xref: /freebsd/sys/dev/usb/wlan/if_zyd.c (revision 0f2bd1e89db1a2f09268edea21e0ead329e092df)
1 /*	$OpenBSD: if_zyd.c,v 1.52 2007/02/11 00:08:04 jsg Exp $	*/
2 /*	$NetBSD: if_zyd.c,v 1.7 2007/06/21 04:04:29 kiyohara Exp $	*/
3 /*	$FreeBSD$	*/
4 
5 /*-
6  * Copyright (c) 2006 by Damien Bergamini <damien.bergamini@free.fr>
7  * Copyright (c) 2006 by Florian Stoehr <ich@florian-stoehr.de>
8  *
9  * Permission to use, copy, modify, and distribute this software for any
10  * purpose with or without fee is hereby granted, provided that the above
11  * copyright notice and this permission notice appear in all copies.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20  */
21 
22 #include <sys/cdefs.h>
23 __FBSDID("$FreeBSD$");
24 
25 /*
26  * ZyDAS ZD1211/ZD1211B USB WLAN driver.
27  */
28 
29 #include <sys/param.h>
30 #include <sys/sockio.h>
31 #include <sys/sysctl.h>
32 #include <sys/lock.h>
33 #include <sys/mutex.h>
34 #include <sys/condvar.h>
35 #include <sys/mbuf.h>
36 #include <sys/kernel.h>
37 #include <sys/socket.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/module.h>
41 #include <sys/bus.h>
42 #include <sys/endian.h>
43 #include <sys/kdb.h>
44 
45 #include <machine/bus.h>
46 #include <machine/resource.h>
47 #include <sys/rman.h>
48 
49 #include <net/bpf.h>
50 #include <net/if.h>
51 #include <net/if_arp.h>
52 #include <net/ethernet.h>
53 #include <net/if_dl.h>
54 #include <net/if_media.h>
55 #include <net/if_types.h>
56 
57 #ifdef INET
58 #include <netinet/in.h>
59 #include <netinet/in_systm.h>
60 #include <netinet/in_var.h>
61 #include <netinet/if_ether.h>
62 #include <netinet/ip.h>
63 #endif
64 
65 #include <net80211/ieee80211_var.h>
66 #include <net80211/ieee80211_regdomain.h>
67 #include <net80211/ieee80211_radiotap.h>
68 #include <net80211/ieee80211_ratectl.h>
69 
70 #include <dev/usb/usb.h>
71 #include <dev/usb/usbdi.h>
72 #include <dev/usb/usbdi_util.h>
73 #include "usbdevs.h"
74 
75 #include <dev/usb/wlan/if_zydreg.h>
76 #include <dev/usb/wlan/if_zydfw.h>
77 
78 #ifdef USB_DEBUG
79 static int zyd_debug = 0;
80 
81 SYSCTL_NODE(_hw_usb, OID_AUTO, zyd, CTLFLAG_RW, 0, "USB zyd");
82 SYSCTL_INT(_hw_usb_zyd, OID_AUTO, debug, CTLFLAG_RW, &zyd_debug, 0,
83     "zyd debug level");
84 
85 enum {
86 	ZYD_DEBUG_XMIT		= 0x00000001,	/* basic xmit operation */
87 	ZYD_DEBUG_RECV		= 0x00000002,	/* basic recv operation */
88 	ZYD_DEBUG_RESET		= 0x00000004,	/* reset processing */
89 	ZYD_DEBUG_INIT		= 0x00000008,	/* device init */
90 	ZYD_DEBUG_TX_PROC	= 0x00000010,	/* tx ISR proc */
91 	ZYD_DEBUG_RX_PROC	= 0x00000020,	/* rx ISR proc */
92 	ZYD_DEBUG_STATE		= 0x00000040,	/* 802.11 state transitions */
93 	ZYD_DEBUG_STAT		= 0x00000080,	/* statistic */
94 	ZYD_DEBUG_FW		= 0x00000100,	/* firmware */
95 	ZYD_DEBUG_CMD		= 0x00000200,	/* fw commands */
96 	ZYD_DEBUG_ANY		= 0xffffffff
97 };
98 #define	DPRINTF(sc, m, fmt, ...) do {				\
99 	if (zyd_debug & (m))					\
100 		printf("%s: " fmt, __func__, ## __VA_ARGS__);	\
101 } while (0)
102 #else
103 #define	DPRINTF(sc, m, fmt, ...) do {				\
104 	(void) sc;						\
105 } while (0)
106 #endif
107 
108 #define	zyd_do_request(sc,req,data) \
109     usbd_do_request_flags((sc)->sc_udev, &(sc)->sc_mtx, req, data, 0, NULL, 5000)
110 
111 static device_probe_t zyd_match;
112 static device_attach_t zyd_attach;
113 static device_detach_t zyd_detach;
114 
115 static usb_callback_t zyd_intr_read_callback;
116 static usb_callback_t zyd_intr_write_callback;
117 static usb_callback_t zyd_bulk_read_callback;
118 static usb_callback_t zyd_bulk_write_callback;
119 
120 static struct ieee80211vap *zyd_vap_create(struct ieee80211com *,
121 		    const char name[IFNAMSIZ], int unit, int opmode,
122 		    int flags, const uint8_t bssid[IEEE80211_ADDR_LEN],
123 		    const uint8_t mac[IEEE80211_ADDR_LEN]);
124 static void	zyd_vap_delete(struct ieee80211vap *);
125 static void	zyd_tx_free(struct zyd_tx_data *, int);
126 static void	zyd_setup_tx_list(struct zyd_softc *);
127 static void	zyd_unsetup_tx_list(struct zyd_softc *);
128 static int	zyd_newstate(struct ieee80211vap *, enum ieee80211_state, int);
129 static int	zyd_cmd(struct zyd_softc *, uint16_t, const void *, int,
130 		    void *, int, int);
131 static int	zyd_read16(struct zyd_softc *, uint16_t, uint16_t *);
132 static int	zyd_read32(struct zyd_softc *, uint16_t, uint32_t *);
133 static int	zyd_write16(struct zyd_softc *, uint16_t, uint16_t);
134 static int	zyd_write32(struct zyd_softc *, uint16_t, uint32_t);
135 static int	zyd_rfwrite(struct zyd_softc *, uint32_t);
136 static int	zyd_lock_phy(struct zyd_softc *);
137 static int	zyd_unlock_phy(struct zyd_softc *);
138 static int	zyd_rf_attach(struct zyd_softc *, uint8_t);
139 static const char *zyd_rf_name(uint8_t);
140 static int	zyd_hw_init(struct zyd_softc *);
141 static int	zyd_read_pod(struct zyd_softc *);
142 static int	zyd_read_eeprom(struct zyd_softc *);
143 static int	zyd_get_macaddr(struct zyd_softc *);
144 static int	zyd_set_macaddr(struct zyd_softc *, const uint8_t *);
145 static int	zyd_set_bssid(struct zyd_softc *, const uint8_t *);
146 static int	zyd_switch_radio(struct zyd_softc *, int);
147 static int	zyd_set_led(struct zyd_softc *, int, int);
148 static void	zyd_set_multi(struct zyd_softc *);
149 static void	zyd_update_mcast(struct ifnet *);
150 static int	zyd_set_rxfilter(struct zyd_softc *);
151 static void	zyd_set_chan(struct zyd_softc *, struct ieee80211_channel *);
152 static int	zyd_set_beacon_interval(struct zyd_softc *, int);
153 static void	zyd_rx_data(struct usb_xfer *, int, uint16_t);
154 static int	zyd_tx_start(struct zyd_softc *, struct mbuf *,
155 		    struct ieee80211_node *);
156 static void	zyd_start(struct ifnet *);
157 static int	zyd_raw_xmit(struct ieee80211_node *, struct mbuf *,
158 		    const struct ieee80211_bpf_params *);
159 static int	zyd_ioctl(struct ifnet *, u_long, caddr_t);
160 static void	zyd_init_locked(struct zyd_softc *);
161 static void	zyd_init(void *);
162 static void	zyd_stop(struct zyd_softc *);
163 static int	zyd_loadfirmware(struct zyd_softc *);
164 static void	zyd_scan_start(struct ieee80211com *);
165 static void	zyd_scan_end(struct ieee80211com *);
166 static void	zyd_set_channel(struct ieee80211com *);
167 static int	zyd_rfmd_init(struct zyd_rf *);
168 static int	zyd_rfmd_switch_radio(struct zyd_rf *, int);
169 static int	zyd_rfmd_set_channel(struct zyd_rf *, uint8_t);
170 static int	zyd_al2230_init(struct zyd_rf *);
171 static int	zyd_al2230_switch_radio(struct zyd_rf *, int);
172 static int	zyd_al2230_set_channel(struct zyd_rf *, uint8_t);
173 static int	zyd_al2230_set_channel_b(struct zyd_rf *, uint8_t);
174 static int	zyd_al2230_init_b(struct zyd_rf *);
175 static int	zyd_al7230B_init(struct zyd_rf *);
176 static int	zyd_al7230B_switch_radio(struct zyd_rf *, int);
177 static int	zyd_al7230B_set_channel(struct zyd_rf *, uint8_t);
178 static int	zyd_al2210_init(struct zyd_rf *);
179 static int	zyd_al2210_switch_radio(struct zyd_rf *, int);
180 static int	zyd_al2210_set_channel(struct zyd_rf *, uint8_t);
181 static int	zyd_gct_init(struct zyd_rf *);
182 static int	zyd_gct_switch_radio(struct zyd_rf *, int);
183 static int	zyd_gct_set_channel(struct zyd_rf *, uint8_t);
184 static int	zyd_gct_mode(struct zyd_rf *);
185 static int	zyd_gct_set_channel_synth(struct zyd_rf *, int, int);
186 static int	zyd_gct_write(struct zyd_rf *, uint16_t);
187 static int	zyd_gct_txgain(struct zyd_rf *, uint8_t);
188 static int	zyd_maxim2_init(struct zyd_rf *);
189 static int	zyd_maxim2_switch_radio(struct zyd_rf *, int);
190 static int	zyd_maxim2_set_channel(struct zyd_rf *, uint8_t);
191 
192 static const struct zyd_phy_pair zyd_def_phy[] = ZYD_DEF_PHY;
193 static const struct zyd_phy_pair zyd_def_phyB[] = ZYD_DEF_PHYB;
194 
195 /* various supported device vendors/products */
196 #define ZYD_ZD1211	0
197 #define ZYD_ZD1211B	1
198 
199 #define	ZYD_ZD1211_DEV(v,p)	\
200 	{ USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, ZYD_ZD1211) }
201 #define	ZYD_ZD1211B_DEV(v,p)	\
202 	{ USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, ZYD_ZD1211B) }
203 static const struct usb_device_id zyd_devs[] = {
204 	/* ZYD_ZD1211 */
205 	ZYD_ZD1211_DEV(3COM2, 3CRUSB10075),
206 	ZYD_ZD1211_DEV(ABOCOM, WL54),
207 	ZYD_ZD1211_DEV(ASUS, WL159G),
208 	ZYD_ZD1211_DEV(CYBERTAN, TG54USB),
209 	ZYD_ZD1211_DEV(DRAYTEK, VIGOR550),
210 	ZYD_ZD1211_DEV(PLANEX2, GWUS54GD),
211 	ZYD_ZD1211_DEV(PLANEX2, GWUS54GZL),
212 	ZYD_ZD1211_DEV(PLANEX3, GWUS54GZ),
213 	ZYD_ZD1211_DEV(PLANEX3, GWUS54MINI),
214 	ZYD_ZD1211_DEV(SAGEM, XG760A),
215 	ZYD_ZD1211_DEV(SENAO, NUB8301),
216 	ZYD_ZD1211_DEV(SITECOMEU, WL113),
217 	ZYD_ZD1211_DEV(SWEEX, ZD1211),
218 	ZYD_ZD1211_DEV(TEKRAM, QUICKWLAN),
219 	ZYD_ZD1211_DEV(TEKRAM, ZD1211_1),
220 	ZYD_ZD1211_DEV(TEKRAM, ZD1211_2),
221 	ZYD_ZD1211_DEV(TWINMOS, G240),
222 	ZYD_ZD1211_DEV(UMEDIA, ALL0298V2),
223 	ZYD_ZD1211_DEV(UMEDIA, TEW429UB_A),
224 	ZYD_ZD1211_DEV(UMEDIA, TEW429UB),
225 	ZYD_ZD1211_DEV(WISTRONNEWEB, UR055G),
226 	ZYD_ZD1211_DEV(ZCOM, ZD1211),
227 	ZYD_ZD1211_DEV(ZYDAS, ZD1211),
228 	ZYD_ZD1211_DEV(ZYXEL, AG225H),
229 	ZYD_ZD1211_DEV(ZYXEL, ZYAIRG220),
230 	ZYD_ZD1211_DEV(ZYXEL, G200V2),
231 	/* ZYD_ZD1211B */
232 	ZYD_ZD1211B_DEV(ACCTON, SMCWUSBG),
233 	ZYD_ZD1211B_DEV(ACCTON, ZD1211B),
234 	ZYD_ZD1211B_DEV(ASUS, A9T_WIFI),
235 	ZYD_ZD1211B_DEV(BELKIN, F5D7050_V4000),
236 	ZYD_ZD1211B_DEV(BELKIN, ZD1211B),
237 	ZYD_ZD1211B_DEV(CISCOLINKSYS, WUSBF54G),
238 	ZYD_ZD1211B_DEV(FIBERLINE, WL430U),
239 	ZYD_ZD1211B_DEV(MELCO, KG54L),
240 	ZYD_ZD1211B_DEV(PHILIPS, SNU5600),
241 	ZYD_ZD1211B_DEV(PLANEX2, GW_US54GXS),
242 	ZYD_ZD1211B_DEV(SAGEM, XG76NA),
243 	ZYD_ZD1211B_DEV(SITECOMEU, ZD1211B),
244 	ZYD_ZD1211B_DEV(UMEDIA, TEW429UBC1),
245 	ZYD_ZD1211B_DEV(USR, USR5423),
246 	ZYD_ZD1211B_DEV(VTECH, ZD1211B),
247 	ZYD_ZD1211B_DEV(ZCOM, ZD1211B),
248 	ZYD_ZD1211B_DEV(ZYDAS, ZD1211B),
249 	ZYD_ZD1211B_DEV(ZYXEL, M202),
250 	ZYD_ZD1211B_DEV(ZYXEL, G202),
251 	ZYD_ZD1211B_DEV(ZYXEL, G220V2)
252 };
253 
254 static const struct usb_config zyd_config[ZYD_N_TRANSFER] = {
255 	[ZYD_BULK_WR] = {
256 		.type = UE_BULK,
257 		.endpoint = UE_ADDR_ANY,
258 		.direction = UE_DIR_OUT,
259 		.bufsize = ZYD_MAX_TXBUFSZ,
260 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
261 		.callback = zyd_bulk_write_callback,
262 		.ep_index = 0,
263 		.timeout = 10000,	/* 10 seconds */
264 	},
265 	[ZYD_BULK_RD] = {
266 		.type = UE_BULK,
267 		.endpoint = UE_ADDR_ANY,
268 		.direction = UE_DIR_IN,
269 		.bufsize = ZYX_MAX_RXBUFSZ,
270 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
271 		.callback = zyd_bulk_read_callback,
272 		.ep_index = 0,
273 	},
274 	[ZYD_INTR_WR] = {
275 		.type = UE_BULK_INTR,
276 		.endpoint = UE_ADDR_ANY,
277 		.direction = UE_DIR_OUT,
278 		.bufsize = sizeof(struct zyd_cmd),
279 		.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
280 		.callback = zyd_intr_write_callback,
281 		.timeout = 1000,	/* 1 second */
282 		.ep_index = 1,
283 	},
284 	[ZYD_INTR_RD] = {
285 		.type = UE_INTERRUPT,
286 		.endpoint = UE_ADDR_ANY,
287 		.direction = UE_DIR_IN,
288 		.bufsize = sizeof(struct zyd_cmd),
289 		.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
290 		.callback = zyd_intr_read_callback,
291 	},
292 };
293 #define zyd_read16_m(sc, val, data)	do {				\
294 	error = zyd_read16(sc, val, data);				\
295 	if (error != 0)							\
296 		goto fail;						\
297 } while (0)
298 #define zyd_write16_m(sc, val, data)	do {				\
299 	error = zyd_write16(sc, val, data);				\
300 	if (error != 0)							\
301 		goto fail;						\
302 } while (0)
303 #define zyd_read32_m(sc, val, data)	do {				\
304 	error = zyd_read32(sc, val, data);				\
305 	if (error != 0)							\
306 		goto fail;						\
307 } while (0)
308 #define zyd_write32_m(sc, val, data)	do {				\
309 	error = zyd_write32(sc, val, data);				\
310 	if (error != 0)							\
311 		goto fail;						\
312 } while (0)
313 
314 static int
315 zyd_match(device_t dev)
316 {
317 	struct usb_attach_arg *uaa = device_get_ivars(dev);
318 
319 	if (uaa->usb_mode != USB_MODE_HOST)
320 		return (ENXIO);
321 	if (uaa->info.bConfigIndex != ZYD_CONFIG_INDEX)
322 		return (ENXIO);
323 	if (uaa->info.bIfaceIndex != ZYD_IFACE_INDEX)
324 		return (ENXIO);
325 
326 	return (usbd_lookup_id_by_uaa(zyd_devs, sizeof(zyd_devs), uaa));
327 }
328 
329 static int
330 zyd_attach(device_t dev)
331 {
332 	struct usb_attach_arg *uaa = device_get_ivars(dev);
333 	struct zyd_softc *sc = device_get_softc(dev);
334 	struct ifnet *ifp;
335 	struct ieee80211com *ic;
336 	uint8_t iface_index, bands;
337 	int error;
338 
339 	if (uaa->info.bcdDevice < 0x4330) {
340 		device_printf(dev, "device version mismatch: 0x%X "
341 		    "(only >= 43.30 supported)\n",
342 		    uaa->info.bcdDevice);
343 		return (EINVAL);
344 	}
345 
346 	device_set_usb_desc(dev);
347 	sc->sc_dev = dev;
348 	sc->sc_udev = uaa->device;
349 	sc->sc_macrev = USB_GET_DRIVER_INFO(uaa);
350 
351 	mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
352 	    MTX_NETWORK_LOCK, MTX_DEF);
353 	STAILQ_INIT(&sc->sc_rqh);
354 
355 	iface_index = ZYD_IFACE_INDEX;
356 	error = usbd_transfer_setup(uaa->device,
357 	    &iface_index, sc->sc_xfer, zyd_config,
358 	    ZYD_N_TRANSFER, sc, &sc->sc_mtx);
359 	if (error) {
360 		device_printf(dev, "could not allocate USB transfers, "
361 		    "err=%s\n", usbd_errstr(error));
362 		goto detach;
363 	}
364 
365 	ZYD_LOCK(sc);
366 	if ((error = zyd_get_macaddr(sc)) != 0) {
367 		device_printf(sc->sc_dev, "could not read EEPROM\n");
368 		ZYD_UNLOCK(sc);
369 		goto detach;
370 	}
371 	ZYD_UNLOCK(sc);
372 
373 	ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
374 	if (ifp == NULL) {
375 		device_printf(sc->sc_dev, "can not if_alloc()\n");
376 		goto detach;
377 	}
378 	ifp->if_softc = sc;
379 	if_initname(ifp, "zyd", device_get_unit(sc->sc_dev));
380 	ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
381 	ifp->if_init = zyd_init;
382 	ifp->if_ioctl = zyd_ioctl;
383 	ifp->if_start = zyd_start;
384 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
385 	IFQ_SET_READY(&ifp->if_snd);
386 
387 	ic = ifp->if_l2com;
388 	ic->ic_ifp = ifp;
389 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
390 	ic->ic_opmode = IEEE80211_M_STA;
391 
392 	/* set device capabilities */
393 	ic->ic_caps =
394 		  IEEE80211_C_STA		/* station mode */
395 		| IEEE80211_C_MONITOR		/* monitor mode */
396 		| IEEE80211_C_SHPREAMBLE	/* short preamble supported */
397 	        | IEEE80211_C_SHSLOT		/* short slot time supported */
398 		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
399 	        | IEEE80211_C_WPA		/* 802.11i */
400 		| IEEE80211_C_RATECTL		/* use ratectl */
401 		;
402 
403 	bands = 0;
404 	setbit(&bands, IEEE80211_MODE_11B);
405 	setbit(&bands, IEEE80211_MODE_11G);
406 	ieee80211_init_channels(ic, NULL, &bands);
407 
408 	ieee80211_ifattach(ic, sc->sc_bssid);
409 	ic->ic_raw_xmit = zyd_raw_xmit;
410 	ic->ic_scan_start = zyd_scan_start;
411 	ic->ic_scan_end = zyd_scan_end;
412 	ic->ic_set_channel = zyd_set_channel;
413 
414 	ic->ic_vap_create = zyd_vap_create;
415 	ic->ic_vap_delete = zyd_vap_delete;
416 	ic->ic_update_mcast = zyd_update_mcast;
417 	ic->ic_update_promisc = zyd_update_mcast;
418 
419 	ieee80211_radiotap_attach(ic,
420 	    &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
421 		ZYD_TX_RADIOTAP_PRESENT,
422 	    &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
423 		ZYD_RX_RADIOTAP_PRESENT);
424 
425 	if (bootverbose)
426 		ieee80211_announce(ic);
427 
428 	return (0);
429 
430 detach:
431 	zyd_detach(dev);
432 	return (ENXIO);			/* failure */
433 }
434 
435 static int
436 zyd_detach(device_t dev)
437 {
438 	struct zyd_softc *sc = device_get_softc(dev);
439 	struct ifnet *ifp = sc->sc_ifp;
440 	struct ieee80211com *ic;
441 
442 	/* stop all USB transfers */
443 	usbd_transfer_unsetup(sc->sc_xfer, ZYD_N_TRANSFER);
444 
445 	/* free TX list, if any */
446 	zyd_unsetup_tx_list(sc);
447 
448 	if (ifp) {
449 		ic = ifp->if_l2com;
450 		ieee80211_ifdetach(ic);
451 		if_free(ifp);
452 	}
453 	mtx_destroy(&sc->sc_mtx);
454 
455 	return (0);
456 }
457 
458 static struct ieee80211vap *
459 zyd_vap_create(struct ieee80211com *ic,
460 	const char name[IFNAMSIZ], int unit, int opmode, int flags,
461 	const uint8_t bssid[IEEE80211_ADDR_LEN],
462 	const uint8_t mac[IEEE80211_ADDR_LEN])
463 {
464 	struct zyd_vap *zvp;
465 	struct ieee80211vap *vap;
466 
467 	if (!TAILQ_EMPTY(&ic->ic_vaps))		/* only one at a time */
468 		return (NULL);
469 	zvp = (struct zyd_vap *) malloc(sizeof(struct zyd_vap),
470 	    M_80211_VAP, M_NOWAIT | M_ZERO);
471 	if (zvp == NULL)
472 		return (NULL);
473 	vap = &zvp->vap;
474 	/* enable s/w bmiss handling for sta mode */
475 	ieee80211_vap_setup(ic, vap, name, unit, opmode,
476 	    flags | IEEE80211_CLONE_NOBEACONS, bssid, mac);
477 
478 	/* override state transition machine */
479 	zvp->newstate = vap->iv_newstate;
480 	vap->iv_newstate = zyd_newstate;
481 
482 	ieee80211_ratectl_init(vap);
483 	ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
484 
485 	/* complete setup */
486 	ieee80211_vap_attach(vap, ieee80211_media_change,
487 	    ieee80211_media_status);
488 	ic->ic_opmode = opmode;
489 	return (vap);
490 }
491 
492 static void
493 zyd_vap_delete(struct ieee80211vap *vap)
494 {
495 	struct zyd_vap *zvp = ZYD_VAP(vap);
496 
497 	ieee80211_ratectl_deinit(vap);
498 	ieee80211_vap_detach(vap);
499 	free(zvp, M_80211_VAP);
500 }
501 
502 static void
503 zyd_tx_free(struct zyd_tx_data *data, int txerr)
504 {
505 	struct zyd_softc *sc = data->sc;
506 
507 	if (data->m != NULL) {
508 		if (data->m->m_flags & M_TXCB)
509 			ieee80211_process_callback(data->ni, data->m,
510 			    txerr ? ETIMEDOUT : 0);
511 		m_freem(data->m);
512 		data->m = NULL;
513 
514 		if (txerr == 0)
515 			ieee80211_ratectl_tx_complete(data->ni->ni_vap,
516 			    data->ni, IEEE80211_RATECTL_TX_SUCCESS, NULL, NULL);
517 		ieee80211_free_node(data->ni);
518 		data->ni = NULL;
519 	}
520 	STAILQ_INSERT_TAIL(&sc->tx_free, data, next);
521 	sc->tx_nfree++;
522 }
523 
524 static void
525 zyd_setup_tx_list(struct zyd_softc *sc)
526 {
527 	struct zyd_tx_data *data;
528 	int i;
529 
530 	sc->tx_nfree = 0;
531 	STAILQ_INIT(&sc->tx_q);
532 	STAILQ_INIT(&sc->tx_free);
533 
534 	for (i = 0; i < ZYD_TX_LIST_CNT; i++) {
535 		data = &sc->tx_data[i];
536 
537 		data->sc = sc;
538 		STAILQ_INSERT_TAIL(&sc->tx_free, data, next);
539 		sc->tx_nfree++;
540 	}
541 }
542 
543 static void
544 zyd_unsetup_tx_list(struct zyd_softc *sc)
545 {
546 	struct zyd_tx_data *data;
547 	int i;
548 
549 	/* make sure any subsequent use of the queues will fail */
550 	sc->tx_nfree = 0;
551 	STAILQ_INIT(&sc->tx_q);
552 	STAILQ_INIT(&sc->tx_free);
553 
554 	/* free up all node references and mbufs */
555 	for (i = 0; i < ZYD_TX_LIST_CNT; i++) {
556 		data = &sc->tx_data[i];
557 
558 		if (data->m != NULL) {
559 			m_freem(data->m);
560 			data->m = NULL;
561 		}
562 		if (data->ni != NULL) {
563 			ieee80211_free_node(data->ni);
564 			data->ni = NULL;
565 		}
566 	}
567 }
568 
569 static int
570 zyd_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
571 {
572 	struct zyd_vap *zvp = ZYD_VAP(vap);
573 	struct ieee80211com *ic = vap->iv_ic;
574 	struct zyd_softc *sc = ic->ic_ifp->if_softc;
575 	struct ieee80211_node *ni;
576 	int error;
577 
578 	DPRINTF(sc, ZYD_DEBUG_STATE, "%s: %s -> %s\n", __func__,
579 	    ieee80211_state_name[vap->iv_state],
580 	    ieee80211_state_name[nstate]);
581 
582 	IEEE80211_UNLOCK(ic);
583 	ZYD_LOCK(sc);
584 	switch (nstate) {
585 	case IEEE80211_S_AUTH:
586 		zyd_set_chan(sc, ic->ic_curchan);
587 		break;
588 	case IEEE80211_S_RUN:
589 		ni = vap->iv_bss;
590 		if (vap->iv_opmode == IEEE80211_M_MONITOR)
591 			break;
592 
593 		/* turn link LED on */
594 		error = zyd_set_led(sc, ZYD_LED1, 1);
595 		if (error != 0)
596 			break;
597 
598 		/* make data LED blink upon Tx */
599 		zyd_write32_m(sc, sc->sc_fwbase + ZYD_FW_LINK_STATUS, 1);
600 
601 		IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
602 		zyd_set_bssid(sc, sc->sc_bssid);
603 		break;
604 	default:
605 		break;
606 	}
607 fail:
608 	ZYD_UNLOCK(sc);
609 	IEEE80211_LOCK(ic);
610 	return (zvp->newstate(vap, nstate, arg));
611 }
612 
613 /*
614  * Callback handler for interrupt transfer
615  */
616 static void
617 zyd_intr_read_callback(struct usb_xfer *xfer, usb_error_t error)
618 {
619 	struct zyd_softc *sc = usbd_xfer_softc(xfer);
620 	struct ifnet *ifp = sc->sc_ifp;
621 	struct ieee80211com *ic = ifp->if_l2com;
622 	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
623 	struct ieee80211_node *ni;
624 	struct zyd_cmd *cmd = &sc->sc_ibuf;
625 	struct usb_page_cache *pc;
626 	int datalen;
627 	int actlen;
628 
629 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
630 
631 	switch (USB_GET_STATE(xfer)) {
632 	case USB_ST_TRANSFERRED:
633 		pc = usbd_xfer_get_frame(xfer, 0);
634 		usbd_copy_out(pc, 0, cmd, sizeof(*cmd));
635 
636 		switch (le16toh(cmd->code)) {
637 		case ZYD_NOTIF_RETRYSTATUS:
638 		{
639 			struct zyd_notif_retry *retry =
640 			    (struct zyd_notif_retry *)cmd->data;
641 
642 			DPRINTF(sc, ZYD_DEBUG_TX_PROC,
643 			    "retry intr: rate=0x%x addr=%s count=%d (0x%x)\n",
644 			    le16toh(retry->rate), ether_sprintf(retry->macaddr),
645 			    le16toh(retry->count)&0xff, le16toh(retry->count));
646 
647 			/*
648 			 * Find the node to which the packet was sent and
649 			 * update its retry statistics.  In BSS mode, this node
650 			 * is the AP we're associated to so no lookup is
651 			 * actually needed.
652 			 */
653 			ni = ieee80211_find_txnode(vap, retry->macaddr);
654 			if (ni != NULL) {
655 				int retrycnt =
656 				    (int)(le16toh(retry->count) & 0xff);
657 
658 				ieee80211_ratectl_tx_complete(vap, ni,
659 				    IEEE80211_RATECTL_TX_FAILURE,
660 				    &retrycnt, NULL);
661 				ieee80211_free_node(ni);
662 			}
663 			if (le16toh(retry->count) & 0x100)
664 				ifp->if_oerrors++;	/* too many retries */
665 			break;
666 		}
667 		case ZYD_NOTIF_IORD:
668 		{
669 			struct zyd_rq *rqp;
670 
671 			if (le16toh(*(uint16_t *)cmd->data) == ZYD_CR_INTERRUPT)
672 				break;	/* HMAC interrupt */
673 
674 			datalen = actlen - sizeof(cmd->code);
675 			datalen -= 2;	/* XXX: padding? */
676 
677 			STAILQ_FOREACH(rqp, &sc->sc_rqh, rq) {
678 				int i, cnt;
679 
680 				if (rqp->olen != datalen)
681 					continue;
682 				cnt = rqp->olen / sizeof(struct zyd_pair);
683 				for (i = 0; i < cnt; i++) {
684 					if (*(((const uint16_t *)rqp->idata) + i) !=
685 					    (((struct zyd_pair *)cmd->data) + i)->reg)
686 						break;
687 				}
688 				if (i != cnt)
689 					continue;
690 				/* copy answer into caller-supplied buffer */
691 				bcopy(cmd->data, rqp->odata, rqp->olen);
692 				DPRINTF(sc, ZYD_DEBUG_CMD,
693 				    "command %p complete, data = %*D \n",
694 				    rqp, rqp->olen, rqp->odata, ":");
695 				wakeup(rqp);	/* wakeup caller */
696 				break;
697 			}
698 			if (rqp == NULL) {
699 				device_printf(sc->sc_dev,
700 				    "unexpected IORD notification %*D\n",
701 				    datalen, cmd->data, ":");
702 			}
703 			break;
704 		}
705 		default:
706 			device_printf(sc->sc_dev, "unknown notification %x\n",
707 			    le16toh(cmd->code));
708 		}
709 
710 		/* FALLTHROUGH */
711 	case USB_ST_SETUP:
712 tr_setup:
713 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
714 		usbd_transfer_submit(xfer);
715 		break;
716 
717 	default:			/* Error */
718 		DPRINTF(sc, ZYD_DEBUG_CMD, "error = %s\n",
719 		    usbd_errstr(error));
720 
721 		if (error != USB_ERR_CANCELLED) {
722 			/* try to clear stall first */
723 			usbd_xfer_set_stall(xfer);
724 			goto tr_setup;
725 		}
726 		break;
727 	}
728 }
729 
730 static void
731 zyd_intr_write_callback(struct usb_xfer *xfer, usb_error_t error)
732 {
733 	struct zyd_softc *sc = usbd_xfer_softc(xfer);
734 	struct zyd_rq *rqp, *cmd;
735 	struct usb_page_cache *pc;
736 
737 	switch (USB_GET_STATE(xfer)) {
738 	case USB_ST_TRANSFERRED:
739 		cmd = usbd_xfer_get_priv(xfer);
740 		DPRINTF(sc, ZYD_DEBUG_CMD, "command %p transferred\n", cmd);
741 		STAILQ_FOREACH(rqp, &sc->sc_rqh, rq) {
742 			/* Ensure the cached rq pointer is still valid */
743 			if (rqp == cmd &&
744 			    (rqp->flags & ZYD_CMD_FLAG_READ) == 0)
745 				wakeup(rqp);	/* wakeup caller */
746 		}
747 
748 		/* FALLTHROUGH */
749 	case USB_ST_SETUP:
750 tr_setup:
751 		STAILQ_FOREACH(rqp, &sc->sc_rqh, rq) {
752 			if (rqp->flags & ZYD_CMD_FLAG_SENT)
753 				continue;
754 
755 			pc = usbd_xfer_get_frame(xfer, 0);
756 			usbd_copy_in(pc, 0, rqp->cmd, rqp->ilen);
757 
758 			usbd_xfer_set_frame_len(xfer, 0, rqp->ilen);
759 			usbd_xfer_set_priv(xfer, rqp);
760 			rqp->flags |= ZYD_CMD_FLAG_SENT;
761 			usbd_transfer_submit(xfer);
762 			break;
763 		}
764 		break;
765 
766 	default:			/* Error */
767 		DPRINTF(sc, ZYD_DEBUG_ANY, "error = %s\n",
768 		    usbd_errstr(error));
769 
770 		if (error != USB_ERR_CANCELLED) {
771 			/* try to clear stall first */
772 			usbd_xfer_set_stall(xfer);
773 			goto tr_setup;
774 		}
775 		break;
776 	}
777 }
778 
779 static int
780 zyd_cmd(struct zyd_softc *sc, uint16_t code, const void *idata, int ilen,
781     void *odata, int olen, int flags)
782 {
783 	struct zyd_cmd cmd;
784 	struct zyd_rq rq;
785 	int error;
786 
787 	if (ilen > sizeof(cmd.data))
788 		return (EINVAL);
789 
790 	cmd.code = htole16(code);
791 	bcopy(idata, cmd.data, ilen);
792 	DPRINTF(sc, ZYD_DEBUG_CMD, "sending cmd %p = %*D\n",
793 	    &rq, ilen, idata, ":");
794 
795 	rq.cmd = &cmd;
796 	rq.idata = idata;
797 	rq.odata = odata;
798 	rq.ilen = sizeof(uint16_t) + ilen;
799 	rq.olen = olen;
800 	rq.flags = flags;
801 	STAILQ_INSERT_TAIL(&sc->sc_rqh, &rq, rq);
802 	usbd_transfer_start(sc->sc_xfer[ZYD_INTR_RD]);
803 	usbd_transfer_start(sc->sc_xfer[ZYD_INTR_WR]);
804 
805 	/* wait at most one second for command reply */
806 	error = mtx_sleep(&rq, &sc->sc_mtx, 0 , "zydcmd", hz);
807 	if (error)
808 		device_printf(sc->sc_dev, "command timeout\n");
809 	STAILQ_REMOVE(&sc->sc_rqh, &rq, zyd_rq, rq);
810 	DPRINTF(sc, ZYD_DEBUG_CMD, "finsihed cmd %p, error = %d \n",
811 	    &rq, error);
812 
813 	return (error);
814 }
815 
816 static int
817 zyd_read16(struct zyd_softc *sc, uint16_t reg, uint16_t *val)
818 {
819 	struct zyd_pair tmp;
820 	int error;
821 
822 	reg = htole16(reg);
823 	error = zyd_cmd(sc, ZYD_CMD_IORD, &reg, sizeof(reg), &tmp, sizeof(tmp),
824 	    ZYD_CMD_FLAG_READ);
825 	if (error == 0)
826 		*val = le16toh(tmp.val);
827 	return (error);
828 }
829 
830 static int
831 zyd_read32(struct zyd_softc *sc, uint16_t reg, uint32_t *val)
832 {
833 	struct zyd_pair tmp[2];
834 	uint16_t regs[2];
835 	int error;
836 
837 	regs[0] = htole16(ZYD_REG32_HI(reg));
838 	regs[1] = htole16(ZYD_REG32_LO(reg));
839 	error = zyd_cmd(sc, ZYD_CMD_IORD, regs, sizeof(regs), tmp, sizeof(tmp),
840 	    ZYD_CMD_FLAG_READ);
841 	if (error == 0)
842 		*val = le16toh(tmp[0].val) << 16 | le16toh(tmp[1].val);
843 	return (error);
844 }
845 
846 static int
847 zyd_write16(struct zyd_softc *sc, uint16_t reg, uint16_t val)
848 {
849 	struct zyd_pair pair;
850 
851 	pair.reg = htole16(reg);
852 	pair.val = htole16(val);
853 
854 	return zyd_cmd(sc, ZYD_CMD_IOWR, &pair, sizeof(pair), NULL, 0, 0);
855 }
856 
857 static int
858 zyd_write32(struct zyd_softc *sc, uint16_t reg, uint32_t val)
859 {
860 	struct zyd_pair pair[2];
861 
862 	pair[0].reg = htole16(ZYD_REG32_HI(reg));
863 	pair[0].val = htole16(val >> 16);
864 	pair[1].reg = htole16(ZYD_REG32_LO(reg));
865 	pair[1].val = htole16(val & 0xffff);
866 
867 	return zyd_cmd(sc, ZYD_CMD_IOWR, pair, sizeof(pair), NULL, 0, 0);
868 }
869 
870 static int
871 zyd_rfwrite(struct zyd_softc *sc, uint32_t val)
872 {
873 	struct zyd_rf *rf = &sc->sc_rf;
874 	struct zyd_rfwrite_cmd req;
875 	uint16_t cr203;
876 	int error, i;
877 
878 	zyd_read16_m(sc, ZYD_CR203, &cr203);
879 	cr203 &= ~(ZYD_RF_IF_LE | ZYD_RF_CLK | ZYD_RF_DATA);
880 
881 	req.code  = htole16(2);
882 	req.width = htole16(rf->width);
883 	for (i = 0; i < rf->width; i++) {
884 		req.bit[i] = htole16(cr203);
885 		if (val & (1 << (rf->width - 1 - i)))
886 			req.bit[i] |= htole16(ZYD_RF_DATA);
887 	}
888 	error = zyd_cmd(sc, ZYD_CMD_RFCFG, &req, 4 + 2 * rf->width, NULL, 0, 0);
889 fail:
890 	return (error);
891 }
892 
893 static int
894 zyd_rfwrite_cr(struct zyd_softc *sc, uint32_t val)
895 {
896 	int error;
897 
898 	zyd_write16_m(sc, ZYD_CR244, (val >> 16) & 0xff);
899 	zyd_write16_m(sc, ZYD_CR243, (val >>  8) & 0xff);
900 	zyd_write16_m(sc, ZYD_CR242, (val >>  0) & 0xff);
901 fail:
902 	return (error);
903 }
904 
905 static int
906 zyd_lock_phy(struct zyd_softc *sc)
907 {
908 	int error;
909 	uint32_t tmp;
910 
911 	zyd_read32_m(sc, ZYD_MAC_MISC, &tmp);
912 	tmp &= ~ZYD_UNLOCK_PHY_REGS;
913 	zyd_write32_m(sc, ZYD_MAC_MISC, tmp);
914 fail:
915 	return (error);
916 }
917 
918 static int
919 zyd_unlock_phy(struct zyd_softc *sc)
920 {
921 	int error;
922 	uint32_t tmp;
923 
924 	zyd_read32_m(sc, ZYD_MAC_MISC, &tmp);
925 	tmp |= ZYD_UNLOCK_PHY_REGS;
926 	zyd_write32_m(sc, ZYD_MAC_MISC, tmp);
927 fail:
928 	return (error);
929 }
930 
931 /*
932  * RFMD RF methods.
933  */
934 static int
935 zyd_rfmd_init(struct zyd_rf *rf)
936 {
937 #define N(a)	(sizeof(a) / sizeof((a)[0]))
938 	struct zyd_softc *sc = rf->rf_sc;
939 	static const struct zyd_phy_pair phyini[] = ZYD_RFMD_PHY;
940 	static const uint32_t rfini[] = ZYD_RFMD_RF;
941 	int i, error;
942 
943 	/* init RF-dependent PHY registers */
944 	for (i = 0; i < N(phyini); i++) {
945 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
946 	}
947 
948 	/* init RFMD radio */
949 	for (i = 0; i < N(rfini); i++) {
950 		if ((error = zyd_rfwrite(sc, rfini[i])) != 0)
951 			return (error);
952 	}
953 fail:
954 	return (error);
955 #undef N
956 }
957 
958 static int
959 zyd_rfmd_switch_radio(struct zyd_rf *rf, int on)
960 {
961 	int error;
962 	struct zyd_softc *sc = rf->rf_sc;
963 
964 	zyd_write16_m(sc, ZYD_CR10, on ? 0x89 : 0x15);
965 	zyd_write16_m(sc, ZYD_CR11, on ? 0x00 : 0x81);
966 fail:
967 	return (error);
968 }
969 
970 static int
971 zyd_rfmd_set_channel(struct zyd_rf *rf, uint8_t chan)
972 {
973 	int error;
974 	struct zyd_softc *sc = rf->rf_sc;
975 	static const struct {
976 		uint32_t	r1, r2;
977 	} rfprog[] = ZYD_RFMD_CHANTABLE;
978 
979 	error = zyd_rfwrite(sc, rfprog[chan - 1].r1);
980 	if (error != 0)
981 		goto fail;
982 	error = zyd_rfwrite(sc, rfprog[chan - 1].r2);
983 	if (error != 0)
984 		goto fail;
985 
986 fail:
987 	return (error);
988 }
989 
990 /*
991  * AL2230 RF methods.
992  */
993 static int
994 zyd_al2230_init(struct zyd_rf *rf)
995 {
996 #define N(a)	(sizeof(a) / sizeof((a)[0]))
997 	struct zyd_softc *sc = rf->rf_sc;
998 	static const struct zyd_phy_pair phyini[] = ZYD_AL2230_PHY;
999 	static const struct zyd_phy_pair phy2230s[] = ZYD_AL2230S_PHY_INIT;
1000 	static const struct zyd_phy_pair phypll[] = {
1001 		{ ZYD_CR251, 0x2f }, { ZYD_CR251, 0x3f },
1002 		{ ZYD_CR138, 0x28 }, { ZYD_CR203, 0x06 }
1003 	};
1004 	static const uint32_t rfini1[] = ZYD_AL2230_RF_PART1;
1005 	static const uint32_t rfini2[] = ZYD_AL2230_RF_PART2;
1006 	static const uint32_t rfini3[] = ZYD_AL2230_RF_PART3;
1007 	int i, error;
1008 
1009 	/* init RF-dependent PHY registers */
1010 	for (i = 0; i < N(phyini); i++)
1011 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1012 
1013 	if (sc->sc_rfrev == ZYD_RF_AL2230S || sc->sc_al2230s != 0) {
1014 		for (i = 0; i < N(phy2230s); i++)
1015 			zyd_write16_m(sc, phy2230s[i].reg, phy2230s[i].val);
1016 	}
1017 
1018 	/* init AL2230 radio */
1019 	for (i = 0; i < N(rfini1); i++) {
1020 		error = zyd_rfwrite(sc, rfini1[i]);
1021 		if (error != 0)
1022 			goto fail;
1023 	}
1024 
1025 	if (sc->sc_rfrev == ZYD_RF_AL2230S || sc->sc_al2230s != 0)
1026 		error = zyd_rfwrite(sc, 0x000824);
1027 	else
1028 		error = zyd_rfwrite(sc, 0x0005a4);
1029 	if (error != 0)
1030 		goto fail;
1031 
1032 	for (i = 0; i < N(rfini2); i++) {
1033 		error = zyd_rfwrite(sc, rfini2[i]);
1034 		if (error != 0)
1035 			goto fail;
1036 	}
1037 
1038 	for (i = 0; i < N(phypll); i++)
1039 		zyd_write16_m(sc, phypll[i].reg, phypll[i].val);
1040 
1041 	for (i = 0; i < N(rfini3); i++) {
1042 		error = zyd_rfwrite(sc, rfini3[i]);
1043 		if (error != 0)
1044 			goto fail;
1045 	}
1046 fail:
1047 	return (error);
1048 #undef N
1049 }
1050 
1051 static int
1052 zyd_al2230_fini(struct zyd_rf *rf)
1053 {
1054 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1055 	int error, i;
1056 	struct zyd_softc *sc = rf->rf_sc;
1057 	static const struct zyd_phy_pair phy[] = ZYD_AL2230_PHY_FINI_PART1;
1058 
1059 	for (i = 0; i < N(phy); i++)
1060 		zyd_write16_m(sc, phy[i].reg, phy[i].val);
1061 
1062 	if (sc->sc_newphy != 0)
1063 		zyd_write16_m(sc, ZYD_CR9, 0xe1);
1064 
1065 	zyd_write16_m(sc, ZYD_CR203, 0x6);
1066 fail:
1067 	return (error);
1068 #undef N
1069 }
1070 
1071 static int
1072 zyd_al2230_init_b(struct zyd_rf *rf)
1073 {
1074 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1075 	struct zyd_softc *sc = rf->rf_sc;
1076 	static const struct zyd_phy_pair phy1[] = ZYD_AL2230_PHY_PART1;
1077 	static const struct zyd_phy_pair phy2[] = ZYD_AL2230_PHY_PART2;
1078 	static const struct zyd_phy_pair phy3[] = ZYD_AL2230_PHY_PART3;
1079 	static const struct zyd_phy_pair phy2230s[] = ZYD_AL2230S_PHY_INIT;
1080 	static const struct zyd_phy_pair phyini[] = ZYD_AL2230_PHY_B;
1081 	static const uint32_t rfini_part1[] = ZYD_AL2230_RF_B_PART1;
1082 	static const uint32_t rfini_part2[] = ZYD_AL2230_RF_B_PART2;
1083 	static const uint32_t rfini_part3[] = ZYD_AL2230_RF_B_PART3;
1084 	static const uint32_t zyd_al2230_chtable[][3] = ZYD_AL2230_CHANTABLE;
1085 	int i, error;
1086 
1087 	for (i = 0; i < N(phy1); i++)
1088 		zyd_write16_m(sc, phy1[i].reg, phy1[i].val);
1089 
1090 	/* init RF-dependent PHY registers */
1091 	for (i = 0; i < N(phyini); i++)
1092 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1093 
1094 	if (sc->sc_rfrev == ZYD_RF_AL2230S || sc->sc_al2230s != 0) {
1095 		for (i = 0; i < N(phy2230s); i++)
1096 			zyd_write16_m(sc, phy2230s[i].reg, phy2230s[i].val);
1097 	}
1098 
1099 	for (i = 0; i < 3; i++) {
1100 		error = zyd_rfwrite_cr(sc, zyd_al2230_chtable[0][i]);
1101 		if (error != 0)
1102 			return (error);
1103 	}
1104 
1105 	for (i = 0; i < N(rfini_part1); i++) {
1106 		error = zyd_rfwrite_cr(sc, rfini_part1[i]);
1107 		if (error != 0)
1108 			return (error);
1109 	}
1110 
1111 	if (sc->sc_rfrev == ZYD_RF_AL2230S || sc->sc_al2230s != 0)
1112 		error = zyd_rfwrite(sc, 0x241000);
1113 	else
1114 		error = zyd_rfwrite(sc, 0x25a000);
1115 	if (error != 0)
1116 		goto fail;
1117 
1118 	for (i = 0; i < N(rfini_part2); i++) {
1119 		error = zyd_rfwrite_cr(sc, rfini_part2[i]);
1120 		if (error != 0)
1121 			return (error);
1122 	}
1123 
1124 	for (i = 0; i < N(phy2); i++)
1125 		zyd_write16_m(sc, phy2[i].reg, phy2[i].val);
1126 
1127 	for (i = 0; i < N(rfini_part3); i++) {
1128 		error = zyd_rfwrite_cr(sc, rfini_part3[i]);
1129 		if (error != 0)
1130 			return (error);
1131 	}
1132 
1133 	for (i = 0; i < N(phy3); i++)
1134 		zyd_write16_m(sc, phy3[i].reg, phy3[i].val);
1135 
1136 	error = zyd_al2230_fini(rf);
1137 fail:
1138 	return (error);
1139 #undef N
1140 }
1141 
1142 static int
1143 zyd_al2230_switch_radio(struct zyd_rf *rf, int on)
1144 {
1145 	struct zyd_softc *sc = rf->rf_sc;
1146 	int error, on251 = (sc->sc_macrev == ZYD_ZD1211) ? 0x3f : 0x7f;
1147 
1148 	zyd_write16_m(sc, ZYD_CR11,  on ? 0x00 : 0x04);
1149 	zyd_write16_m(sc, ZYD_CR251, on ? on251 : 0x2f);
1150 fail:
1151 	return (error);
1152 }
1153 
1154 static int
1155 zyd_al2230_set_channel(struct zyd_rf *rf, uint8_t chan)
1156 {
1157 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1158 	int error, i;
1159 	struct zyd_softc *sc = rf->rf_sc;
1160 	static const struct zyd_phy_pair phy1[] = {
1161 		{ ZYD_CR138, 0x28 }, { ZYD_CR203, 0x06 },
1162 	};
1163 	static const struct {
1164 		uint32_t	r1, r2, r3;
1165 	} rfprog[] = ZYD_AL2230_CHANTABLE;
1166 
1167 	error = zyd_rfwrite(sc, rfprog[chan - 1].r1);
1168 	if (error != 0)
1169 		goto fail;
1170 	error = zyd_rfwrite(sc, rfprog[chan - 1].r2);
1171 	if (error != 0)
1172 		goto fail;
1173 	error = zyd_rfwrite(sc, rfprog[chan - 1].r3);
1174 	if (error != 0)
1175 		goto fail;
1176 
1177 	for (i = 0; i < N(phy1); i++)
1178 		zyd_write16_m(sc, phy1[i].reg, phy1[i].val);
1179 fail:
1180 	return (error);
1181 #undef N
1182 }
1183 
1184 static int
1185 zyd_al2230_set_channel_b(struct zyd_rf *rf, uint8_t chan)
1186 {
1187 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1188 	int error, i;
1189 	struct zyd_softc *sc = rf->rf_sc;
1190 	static const struct zyd_phy_pair phy1[] = ZYD_AL2230_PHY_PART1;
1191 	static const struct {
1192 		uint32_t	r1, r2, r3;
1193 	} rfprog[] = ZYD_AL2230_CHANTABLE_B;
1194 
1195 	for (i = 0; i < N(phy1); i++)
1196 		zyd_write16_m(sc, phy1[i].reg, phy1[i].val);
1197 
1198 	error = zyd_rfwrite_cr(sc, rfprog[chan - 1].r1);
1199 	if (error != 0)
1200 		goto fail;
1201 	error = zyd_rfwrite_cr(sc, rfprog[chan - 1].r2);
1202 	if (error != 0)
1203 		goto fail;
1204 	error = zyd_rfwrite_cr(sc, rfprog[chan - 1].r3);
1205 	if (error != 0)
1206 		goto fail;
1207 	error = zyd_al2230_fini(rf);
1208 fail:
1209 	return (error);
1210 #undef N
1211 }
1212 
1213 #define	ZYD_AL2230_PHY_BANDEDGE6					\
1214 {									\
1215 	{ ZYD_CR128, 0x14 }, { ZYD_CR129, 0x12 }, { ZYD_CR130, 0x10 },	\
1216 	{ ZYD_CR47,  0x1e }						\
1217 }
1218 
1219 static int
1220 zyd_al2230_bandedge6(struct zyd_rf *rf, struct ieee80211_channel *c)
1221 {
1222 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1223 	int error = 0, i;
1224 	struct zyd_softc *sc = rf->rf_sc;
1225 	struct ifnet *ifp = sc->sc_ifp;
1226 	struct ieee80211com *ic = ifp->if_l2com;
1227 	struct zyd_phy_pair r[] = ZYD_AL2230_PHY_BANDEDGE6;
1228 	int chan = ieee80211_chan2ieee(ic, c);
1229 
1230 	if (chan == 1 || chan == 11)
1231 		r[0].val = 0x12;
1232 
1233 	for (i = 0; i < N(r); i++)
1234 		zyd_write16_m(sc, r[i].reg, r[i].val);
1235 fail:
1236 	return (error);
1237 #undef N
1238 }
1239 
1240 /*
1241  * AL7230B RF methods.
1242  */
1243 static int
1244 zyd_al7230B_init(struct zyd_rf *rf)
1245 {
1246 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1247 	struct zyd_softc *sc = rf->rf_sc;
1248 	static const struct zyd_phy_pair phyini_1[] = ZYD_AL7230B_PHY_1;
1249 	static const struct zyd_phy_pair phyini_2[] = ZYD_AL7230B_PHY_2;
1250 	static const struct zyd_phy_pair phyini_3[] = ZYD_AL7230B_PHY_3;
1251 	static const uint32_t rfini_1[] = ZYD_AL7230B_RF_1;
1252 	static const uint32_t rfini_2[] = ZYD_AL7230B_RF_2;
1253 	int i, error;
1254 
1255 	/* for AL7230B, PHY and RF need to be initialized in "phases" */
1256 
1257 	/* init RF-dependent PHY registers, part one */
1258 	for (i = 0; i < N(phyini_1); i++)
1259 		zyd_write16_m(sc, phyini_1[i].reg, phyini_1[i].val);
1260 
1261 	/* init AL7230B radio, part one */
1262 	for (i = 0; i < N(rfini_1); i++) {
1263 		if ((error = zyd_rfwrite(sc, rfini_1[i])) != 0)
1264 			return (error);
1265 	}
1266 	/* init RF-dependent PHY registers, part two */
1267 	for (i = 0; i < N(phyini_2); i++)
1268 		zyd_write16_m(sc, phyini_2[i].reg, phyini_2[i].val);
1269 
1270 	/* init AL7230B radio, part two */
1271 	for (i = 0; i < N(rfini_2); i++) {
1272 		if ((error = zyd_rfwrite(sc, rfini_2[i])) != 0)
1273 			return (error);
1274 	}
1275 	/* init RF-dependent PHY registers, part three */
1276 	for (i = 0; i < N(phyini_3); i++)
1277 		zyd_write16_m(sc, phyini_3[i].reg, phyini_3[i].val);
1278 fail:
1279 	return (error);
1280 #undef N
1281 }
1282 
1283 static int
1284 zyd_al7230B_switch_radio(struct zyd_rf *rf, int on)
1285 {
1286 	int error;
1287 	struct zyd_softc *sc = rf->rf_sc;
1288 
1289 	zyd_write16_m(sc, ZYD_CR11,  on ? 0x00 : 0x04);
1290 	zyd_write16_m(sc, ZYD_CR251, on ? 0x3f : 0x2f);
1291 fail:
1292 	return (error);
1293 }
1294 
1295 static int
1296 zyd_al7230B_set_channel(struct zyd_rf *rf, uint8_t chan)
1297 {
1298 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1299 	struct zyd_softc *sc = rf->rf_sc;
1300 	static const struct {
1301 		uint32_t	r1, r2;
1302 	} rfprog[] = ZYD_AL7230B_CHANTABLE;
1303 	static const uint32_t rfsc[] = ZYD_AL7230B_RF_SETCHANNEL;
1304 	int i, error;
1305 
1306 	zyd_write16_m(sc, ZYD_CR240, 0x57);
1307 	zyd_write16_m(sc, ZYD_CR251, 0x2f);
1308 
1309 	for (i = 0; i < N(rfsc); i++) {
1310 		if ((error = zyd_rfwrite(sc, rfsc[i])) != 0)
1311 			return (error);
1312 	}
1313 
1314 	zyd_write16_m(sc, ZYD_CR128, 0x14);
1315 	zyd_write16_m(sc, ZYD_CR129, 0x12);
1316 	zyd_write16_m(sc, ZYD_CR130, 0x10);
1317 	zyd_write16_m(sc, ZYD_CR38,  0x38);
1318 	zyd_write16_m(sc, ZYD_CR136, 0xdf);
1319 
1320 	error = zyd_rfwrite(sc, rfprog[chan - 1].r1);
1321 	if (error != 0)
1322 		goto fail;
1323 	error = zyd_rfwrite(sc, rfprog[chan - 1].r2);
1324 	if (error != 0)
1325 		goto fail;
1326 	error = zyd_rfwrite(sc, 0x3c9000);
1327 	if (error != 0)
1328 		goto fail;
1329 
1330 	zyd_write16_m(sc, ZYD_CR251, 0x3f);
1331 	zyd_write16_m(sc, ZYD_CR203, 0x06);
1332 	zyd_write16_m(sc, ZYD_CR240, 0x08);
1333 fail:
1334 	return (error);
1335 #undef N
1336 }
1337 
1338 /*
1339  * AL2210 RF methods.
1340  */
1341 static int
1342 zyd_al2210_init(struct zyd_rf *rf)
1343 {
1344 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1345 	struct zyd_softc *sc = rf->rf_sc;
1346 	static const struct zyd_phy_pair phyini[] = ZYD_AL2210_PHY;
1347 	static const uint32_t rfini[] = ZYD_AL2210_RF;
1348 	uint32_t tmp;
1349 	int i, error;
1350 
1351 	zyd_write32_m(sc, ZYD_CR18, 2);
1352 
1353 	/* init RF-dependent PHY registers */
1354 	for (i = 0; i < N(phyini); i++)
1355 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1356 
1357 	/* init AL2210 radio */
1358 	for (i = 0; i < N(rfini); i++) {
1359 		if ((error = zyd_rfwrite(sc, rfini[i])) != 0)
1360 			return (error);
1361 	}
1362 	zyd_write16_m(sc, ZYD_CR47, 0x1e);
1363 	zyd_read32_m(sc, ZYD_CR_RADIO_PD, &tmp);
1364 	zyd_write32_m(sc, ZYD_CR_RADIO_PD, tmp & ~1);
1365 	zyd_write32_m(sc, ZYD_CR_RADIO_PD, tmp | 1);
1366 	zyd_write32_m(sc, ZYD_CR_RFCFG, 0x05);
1367 	zyd_write32_m(sc, ZYD_CR_RFCFG, 0x00);
1368 	zyd_write16_m(sc, ZYD_CR47, 0x1e);
1369 	zyd_write32_m(sc, ZYD_CR18, 3);
1370 fail:
1371 	return (error);
1372 #undef N
1373 }
1374 
1375 static int
1376 zyd_al2210_switch_radio(struct zyd_rf *rf, int on)
1377 {
1378 	/* vendor driver does nothing for this RF chip */
1379 
1380 	return (0);
1381 }
1382 
1383 static int
1384 zyd_al2210_set_channel(struct zyd_rf *rf, uint8_t chan)
1385 {
1386 	int error;
1387 	struct zyd_softc *sc = rf->rf_sc;
1388 	static const uint32_t rfprog[] = ZYD_AL2210_CHANTABLE;
1389 	uint32_t tmp;
1390 
1391 	zyd_write32_m(sc, ZYD_CR18, 2);
1392 	zyd_write16_m(sc, ZYD_CR47, 0x1e);
1393 	zyd_read32_m(sc, ZYD_CR_RADIO_PD, &tmp);
1394 	zyd_write32_m(sc, ZYD_CR_RADIO_PD, tmp & ~1);
1395 	zyd_write32_m(sc, ZYD_CR_RADIO_PD, tmp | 1);
1396 	zyd_write32_m(sc, ZYD_CR_RFCFG, 0x05);
1397 	zyd_write32_m(sc, ZYD_CR_RFCFG, 0x00);
1398 	zyd_write16_m(sc, ZYD_CR47, 0x1e);
1399 
1400 	/* actually set the channel */
1401 	error = zyd_rfwrite(sc, rfprog[chan - 1]);
1402 	if (error != 0)
1403 		goto fail;
1404 
1405 	zyd_write32_m(sc, ZYD_CR18, 3);
1406 fail:
1407 	return (error);
1408 }
1409 
1410 /*
1411  * GCT RF methods.
1412  */
1413 static int
1414 zyd_gct_init(struct zyd_rf *rf)
1415 {
1416 #define	ZYD_GCT_INTR_REG	0x85c1
1417 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1418 	struct zyd_softc *sc = rf->rf_sc;
1419 	static const struct zyd_phy_pair phyini[] = ZYD_GCT_PHY;
1420 	static const uint32_t rfini[] = ZYD_GCT_RF;
1421 	static const uint16_t vco[11][7] = ZYD_GCT_VCO;
1422 	int i, idx = -1, error;
1423 	uint16_t data;
1424 
1425 	/* init RF-dependent PHY registers */
1426 	for (i = 0; i < N(phyini); i++)
1427 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1428 
1429 	/* init cgt radio */
1430 	for (i = 0; i < N(rfini); i++) {
1431 		if ((error = zyd_rfwrite(sc, rfini[i])) != 0)
1432 			return (error);
1433 	}
1434 
1435 	error = zyd_gct_mode(rf);
1436 	if (error != 0)
1437 		return (error);
1438 
1439 	for (i = 0; i < N(vco) - 1; i++) {
1440 		error = zyd_gct_set_channel_synth(rf, 1, 0);
1441 		if (error != 0)
1442 			goto fail;
1443 		error = zyd_gct_write(rf, vco[i][0]);
1444 		if (error != 0)
1445 			goto fail;
1446 		zyd_write16_m(sc, ZYD_GCT_INTR_REG, 0xf);
1447 		zyd_read16_m(sc, ZYD_GCT_INTR_REG, &data);
1448 		if ((data & 0xf) == 0) {
1449 			idx = i;
1450 			break;
1451 		}
1452 	}
1453 	if (idx == -1) {
1454 		error = zyd_gct_set_channel_synth(rf, 1, 1);
1455 		if (error != 0)
1456 			goto fail;
1457 		error = zyd_gct_write(rf, 0x6662);
1458 		if (error != 0)
1459 			goto fail;
1460 	}
1461 
1462 	rf->idx = idx;
1463 	zyd_write16_m(sc, ZYD_CR203, 0x6);
1464 fail:
1465 	return (error);
1466 #undef N
1467 #undef ZYD_GCT_INTR_REG
1468 }
1469 
1470 static int
1471 zyd_gct_mode(struct zyd_rf *rf)
1472 {
1473 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1474 	struct zyd_softc *sc = rf->rf_sc;
1475 	static const uint32_t mode[] = {
1476 		0x25f98, 0x25f9a, 0x25f94, 0x27fd4
1477 	};
1478 	int i, error;
1479 
1480 	for (i = 0; i < N(mode); i++) {
1481 		if ((error = zyd_rfwrite(sc, mode[i])) != 0)
1482 			break;
1483 	}
1484 	return (error);
1485 #undef N
1486 }
1487 
1488 static int
1489 zyd_gct_set_channel_synth(struct zyd_rf *rf, int chan, int acal)
1490 {
1491 	int error, idx = chan - 1;
1492 	struct zyd_softc *sc = rf->rf_sc;
1493 	static uint32_t acal_synth[] = ZYD_GCT_CHANNEL_ACAL;
1494 	static uint32_t std_synth[] = ZYD_GCT_CHANNEL_STD;
1495 	static uint32_t div_synth[] = ZYD_GCT_CHANNEL_DIV;
1496 
1497 	error = zyd_rfwrite(sc,
1498 	    (acal == 1) ? acal_synth[idx] : std_synth[idx]);
1499 	if (error != 0)
1500 		return (error);
1501 	return zyd_rfwrite(sc, div_synth[idx]);
1502 }
1503 
1504 static int
1505 zyd_gct_write(struct zyd_rf *rf, uint16_t value)
1506 {
1507 	struct zyd_softc *sc = rf->rf_sc;
1508 
1509 	return zyd_rfwrite(sc, 0x300000 | 0x40000 | value);
1510 }
1511 
1512 static int
1513 zyd_gct_switch_radio(struct zyd_rf *rf, int on)
1514 {
1515 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1516 	int error;
1517 	struct zyd_softc *sc = rf->rf_sc;
1518 
1519 	error = zyd_rfwrite(sc, on ? 0x25f94 : 0x25f90);
1520 	if (error != 0)
1521 		return (error);
1522 
1523 	zyd_write16_m(sc, ZYD_CR11, on ? 0x00 : 0x04);
1524 	zyd_write16_m(sc, ZYD_CR251,
1525 	    on ? ((sc->sc_macrev == ZYD_ZD1211B) ? 0x7f : 0x3f) : 0x2f);
1526 fail:
1527 	return (error);
1528 }
1529 
1530 static int
1531 zyd_gct_set_channel(struct zyd_rf *rf, uint8_t chan)
1532 {
1533 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1534 	int error, i;
1535 	struct zyd_softc *sc = rf->rf_sc;
1536 	static const struct zyd_phy_pair cmd[] = {
1537 		{ ZYD_CR80, 0x30 }, { ZYD_CR81, 0x30 }, { ZYD_CR79, 0x58 },
1538 		{ ZYD_CR12, 0xf0 }, { ZYD_CR77, 0x1b }, { ZYD_CR78, 0x58 },
1539 	};
1540 	static const uint16_t vco[11][7] = ZYD_GCT_VCO;
1541 
1542 	error = zyd_gct_set_channel_synth(rf, chan, 0);
1543 	if (error != 0)
1544 		goto fail;
1545 	error = zyd_gct_write(rf, (rf->idx == -1) ? 0x6662 :
1546 	    vco[rf->idx][((chan - 1) / 2)]);
1547 	if (error != 0)
1548 		goto fail;
1549 	error = zyd_gct_mode(rf);
1550 	if (error != 0)
1551 		return (error);
1552 	for (i = 0; i < N(cmd); i++)
1553 		zyd_write16_m(sc, cmd[i].reg, cmd[i].val);
1554 	error = zyd_gct_txgain(rf, chan);
1555 	if (error != 0)
1556 		return (error);
1557 	zyd_write16_m(sc, ZYD_CR203, 0x6);
1558 fail:
1559 	return (error);
1560 #undef N
1561 }
1562 
1563 static int
1564 zyd_gct_txgain(struct zyd_rf *rf, uint8_t chan)
1565 {
1566 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1567 	struct zyd_softc *sc = rf->rf_sc;
1568 	static uint32_t txgain[] = ZYD_GCT_TXGAIN;
1569 	uint8_t idx = sc->sc_pwrint[chan - 1];
1570 
1571 	if (idx >= N(txgain)) {
1572 		device_printf(sc->sc_dev, "could not set TX gain (%d %#x)\n",
1573 		    chan, idx);
1574 		return 0;
1575 	}
1576 
1577 	return zyd_rfwrite(sc, 0x700000 | txgain[idx]);
1578 #undef N
1579 }
1580 
1581 /*
1582  * Maxim2 RF methods.
1583  */
1584 static int
1585 zyd_maxim2_init(struct zyd_rf *rf)
1586 {
1587 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1588 	struct zyd_softc *sc = rf->rf_sc;
1589 	static const struct zyd_phy_pair phyini[] = ZYD_MAXIM2_PHY;
1590 	static const uint32_t rfini[] = ZYD_MAXIM2_RF;
1591 	uint16_t tmp;
1592 	int i, error;
1593 
1594 	/* init RF-dependent PHY registers */
1595 	for (i = 0; i < N(phyini); i++)
1596 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1597 
1598 	zyd_read16_m(sc, ZYD_CR203, &tmp);
1599 	zyd_write16_m(sc, ZYD_CR203, tmp & ~(1 << 4));
1600 
1601 	/* init maxim2 radio */
1602 	for (i = 0; i < N(rfini); i++) {
1603 		if ((error = zyd_rfwrite(sc, rfini[i])) != 0)
1604 			return (error);
1605 	}
1606 	zyd_read16_m(sc, ZYD_CR203, &tmp);
1607 	zyd_write16_m(sc, ZYD_CR203, tmp | (1 << 4));
1608 fail:
1609 	return (error);
1610 #undef N
1611 }
1612 
1613 static int
1614 zyd_maxim2_switch_radio(struct zyd_rf *rf, int on)
1615 {
1616 
1617 	/* vendor driver does nothing for this RF chip */
1618 	return (0);
1619 }
1620 
1621 static int
1622 zyd_maxim2_set_channel(struct zyd_rf *rf, uint8_t chan)
1623 {
1624 #define N(a)	(sizeof(a) / sizeof((a)[0]))
1625 	struct zyd_softc *sc = rf->rf_sc;
1626 	static const struct zyd_phy_pair phyini[] = ZYD_MAXIM2_PHY;
1627 	static const uint32_t rfini[] = ZYD_MAXIM2_RF;
1628 	static const struct {
1629 		uint32_t	r1, r2;
1630 	} rfprog[] = ZYD_MAXIM2_CHANTABLE;
1631 	uint16_t tmp;
1632 	int i, error;
1633 
1634 	/*
1635 	 * Do the same as we do when initializing it, except for the channel
1636 	 * values coming from the two channel tables.
1637 	 */
1638 
1639 	/* init RF-dependent PHY registers */
1640 	for (i = 0; i < N(phyini); i++)
1641 		zyd_write16_m(sc, phyini[i].reg, phyini[i].val);
1642 
1643 	zyd_read16_m(sc, ZYD_CR203, &tmp);
1644 	zyd_write16_m(sc, ZYD_CR203, tmp & ~(1 << 4));
1645 
1646 	/* first two values taken from the chantables */
1647 	error = zyd_rfwrite(sc, rfprog[chan - 1].r1);
1648 	if (error != 0)
1649 		goto fail;
1650 	error = zyd_rfwrite(sc, rfprog[chan - 1].r2);
1651 	if (error != 0)
1652 		goto fail;
1653 
1654 	/* init maxim2 radio - skipping the two first values */
1655 	for (i = 2; i < N(rfini); i++) {
1656 		if ((error = zyd_rfwrite(sc, rfini[i])) != 0)
1657 			return (error);
1658 	}
1659 	zyd_read16_m(sc, ZYD_CR203, &tmp);
1660 	zyd_write16_m(sc, ZYD_CR203, tmp | (1 << 4));
1661 fail:
1662 	return (error);
1663 #undef N
1664 }
1665 
1666 static int
1667 zyd_rf_attach(struct zyd_softc *sc, uint8_t type)
1668 {
1669 	struct zyd_rf *rf = &sc->sc_rf;
1670 
1671 	rf->rf_sc = sc;
1672 	rf->update_pwr = 1;
1673 
1674 	switch (type) {
1675 	case ZYD_RF_RFMD:
1676 		rf->init         = zyd_rfmd_init;
1677 		rf->switch_radio = zyd_rfmd_switch_radio;
1678 		rf->set_channel  = zyd_rfmd_set_channel;
1679 		rf->width        = 24;	/* 24-bit RF values */
1680 		break;
1681 	case ZYD_RF_AL2230:
1682 	case ZYD_RF_AL2230S:
1683 		if (sc->sc_macrev == ZYD_ZD1211B) {
1684 			rf->init = zyd_al2230_init_b;
1685 			rf->set_channel = zyd_al2230_set_channel_b;
1686 		} else {
1687 			rf->init = zyd_al2230_init;
1688 			rf->set_channel = zyd_al2230_set_channel;
1689 		}
1690 		rf->switch_radio = zyd_al2230_switch_radio;
1691 		rf->bandedge6	 = zyd_al2230_bandedge6;
1692 		rf->width        = 24;	/* 24-bit RF values */
1693 		break;
1694 	case ZYD_RF_AL7230B:
1695 		rf->init         = zyd_al7230B_init;
1696 		rf->switch_radio = zyd_al7230B_switch_radio;
1697 		rf->set_channel  = zyd_al7230B_set_channel;
1698 		rf->width        = 24;	/* 24-bit RF values */
1699 		break;
1700 	case ZYD_RF_AL2210:
1701 		rf->init         = zyd_al2210_init;
1702 		rf->switch_radio = zyd_al2210_switch_radio;
1703 		rf->set_channel  = zyd_al2210_set_channel;
1704 		rf->width        = 24;	/* 24-bit RF values */
1705 		break;
1706 	case ZYD_RF_MAXIM_NEW:
1707 	case ZYD_RF_GCT:
1708 		rf->init         = zyd_gct_init;
1709 		rf->switch_radio = zyd_gct_switch_radio;
1710 		rf->set_channel  = zyd_gct_set_channel;
1711 		rf->width        = 24;	/* 24-bit RF values */
1712 		rf->update_pwr   = 0;
1713 		break;
1714 	case ZYD_RF_MAXIM_NEW2:
1715 		rf->init         = zyd_maxim2_init;
1716 		rf->switch_radio = zyd_maxim2_switch_radio;
1717 		rf->set_channel  = zyd_maxim2_set_channel;
1718 		rf->width        = 18;	/* 18-bit RF values */
1719 		break;
1720 	default:
1721 		device_printf(sc->sc_dev,
1722 		    "sorry, radio \"%s\" is not supported yet\n",
1723 		    zyd_rf_name(type));
1724 		return (EINVAL);
1725 	}
1726 	return (0);
1727 }
1728 
1729 static const char *
1730 zyd_rf_name(uint8_t type)
1731 {
1732 	static const char * const zyd_rfs[] = {
1733 		"unknown", "unknown", "UW2451",   "UCHIP",     "AL2230",
1734 		"AL7230B", "THETA",   "AL2210",   "MAXIM_NEW", "GCT",
1735 		"AL2230S",  "RALINK",  "INTERSIL", "RFMD",      "MAXIM_NEW2",
1736 		"PHILIPS"
1737 	};
1738 
1739 	return zyd_rfs[(type > 15) ? 0 : type];
1740 }
1741 
1742 static int
1743 zyd_hw_init(struct zyd_softc *sc)
1744 {
1745 	int error;
1746 	const struct zyd_phy_pair *phyp;
1747 	struct zyd_rf *rf = &sc->sc_rf;
1748 	uint16_t val;
1749 
1750 	/* specify that the plug and play is finished */
1751 	zyd_write32_m(sc, ZYD_MAC_AFTER_PNP, 1);
1752 	zyd_read16_m(sc, ZYD_FIRMWARE_BASE_ADDR, &sc->sc_fwbase);
1753 	DPRINTF(sc, ZYD_DEBUG_FW, "firmware base address=0x%04x\n",
1754 	    sc->sc_fwbase);
1755 
1756 	/* retrieve firmware revision number */
1757 	zyd_read16_m(sc, sc->sc_fwbase + ZYD_FW_FIRMWARE_REV, &sc->sc_fwrev);
1758 	zyd_write32_m(sc, ZYD_CR_GPI_EN, 0);
1759 	zyd_write32_m(sc, ZYD_MAC_CONT_WIN_LIMIT, 0x7f043f);
1760 	/* set mandatory rates - XXX assumes 802.11b/g */
1761 	zyd_write32_m(sc, ZYD_MAC_MAN_RATE, 0x150f);
1762 
1763 	/* disable interrupts */
1764 	zyd_write32_m(sc, ZYD_CR_INTERRUPT, 0);
1765 
1766 	if ((error = zyd_read_pod(sc)) != 0) {
1767 		device_printf(sc->sc_dev, "could not read EEPROM\n");
1768 		goto fail;
1769 	}
1770 
1771 	/* PHY init (resetting) */
1772 	error = zyd_lock_phy(sc);
1773 	if (error != 0)
1774 		goto fail;
1775 	phyp = (sc->sc_macrev == ZYD_ZD1211B) ? zyd_def_phyB : zyd_def_phy;
1776 	for (; phyp->reg != 0; phyp++)
1777 		zyd_write16_m(sc, phyp->reg, phyp->val);
1778 	if (sc->sc_macrev == ZYD_ZD1211 && sc->sc_fix_cr157 != 0) {
1779 		zyd_read16_m(sc, ZYD_EEPROM_PHY_REG, &val);
1780 		zyd_write32_m(sc, ZYD_CR157, val >> 8);
1781 	}
1782 	error = zyd_unlock_phy(sc);
1783 	if (error != 0)
1784 		goto fail;
1785 
1786 	/* HMAC init */
1787 	zyd_write32_m(sc, ZYD_MAC_ACK_EXT, 0x00000020);
1788 	zyd_write32_m(sc, ZYD_CR_ADDA_MBIAS_WT, 0x30000808);
1789 	zyd_write32_m(sc, ZYD_MAC_SNIFFER, 0x00000000);
1790 	zyd_write32_m(sc, ZYD_MAC_RXFILTER, 0x00000000);
1791 	zyd_write32_m(sc, ZYD_MAC_GHTBL, 0x00000000);
1792 	zyd_write32_m(sc, ZYD_MAC_GHTBH, 0x80000000);
1793 	zyd_write32_m(sc, ZYD_MAC_MISC, 0x000000a4);
1794 	zyd_write32_m(sc, ZYD_CR_ADDA_PWR_DWN, 0x0000007f);
1795 	zyd_write32_m(sc, ZYD_MAC_BCNCFG, 0x00f00401);
1796 	zyd_write32_m(sc, ZYD_MAC_PHY_DELAY2, 0x00000000);
1797 	zyd_write32_m(sc, ZYD_MAC_ACK_EXT, 0x00000080);
1798 	zyd_write32_m(sc, ZYD_CR_ADDA_PWR_DWN, 0x00000000);
1799 	zyd_write32_m(sc, ZYD_MAC_SIFS_ACK_TIME, 0x00000100);
1800 	zyd_write32_m(sc, ZYD_CR_RX_PE_DELAY, 0x00000070);
1801 	zyd_write32_m(sc, ZYD_CR_PS_CTRL, 0x10000000);
1802 	zyd_write32_m(sc, ZYD_MAC_RTSCTSRATE, 0x02030203);
1803 	zyd_write32_m(sc, ZYD_MAC_AFTER_PNP, 1);
1804 	zyd_write32_m(sc, ZYD_MAC_BACKOFF_PROTECT, 0x00000114);
1805 	zyd_write32_m(sc, ZYD_MAC_DIFS_EIFS_SIFS, 0x0a47c032);
1806 	zyd_write32_m(sc, ZYD_MAC_CAM_MODE, 0x3);
1807 
1808 	if (sc->sc_macrev == ZYD_ZD1211) {
1809 		zyd_write32_m(sc, ZYD_MAC_RETRY, 0x00000002);
1810 		zyd_write32_m(sc, ZYD_MAC_RX_THRESHOLD, 0x000c0640);
1811 	} else {
1812 		zyd_write32_m(sc, ZYD_MACB_MAX_RETRY, 0x02020202);
1813 		zyd_write32_m(sc, ZYD_MACB_TXPWR_CTL4, 0x007f003f);
1814 		zyd_write32_m(sc, ZYD_MACB_TXPWR_CTL3, 0x007f003f);
1815 		zyd_write32_m(sc, ZYD_MACB_TXPWR_CTL2, 0x003f001f);
1816 		zyd_write32_m(sc, ZYD_MACB_TXPWR_CTL1, 0x001f000f);
1817 		zyd_write32_m(sc, ZYD_MACB_AIFS_CTL1, 0x00280028);
1818 		zyd_write32_m(sc, ZYD_MACB_AIFS_CTL2, 0x008C003C);
1819 		zyd_write32_m(sc, ZYD_MACB_TXOP, 0x01800824);
1820 		zyd_write32_m(sc, ZYD_MAC_RX_THRESHOLD, 0x000c0eff);
1821 	}
1822 
1823 	/* init beacon interval to 100ms */
1824 	if ((error = zyd_set_beacon_interval(sc, 100)) != 0)
1825 		goto fail;
1826 
1827 	if ((error = zyd_rf_attach(sc, sc->sc_rfrev)) != 0) {
1828 		device_printf(sc->sc_dev, "could not attach RF, rev 0x%x\n",
1829 		    sc->sc_rfrev);
1830 		goto fail;
1831 	}
1832 
1833 	/* RF chip init */
1834 	error = zyd_lock_phy(sc);
1835 	if (error != 0)
1836 		goto fail;
1837 	error = (*rf->init)(rf);
1838 	if (error != 0) {
1839 		device_printf(sc->sc_dev,
1840 		    "radio initialization failed, error %d\n", error);
1841 		goto fail;
1842 	}
1843 	error = zyd_unlock_phy(sc);
1844 	if (error != 0)
1845 		goto fail;
1846 
1847 	if ((error = zyd_read_eeprom(sc)) != 0) {
1848 		device_printf(sc->sc_dev, "could not read EEPROM\n");
1849 		goto fail;
1850 	}
1851 
1852 fail:	return (error);
1853 }
1854 
1855 static int
1856 zyd_read_pod(struct zyd_softc *sc)
1857 {
1858 	int error;
1859 	uint32_t tmp;
1860 
1861 	zyd_read32_m(sc, ZYD_EEPROM_POD, &tmp);
1862 	sc->sc_rfrev     = tmp & 0x0f;
1863 	sc->sc_ledtype   = (tmp >>  4) & 0x01;
1864 	sc->sc_al2230s   = (tmp >>  7) & 0x01;
1865 	sc->sc_cckgain   = (tmp >>  8) & 0x01;
1866 	sc->sc_fix_cr157 = (tmp >> 13) & 0x01;
1867 	sc->sc_parev     = (tmp >> 16) & 0x0f;
1868 	sc->sc_bandedge6 = (tmp >> 21) & 0x01;
1869 	sc->sc_newphy    = (tmp >> 31) & 0x01;
1870 	sc->sc_txled     = ((tmp & (1 << 24)) && (tmp & (1 << 29))) ? 0 : 1;
1871 fail:
1872 	return (error);
1873 }
1874 
1875 static int
1876 zyd_read_eeprom(struct zyd_softc *sc)
1877 {
1878 	uint16_t val;
1879 	int error, i;
1880 
1881 	/* read Tx power calibration tables */
1882 	for (i = 0; i < 7; i++) {
1883 		zyd_read16_m(sc, ZYD_EEPROM_PWR_CAL + i, &val);
1884 		sc->sc_pwrcal[i * 2] = val >> 8;
1885 		sc->sc_pwrcal[i * 2 + 1] = val & 0xff;
1886 		zyd_read16_m(sc, ZYD_EEPROM_PWR_INT + i, &val);
1887 		sc->sc_pwrint[i * 2] = val >> 8;
1888 		sc->sc_pwrint[i * 2 + 1] = val & 0xff;
1889 		zyd_read16_m(sc, ZYD_EEPROM_36M_CAL + i, &val);
1890 		sc->sc_ofdm36_cal[i * 2] = val >> 8;
1891 		sc->sc_ofdm36_cal[i * 2 + 1] = val & 0xff;
1892 		zyd_read16_m(sc, ZYD_EEPROM_48M_CAL + i, &val);
1893 		sc->sc_ofdm48_cal[i * 2] = val >> 8;
1894 		sc->sc_ofdm48_cal[i * 2 + 1] = val & 0xff;
1895 		zyd_read16_m(sc, ZYD_EEPROM_54M_CAL + i, &val);
1896 		sc->sc_ofdm54_cal[i * 2] = val >> 8;
1897 		sc->sc_ofdm54_cal[i * 2 + 1] = val & 0xff;
1898 	}
1899 fail:
1900 	return (error);
1901 }
1902 
1903 static int
1904 zyd_get_macaddr(struct zyd_softc *sc)
1905 {
1906 	struct usb_device_request req;
1907 	usb_error_t error;
1908 
1909 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
1910 	req.bRequest = ZYD_READFWDATAREQ;
1911 	USETW(req.wValue, ZYD_EEPROM_MAC_ADDR_P1);
1912 	USETW(req.wIndex, 0);
1913 	USETW(req.wLength, IEEE80211_ADDR_LEN);
1914 
1915 	error = zyd_do_request(sc, &req, sc->sc_bssid);
1916 	if (error != 0) {
1917 		device_printf(sc->sc_dev, "could not read EEPROM: %s\n",
1918 		    usbd_errstr(error));
1919 	}
1920 
1921 	return (error);
1922 }
1923 
1924 static int
1925 zyd_set_macaddr(struct zyd_softc *sc, const uint8_t *addr)
1926 {
1927 	int error;
1928 	uint32_t tmp;
1929 
1930 	tmp = addr[3] << 24 | addr[2] << 16 | addr[1] << 8 | addr[0];
1931 	zyd_write32_m(sc, ZYD_MAC_MACADRL, tmp);
1932 	tmp = addr[5] << 8 | addr[4];
1933 	zyd_write32_m(sc, ZYD_MAC_MACADRH, tmp);
1934 fail:
1935 	return (error);
1936 }
1937 
1938 static int
1939 zyd_set_bssid(struct zyd_softc *sc, const uint8_t *addr)
1940 {
1941 	int error;
1942 	uint32_t tmp;
1943 
1944 	tmp = addr[3] << 24 | addr[2] << 16 | addr[1] << 8 | addr[0];
1945 	zyd_write32_m(sc, ZYD_MAC_BSSADRL, tmp);
1946 	tmp = addr[5] << 8 | addr[4];
1947 	zyd_write32_m(sc, ZYD_MAC_BSSADRH, tmp);
1948 fail:
1949 	return (error);
1950 }
1951 
1952 static int
1953 zyd_switch_radio(struct zyd_softc *sc, int on)
1954 {
1955 	struct zyd_rf *rf = &sc->sc_rf;
1956 	int error;
1957 
1958 	error = zyd_lock_phy(sc);
1959 	if (error != 0)
1960 		goto fail;
1961 	error = (*rf->switch_radio)(rf, on);
1962 	if (error != 0)
1963 		goto fail;
1964 	error = zyd_unlock_phy(sc);
1965 fail:
1966 	return (error);
1967 }
1968 
1969 static int
1970 zyd_set_led(struct zyd_softc *sc, int which, int on)
1971 {
1972 	int error;
1973 	uint32_t tmp;
1974 
1975 	zyd_read32_m(sc, ZYD_MAC_TX_PE_CONTROL, &tmp);
1976 	tmp &= ~which;
1977 	if (on)
1978 		tmp |= which;
1979 	zyd_write32_m(sc, ZYD_MAC_TX_PE_CONTROL, tmp);
1980 fail:
1981 	return (error);
1982 }
1983 
1984 static void
1985 zyd_set_multi(struct zyd_softc *sc)
1986 {
1987 	int error;
1988 	struct ifnet *ifp = sc->sc_ifp;
1989 	struct ieee80211com *ic = ifp->if_l2com;
1990 	struct ifmultiaddr *ifma;
1991 	uint32_t low, high;
1992 	uint8_t v;
1993 
1994 	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1995 		return;
1996 
1997 	low = 0x00000000;
1998 	high = 0x80000000;
1999 
2000 	if (ic->ic_opmode == IEEE80211_M_MONITOR ||
2001 	    (ifp->if_flags & (IFF_ALLMULTI | IFF_PROMISC))) {
2002 		low = 0xffffffff;
2003 		high = 0xffffffff;
2004 	} else {
2005 		if_maddr_rlock(ifp);
2006 		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
2007 			if (ifma->ifma_addr->sa_family != AF_LINK)
2008 				continue;
2009 			v = ((uint8_t *)LLADDR((struct sockaddr_dl *)
2010 			    ifma->ifma_addr))[5] >> 2;
2011 			if (v < 32)
2012 				low |= 1 << v;
2013 			else
2014 				high |= 1 << (v - 32);
2015 		}
2016 		if_maddr_runlock(ifp);
2017 	}
2018 
2019 	/* reprogram multicast global hash table */
2020 	zyd_write32_m(sc, ZYD_MAC_GHTBL, low);
2021 	zyd_write32_m(sc, ZYD_MAC_GHTBH, high);
2022 fail:
2023 	if (error != 0)
2024 		device_printf(sc->sc_dev,
2025 		    "could not set multicast hash table\n");
2026 }
2027 
2028 static void
2029 zyd_update_mcast(struct ifnet *ifp)
2030 {
2031 	struct zyd_softc *sc = ifp->if_softc;
2032 
2033 	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2034 		return;
2035 
2036 	ZYD_LOCK(sc);
2037 	zyd_set_multi(sc);
2038 	ZYD_UNLOCK(sc);
2039 }
2040 
2041 static int
2042 zyd_set_rxfilter(struct zyd_softc *sc)
2043 {
2044 	struct ifnet *ifp = sc->sc_ifp;
2045 	struct ieee80211com *ic = ifp->if_l2com;
2046 	uint32_t rxfilter;
2047 
2048 	switch (ic->ic_opmode) {
2049 	case IEEE80211_M_STA:
2050 		rxfilter = ZYD_FILTER_BSS;
2051 		break;
2052 	case IEEE80211_M_IBSS:
2053 	case IEEE80211_M_HOSTAP:
2054 		rxfilter = ZYD_FILTER_HOSTAP;
2055 		break;
2056 	case IEEE80211_M_MONITOR:
2057 		rxfilter = ZYD_FILTER_MONITOR;
2058 		break;
2059 	default:
2060 		/* should not get there */
2061 		return (EINVAL);
2062 	}
2063 	return zyd_write32(sc, ZYD_MAC_RXFILTER, rxfilter);
2064 }
2065 
2066 static void
2067 zyd_set_chan(struct zyd_softc *sc, struct ieee80211_channel *c)
2068 {
2069 	int error;
2070 	struct ifnet *ifp = sc->sc_ifp;
2071 	struct ieee80211com *ic = ifp->if_l2com;
2072 	struct zyd_rf *rf = &sc->sc_rf;
2073 	uint32_t tmp;
2074 	int chan;
2075 
2076 	chan = ieee80211_chan2ieee(ic, c);
2077 	if (chan == 0 || chan == IEEE80211_CHAN_ANY) {
2078 		/* XXX should NEVER happen */
2079 		device_printf(sc->sc_dev,
2080 		    "%s: invalid channel %x\n", __func__, chan);
2081 		return;
2082 	}
2083 
2084 	error = zyd_lock_phy(sc);
2085 	if (error != 0)
2086 		goto fail;
2087 
2088 	error = (*rf->set_channel)(rf, chan);
2089 	if (error != 0)
2090 		goto fail;
2091 
2092 	if (rf->update_pwr) {
2093 		/* update Tx power */
2094 		zyd_write16_m(sc, ZYD_CR31, sc->sc_pwrint[chan - 1]);
2095 
2096 		if (sc->sc_macrev == ZYD_ZD1211B) {
2097 			zyd_write16_m(sc, ZYD_CR67,
2098 			    sc->sc_ofdm36_cal[chan - 1]);
2099 			zyd_write16_m(sc, ZYD_CR66,
2100 			    sc->sc_ofdm48_cal[chan - 1]);
2101 			zyd_write16_m(sc, ZYD_CR65,
2102 			    sc->sc_ofdm54_cal[chan - 1]);
2103 			zyd_write16_m(sc, ZYD_CR68, sc->sc_pwrcal[chan - 1]);
2104 			zyd_write16_m(sc, ZYD_CR69, 0x28);
2105 			zyd_write16_m(sc, ZYD_CR69, 0x2a);
2106 		}
2107 	}
2108 	if (sc->sc_cckgain) {
2109 		/* set CCK baseband gain from EEPROM */
2110 		if (zyd_read32(sc, ZYD_EEPROM_PHY_REG, &tmp) == 0)
2111 			zyd_write16_m(sc, ZYD_CR47, tmp & 0xff);
2112 	}
2113 	if (sc->sc_bandedge6 && rf->bandedge6 != NULL) {
2114 		error = (*rf->bandedge6)(rf, c);
2115 		if (error != 0)
2116 			goto fail;
2117 	}
2118 	zyd_write32_m(sc, ZYD_CR_CONFIG_PHILIPS, 0);
2119 
2120 	error = zyd_unlock_phy(sc);
2121 	if (error != 0)
2122 		goto fail;
2123 
2124 	sc->sc_rxtap.wr_chan_freq = sc->sc_txtap.wt_chan_freq =
2125 	    htole16(c->ic_freq);
2126 	sc->sc_rxtap.wr_chan_flags = sc->sc_txtap.wt_chan_flags =
2127 	    htole16(c->ic_flags);
2128 fail:
2129 	return;
2130 }
2131 
2132 static int
2133 zyd_set_beacon_interval(struct zyd_softc *sc, int bintval)
2134 {
2135 	int error;
2136 	uint32_t val;
2137 
2138 	zyd_read32_m(sc, ZYD_CR_ATIM_WND_PERIOD, &val);
2139 	sc->sc_atim_wnd = val;
2140 	zyd_read32_m(sc, ZYD_CR_PRE_TBTT, &val);
2141 	sc->sc_pre_tbtt = val;
2142 	sc->sc_bcn_int = bintval;
2143 
2144 	if (sc->sc_bcn_int <= 5)
2145 		sc->sc_bcn_int = 5;
2146 	if (sc->sc_pre_tbtt < 4 || sc->sc_pre_tbtt >= sc->sc_bcn_int)
2147 		sc->sc_pre_tbtt = sc->sc_bcn_int - 1;
2148 	if (sc->sc_atim_wnd >= sc->sc_pre_tbtt)
2149 		sc->sc_atim_wnd = sc->sc_pre_tbtt - 1;
2150 
2151 	zyd_write32_m(sc, ZYD_CR_ATIM_WND_PERIOD, sc->sc_atim_wnd);
2152 	zyd_write32_m(sc, ZYD_CR_PRE_TBTT, sc->sc_pre_tbtt);
2153 	zyd_write32_m(sc, ZYD_CR_BCN_INTERVAL, sc->sc_bcn_int);
2154 fail:
2155 	return (error);
2156 }
2157 
2158 static void
2159 zyd_rx_data(struct usb_xfer *xfer, int offset, uint16_t len)
2160 {
2161 	struct zyd_softc *sc = usbd_xfer_softc(xfer);
2162 	struct ifnet *ifp = sc->sc_ifp;
2163 	struct ieee80211com *ic = ifp->if_l2com;
2164 	struct zyd_plcphdr plcp;
2165 	struct zyd_rx_stat stat;
2166 	struct usb_page_cache *pc;
2167 	struct mbuf *m;
2168 	int rlen, rssi;
2169 
2170 	if (len < ZYD_MIN_FRAGSZ) {
2171 		DPRINTF(sc, ZYD_DEBUG_RECV, "%s: frame too short (length=%d)\n",
2172 		    device_get_nameunit(sc->sc_dev), len);
2173 		ifp->if_ierrors++;
2174 		return;
2175 	}
2176 	pc = usbd_xfer_get_frame(xfer, 0);
2177 	usbd_copy_out(pc, offset, &plcp, sizeof(plcp));
2178 	usbd_copy_out(pc, offset + len - sizeof(stat), &stat, sizeof(stat));
2179 
2180 	if (stat.flags & ZYD_RX_ERROR) {
2181 		DPRINTF(sc, ZYD_DEBUG_RECV,
2182 		    "%s: RX status indicated error (%x)\n",
2183 		    device_get_nameunit(sc->sc_dev), stat.flags);
2184 		ifp->if_ierrors++;
2185 		return;
2186 	}
2187 
2188 	/* compute actual frame length */
2189 	rlen = len - sizeof(struct zyd_plcphdr) -
2190 	    sizeof(struct zyd_rx_stat) - IEEE80211_CRC_LEN;
2191 
2192 	/* allocate a mbuf to store the frame */
2193 	if (rlen > MCLBYTES) {
2194 		DPRINTF(sc, ZYD_DEBUG_RECV, "%s: frame too long (length=%d)\n",
2195 		    device_get_nameunit(sc->sc_dev), rlen);
2196 		ifp->if_ierrors++;
2197 		return;
2198 	} else if (rlen > MHLEN)
2199 		m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
2200 	else
2201 		m = m_gethdr(M_DONTWAIT, MT_DATA);
2202 	if (m == NULL) {
2203 		DPRINTF(sc, ZYD_DEBUG_RECV, "%s: could not allocate rx mbuf\n",
2204 		    device_get_nameunit(sc->sc_dev));
2205 		ifp->if_ierrors++;
2206 		return;
2207 	}
2208 	m->m_pkthdr.rcvif = ifp;
2209 	m->m_pkthdr.len = m->m_len = rlen;
2210 	usbd_copy_out(pc, offset + sizeof(plcp), mtod(m, uint8_t *), rlen);
2211 
2212 	if (ieee80211_radiotap_active(ic)) {
2213 		struct zyd_rx_radiotap_header *tap = &sc->sc_rxtap;
2214 
2215 		tap->wr_flags = 0;
2216 		if (stat.flags & (ZYD_RX_BADCRC16 | ZYD_RX_BADCRC32))
2217 			tap->wr_flags |= IEEE80211_RADIOTAP_F_BADFCS;
2218 		/* XXX toss, no way to express errors */
2219 		if (stat.flags & ZYD_RX_DECRYPTERR)
2220 			tap->wr_flags |= IEEE80211_RADIOTAP_F_BADFCS;
2221 		tap->wr_rate = ieee80211_plcp2rate(plcp.signal,
2222 		    (stat.flags & ZYD_RX_OFDM) ?
2223 			IEEE80211_T_OFDM : IEEE80211_T_CCK);
2224 		tap->wr_antsignal = stat.rssi + -95;
2225 		tap->wr_antnoise = -95;	/* XXX */
2226 	}
2227 	rssi = (stat.rssi > 63) ? 127 : 2 * stat.rssi;
2228 
2229 	sc->sc_rx_data[sc->sc_rx_count].rssi = rssi;
2230 	sc->sc_rx_data[sc->sc_rx_count].m = m;
2231 	sc->sc_rx_count++;
2232 }
2233 
2234 static void
2235 zyd_bulk_read_callback(struct usb_xfer *xfer, usb_error_t error)
2236 {
2237 	struct zyd_softc *sc = usbd_xfer_softc(xfer);
2238 	struct ifnet *ifp = sc->sc_ifp;
2239 	struct ieee80211com *ic = ifp->if_l2com;
2240 	struct ieee80211_node *ni;
2241 	struct zyd_rx_desc desc;
2242 	struct mbuf *m;
2243 	struct usb_page_cache *pc;
2244 	uint32_t offset;
2245 	uint8_t rssi;
2246 	int8_t nf;
2247 	int i;
2248 	int actlen;
2249 
2250 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
2251 
2252 	sc->sc_rx_count = 0;
2253 	switch (USB_GET_STATE(xfer)) {
2254 	case USB_ST_TRANSFERRED:
2255 		pc = usbd_xfer_get_frame(xfer, 0);
2256 		usbd_copy_out(pc, actlen - sizeof(desc), &desc, sizeof(desc));
2257 
2258 		offset = 0;
2259 		if (UGETW(desc.tag) == ZYD_TAG_MULTIFRAME) {
2260 			DPRINTF(sc, ZYD_DEBUG_RECV,
2261 			    "%s: received multi-frame transfer\n", __func__);
2262 
2263 			for (i = 0; i < ZYD_MAX_RXFRAMECNT; i++) {
2264 				uint16_t len16 = UGETW(desc.len[i]);
2265 
2266 				if (len16 == 0 || len16 > actlen)
2267 					break;
2268 
2269 				zyd_rx_data(xfer, offset, len16);
2270 
2271 				/* next frame is aligned on a 32-bit boundary */
2272 				len16 = (len16 + 3) & ~3;
2273 				offset += len16;
2274 				if (len16 > actlen)
2275 					break;
2276 				actlen -= len16;
2277 			}
2278 		} else {
2279 			DPRINTF(sc, ZYD_DEBUG_RECV,
2280 			    "%s: received single-frame transfer\n", __func__);
2281 
2282 			zyd_rx_data(xfer, 0, actlen);
2283 		}
2284 		/* FALLTHROUGH */
2285 	case USB_ST_SETUP:
2286 tr_setup:
2287 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
2288 		usbd_transfer_submit(xfer);
2289 
2290 		/*
2291 		 * At the end of a USB callback it is always safe to unlock
2292 		 * the private mutex of a device! That is why we do the
2293 		 * "ieee80211_input" here, and not some lines up!
2294 		 */
2295 		ZYD_UNLOCK(sc);
2296 		for (i = 0; i < sc->sc_rx_count; i++) {
2297 			rssi = sc->sc_rx_data[i].rssi;
2298 			m = sc->sc_rx_data[i].m;
2299 			sc->sc_rx_data[i].m = NULL;
2300 
2301 			nf = -95;	/* XXX */
2302 
2303 			ni = ieee80211_find_rxnode(ic,
2304 			    mtod(m, struct ieee80211_frame_min *));
2305 			if (ni != NULL) {
2306 				(void)ieee80211_input(ni, m, rssi, nf);
2307 				ieee80211_free_node(ni);
2308 			} else
2309 				(void)ieee80211_input_all(ic, m, rssi, nf);
2310 		}
2311 		if ((ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0 &&
2312 		    !IFQ_IS_EMPTY(&ifp->if_snd))
2313 			zyd_start(ifp);
2314 		ZYD_LOCK(sc);
2315 		break;
2316 
2317 	default:			/* Error */
2318 		DPRINTF(sc, ZYD_DEBUG_ANY, "frame error: %s\n", usbd_errstr(error));
2319 
2320 		if (error != USB_ERR_CANCELLED) {
2321 			/* try to clear stall first */
2322 			usbd_xfer_set_stall(xfer);
2323 			goto tr_setup;
2324 		}
2325 		break;
2326 	}
2327 }
2328 
2329 static uint8_t
2330 zyd_plcp_signal(struct zyd_softc *sc, int rate)
2331 {
2332 	switch (rate) {
2333 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
2334 	case 12:
2335 		return (0xb);
2336 	case 18:
2337 		return (0xf);
2338 	case 24:
2339 		return (0xa);
2340 	case 36:
2341 		return (0xe);
2342 	case 48:
2343 		return (0x9);
2344 	case 72:
2345 		return (0xd);
2346 	case 96:
2347 		return (0x8);
2348 	case 108:
2349 		return (0xc);
2350 	/* CCK rates (NB: not IEEE std, device-specific) */
2351 	case 2:
2352 		return (0x0);
2353 	case 4:
2354 		return (0x1);
2355 	case 11:
2356 		return (0x2);
2357 	case 22:
2358 		return (0x3);
2359 	}
2360 
2361 	device_printf(sc->sc_dev, "unsupported rate %d\n", rate);
2362 	return (0x0);
2363 }
2364 
2365 static void
2366 zyd_bulk_write_callback(struct usb_xfer *xfer, usb_error_t error)
2367 {
2368 	struct zyd_softc *sc = usbd_xfer_softc(xfer);
2369 	struct ifnet *ifp = sc->sc_ifp;
2370 	struct ieee80211vap *vap;
2371 	struct zyd_tx_data *data;
2372 	struct mbuf *m;
2373 	struct usb_page_cache *pc;
2374 	int actlen;
2375 
2376 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
2377 
2378 	switch (USB_GET_STATE(xfer)) {
2379 	case USB_ST_TRANSFERRED:
2380 		DPRINTF(sc, ZYD_DEBUG_ANY, "transfer complete, %u bytes\n",
2381 		    actlen);
2382 
2383 		/* free resources */
2384 		data = usbd_xfer_get_priv(xfer);
2385 		zyd_tx_free(data, 0);
2386 		usbd_xfer_set_priv(xfer, NULL);
2387 
2388 		ifp->if_opackets++;
2389 		ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2390 
2391 		/* FALLTHROUGH */
2392 	case USB_ST_SETUP:
2393 tr_setup:
2394 		data = STAILQ_FIRST(&sc->tx_q);
2395 		if (data) {
2396 			STAILQ_REMOVE_HEAD(&sc->tx_q, next);
2397 			m = data->m;
2398 
2399 			if (m->m_pkthdr.len > ZYD_MAX_TXBUFSZ) {
2400 				DPRINTF(sc, ZYD_DEBUG_ANY, "data overflow, %u bytes\n",
2401 				    m->m_pkthdr.len);
2402 				m->m_pkthdr.len = ZYD_MAX_TXBUFSZ;
2403 			}
2404 			pc = usbd_xfer_get_frame(xfer, 0);
2405 			usbd_copy_in(pc, 0, &data->desc, ZYD_TX_DESC_SIZE);
2406 			usbd_m_copy_in(pc, ZYD_TX_DESC_SIZE, m, 0,
2407 			    m->m_pkthdr.len);
2408 
2409 			vap = data->ni->ni_vap;
2410 			if (ieee80211_radiotap_active_vap(vap)) {
2411 				struct zyd_tx_radiotap_header *tap = &sc->sc_txtap;
2412 
2413 				tap->wt_flags = 0;
2414 				tap->wt_rate = data->rate;
2415 
2416 				ieee80211_radiotap_tx(vap, m);
2417 			}
2418 
2419 			usbd_xfer_set_frame_len(xfer, 0, ZYD_TX_DESC_SIZE + m->m_pkthdr.len);
2420 			usbd_xfer_set_priv(xfer, data);
2421 			usbd_transfer_submit(xfer);
2422 		}
2423 		ZYD_UNLOCK(sc);
2424 		zyd_start(ifp);
2425 		ZYD_LOCK(sc);
2426 		break;
2427 
2428 	default:			/* Error */
2429 		DPRINTF(sc, ZYD_DEBUG_ANY, "transfer error, %s\n",
2430 		    usbd_errstr(error));
2431 
2432 		ifp->if_oerrors++;
2433 		data = usbd_xfer_get_priv(xfer);
2434 		usbd_xfer_set_priv(xfer, NULL);
2435 		if (data != NULL)
2436 			zyd_tx_free(data, error);
2437 
2438 		if (error != USB_ERR_CANCELLED) {
2439 			if (error == USB_ERR_TIMEOUT)
2440 				device_printf(sc->sc_dev, "device timeout\n");
2441 
2442 			/*
2443 			 * Try to clear stall first, also if other
2444 			 * errors occur, hence clearing stall
2445 			 * introduces a 50 ms delay:
2446 			 */
2447 			usbd_xfer_set_stall(xfer);
2448 			goto tr_setup;
2449 		}
2450 		break;
2451 	}
2452 }
2453 
2454 static int
2455 zyd_tx_start(struct zyd_softc *sc, struct mbuf *m0, struct ieee80211_node *ni)
2456 {
2457 	struct ieee80211vap *vap = ni->ni_vap;
2458 	struct ieee80211com *ic = ni->ni_ic;
2459 	struct zyd_tx_desc *desc;
2460 	struct zyd_tx_data *data;
2461 	struct ieee80211_frame *wh;
2462 	const struct ieee80211_txparam *tp;
2463 	struct ieee80211_key *k;
2464 	int rate, totlen;
2465 	static uint8_t ratediv[] = ZYD_TX_RATEDIV;
2466 	uint8_t phy;
2467 	uint16_t pktlen;
2468 	uint32_t bits;
2469 
2470 	wh = mtod(m0, struct ieee80211_frame *);
2471 	data = STAILQ_FIRST(&sc->tx_free);
2472 	STAILQ_REMOVE_HEAD(&sc->tx_free, next);
2473 	sc->tx_nfree--;
2474 
2475 	if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_MGT ||
2476 	    (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) {
2477 		tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2478 		rate = tp->mgmtrate;
2479 	} else {
2480 		tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
2481 		/* for data frames */
2482 		if (IEEE80211_IS_MULTICAST(wh->i_addr1))
2483 			rate = tp->mcastrate;
2484 		else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
2485 			rate = tp->ucastrate;
2486 		else {
2487 			(void) ieee80211_ratectl_rate(ni, NULL, 0);
2488 			rate = ni->ni_txrate;
2489 		}
2490 	}
2491 
2492 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
2493 		k = ieee80211_crypto_encap(ni, m0);
2494 		if (k == NULL) {
2495 			m_freem(m0);
2496 			return (ENOBUFS);
2497 		}
2498 		/* packet header may have moved, reset our local pointer */
2499 		wh = mtod(m0, struct ieee80211_frame *);
2500 	}
2501 
2502 	data->ni = ni;
2503 	data->m = m0;
2504 	data->rate = rate;
2505 
2506 	/* fill Tx descriptor */
2507 	desc = &data->desc;
2508 	phy = zyd_plcp_signal(sc, rate);
2509 	desc->phy = phy;
2510 	if (ZYD_RATE_IS_OFDM(rate)) {
2511 		desc->phy |= ZYD_TX_PHY_OFDM;
2512 		if (IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
2513 			desc->phy |= ZYD_TX_PHY_5GHZ;
2514 	} else if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
2515 		desc->phy |= ZYD_TX_PHY_SHPREAMBLE;
2516 
2517 	totlen = m0->m_pkthdr.len + IEEE80211_CRC_LEN;
2518 	desc->len = htole16(totlen);
2519 
2520 	desc->flags = ZYD_TX_FLAG_BACKOFF;
2521 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
2522 		/* multicast frames are not sent at OFDM rates in 802.11b/g */
2523 		if (totlen > vap->iv_rtsthreshold) {
2524 			desc->flags |= ZYD_TX_FLAG_RTS;
2525 		} else if (ZYD_RATE_IS_OFDM(rate) &&
2526 		    (ic->ic_flags & IEEE80211_F_USEPROT)) {
2527 			if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
2528 				desc->flags |= ZYD_TX_FLAG_CTS_TO_SELF;
2529 			else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
2530 				desc->flags |= ZYD_TX_FLAG_RTS;
2531 		}
2532 	} else
2533 		desc->flags |= ZYD_TX_FLAG_MULTICAST;
2534 	if ((wh->i_fc[0] &
2535 	    (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
2536 	    (IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_PS_POLL))
2537 		desc->flags |= ZYD_TX_FLAG_TYPE(ZYD_TX_TYPE_PS_POLL);
2538 
2539 	/* actual transmit length (XXX why +10?) */
2540 	pktlen = ZYD_TX_DESC_SIZE + 10;
2541 	if (sc->sc_macrev == ZYD_ZD1211)
2542 		pktlen += totlen;
2543 	desc->pktlen = htole16(pktlen);
2544 
2545 	bits = (rate == 11) ? (totlen * 16) + 10 :
2546 	    ((rate == 22) ? (totlen * 8) + 10 : (totlen * 8));
2547 	desc->plcp_length = htole16(bits / ratediv[phy]);
2548 	desc->plcp_service = 0;
2549 	if (rate == 22 && (bits % 11) > 0 && (bits % 11) <= 3)
2550 		desc->plcp_service |= ZYD_PLCP_LENGEXT;
2551 	desc->nextlen = 0;
2552 
2553 	if (ieee80211_radiotap_active_vap(vap)) {
2554 		struct zyd_tx_radiotap_header *tap = &sc->sc_txtap;
2555 
2556 		tap->wt_flags = 0;
2557 		tap->wt_rate = rate;
2558 
2559 		ieee80211_radiotap_tx(vap, m0);
2560 	}
2561 
2562 	DPRINTF(sc, ZYD_DEBUG_XMIT,
2563 	    "%s: sending data frame len=%zu rate=%u\n",
2564 	    device_get_nameunit(sc->sc_dev), (size_t)m0->m_pkthdr.len,
2565 		rate);
2566 
2567 	STAILQ_INSERT_TAIL(&sc->tx_q, data, next);
2568 	usbd_transfer_start(sc->sc_xfer[ZYD_BULK_WR]);
2569 
2570 	return (0);
2571 }
2572 
2573 static void
2574 zyd_start(struct ifnet *ifp)
2575 {
2576 	struct zyd_softc *sc = ifp->if_softc;
2577 	struct ieee80211_node *ni;
2578 	struct mbuf *m;
2579 
2580 	ZYD_LOCK(sc);
2581 	for (;;) {
2582 		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
2583 		if (m == NULL)
2584 			break;
2585 		if (sc->tx_nfree == 0) {
2586 			IFQ_DRV_PREPEND(&ifp->if_snd, m);
2587 			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
2588 			break;
2589 		}
2590 		ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2591 		if (zyd_tx_start(sc, m, ni) != 0) {
2592 			ieee80211_free_node(ni);
2593 			ifp->if_oerrors++;
2594 			break;
2595 		}
2596 	}
2597 	ZYD_UNLOCK(sc);
2598 }
2599 
2600 static int
2601 zyd_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
2602 	const struct ieee80211_bpf_params *params)
2603 {
2604 	struct ieee80211com *ic = ni->ni_ic;
2605 	struct ifnet *ifp = ic->ic_ifp;
2606 	struct zyd_softc *sc = ifp->if_softc;
2607 
2608 	ZYD_LOCK(sc);
2609 	/* prevent management frames from being sent if we're not ready */
2610 	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2611 		ZYD_UNLOCK(sc);
2612 		m_freem(m);
2613 		ieee80211_free_node(ni);
2614 		return (ENETDOWN);
2615 	}
2616 	if (sc->tx_nfree == 0) {
2617 		ifp->if_drv_flags |= IFF_DRV_OACTIVE;
2618 		ZYD_UNLOCK(sc);
2619 		m_freem(m);
2620 		ieee80211_free_node(ni);
2621 		return (ENOBUFS);		/* XXX */
2622 	}
2623 
2624 	/*
2625 	 * Legacy path; interpret frame contents to decide
2626 	 * precisely how to send the frame.
2627 	 * XXX raw path
2628 	 */
2629 	if (zyd_tx_start(sc, m, ni) != 0) {
2630 		ZYD_UNLOCK(sc);
2631 		ifp->if_oerrors++;
2632 		ieee80211_free_node(ni);
2633 		return (EIO);
2634 	}
2635 	ZYD_UNLOCK(sc);
2636 	return (0);
2637 }
2638 
2639 static int
2640 zyd_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
2641 {
2642 	struct zyd_softc *sc = ifp->if_softc;
2643 	struct ieee80211com *ic = ifp->if_l2com;
2644 	struct ifreq *ifr = (struct ifreq *) data;
2645 	int error = 0, startall = 0;
2646 
2647 	switch (cmd) {
2648 	case SIOCSIFFLAGS:
2649 		ZYD_LOCK(sc);
2650 		if (ifp->if_flags & IFF_UP) {
2651 			if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2652 				zyd_init_locked(sc);
2653 				startall = 1;
2654 			} else
2655 				zyd_set_multi(sc);
2656 		} else {
2657 			if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2658 				zyd_stop(sc);
2659 		}
2660 		ZYD_UNLOCK(sc);
2661 		if (startall)
2662 			ieee80211_start_all(ic);
2663 		break;
2664 	case SIOCGIFMEDIA:
2665 		error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
2666 		break;
2667 	case SIOCGIFADDR:
2668 		error = ether_ioctl(ifp, cmd, data);
2669 		break;
2670 	default:
2671 		error = EINVAL;
2672 		break;
2673 	}
2674 	return (error);
2675 }
2676 
2677 static void
2678 zyd_init_locked(struct zyd_softc *sc)
2679 {
2680 	struct ifnet *ifp = sc->sc_ifp;
2681 	struct ieee80211com *ic = ifp->if_l2com;
2682 	struct usb_config_descriptor *cd;
2683 	int error;
2684 	uint32_t val;
2685 
2686 	ZYD_LOCK_ASSERT(sc, MA_OWNED);
2687 
2688 	if (!(sc->sc_flags & ZYD_FLAG_INITONCE)) {
2689 		error = zyd_loadfirmware(sc);
2690 		if (error != 0) {
2691 			device_printf(sc->sc_dev,
2692 			    "could not load firmware (error=%d)\n", error);
2693 			goto fail;
2694 		}
2695 
2696 		/* reset device */
2697 		cd = usbd_get_config_descriptor(sc->sc_udev);
2698 		error = usbd_req_set_config(sc->sc_udev, &sc->sc_mtx,
2699 		    cd->bConfigurationValue);
2700 		if (error)
2701 			device_printf(sc->sc_dev, "reset failed, continuing\n");
2702 
2703 		error = zyd_hw_init(sc);
2704 		if (error) {
2705 			device_printf(sc->sc_dev,
2706 			    "hardware initialization failed\n");
2707 			goto fail;
2708 		}
2709 
2710 		device_printf(sc->sc_dev,
2711 		    "HMAC ZD1211%s, FW %02x.%02x, RF %s S%x, PA%x LED %x "
2712 		    "BE%x NP%x Gain%x F%x\n",
2713 		    (sc->sc_macrev == ZYD_ZD1211) ? "": "B",
2714 		    sc->sc_fwrev >> 8, sc->sc_fwrev & 0xff,
2715 		    zyd_rf_name(sc->sc_rfrev), sc->sc_al2230s, sc->sc_parev,
2716 		    sc->sc_ledtype, sc->sc_bandedge6, sc->sc_newphy,
2717 		    sc->sc_cckgain, sc->sc_fix_cr157);
2718 
2719 		/* read regulatory domain (currently unused) */
2720 		zyd_read32_m(sc, ZYD_EEPROM_SUBID, &val);
2721 		sc->sc_regdomain = val >> 16;
2722 		DPRINTF(sc, ZYD_DEBUG_INIT, "regulatory domain %x\n",
2723 		    sc->sc_regdomain);
2724 
2725 		/* we'll do software WEP decryption for now */
2726 		DPRINTF(sc, ZYD_DEBUG_INIT, "%s: setting encryption type\n",
2727 		    __func__);
2728 		zyd_write32_m(sc, ZYD_MAC_ENCRYPTION_TYPE, ZYD_ENC_SNIFFER);
2729 
2730 		sc->sc_flags |= ZYD_FLAG_INITONCE;
2731 	}
2732 
2733 	if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2734 		zyd_stop(sc);
2735 
2736 	DPRINTF(sc, ZYD_DEBUG_INIT, "setting MAC address to %6D\n",
2737 	    IF_LLADDR(ifp), ":");
2738 	error = zyd_set_macaddr(sc, IF_LLADDR(ifp));
2739 	if (error != 0)
2740 		return;
2741 
2742 	/* set basic rates */
2743 	if (ic->ic_curmode == IEEE80211_MODE_11B)
2744 		zyd_write32_m(sc, ZYD_MAC_BAS_RATE, 0x0003);
2745 	else if (ic->ic_curmode == IEEE80211_MODE_11A)
2746 		zyd_write32_m(sc, ZYD_MAC_BAS_RATE, 0x1500);
2747 	else	/* assumes 802.11b/g */
2748 		zyd_write32_m(sc, ZYD_MAC_BAS_RATE, 0xff0f);
2749 
2750 	/* promiscuous mode */
2751 	zyd_write32_m(sc, ZYD_MAC_SNIFFER, 0);
2752 	/* multicast setup */
2753 	zyd_set_multi(sc);
2754 	/* set RX filter  */
2755 	error = zyd_set_rxfilter(sc);
2756 	if (error != 0)
2757 		goto fail;
2758 
2759 	/* switch radio transmitter ON */
2760 	error = zyd_switch_radio(sc, 1);
2761 	if (error != 0)
2762 		goto fail;
2763 	/* set default BSS channel */
2764 	zyd_set_chan(sc, ic->ic_curchan);
2765 
2766 	/*
2767 	 * Allocate Tx and Rx xfer queues.
2768 	 */
2769 	zyd_setup_tx_list(sc);
2770 
2771 	/* enable interrupts */
2772 	zyd_write32_m(sc, ZYD_CR_INTERRUPT, ZYD_HWINT_MASK);
2773 
2774 	ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2775 	ifp->if_drv_flags |= IFF_DRV_RUNNING;
2776 	usbd_xfer_set_stall(sc->sc_xfer[ZYD_BULK_WR]);
2777 	usbd_transfer_start(sc->sc_xfer[ZYD_BULK_RD]);
2778 	usbd_transfer_start(sc->sc_xfer[ZYD_INTR_RD]);
2779 
2780 	return;
2781 
2782 fail:	zyd_stop(sc);
2783 	return;
2784 }
2785 
2786 static void
2787 zyd_init(void *priv)
2788 {
2789 	struct zyd_softc *sc = priv;
2790 	struct ifnet *ifp = sc->sc_ifp;
2791 	struct ieee80211com *ic = ifp->if_l2com;
2792 
2793 	ZYD_LOCK(sc);
2794 	zyd_init_locked(sc);
2795 	ZYD_UNLOCK(sc);
2796 
2797 	if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2798 		ieee80211_start_all(ic);		/* start all vap's */
2799 }
2800 
2801 static void
2802 zyd_stop(struct zyd_softc *sc)
2803 {
2804 	struct ifnet *ifp = sc->sc_ifp;
2805 	int error;
2806 
2807 	ZYD_LOCK_ASSERT(sc, MA_OWNED);
2808 
2809 	ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
2810 
2811 	/*
2812 	 * Drain all the transfers, if not already drained:
2813 	 */
2814 	ZYD_UNLOCK(sc);
2815 	usbd_transfer_drain(sc->sc_xfer[ZYD_BULK_WR]);
2816 	usbd_transfer_drain(sc->sc_xfer[ZYD_BULK_RD]);
2817 	ZYD_LOCK(sc);
2818 
2819 	zyd_unsetup_tx_list(sc);
2820 
2821 	/* Stop now if the device was never set up */
2822 	if (!(sc->sc_flags & ZYD_FLAG_INITONCE))
2823 		return;
2824 
2825 	/* switch radio transmitter OFF */
2826 	error = zyd_switch_radio(sc, 0);
2827 	if (error != 0)
2828 		goto fail;
2829 	/* disable Rx */
2830 	zyd_write32_m(sc, ZYD_MAC_RXFILTER, 0);
2831 	/* disable interrupts */
2832 	zyd_write32_m(sc, ZYD_CR_INTERRUPT, 0);
2833 
2834 fail:
2835 	return;
2836 }
2837 
2838 static int
2839 zyd_loadfirmware(struct zyd_softc *sc)
2840 {
2841 	struct usb_device_request req;
2842 	size_t size;
2843 	u_char *fw;
2844 	uint8_t stat;
2845 	uint16_t addr;
2846 
2847 	if (sc->sc_flags & ZYD_FLAG_FWLOADED)
2848 		return (0);
2849 
2850 	if (sc->sc_macrev == ZYD_ZD1211) {
2851 		fw = (u_char *)zd1211_firmware;
2852 		size = sizeof(zd1211_firmware);
2853 	} else {
2854 		fw = (u_char *)zd1211b_firmware;
2855 		size = sizeof(zd1211b_firmware);
2856 	}
2857 
2858 	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
2859 	req.bRequest = ZYD_DOWNLOADREQ;
2860 	USETW(req.wIndex, 0);
2861 
2862 	addr = ZYD_FIRMWARE_START_ADDR;
2863 	while (size > 0) {
2864 		/*
2865 		 * When the transfer size is 4096 bytes, it is not
2866 		 * likely to be able to transfer it.
2867 		 * The cause is port or machine or chip?
2868 		 */
2869 		const int mlen = min(size, 64);
2870 
2871 		DPRINTF(sc, ZYD_DEBUG_FW,
2872 		    "loading firmware block: len=%d, addr=0x%x\n", mlen, addr);
2873 
2874 		USETW(req.wValue, addr);
2875 		USETW(req.wLength, mlen);
2876 		if (zyd_do_request(sc, &req, fw) != 0)
2877 			return (EIO);
2878 
2879 		addr += mlen / 2;
2880 		fw   += mlen;
2881 		size -= mlen;
2882 	}
2883 
2884 	/* check whether the upload succeeded */
2885 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
2886 	req.bRequest = ZYD_DOWNLOADSTS;
2887 	USETW(req.wValue, 0);
2888 	USETW(req.wIndex, 0);
2889 	USETW(req.wLength, sizeof(stat));
2890 	if (zyd_do_request(sc, &req, &stat) != 0)
2891 		return (EIO);
2892 
2893 	sc->sc_flags |= ZYD_FLAG_FWLOADED;
2894 
2895 	return (stat & 0x80) ? (EIO) : (0);
2896 }
2897 
2898 static void
2899 zyd_scan_start(struct ieee80211com *ic)
2900 {
2901 	struct ifnet *ifp = ic->ic_ifp;
2902 	struct zyd_softc *sc = ifp->if_softc;
2903 
2904 	ZYD_LOCK(sc);
2905 	/* want broadcast address while scanning */
2906 	zyd_set_bssid(sc, ifp->if_broadcastaddr);
2907 	ZYD_UNLOCK(sc);
2908 }
2909 
2910 static void
2911 zyd_scan_end(struct ieee80211com *ic)
2912 {
2913 	struct zyd_softc *sc = ic->ic_ifp->if_softc;
2914 
2915 	ZYD_LOCK(sc);
2916 	/* restore previous bssid */
2917 	zyd_set_bssid(sc, sc->sc_bssid);
2918 	ZYD_UNLOCK(sc);
2919 }
2920 
2921 static void
2922 zyd_set_channel(struct ieee80211com *ic)
2923 {
2924 	struct zyd_softc *sc = ic->ic_ifp->if_softc;
2925 
2926 	ZYD_LOCK(sc);
2927 	zyd_set_chan(sc, ic->ic_curchan);
2928 	ZYD_UNLOCK(sc);
2929 }
2930 
2931 static device_method_t zyd_methods[] = {
2932         /* Device interface */
2933         DEVMETHOD(device_probe, zyd_match),
2934         DEVMETHOD(device_attach, zyd_attach),
2935         DEVMETHOD(device_detach, zyd_detach),
2936 
2937 	{ 0, 0 }
2938 };
2939 
2940 static driver_t zyd_driver = {
2941         "zyd",
2942         zyd_methods,
2943         sizeof(struct zyd_softc)
2944 };
2945 
2946 static devclass_t zyd_devclass;
2947 
2948 DRIVER_MODULE(zyd, uhub, zyd_driver, zyd_devclass, NULL, 0);
2949 MODULE_DEPEND(zyd, usb, 1, 1, 1);
2950 MODULE_DEPEND(zyd, wlan, 1, 1, 1);
2951