xref: /freebsd/sys/dev/usb/net/if_usie.c (revision 63f537551380d2dab29fa402ad1269feae17e594)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2011 Anybots Inc
5  * written by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
6  *  - ucom part is based on u3g.c
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include <sys/cdefs.h>
31 #include <sys/param.h>
32 #include <sys/eventhandler.h>
33 #include <sys/systm.h>
34 #include <sys/queue.h>
35 #include <sys/systm.h>
36 #include <sys/socket.h>
37 #include <sys/kernel.h>
38 #include <sys/bus.h>
39 #include <sys/module.h>
40 #include <sys/sockio.h>
41 #include <sys/socket.h>
42 #include <sys/lock.h>
43 #include <sys/mutex.h>
44 #include <sys/condvar.h>
45 #include <sys/sysctl.h>
46 #include <sys/malloc.h>
47 #include <sys/taskqueue.h>
48 
49 #include <net/if.h>
50 #include <net/if_var.h>
51 
52 #include <machine/bus.h>
53 
54 #include <net/if.h>
55 #include <net/if_types.h>
56 #include <net/netisr.h>
57 #include <net/bpf.h>
58 #include <net/ethernet.h>
59 
60 #include <netinet/in.h>
61 #include <netinet/ip.h>
62 #include <netinet/ip6.h>
63 #include <netinet/udp.h>
64 
65 #include <net80211/ieee80211_ioctl.h>
66 
67 #include <dev/usb/usb.h>
68 #include <dev/usb/usbdi.h>
69 #include <dev/usb/usbdi_util.h>
70 #include <dev/usb/usb_cdc.h>
71 #include "usbdevs.h"
72 
73 #define	USB_DEBUG_VAR usie_debug
74 #include <dev/usb/usb_debug.h>
75 #include <dev/usb/usb_process.h>
76 #include <dev/usb/usb_msctest.h>
77 
78 #include <dev/usb/serial/usb_serial.h>
79 
80 #include <dev/usb/net/if_usievar.h>
81 
82 #ifdef	USB_DEBUG
83 static int usie_debug = 0;
84 
85 static SYSCTL_NODE(_hw_usb, OID_AUTO, usie, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
86     "sierra USB modem");
87 SYSCTL_INT(_hw_usb_usie, OID_AUTO, debug, CTLFLAG_RWTUN, &usie_debug, 0,
88     "usie debug level");
89 #endif
90 
91 /* Sierra Wireless Direct IP modems */
92 static const STRUCT_USB_HOST_ID usie_devs[] = {
93 #define	USIE_DEV(v, d) {				\
94     USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##d) }
95 	USIE_DEV(SIERRA, MC8700),
96 	USIE_DEV(SIERRA, TRUINSTALL),
97 	USIE_DEV(AIRPRIME, USB308),
98 #undef	USIE_DEV
99 };
100 
101 static device_probe_t usie_probe;
102 static device_attach_t usie_attach;
103 static device_detach_t usie_detach;
104 static void usie_free_softc(struct usie_softc *);
105 
106 static void usie_free(struct ucom_softc *);
107 static void usie_uc_update_line_state(struct ucom_softc *, uint8_t);
108 static void usie_uc_cfg_get_status(struct ucom_softc *, uint8_t *, uint8_t *);
109 static void usie_uc_cfg_set_dtr(struct ucom_softc *, uint8_t);
110 static void usie_uc_cfg_set_rts(struct ucom_softc *, uint8_t);
111 static void usie_uc_cfg_open(struct ucom_softc *);
112 static void usie_uc_cfg_close(struct ucom_softc *);
113 static void usie_uc_start_read(struct ucom_softc *);
114 static void usie_uc_stop_read(struct ucom_softc *);
115 static void usie_uc_start_write(struct ucom_softc *);
116 static void usie_uc_stop_write(struct ucom_softc *);
117 
118 static usb_callback_t usie_uc_tx_callback;
119 static usb_callback_t usie_uc_rx_callback;
120 static usb_callback_t usie_uc_status_callback;
121 static usb_callback_t usie_if_tx_callback;
122 static usb_callback_t usie_if_rx_callback;
123 static usb_callback_t usie_if_status_callback;
124 
125 static void usie_if_sync_to(void *);
126 static void usie_if_sync_cb(void *, int);
127 static void usie_if_status_cb(void *, int);
128 
129 static void usie_if_start(if_t);
130 static int usie_if_output(if_t, struct mbuf *,
131 	const struct sockaddr *, struct route *);
132 static void usie_if_init(void *);
133 static void usie_if_stop(struct usie_softc *);
134 static int usie_if_ioctl(if_t, u_long, caddr_t);
135 
136 static int usie_do_request(struct usie_softc *, struct usb_device_request *, void *);
137 static int usie_if_cmd(struct usie_softc *, uint8_t);
138 static void usie_cns_req(struct usie_softc *, uint32_t, uint16_t);
139 static void usie_cns_rsp(struct usie_softc *, struct usie_cns *);
140 static void usie_hip_rsp(struct usie_softc *, uint8_t *, uint32_t);
141 static int usie_driver_loaded(struct module *, int, void *);
142 
143 static const struct usb_config usie_uc_config[USIE_UC_N_XFER] = {
144 	[USIE_UC_STATUS] = {
145 		.type = UE_INTERRUPT,
146 		.endpoint = UE_ADDR_ANY,
147 		.direction = UE_DIR_IN,
148 		.bufsize = 0,		/* use wMaxPacketSize */
149 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
150 		.callback = &usie_uc_status_callback,
151 	},
152 	[USIE_UC_RX] = {
153 		.type = UE_BULK,
154 		.endpoint = UE_ADDR_ANY,
155 		.direction = UE_DIR_IN,
156 		.bufsize = USIE_BUFSIZE,
157 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,.proxy_buffer = 1,},
158 		.callback = &usie_uc_rx_callback,
159 	},
160 	[USIE_UC_TX] = {
161 		.type = UE_BULK,
162 		.endpoint = UE_ADDR_ANY,
163 		.direction = UE_DIR_OUT,
164 		.bufsize = USIE_BUFSIZE,
165 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
166 		.callback = &usie_uc_tx_callback,
167 	}
168 };
169 
170 static const struct usb_config usie_if_config[USIE_IF_N_XFER] = {
171 	[USIE_IF_STATUS] = {
172 		.type = UE_INTERRUPT,
173 		.endpoint = UE_ADDR_ANY,
174 		.direction = UE_DIR_IN,
175 		.bufsize = 0,		/* use wMaxPacketSize */
176 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
177 		.callback = &usie_if_status_callback,
178 	},
179 	[USIE_IF_RX] = {
180 		.type = UE_BULK,
181 		.endpoint = UE_ADDR_ANY,
182 		.direction = UE_DIR_IN,
183 		.bufsize = USIE_BUFSIZE,
184 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
185 		.callback = &usie_if_rx_callback,
186 	},
187 	[USIE_IF_TX] = {
188 		.type = UE_BULK,
189 		.endpoint = UE_ADDR_ANY,
190 		.direction = UE_DIR_OUT,
191 		.bufsize = MAX(USIE_BUFSIZE, MCLBYTES),
192 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
193 		.callback = &usie_if_tx_callback,
194 	}
195 };
196 
197 static device_method_t usie_methods[] = {
198 	DEVMETHOD(device_probe, usie_probe),
199 	DEVMETHOD(device_attach, usie_attach),
200 	DEVMETHOD(device_detach, usie_detach),
201 	DEVMETHOD_END
202 };
203 
204 static driver_t usie_driver = {
205 	.name = "usie",
206 	.methods = usie_methods,
207 	.size = sizeof(struct usie_softc),
208 };
209 
210 static eventhandler_tag usie_etag;
211 
212 DRIVER_MODULE(usie, uhub, usie_driver, usie_driver_loaded, NULL);
213 MODULE_DEPEND(usie, ucom, 1, 1, 1);
214 MODULE_DEPEND(usie, usb, 1, 1, 1);
215 MODULE_VERSION(usie, 1);
216 USB_PNP_HOST_INFO(usie_devs);
217 
218 static const struct ucom_callback usie_uc_callback = {
219 	.ucom_cfg_get_status = &usie_uc_cfg_get_status,
220 	.ucom_cfg_set_dtr = &usie_uc_cfg_set_dtr,
221 	.ucom_cfg_set_rts = &usie_uc_cfg_set_rts,
222 	.ucom_cfg_open = &usie_uc_cfg_open,
223 	.ucom_cfg_close = &usie_uc_cfg_close,
224 	.ucom_start_read = &usie_uc_start_read,
225 	.ucom_stop_read = &usie_uc_stop_read,
226 	.ucom_start_write = &usie_uc_start_write,
227 	.ucom_stop_write = &usie_uc_stop_write,
228 	.ucom_free = &usie_free,
229 };
230 
231 static void
232 usie_autoinst(void *arg, struct usb_device *udev,
233     struct usb_attach_arg *uaa)
234 {
235 	struct usb_interface *iface;
236 	struct usb_interface_descriptor *id;
237 	struct usb_device_request req;
238 	int err;
239 
240 	if (uaa->dev_state != UAA_DEV_READY)
241 		return;
242 
243 	iface = usbd_get_iface(udev, 0);
244 	if (iface == NULL)
245 		return;
246 
247 	id = iface->idesc;
248 	if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
249 		return;
250 
251 	if (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa) != 0)
252 		return;			/* no device match */
253 
254 	if (bootverbose) {
255 		DPRINTF("Ejecting %s %s\n",
256 		    usb_get_manufacturer(udev),
257 		    usb_get_product(udev));
258 	}
259 	req.bmRequestType = UT_VENDOR;
260 	req.bRequest = UR_SET_INTERFACE;
261 	USETW(req.wValue, UF_DEVICE_REMOTE_WAKEUP);
262 	USETW(req.wIndex, UHF_PORT_CONNECTION);
263 	USETW(req.wLength, 0);
264 
265 	/* at this moment there is no mutex */
266 	err = usbd_do_request_flags(udev, NULL, &req,
267 	    NULL, 0, NULL, 250 /* ms */ );
268 
269 	/* success, mark the udev as disappearing */
270 	if (err == 0)
271 		uaa->dev_state = UAA_DEV_EJECTING;
272 }
273 
274 static int
275 usie_probe(device_t self)
276 {
277 	struct usb_attach_arg *uaa = device_get_ivars(self);
278 
279 	if (uaa->usb_mode != USB_MODE_HOST)
280 		return (ENXIO);
281 	if (uaa->info.bConfigIndex != USIE_CNFG_INDEX)
282 		return (ENXIO);
283 	if (uaa->info.bIfaceIndex != USIE_IFACE_INDEX)
284 		return (ENXIO);
285 	if (uaa->info.bInterfaceClass != UICLASS_VENDOR)
286 		return (ENXIO);
287 
288 	return (usbd_lookup_id_by_uaa(usie_devs, sizeof(usie_devs), uaa));
289 }
290 
291 static int
292 usie_attach(device_t self)
293 {
294 	struct usie_softc *sc = device_get_softc(self);
295 	struct usb_attach_arg *uaa = device_get_ivars(self);
296 	if_t ifp;
297 	struct usb_interface *iface;
298 	struct usb_interface_descriptor *id;
299 	struct usb_device_request req;
300 	int err;
301 	uint16_t fwattr;
302 	uint8_t iface_index;
303 	uint8_t ifidx;
304 	uint8_t start;
305 
306 	device_set_usb_desc(self);
307 	sc->sc_udev = uaa->device;
308 	sc->sc_dev = self;
309 
310 	mtx_init(&sc->sc_mtx, "usie", MTX_NETWORK_LOCK, MTX_DEF);
311 	ucom_ref(&sc->sc_super_ucom);
312 
313 	TASK_INIT(&sc->sc_if_status_task, 0, usie_if_status_cb, sc);
314 	TASK_INIT(&sc->sc_if_sync_task, 0, usie_if_sync_cb, sc);
315 
316 	usb_callout_init_mtx(&sc->sc_if_sync_ch, &sc->sc_mtx, 0);
317 
318 	mtx_lock(&sc->sc_mtx);
319 
320 	/* set power mode to D0 */
321 	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
322 	req.bRequest = USIE_POWER;
323 	USETW(req.wValue, 0);
324 	USETW(req.wIndex, 0);
325 	USETW(req.wLength, 0);
326 	if (usie_do_request(sc, &req, NULL)) {
327 		mtx_unlock(&sc->sc_mtx);
328 		goto detach;
329 	}
330 	/* read fw attr */
331 	fwattr = 0;
332 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
333 	req.bRequest = USIE_FW_ATTR;
334 	USETW(req.wValue, 0);
335 	USETW(req.wIndex, 0);
336 	USETW(req.wLength, sizeof(fwattr));
337 	if (usie_do_request(sc, &req, &fwattr)) {
338 		mtx_unlock(&sc->sc_mtx);
339 		goto detach;
340 	}
341 	mtx_unlock(&sc->sc_mtx);
342 
343 	/* check DHCP supports */
344 	DPRINTF("fwattr=%x\n", fwattr);
345 	if (!(fwattr & USIE_FW_DHCP)) {
346 		device_printf(self, "DHCP is not supported. A firmware upgrade might be needed.\n");
347 	}
348 
349 	/* find available interfaces */
350 	sc->sc_nucom = 0;
351 	for (ifidx = 0; ifidx < USIE_IFACE_MAX; ifidx++) {
352 		iface = usbd_get_iface(uaa->device, ifidx);
353 		if (iface == NULL)
354 			break;
355 
356 		id = usbd_get_interface_descriptor(iface);
357 		if ((id == NULL) || (id->bInterfaceClass != UICLASS_VENDOR))
358 			continue;
359 
360 		/* setup Direct IP transfer */
361 		if (id->bInterfaceNumber >= 7 && id->bNumEndpoints == 3) {
362 			sc->sc_if_ifnum = id->bInterfaceNumber;
363 			iface_index = ifidx;
364 
365 			DPRINTF("ifnum=%d, ifidx=%d\n",
366 			    sc->sc_if_ifnum, ifidx);
367 
368 			err = usbd_transfer_setup(uaa->device,
369 			    &iface_index, sc->sc_if_xfer, usie_if_config,
370 			    USIE_IF_N_XFER, sc, &sc->sc_mtx);
371 
372 			if (err == 0)
373 				continue;
374 
375 			device_printf(self,
376 			    "could not allocate USB transfers on "
377 			    "iface_index=%d, err=%s\n",
378 			    iface_index, usbd_errstr(err));
379 			goto detach;
380 		}
381 
382 		/* setup ucom */
383 		if (sc->sc_nucom >= USIE_UCOM_MAX)
384 			continue;
385 
386 		usbd_set_parent_iface(uaa->device, ifidx,
387 		    uaa->info.bIfaceIndex);
388 
389 		DPRINTF("NumEndpoints=%d bInterfaceNumber=%d\n",
390 		    id->bNumEndpoints, id->bInterfaceNumber);
391 
392 		if (id->bNumEndpoints == 2) {
393 			sc->sc_uc_xfer[sc->sc_nucom][0] = NULL;
394 			start = 1;
395 		} else
396 			start = 0;
397 
398 		err = usbd_transfer_setup(uaa->device, &ifidx,
399 		    sc->sc_uc_xfer[sc->sc_nucom] + start,
400 		    usie_uc_config + start, USIE_UC_N_XFER - start,
401 		    &sc->sc_ucom[sc->sc_nucom], &sc->sc_mtx);
402 
403 		if (err != 0) {
404 			DPRINTF("usbd_transfer_setup error=%s\n", usbd_errstr(err));
405 			continue;
406 		}
407 
408 		mtx_lock(&sc->sc_mtx);
409 		for (; start < USIE_UC_N_XFER; start++)
410 			usbd_xfer_set_stall(sc->sc_uc_xfer[sc->sc_nucom][start]);
411 		mtx_unlock(&sc->sc_mtx);
412 
413 		sc->sc_uc_ifnum[sc->sc_nucom] = id->bInterfaceNumber;
414 
415 		sc->sc_nucom++;		/* found a port */
416 	}
417 
418 	if (sc->sc_nucom == 0) {
419 		device_printf(self, "no comports found\n");
420 		goto detach;
421 	}
422 
423 	err = ucom_attach(&sc->sc_super_ucom, sc->sc_ucom,
424 	    sc->sc_nucom, sc, &usie_uc_callback, &sc->sc_mtx);
425 
426 	if (err != 0) {
427 		DPRINTF("ucom_attach failed\n");
428 		goto detach;
429 	}
430 	DPRINTF("Found %d interfaces.\n", sc->sc_nucom);
431 
432 	/* setup ifnet (Direct IP) */
433 	sc->sc_ifp = ifp = if_alloc(IFT_OTHER);
434 
435 	if (ifp == NULL) {
436 		device_printf(self, "Could not allocate a network interface\n");
437 		goto detach;
438 	}
439 	if_initname(ifp, "usie", device_get_unit(self));
440 
441 	if_setsoftc(ifp, sc);
442 	if_setmtu(ifp, USIE_MTU_MAX);
443 	if_setflagbits(ifp, IFF_NOARP, 0);
444 	if_setinitfn(ifp, usie_if_init);
445 	if_setioctlfn(ifp, usie_if_ioctl);
446 	if_setstartfn(ifp, usie_if_start);
447 	if_setoutputfn(ifp, usie_if_output);
448 	if_setsendqlen(ifp, ifqmaxlen);
449 	if_setsendqready(ifp);
450 
451 	if_attach(ifp);
452 	bpfattach(ifp, DLT_RAW, 0);
453 
454 	if (fwattr & USIE_PM_AUTO) {
455 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
456 		DPRINTF("enabling automatic suspend and resume\n");
457 	} else {
458 		usbd_set_power_mode(uaa->device, USB_POWER_MODE_ON);
459 		DPRINTF("USB power is always ON\n");
460 	}
461 
462 	DPRINTF("device attached\n");
463 	return (0);
464 
465 detach:
466 	usie_detach(self);
467 	return (ENOMEM);
468 }
469 
470 static int
471 usie_detach(device_t self)
472 {
473 	struct usie_softc *sc = device_get_softc(self);
474 	uint8_t x;
475 
476 	/* detach ifnet */
477 	if (sc->sc_ifp != NULL) {
478 		usie_if_stop(sc);
479 		usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
480 		bpfdetach(sc->sc_ifp);
481 		if_detach(sc->sc_ifp);
482 		if_free(sc->sc_ifp);
483 		sc->sc_ifp = NULL;
484 	}
485 	/* detach ucom */
486 	if (sc->sc_nucom > 0)
487 		ucom_detach(&sc->sc_super_ucom, sc->sc_ucom);
488 
489 	/* stop all USB transfers */
490 	usbd_transfer_unsetup(sc->sc_if_xfer, USIE_IF_N_XFER);
491 
492 	for (x = 0; x != USIE_UCOM_MAX; x++)
493 		usbd_transfer_unsetup(sc->sc_uc_xfer[x], USIE_UC_N_XFER);
494 
495 	device_claim_softc(self);
496 
497 	usie_free_softc(sc);
498 
499 	return (0);
500 }
501 
502 UCOM_UNLOAD_DRAIN(usie);
503 
504 static void
505 usie_free_softc(struct usie_softc *sc)
506 {
507 	if (ucom_unref(&sc->sc_super_ucom)) {
508 		mtx_destroy(&sc->sc_mtx);
509 		device_free_softc(sc);
510 	}
511 }
512 
513 static void
514 usie_free(struct ucom_softc *ucom)
515 {
516 	usie_free_softc(ucom->sc_parent);
517 }
518 
519 static void
520 usie_uc_update_line_state(struct ucom_softc *ucom, uint8_t ls)
521 {
522 	struct usie_softc *sc = ucom->sc_parent;
523 	struct usb_device_request req;
524 
525 	if (sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS] == NULL)
526 		return;
527 
528 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
529 	req.bRequest = USIE_LINK_STATE;
530 	USETW(req.wValue, ls);
531 	USETW(req.wIndex, sc->sc_uc_ifnum[ucom->sc_subunit]);
532 	USETW(req.wLength, 0);
533 
534 	DPRINTF("sc_uc_ifnum=%d\n", sc->sc_uc_ifnum[ucom->sc_subunit]);
535 
536 	usie_do_request(sc, &req, NULL);
537 }
538 
539 static void
540 usie_uc_cfg_get_status(struct ucom_softc *ucom, uint8_t *lsr, uint8_t *msr)
541 {
542 	struct usie_softc *sc = ucom->sc_parent;
543 
544 	*msr = sc->sc_msr;
545 	*lsr = sc->sc_lsr;
546 }
547 
548 static void
549 usie_uc_cfg_set_dtr(struct ucom_softc *ucom, uint8_t flag)
550 {
551 	uint8_t dtr;
552 
553 	dtr = flag ? USIE_LS_DTR : 0;
554 	usie_uc_update_line_state(ucom, dtr);
555 }
556 
557 static void
558 usie_uc_cfg_set_rts(struct ucom_softc *ucom, uint8_t flag)
559 {
560 	uint8_t rts;
561 
562 	rts = flag ? USIE_LS_RTS : 0;
563 	usie_uc_update_line_state(ucom, rts);
564 }
565 
566 static void
567 usie_uc_cfg_open(struct ucom_softc *ucom)
568 {
569 	struct usie_softc *sc = ucom->sc_parent;
570 
571 	/* usbd_transfer_start() is NULL safe */
572 
573 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
574 }
575 
576 static void
577 usie_uc_cfg_close(struct ucom_softc *ucom)
578 {
579 	struct usie_softc *sc = ucom->sc_parent;
580 
581 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_STATUS]);
582 }
583 
584 static void
585 usie_uc_start_read(struct ucom_softc *ucom)
586 {
587 	struct usie_softc *sc = ucom->sc_parent;
588 
589 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
590 }
591 
592 static void
593 usie_uc_stop_read(struct ucom_softc *ucom)
594 {
595 	struct usie_softc *sc = ucom->sc_parent;
596 
597 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_RX]);
598 }
599 
600 static void
601 usie_uc_start_write(struct ucom_softc *ucom)
602 {
603 	struct usie_softc *sc = ucom->sc_parent;
604 
605 	usbd_transfer_start(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
606 }
607 
608 static void
609 usie_uc_stop_write(struct ucom_softc *ucom)
610 {
611 	struct usie_softc *sc = ucom->sc_parent;
612 
613 	usbd_transfer_stop(sc->sc_uc_xfer[ucom->sc_subunit][USIE_UC_TX]);
614 }
615 
616 static void
617 usie_uc_rx_callback(struct usb_xfer *xfer, usb_error_t error)
618 {
619 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
620 	struct usie_softc *sc = ucom->sc_parent;
621 	struct usb_page_cache *pc;
622 	uint32_t actlen;
623 
624 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
625 
626 	switch (USB_GET_STATE(xfer)) {
627 	case USB_ST_TRANSFERRED:
628 		pc = usbd_xfer_get_frame(xfer, 0);
629 
630 		/* handle CnS response */
631 		if (ucom == sc->sc_ucom && actlen >= USIE_HIPCNS_MIN) {
632 			DPRINTF("transferred=%u\n", actlen);
633 
634 			/* check if it is really CnS reply */
635 			usbd_copy_out(pc, 0, sc->sc_resp_temp, 1);
636 
637 			if (sc->sc_resp_temp[0] == USIE_HIP_FRM_CHR) {
638 				/* verify actlen */
639 				if (actlen > USIE_BUFSIZE)
640 					actlen = USIE_BUFSIZE;
641 
642 				/* get complete message */
643 				usbd_copy_out(pc, 0, sc->sc_resp_temp, actlen);
644 				usie_hip_rsp(sc, sc->sc_resp_temp, actlen);
645 
646 				/* need to fall though */
647 				goto tr_setup;
648 			}
649 			/* else call ucom_put_data() */
650 		}
651 		/* standard ucom transfer */
652 		ucom_put_data(ucom, pc, 0, actlen);
653 
654 		/* fall though */
655 	case USB_ST_SETUP:
656 tr_setup:
657 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
658 		usbd_transfer_submit(xfer);
659 		break;
660 
661 	default:			/* Error */
662 		if (error != USB_ERR_CANCELLED) {
663 			usbd_xfer_set_stall(xfer);
664 			goto tr_setup;
665 		}
666 		break;
667 	}
668 }
669 
670 static void
671 usie_uc_tx_callback(struct usb_xfer *xfer, usb_error_t error)
672 {
673 	struct ucom_softc *ucom = usbd_xfer_softc(xfer);
674 	struct usb_page_cache *pc;
675 	uint32_t actlen;
676 
677 	switch (USB_GET_STATE(xfer)) {
678 	case USB_ST_TRANSFERRED:
679 	case USB_ST_SETUP:
680 tr_setup:
681 		pc = usbd_xfer_get_frame(xfer, 0);
682 
683 		/* handle CnS request */
684 		struct mbuf *m = usbd_xfer_get_priv(xfer);
685 
686 		if (m != NULL) {
687 			usbd_m_copy_in(pc, 0, m, 0, m->m_pkthdr.len);
688 			usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len);
689 			usbd_xfer_set_priv(xfer, NULL);
690 			usbd_transfer_submit(xfer);
691 			m_freem(m);
692 			break;
693 		}
694 		/* standard ucom transfer */
695 		if (ucom_get_data(ucom, pc, 0, USIE_BUFSIZE, &actlen)) {
696 			usbd_xfer_set_frame_len(xfer, 0, actlen);
697 			usbd_transfer_submit(xfer);
698 		}
699 		break;
700 
701 	default:			/* Error */
702 		if (error != USB_ERR_CANCELLED) {
703 			usbd_xfer_set_stall(xfer);
704 			goto tr_setup;
705 		}
706 		break;
707 	}
708 }
709 
710 static void
711 usie_uc_status_callback(struct usb_xfer *xfer, usb_error_t error)
712 {
713 	struct usb_page_cache *pc;
714 	struct {
715 		struct usb_device_request req;
716 		uint16_t param;
717 	}      st;
718 	uint32_t actlen;
719 	uint16_t param;
720 
721 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
722 
723 	switch (USB_GET_STATE(xfer)) {
724 	case USB_ST_TRANSFERRED:
725 		DPRINTFN(4, "info received, actlen=%u\n", actlen);
726 
727 		if (actlen < sizeof(st)) {
728 			DPRINTF("data too short actlen=%u\n", actlen);
729 			goto tr_setup;
730 		}
731 		pc = usbd_xfer_get_frame(xfer, 0);
732 		usbd_copy_out(pc, 0, &st, sizeof(st));
733 
734 		if (st.req.bmRequestType == 0xa1 && st.req.bRequest == 0x20) {
735 			struct ucom_softc *ucom = usbd_xfer_softc(xfer);
736 			struct usie_softc *sc = ucom->sc_parent;
737 
738 			param = le16toh(st.param);
739 			DPRINTF("param=%x\n", param);
740 			sc->sc_msr = sc->sc_lsr = 0;
741 			sc->sc_msr |= (param & USIE_DCD) ? SER_DCD : 0;
742 			sc->sc_msr |= (param & USIE_DSR) ? SER_DSR : 0;
743 			sc->sc_msr |= (param & USIE_RI) ? SER_RI : 0;
744 			sc->sc_msr |= (param & USIE_CTS) ? 0 : SER_CTS;
745 			sc->sc_msr |= (param & USIE_RTS) ? SER_RTS : 0;
746 			sc->sc_msr |= (param & USIE_DTR) ? SER_DTR : 0;
747 		}
748 		/* fall though */
749 	case USB_ST_SETUP:
750 tr_setup:
751 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
752 		usbd_transfer_submit(xfer);
753 		break;
754 
755 	default:			/* Error */
756 		DPRINTF("USB transfer error, %s\n",
757 		    usbd_errstr(error));
758 
759 		if (error != USB_ERR_CANCELLED) {
760 			usbd_xfer_set_stall(xfer);
761 			goto tr_setup;
762 		}
763 		break;
764 	}
765 }
766 
767 static void
768 usie_if_rx_callback(struct usb_xfer *xfer, usb_error_t error)
769 {
770 	struct epoch_tracker et;
771 	struct usie_softc *sc = usbd_xfer_softc(xfer);
772 	if_t ifp = sc->sc_ifp;
773 	struct mbuf *m0;
774 	struct mbuf *m = NULL;
775 	struct usie_desc *rxd;
776 	uint32_t actlen;
777 	uint16_t err;
778 	uint16_t pkt;
779 	uint16_t ipl;
780 	uint16_t len;
781 	uint16_t diff;
782 	uint8_t pad;
783 	uint8_t ipv;
784 
785 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
786 
787 	switch (USB_GET_STATE(xfer)) {
788 	case USB_ST_TRANSFERRED:
789 		DPRINTFN(15, "rx done, actlen=%u\n", actlen);
790 
791 		if (actlen < sizeof(struct usie_hip)) {
792 			DPRINTF("data too short %u\n", actlen);
793 			goto tr_setup;
794 		}
795 		m = sc->sc_rxm;
796 		sc->sc_rxm = NULL;
797 
798 		/* fall though */
799 	case USB_ST_SETUP:
800 tr_setup:
801 
802 		if (sc->sc_rxm == NULL) {
803 			sc->sc_rxm = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
804 			    MJUMPAGESIZE /* could be bigger than MCLBYTES */ );
805 		}
806 		if (sc->sc_rxm == NULL) {
807 			DPRINTF("could not allocate Rx mbuf\n");
808 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
809 			usbd_xfer_set_stall(xfer);
810 			usbd_xfer_set_frames(xfer, 0);
811 		} else {
812 			/*
813 			 * Directly loading a mbuf cluster into DMA to
814 			 * save some data copying. This works because
815 			 * there is only one cluster.
816 			 */
817 			usbd_xfer_set_frame_data(xfer, 0,
818 			    mtod(sc->sc_rxm, caddr_t), MIN(MJUMPAGESIZE, USIE_RXSZ_MAX));
819 			usbd_xfer_set_frames(xfer, 1);
820 		}
821 		usbd_transfer_submit(xfer);
822 		break;
823 
824 	default:			/* Error */
825 		DPRINTF("USB transfer error, %s\n", usbd_errstr(error));
826 
827 		if (error != USB_ERR_CANCELLED) {
828 			/* try to clear stall first */
829 			usbd_xfer_set_stall(xfer);
830 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
831 			goto tr_setup;
832 		}
833 		if (sc->sc_rxm != NULL) {
834 			m_freem(sc->sc_rxm);
835 			sc->sc_rxm = NULL;
836 		}
837 		break;
838 	}
839 
840 	if (m == NULL)
841 		return;
842 
843 	mtx_unlock(&sc->sc_mtx);
844 
845 	m->m_pkthdr.len = m->m_len = actlen;
846 
847 	err = pkt = 0;
848 
849 	/* HW can aggregate multiple frames in a single USB xfer */
850 	NET_EPOCH_ENTER(et);
851 	for (;;) {
852 		rxd = mtod(m, struct usie_desc *);
853 
854 		len = be16toh(rxd->hip.len) & USIE_HIP_IP_LEN_MASK;
855 		pad = (rxd->hip.id & USIE_HIP_PAD) ? 1 : 0;
856 		ipl = (len - pad - ETHER_HDR_LEN);
857 		if (ipl >= len) {
858 			DPRINTF("Corrupt frame\n");
859 			m_freem(m);
860 			break;
861 		}
862 		diff = sizeof(struct usie_desc) + ipl + pad;
863 
864 		if (((rxd->hip.id & USIE_HIP_MASK) != USIE_HIP_IP) ||
865 		    (be16toh(rxd->desc_type) & USIE_TYPE_MASK) != USIE_IP_RX) {
866 			DPRINTF("received wrong type of packet\n");
867 			m->m_data += diff;
868 			m->m_pkthdr.len = (m->m_len -= diff);
869 			err++;
870 			if (m->m_pkthdr.len > 0)
871 				continue;
872 			m_freem(m);
873 			break;
874 		}
875 		switch (be16toh(rxd->ethhdr.ether_type)) {
876 		case ETHERTYPE_IP:
877 			ipv = NETISR_IP;
878 			break;
879 #ifdef INET6
880 		case ETHERTYPE_IPV6:
881 			ipv = NETISR_IPV6;
882 			break;
883 #endif
884 		default:
885 			DPRINTF("unsupported ether type\n");
886 			err++;
887 			break;
888 		}
889 
890 		/* the last packet */
891 		if (m->m_pkthdr.len <= diff) {
892 			m->m_data += (sizeof(struct usie_desc) + pad);
893 			m->m_pkthdr.len = m->m_len = ipl;
894 			m->m_pkthdr.rcvif = ifp;
895 			BPF_MTAP(sc->sc_ifp, m);
896 			netisr_dispatch(ipv, m);
897 			break;
898 		}
899 		/* copy aggregated frames to another mbuf */
900 		m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
901 		if (__predict_false(m0 == NULL)) {
902 			DPRINTF("could not allocate mbuf\n");
903 			err++;
904 			m_freem(m);
905 			break;
906 		}
907 		m_copydata(m, sizeof(struct usie_desc) + pad, ipl, mtod(m0, caddr_t));
908 		m0->m_pkthdr.rcvif = ifp;
909 		m0->m_pkthdr.len = m0->m_len = ipl;
910 
911 		BPF_MTAP(sc->sc_ifp, m0);
912 		netisr_dispatch(ipv, m0);
913 
914 		m->m_data += diff;
915 		m->m_pkthdr.len = (m->m_len -= diff);
916 	}
917 	NET_EPOCH_EXIT(et);
918 
919 	mtx_lock(&sc->sc_mtx);
920 
921 	if_inc_counter(ifp, IFCOUNTER_IERRORS, err);
922 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, pkt);
923 }
924 
925 static void
926 usie_if_tx_callback(struct usb_xfer *xfer, usb_error_t error)
927 {
928 	struct usie_softc *sc = usbd_xfer_softc(xfer);
929 	struct usb_page_cache *pc;
930 	if_t ifp = sc->sc_ifp;
931 	struct mbuf *m;
932 	uint16_t size;
933 
934 	switch (USB_GET_STATE(xfer)) {
935 	case USB_ST_TRANSFERRED:
936 		DPRINTFN(11, "transfer complete\n");
937 		if_setdrvflagbits(ifp, 0, IFF_DRV_OACTIVE);
938 		if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
939 
940 		/* fall though */
941 	case USB_ST_SETUP:
942 tr_setup:
943 
944 		if ((if_getdrvflags(ifp) & IFF_DRV_RUNNING) == 0)
945 			break;
946 
947 		m = if_dequeue(ifp);
948 		if (m == NULL)
949 			break;
950 
951 		if (m->m_pkthdr.len > (int)(MCLBYTES - ETHER_HDR_LEN +
952 		    ETHER_CRC_LEN - sizeof(sc->sc_txd))) {
953 			DPRINTF("packet len is too big: %d\n",
954 			    m->m_pkthdr.len);
955 			break;
956 		}
957 		pc = usbd_xfer_get_frame(xfer, 0);
958 
959 		sc->sc_txd.hip.len = htobe16(m->m_pkthdr.len +
960 		    ETHER_HDR_LEN + ETHER_CRC_LEN);
961 		size = sizeof(sc->sc_txd);
962 
963 		usbd_copy_in(pc, 0, &sc->sc_txd, size);
964 		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
965 		usbd_xfer_set_frame_len(xfer, 0, m->m_pkthdr.len +
966 		    size + ETHER_CRC_LEN);
967 
968 		BPF_MTAP(ifp, m);
969 
970 		m_freem(m);
971 
972 		usbd_transfer_submit(xfer);
973 		break;
974 
975 	default:			/* Error */
976 		DPRINTF("USB transfer error, %s\n",
977 		    usbd_errstr(error));
978 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
979 
980 		if (error != USB_ERR_CANCELLED) {
981 			usbd_xfer_set_stall(xfer);
982 			if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
983 			goto tr_setup;
984 		}
985 		break;
986 	}
987 }
988 
989 static void
990 usie_if_status_callback(struct usb_xfer *xfer, usb_error_t error)
991 {
992 	struct usie_softc *sc = usbd_xfer_softc(xfer);
993 	struct usb_page_cache *pc;
994 	struct usb_cdc_notification cdc;
995 	uint32_t actlen;
996 
997 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
998 
999 	switch (USB_GET_STATE(xfer)) {
1000 	case USB_ST_TRANSFERRED:
1001 		DPRINTFN(4, "info received, actlen=%d\n", actlen);
1002 
1003 		/* usb_cdc_notification - .data[16] */
1004 		if (actlen < (sizeof(cdc) - 16)) {
1005 			DPRINTF("data too short %d\n", actlen);
1006 			goto tr_setup;
1007 		}
1008 		pc = usbd_xfer_get_frame(xfer, 0);
1009 		usbd_copy_out(pc, 0, &cdc, (sizeof(cdc) - 16));
1010 
1011 		DPRINTFN(4, "bNotification=%x\n", cdc.bNotification);
1012 
1013 		if (cdc.bNotification & UCDC_N_RESPONSE_AVAILABLE) {
1014 			taskqueue_enqueue(taskqueue_thread,
1015 			    &sc->sc_if_status_task);
1016 		}
1017 		/* fall though */
1018 	case USB_ST_SETUP:
1019 tr_setup:
1020 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1021 		usbd_transfer_submit(xfer);
1022 		break;
1023 
1024 	default:			/* Error */
1025 		DPRINTF("USB transfer error, %s\n",
1026 		    usbd_errstr(error));
1027 
1028 		if (error != USB_ERR_CANCELLED) {
1029 			usbd_xfer_set_stall(xfer);
1030 			goto tr_setup;
1031 		}
1032 		break;
1033 	}
1034 }
1035 
1036 static void
1037 usie_if_sync_to(void *arg)
1038 {
1039 	struct usie_softc *sc = arg;
1040 
1041 	taskqueue_enqueue(taskqueue_thread, &sc->sc_if_sync_task);
1042 }
1043 
1044 static void
1045 usie_if_sync_cb(void *arg, int pending)
1046 {
1047 	struct usie_softc *sc = arg;
1048 
1049 	mtx_lock(&sc->sc_mtx);
1050 
1051 	/* call twice */
1052 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1053 	usie_if_cmd(sc, USIE_HIP_SYNC2M);
1054 
1055 	usb_callout_reset(&sc->sc_if_sync_ch, 2 * hz, usie_if_sync_to, sc);
1056 
1057 	mtx_unlock(&sc->sc_mtx);
1058 }
1059 
1060 static void
1061 usie_if_status_cb(void *arg, int pending)
1062 {
1063 	struct usie_softc *sc = arg;
1064 	if_t ifp = sc->sc_ifp;
1065 	struct usb_device_request req;
1066 	struct usie_hip *hip;
1067 	struct usie_lsi *lsi;
1068 	uint16_t actlen;
1069 	uint8_t ntries;
1070 	uint8_t pad;
1071 
1072 	mtx_lock(&sc->sc_mtx);
1073 
1074 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1075 	req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE;
1076 	USETW(req.wValue, 0);
1077 	USETW(req.wIndex, sc->sc_if_ifnum);
1078 	USETW(req.wLength, sizeof(sc->sc_status_temp));
1079 
1080 	for (ntries = 0; ntries != 10; ntries++) {
1081 		int err;
1082 
1083 		err = usbd_do_request_flags(sc->sc_udev,
1084 		    &sc->sc_mtx, &req, sc->sc_status_temp, USB_SHORT_XFER_OK,
1085 		    &actlen, USB_DEFAULT_TIMEOUT);
1086 
1087 		if (err == 0)
1088 			break;
1089 
1090 		DPRINTF("Control request failed: %s %d/10\n",
1091 		    usbd_errstr(err), ntries);
1092 
1093 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1094 	}
1095 
1096 	if (ntries == 10) {
1097 		mtx_unlock(&sc->sc_mtx);
1098 		DPRINTF("Timeout\n");
1099 		return;
1100 	}
1101 
1102 	hip = (struct usie_hip *)sc->sc_status_temp;
1103 
1104 	pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1105 
1106 	DPRINTF("hip.id=%x hip.len=%d actlen=%u pad=%d\n",
1107 	    hip->id, be16toh(hip->len), actlen, pad);
1108 
1109 	switch (hip->id & USIE_HIP_MASK) {
1110 	case USIE_HIP_SYNC2H:
1111 		usie_if_cmd(sc, USIE_HIP_SYNC2M);
1112 		break;
1113 	case USIE_HIP_RESTR:
1114 		usb_callout_stop(&sc->sc_if_sync_ch);
1115 		break;
1116 	case USIE_HIP_UMTS:
1117 		lsi = (struct usie_lsi *)(
1118 		    sc->sc_status_temp + sizeof(struct usie_hip) + pad);
1119 
1120 		DPRINTF("lsi.proto=%x lsi.len=%d\n", lsi->proto,
1121 		    be16toh(lsi->len));
1122 
1123 		if (lsi->proto != USIE_LSI_UMTS)
1124 			break;
1125 
1126 		if (lsi->area == USIE_LSI_AREA_NO ||
1127 		    lsi->area == USIE_LSI_AREA_NODATA) {
1128 			device_printf(sc->sc_dev, "no service available\n");
1129 			break;
1130 		}
1131 		if (lsi->state == USIE_LSI_STATE_IDLE) {
1132 			DPRINTF("lsi.state=%x\n", lsi->state);
1133 			break;
1134 		}
1135 		DPRINTF("ctx=%x\n", hip->param);
1136 		sc->sc_txd.hip.param = hip->param;
1137 
1138 		sc->sc_net.addr_len = lsi->pdp_addr_len;
1139 		memcpy(&sc->sc_net.dns1_addr, &lsi->dns1_addr, 16);
1140 		memcpy(&sc->sc_net.dns2_addr, &lsi->dns2_addr, 16);
1141 		memcpy(sc->sc_net.pdp_addr, lsi->pdp_addr, 16);
1142 		memcpy(sc->sc_net.gw_addr, lsi->gw_addr, 16);
1143 		if_setflagbits(ifp, IFF_UP, 0);
1144 		if_setdrvflagbits(ifp, IFF_DRV_RUNNING, 0);
1145 
1146 		device_printf(sc->sc_dev, "IP Addr=%d.%d.%d.%d\n",
1147 		    *lsi->pdp_addr, *(lsi->pdp_addr + 1),
1148 		    *(lsi->pdp_addr + 2), *(lsi->pdp_addr + 3));
1149 		device_printf(sc->sc_dev, "Gateway Addr=%d.%d.%d.%d\n",
1150 		    *lsi->gw_addr, *(lsi->gw_addr + 1),
1151 		    *(lsi->gw_addr + 2), *(lsi->gw_addr + 3));
1152 		device_printf(sc->sc_dev, "Prim NS Addr=%d.%d.%d.%d\n",
1153 		    *lsi->dns1_addr, *(lsi->dns1_addr + 1),
1154 		    *(lsi->dns1_addr + 2), *(lsi->dns1_addr + 3));
1155 		device_printf(sc->sc_dev, "Scnd NS Addr=%d.%d.%d.%d\n",
1156 		    *lsi->dns2_addr, *(lsi->dns2_addr + 1),
1157 		    *(lsi->dns2_addr + 2), *(lsi->dns2_addr + 3));
1158 
1159 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1160 		break;
1161 
1162 	case USIE_HIP_RCGI:
1163 		/* ignore, workaround for sloppy windows */
1164 		break;
1165 	default:
1166 		DPRINTF("undefined msgid: %x\n", hip->id);
1167 		break;
1168 	}
1169 
1170 	mtx_unlock(&sc->sc_mtx);
1171 }
1172 
1173 static void
1174 usie_if_start(if_t ifp)
1175 {
1176 	struct usie_softc *sc = if_getsoftc(ifp);
1177 
1178 	if (!(if_getdrvflags(ifp) & IFF_DRV_RUNNING)) {
1179 		DPRINTF("Not running\n");
1180 		return;
1181 	}
1182 	mtx_lock(&sc->sc_mtx);
1183 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_TX]);
1184 	mtx_unlock(&sc->sc_mtx);
1185 
1186 	DPRINTFN(3, "interface started\n");
1187 }
1188 
1189 static int
1190 usie_if_output(if_t ifp, struct mbuf *m, const struct sockaddr *dst,
1191     struct route *ro)
1192 {
1193 	int err;
1194 
1195 	DPRINTF("proto=%x\n", dst->sa_family);
1196 
1197 	switch (dst->sa_family) {
1198 #ifdef INET6
1199 	case AF_INET6;
1200 	/* fall though */
1201 #endif
1202 	case AF_INET:
1203 		break;
1204 
1205 		/* silently drop dhclient packets */
1206 	case AF_UNSPEC:
1207 		m_freem(m);
1208 		return (0);
1209 
1210 		/* drop other packet types */
1211 	default:
1212 		m_freem(m);
1213 		return (EAFNOSUPPORT);
1214 	}
1215 
1216 	err = if_transmit(ifp, m);
1217 	if (err) {
1218 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1219 		return (ENOBUFS);
1220 	}
1221 	if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
1222 
1223 	return (0);
1224 }
1225 
1226 static void
1227 usie_if_init(void *arg)
1228 {
1229 	struct usie_softc *sc = arg;
1230 	if_t ifp = sc->sc_ifp;
1231 	uint8_t i;
1232 
1233 	mtx_lock(&sc->sc_mtx);
1234 
1235 	/* write tx descriptor */
1236 	sc->sc_txd.hip.id = USIE_HIP_CTX;
1237 	sc->sc_txd.hip.param = 0;	/* init value */
1238 	sc->sc_txd.desc_type = htobe16(USIE_IP_TX);
1239 
1240 	for (i = 0; i != USIE_IF_N_XFER; i++)
1241 		usbd_xfer_set_stall(sc->sc_if_xfer[i]);
1242 
1243 	usbd_transfer_start(sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_RX]);
1244 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_STATUS]);
1245 	usbd_transfer_start(sc->sc_if_xfer[USIE_IF_RX]);
1246 
1247 	/* if not running, initiate the modem */
1248 	if (!(if_getdrvflags(ifp) & IFF_DRV_RUNNING))
1249 		usie_cns_req(sc, USIE_CNS_ID_INIT, USIE_CNS_OB_LINK_UPDATE);
1250 
1251 	mtx_unlock(&sc->sc_mtx);
1252 
1253 	DPRINTF("ifnet initialized\n");
1254 }
1255 
1256 static void
1257 usie_if_stop(struct usie_softc *sc)
1258 {
1259 	usb_callout_drain(&sc->sc_if_sync_ch);
1260 
1261 	mtx_lock(&sc->sc_mtx);
1262 
1263 	/* usie_cns_req() clears IFF_* flags */
1264 	usie_cns_req(sc, USIE_CNS_ID_STOP, USIE_CNS_OB_LINK_UPDATE);
1265 
1266 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_TX]);
1267 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_RX]);
1268 	usbd_transfer_stop(sc->sc_if_xfer[USIE_IF_STATUS]);
1269 
1270 	/* shutdown device */
1271 	usie_if_cmd(sc, USIE_HIP_DOWN);
1272 
1273 	mtx_unlock(&sc->sc_mtx);
1274 }
1275 
1276 static int
1277 usie_if_ioctl(if_t ifp, u_long cmd, caddr_t data)
1278 {
1279 	struct usie_softc *sc = if_getsoftc(ifp);
1280 	struct ieee80211req *ireq;
1281 	struct ieee80211req_sta_info si;
1282 	struct ifmediareq *ifmr;
1283 
1284 	switch (cmd) {
1285 	case SIOCSIFFLAGS:
1286 		if (if_getflags(ifp) & IFF_UP) {
1287 			if (!(if_getdrvflags(ifp) & IFF_DRV_RUNNING))
1288 				usie_if_init(sc);
1289 		} else {
1290 			if (if_getdrvflags(ifp) & IFF_DRV_RUNNING)
1291 				usie_if_stop(sc);
1292 		}
1293 		break;
1294 
1295 	case SIOCSIFCAP:
1296 		if (!(if_getdrvflags(ifp) & IFF_DRV_RUNNING)) {
1297 			device_printf(sc->sc_dev,
1298 			    "Connect to the network first.\n");
1299 			break;
1300 		}
1301 		mtx_lock(&sc->sc_mtx);
1302 		usie_cns_req(sc, USIE_CNS_ID_RSSI, USIE_CNS_OB_RSSI);
1303 		mtx_unlock(&sc->sc_mtx);
1304 		break;
1305 
1306 	case SIOCG80211:
1307 		ireq = (struct ieee80211req *)data;
1308 
1309 		if (ireq->i_type != IEEE80211_IOC_STA_INFO)
1310 			break;
1311 
1312 		memset(&si, 0, sizeof(si));
1313 		si.isi_len = sizeof(si);
1314 		/*
1315 		 * ifconfig expects RSSI in 0.5dBm units
1316 		 * relative to the noise floor.
1317 		 */
1318 		si.isi_rssi = 2 * sc->sc_rssi;
1319 		if (copyout(&si, (uint8_t *)ireq->i_data + 8,
1320 		    sizeof(struct ieee80211req_sta_info)))
1321 			DPRINTF("copyout failed\n");
1322 		DPRINTF("80211\n");
1323 		break;
1324 
1325 	case SIOCGIFMEDIA:		/* to fool ifconfig */
1326 		ifmr = (struct ifmediareq *)data;
1327 		ifmr->ifm_count = 1;
1328 		DPRINTF("media\n");
1329 		break;
1330 
1331 	case SIOCSIFADDR:
1332 		break;
1333 
1334 	default:
1335 		return (EINVAL);
1336 	}
1337 	return (0);
1338 }
1339 
1340 static int
1341 usie_do_request(struct usie_softc *sc, struct usb_device_request *req,
1342     void *data)
1343 {
1344 	int err = 0;
1345 	int ntries;
1346 
1347 	mtx_assert(&sc->sc_mtx, MA_OWNED);
1348 
1349 	for (ntries = 0; ntries != 10; ntries++) {
1350 		err = usbd_do_request(sc->sc_udev,
1351 		    &sc->sc_mtx, req, data);
1352 		if (err == 0)
1353 			break;
1354 
1355 		DPRINTF("Control request failed: %s %d/10\n",
1356 		    usbd_errstr(err), ntries);
1357 
1358 		usb_pause_mtx(&sc->sc_mtx, USB_MS_TO_TICKS(10));
1359 	}
1360 	return (err);
1361 }
1362 
1363 static int
1364 usie_if_cmd(struct usie_softc *sc, uint8_t cmd)
1365 {
1366 	struct usb_device_request req;
1367 	struct usie_hip msg;
1368 
1369 	msg.len = 0;
1370 	msg.id = cmd;
1371 	msg.param = 0;
1372 
1373 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1374 	req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND;
1375 	USETW(req.wValue, 0);
1376 	USETW(req.wIndex, sc->sc_if_ifnum);
1377 	USETW(req.wLength, sizeof(msg));
1378 
1379 	DPRINTF("cmd=%x\n", cmd);
1380 
1381 	return (usie_do_request(sc, &req, &msg));
1382 }
1383 
1384 static void
1385 usie_cns_req(struct usie_softc *sc, uint32_t id, uint16_t obj)
1386 {
1387 	if_t ifp = sc->sc_ifp;
1388 	struct mbuf *m;
1389 	struct usb_xfer *xfer;
1390 	struct usie_hip *hip;
1391 	struct usie_cns *cns;
1392 	uint8_t *param;
1393 	uint8_t *tmp;
1394 	uint8_t cns_len;
1395 
1396 	m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1397 	if (__predict_false(m == NULL)) {
1398 		DPRINTF("could not allocate mbuf\n");
1399 		if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1400 		return;
1401 	}
1402 	/* to align usie_hip{} on 32 bit */
1403 	m->m_data += 3;
1404 	param = mtod(m, uint8_t *);
1405 	*param++ = USIE_HIP_FRM_CHR;
1406 	hip = (struct usie_hip *)param;
1407 	cns = (struct usie_cns *)(hip + 1);
1408 
1409 	tmp = param + USIE_HIPCNS_MIN - 2;
1410 
1411 	switch (obj) {
1412 	case USIE_CNS_OB_LINK_UPDATE:
1413 		cns_len = 2;
1414 		cns->op = USIE_CNS_OP_SET;
1415 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1416 		*tmp++ = id == USIE_CNS_ID_INIT ? 1 : 0;
1417 		break;
1418 
1419 	case USIE_CNS_OB_PROF_WRITE:
1420 		cns_len = 245;
1421 		cns->op = USIE_CNS_OP_SET;
1422 		*tmp++ = 1;		/* profile ID, always use 1 for now */
1423 		*tmp++ = 2;
1424 		memcpy(tmp, &sc->sc_net, 34);
1425 		memset(tmp + 35, 0, 245 - 36);
1426 		tmp += 243;
1427 		break;
1428 
1429 	case USIE_CNS_OB_RSSI:
1430 		cns_len = 0;
1431 		cns->op = USIE_CNS_OP_REQ;
1432 		break;
1433 
1434 	default:
1435 		DPRINTF("unsupported CnS object type\n");
1436 		return;
1437 	}
1438 	*tmp = USIE_HIP_FRM_CHR;
1439 
1440 	hip->len = htobe16(sizeof(struct usie_cns) + cns_len);
1441 	hip->id = USIE_HIP_CNS2M;
1442 	hip->param = 0;			/* none for CnS */
1443 
1444 	cns->obj = htobe16(obj);
1445 	cns->id = htobe32(id);
1446 	cns->len = cns_len;
1447 	cns->rsv0 = cns->rsv1 = 0;	/* always '0' */
1448 
1449 	param = (uint8_t *)(cns + 1);
1450 
1451 	DPRINTF("param: %16D\n", param, ":");
1452 
1453 	m->m_pkthdr.len = m->m_len = USIE_HIPCNS_MIN + cns_len + 2;
1454 
1455 	xfer = sc->sc_uc_xfer[USIE_HIP_IF][USIE_UC_TX];
1456 
1457 	if (usbd_xfer_get_priv(xfer) == NULL) {
1458 		usbd_xfer_set_priv(xfer, m);
1459 		usbd_transfer_start(xfer);
1460 	} else {
1461 		DPRINTF("Dropped CNS event\n");
1462 		m_freem(m);
1463 	}
1464 }
1465 
1466 static void
1467 usie_cns_rsp(struct usie_softc *sc, struct usie_cns *cns)
1468 {
1469 	if_t ifp = sc->sc_ifp;
1470 
1471 	DPRINTF("received CnS\n");
1472 
1473 	switch (be16toh(cns->obj)) {
1474 	case USIE_CNS_OB_LINK_UPDATE:
1475 		if (be32toh(cns->id) & USIE_CNS_ID_INIT)
1476 			usie_if_sync_to(sc);
1477 		else if (be32toh(cns->id) & USIE_CNS_ID_STOP) {
1478 			if_setflagbits(ifp, 0, IFF_UP);
1479 			if_setdrvflagbits(ifp, 0,
1480 			    IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
1481 		} else
1482 			DPRINTF("undefined link update\n");
1483 		break;
1484 
1485 	case USIE_CNS_OB_RSSI:
1486 		sc->sc_rssi = be16toh(*(int16_t *)(cns + 1));
1487 		if (sc->sc_rssi <= 0)
1488 			device_printf(sc->sc_dev, "No signal\n");
1489 		else {
1490 			device_printf(sc->sc_dev, "RSSI=%ddBm\n",
1491 			    sc->sc_rssi - 110);
1492 		}
1493 		break;
1494 
1495 	case USIE_CNS_OB_PROF_WRITE:
1496 		break;
1497 
1498 	case USIE_CNS_OB_PDP_READ:
1499 		break;
1500 
1501 	default:
1502 		DPRINTF("undefined CnS\n");
1503 		break;
1504 	}
1505 }
1506 
1507 static void
1508 usie_hip_rsp(struct usie_softc *sc, uint8_t *rsp, uint32_t len)
1509 {
1510 	struct usie_hip *hip;
1511 	struct usie_cns *cns;
1512 	uint32_t i;
1513 	uint32_t j;
1514 	uint32_t off;
1515 	uint8_t tmp[USIE_HIPCNS_MAX] __aligned(4);
1516 
1517 	for (off = 0; (off + USIE_HIPCNS_MIN) <= len; off++) {
1518 		uint8_t pad;
1519 
1520 		while ((off < len) && (rsp[off] == USIE_HIP_FRM_CHR))
1521 			off++;
1522 
1523 		/* Unstuff the bytes */
1524 		for (i = j = 0; ((i + off) < len) &&
1525 		    (j < USIE_HIPCNS_MAX); i++) {
1526 			if (rsp[i + off] == USIE_HIP_FRM_CHR)
1527 				break;
1528 
1529 			if (rsp[i + off] == USIE_HIP_ESC_CHR) {
1530 				if ((i + off + 1) >= len)
1531 					break;
1532 				tmp[j++] = rsp[i++ + off + 1] ^ 0x20;
1533 			} else {
1534 				tmp[j++] = rsp[i + off];
1535 			}
1536 		}
1537 
1538 		off += i;
1539 
1540 		DPRINTF("frame len=%d\n", j);
1541 
1542 		if (j < sizeof(struct usie_hip)) {
1543 			DPRINTF("too little data\n");
1544 			break;
1545 		}
1546 		/*
1547 		 * Make sure we are not reading the stack if something
1548 		 * is wrong.
1549 		 */
1550 		memset(tmp + j, 0, sizeof(tmp) - j);
1551 
1552 		hip = (struct usie_hip *)tmp;
1553 
1554 		DPRINTF("hip: len=%d msgID=%02x, param=%02x\n",
1555 		    be16toh(hip->len), hip->id, hip->param);
1556 
1557 		pad = (hip->id & USIE_HIP_PAD) ? 1 : 0;
1558 
1559 		if ((hip->id & USIE_HIP_MASK) == USIE_HIP_CNS2H) {
1560 			cns = (struct usie_cns *)(((uint8_t *)(hip + 1)) + pad);
1561 
1562 			if (j < (sizeof(struct usie_cns) +
1563 			    sizeof(struct usie_hip) + pad)) {
1564 				DPRINTF("too little data\n");
1565 				break;
1566 			}
1567 			DPRINTF("cns: obj=%04x, op=%02x, rsv0=%02x, "
1568 			    "app=%08x, rsv1=%02x, len=%d\n",
1569 			    be16toh(cns->obj), cns->op, cns->rsv0,
1570 			    be32toh(cns->id), cns->rsv1, cns->len);
1571 
1572 			if (cns->op & USIE_CNS_OP_ERR)
1573 				DPRINTF("CnS error response\n");
1574 			else
1575 				usie_cns_rsp(sc, cns);
1576 
1577 			i = sizeof(struct usie_hip) + pad + sizeof(struct usie_cns);
1578 			j = cns->len;
1579 		} else {
1580 			i = sizeof(struct usie_hip) + pad;
1581 			j = be16toh(hip->len);
1582 		}
1583 #ifdef	USB_DEBUG
1584 		if (usie_debug == 0)
1585 			continue;
1586 
1587 		while (i < USIE_HIPCNS_MAX && j > 0) {
1588 			DPRINTF("param[0x%02x] = 0x%02x\n", i, tmp[i]);
1589 			i++;
1590 			j--;
1591 		}
1592 #endif
1593 	}
1594 }
1595 
1596 static int
1597 usie_driver_loaded(struct module *mod, int what, void *arg)
1598 {
1599 	switch (what) {
1600 	case MOD_LOAD:
1601 		/* register autoinstall handler */
1602 		usie_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
1603 		    usie_autoinst, NULL, EVENTHANDLER_PRI_ANY);
1604 		break;
1605 	case MOD_UNLOAD:
1606 		EVENTHANDLER_DEREGISTER(usb_dev_configured, usie_etag);
1607 		break;
1608 	default:
1609 		return (EOPNOTSUPP);
1610 	}
1611 	return (0);
1612 }
1613