
1217 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1218 		return (ENOBUFS);
1219 	}
1220 	if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
1221 
1222 	return (0);
1223 }
1224 
1225 static void
1226 usie_if_init(void *arg)
1227 {
1228 	struct usie_softc *sc = arg;
1229 	struct ifnet *ifp = sc->sc_ifp;
1230 	uint8_t i;
1231 
1232 	mtx_lock(&sc->sc_mtx);
1233 
1234 	/* write tx descriptor */
1235 	sc->sc_txd.hip.id = USIE_HIP_CTX;
1236 	sc->sc_txd.hip.param = 0;	/* init value */
1237 	sc->sc_txd.desc_type = htobe16(USIE_IP_TX);
1238 
1239 	for (i = 0; i != USIE_IF_N_XFER; i++)
1240 		usbd_xfer_set_stall(sc->sc_if_xfer[i]);
1241 
1242 	usbd_transfer_start(sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_RX]);
1243 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_STATUS]);
1244 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_RX]);
1245 
1246 	/* if not running, initiate the modem */
1247 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1248 		usie_cns_req(sc, USIE_CNS_ID_INIT, USIE_CNS_OB_LINK_UPDATE);
1249 
1250 	mtx_unlock(&sc->sc_mtx);
1251 
1252 	DPRINTF("ifnet initialized\n");
1253 }
1254 
1255 static void
1256 usie_if_stop(struct usie_softc *sc)
1257 {
1258 	usb_callout_drain(&sc->sc_if_sync_ch);
1259 
1260 	mtx_lock(&sc->sc_mtx);
1261 
1262 	/* usie_cns_req() clears IFF_* flags */
1263 	usie_cns_req(sc, USIE_CNS_ID_STOP, USIE_CNS_OB_LINK_UPDATE);
1264 
1265 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_TX]);
1266 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_RX]);
1267 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_STATUS]);
1268 
1269 	/* shutdown device */
1270 	usie_if_cmd(sc, USIE_HIP_DOWN);
1271 
1272 	mtx_unlock(&sc->sc_mtx);
1273 }
1274 
1275 static int
1276 usie_if_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1277 {
1278 	struct usie_softc *sc = ifp->if_softc;
1279 	struct ieee80211req *ireq;
1280 	struct ieee80211req_sta_info si;
1281 	struct ifmediareq *ifmr;
1282 
1283 	switch (cmd) {
1284 	case SIOCSIFFLAGS:
1285 		if (ifp->if_flags & IFF_UP) {
1286 			if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1287 				usie_if_init(sc);
1288 		} else {
1289 			if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1290 				usie_if_stop(sc);
1291 		}
1292 		break;
1293 
1294 	case SIOCSIFCAP:
1295 		if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1296 			device_printf(sc->sc_dev,
1297 			    "Connect to the network first.\n");
1298 			break;
1299 		}
1300 		mtx_lock(&sc->sc_mtx);
1301 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1302 		mtx_unlock(&sc->sc_mtx);
1303 		break;
1304 
1305 	case SIOCG80211:
1306 		ireq = (struct ieee80211req *)data;
1307 
1308 		if (ireq->i_type != IEEE80211_IOC_STA_INFO)
1309 			break;
1310 
1311 		memset(&si, 0, sizeof(si));
1312 		si.isi_len = sizeof(si);
1313 		/*
1314 		 * ifconfig expects RSSI in 0.5dBm units
1315 		 * relative to the noise floor.
1316 		 */
1317 		si.isi_rssi = 2 * sc->sc_rssi;
1318 		if (copyout(&si, (uint8_t *)ireq->i_data + 8,
1319 		    sizeof(struct ieee80211req_sta_info)))
1320 			DPRINTF("copyout failed\n");
1321 		DPRINTF("80211\n");
1322 		break;
1323 
1324 	case SIOCGIFMEDIA:		/* to fool ifconfig */
1325 		ifmr = (struct ifmediareq *)data;
1326 		ifmr->ifm_count = 1;
1327 		DPRINTF("media\n");
1328 		break;
1329 
1330 	case SIOCSIFADDR:
1331 		break;
1332 
1333 	default:
1334 		return (EINVAL);
1335 	}
1336 	return (0);
1337 }
1338 
1339 static int
1340 usie_do_request(struct usie_softc *sc, struct usb_device_request *req,
1341     void *data)
1342 {
1343 	int err = 0;
1344 	int ntries;
1345 
1346 	mtx_assert(&sc->sc_mtx, MA_OWNED);
1347 
1348 	for (ntries = 0; ntries != 10; ntries++) {
1349 		err = usbd_do_request(sc->sc_udev,
1350 		    &sc->sc_mtx, req, data);
1351 		if (err == 0)
1352 			break;
1353 
1354 		DPRINTF("Control request failed: %s %d/10\n",
1355 		    usbd_errstr(err), ntries);
1356 
1357 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1358 	}
1359 	return (err);
1360 }
1361 
1362 static int
1363 usie_if_cmd(struct usie_softc *sc, uint8_t cmd)
1364 {
1365 	struct usb_device_request req;
1366 	struct usie_hip msg;
1367 
1368 	msg.len = 0;
1369 	msg.id = cmd;
1370 	msg.param = 0;
1371 
1372 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1373 	req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND;
1374 	USETW(req.wValue, 0);
1375 	USETW(req.wIndex, sc->sc_if_ifnum);
1376 	USETW(req.wLength, sizeof(msg));
1377 
1378 	DPRINTF("cmd=%x\n", cmd);
1379 
1380 	return (usie_do_request(sc, &req, &msg));
1381 }
1382 
1383 static void
1384 usie_cns_req(struct usie_softc *sc, uint32_t id, uint16_t obj)
1385 {
1386 	struct ifnet *ifp = sc->sc_ifp;
1387 	struct mbuf *m;
1388 	struct usb_xfer *xfer;
1389 	struct usie_hip *hip;
1390 	struct usie_cns *cns;
1391 	uint8_t *param;
1392 	uint8_t *tmp;
1393 	uint8_t cns_len;
1394 
1395 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1396 	if (__predict_false(m == NULL)) {
1397 		DPRINTF("could not allocate mbuf\n");
1398 		if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1399 		return;
1400 	}
1401 	/* to align usie_hip{} on 32 bit */
1402 	m->m_data += 3;
1403 	param = mtod(m, uint8_t *);
1404 	*param++ = USIE_HIP_FRM_CHR;
1405 	hip = (struct usie_hip *)param;
1406 	cns = (struct usie_cns *)(hip + 1);
1407 
1408 	tmp = param + USIE_HIPCNS_MIN - 2;
1409 
1410 	switch (obj) {
1411 	case USIE_CNS_OB_LINK_UPDATE:
1412 		cns_len = 2;
1413 		cns->op = USIE_CNS_OP_SET;
1414 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1415 		*tmp++ = id == USIE_CNS_ID_INIT ? 1 : 0;
1416 		break;
1417 
1418 	case USIE_CNS_OB_PROF_WRITE:
1419 		cns_len = 245;
1420 		cns->op = USIE_CNS_OP_SET;
1421 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1422 		*tmp++ = 2;
1423 		memcpy(tmp, &sc->sc_net, 34);
1424 		memset(tmp + 35, 0, 245 - 36);
1425 		tmp += 243;
1426 		break;
1427 
1428 	case USIE_CNS_OB_RSSI:
1429 		cns_len = 0;
1430 		cns->op = USIE_CNS_OP_REQ;
1431 		break;
1432 
1433 	default:
1434 		DPRINTF("unsupported CnS object type\n");
1435 		return;
1436 	}
1437 	*tmp = USIE_HIP_FRM_CHR;
1438 
1439 	hip->len = htobe16(sizeof(struct usie_cns) + cns_len);
1440 	hip->id = USIE_HIP_CNS2M;
1441 	hip->param = 0;			/* none for CnS */
1442 
1443 	cns->obj = htobe16(obj);
1444 	cns->id = htobe32(id);
1445 	cns->len = cns_len;
1446 	cns->rsv0 = cns->rsv1 = 0;	/* always '0' */
1447 
1448 	param = (uint8_t *)(cns + 1);
1449 
1450 	DPRINTF("param: %16D\n", param, ":");
1451 
1452 	m->m_pkthdr.len = m->m_len = USIE_HIPCNS_MIN + cns_len + 2;
1453 
1454 	xfer = sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_TX];
1455 
1456 	if (usbd_xfer_get_priv(xfer) == NULL) {
1457 		usbd_xfer_set_priv(xfer, m);
1458 		usbd_transfer_start(xfer);
1459 	} else {
1460 		DPRINTF("Dropped CNS event\n");
1461 		m_freem(m);
1462 	}
1463 }
1464 
1465 static void
1466 usie_cns_rsp(struct usie_softc *sc, struct usie_cns *cns)
1467 {
1468 	struct ifnet *ifp = sc->sc_ifp;
1469 
1470 	DPRINTF("received CnS\n");
1471 
1472 	switch (be16toh(cns->obj)) {
1473 	case USIE_CNS_OB_LINK_UPDATE:
1474 		if (be32toh(cns->id) & USIE_CNS_ID_INIT)
1475 			usie_if_sync_to(sc);
1476 		else if (be32toh(cns->id) & USIE_CNS_ID_STOP) {
1477 			ifp->if_flags &= ~IFF_UP;
1478 			ifp->if_drv_flags &=
1479 			    ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
1480 		} else
1481 			DPRINTF("undefined link update\n");
1482 		break;
1483 
1484 	case USIE_CNS_OB_RSSI:
1485 		sc->sc_rssi = be16toh(*(int16_t *)(cns + 1));
1486 		if (sc->sc_rssi <= 0)
1487 			device_printf(sc->sc_dev, "No signal\n");
1488 		else {
1489 			device_printf(sc->sc_dev, "RSSI=%ddBm\n",
1490 			    sc->sc_rssi - 110);
1491 		}
1492 		break;
1493 
1494 	case USIE_CNS_OB_PROF_WRITE:
1495 		break;
1496 
1497 	case USIE_CNS_OB_PDP_READ:
1498 		break;
1499 
1500 	default:
1501 		DPRINTF("undefined CnS\n");
1502 		break;
1503 	}
1504 }
1505 
1506 static void
1507 usie_hip_rsp(struct usie_softc *sc, uint8_t *rsp, uint32_t len)
1508 {
1509 	struct usie_hip *hip;
1510 	struct usie_cns *cns;
1511 	uint32_t i;
1512 	uint32_t j;
1513 	uint32_t off;
1514 	uint8_t tmp[USIE_HIPCNS_MAX] __aligned(4);
1515 
1516 	for (off = 0; (off + USIE_HIPCNS_MIN) <= len; off++) {
1517 
1518 		uint8_t pad;
1519 
1520 		while ((off < len) && (rsp[off] == USIE_HIP_FRM_CHR))
1521 			off++;
1522 
1523 		/* Unstuff the bytes */
1524 		for (i = j = 0; ((i + off) < len) &&
1525 		    (j < USIE_HIPCNS_MAX); i++) {
1526 
1527 			if (rsp[i + off] == USIE_HIP_FRM_CHR)
1528 				break;
1529 
1530 			if (rsp[i + off] == USIE_HIP_ESC_CHR) {
1531 				if ((i + off + 1) >= len)
1532 					break;
1533 				tmp[j++] = rsp[i++ + off + 1] ^ 0x20;
1534 			} else {
1535 				tmp[j++] = rsp[i + off];
1536 			}
1537 		}
1538 
1539 		off += i;
1540 
1541 		DPRINTF("frame len=%d\n", j);
1542 
1543 		if (j < sizeof(struct usie_hip)) {
1544 			DPRINTF("too little data\n");
1545 			break;
1546 		}
1547 		/*
1548 		 * Make sure we are not reading the stack if something
1549 		 * is wrong.
1550 		 */
1551 		memset(tmp + j, 0, sizeof(tmp) - j);
1552 
1553 		hip = (struct usie_hip *)tmp;
1554 
1555 		DPRINTF("hip: len=%d msgID=%02x, param=%02x\n",
1556 		    be16toh(hip->len), hip->id, hip->param);
1557 
1558 		pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1559 
1560 		if ((hip->id & USIE_HIP_MASK) == USIE_HIP_CNS2H) {
1561 			cns = (struct usie_cns *)(((uint8_t *)(hip + 1)) + pad);
1562 
1563 			if (j < (sizeof(struct usie_cns) +
1564 			    sizeof(struct usie_hip) + pad)) {
1565 				DPRINTF("too little data\n");
1566 				break;
1567 			}
1568 			DPRINTF("cns: obj=%04x, op=%02x, rsv0=%02x, "
1569 			    "app=%08x, rsv1=%02x, len=%d\n",
1570 			    be16toh(cns->obj), cns->op, cns->rsv0,
1571 			    be32toh(cns->id), cns->rsv1, cns->len);
1572 
1573 			if (cns->op & USIE_CNS_OP_ERR)
1574 				DPRINTF("CnS error response\n");
1575 			else
1576 				usie_cns_rsp(sc, cns);
1577 
1578 			i = sizeof(struct usie_hip) + pad + sizeof(struct usie_cns);
1579 			j = cns->len;
1580 		} else {
1581 			i = sizeof(struct usie_hip) + pad;
1582 			j = be16toh(hip->len);
1583 		}
1584 #ifdef	USB_DEBUG
1585 		if (usie_debug == 0)
1586 			continue;
1587 
1588 		while (i < USIE_HIPCNS_MAX && j > 0) {
1589 			DPRINTF("param[0x%02x] = 0x%02x\n", i, tmp[i]);
1590 			i++;
1591 			j--;
1592 		}
1593 #endif
1594 	}
1595 }
1596 
1597 static int
1598 usie_driver_loaded(struct module *mod, int what, void *arg)
1599 {
1600 	switch (what) {
1601 	case MOD_LOAD:
1602 		/* register autoinstall handler */
1603 		usie_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
1604 		    usie_autoinst, NULL, EVENTHANDLER_PRI_ANY);
1605 		break;
1606 	case MOD_UNLOAD:
1607 		EVENTHANDLER_DEREGISTER(usb_dev_configured, usie_etag);
1608 		break;
1609 	default:
1610 		return (EOPNOTSUPP);
1611 	}
1612 	return (0);
1613 }
1614 
1615