xref: /freebsd/sys/dev/usb/net/if_usie.c (revision 3f0164abf32b9b761e0a2cb4bdca3a8b84f156d4)
1 /*-
2  * Copyright (c) 2011 Anybots Inc
3  * written by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4  *  - ucom part is based on u3g.c
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/param.h>
32 #include <sys/systm.h>
33 #include <sys/queue.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/bus.h>
37 #include <sys/module.h>
38 #include <sys/sockio.h>
39 #include <sys/socket.h>
40 #include <sys/lock.h>
41 #include <sys/mutex.h>
42 #include <sys/condvar.h>
43 #include <sys/sysctl.h>
44 #include <sys/malloc.h>
45 #include <sys/taskqueue.h>
46 
47 #include <machine/bus.h>
48 
49 #include <net/if.h>
50 #include <net/if_types.h>
51 #include <net/netisr.h>
52 #include <net/bpf.h>
53 #include <net/ethernet.h>
54 
55 #include <netinet/in.h>
56 #include <netinet/ip.h>
57 #include <netinet/ip6.h>
58 #include <netinet/udp.h>
59 
60 #include <net80211/ieee80211_ioctl.h>
61 
62 #include <dev/usb/usb.h>
63 #include <dev/usb/usbdi.h>
64 #include <dev/usb/usbdi_util.h>
65 #include <dev/usb/usb_cdc.h>
66 #include "usbdevs.h"
67 
68 #define	USB_DEBUG_VAR usie_debug
69 #include <dev/usb/usb_debug.h>
70 #include <dev/usb/usb_process.h>
71 #include <dev/usb/usb_msctest.h>
72 
73 #include <dev/usb/serial/usb_serial.h>
74 
75 #include <dev/usb/net/if_usievar.h>
76 
77 #ifdef	USB_DEBUG
78 static int usie_debug = 0;
79 
80 static SYSCTL_NODE(_hw_usb, OID_AUTO, usie, CTLFLAG_RW, 0, "sierra USB modem");
81 SYSCTL_INT(_hw_usb_usie, OID_AUTO, debug, CTLFLAG_RW, &usie_debug, 0,
82     "usie debug level");
83 #endif
84 
85 /* Sierra Wireless Direct IP modems */
86 static const STRUCT_USB_HOST_ID usie_devs[] = {
87 #define	USIE_DEV(v, d) {				\
88     USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##d) }
89 	USIE_DEV(SIERRA, MC8700),
90 	USIE_DEV(SIERRA, TRUINSTALL),
91 	USIE_DEV(AIRPRIME, USB308),
92 #undef	USIE_DEV
93 };
94 
95 static device_probe_t usie_probe;
96 static device_attach_t usie_attach;
97 static device_detach_t usie_detach;
98 static void usie_free_softc(struct usie_softc *);
99 
100 static void usie_free(struct ucom_softc *);
101 static void usie_uc_update_line_state(struct ucom_softc *, uint8_t);
102 static void usie_uc_cfg_get_status(struct ucom_softc *, uint8_t *, uint8_t *);
103 static void usie_uc_cfg_set_dtr(struct ucom_softc *, uint8_t);
104 static void usie_uc_cfg_set_rts(struct ucom_softc *, uint8_t);
105 static void usie_uc_cfg_open(struct ucom_softc *);
106 static void usie_uc_cfg_close(struct ucom_softc *);
107 static void usie_uc_start_read(struct ucom_softc *);
108 static void usie_uc_stop_read(struct ucom_softc *);
109 static void usie_uc_start_write(struct ucom_softc *);
110 static void usie_uc_stop_write(struct ucom_softc *);
111 
112 static usb_callback_t usie_uc_tx_callback;
113 static usb_callback_t usie_uc_rx_callback;
114 static usb_callback_t usie_uc_status_callback;
115 static usb_callback_t usie_if_tx_callback;
116 static usb_callback_t usie_if_rx_callback;
117 static usb_callback_t usie_if_status_callback;
118 
119 static void usie_if_sync_to(void *);
120 static void usie_if_sync_cb(void *, int);
121 static void usie_if_status_cb(void *, int);
122 
123 static void usie_if_start(struct ifnet *);
124 static int usie_if_output(struct ifnet *, struct mbuf *,
125 	const struct sockaddr *, struct route *);
126 static void usie_if_init(void *);
127 static void usie_if_stop(struct usie_softc *);
128 static int usie_if_ioctl(struct ifnet *, u_long, caddr_t);
129 
130 static int usie_do_request(struct usie_softc *, struct usb_device_request *, void *);
131 static int usie_if_cmd(struct usie_softc *, uint8_t);
132 static void usie_cns_req(struct usie_softc *, uint32_t, uint16_t);
133 static void usie_cns_rsp(struct usie_softc *, struct usie_cns *);
134 static void usie_hip_rsp(struct usie_softc *, uint8_t *, uint32_t);
135 static int usie_driver_loaded(struct module *, int, void *);
136 
137 static const struct usb_config usie_uc_config[USIE_UC_N_XFER] = {
138 	[USIE_UC_STATUS] = {
139 		.type = UE_INTERRUPT,
140 		.endpoint = UE_ADDR_ANY,
141 		.direction = UE_DIR_IN,
142 		.bufsize = 0,		/* use wMaxPacketSize */
143 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
144 		.callback = &usie_uc_status_callback,
145 	},
146 	[USIE_UC_RX] = {
147 		.type = UE_BULK,
148 		.endpoint = UE_ADDR_ANY,
149 		.direction = UE_DIR_IN,
150 		.bufsize = USIE_BUFSIZE,
151 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,.proxy_buffer = 1,},
152 		.callback = &usie_uc_rx_callback,
153 	},
154 	[USIE_UC_TX] = {
155 		.type = UE_BULK,
156 		.endpoint = UE_ADDR_ANY,
157 		.direction = UE_DIR_OUT,
158 		.bufsize = USIE_BUFSIZE,
159 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
160 		.callback = &usie_uc_tx_callback,
161 	}
162 };
163 
164 static const struct usb_config usie_if_config[USIE_IF_N_XFER] = {
165 	[USIE_IF_STATUS] = {
166 		.type = UE_INTERRUPT,
167 		.endpoint = UE_ADDR_ANY,
168 		.direction = UE_DIR_IN,
169 		.bufsize = 0,		/* use wMaxPacketSize */
170 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
171 		.callback = &usie_if_status_callback,
172 	},
173 	[USIE_IF_RX] = {
174 		.type = UE_BULK,
175 		.endpoint = UE_ADDR_ANY,
176 		.direction = UE_DIR_IN,
177 		.bufsize = USIE_BUFSIZE,
178 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
179 		.callback = &usie_if_rx_callback,
180 	},
181 	[USIE_IF_TX] = {
182 		.type = UE_BULK,
183 		.endpoint = UE_ADDR_ANY,
184 		.direction = UE_DIR_OUT,
185 		.bufsize = MAX(USIE_BUFSIZE, MCLBYTES),
186 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
187 		.callback = &usie_if_tx_callback,
188 	}
189 };
190 
191 static device_method_t usie_methods[] = {
192 	DEVMETHOD(device_probe, usie_probe),
193 	DEVMETHOD(device_attach, usie_attach),
194 	DEVMETHOD(device_detach, usie_detach),
195 	DEVMETHOD_END
196 };
197 
198 static driver_t usie_driver = {
199 	.name = "usie",
200 	.methods = usie_methods,
201 	.size = sizeof(struct usie_softc),
202 };
203 
204 static devclass_t usie_devclass;
205 static eventhandler_tag usie_etag;
206 
207 DRIVER_MODULE(usie, uhub, usie_driver, usie_devclass, usie_driver_loaded, 0);
208 MODULE_DEPEND(usie, ucom, 1, 1, 1);
209 MODULE_DEPEND(usie, usb, 1, 1, 1);
210 MODULE_VERSION(usie, 1);
211 
212 static const struct ucom_callback usie_uc_callback = {
213 	.ucom_cfg_get_status = &usie_uc_cfg_get_status,
214 	.ucom_cfg_set_dtr = &usie_uc_cfg_set_dtr,
215 	.ucom_cfg_set_rts = &usie_uc_cfg_set_rts,
216 	.ucom_cfg_open = &usie_uc_cfg_open,
217 	.ucom_cfg_close = &usie_uc_cfg_close,
218 	.ucom_start_read = &usie_uc_start_read,
219 	.ucom_stop_read = &usie_uc_stop_read,
220 	.ucom_start_write = &usie_uc_start_write,
221 	.ucom_stop_write = &usie_uc_stop_write,
222 	.ucom_free = &usie_free,
223 };
224 
225 static void
226 usie_autoinst(void *arg, struct usb_device *udev,
227     struct usb_attach_arg *uaa)
228 {
229 	struct usb_interface *iface;
230 	struct usb_interface_descriptor *id;
231 	struct usb_device_request req;
232 	int err;
233 
234 	if (uaa->dev_state != UAA_DEV_READY)
235 		return;
236 
237 	iface = usbd_get_iface(udev, 0);
238 	if (iface == NULL)
239 		return;
240 
241 	id = iface->idesc;
242 	if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
243 		return;
244 
245 	if (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa) != 0)
246 		return;			/* no device match */
247 
248 	if (bootverbose) {
249 		DPRINTF("Ejecting %s %s\n",
250 		    usb_get_manufacturer(udev),
251 		    usb_get_product(udev));
252 	}
253 	req.bmRequestType = UT_VENDOR;
254 	req.bRequest = UR_SET_INTERFACE;
255 	USETW(req.wValue, UF_DEVICE_REMOTE_WAKEUP);
256 	USETW(req.wIndex, UHF_PORT_CONNECTION);
257 	USETW(req.wLength, 0);
258 
259 	/* at this moment there is no mutex */
260 	err = usbd_do_request_flags(udev, NULL, &req,
261 	    NULL, 0, NULL, 250 /* ms */ );
262 
263 	/* success, mark the udev as disappearing */
264 	if (err == 0)
265 		uaa->dev_state = UAA_DEV_EJECTING;
266 }
267 
268 static int
269 usie_probe(device_t self)
270 {
271 	struct usb_attach_arg *uaa = device_get_ivars(self);
272 
273 	if (uaa->usb_mode != USB_MODE_HOST)
274 		return (ENXIO);
275 	if (uaa->info.bConfigIndex != USIE_CNFG_INDEX)
276 		return (ENXIO);
277 	if (uaa->info.bIfaceIndex != USIE_IFACE_INDEX)
278 		return (ENXIO);
279 	if (uaa->info.bInterfaceClass != UICLASS_VENDOR)
280 		return (ENXIO);
281 
282 	return (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa));
283 }
284 
285 static int
286 usie_attach(device_t self)
287 {
288 	struct usie_softc *sc = device_get_softc(self);
289 	struct usb_attach_arg *uaa = device_get_ivars(self);
290 	struct ifnet *ifp;
291 	struct usb_interface *iface;
292 	struct usb_interface_descriptor *id;
293 	struct usb_device_request req;
294 	int err;
295 	uint16_t fwattr;
296 	uint8_t iface_index;
297 	uint8_t ifidx;
298 	uint8_t start;
299 
300 	device_set_usb_desc(self);
301 	sc->sc_udev = uaa->device;
302 	sc->sc_dev = self;
303 
304 	mtx_init(&sc->sc_mtx, "usie", MTX_NETWORK_LOCK, MTX_DEF);
305 	ucom_ref(&sc->sc_super_ucom);
306 
307 	TASK_INIT(&sc->sc_if_status_task, 0, usie_if_status_cb, sc);
308 	TASK_INIT(&sc->sc_if_sync_task, 0, usie_if_sync_cb, sc);
309 
310 	usb_callout_init_mtx(&sc->sc_if_sync_ch, &sc->sc_mtx, 0);
311 
312 	mtx_lock(&sc->sc_mtx);
313 
314 	/* set power mode to D0 */
315 	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
316 	req.bRequest = USIE_POWER;
317 	USETW(req.wValue, 0);
318 	USETW(req.wIndex, 0);
319 	USETW(req.wLength, 0);
320 	if (usie_do_request(sc, &req, NULL)) {
321 		mtx_unlock(&sc->sc_mtx);
322 		goto detach;
323 	}
324 	/* read fw attr */
325 	fwattr = 0;
326 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
327 	req.bRequest = USIE_FW_ATTR;
328 	USETW(req.wValue, 0);
329 	USETW(req.wIndex, 0);
330 	USETW(req.wLength, sizeof(fwattr));
331 	if (usie_do_request(sc, &req, &fwattr)) {
332 		mtx_unlock(&sc->sc_mtx);
333 		goto detach;
334 	}
335 	mtx_unlock(&sc->sc_mtx);
336 
337 	/* check DHCP supports */
338 	DPRINTF("fwattr=%x\n", fwattr);
339 	if (!(fwattr & USIE_FW_DHCP)) {
340 		device_printf(self, "DHCP is not supported. A firmware upgrade might be needed.\n");
341 	}
342 
343 	/* find available interfaces */
344 	sc->sc_nucom = 0;
345 	for (ifidx = 0; ifidx < USIE_IFACE_MAX; ifidx++) {
346 		iface = usbd_get_iface(uaa->device, ifidx);
347 		if (iface == NULL)
348 			break;
349 
350 		id = usbd_get_interface_descriptor(iface);
351 		if ((id == NULL) || (id->bInterfaceClass != UICLASS_VENDOR))
352 			continue;
353 
354 		/* setup Direct IP transfer */
355 		if (id->bInterfaceNumber >= 7 && id->bNumEndpoints == 3) {
356 			sc->sc_if_ifnum = id->bInterfaceNumber;
357 			iface_index = ifidx;
358 
359 			DPRINTF("ifnum=%d, ifidx=%d\n",
360 			    sc->sc_if_ifnum, ifidx);
361 
362 			err = usbd_transfer_setup(uaa->device,
363 			    &iface_index, sc->sc_if_xfer, usie_if_config,
364 			    USIE_IF_N_XFER, sc, &sc->sc_mtx);
365 
366 			if (err == 0)
367 				continue;
368 
369 			device_printf(self,
370 			    "could not allocate USB transfers on "
371 			    "iface_index=%d, err=%s\n",
372 			    iface_index, usbd_errstr(err));
373 			goto detach;
374 		}
375 
376 		/* setup ucom */
377 		if (sc->sc_nucom >= USIE_UCOM_MAX)
378 			continue;
379 
380 		usbd_set_parent_iface(uaa->device, ifidx,
381 		    uaa->info.bIfaceIndex);
382 
383 		DPRINTF("NumEndpoints=%d bInterfaceNumber=%d\n",
384 		    id->bNumEndpoints, id->bInterfaceNumber);
385 
386 		if (id->bNumEndpoints == 2) {
387 			sc->sc_uc_xfer[sc->sc_nucom][0] = NULL;
388 			start = 1;
389 		} else
390 			start = 0;
391 
392 		err = usbd_transfer_setup(uaa->device, &ifidx,
393 		    sc->sc_uc_xfer[sc->sc_nucom] + start,
394 		    usie_uc_config + start, USIE_UC_N_XFER - start,
395 		    &sc->sc_ucom[sc->sc_nucom], &sc->sc_mtx);
396 
397 		if (err != 0) {
398 			DPRINTF("usbd_transfer_setup error=%s\n", usbd_errstr(err));
399 			continue;
400 		}
401 
402 		mtx_lock(&sc->sc_mtx);
403 		for (; start < USIE_UC_N_XFER; start++)
404 			usbd_xfer_set_stall(sc->sc_uc_xfer[sc->sc_nucom][start]);
405 		mtx_unlock(&sc->sc_mtx);
406 
407 		sc->sc_uc_ifnum[sc->sc_nucom] = id->bInterfaceNumber;
408 
409 		sc->sc_nucom++;		/* found a port */
410 	}
411 
412 	if (sc->sc_nucom == 0) {
413 		device_printf(self, "no comports found\n");
414 		goto detach;
415 	}
416 
417 	err = ucom_attach(&sc->sc_super_ucom, sc->sc_ucom,
418 	    sc->sc_nucom, sc, &usie_uc_callback, &sc->sc_mtx);
419 
420 	if (err != 0) {
421 		DPRINTF("ucom_attach failed\n");
422 		goto detach;
423 	}
424 	DPRINTF("Found %d interfaces.\n", sc->sc_nucom);
425 
426 	/* setup ifnet (Direct IP) */
427 	sc->sc_ifp = ifp = if_alloc(IFT_OTHER);
428 
429 	if (ifp == NULL) {
430 		device_printf(self, "Could not allocate a network interface\n");
431 		goto detach;
432 	}
433 	if_initname(ifp, "usie", device_get_unit(self));
434 
435 	ifp->if_softc = sc;
436 	ifp->if_mtu = USIE_MTU_MAX;
437 	ifp->if_flags |= IFF_NOARP;
438 	ifp->if_init = usie_if_init;
439 	ifp->if_ioctl = usie_if_ioctl;
440 	ifp->if_start = usie_if_start;
441 	ifp->if_output = usie_if_output;
442 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
443 	ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
444 	IFQ_SET_READY(&ifp->if_snd);
445 
446 	if_attach(ifp);
447 	bpfattach(ifp, DLT_RAW, 0);
448 
449 	if (fwattr & USIE_PM_AUTO) {
450 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
451 		DPRINTF("enabling automatic suspend and resume\n");
452 	} else {
453 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_ON);
454 		DPRINTF("USB power is always ON\n");
455 	}
456 
457 	DPRINTF("device attached\n");
458 	return (0);
459 
460 detach:
461 	usie_detach(self);
462 	return (ENOMEM);
463 }
464 
465 static int
466 usie_detach(device_t self)
467 {
468 	struct usie_softc *sc = device_get_softc(self);
469 	uint8_t x;
470 
471 	/* detach ifnet */
472 	if (sc->sc_ifp != NULL) {
473 		usie_if_stop(sc);
474 		usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
475 		bpfdetach(sc->sc_ifp);
476 		if_detach(sc->sc_ifp);
477 		if_free(sc->sc_ifp);
478 		sc->sc_ifp = NULL;
479 	}
480 	/* detach ucom */
481 	if (sc->sc_nucom > 0)
482 		ucom_detach(&sc->sc_super_ucom, sc->sc_ucom);
483 
484 	/* stop all USB transfers */
485 	usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
486 
487 	for (x = 0; x != USIE_UCOM_MAX; x++)
488 		usbd_transfer_unsetup(sc->sc_uc_xfer[x], USIE_UC_N_XFER);
489 
490 
491 	device_claim_softc(self);
492 
493 	usie_free_softc(sc);
494 
495 	return (0);
496 }
497 
498 UCOM_UNLOAD_DRAIN(usie);
499 
500 static void
501 usie_free_softc(struct usie_softc *sc)
502 {
503 	if (ucom_unref(&sc->sc_super_ucom)) {
504 		mtx_destroy(&sc->sc_mtx);
505 		device_free_softc(sc);
506 	}
507 }
508 
509 static void
510 usie_free(struct ucom_softc *ucom)
511 {
512 	usie_free_softc(ucom->sc_parent);
513 }
514 
515 static void
516 usie_uc_update_line_state(struct ucom_softc *ucom, uint8_t ls)
517 {
518 	struct usie_softc *sc = ucom->sc_parent;
519 	struct usb_device_request req;
520 
521 	if (sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS] == NULL)
522 		return;
523 
524 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
525 	req.bRequest = USIE_LINK_STATE;
526 	USETW(req.wValue, ls);
527 	USETW(req.wIndex, sc->sc_uc_ifnum[ucom->sc_subunit]);
528 	USETW(req.wLength, 0);
529 
530 	DPRINTF("sc_uc_ifnum=%d\n", sc->sc_uc_ifnum[ucom->sc_subunit]);
531 
532 	usie_do_request(sc, &req, NULL);
533 }
534 
535 static void
536 usie_uc_cfg_get_status(struct ucom_softc *ucom, uint8_t *lsr, uint8_t *msr)
537 {
538 	struct usie_softc *sc = ucom->sc_parent;
539 
540 	*msr = sc->sc_msr;
541 	*lsr = sc->sc_lsr;
542 }
543 
544 static void
545 usie_uc_cfg_set_dtr(struct ucom_softc *ucom, uint8_t flag)
546 {
547 	uint8_t dtr;
548 
549 	dtr = flag ? USIE_LS_DTR : 0;
550 	usie_uc_update_line_state(ucom, dtr);
551 }
552 
553 static void
554 usie_uc_cfg_set_rts(struct ucom_softc *ucom, uint8_t flag)
555 {
556 	uint8_t rts;
557 
558 	rts = flag ? USIE_LS_RTS : 0;
559 	usie_uc_update_line_state(ucom, rts);
560 }
561 
562 static void
563 usie_uc_cfg_open(struct ucom_softc *ucom)
564 {
565 	struct usie_softc *sc = ucom->sc_parent;
566 
567 	/* usbd_transfer_start() is NULL safe */
568 
569 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
570 }
571 
572 static void
573 usie_uc_cfg_close(struct ucom_softc *ucom)
574 {
575 	struct usie_softc *sc = ucom->sc_parent;
576 
577 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
578 }
579 
580 static void
581 usie_uc_start_read(struct ucom_softc *ucom)
582 {
583 	struct usie_softc *sc = ucom->sc_parent;
584 
585 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
586 }
587 
588 static void
589 usie_uc_stop_read(struct ucom_softc *ucom)
590 {
591 	struct usie_softc *sc = ucom->sc_parent;
592 
593 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
594 }
595 
596 static void
597 usie_uc_start_write(struct ucom_softc *ucom)
598 {
599 	struct usie_softc *sc = ucom->sc_parent;
600 
601 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
602 }
603 
604 static void
605 usie_uc_stop_write(struct ucom_softc *ucom)
606 {
607 	struct usie_softc *sc = ucom->sc_parent;
608 
609 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
610 }
611 
612 static void
613 usie_uc_rx_callback(struct usb_xfer *xfer, usb_error_t error)
614 {
615 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
616 	struct usie_softc *sc = ucom->sc_parent;
617 	struct usb_page_cache *pc;
618 	uint32_t actlen;
619 
620 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
621 
622 	switch (USB_GET_STATE(xfer)) {
623 	case USB_ST_TRANSFERRED:
624 		pc = usbd_xfer_get_frame(xfer, 0);
625 
626 		/* handle CnS response */
627 		if (ucom == sc->sc_ucom && actlen >= USIE_HIPCNS_MIN) {
628 
629 			DPRINTF("transferred=%u\n", actlen);
630 
631 			/* check if it is really CnS reply */
632 			usbd_copy_out(pc, 0, sc->sc_resp_temp, 1);
633 
634 			if (sc->sc_resp_temp[0] == USIE_HIP_FRM_CHR) {
635 
636 				/* verify actlen */
637 				if (actlen > USIE_BUFSIZE)
638 					actlen = USIE_BUFSIZE;
639 
640 				/* get complete message */
641 				usbd_copy_out(pc, 0, sc->sc_resp_temp, actlen);
642 				usie_hip_rsp(sc, sc->sc_resp_temp, actlen);
643 
644 				/* need to fall though */
645 				goto tr_setup;
646 			}
647 			/* else call ucom_put_data() */
648 		}
649 		/* standard ucom transfer */
650 		ucom_put_data(ucom, pc, 0, actlen);
651 
652 		/* fall though */
653 	case USB_ST_SETUP:
654 tr_setup:
655 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
656 		usbd_transfer_submit(xfer);
657 		break;
658 
659 	default:			/* Error */
660 		if (error != USB_ERR_CANCELLED) {
661 			usbd_xfer_set_stall(xfer);
662 			goto tr_setup;
663 		}
664 		break;
665 	}
666 }
667 
668 static void
669 usie_uc_tx_callback(struct usb_xfer *xfer, usb_error_t error)
670 {
671 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
672 	struct usb_page_cache *pc;
673 	uint32_t actlen;
674 
675 	switch (USB_GET_STATE(xfer)) {
676 	case USB_ST_TRANSFERRED:
677 	case USB_ST_SETUP:
678 tr_setup:
679 		pc = usbd_xfer_get_frame(xfer, 0);
680 
681 		/* handle CnS request */
682 		struct mbuf *m = usbd_xfer_get_priv(xfer);
683 
684 		if (m != NULL) {
685 			usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
686 			usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len);
687 			usbd_xfer_set_priv(xfer, NULL);
688 			usbd_transfer_submit(xfer);
689 			m_freem(m);
690 			break;
691 		}
692 		/* standard ucom transfer */
693 		if (ucom_get_data(ucom, pc, 0, USIE_BUFSIZE, &actlen)) {
694 			usbd_xfer_set_frame_len(xfer, 0, actlen);
695 			usbd_transfer_submit(xfer);
696 		}
697 		break;
698 
699 	default:			/* Error */
700 		if (error != USB_ERR_CANCELLED) {
701 			usbd_xfer_set_stall(xfer);
702 			goto tr_setup;
703 		}
704 		break;
705 	}
706 }
707 
708 static void
709 usie_uc_status_callback(struct usb_xfer *xfer, usb_error_t error)
710 {
711 	struct usb_page_cache *pc;
712 	struct {
713 		struct usb_device_request req;
714 		uint16_t param;
715 	}      st;
716 	uint32_t actlen;
717 	uint16_t param;
718 
719 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
720 
721 	switch (USB_GET_STATE(xfer)) {
722 	case USB_ST_TRANSFERRED:
723 		DPRINTFN(4, "info received, actlen=%u\n", actlen);
724 
725 		if (actlen < sizeof(st)) {
726 			DPRINTF("data too short actlen=%u\n", actlen);
727 			goto tr_setup;
728 		}
729 		pc = usbd_xfer_get_frame(xfer, 0);
730 		usbd_copy_out(pc, 0, &st, sizeof(st));
731 
732 		if (st.req.bmRequestType == 0xa1 && st.req.bRequest == 0x20) {
733 			struct ucom_softc *ucom = usbd_xfer_softc(xfer);
734 			struct usie_softc *sc = ucom->sc_parent;
735 
736 			param = le16toh(st.param);
737 			DPRINTF("param=%x\n", param);
738 			sc->sc_msr = sc->sc_lsr = 0;
739 			sc->sc_msr |= (param & USIE_DCD) ? SER_DCD : 0;
740 			sc->sc_msr |= (param & USIE_DSR) ? SER_DSR : 0;
741 			sc->sc_msr |= (param & USIE_RI) ? SER_RI : 0;
742 			sc->sc_msr |= (param & USIE_CTS) ? 0 : SER_CTS;
743 			sc->sc_msr |= (param & USIE_RTS) ? SER_RTS : 0;
744 			sc->sc_msr |= (param & USIE_DTR) ? SER_DTR : 0;
745 		}
746 		/* fall though */
747 	case USB_ST_SETUP:
748 tr_setup:
749 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
750 		usbd_transfer_submit(xfer);
751 		break;
752 
753 	default:			/* Error */
754 		DPRINTF("USB transfer error, %s\n",
755 		    usbd_errstr(error));
756 
757 		if (error != USB_ERR_CANCELLED) {
758 			usbd_xfer_set_stall(xfer);
759 			goto tr_setup;
760 		}
761 		break;
762 	}
763 }
764 
765 static void
766 usie_if_rx_callback(struct usb_xfer *xfer, usb_error_t error)
767 {
768 	struct usie_softc *sc = usbd_xfer_softc(xfer);
769 	struct ifnet *ifp = sc->sc_ifp;
770 	struct mbuf *m0;
771 	struct mbuf *m = NULL;
772 	struct usie_desc *rxd;
773 	uint32_t actlen;
774 	uint16_t err;
775 	uint16_t pkt;
776 	uint16_t ipl;
777 	uint16_t len;
778 	uint16_t diff;
779 	uint8_t pad;
780 	uint8_t ipv;
781 
782 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
783 
784 	switch (USB_GET_STATE(xfer)) {
785 	case USB_ST_TRANSFERRED:
786 		DPRINTFN(15, "rx done, actlen=%u\n", actlen);
787 
788 		if (actlen < sizeof(struct usie_hip)) {
789 			DPRINTF("data too short %u\n", actlen);
790 			goto tr_setup;
791 		}
792 		m = sc->sc_rxm;
793 		sc->sc_rxm = NULL;
794 
795 		/* fall though */
796 	case USB_ST_SETUP:
797 tr_setup:
798 
799 		if (sc->sc_rxm == NULL) {
800 			sc->sc_rxm = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
801 			    MJUMPAGESIZE /* could be bigger than MCLBYTES */ );
802 		}
803 		if (sc->sc_rxm == NULL) {
804 			DPRINTF("could not allocate Rx mbuf\n");
805 			ifp->if_ierrors++;
806 			usbd_xfer_set_stall(xfer);
807 			usbd_xfer_set_frames(xfer, 0);
808 		} else {
809 			/*
810 			 * Directly loading a mbuf cluster into DMA to
811 			 * save some data copying. This works because
812 			 * there is only one cluster.
813 			 */
814 			usbd_xfer_set_frame_data(xfer, 0,
815 			    mtod(sc->sc_rxm, caddr_t), MIN(MJUMPAGESIZE, USIE_RXSZ_MAX));
816 			usbd_xfer_set_frames(xfer, 1);
817 		}
818 		usbd_transfer_submit(xfer);
819 		break;
820 
821 	default:			/* Error */
822 		DPRINTF("USB transfer error, %s\n", usbd_errstr(error));
823 
824 		if (error != USB_ERR_CANCELLED) {
825 			/* try to clear stall first */
826 			usbd_xfer_set_stall(xfer);
827 			ifp->if_ierrors++;
828 			goto tr_setup;
829 		}
830 		if (sc->sc_rxm != NULL) {
831 			m_freem(sc->sc_rxm);
832 			sc->sc_rxm = NULL;
833 		}
834 		break;
835 	}
836 
837 	if (m == NULL)
838 		return;
839 
840 	mtx_unlock(&sc->sc_mtx);
841 
842 	m->m_pkthdr.len = m->m_len = actlen;
843 
844 	err = pkt = 0;
845 
846 	/* HW can aggregate multiple frames in a single USB xfer */
847 	for (;;) {
848 		rxd = mtod(m, struct usie_desc *);
849 
850 		len = be16toh(rxd->hip.len) & USIE_HIP_IP_LEN_MASK;
851 		pad = (rxd->hip.id & USIE_HIP_PAD) ? 1 : 0;
852 		ipl = (len - pad - ETHER_HDR_LEN);
853 		if (ipl >= len) {
854 			DPRINTF("Corrupt frame\n");
855 			m_freem(m);
856 			break;
857 		}
858 		diff = sizeof(struct usie_desc) + ipl + pad;
859 
860 		if (((rxd->hip.id & USIE_HIP_MASK) != USIE_HIP_IP) ||
861 		    (be16toh(rxd->desc_type) & USIE_TYPE_MASK) != USIE_IP_RX) {
862 			DPRINTF("received wrong type of packet\n");
863 			m->m_data += diff;
864 			m->m_pkthdr.len = (m->m_len -= diff);
865 			err++;
866 			if (m->m_pkthdr.len > 0)
867 				continue;
868 			m_freem(m);
869 			break;
870 		}
871 		switch (be16toh(rxd->ethhdr.ether_type)) {
872 		case ETHERTYPE_IP:
873 			ipv = NETISR_IP;
874 			break;
875 #ifdef INET6
876 		case ETHERTYPE_IPV6:
877 			ipv = NETISR_IPV6;
878 			break;
879 #endif
880 		default:
881 			DPRINTF("unsupported ether type\n");
882 			err++;
883 			break;
884 		}
885 
886 		/* the last packet */
887 		if (m->m_pkthdr.len <= diff) {
888 			m->m_data += (sizeof(struct usie_desc) + pad);
889 			m->m_pkthdr.len = m->m_len = ipl;
890 			m->m_pkthdr.rcvif = ifp;
891 			BPF_MTAP(sc->sc_ifp, m);
892 			netisr_dispatch(ipv, m);
893 			break;
894 		}
895 		/* copy aggregated frames to another mbuf */
896 		m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
897 		if (__predict_false(m0 == NULL)) {
898 			DPRINTF("could not allocate mbuf\n");
899 			err++;
900 			m_freem(m);
901 			break;
902 		}
903 		m_copydata(m, sizeof(struct usie_desc) + pad, ipl, mtod(m0, caddr_t));
904 		m0->m_pkthdr.rcvif = ifp;
905 		m0->m_pkthdr.len = m0->m_len = ipl;
906 
907 		BPF_MTAP(sc->sc_ifp, m0);
908 		netisr_dispatch(ipv, m0);
909 
910 		m->m_data += diff;
911 		m->m_pkthdr.len = (m->m_len -= diff);
912 	}
913 
914 	mtx_lock(&sc->sc_mtx);
915 
916 	ifp->if_ierrors += err;
917 	ifp->if_ipackets += pkt;
918 }
919 
920 static void
921 usie_if_tx_callback(struct usb_xfer *xfer, usb_error_t error)
922 {
923 	struct usie_softc *sc = usbd_xfer_softc(xfer);
924 	struct usb_page_cache *pc;
925 	struct ifnet *ifp = sc->sc_ifp;
926 	struct mbuf *m;
927 	uint16_t size;
928 
929 	switch (USB_GET_STATE(xfer)) {
930 	case USB_ST_TRANSFERRED:
931 		DPRINTFN(11, "transfer complete\n");
932 		ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
933 		ifp->if_opackets++;
934 
935 		/* fall though */
936 	case USB_ST_SETUP:
937 tr_setup:
938 
939 		if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
940 			break;
941 
942 		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
943 		if (m == NULL)
944 			break;
945 
946 		if (m->m_pkthdr.len > (int)(MCLBYTES - ETHER_HDR_LEN +
947 		    ETHER_CRC_LEN - sizeof(sc->sc_txd))) {
948 			DPRINTF("packet len is too big: %d\n",
949 			    m->m_pkthdr.len);
950 			break;
951 		}
952 		pc = usbd_xfer_get_frame(xfer, 0);
953 
954 		sc->sc_txd.hip.len = htobe16(m->m_pkthdr.len +
955 		    ETHER_HDR_LEN + ETHER_CRC_LEN);
956 		size = sizeof(sc->sc_txd);
957 
958 		usbd_copy_in(pc, 0, &sc->sc_txd, size);
959 		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
960 		usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len +
961 		    size + ETHER_CRC_LEN);
962 
963 		BPF_MTAP(ifp, m);
964 
965 		m_freem(m);
966 
967 		usbd_transfer_submit(xfer);
968 		break;
969 
970 	default:			/* Error */
971 		DPRINTF("USB transfer error, %s\n",
972 		    usbd_errstr(error));
973 		ifp->if_oerrors++;
974 
975 		if (error != USB_ERR_CANCELLED) {
976 			usbd_xfer_set_stall(xfer);
977 			ifp->if_ierrors++;
978 			goto tr_setup;
979 		}
980 		break;
981 	}
982 }
983 
984 static void
985 usie_if_status_callback(struct usb_xfer *xfer, usb_error_t error)
986 {
987 	struct usie_softc *sc = usbd_xfer_softc(xfer);
988 	struct usb_page_cache *pc;
989 	struct usb_cdc_notification cdc;
990 	uint32_t actlen;
991 
992 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
993 
994 	switch (USB_GET_STATE(xfer)) {
995 	case USB_ST_TRANSFERRED:
996 		DPRINTFN(4, "info received, actlen=%d\n", actlen);
997 
998 		/* usb_cdc_notification - .data[16] */
999 		if (actlen < (sizeof(cdc) - 16)) {
1000 			DPRINTF("data too short %d\n", actlen);
1001 			goto tr_setup;
1002 		}
1003 		pc = usbd_xfer_get_frame(xfer, 0);
1004 		usbd_copy_out(pc, 0, &cdc, (sizeof(cdc) - 16));
1005 
1006 		DPRINTFN(4, "bNotification=%x\n", cdc.bNotification);
1007 
1008 		if (cdc.bNotification & UCDC_N_RESPONSE_AVAILABLE) {
1009 			taskqueue_enqueue(taskqueue_thread,
1010 			    &sc->sc_if_status_task);
1011 		}
1012 		/* fall though */
1013 	case USB_ST_SETUP:
1014 tr_setup:
1015 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1016 		usbd_transfer_submit(xfer);
1017 		break;
1018 
1019 	default:			/* Error */
1020 		DPRINTF("USB transfer error, %s\n",
1021 		    usbd_errstr(error));
1022 
1023 		if (error != USB_ERR_CANCELLED) {
1024 			usbd_xfer_set_stall(xfer);
1025 			goto tr_setup;
1026 		}
1027 		break;
1028 	}
1029 }
1030 
1031 static void
1032 usie_if_sync_to(void *arg)
1033 {
1034 	struct usie_softc *sc = arg;
1035 
1036 	taskqueue_enqueue(taskqueue_thread, &sc->sc_if_sync_task);
1037 }
1038 
1039 static void
1040 usie_if_sync_cb(void *arg, int pending)
1041 {
1042 	struct usie_softc *sc = arg;
1043 
1044 	mtx_lock(&sc->sc_mtx);
1045 
1046 	/* call twice */
1047 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1048 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1049 
1050 	usb_callout_reset(&sc->sc_if_sync_ch, 2 * hz, usie_if_sync_to, sc);
1051 
1052 	mtx_unlock(&sc->sc_mtx);
1053 }
1054 
1055 static void
1056 usie_if_status_cb(void *arg, int pending)
1057 {
1058 	struct usie_softc *sc = arg;
1059 	struct ifnet *ifp = sc->sc_ifp;
1060 	struct usb_device_request req;
1061 	struct usie_hip *hip;
1062 	struct usie_lsi *lsi;
1063 	uint16_t actlen;
1064 	uint8_t ntries;
1065 	uint8_t pad;
1066 
1067 	mtx_lock(&sc->sc_mtx);
1068 
1069 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1070 	req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE;
1071 	USETW(req.wValue, 0);
1072 	USETW(req.wIndex, sc->sc_if_ifnum);
1073 	USETW(req.wLength, sizeof(sc->sc_status_temp));
1074 
1075 	for (ntries = 0; ntries != 10; ntries++) {
1076 		int err;
1077 
1078 		err = usbd_do_request_flags(sc->sc_udev,
1079 		    &sc->sc_mtx, &req, sc->sc_status_temp, USB_SHORT_XFER_OK,
1080 		    &actlen, USB_DEFAULT_TIMEOUT);
1081 
1082 		if (err == 0)
1083 			break;
1084 
1085 		DPRINTF("Control request failed: %s %d/10\n",
1086 		    usbd_errstr(err), ntries);
1087 
1088 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1089 	}
1090 
1091 	if (ntries == 10) {
1092 		mtx_unlock(&sc->sc_mtx);
1093 		DPRINTF("Timeout\n");
1094 		return;
1095 	}
1096 
1097 	hip = (struct usie_hip *)sc->sc_status_temp;
1098 
1099 	pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1100 
1101 	DPRINTF("hip.id=%x hip.len=%d actlen=%u pad=%d\n",
1102 	    hip->id, be16toh(hip->len), actlen, pad);
1103 
1104 	switch (hip->id & USIE_HIP_MASK) {
1105 	case USIE_HIP_SYNC2H:
1106 		usie_if_cmd(sc, USIE_HIP_SYNC2M);
1107 		break;
1108 	case USIE_HIP_RESTR:
1109 		usb_callout_stop(&sc->sc_if_sync_ch);
1110 		break;
1111 	case USIE_HIP_UMTS:
1112 		lsi = (struct usie_lsi *)(
1113 		    sc->sc_status_temp + sizeof(struct usie_hip) + pad);
1114 
1115 		DPRINTF("lsi.proto=%x lsi.len=%d\n", lsi->proto,
1116 		    be16toh(lsi->len));
1117 
1118 		if (lsi->proto != USIE_LSI_UMTS)
1119 			break;
1120 
1121 		if (lsi->area == USIE_LSI_AREA_NO ||
1122 		    lsi->area == USIE_LSI_AREA_NODATA) {
1123 			device_printf(sc->sc_dev, "no service available\n");
1124 			break;
1125 		}
1126 		if (lsi->state == USIE_LSI_STATE_IDLE) {
1127 			DPRINTF("lsi.state=%x\n", lsi->state);
1128 			break;
1129 		}
1130 		DPRINTF("ctx=%x\n", hip->param);
1131 		sc->sc_txd.hip.param = hip->param;
1132 
1133 		sc->sc_net.addr_len = lsi->pdp_addr_len;
1134 		memcpy(&sc->sc_net.dns1_addr, &lsi->dns1_addr, 16);
1135 		memcpy(&sc->sc_net.dns2_addr, &lsi->dns2_addr, 16);
1136 		memcpy(sc->sc_net.pdp_addr, lsi->pdp_addr, 16);
1137 		memcpy(sc->sc_net.gw_addr, lsi->gw_addr, 16);
1138 		ifp->if_flags |= IFF_UP;
1139 		ifp->if_drv_flags |= IFF_DRV_RUNNING;
1140 
1141 		device_printf(sc->sc_dev, "IP Addr=%d.%d.%d.%d\n",
1142 		    *lsi->pdp_addr, *(lsi->pdp_addr + 1),
1143 		    *(lsi->pdp_addr + 2), *(lsi->pdp_addr + 3));
1144 		device_printf(sc->sc_dev, "Gateway Addr=%d.%d.%d.%d\n",
1145 		    *lsi->gw_addr, *(lsi->gw_addr + 1),
1146 		    *(lsi->gw_addr + 2), *(lsi->gw_addr + 3));
1147 		device_printf(sc->sc_dev, "Prim NS Addr=%d.%d.%d.%d\n",
1148 		    *lsi->dns1_addr, *(lsi->dns1_addr + 1),
1149 		    *(lsi->dns1_addr + 2), *(lsi->dns1_addr + 3));
1150 		device_printf(sc->sc_dev, "Scnd NS Addr=%d.%d.%d.%d\n",
1151 		    *lsi->dns2_addr, *(lsi->dns2_addr + 1),
1152 		    *(lsi->dns2_addr + 2), *(lsi->dns2_addr + 3));
1153 
1154 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1155 		break;
1156 
1157 	case USIE_HIP_RCGI:
1158 		/* ignore, workaround for sloppy windows */
1159 		break;
1160 	default:
1161 		DPRINTF("undefined msgid: %x\n", hip->id);
1162 		break;
1163 	}
1164 
1165 	mtx_unlock(&sc->sc_mtx);
1166 }
1167 
1168 static void
1169 usie_if_start(struct ifnet *ifp)
1170 {
1171 	struct usie_softc *sc = ifp->if_softc;
1172 
1173 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1174 		DPRINTF("Not running\n");
1175 		return;
1176 	}
1177 	mtx_lock(&sc->sc_mtx);
1178 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_TX]);
1179 	mtx_unlock(&sc->sc_mtx);
1180 
1181 	DPRINTFN(3, "interface started\n");
1182 }
1183 
1184 static int
1185 usie_if_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
1186     struct route *ro)
1187 {
1188 	int err;
1189 
1190 	DPRINTF("proto=%x\n", dst->sa_family);
1191 
1192 	switch (dst->sa_family) {
1193 #ifdef INET6
1194 	case AF_INET6;
1195 	/* fall though */
1196 #endif
1197 	case AF_INET:
1198 		break;
1199 
1200 		/* silently drop dhclient packets */
1201 	case AF_UNSPEC:
1202 		m_freem(m);
1203 		return (0);
1204 
1205 		/* drop other packet types */
1206 	default:
1207 		m_freem(m);
1208 		return (EAFNOSUPPORT);
1209 	}
1210 
1211 	err = (ifp->if_transmit)(ifp, m);
1212 	if (err) {
1213 		ifp->if_oerrors++;
1214 		return (ENOBUFS);
1215 	}
1216 	ifp->if_opackets++;
1217 
1218 	return (0);
1219 }
1220 
1221 static void
1222 usie_if_init(void *arg)
1223 {
1224 	struct usie_softc *sc = arg;
1225 	struct ifnet *ifp = sc->sc_ifp;
1226 	uint8_t i;
1227 
1228 	mtx_lock(&sc->sc_mtx);
1229 
1230 	/* write tx descriptor */
1231 	sc->sc_txd.hip.id = USIE_HIP_CTX;
1232 	sc->sc_txd.hip.param = 0;	/* init value */
1233 	sc->sc_txd.desc_type = htobe16(USIE_IP_TX);
1234 
1235 	for (i = 0; i != USIE_IF_N_XFER; i++)
1236 		usbd_xfer_set_stall(sc->sc_if_xfer[i]);
1237 
1238 	usbd_transfer_start(sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_RX]);
1239 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_STATUS]);
1240 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_RX]);
1241 
1242 	/* if not running, initiate the modem */
1243 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1244 		usie_cns_req(sc, USIE_CNS_ID_INIT, USIE_CNS_OB_LINK_UPDATE);
1245 
1246 	mtx_unlock(&sc->sc_mtx);
1247 
1248 	DPRINTF("ifnet initialized\n");
1249 }
1250 
1251 static void
1252 usie_if_stop(struct usie_softc *sc)
1253 {
1254 	usb_callout_drain(&sc->sc_if_sync_ch);
1255 
1256 	mtx_lock(&sc->sc_mtx);
1257 
1258 	/* usie_cns_req() clears IFF_* flags */
1259 	usie_cns_req(sc, USIE_CNS_ID_STOP, USIE_CNS_OB_LINK_UPDATE);
1260 
1261 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_TX]);
1262 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_RX]);
1263 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_STATUS]);
1264 
1265 	/* shutdown device */
1266 	usie_if_cmd(sc, USIE_HIP_DOWN);
1267 
1268 	mtx_unlock(&sc->sc_mtx);
1269 }
1270 
1271 static int
1272 usie_if_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1273 {
1274 	struct usie_softc *sc = ifp->if_softc;
1275 	struct ieee80211req *ireq;
1276 	struct ieee80211req_sta_info si;
1277 	struct ifmediareq *ifmr;
1278 
1279 	switch (cmd) {
1280 	case SIOCSIFFLAGS:
1281 		if (ifp->if_flags & IFF_UP) {
1282 			if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
1283 				usie_if_init(sc);
1284 		} else {
1285 			if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1286 				usie_if_stop(sc);
1287 		}
1288 		break;
1289 
1290 	case SIOCSIFCAP:
1291 		if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1292 			device_printf(sc->sc_dev,
1293 			    "Connect to the network first.\n");
1294 			break;
1295 		}
1296 		mtx_lock(&sc->sc_mtx);
1297 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1298 		mtx_unlock(&sc->sc_mtx);
1299 		break;
1300 
1301 	case SIOCG80211:
1302 		ireq = (struct ieee80211req *)data;
1303 
1304 		if (ireq->i_type != IEEE80211_IOC_STA_INFO)
1305 			break;
1306 
1307 		memset(&si, 0, sizeof(si));
1308 		si.isi_len = sizeof(si);
1309 		/*
1310 		 * ifconfig expects RSSI in 0.5dBm units
1311 		 * relative to the noise floor.
1312 		 */
1313 		si.isi_rssi = 2 * sc->sc_rssi;
1314 		if (copyout(&si, (uint8_t *)ireq->i_data + 8,
1315 		    sizeof(struct ieee80211req_sta_info)))
1316 			DPRINTF("copyout failed\n");
1317 		DPRINTF("80211\n");
1318 		break;
1319 
1320 	case SIOCGIFMEDIA:		/* to fool ifconfig */
1321 		ifmr = (struct ifmediareq *)data;
1322 		ifmr->ifm_count = 1;
1323 		DPRINTF("media\n");
1324 		break;
1325 
1326 	case SIOCSIFADDR:
1327 	case SIOCSIFDSTADDR:
1328 		break;
1329 
1330 	default:
1331 		return (EINVAL);
1332 	}
1333 	return (0);
1334 }
1335 
1336 static int
1337 usie_do_request(struct usie_softc *sc, struct usb_device_request *req,
1338     void *data)
1339 {
1340 	int err = 0;
1341 	int ntries;
1342 
1343 	mtx_assert(&sc->sc_mtx, MA_OWNED);
1344 
1345 	for (ntries = 0; ntries != 10; ntries++) {
1346 		err = usbd_do_request(sc->sc_udev,
1347 		    &sc->sc_mtx, req, data);
1348 		if (err == 0)
1349 			break;
1350 
1351 		DPRINTF("Control request failed: %s %d/10\n",
1352 		    usbd_errstr(err), ntries);
1353 
1354 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1355 	}
1356 	return (err);
1357 }
1358 
1359 static int
1360 usie_if_cmd(struct usie_softc *sc, uint8_t cmd)
1361 {
1362 	struct usb_device_request req;
1363 	struct usie_hip msg;
1364 
1365 	msg.len = 0;
1366 	msg.id = cmd;
1367 	msg.param = 0;
1368 
1369 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1370 	req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND;
1371 	USETW(req.wValue, 0);
1372 	USETW(req.wIndex, sc->sc_if_ifnum);
1373 	USETW(req.wLength, sizeof(msg));
1374 
1375 	DPRINTF("cmd=%x\n", cmd);
1376 
1377 	return (usie_do_request(sc, &req, &msg));
1378 }
1379 
1380 static void
1381 usie_cns_req(struct usie_softc *sc, uint32_t id, uint16_t obj)
1382 {
1383 	struct ifnet *ifp = sc->sc_ifp;
1384 	struct mbuf *m;
1385 	struct usb_xfer *xfer;
1386 	struct usie_hip *hip;
1387 	struct usie_cns *cns;
1388 	uint8_t *param;
1389 	uint8_t *tmp;
1390 	uint8_t cns_len;
1391 
1392 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1393 	if (__predict_false(m == NULL)) {
1394 		DPRINTF("could not allocate mbuf\n");
1395 		ifp->if_ierrors++;
1396 		return;
1397 	}
1398 	/* to align usie_hip{} on 32 bit */
1399 	m->m_data += 3;
1400 	param = mtod(m, uint8_t *);
1401 	*param++ = USIE_HIP_FRM_CHR;
1402 	hip = (struct usie_hip *)param;
1403 	cns = (struct usie_cns *)(hip + 1);
1404 
1405 	tmp = param + USIE_HIPCNS_MIN - 2;
1406 
1407 	switch (obj) {
1408 	case USIE_CNS_OB_LINK_UPDATE:
1409 		cns_len = 2;
1410 		cns->op = USIE_CNS_OP_SET;
1411 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1412 		*tmp++ = id == USIE_CNS_ID_INIT ? 1 : 0;
1413 		break;
1414 
1415 	case USIE_CNS_OB_PROF_WRITE:
1416 		cns_len = 245;
1417 		cns->op = USIE_CNS_OP_SET;
1418 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1419 		*tmp++ = 2;
1420 		memcpy(tmp, &sc->sc_net, 34);
1421 		memset(tmp + 35, 0, 245 - 36);
1422 		tmp += 243;
1423 		break;
1424 
1425 	case USIE_CNS_OB_RSSI:
1426 		cns_len = 0;
1427 		cns->op = USIE_CNS_OP_REQ;
1428 		break;
1429 
1430 	default:
1431 		DPRINTF("unsupported CnS object type\n");
1432 		return;
1433 	}
1434 	*tmp = USIE_HIP_FRM_CHR;
1435 
1436 	hip->len = htobe16(sizeof(struct usie_cns) + cns_len);
1437 	hip->id = USIE_HIP_CNS2M;
1438 	hip->param = 0;			/* none for CnS */
1439 
1440 	cns->obj = htobe16(obj);
1441 	cns->id = htobe32(id);
1442 	cns->len = cns_len;
1443 	cns->rsv0 = cns->rsv1 = 0;	/* always '0' */
1444 
1445 	param = (uint8_t *)(cns + 1);
1446 
1447 	DPRINTF("param: %16D\n", param, ":");
1448 
1449 	m->m_pkthdr.len = m->m_len = USIE_HIPCNS_MIN + cns_len + 2;
1450 
1451 	xfer = sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_TX];
1452 
1453 	if (usbd_xfer_get_priv(xfer) == NULL) {
1454 		usbd_xfer_set_priv(xfer, m);
1455 		usbd_transfer_start(xfer);
1456 	} else {
1457 		DPRINTF("Dropped CNS event\n");
1458 		m_freem(m);
1459 	}
1460 }
1461 
1462 static void
1463 usie_cns_rsp(struct usie_softc *sc, struct usie_cns *cns)
1464 {
1465 	struct ifnet *ifp = sc->sc_ifp;
1466 
1467 	DPRINTF("received CnS\n");
1468 
1469 	switch (be16toh(cns->obj)) {
1470 	case USIE_CNS_OB_LINK_UPDATE:
1471 		if (be32toh(cns->id) & USIE_CNS_ID_INIT)
1472 			usie_if_sync_to(sc);
1473 		else if (be32toh(cns->id) & USIE_CNS_ID_STOP) {
1474 			ifp->if_flags &= ~IFF_UP;
1475 			ifp->if_drv_flags &=
1476 			    ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
1477 		} else
1478 			DPRINTF("undefined link update\n");
1479 		break;
1480 
1481 	case USIE_CNS_OB_RSSI:
1482 		sc->sc_rssi = be16toh(*(int16_t *)(cns + 1));
1483 		if (sc->sc_rssi <= 0)
1484 			device_printf(sc->sc_dev, "No signal\n");
1485 		else {
1486 			device_printf(sc->sc_dev, "RSSI=%ddBm\n",
1487 			    sc->sc_rssi - 110);
1488 		}
1489 		break;
1490 
1491 	case USIE_CNS_OB_PROF_WRITE:
1492 		break;
1493 
1494 	case USIE_CNS_OB_PDP_READ:
1495 		break;
1496 
1497 	default:
1498 		DPRINTF("undefined CnS\n");
1499 		break;
1500 	}
1501 }
1502 
1503 static void
1504 usie_hip_rsp(struct usie_softc *sc, uint8_t *rsp, uint32_t len)
1505 {
1506 	struct usie_hip *hip;
1507 	struct usie_cns *cns;
1508 	uint32_t i;
1509 	uint32_t j;
1510 	uint32_t off;
1511 	uint8_t tmp[USIE_HIPCNS_MAX] __aligned(4);
1512 
1513 	for (off = 0; (off + USIE_HIPCNS_MIN) <= len; off++) {
1514 
1515 		uint8_t pad;
1516 
1517 		while ((off < len) && (rsp[off] == USIE_HIP_FRM_CHR))
1518 			off++;
1519 
1520 		/* Unstuff the bytes */
1521 		for (i = j = 0; ((i + off) < len) &&
1522 		    (j < USIE_HIPCNS_MAX); i++) {
1523 
1524 			if (rsp[i + off] == USIE_HIP_FRM_CHR)
1525 				break;
1526 
1527 			if (rsp[i + off] == USIE_HIP_ESC_CHR) {
1528 				if ((i + off + 1) >= len)
1529 					break;
1530 				tmp[j++] = rsp[i++ + off + 1] ^ 0x20;
1531 			} else {
1532 				tmp[j++] = rsp[i + off];
1533 			}
1534 		}
1535 
1536 		off += i;
1537 
1538 		DPRINTF("frame len=%d\n", j);
1539 
1540 		if (j < sizeof(struct usie_hip)) {
1541 			DPRINTF("too little data\n");
1542 			break;
1543 		}
1544 		/*
1545 		 * Make sure we are not reading the stack if something
1546 		 * is wrong.
1547 		 */
1548 		memset(tmp + j, 0, sizeof(tmp) - j);
1549 
1550 		hip = (struct usie_hip *)tmp;
1551 
1552 		DPRINTF("hip: len=%d msgID=%02x, param=%02x\n",
1553 		    be16toh(hip->len), hip->id, hip->param);
1554 
1555 		pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1556 
1557 		if ((hip->id & USIE_HIP_MASK) == USIE_HIP_CNS2H) {
1558 			cns = (struct usie_cns *)(((uint8_t *)(hip + 1)) + pad);
1559 
1560 			if (j < (sizeof(struct usie_cns) +
1561 			    sizeof(struct usie_hip) + pad)) {
1562 				DPRINTF("too little data\n");
1563 				break;
1564 			}
1565 			DPRINTF("cns: obj=%04x, op=%02x, rsv0=%02x, "
1566 			    "app=%08x, rsv1=%02x, len=%d\n",
1567 			    be16toh(cns->obj), cns->op, cns->rsv0,
1568 			    be32toh(cns->id), cns->rsv1, cns->len);
1569 
1570 			if (cns->op & USIE_CNS_OP_ERR)
1571 				DPRINTF("CnS error response\n");
1572 			else
1573 				usie_cns_rsp(sc, cns);
1574 
1575 			i = sizeof(struct usie_hip) + pad + sizeof(struct usie_cns);
1576 			j = cns->len;
1577 		} else {
1578 			i = sizeof(struct usie_hip) + pad;
1579 			j = be16toh(hip->len);
1580 		}
1581 #ifdef	USB_DEBUG
1582 		if (usie_debug == 0)
1583 			continue;
1584 
1585 		while (i < USIE_HIPCNS_MAX && j > 0) {
1586 			DPRINTF("param[0x%02x] = 0x%02x\n", i, tmp[i]);
1587 			i++;
1588 			j--;
1589 		}
1590 #endif
1591 	}
1592 }
1593 
1594 static int
1595 usie_driver_loaded(struct module *mod, int what, void *arg)
1596 {
1597 	switch (what) {
1598 	case MOD_LOAD:
1599 		/* register autoinstall handler */
1600 		usie_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
1601 		    usie_autoinst, NULL, EVENTHANDLER_PRI_ANY);
1602 		break;
1603 	case MOD_UNLOAD:
1604 		EVENTHANDLER_DEREGISTER(usb_dev_configured, usie_etag);
1605 		break;
1606 	default:
1607 		return (EOPNOTSUPP);
1608 	}
1609 	return (0);
1610 }
1611 
1612