xref: /freebsd/sys/dev/usb/net/if_usie.c (revision 3c5ba95ad12285ad37c182a4bfc1b240ec6d18a7)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2011 Anybots Inc
5  * written by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
6  *  - ucom part is based on u3g.c
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/queue.h>
36 #include <sys/systm.h>
37 #include <sys/socket.h>
38 #include <sys/kernel.h>
39 #include <sys/bus.h>
40 #include <sys/module.h>
41 #include <sys/sockio.h>
42 #include <sys/socket.h>
43 #include <sys/lock.h>
44 #include <sys/mutex.h>
45 #include <sys/condvar.h>
46 #include <sys/sysctl.h>
47 #include <sys/malloc.h>
48 #include <sys/taskqueue.h>
49 
50 #include <net/if.h>
51 #include <net/if_var.h>
52 
53 #include <machine/bus.h>
54 
55 #include <net/if.h>
56 #include <net/if_types.h>
57 #include <net/netisr.h>
58 #include <net/bpf.h>
59 #include <net/ethernet.h>
60 
61 #include <netinet/in.h>
62 #include <netinet/ip.h>
63 #include <netinet/ip6.h>
64 #include <netinet/udp.h>
65 
66 #include <net80211/ieee80211_ioctl.h>
67 
68 #include <dev/usb/usb.h>
69 #include <dev/usb/usbdi.h>
70 #include <dev/usb/usbdi_util.h>
71 #include <dev/usb/usb_cdc.h>
72 #include "usbdevs.h"
73 
74 #define	USB_DEBUG_VAR usie_debug
75 #include <dev/usb/usb_debug.h>
76 #include <dev/usb/usb_process.h>
77 #include <dev/usb/usb_msctest.h>
78 
79 #include <dev/usb/serial/usb_serial.h>
80 
81 #include <dev/usb/net/if_usievar.h>
82 
83 #ifdef	USB_DEBUG
84 static int usie_debug = 0;
85 
86 static SYSCTL_NODE(_hw_usb, OID_AUTO, usie, CTLFLAG_RW, 0, "sierra USB modem");
87 SYSCTL_INT(_hw_usb_usie, OID_AUTO, debug, CTLFLAG_RWTUN, &usie_debug, 0,
88     "usie debug level");
89 #endif
90 
91 /* Sierra Wireless Direct IP modems */
92 static const STRUCT_USB_HOST_ID usie_devs[] = {
93 #define	USIE_DEV(v, d) {				\
94     USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##d) }
95 	USIE_DEV(SIERRA, MC8700),
96 	USIE_DEV(SIERRA, TRUINSTALL),
97 	USIE_DEV(AIRPRIME, USB308),
98 #undef	USIE_DEV
99 };
100 
101 static device_probe_t usie_probe;
102 static device_attach_t usie_attach;
103 static device_detach_t usie_detach;
104 static void usie_free_softc(struct usie_softc *);
105 
106 static void usie_free(struct ucom_softc *);
107 static void usie_uc_update_line_state(struct ucom_softc *, uint8_t);
108 static void usie_uc_cfg_get_status(struct ucom_softc *, uint8_t *, uint8_t *);
109 static void usie_uc_cfg_set_dtr(struct ucom_softc *, uint8_t);
110 static void usie_uc_cfg_set_rts(struct ucom_softc *, uint8_t);
111 static void usie_uc_cfg_open(struct ucom_softc *);
112 static void usie_uc_cfg_close(struct ucom_softc *);
113 static void usie_uc_start_read(struct ucom_softc *);
114 static void usie_uc_stop_read(struct ucom_softc *);
115 static void usie_uc_start_write(struct ucom_softc *);
116 static void usie_uc_stop_write(struct ucom_softc *);
117 
118 static usb_callback_t usie_uc_tx_callback;
119 static usb_callback_t usie_uc_rx_callback;
120 static usb_callback_t usie_uc_status_callback;
121 static usb_callback_t usie_if_tx_callback;
122 static usb_callback_t usie_if_rx_callback;
123 static usb_callback_t usie_if_status_callback;
124 
125 static void usie_if_sync_to(void *);
126 static void usie_if_sync_cb(void *, int);
127 static void usie_if_status_cb(void *, int);
128 
129 static void usie_if_start(struct ifnet *);
130 static int usie_if_output(struct ifnet *, struct mbuf *,
131 	const struct sockaddr *, struct route *);
132 static void usie_if_init(void *);
133 static void usie_if_stop(struct usie_softc *);
134 static int usie_if_ioctl(struct ifnet *, u_long, caddr_t);
135 
136 static int usie_do_request(struct usie_softc *, struct usb_device_request *, void *);
137 static int usie_if_cmd(struct usie_softc *, uint8_t);
138 static void usie_cns_req(struct usie_softc *, uint32_t, uint16_t);
139 static void usie_cns_rsp(struct usie_softc *, struct usie_cns *);
140 static void usie_hip_rsp(struct usie_softc *, uint8_t *, uint32_t);
141 static int usie_driver_loaded(struct module *, int, void *);
142 
143 static const struct usb_config usie_uc_config[USIE_UC_N_XFER] = {
144 	[USIE_UC_STATUS] = {
145 		.type = UE_INTERRUPT,
146 		.endpoint = UE_ADDR_ANY,
147 		.direction = UE_DIR_IN,
148 		.bufsize = 0,		/* use wMaxPacketSize */
149 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
150 		.callback = &usie_uc_status_callback,
151 	},
152 	[USIE_UC_RX] = {
153 		.type = UE_BULK,
154 		.endpoint = UE_ADDR_ANY,
155 		.direction = UE_DIR_IN,
156 		.bufsize = USIE_BUFSIZE,
157 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,.proxy_buffer = 1,},
158 		.callback = &usie_uc_rx_callback,
159 	},
160 	[USIE_UC_TX] = {
161 		.type = UE_BULK,
162 		.endpoint = UE_ADDR_ANY,
163 		.direction = UE_DIR_OUT,
164 		.bufsize = USIE_BUFSIZE,
165 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
166 		.callback = &usie_uc_tx_callback,
167 	}
168 };
169 
170 static const struct usb_config usie_if_config[USIE_IF_N_XFER] = {
171 	[USIE_IF_STATUS] = {
172 		.type = UE_INTERRUPT,
173 		.endpoint = UE_ADDR_ANY,
174 		.direction = UE_DIR_IN,
175 		.bufsize = 0,		/* use wMaxPacketSize */
176 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
177 		.callback = &usie_if_status_callback,
178 	},
179 	[USIE_IF_RX] = {
180 		.type = UE_BULK,
181 		.endpoint = UE_ADDR_ANY,
182 		.direction = UE_DIR_IN,
183 		.bufsize = USIE_BUFSIZE,
184 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
185 		.callback = &usie_if_rx_callback,
186 	},
187 	[USIE_IF_TX] = {
188 		.type = UE_BULK,
189 		.endpoint = UE_ADDR_ANY,
190 		.direction = UE_DIR_OUT,
191 		.bufsize = MAX(USIE_BUFSIZE, MCLBYTES),
192 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
193 		.callback = &usie_if_tx_callback,
194 	}
195 };
196 
197 static device_method_t usie_methods[] = {
198 	DEVMETHOD(device_probe, usie_probe),
199 	DEVMETHOD(device_attach, usie_attach),
200 	DEVMETHOD(device_detach, usie_detach),
201 	DEVMETHOD_END
202 };
203 
204 static driver_t usie_driver = {
205 	.name = "usie",
206 	.methods = usie_methods,
207 	.size = sizeof(struct usie_softc),
208 };
209 
210 static devclass_t usie_devclass;
211 static eventhandler_tag usie_etag;
212 
213 DRIVER_MODULE(usie, uhub, usie_driver, usie_devclass, usie_driver_loaded, 0);
214 MODULE_DEPEND(usie, ucom, 1, 1, 1);
215 MODULE_DEPEND(usie, usb, 1, 1, 1);
216 MODULE_VERSION(usie, 1);
217 USB_PNP_HOST_INFO(usie_devs);
218 
219 static const struct ucom_callback usie_uc_callback = {
220 	.ucom_cfg_get_status = &usie_uc_cfg_get_status,
221 	.ucom_cfg_set_dtr = &usie_uc_cfg_set_dtr,
222 	.ucom_cfg_set_rts = &usie_uc_cfg_set_rts,
223 	.ucom_cfg_open = &usie_uc_cfg_open,
224 	.ucom_cfg_close = &usie_uc_cfg_close,
225 	.ucom_start_read = &usie_uc_start_read,
226 	.ucom_stop_read = &usie_uc_stop_read,
227 	.ucom_start_write = &usie_uc_start_write,
228 	.ucom_stop_write = &usie_uc_stop_write,
229 	.ucom_free = &usie_free,
230 };
231 
232 static void
233 usie_autoinst(void *arg, struct usb_device *udev,
234     struct usb_attach_arg *uaa)
235 {
236 	struct usb_interface *iface;
237 	struct usb_interface_descriptor *id;
238 	struct usb_device_request req;
239 	int err;
240 
241 	if (uaa->dev_state != UAA_DEV_READY)
242 		return;
243 
244 	iface = usbd_get_iface(udev, 0);
245 	if (iface == NULL)
246 		return;
247 
248 	id = iface->idesc;
249 	if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
250 		return;
251 
252 	if (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa) != 0)
253 		return;			/* no device match */
254 
255 	if (bootverbose) {
256 		DPRINTF("Ejecting %s %s\n",
257 		    usb_get_manufacturer(udev),
258 		    usb_get_product(udev));
259 	}
260 	req.bmRequestType = UT_VENDOR;
261 	req.bRequest = UR_SET_INTERFACE;
262 	USETW(req.wValue, UF_DEVICE_REMOTE_WAKEUP);
263 	USETW(req.wIndex, UHF_PORT_CONNECTION);
264 	USETW(req.wLength, 0);
265 
266 	/* at this moment there is no mutex */
267 	err = usbd_do_request_flags(udev, NULL, &req,
268 	    NULL, 0, NULL, 250 /* ms */ );
269 
270 	/* success, mark the udev as disappearing */
271 	if (err == 0)
272 		uaa->dev_state = UAA_DEV_EJECTING;
273 }
274 
275 static int
276 usie_probe(device_t self)
277 {
278 	struct usb_attach_arg *uaa = device_get_ivars(self);
279 
280 	if (uaa->usb_mode != USB_MODE_HOST)
281 		return (ENXIO);
282 	if (uaa->info.bConfigIndex != USIE_CNFG_INDEX)
283 		return (ENXIO);
284 	if (uaa->info.bIfaceIndex != USIE_IFACE_INDEX)
285 		return (ENXIO);
286 	if (uaa->info.bInterfaceClass != UICLASS_VENDOR)
287 		return (ENXIO);
288 
289 	return (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa));
290 }
291 
292 static int
293 usie_attach(device_t self)
294 {
295 	struct usie_softc *sc = device_get_softc(self);
296 	struct usb_attach_arg *uaa = device_get_ivars(self);
297 	struct ifnet *ifp;
298 	struct usb_interface *iface;
299 	struct usb_interface_descriptor *id;
300 	struct usb_device_request req;
301 	int err;
302 	uint16_t fwattr;
303 	uint8_t iface_index;
304 	uint8_t ifidx;
305 	uint8_t start;
306 
307 	device_set_usb_desc(self);
308 	sc->sc_udev = uaa->device;
309 	sc->sc_dev = self;
310 
311 	mtx_init(&sc->sc_mtx, "usie", MTX_NETWORK_LOCK, MTX_DEF);
312 	ucom_ref(&sc->sc_super_ucom);
313 
314 	TASK_INIT(&sc->sc_if_status_task, 0, usie_if_status_cb, sc);
315 	TASK_INIT(&sc->sc_if_sync_task, 0, usie_if_sync_cb, sc);
316 
317 	usb_callout_init_mtx(&sc->sc_if_sync_ch, &sc->sc_mtx, 0);
318 
319 	mtx_lock(&sc->sc_mtx);
320 
321 	/* set power mode to D0 */
322 	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
323 	req.bRequest = USIE_POWER;
324 	USETW(req.wValue, 0);
325 	USETW(req.wIndex, 0);
326 	USETW(req.wLength, 0);
327 	if (usie_do_request(sc, &req, NULL)) {
328 		mtx_unlock(&sc->sc_mtx);
329 		goto detach;
330 	}
331 	/* read fw attr */
332 	fwattr = 0;
333 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
334 	req.bRequest = USIE_FW_ATTR;
335 	USETW(req.wValue, 0);
336 	USETW(req.wIndex, 0);
337 	USETW(req.wLength, sizeof(fwattr));
338 	if (usie_do_request(sc, &req, &fwattr)) {
339 		mtx_unlock(&sc->sc_mtx);
340 		goto detach;
341 	}
342 	mtx_unlock(&sc->sc_mtx);
343 
344 	/* check DHCP supports */
345 	DPRINTF("fwattr=%x\n", fwattr);
346 	if (!(fwattr & USIE_FW_DHCP)) {
347 		device_printf(self, "DHCP is not supported. A firmware upgrade might be needed.\n");
348 	}
349 
350 	/* find available interfaces */
351 	sc->sc_nucom = 0;
352 	for (ifidx = 0; ifidx < USIE_IFACE_MAX; ifidx++) {
353 		iface = usbd_get_iface(uaa->device, ifidx);
354 		if (iface == NULL)
355 			break;
356 
357 		id = usbd_get_interface_descriptor(iface);
358 		if ((id == NULL) || (id->bInterfaceClass != UICLASS_VENDOR))
359 			continue;
360 
361 		/* setup Direct IP transfer */
362 		if (id->bInterfaceNumber >= 7 && id->bNumEndpoints == 3) {
363 			sc->sc_if_ifnum = id->bInterfaceNumber;
364 			iface_index = ifidx;
365 
366 			DPRINTF("ifnum=%d, ifidx=%d\n",
367 			    sc->sc_if_ifnum, ifidx);
368 
369 			err = usbd_transfer_setup(uaa->device,
370 			    &iface_index, sc->sc_if_xfer, usie_if_config,
371 			    USIE_IF_N_XFER, sc, &sc->sc_mtx);
372 
373 			if (err == 0)
374 				continue;
375 
376 			device_printf(self,
377 			    "could not allocate USB transfers on "
378 			    "iface_index=%d, err=%s\n",
379 			    iface_index, usbd_errstr(err));
380 			goto detach;
381 		}
382 
383 		/* setup ucom */
384 		if (sc->sc_nucom >= USIE_UCOM_MAX)
385 			continue;
386 
387 		usbd_set_parent_iface(uaa->device, ifidx,
388 		    uaa->info.bIfaceIndex);
389 
390 		DPRINTF("NumEndpoints=%d bInterfaceNumber=%d\n",
391 		    id->bNumEndpoints, id->bInterfaceNumber);
392 
393 		if (id->bNumEndpoints == 2) {
394 			sc->sc_uc_xfer[sc->sc_nucom][0] = NULL;
395 			start = 1;
396 		} else
397 			start = 0;
398 
399 		err = usbd_transfer_setup(uaa->device, &ifidx,
400 		    sc->sc_uc_xfer[sc->sc_nucom] + start,
401 		    usie_uc_config + start, USIE_UC_N_XFER - start,
402 		    &sc->sc_ucom[sc->sc_nucom], &sc->sc_mtx);
403 
404 		if (err != 0) {
405 			DPRINTF("usbd_transfer_setup error=%s\n", usbd_errstr(err));
406 			continue;
407 		}
408 
409 		mtx_lock(&sc->sc_mtx);
410 		for (; start < USIE_UC_N_XFER; start++)
411 			usbd_xfer_set_stall(sc->sc_uc_xfer[sc->sc_nucom][start]);
412 		mtx_unlock(&sc->sc_mtx);
413 
414 		sc->sc_uc_ifnum[sc->sc_nucom] = id->bInterfaceNumber;
415 
416 		sc->sc_nucom++;		/* found a port */
417 	}
418 
419 	if (sc->sc_nucom == 0) {
420 		device_printf(self, "no comports found\n");
421 		goto detach;
422 	}
423 
424 	err = ucom_attach(&sc->sc_super_ucom, sc->sc_ucom,
425 	    sc->sc_nucom, sc, &usie_uc_callback, &sc->sc_mtx);
426 
427 	if (err != 0) {
428 		DPRINTF("ucom_attach failed\n");
429 		goto detach;
430 	}
431 	DPRINTF("Found %d interfaces.\n", sc->sc_nucom);
432 
433 	/* setup ifnet (Direct IP) */
434 	sc->sc_ifp = ifp = if_alloc(IFT_OTHER);
435 
436 	if (ifp == NULL) {
437 		device_printf(self, "Could not allocate a network interface\n");
438 		goto detach;
439 	}
440 	if_initname(ifp, "usie", device_get_unit(self));
441 
442 	ifp->if_softc = sc;
443 	ifp->if_mtu = USIE_MTU_MAX;
444 	ifp->if_flags |= IFF_NOARP;
445 	ifp->if_init = usie_if_init;
446 	ifp->if_ioctl = usie_if_ioctl;
447 	ifp->if_start = usie_if_start;
448 	ifp->if_output = usie_if_output;
449 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
450 	ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
451 	IFQ_SET_READY(&ifp->if_snd);
452 
453 	if_attach(ifp);
454 	bpfattach(ifp, DLT_RAW, 0);
455 
456 	if (fwattr & USIE_PM_AUTO) {
457 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
458 		DPRINTF("enabling automatic suspend and resume\n");
459 	} else {
460 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_ON);
461 		DPRINTF("USB power is always ON\n");
462 	}
463 
464 	DPRINTF("device attached\n");
465 	return (0);
466 
467 detach:
468 	usie_detach(self);
469 	return (ENOMEM);
470 }
471 
472 static int
473 usie_detach(device_t self)
474 {
475 	struct usie_softc *sc = device_get_softc(self);
476 	uint8_t x;
477 
478 	/* detach ifnet */
479 	if (sc->sc_ifp != NULL) {
480 		usie_if_stop(sc);
481 		usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
482 		bpfdetach(sc->sc_ifp);
483 		if_detach(sc->sc_ifp);
484 		if_free(sc->sc_ifp);
485 		sc->sc_ifp = NULL;
486 	}
487 	/* detach ucom */
488 	if (sc->sc_nucom > 0)
489 		ucom_detach(&sc->sc_super_ucom, sc->sc_ucom);
490 
491 	/* stop all USB transfers */
492 	usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
493 
494 	for (x = 0; x != USIE_UCOM_MAX; x++)
495 		usbd_transfer_unsetup(sc->sc_uc_xfer[x], USIE_UC_N_XFER);
496 
497 
498 	device_claim_softc(self);
499 
500 	usie_free_softc(sc);
501 
502 	return (0);
503 }
504 
505 UCOM_UNLOAD_DRAIN(usie);
506 
507 static void
508 usie_free_softc(struct usie_softc *sc)
509 {
510 	if (ucom_unref(&sc->sc_super_ucom)) {
511 		mtx_destroy(&sc->sc_mtx);
512 		device_free_softc(sc);
513 	}
514 }
515 
516 static void
517 usie_free(struct ucom_softc *ucom)
518 {
519 	usie_free_softc(ucom->sc_parent);
520 }
521 
522 static void
523 usie_uc_update_line_state(struct ucom_softc *ucom, uint8_t ls)
524 {
525 	struct usie_softc *sc = ucom->sc_parent;
526 	struct usb_device_request req;
527 
528 	if (sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS] == NULL)
529 		return;
530 
531 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
532 	req.bRequest = USIE_LINK_STATE;
533 	USETW(req.wValue, ls);
534 	USETW(req.wIndex, sc->sc_uc_ifnum[ucom->sc_subunit]);
535 	USETW(req.wLength, 0);
536 
537 	DPRINTF("sc_uc_ifnum=%d\n", sc->sc_uc_ifnum[ucom->sc_subunit]);
538 
539 	usie_do_request(sc, &req, NULL);
540 }
541 
542 static void
543 usie_uc_cfg_get_status(struct ucom_softc *ucom, uint8_t *lsr, uint8_t *msr)
544 {
545 	struct usie_softc *sc = ucom->sc_parent;
546 
547 	*msr = sc->sc_msr;
548 	*lsr = sc->sc_lsr;
549 }
550 
551 static void
552 usie_uc_cfg_set_dtr(struct ucom_softc *ucom, uint8_t flag)
553 {
554 	uint8_t dtr;
555 
556 	dtr = flag ? USIE_LS_DTR : 0;
557 	usie_uc_update_line_state(ucom, dtr);
558 }
559 
560 static void
561 usie_uc_cfg_set_rts(struct ucom_softc *ucom, uint8_t flag)
562 {
563 	uint8_t rts;
564 
565 	rts = flag ? USIE_LS_RTS : 0;
566 	usie_uc_update_line_state(ucom, rts);
567 }
568 
569 static void
570 usie_uc_cfg_open(struct ucom_softc *ucom)
571 {
572 	struct usie_softc *sc = ucom->sc_parent;
573 
574 	/* usbd_transfer_start() is NULL safe */
575 
576 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
577 }
578 
579 static void
580 usie_uc_cfg_close(struct ucom_softc *ucom)
581 {
582 	struct usie_softc *sc = ucom->sc_parent;
583 
584 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
585 }
586 
587 static void
588 usie_uc_start_read(struct ucom_softc *ucom)
589 {
590 	struct usie_softc *sc = ucom->sc_parent;
591 
592 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
593 }
594 
595 static void
596 usie_uc_stop_read(struct ucom_softc *ucom)
597 {
598 	struct usie_softc *sc = ucom->sc_parent;
599 
600 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
601 }
602 
603 static void
604 usie_uc_start_write(struct ucom_softc *ucom)
605 {
606 	struct usie_softc *sc = ucom->sc_parent;
607 
608 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
609 }
610 
611 static void
612 usie_uc_stop_write(struct ucom_softc *ucom)
613 {
614 	struct usie_softc *sc = ucom->sc_parent;
615 
616 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
617 }
618 
619 static void
620 usie_uc_rx_callback(struct usb_xfer *xfer, usb_error_t error)
621 {
622 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
623 	struct usie_softc *sc = ucom->sc_parent;
624 	struct usb_page_cache *pc;
625 	uint32_t actlen;
626 
627 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
628 
629 	switch (USB_GET_STATE(xfer)) {
630 	case USB_ST_TRANSFERRED:
631 		pc = usbd_xfer_get_frame(xfer, 0);
632 
633 		/* handle CnS response */
634 		if (ucom == sc->sc_ucom && actlen >= USIE_HIPCNS_MIN) {
635 
636 			DPRINTF("transferred=%u\n", actlen);
637 
638 			/* check if it is really CnS reply */
639 			usbd_copy_out(pc, 0, sc->sc_resp_temp, 1);
640 
641 			if (sc->sc_resp_temp[0] == USIE_HIP_FRM_CHR) {
642 
643 				/* verify actlen */
644 				if (actlen > USIE_BUFSIZE)
645 					actlen = USIE_BUFSIZE;
646 
647 				/* get complete message */
648 				usbd_copy_out(pc, 0, sc->sc_resp_temp, actlen);
649 				usie_hip_rsp(sc, sc->sc_resp_temp, actlen);
650 
651 				/* need to fall though */
652 				goto tr_setup;
653 			}
654 			/* else call ucom_put_data() */
655 		}
656 		/* standard ucom transfer */
657 		ucom_put_data(ucom, pc, 0, actlen);
658 
659 		/* fall though */
660 	case USB_ST_SETUP:
661 tr_setup:
662 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
663 		usbd_transfer_submit(xfer);
664 		break;
665 
666 	default:			/* Error */
667 		if (error != USB_ERR_CANCELLED) {
668 			usbd_xfer_set_stall(xfer);
669 			goto tr_setup;
670 		}
671 		break;
672 	}
673 }
674 
675 static void
676 usie_uc_tx_callback(struct usb_xfer *xfer, usb_error_t error)
677 {
678 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
679 	struct usb_page_cache *pc;
680 	uint32_t actlen;
681 
682 	switch (USB_GET_STATE(xfer)) {
683 	case USB_ST_TRANSFERRED:
684 	case USB_ST_SETUP:
685 tr_setup:
686 		pc = usbd_xfer_get_frame(xfer, 0);
687 
688 		/* handle CnS request */
689 		struct mbuf *m = usbd_xfer_get_priv(xfer);
690 
691 		if (m != NULL) {
692 			usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
693 			usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len);
694 			usbd_xfer_set_priv(xfer, NULL);
695 			usbd_transfer_submit(xfer);
696 			m_freem(m);
697 			break;
698 		}
699 		/* standard ucom transfer */
700 		if (ucom_get_data(ucom, pc, 0, USIE_BUFSIZE, &actlen)) {
701 			usbd_xfer_set_frame_len(xfer, 0, actlen);
702 			usbd_transfer_submit(xfer);
703 		}
704 		break;
705 
706 	default:			/* Error */
707 		if (error != USB_ERR_CANCELLED) {
708 			usbd_xfer_set_stall(xfer);
709 			goto tr_setup;
710 		}
711 		break;
712 	}
713 }
714 
715 static void
716 usie_uc_status_callback(struct usb_xfer *xfer, usb_error_t error)
717 {
718 	struct usb_page_cache *pc;
719 	struct {
720 		struct usb_device_request req;
721 		uint16_t param;
722 	}      st;
723 	uint32_t actlen;
724 	uint16_t param;
725 
726 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
727 
728 	switch (USB_GET_STATE(xfer)) {
729 	case USB_ST_TRANSFERRED:
730 		DPRINTFN(4, "info received, actlen=%u\n", actlen);
731 
732 		if (actlen < sizeof(st)) {
733 			DPRINTF("data too short actlen=%u\n", actlen);
734 			goto tr_setup;
735 		}
736 		pc = usbd_xfer_get_frame(xfer, 0);
737 		usbd_copy_out(pc, 0, &st, sizeof(st));
738 
739 		if (st.req.bmRequestType == 0xa1 && st.req.bRequest == 0x20) {
740 			struct ucom_softc *ucom = usbd_xfer_softc(xfer);
741 			struct usie_softc *sc = ucom->sc_parent;
742 
743 			param = le16toh(st.param);
744 			DPRINTF("param=%x\n", param);
745 			sc->sc_msr = sc->sc_lsr = 0;
746 			sc->sc_msr |= (param & USIE_DCD) ? SER_DCD : 0;
747 			sc->sc_msr |= (param & USIE_DSR) ? SER_DSR : 0;
748 			sc->sc_msr |= (param & USIE_RI) ? SER_RI : 0;
749 			sc->sc_msr |= (param & USIE_CTS) ? 0 : SER_CTS;
750 			sc->sc_msr |= (param & USIE_RTS) ? SER_RTS : 0;
751 			sc->sc_msr |= (param & USIE_DTR) ? SER_DTR : 0;
752 		}
753 		/* fall though */
754 	case USB_ST_SETUP:
755 tr_setup:
756 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
757 		usbd_transfer_submit(xfer);
758 		break;
759 
760 	default:			/* Error */
761 		DPRINTF("USB transfer error, %s\n",
762 		    usbd_errstr(error));
763 
764 		if (error != USB_ERR_CANCELLED) {
765 			usbd_xfer_set_stall(xfer);
766 			goto tr_setup;
767 		}
768 		break;
769 	}
770 }
771 
772 static void
773 usie_if_rx_callback(struct usb_xfer *xfer, usb_error_t error)
774 {
775 	struct usie_softc *sc = usbd_xfer_softc(xfer);
776 	struct ifnet *ifp = sc->sc_ifp;
777 	struct mbuf *m0;
778 	struct mbuf *m = NULL;
779 	struct usie_desc *rxd;
780 	uint32_t actlen;
781 	uint16_t err;
782 	uint16_t pkt;
783 	uint16_t ipl;
784 	uint16_t len;
785 	uint16_t diff;
786 	uint8_t pad;
787 	uint8_t ipv;
788 
789 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
790 
791 	switch (USB_GET_STATE(xfer)) {
792 	case USB_ST_TRANSFERRED:
793 		DPRINTFN(15, "rx done, actlen=%u\n", actlen);
794 
795 		if (actlen < sizeof(struct usie_hip)) {
796 			DPRINTF("data too short %u\n", actlen);
797 			goto tr_setup;
798 		}
799 		m = sc->sc_rxm;
800 		sc->sc_rxm = NULL;
801 
802 		/* fall though */
803 	case USB_ST_SETUP:
804 tr_setup:
805 
806 		if (sc->sc_rxm == NULL) {
807 			sc->sc_rxm = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
808 			    MJUMPAGESIZE /* could be bigger than MCLBYTES */ );
809 		}
810 		if (sc->sc_rxm == NULL) {
811 			DPRINTF("could not allocate Rx mbuf\n");
812 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
813 			usbd_xfer_set_stall(xfer);
814 			usbd_xfer_set_frames(xfer, 0);
815 		} else {
816 			/*
817 			 * Directly loading a mbuf cluster into DMA to
818 			 * save some data copying. This works because
819 			 * there is only one cluster.
820 			 */
821 			usbd_xfer_set_frame_data(xfer, 0,
822 			    mtod(sc->sc_rxm, caddr_t), MIN(MJUMPAGESIZE, USIE_RXSZ_MAX));
823 			usbd_xfer_set_frames(xfer, 1);
824 		}
825 		usbd_transfer_submit(xfer);
826 		break;
827 
828 	default:			/* Error */
829 		DPRINTF("USB transfer error, %s\n", usbd_errstr(error));
830 
831 		if (error != USB_ERR_CANCELLED) {
832 			/* try to clear stall first */
833 			usbd_xfer_set_stall(xfer);
834 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
835 			goto tr_setup;
836 		}
837 		if (sc->sc_rxm != NULL) {
838 			m_freem(sc->sc_rxm);
839 			sc->sc_rxm = NULL;
840 		}
841 		break;
842 	}
843 
844 	if (m == NULL)
845 		return;
846 
847 	mtx_unlock(&sc->sc_mtx);
848 
849 	m->m_pkthdr.len = m->m_len = actlen;
850 
851 	err = pkt = 0;
852 
853 	/* HW can aggregate multiple frames in a single USB xfer */
854 	for (;;) {
855 		rxd = mtod(m, struct usie_desc *);
856 
857 		len = be16toh(rxd->hip.len) & USIE_HIP_IP_LEN_MASK;
858 		pad = (rxd->hip.id & USIE_HIP_PAD) ? 1 : 0;
859 		ipl = (len - pad - ETHER_HDR_LEN);
860 		if (ipl >= len) {
861 			DPRINTF("Corrupt frame\n");
862 			m_freem(m);
863 			break;
864 		}
865 		diff = sizeof(struct usie_desc) + ipl + pad;
866 
867 		if (((rxd->hip.id & USIE_HIP_MASK) != USIE_HIP_IP) ||
868 		    (be16toh(rxd->desc_type) & USIE_TYPE_MASK) != USIE_IP_RX) {
869 			DPRINTF("received wrong type of packet\n");
870 			m->m_data += diff;
871 			m->m_pkthdr.len = (m->m_len -= diff);
872 			err++;
873 			if (m->m_pkthdr.len > 0)
874 				continue;
875 			m_freem(m);
876 			break;
877 		}
878 		switch (be16toh(rxd->ethhdr.ether_type)) {
879 		case ETHERTYPE_IP:
880 			ipv = NETISR_IP;
881 			break;
882 #ifdef INET6
883 		case ETHERTYPE_IPV6:
884 			ipv = NETISR_IPV6;
885 			break;
886 #endif
887 		default:
888 			DPRINTF("unsupported ether type\n");
889 			err++;
890 			break;
891 		}
892 
893 		/* the last packet */
894 		if (m->m_pkthdr.len <= diff) {
895 			m->m_data += (sizeof(struct usie_desc) + pad);
896 			m->m_pkthdr.len = m->m_len = ipl;
897 			m->m_pkthdr.rcvif = ifp;
898 			BPF_MTAP(sc->sc_ifp, m);
899 			netisr_dispatch(ipv, m);
900 			break;
901 		}
902 		/* copy aggregated frames to another mbuf */
903 		m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
904 		if (__predict_false(m0 == NULL)) {
905 			DPRINTF("could not allocate mbuf\n");
906 			err++;
907 			m_freem(m);
908 			break;
909 		}
910 		m_copydata(m, sizeof(struct usie_desc) + pad, ipl, mtod(m0, caddr_t));
911 		m0->m_pkthdr.rcvif = ifp;
912 		m0->m_pkthdr.len = m0->m_len = ipl;
913 
914 		BPF_MTAP(sc->sc_ifp, m0);
915 		netisr_dispatch(ipv, m0);
916 
917 		m->m_data += diff;
918 		m->m_pkthdr.len = (m->m_len -= diff);
919 	}
920 
921 	mtx_lock(&sc->sc_mtx);
922 
923 	if_inc_counter(ifp, IFCOUNTER_IERRORS, err);
924 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, pkt);
925 }
926 
927 static void
928 usie_if_tx_callback(struct usb_xfer *xfer, usb_error_t error)
929 {
930 	struct usie_softc *sc = usbd_xfer_softc(xfer);
931 	struct usb_page_cache *pc;
932 	struct ifnet *ifp = sc->sc_ifp;
933 	struct mbuf *m;
934 	uint16_t size;
935 
936 	switch (USB_GET_STATE(xfer)) {
937 	case USB_ST_TRANSFERRED:
938 		DPRINTFN(11, "transfer complete\n");
939 		ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
940 		if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
941 
942 		/* fall though */
943 	case USB_ST_SETUP:
944 tr_setup:
945 
946 		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
947 			break;
948 
949 		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
950 		if (m == NULL)
951 			break;
952 
953 		if (m->m_pkthdr.len > (int)(MCLBYTES - ETHER_HDR_LEN +
954 		    ETHER_CRC_LEN - sizeof(sc->sc_txd))) {
955 			DPRINTF("packet len is too big: %d\n",
956 			    m->m_pkthdr.len);
957 			break;
958 		}
959 		pc = usbd_xfer_get_frame(xfer, 0);
960 
961 		sc->sc_txd.hip.len = htobe16(m->m_pkthdr.len +
962 		    ETHER_HDR_LEN + ETHER_CRC_LEN);
963 		size = sizeof(sc->sc_txd);
964 
965 		usbd_copy_in(pc, 0, &sc->sc_txd, size);
966 		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
967 		usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len +
968 		    size + ETHER_CRC_LEN);
969 
970 		BPF_MTAP(ifp, m);
971 
972 		m_freem(m);
973 
974 		usbd_transfer_submit(xfer);
975 		break;
976 
977 	default:			/* Error */
978 		DPRINTF("USB transfer error, %s\n",
979 		    usbd_errstr(error));
980 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
981 
982 		if (error != USB_ERR_CANCELLED) {
983 			usbd_xfer_set_stall(xfer);
984 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
985 			goto tr_setup;
986 		}
987 		break;
988 	}
989 }
990 
991 static void
992 usie_if_status_callback(struct usb_xfer *xfer, usb_error_t error)
993 {
994 	struct usie_softc *sc = usbd_xfer_softc(xfer);
995 	struct usb_page_cache *pc;
996 	struct usb_cdc_notification cdc;
997 	uint32_t actlen;
998 
999 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1000 
1001 	switch (USB_GET_STATE(xfer)) {
1002 	case USB_ST_TRANSFERRED:
1003 		DPRINTFN(4, "info received, actlen=%d\n", actlen);
1004 
1005 		/* usb_cdc_notification - .data[16] */
1006 		if (actlen < (sizeof(cdc) - 16)) {
1007 			DPRINTF("data too short %d\n", actlen);
1008 			goto tr_setup;
1009 		}
1010 		pc = usbd_xfer_get_frame(xfer, 0);
1011 		usbd_copy_out(pc, 0, &cdc, (sizeof(cdc) - 16));
1012 
1013 		DPRINTFN(4, "bNotification=%x\n", cdc.bNotification);
1014 
1015 		if (cdc.bNotification & UCDC_N_RESPONSE_AVAILABLE) {
1016 			taskqueue_enqueue(taskqueue_thread,
1017 			    &sc->sc_if_status_task);
1018 		}
1019 		/* fall though */
1020 	case USB_ST_SETUP:
1021 tr_setup:
1022 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1023 		usbd_transfer_submit(xfer);
1024 		break;
1025 
1026 	default:			/* Error */
1027 		DPRINTF("USB transfer error, %s\n",
1028 		    usbd_errstr(error));
1029 
1030 		if (error != USB_ERR_CANCELLED) {
1031 			usbd_xfer_set_stall(xfer);
1032 			goto tr_setup;
1033 		}
1034 		break;
1035 	}
1036 }
1037 
1038 static void
1039 usie_if_sync_to(void *arg)
1040 {
1041 	struct usie_softc *sc = arg;
1042 
1043 	taskqueue_enqueue(taskqueue_thread, &sc->sc_if_sync_task);
1044 }
1045 
1046 static void
1047 usie_if_sync_cb(void *arg, int pending)
1048 {
1049 	struct usie_softc *sc = arg;
1050 
1051 	mtx_lock(&sc->sc_mtx);
1052 
1053 	/* call twice */
1054 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1055 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1056 
1057 	usb_callout_reset(&sc->sc_if_sync_ch, 2 * hz, usie_if_sync_to, sc);
1058 
1059 	mtx_unlock(&sc->sc_mtx);
1060 }
1061 
1062 static void
1063 usie_if_status_cb(void *arg, int pending)
1064 {
1065 	struct usie_softc *sc = arg;
1066 	struct ifnet *ifp = sc->sc_ifp;
1067 	struct usb_device_request req;
1068 	struct usie_hip *hip;
1069 	struct usie_lsi *lsi;
1070 	uint16_t actlen;
1071 	uint8_t ntries;
1072 	uint8_t pad;
1073 
1074 	mtx_lock(&sc->sc_mtx);
1075 
1076 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1077 	req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE;
1078 	USETW(req.wValue, 0);
1079 	USETW(req.wIndex, sc->sc_if_ifnum);
1080 	USETW(req.wLength, sizeof(sc->sc_status_temp));
1081 
1082 	for (ntries = 0; ntries != 10; ntries++) {
1083 		int err;
1084 
1085 		err = usbd_do_request_flags(sc->sc_udev,
1086 		    &sc->sc_mtx, &req, sc->sc_status_temp, USB_SHORT_XFER_OK,
1087 		    &actlen, USB_DEFAULT_TIMEOUT);
1088 
1089 		if (err == 0)
1090 			break;
1091 
1092 		DPRINTF("Control request failed: %s %d/10\n",
1093 		    usbd_errstr(err), ntries);
1094 
1095 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1096 	}
1097 
1098 	if (ntries == 10) {
1099 		mtx_unlock(&sc->sc_mtx);
1100 		DPRINTF("Timeout\n");
1101 		return;
1102 	}
1103 
1104 	hip = (struct usie_hip *)sc->sc_status_temp;
1105 
1106 	pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1107 
1108 	DPRINTF("hip.id=%x hip.len=%d actlen=%u pad=%d\n",
1109 	    hip->id, be16toh(hip->len), actlen, pad);
1110 
1111 	switch (hip->id & USIE_HIP_MASK) {
1112 	case USIE_HIP_SYNC2H:
1113 		usie_if_cmd(sc, USIE_HIP_SYNC2M);
1114 		break;
1115 	case USIE_HIP_RESTR:
1116 		usb_callout_stop(&sc->sc_if_sync_ch);
1117 		break;
1118 	case USIE_HIP_UMTS:
1119 		lsi = (struct usie_lsi *)(
1120 		    sc->sc_status_temp + sizeof(struct usie_hip) + pad);
1121 
1122 		DPRINTF("lsi.proto=%x lsi.len=%d\n", lsi->proto,
1123 		    be16toh(lsi->len));
1124 
1125 		if (lsi->proto != USIE_LSI_UMTS)
1126 			break;
1127 
1128 		if (lsi->area == USIE_LSI_AREA_NO ||
1129 		    lsi->area == USIE_LSI_AREA_NODATA) {
1130 			device_printf(sc->sc_dev, "no service available\n");
1131 			break;
1132 		}
1133 		if (lsi->state == USIE_LSI_STATE_IDLE) {
1134 			DPRINTF("lsi.state=%x\n", lsi->state);
1135 			break;
1136 		}
1137 		DPRINTF("ctx=%x\n", hip->param);
1138 		sc->sc_txd.hip.param = hip->param;
1139 
1140 		sc->sc_net.addr_len = lsi->pdp_addr_len;
1141 		memcpy(&sc->sc_net.dns1_addr, &lsi->dns1_addr, 16);
1142 		memcpy(&sc->sc_net.dns2_addr, &lsi->dns2_addr, 16);
1143 		memcpy(sc->sc_net.pdp_addr, lsi->pdp_addr, 16);
1144 		memcpy(sc->sc_net.gw_addr, lsi->gw_addr, 16);
1145 		ifp->if_flags |= IFF_UP;
1146 		ifp->if_drv_flags |= IFF_DRV_RUNNING;
1147 
1148 		device_printf(sc->sc_dev, "IP Addr=%d.%d.%d.%d\n",
1149 		    *lsi->pdp_addr, *(lsi->pdp_addr + 1),
1150 		    *(lsi->pdp_addr + 2), *(lsi->pdp_addr + 3));
1151 		device_printf(sc->sc_dev, "Gateway Addr=%d.%d.%d.%d\n",
1152 		    *lsi->gw_addr, *(lsi->gw_addr + 1),
1153 		    *(lsi->gw_addr + 2), *(lsi->gw_addr + 3));
1154 		device_printf(sc->sc_dev, "Prim NS Addr=%d.%d.%d.%d\n",
1155 		    *lsi->dns1_addr, *(lsi->dns1_addr + 1),
1156 		    *(lsi->dns1_addr + 2), *(lsi->dns1_addr + 3));
1157 		device_printf(sc->sc_dev, "Scnd NS Addr=%d.%d.%d.%d\n",
1158 		    *lsi->dns2_addr, *(lsi->dns2_addr + 1),
1159 		    *(lsi->dns2_addr + 2), *(lsi->dns2_addr + 3));
1160 
1161 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1162 		break;
1163 
1164 	case USIE_HIP_RCGI:
1165 		/* ignore, workaround for sloppy windows */
1166 		break;
1167 	default:
1168 		DPRINTF("undefined msgid: %x\n", hip->id);
1169 		break;
1170 	}
1171 
1172 	mtx_unlock(&sc->sc_mtx);
1173 }
1174 
1175 static void
1176 usie_if_start(struct ifnet *ifp)
1177 {
1178 	struct usie_softc *sc = ifp->if_softc;
1179 
1180 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1181 		DPRINTF("Not running\n");
1182 		return;
1183 	}
1184 	mtx_lock(&sc->sc_mtx);
1185 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_TX]);
1186 	mtx_unlock(&sc->sc_mtx);
1187 
1188 	DPRINTFN(3, "interface started\n");
1189 }
1190 
1191 static int
1192 usie_if_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
1193     struct route *ro)
1194 {
1195 	int err;
1196 
1197 	DPRINTF("proto=%x\n", dst->sa_family);
1198 
1199 	switch (dst->sa_family) {
1200 #ifdef INET6
1201 	case AF_INET6;
1202 	/* fall though */
1203 #endif
1204 	case AF_INET:
1205 		break;
1206 
1207 		/* silently drop dhclient packets */
1208 	case AF_UNSPEC:
1209 		m_freem(m);
1210 		return (0);
1211 
1212 		/* drop other packet types */
1213 	default:
1214 		m_freem(m);
1215 		return (EAFNOSUPPORT);
1216 	}
1217 
1218 	err = (ifp->if_transmit)(ifp, m);
1219 	if (err) {
1220 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1221 		return (ENOBUFS);
1222 	}
1223 	if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
1224 
1225 	return (0);
1226 }
1227 
1228 static void
1229 usie_if_init(void *arg)
1230 {
1231 	struct usie_softc *sc = arg;
1232 	struct ifnet *ifp = sc->sc_ifp;
1233 	uint8_t i;
1234 
1235 	mtx_lock(&sc->sc_mtx);
1236 
1237 	/* write tx descriptor */
1238 	sc->sc_txd.hip.id = USIE_HIP_CTX;
1239 	sc->sc_txd.hip.param = 0;	/* init value */
1240 	sc->sc_txd.desc_type = htobe16(USIE_IP_TX);
1241 
1242 	for (i = 0; i != USIE_IF_N_XFER; i++)
1243 		usbd_xfer_set_stall(sc->sc_if_xfer[i]);
1244 
1245 	usbd_transfer_start(sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_RX]);
1246 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_STATUS]);
1247 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_RX]);
1248 
1249 	/* if not running, initiate the modem */
1250 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1251 		usie_cns_req(sc, USIE_CNS_ID_INIT, USIE_CNS_OB_LINK_UPDATE);
1252 
1253 	mtx_unlock(&sc->sc_mtx);
1254 
1255 	DPRINTF("ifnet initialized\n");
1256 }
1257 
1258 static void
1259 usie_if_stop(struct usie_softc *sc)
1260 {
1261 	usb_callout_drain(&sc->sc_if_sync_ch);
1262 
1263 	mtx_lock(&sc->sc_mtx);
1264 
1265 	/* usie_cns_req() clears IFF_* flags */
1266 	usie_cns_req(sc, USIE_CNS_ID_STOP, USIE_CNS_OB_LINK_UPDATE);
1267 
1268 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_TX]);
1269 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_RX]);
1270 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_STATUS]);
1271 
1272 	/* shutdown device */
1273 	usie_if_cmd(sc, USIE_HIP_DOWN);
1274 
1275 	mtx_unlock(&sc->sc_mtx);
1276 }
1277 
1278 static int
1279 usie_if_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1280 {
1281 	struct usie_softc *sc = ifp->if_softc;
1282 	struct ieee80211req *ireq;
1283 	struct ieee80211req_sta_info si;
1284 	struct ifmediareq *ifmr;
1285 
1286 	switch (cmd) {
1287 	case SIOCSIFFLAGS:
1288 		if (ifp->if_flags & IFF_UP) {
1289 			if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1290 				usie_if_init(sc);
1291 		} else {
1292 			if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1293 				usie_if_stop(sc);
1294 		}
1295 		break;
1296 
1297 	case SIOCSIFCAP:
1298 		if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1299 			device_printf(sc->sc_dev,
1300 			    "Connect to the network first.\n");
1301 			break;
1302 		}
1303 		mtx_lock(&sc->sc_mtx);
1304 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1305 		mtx_unlock(&sc->sc_mtx);
1306 		break;
1307 
1308 	case SIOCG80211:
1309 		ireq = (struct ieee80211req *)data;
1310 
1311 		if (ireq->i_type != IEEE80211_IOC_STA_INFO)
1312 			break;
1313 
1314 		memset(&si, 0, sizeof(si));
1315 		si.isi_len = sizeof(si);
1316 		/*
1317 		 * ifconfig expects RSSI in 0.5dBm units
1318 		 * relative to the noise floor.
1319 		 */
1320 		si.isi_rssi = 2 * sc->sc_rssi;
1321 		if (copyout(&si, (uint8_t *)ireq->i_data + 8,
1322 		    sizeof(struct ieee80211req_sta_info)))
1323 			DPRINTF("copyout failed\n");
1324 		DPRINTF("80211\n");
1325 		break;
1326 
1327 	case SIOCGIFMEDIA:		/* to fool ifconfig */
1328 		ifmr = (struct ifmediareq *)data;
1329 		ifmr->ifm_count = 1;
1330 		DPRINTF("media\n");
1331 		break;
1332 
1333 	case SIOCSIFADDR:
1334 		break;
1335 
1336 	default:
1337 		return (EINVAL);
1338 	}
1339 	return (0);
1340 }
1341 
1342 static int
1343 usie_do_request(struct usie_softc *sc, struct usb_device_request *req,
1344     void *data)
1345 {
1346 	int err = 0;
1347 	int ntries;
1348 
1349 	mtx_assert(&sc->sc_mtx, MA_OWNED);
1350 
1351 	for (ntries = 0; ntries != 10; ntries++) {
1352 		err = usbd_do_request(sc->sc_udev,
1353 		    &sc->sc_mtx, req, data);
1354 		if (err == 0)
1355 			break;
1356 
1357 		DPRINTF("Control request failed: %s %d/10\n",
1358 		    usbd_errstr(err), ntries);
1359 
1360 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1361 	}
1362 	return (err);
1363 }
1364 
1365 static int
1366 usie_if_cmd(struct usie_softc *sc, uint8_t cmd)
1367 {
1368 	struct usb_device_request req;
1369 	struct usie_hip msg;
1370 
1371 	msg.len = 0;
1372 	msg.id = cmd;
1373 	msg.param = 0;
1374 
1375 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1376 	req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND;
1377 	USETW(req.wValue, 0);
1378 	USETW(req.wIndex, sc->sc_if_ifnum);
1379 	USETW(req.wLength, sizeof(msg));
1380 
1381 	DPRINTF("cmd=%x\n", cmd);
1382 
1383 	return (usie_do_request(sc, &req, &msg));
1384 }
1385 
1386 static void
1387 usie_cns_req(struct usie_softc *sc, uint32_t id, uint16_t obj)
1388 {
1389 	struct ifnet *ifp = sc->sc_ifp;
1390 	struct mbuf *m;
1391 	struct usb_xfer *xfer;
1392 	struct usie_hip *hip;
1393 	struct usie_cns *cns;
1394 	uint8_t *param;
1395 	uint8_t *tmp;
1396 	uint8_t cns_len;
1397 
1398 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1399 	if (__predict_false(m == NULL)) {
1400 		DPRINTF("could not allocate mbuf\n");
1401 		if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1402 		return;
1403 	}
1404 	/* to align usie_hip{} on 32 bit */
1405 	m->m_data += 3;
1406 	param = mtod(m, uint8_t *);
1407 	*param++ = USIE_HIP_FRM_CHR;
1408 	hip = (struct usie_hip *)param;
1409 	cns = (struct usie_cns *)(hip + 1);
1410 
1411 	tmp = param + USIE_HIPCNS_MIN - 2;
1412 
1413 	switch (obj) {
1414 	case USIE_CNS_OB_LINK_UPDATE:
1415 		cns_len = 2;
1416 		cns->op = USIE_CNS_OP_SET;
1417 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1418 		*tmp++ = id == USIE_CNS_ID_INIT ? 1 : 0;
1419 		break;
1420 
1421 	case USIE_CNS_OB_PROF_WRITE:
1422 		cns_len = 245;
1423 		cns->op = USIE_CNS_OP_SET;
1424 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1425 		*tmp++ = 2;
1426 		memcpy(tmp, &sc->sc_net, 34);
1427 		memset(tmp + 35, 0, 245 - 36);
1428 		tmp += 243;
1429 		break;
1430 
1431 	case USIE_CNS_OB_RSSI:
1432 		cns_len = 0;
1433 		cns->op = USIE_CNS_OP_REQ;
1434 		break;
1435 
1436 	default:
1437 		DPRINTF("unsupported CnS object type\n");
1438 		return;
1439 	}
1440 	*tmp = USIE_HIP_FRM_CHR;
1441 
1442 	hip->len = htobe16(sizeof(struct usie_cns) + cns_len);
1443 	hip->id = USIE_HIP_CNS2M;
1444 	hip->param = 0;			/* none for CnS */
1445 
1446 	cns->obj = htobe16(obj);
1447 	cns->id = htobe32(id);
1448 	cns->len = cns_len;
1449 	cns->rsv0 = cns->rsv1 = 0;	/* always '0' */
1450 
1451 	param = (uint8_t *)(cns + 1);
1452 
1453 	DPRINTF("param: %16D\n", param, ":");
1454 
1455 	m->m_pkthdr.len = m->m_len = USIE_HIPCNS_MIN + cns_len + 2;
1456 
1457 	xfer = sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_TX];
1458 
1459 	if (usbd_xfer_get_priv(xfer) == NULL) {
1460 		usbd_xfer_set_priv(xfer, m);
1461 		usbd_transfer_start(xfer);
1462 	} else {
1463 		DPRINTF("Dropped CNS event\n");
1464 		m_freem(m);
1465 	}
1466 }
1467 
1468 static void
1469 usie_cns_rsp(struct usie_softc *sc, struct usie_cns *cns)
1470 {
1471 	struct ifnet *ifp = sc->sc_ifp;
1472 
1473 	DPRINTF("received CnS\n");
1474 
1475 	switch (be16toh(cns->obj)) {
1476 	case USIE_CNS_OB_LINK_UPDATE:
1477 		if (be32toh(cns->id) & USIE_CNS_ID_INIT)
1478 			usie_if_sync_to(sc);
1479 		else if (be32toh(cns->id) & USIE_CNS_ID_STOP) {
1480 			ifp->if_flags &= ~IFF_UP;
1481 			ifp->if_drv_flags &=
1482 			    ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
1483 		} else
1484 			DPRINTF("undefined link update\n");
1485 		break;
1486 
1487 	case USIE_CNS_OB_RSSI:
1488 		sc->sc_rssi = be16toh(*(int16_t *)(cns + 1));
1489 		if (sc->sc_rssi <= 0)
1490 			device_printf(sc->sc_dev, "No signal\n");
1491 		else {
1492 			device_printf(sc->sc_dev, "RSSI=%ddBm\n",
1493 			    sc->sc_rssi - 110);
1494 		}
1495 		break;
1496 
1497 	case USIE_CNS_OB_PROF_WRITE:
1498 		break;
1499 
1500 	case USIE_CNS_OB_PDP_READ:
1501 		break;
1502 
1503 	default:
1504 		DPRINTF("undefined CnS\n");
1505 		break;
1506 	}
1507 }
1508 
1509 static void
1510 usie_hip_rsp(struct usie_softc *sc, uint8_t *rsp, uint32_t len)
1511 {
1512 	struct usie_hip *hip;
1513 	struct usie_cns *cns;
1514 	uint32_t i;
1515 	uint32_t j;
1516 	uint32_t off;
1517 	uint8_t tmp[USIE_HIPCNS_MAX] __aligned(4);
1518 
1519 	for (off = 0; (off + USIE_HIPCNS_MIN) <= len; off++) {
1520 
1521 		uint8_t pad;
1522 
1523 		while ((off < len) && (rsp[off] == USIE_HIP_FRM_CHR))
1524 			off++;
1525 
1526 		/* Unstuff the bytes */
1527 		for (i = j = 0; ((i + off) < len) &&
1528 		    (j < USIE_HIPCNS_MAX); i++) {
1529 
1530 			if (rsp[i + off] == USIE_HIP_FRM_CHR)
1531 				break;
1532 
1533 			if (rsp[i + off] == USIE_HIP_ESC_CHR) {
1534 				if ((i + off + 1) >= len)
1535 					break;
1536 				tmp[j++] = rsp[i++ + off + 1] ^ 0x20;
1537 			} else {
1538 				tmp[j++] = rsp[i + off];
1539 			}
1540 		}
1541 
1542 		off += i;
1543 
1544 		DPRINTF("frame len=%d\n", j);
1545 
1546 		if (j < sizeof(struct usie_hip)) {
1547 			DPRINTF("too little data\n");
1548 			break;
1549 		}
1550 		/*
1551 		 * Make sure we are not reading the stack if something
1552 		 * is wrong.
1553 		 */
1554 		memset(tmp + j, 0, sizeof(tmp) - j);
1555 
1556 		hip = (struct usie_hip *)tmp;
1557 
1558 		DPRINTF("hip: len=%d msgID=%02x, param=%02x\n",
1559 		    be16toh(hip->len), hip->id, hip->param);
1560 
1561 		pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1562 
1563 		if ((hip->id & USIE_HIP_MASK) == USIE_HIP_CNS2H) {
1564 			cns = (struct usie_cns *)(((uint8_t *)(hip + 1)) + pad);
1565 
1566 			if (j < (sizeof(struct usie_cns) +
1567 			    sizeof(struct usie_hip) + pad)) {
1568 				DPRINTF("too little data\n");
1569 				break;
1570 			}
1571 			DPRINTF("cns: obj=%04x, op=%02x, rsv0=%02x, "
1572 			    "app=%08x, rsv1=%02x, len=%d\n",
1573 			    be16toh(cns->obj), cns->op, cns->rsv0,
1574 			    be32toh(cns->id), cns->rsv1, cns->len);
1575 
1576 			if (cns->op & USIE_CNS_OP_ERR)
1577 				DPRINTF("CnS error response\n");
1578 			else
1579 				usie_cns_rsp(sc, cns);
1580 
1581 			i = sizeof(struct usie_hip) + pad + sizeof(struct usie_cns);
1582 			j = cns->len;
1583 		} else {
1584 			i = sizeof(struct usie_hip) + pad;
1585 			j = be16toh(hip->len);
1586 		}
1587 #ifdef	USB_DEBUG
1588 		if (usie_debug == 0)
1589 			continue;
1590 
1591 		while (i < USIE_HIPCNS_MAX && j > 0) {
1592 			DPRINTF("param[0x%02x] = 0x%02x\n", i, tmp[i]);
1593 			i++;
1594 			j--;
1595 		}
1596 #endif
1597 	}
1598 }
1599 
1600 static int
1601 usie_driver_loaded(struct module *mod, int what, void *arg)
1602 {
1603 	switch (what) {
1604 	case MOD_LOAD:
1605 		/* register autoinstall handler */
1606 		usie_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
1607 		    usie_autoinst, NULL, EVENTHANDLER_PRI_ANY);
1608 		break;
1609 	case MOD_UNLOAD:
1610 		EVENTHANDLER_DEREGISTER(usb_dev_configured, usie_etag);
1611 		break;
1612 	default:
1613 		return (EOPNOTSUPP);
1614 	}
1615 	return (0);
1616 }
1617 
1618