xref: /illumos-gate/usr/src/uts/common/io/ural/ural.c (revision 94fff7907278e4540aa7abee2b1b0ea71d36f7fa)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2005, 2006
8  *	Damien Bergamini <damien.bergamini@free.fr>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2500USB chipset driver
25  * http://www.ralinktech.com/
26  */
27 
28 #include <sys/types.h>
29 #include <sys/byteorder.h>
30 #include <sys/conf.h>
31 #include <sys/cmn_err.h>
32 #include <sys/stat.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/strsubr.h>
36 #include <sys/ethernet.h>
37 #include <inet/common.h>
38 #include <inet/nd.h>
39 #include <inet/mi.h>
40 #include <sys/note.h>
41 #include <sys/stream.h>
42 #include <sys/strsun.h>
43 #include <sys/modctl.h>
44 #include <sys/devops.h>
45 #include <sys/dlpi.h>
46 #include <sys/mac.h>
47 #include <sys/mac_wifi.h>
48 #include <sys/net80211.h>
49 #include <sys/net80211_proto.h>
50 #include <sys/varargs.h>
51 #include <sys/policy.h>
52 #include <sys/pci.h>
53 #include <sys/crypto/common.h>
54 #include <sys/crypto/api.h>
55 #include <inet/wifi_ioctl.h>
56 
57 #define	USBDRV_MAJOR_VER	2
58 #define	USBDRV_MINOR_VER	0
59 #include <sys/usb/usba.h>
60 
61 #include "ural_reg.h"
62 #include "ural_var.h"
63 
64 static void *ural_soft_state_p = NULL;
65 
66 #define	RAL_TXBUF_SIZE  	(IEEE80211_MAX_LEN)
67 #define	RAL_RXBUF_SIZE  	(IEEE80211_MAX_LEN)
68 
69 /* quickly determine if a given rate is CCK or OFDM */
70 #define	RAL_RATE_IS_OFDM(rate)	((rate) >= 12 && (rate) != 22)
71 #define	RAL_ACK_SIZE		14	/* 10 + 4(FCS) */
72 #define	RAL_CTS_SIZE		14	/* 10 + 4(FCS) */
73 #define	RAL_SIFS		10	/* us */
74 #define	RAL_RXTX_TURNAROUND	5	/* us */
75 
76 #define	URAL_N(a)		(sizeof (a) / sizeof ((a)[0]))
77 
78 /*
79  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
80  */
81 static const struct ieee80211_rateset ural_rateset_11a =
82 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
83 
84 static const struct ieee80211_rateset ural_rateset_11b =
85 	{ 4, { 2, 4, 11, 22 } };
86 
87 static const struct ieee80211_rateset ural_rateset_11g =
88 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
89 
90 /*
91  * Default values for MAC registers; values taken from the reference driver.
92  */
93 static const struct {
94 	uint16_t	reg;
95 	uint16_t	val;
96 } ural_def_mac[] = {
97 	{ RAL_TXRX_CSR5,  0x8c8d },
98 	{ RAL_TXRX_CSR6,  0x8b8a },
99 	{ RAL_TXRX_CSR7,  0x8687 },
100 	{ RAL_TXRX_CSR8,  0x0085 },
101 	{ RAL_MAC_CSR13,  0x1111 },
102 	{ RAL_MAC_CSR14,  0x1e11 },
103 	{ RAL_TXRX_CSR21, 0xe78f },
104 	{ RAL_MAC_CSR9,   0xff1d },
105 	{ RAL_MAC_CSR11,  0x0002 },
106 	{ RAL_MAC_CSR22,  0x0053 },
107 	{ RAL_MAC_CSR15,  0x0000 },
108 	{ RAL_MAC_CSR8,   0x0780 },
109 	{ RAL_TXRX_CSR19, 0x0000 },
110 	{ RAL_TXRX_CSR18, 0x005a },
111 	{ RAL_PHY_CSR2,   0x0000 },
112 	{ RAL_TXRX_CSR0,  0x1ec0 },
113 	{ RAL_PHY_CSR4,   0x000f }
114 };
115 
116 /*
117  * Default values for BBP registers; values taken from the reference driver.
118  */
119 static const struct {
120 	uint8_t	reg;
121 	uint8_t	val;
122 } ural_def_bbp[] = {
123 	{  3, 0x02 },
124 	{  4, 0x19 },
125 	{ 14, 0x1c },
126 	{ 15, 0x30 },
127 	{ 16, 0xac },
128 	{ 17, 0x48 },
129 	{ 18, 0x18 },
130 	{ 19, 0xff },
131 	{ 20, 0x1e },
132 	{ 21, 0x08 },
133 	{ 22, 0x08 },
134 	{ 23, 0x08 },
135 	{ 24, 0x80 },
136 	{ 25, 0x50 },
137 	{ 26, 0x08 },
138 	{ 27, 0x23 },
139 	{ 30, 0x10 },
140 	{ 31, 0x2b },
141 	{ 32, 0xb9 },
142 	{ 34, 0x12 },
143 	{ 35, 0x50 },
144 	{ 39, 0xc4 },
145 	{ 40, 0x02 },
146 	{ 41, 0x60 },
147 	{ 53, 0x10 },
148 	{ 54, 0x18 },
149 	{ 56, 0x08 },
150 	{ 57, 0x10 },
151 	{ 58, 0x08 },
152 	{ 61, 0x60 },
153 	{ 62, 0x10 },
154 	{ 75, 0xff }
155 };
156 
157 /*
158  * Default values for RF register R2 indexed by channel numbers.
159  */
160 static const uint32_t ural_rf2522_r2[] = {
161 	0x307f6, 0x307fb, 0x30800, 0x30805, 0x3080a, 0x3080f, 0x30814,
162 	0x30819, 0x3081e, 0x30823, 0x30828, 0x3082d, 0x30832, 0x3083e
163 };
164 
165 static const uint32_t ural_rf2523_r2[] = {
166 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
167 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
168 };
169 
170 static const uint32_t ural_rf2524_r2[] = {
171 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
172 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
173 };
174 
175 static const uint32_t ural_rf2525_r2[] = {
176 	0x20327, 0x20328, 0x20329, 0x2032a, 0x2032b, 0x2032c, 0x2032d,
177 	0x2032e, 0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20346
178 };
179 
180 static const uint32_t ural_rf2525_hi_r2[] = {
181 	0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20344, 0x20345,
182 	0x20346, 0x20347, 0x20348, 0x20349, 0x2034a, 0x2034b, 0x2034e
183 };
184 
185 static const uint32_t ural_rf2525e_r2[] = {
186 	0x2044d, 0x2044e, 0x2044f, 0x20460, 0x20461, 0x20462, 0x20463,
187 	0x20464, 0x20465, 0x20466, 0x20467, 0x20468, 0x20469, 0x2046b
188 };
189 
190 static const uint32_t ural_rf2526_hi_r2[] = {
191 	0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d, 0x0022d,
192 	0x0022e, 0x0022e, 0x0022f, 0x0022d, 0x00240, 0x00240, 0x00241
193 };
194 
195 static const uint32_t ural_rf2526_r2[] = {
196 	0x00226, 0x00227, 0x00227, 0x00228, 0x00228, 0x00229, 0x00229,
197 	0x0022a, 0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d
198 };
199 
200 /*
201  * For dual-band RF, RF registers R1 and R4 also depend on channel number;
202  * values taken from the reference driver.
203  */
204 static const struct {
205 	uint8_t		chan;
206 	uint32_t	r1;
207 	uint32_t	r2;
208 	uint32_t	r4;
209 } ural_rf5222[] = {
210 	{   1, 0x08808, 0x0044d, 0x00282 },
211 	{   2, 0x08808, 0x0044e, 0x00282 },
212 	{   3, 0x08808, 0x0044f, 0x00282 },
213 	{   4, 0x08808, 0x00460, 0x00282 },
214 	{   5, 0x08808, 0x00461, 0x00282 },
215 	{   6, 0x08808, 0x00462, 0x00282 },
216 	{   7, 0x08808, 0x00463, 0x00282 },
217 	{   8, 0x08808, 0x00464, 0x00282 },
218 	{   9, 0x08808, 0x00465, 0x00282 },
219 	{  10, 0x08808, 0x00466, 0x00282 },
220 	{  11, 0x08808, 0x00467, 0x00282 },
221 	{  12, 0x08808, 0x00468, 0x00282 },
222 	{  13, 0x08808, 0x00469, 0x00282 },
223 	{  14, 0x08808, 0x0046b, 0x00286 },
224 
225 	{  36, 0x08804, 0x06225, 0x00287 },
226 	{  40, 0x08804, 0x06226, 0x00287 },
227 	{  44, 0x08804, 0x06227, 0x00287 },
228 	{  48, 0x08804, 0x06228, 0x00287 },
229 	{  52, 0x08804, 0x06229, 0x00287 },
230 	{  56, 0x08804, 0x0622a, 0x00287 },
231 	{  60, 0x08804, 0x0622b, 0x00287 },
232 	{  64, 0x08804, 0x0622c, 0x00287 },
233 
234 	{ 100, 0x08804, 0x02200, 0x00283 },
235 	{ 104, 0x08804, 0x02201, 0x00283 },
236 	{ 108, 0x08804, 0x02202, 0x00283 },
237 	{ 112, 0x08804, 0x02203, 0x00283 },
238 	{ 116, 0x08804, 0x02204, 0x00283 },
239 	{ 120, 0x08804, 0x02205, 0x00283 },
240 	{ 124, 0x08804, 0x02206, 0x00283 },
241 	{ 128, 0x08804, 0x02207, 0x00283 },
242 	{ 132, 0x08804, 0x02208, 0x00283 },
243 	{ 136, 0x08804, 0x02209, 0x00283 },
244 	{ 140, 0x08804, 0x0220a, 0x00283 },
245 
246 	{ 149, 0x08808, 0x02429, 0x00281 },
247 	{ 153, 0x08808, 0x0242b, 0x00281 },
248 	{ 157, 0x08808, 0x0242d, 0x00281 },
249 	{ 161, 0x08808, 0x0242f, 0x00281 }
250 };
251 
252 /*
253  * device operations
254  */
255 static int ural_attach(dev_info_t *, ddi_attach_cmd_t);
256 static int ural_detach(dev_info_t *, ddi_detach_cmd_t);
257 
258 /*
259  * Module Loading Data & Entry Points
260  */
261 DDI_DEFINE_STREAM_OPS(ural_dev_ops, nulldev, nulldev, ural_attach,
262     ural_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);
263 
264 static struct modldrv ural_modldrv = {
265 	&mod_driverops,		/* Type of module.  This one is a driver */
266 	"ural driver v1.3",	/* short description */
267 	&ural_dev_ops		/* driver specific ops */
268 };
269 
270 static struct modlinkage modlinkage = {
271 	MODREV_1,
272 	(void *)&ural_modldrv,
273 	NULL
274 };
275 
276 static int	ural_m_stat(void *,  uint_t, uint64_t *);
277 static int	ural_m_start(void *);
278 static void	ural_m_stop(void *);
279 static int	ural_m_promisc(void *, boolean_t);
280 static int	ural_m_multicst(void *, boolean_t, const uint8_t *);
281 static int	ural_m_unicst(void *, const uint8_t *);
282 static mblk_t	*ural_m_tx(void *, mblk_t *);
283 static void	ural_m_ioctl(void *, queue_t *, mblk_t *);
284 static int	ural_m_setprop(void *, const char *, mac_prop_id_t,
285     uint_t, const void *);
286 static int	ural_m_getprop(void *, const char *, mac_prop_id_t,
287     uint_t, uint_t, void *, uint_t *);
288 
289 static mac_callbacks_t ural_m_callbacks = {
290 	MC_IOCTL | MC_SETPROP | MC_GETPROP,
291 	ural_m_stat,
292 	ural_m_start,
293 	ural_m_stop,
294 	ural_m_promisc,
295 	ural_m_multicst,
296 	ural_m_unicst,
297 	ural_m_tx,
298 	NULL,		/* mc_resources; */
299 	ural_m_ioctl,
300 	NULL,		/* mc_getcapab */
301 	NULL,
302 	NULL,
303 	ural_m_setprop,
304 	ural_m_getprop
305 };
306 
307 extern const char *usb_str_cr(int);
308 static void ural_amrr_start(struct ural_softc *, struct ieee80211_node *);
309 static int  ural_tx_trigger(struct ural_softc *, mblk_t *);
310 static int  ural_rx_trigger(struct ural_softc *);
311 
312 uint32_t ural_dbg_flags = 0;
313 
314 #ifdef DEBUG
315 void
316 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
317 {
318 	va_list args;
319 
320 	if (dbg_flags & ural_dbg_flags) {
321 		va_start(args, fmt);
322 		vcmn_err(CE_CONT, fmt, args);
323 		va_end(args);
324 	}
325 }
326 #endif
327 
328 static uint16_t
329 ural_read(struct ural_softc *sc, uint16_t reg)
330 {
331 	usb_ctrl_setup_t req;
332 	usb_cr_t cr;
333 	usb_cb_flags_t cf;
334 	mblk_t *mp;
335 	int err;
336 	uint16_t val;
337 
338 	bzero(&req, sizeof (req));
339 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
340 	req.bRequest = RAL_READ_MAC;
341 	req.wValue = 0;
342 	req.wIndex = reg;
343 	req.wLength = sizeof (uint16_t);
344 
345 	mp = NULL;
346 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
347 	    &cr, &cf, 0);
348 
349 	if (err != USB_SUCCESS) {
350 		RAL_DEBUG(RAL_DBG_ERR,
351 		    "ural_read(): could not read MAC register:"
352 		    " cr:%s(%d), cf:(%x)\n",
353 		    usb_str_cr(cr), cr, cf);
354 		return (0);
355 	}
356 
357 	bcopy(mp->b_rptr, &val, sizeof (uint16_t));
358 
359 	if (mp)
360 		freemsg(mp);
361 
362 	return (LE_16(val));
363 }
364 
365 static void
366 ural_read_multi(struct ural_softc *sc, uint16_t reg, void *buf, int len)
367 {
368 	usb_ctrl_setup_t req;
369 	usb_cr_t cr;
370 	usb_cb_flags_t cf;
371 	mblk_t *mp;
372 	int err;
373 
374 	bzero(&req, sizeof (req));
375 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
376 	req.bRequest = RAL_READ_MULTI_MAC;
377 	req.wValue = 0;
378 	req.wIndex = reg;
379 	req.wLength = (uint16_t)len;
380 	req.attrs = USB_ATTRS_AUTOCLEARING;
381 
382 	mp = NULL;
383 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
384 	    &cr, &cf, 0);
385 
386 	if (err != USB_SUCCESS) {
387 		RAL_DEBUG(RAL_DBG_ERR,
388 		    "ural_read_multi(): could not read MAC register:"
389 		    "cr:%s(%d), cf:(%x)\n",
390 		    usb_str_cr(cr), cr, cf);
391 		return;
392 	}
393 
394 	bcopy(mp->b_rptr, buf, len);
395 
396 	if (mp)
397 		freemsg(mp);
398 }
399 
400 static void
401 ural_write(struct ural_softc *sc, uint16_t reg, uint16_t val)
402 {
403 	usb_ctrl_setup_t req;
404 	usb_cr_t cr;
405 	usb_cb_flags_t cf;
406 	int err;
407 
408 	bzero(&req, sizeof (req));
409 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
410 	req.bRequest = RAL_WRITE_MAC;
411 	req.wValue = val;
412 	req.wIndex = reg;
413 	req.wLength = 0;
414 	req.attrs = USB_ATTRS_NONE;
415 
416 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
417 	    &cr, &cf, 0);
418 
419 	if (err != USB_SUCCESS) {
420 		RAL_DEBUG(RAL_DBG_ERR,
421 		    "ural_write(): could not write MAC register:"
422 		    "cr:%s(%d), cf:(%x)\n",
423 		    usb_str_cr(cr), cr, cf);
424 	}
425 }
426 
427 /* ARGSUSED */
428 static void
429 ural_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
430 {
431 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
432 	struct ieee80211com *ic = &sc->sc_ic;
433 
434 	RAL_DEBUG(RAL_DBG_TX,
435 	    "ural_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
436 	    usb_str_cr(req->bulk_completion_reason),
437 	    req->bulk_completion_reason,
438 	    req->bulk_cb_flags,
439 	    sc->tx_queued);
440 
441 	if (req->bulk_completion_reason != USB_CR_OK)
442 		sc->sc_tx_err++;
443 
444 	mutex_enter(&sc->tx_lock);
445 
446 	sc->tx_queued--;
447 	sc->sc_tx_timer = 0;
448 
449 	if (sc->sc_need_sched) {
450 		sc->sc_need_sched = 0;
451 		mac_tx_update(ic->ic_mach);
452 	}
453 
454 	mutex_exit(&sc->tx_lock);
455 	usb_free_bulk_req(req);
456 }
457 
458 /* ARGSUSED */
459 static void
460 ural_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
461 {
462 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
463 	struct ieee80211com *ic = &sc->sc_ic;
464 
465 	struct ural_rx_desc *desc;
466 	struct ieee80211_frame *wh;
467 	struct ieee80211_node *ni;
468 
469 	mblk_t *m, *mp;
470 	int len, pktlen;
471 	char *rxbuf;
472 
473 	mp = req->bulk_data;
474 	req->bulk_data = NULL;
475 
476 	RAL_DEBUG(RAL_DBG_RX,
477 	    "ural_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
478 	    usb_str_cr(req->bulk_completion_reason),
479 	    req->bulk_completion_reason,
480 	    req->bulk_cb_flags,
481 	    sc->rx_queued);
482 
483 	if (req->bulk_completion_reason != USB_CR_OK) {
484 		sc->sc_rx_err++;
485 		goto fail;
486 	}
487 
488 	len = (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
489 	rxbuf = (char *)mp->b_rptr;
490 
491 	if (len < RAL_RX_DESC_SIZE + IEEE80211_MIN_LEN) {
492 		RAL_DEBUG(RAL_DBG_ERR,
493 		    "ural_rxeof(): xfer too short %d\n", len);
494 		sc->sc_rx_err++;
495 		goto fail;
496 	}
497 
498 	/* rx descriptor is located at the end */
499 	desc = (struct ural_rx_desc *)(rxbuf + len - RAL_RX_DESC_SIZE);
500 
501 	if ((LE_32(desc->flags) & RAL_RX_PHY_ERROR) ||
502 	    (LE_32(desc->flags) & RAL_RX_CRC_ERROR)) {
503 		/*
504 		 * This should not happen since we did not request to receive
505 		 * those frames when we filled RAL_TXRX_CSR2.
506 		 */
507 		RAL_DEBUG(RAL_DBG_ERR, "PHY or CRC error\n");
508 		sc->sc_rx_err++;
509 		goto fail;
510 	}
511 
512 	pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
513 
514 	if (pktlen > (len - RAL_RX_DESC_SIZE)) {
515 		RAL_DEBUG(RAL_DBG_ERR,
516 		    "ural_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
517 		goto fail;
518 	}
519 
520 	/* Strip trailing 802.11 MAC FCS. */
521 	pktlen -= IEEE80211_CRC_LEN;
522 
523 	if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
524 		RAL_DEBUG(RAL_DBG_ERR,
525 		    "ural_rxeof(): allocate mblk failed.\n");
526 		sc->sc_rx_nobuf++;
527 		goto fail;
528 	}
529 
530 	bcopy(rxbuf, m->b_rptr, pktlen);
531 	m->b_wptr += pktlen;
532 
533 	wh = (struct ieee80211_frame *)m->b_rptr;
534 	ni = ieee80211_find_rxnode(ic, wh);
535 
536 	/* send the frame to the 802.11 layer */
537 	(void) ieee80211_input(ic, m, ni, desc->rssi, 0);
538 
539 	/* node is no longer needed */
540 	ieee80211_free_node(ni);
541 fail:
542 	mutex_enter(&sc->rx_lock);
543 	sc->rx_queued--;
544 	mutex_exit(&sc->rx_lock);
545 
546 	freemsg(mp);
547 	usb_free_bulk_req(req);
548 
549 	if (RAL_IS_RUNNING(sc))
550 		(void) ural_rx_trigger(sc);
551 }
552 
553 /*
554  * Return the expected ack rate for a frame transmitted at rate `rate'.
555  * this should depend on the destination node basic rate set.
556  */
557 static int
558 ural_ack_rate(struct ieee80211com *ic, int rate)
559 {
560 	switch (rate) {
561 	/* CCK rates */
562 	case 2:
563 		return (2);
564 	case 4:
565 	case 11:
566 	case 22:
567 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
568 
569 	/* OFDM rates */
570 	case 12:
571 	case 18:
572 		return (12);
573 	case 24:
574 	case 36:
575 		return (24);
576 	case 48:
577 	case 72:
578 	case 96:
579 	case 108:
580 		return (48);
581 	}
582 
583 	/* default to 1Mbps */
584 	return (2);
585 }
586 
587 /*
588  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
589  * The function automatically determines the operating mode depending on the
590  * given rate. `flags' indicates whether short preamble is in use or not.
591  */
592 static uint16_t
593 ural_txtime(int len, int rate, uint32_t flags)
594 {
595 	uint16_t txtime;
596 
597 	if (RAL_RATE_IS_OFDM(rate)) {
598 		/* IEEE Std 802.11a-1999, pp. 37 */
599 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
600 		txtime = 16 + 4 + 4 * txtime + 6;
601 	} else {
602 		/* IEEE Std 802.11b-1999, pp. 28 */
603 		txtime = (16 * len + rate - 1) / rate;
604 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
605 			txtime +=  72 + 24;
606 		else
607 			txtime += 144 + 48;
608 	}
609 	return (txtime);
610 }
611 
612 static uint8_t
613 ural_plcp_signal(int rate)
614 {
615 	switch (rate) {
616 	/* CCK rates (returned values are device-dependent) */
617 	case 2:		return (0x0);
618 	case 4:		return (0x1);
619 	case 11:	return (0x2);
620 	case 22:	return (0x3);
621 
622 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
623 	case 12:	return (0xb);
624 	case 18:	return (0xf);
625 	case 24:	return (0xa);
626 	case 36:	return (0xe);
627 	case 48:	return (0x9);
628 	case 72:	return (0xd);
629 	case 96:	return (0x8);
630 	case 108:	return (0xc);
631 
632 	/* unsupported rates (should not get there) */
633 	default:	return (0xff);
634 	}
635 }
636 
637 static void
638 ural_setup_tx_desc(struct ural_softc *sc, struct ural_tx_desc *desc,
639     uint32_t flags, int len, int rate)
640 {
641 	struct ieee80211com *ic = &sc->sc_ic;
642 	uint16_t plcp_length;
643 	int remainder;
644 
645 	desc->flags = LE_32(flags);
646 	desc->flags |= LE_32(RAL_TX_NEWSEQ);
647 	desc->flags |= LE_32(len << 16);
648 
649 	desc->wme = LE_16(RAL_AIFSN(2) | RAL_LOGCWMIN(3) | RAL_LOGCWMAX(5));
650 	desc->wme |= LE_16(RAL_IVOFFSET(sizeof (struct ieee80211_frame)));
651 
652 	/* setup PLCP fields */
653 	desc->plcp_signal  = ural_plcp_signal(rate);
654 	desc->plcp_service = 4;
655 
656 	len += IEEE80211_CRC_LEN;
657 	if (RAL_RATE_IS_OFDM(rate)) {
658 		desc->flags |= LE_32(RAL_TX_OFDM);
659 
660 		plcp_length = len & 0xfff;
661 		desc->plcp_length_hi = plcp_length >> 6;
662 		desc->plcp_length_lo = plcp_length & 0x3f;
663 	} else {
664 		plcp_length = (16 * len + rate - 1) / rate;
665 		if (rate == 22) {
666 			remainder = (16 * len) % 22;
667 			if (remainder != 0 && remainder < 7)
668 				desc->plcp_service |= RAL_PLCP_LENGEXT;
669 		}
670 		desc->plcp_length_hi = plcp_length >> 8;
671 		desc->plcp_length_lo = plcp_length & 0xff;
672 
673 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
674 			desc->plcp_signal |= 0x08;
675 	}
676 
677 	desc->iv = 0;
678 	desc->eiv = 0;
679 }
680 
681 #define	RAL_TX_TIMEOUT		5
682 
683 static int
684 ural_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
685 {
686 	struct ural_softc *sc = (struct ural_softc *)ic;
687 	struct ural_tx_desc *desc;
688 
689 	struct ieee80211_frame *wh;
690 	struct ieee80211_key *k;
691 
692 	uint16_t dur;
693 	uint32_t flags = 0;
694 	int rate, err = DDI_SUCCESS;
695 
696 	struct ieee80211_node *ni = NULL;
697 	mblk_t *m, *m0;
698 	int off, mblen, pktlen, xferlen;
699 
700 	mutex_enter(&sc->tx_lock);
701 
702 	if (sc->tx_queued > RAL_TX_LIST_COUNT) {
703 		RAL_DEBUG(RAL_DBG_TX, "ural_send(): "
704 		    "no TX buffer available!\n");
705 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
706 		    IEEE80211_FC0_TYPE_DATA) {
707 			sc->sc_need_sched = 1;
708 		}
709 		sc->sc_tx_nobuf++;
710 		err = ENOMEM;
711 		goto fail;
712 	}
713 
714 	m = allocb(RAL_TXBUF_SIZE + RAL_TX_DESC_SIZE, BPRI_MED);
715 	if (m == NULL) {
716 		RAL_DEBUG(RAL_DBG_ERR, "ural_send(): can't alloc mblk.\n");
717 		err = DDI_FAILURE;
718 		goto fail;
719 	}
720 
721 	m->b_rptr += RAL_TX_DESC_SIZE;	/* skip TX descriptor */
722 	m->b_wptr += RAL_TX_DESC_SIZE;
723 
724 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
725 		mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
726 		(void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
727 		off += mblen;
728 	}
729 	m->b_wptr += off;
730 
731 	wh = (struct ieee80211_frame *)m->b_rptr;
732 
733 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
734 	if (ni == NULL) {
735 		err = DDI_FAILURE;
736 		sc->sc_tx_err++;
737 		freemsg(m);
738 		goto fail;
739 	}
740 
741 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
742 	    IEEE80211_FC0_TYPE_DATA) {
743 		(void) ieee80211_encap(ic, m, ni);
744 	}
745 
746 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
747 		k = ieee80211_crypto_encap(ic, m);
748 		if (k == NULL) {
749 			sc->sc_tx_err++;
750 			freemsg(m);
751 			err = DDI_FAILURE;
752 			goto fail;
753 		}
754 		/* packet header may have moved, reset our local pointer */
755 		wh = (struct ieee80211_frame *)m->b_rptr;
756 	}
757 
758 	m->b_rptr -= RAL_TX_DESC_SIZE;	/* restore */
759 	desc = (struct ural_tx_desc *)m->b_rptr;
760 
761 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
762 	    IEEE80211_FC0_TYPE_DATA) {	/* DATA */
763 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
764 			rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
765 		else
766 			rate = ni->in_rates.ir_rates[ni->in_txrate];
767 
768 		rate &= IEEE80211_RATE_VAL;
769 		if (rate <= 0) {
770 			rate = 2;	/* basic rate */
771 		}
772 
773 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
774 			flags |= RAL_TX_ACK;
775 			flags |= RAL_TX_RETRY(7);
776 
777 			dur = ural_txtime(RAL_ACK_SIZE, ural_ack_rate(ic, rate),
778 			    ic->ic_flags) + RAL_SIFS;
779 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
780 		}
781 	} else {	/* MGMT */
782 		rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
783 
784 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
785 			flags |= RAL_TX_ACK;
786 
787 			dur = ural_txtime(RAL_ACK_SIZE, rate, ic->ic_flags)
788 			    + RAL_SIFS;
789 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
790 
791 			/* tell hardware to add timestamp for probe responses */
792 			if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
793 			    IEEE80211_FC0_TYPE_MGT &&
794 			    (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
795 			    IEEE80211_FC0_SUBTYPE_PROBE_RESP)
796 				flags |= RAL_TX_TIMESTAMP;
797 		}
798 	}
799 
800 	pktlen = (uintptr_t)m->b_wptr - (uintptr_t)m->b_rptr - RAL_TX_DESC_SIZE;
801 	ural_setup_tx_desc(sc, desc, flags, pktlen, rate);
802 
803 	/* align end on a 2-bytes boundary */
804 	xferlen = (RAL_TX_DESC_SIZE + pktlen + 1) & ~1;
805 
806 	/*
807 	 * No space left in the last URB to store the extra 2 bytes, force
808 	 * sending of another URB.
809 	 */
810 	if ((xferlen % 64) == 0)
811 		xferlen += 2;
812 
813 	m->b_wptr = m->b_rptr + xferlen;
814 
815 	RAL_DEBUG(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
816 	    pktlen, rate, xferlen);
817 
818 	(void) ural_tx_trigger(sc, m);
819 
820 	ic->ic_stats.is_tx_frags++;
821 	ic->ic_stats.is_tx_bytes += pktlen;
822 
823 fail:
824 	if (ni != NULL)
825 		ieee80211_free_node(ni);
826 
827 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
828 	    err == 0) {
829 		freemsg(mp);
830 	}
831 
832 	mutex_exit(&sc->tx_lock);
833 
834 	return (err);
835 }
836 
837 static mblk_t *
838 ural_m_tx(void *arg, mblk_t *mp)
839 {
840 	struct ural_softc *sc = (struct ural_softc *)arg;
841 	struct ieee80211com *ic = &sc->sc_ic;
842 	mblk_t *next;
843 
844 	/*
845 	 * No data frames go out unless we're associated; this
846 	 * should not happen as the 802.11 layer does not enable
847 	 * the xmit queue until we enter the RUN state.
848 	 */
849 	if (ic->ic_state != IEEE80211_S_RUN) {
850 		RAL_DEBUG(RAL_DBG_ERR, "ural_m_tx(): "
851 		    "discard, state %u\n", ic->ic_state);
852 		freemsgchain(mp);
853 		return (NULL);
854 	}
855 
856 	while (mp != NULL) {
857 		next = mp->b_next;
858 		mp->b_next = NULL;
859 		if (ural_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
860 			mp->b_next = next;
861 			freemsgchain(mp);
862 			return (NULL);
863 		}
864 		mp = next;
865 	}
866 	return (mp);
867 }
868 
869 static void
870 ural_set_testmode(struct ural_softc *sc)
871 {
872 	usb_ctrl_setup_t req;
873 	usb_cr_t cr;
874 	usb_cb_flags_t cf;
875 	int err;
876 
877 	bzero(&req, sizeof (req));
878 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
879 	req.bRequest = RAL_VENDOR_REQUEST;
880 	req.wValue = 4;
881 	req.wIndex = 1;
882 	req.wLength = 0;
883 	req.attrs = USB_ATTRS_NONE;
884 
885 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
886 	    &cr, &cf, 0);
887 
888 	if (err != USB_SUCCESS) {
889 		RAL_DEBUG(RAL_DBG_USB,
890 		    "ural_set_testmode(): could not set test mode:"
891 		    "cr:%s(%d), cf:%(x)\n",
892 		    usb_str_cr(cr), cr, cf);
893 	}
894 }
895 
896 static void
897 ural_eeprom_read(struct ural_softc *sc, uint16_t addr, void *buf, int len)
898 {
899 	usb_ctrl_setup_t req;
900 	usb_cr_t cr;
901 	usb_cb_flags_t cf;
902 	mblk_t *mp;
903 	int err;
904 
905 	bzero(&req, sizeof (req));
906 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
907 	req.bRequest = RAL_READ_EEPROM;
908 	req.wValue = 0;
909 	req.wIndex = addr;
910 	req.wLength = (uint16_t)len;
911 
912 	mp = NULL;
913 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
914 	    &cr, &cf, 0);
915 
916 	if (err != USB_SUCCESS) {
917 		RAL_DEBUG(RAL_DBG_USB,
918 		    "ural_eeprom_read(): could not read EEPROM:"
919 		    "cr:%s(%d), cf:(%x)\n",
920 		    usb_str_cr(cr), cr, cf);
921 		return;
922 	}
923 
924 	bcopy(mp->b_rptr, buf, len);
925 
926 	if (mp)
927 		freemsg(mp);
928 }
929 
930 static void
931 ural_bbp_write(struct ural_softc *sc, uint8_t reg, uint8_t val)
932 {
933 	uint16_t tmp;
934 	int ntries;
935 
936 	for (ntries = 0; ntries < 5; ntries++) {
937 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
938 			break;
939 	}
940 	if (ntries == 5) {
941 		RAL_DEBUG(RAL_DBG_ERR,
942 		    "ural_bbp_write(): could not write to BBP\n");
943 		return;
944 	}
945 
946 	tmp = reg << 8 | val;
947 	ural_write(sc, RAL_PHY_CSR7, tmp);
948 }
949 
950 static uint8_t
951 ural_bbp_read(struct ural_softc *sc, uint8_t reg)
952 {
953 	uint16_t val;
954 	int ntries;
955 
956 	val = RAL_BBP_WRITE | reg << 8;
957 	ural_write(sc, RAL_PHY_CSR7, val);
958 
959 	for (ntries = 0; ntries < 5; ntries++) {
960 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
961 			break;
962 	}
963 	if (ntries == 5) {
964 		RAL_DEBUG(RAL_DBG_ERR, "ural_bbp_read(): could not read BBP\n");
965 		return (0);
966 	}
967 
968 	return (ural_read(sc, RAL_PHY_CSR7) & 0xff);
969 }
970 
971 static void
972 ural_rf_write(struct ural_softc *sc, uint8_t reg, uint32_t val)
973 {
974 	uint32_t tmp;
975 	int ntries;
976 
977 	for (ntries = 0; ntries < 5; ntries++) {
978 		if (!(ural_read(sc, RAL_PHY_CSR10) & RAL_RF_LOBUSY))
979 			break;
980 	}
981 	if (ntries == 5) {
982 		RAL_DEBUG(RAL_DBG_ERR,
983 		    "ural_rf_write(): could not write to RF\n");
984 		return;
985 	}
986 
987 	tmp = RAL_RF_BUSY | RAL_RF_20BIT | (val & 0xffff) << 2 | (reg & 0x3);
988 	ural_write(sc, RAL_PHY_CSR9,  tmp & 0xffff);
989 	ural_write(sc, RAL_PHY_CSR10, tmp >> 16);
990 
991 	/* remember last written value in sc */
992 	sc->rf_regs[reg] = val;
993 
994 	RAL_DEBUG(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 0x3, val & 0xfffff);
995 }
996 
997 /*
998  * Disable RF auto-tuning.
999  */
1000 static void
1001 ural_disable_rf_tune(struct ural_softc *sc)
1002 {
1003 	uint32_t tmp;
1004 
1005 	if (sc->rf_rev != RAL_RF_2523) {
1006 		tmp = sc->rf_regs[RAL_RF1] & ~RAL_RF1_AUTOTUNE;
1007 		ural_rf_write(sc, RAL_RF1, tmp);
1008 	}
1009 
1010 	tmp = sc->rf_regs[RAL_RF3] & ~RAL_RF3_AUTOTUNE;
1011 	ural_rf_write(sc, RAL_RF3, tmp);
1012 
1013 	RAL_DEBUG(RAL_DBG_HW, "disabling RF autotune\n");
1014 }
1015 
1016 
1017 static void
1018 ural_set_chan(struct ural_softc *sc, struct ieee80211_channel *c)
1019 {
1020 	struct ieee80211com *ic = &sc->sc_ic;
1021 	uint8_t power, tmp;
1022 	uint_t i, chan;
1023 
1024 	chan = ieee80211_chan2ieee(ic, c);
1025 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1026 		return;
1027 
1028 	if (IEEE80211_IS_CHAN_2GHZ(c))
1029 		power = min(sc->txpow[chan - 1], 31);
1030 	else
1031 		power = 31;
1032 
1033 	/* adjust txpower using ifconfig settings */
1034 	power -= (100 - ic->ic_txpowlimit) / 8;
1035 
1036 	RAL_DEBUG(RAL_DBG_HW, "setting channel to %u, txpower to %u\n",
1037 	    chan, power);
1038 
1039 	switch (sc->rf_rev) {
1040 	case RAL_RF_2522:
1041 		ural_rf_write(sc, RAL_RF1, 0x00814);
1042 		ural_rf_write(sc, RAL_RF2, ural_rf2522_r2[chan - 1]);
1043 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1044 		break;
1045 
1046 	case RAL_RF_2523:
1047 		ural_rf_write(sc, RAL_RF1, 0x08804);
1048 		ural_rf_write(sc, RAL_RF2, ural_rf2523_r2[chan - 1]);
1049 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x38044);
1050 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1051 		break;
1052 
1053 	case RAL_RF_2524:
1054 		ural_rf_write(sc, RAL_RF1, 0x0c808);
1055 		ural_rf_write(sc, RAL_RF2, ural_rf2524_r2[chan - 1]);
1056 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1057 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1058 		break;
1059 
1060 	case RAL_RF_2525:
1061 		ural_rf_write(sc, RAL_RF1, 0x08808);
1062 		ural_rf_write(sc, RAL_RF2, ural_rf2525_hi_r2[chan - 1]);
1063 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1064 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1065 
1066 		ural_rf_write(sc, RAL_RF1, 0x08808);
1067 		ural_rf_write(sc, RAL_RF2, ural_rf2525_r2[chan - 1]);
1068 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1069 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1070 		break;
1071 
1072 	case RAL_RF_2525E:
1073 		ural_rf_write(sc, RAL_RF1, 0x08808);
1074 		ural_rf_write(sc, RAL_RF2, ural_rf2525e_r2[chan - 1]);
1075 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1076 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00286 : 0x00282);
1077 		break;
1078 
1079 	case RAL_RF_2526:
1080 		ural_rf_write(sc, RAL_RF2, ural_rf2526_hi_r2[chan - 1]);
1081 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1082 		ural_rf_write(sc, RAL_RF1, 0x08804);
1083 
1084 		ural_rf_write(sc, RAL_RF2, ural_rf2526_r2[chan - 1]);
1085 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1086 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1087 		break;
1088 
1089 	/* dual-band RF */
1090 	case RAL_RF_5222:
1091 		for (i = 0; ural_rf5222[i].chan != chan; i++) {
1092 			if (i > URAL_N(ural_rf5222)) break;
1093 		}
1094 
1095 		ural_rf_write(sc, RAL_RF1, ural_rf5222[i].r1);
1096 		ural_rf_write(sc, RAL_RF2, ural_rf5222[i].r2);
1097 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1098 		ural_rf_write(sc, RAL_RF4, ural_rf5222[i].r4);
1099 		break;
1100 	}
1101 
1102 	if (ic->ic_opmode != IEEE80211_M_MONITOR &&
1103 	    ic->ic_state != IEEE80211_S_SCAN) {
1104 		/* set Japan filter bit for channel 14 */
1105 		tmp = ural_bbp_read(sc, 70);
1106 
1107 		tmp &= ~RAL_JAPAN_FILTER;
1108 		if (chan == 14)
1109 			tmp |= RAL_JAPAN_FILTER;
1110 
1111 		ural_bbp_write(sc, 70, tmp);
1112 
1113 		/* clear CRC errs */
1114 		(void) ural_read(sc, RAL_STA_CSR0);
1115 
1116 		drv_usecwait(10000);
1117 		ural_disable_rf_tune(sc);
1118 	}
1119 }
1120 
1121 /*
1122  * Refer to IEEE Std 802.11-1999 pp. 123 for more information on TSF
1123  * synchronization.
1124  */
1125 static void
1126 ural_enable_tsf_sync(struct ural_softc *sc)
1127 {
1128 	struct ieee80211com *ic = &sc->sc_ic;
1129 	uint16_t logcwmin, preload, tmp;
1130 
1131 	/* first, disable TSF synchronization */
1132 	ural_write(sc, RAL_TXRX_CSR19, 0);
1133 
1134 	tmp = (16 * ic->ic_bss->in_intval) << 4;
1135 	ural_write(sc, RAL_TXRX_CSR18, tmp);
1136 
1137 	logcwmin = (ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 0;
1138 	preload = (ic->ic_opmode == IEEE80211_M_IBSS) ? 320 : 6;
1139 	tmp = logcwmin << 12 | preload;
1140 	ural_write(sc, RAL_TXRX_CSR20, tmp);
1141 
1142 	/* finally, enable TSF synchronization */
1143 	tmp = RAL_ENABLE_TSF | RAL_ENABLE_TBCN;
1144 	if (ic->ic_opmode == IEEE80211_M_STA)
1145 		tmp |= RAL_ENABLE_TSF_SYNC(1);
1146 	else
1147 		tmp |= RAL_ENABLE_TSF_SYNC(2) | RAL_ENABLE_BEACON_GENERATOR;
1148 	ural_write(sc, RAL_TXRX_CSR19, tmp);
1149 
1150 	RAL_DEBUG(RAL_DBG_HW, "enabling TSF synchronization\n");
1151 }
1152 
1153 /*
1154  * This function can be called by ieee80211_set_shortslottime(). Refer to
1155  * IEEE Std 802.11-1999 pp. 85 to know how these values are computed.
1156  */
1157 /* ARGSUSED */
1158 static void
1159 ural_update_slot(struct ieee80211com *ic, int onoff)
1160 {
1161 	struct ural_softc *sc = (struct ural_softc *)ic;
1162 	uint16_t slottime, sifs, eifs;
1163 
1164 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1165 	/* slottime = (onoff ? 9 : 20); */
1166 
1167 	/*
1168 	 * These settings may sound a bit inconsistent but this is what the
1169 	 * reference driver does.
1170 	 */
1171 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1172 		sifs = 16 - RAL_RXTX_TURNAROUND;
1173 		eifs = 364;
1174 	} else {
1175 		sifs = 10 - RAL_RXTX_TURNAROUND;
1176 		eifs = 64;
1177 	}
1178 
1179 	ural_write(sc, RAL_MAC_CSR10, slottime);
1180 	ural_write(sc, RAL_MAC_CSR11, sifs);
1181 	ural_write(sc, RAL_MAC_CSR12, eifs);
1182 }
1183 
1184 static void
1185 ural_set_txpreamble(struct ural_softc *sc)
1186 {
1187 	uint16_t tmp;
1188 
1189 	tmp = ural_read(sc, RAL_TXRX_CSR10);
1190 
1191 	tmp &= ~RAL_SHORT_PREAMBLE;
1192 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1193 		tmp |= RAL_SHORT_PREAMBLE;
1194 
1195 	ural_write(sc, RAL_TXRX_CSR10, tmp);
1196 }
1197 
1198 static void
1199 ural_set_basicrates(struct ural_softc *sc)
1200 {
1201 	struct ieee80211com *ic = &sc->sc_ic;
1202 
1203 	/* update basic rate set */
1204 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1205 		/* 11b basic rates: 1, 2Mbps */
1206 		ural_write(sc, RAL_TXRX_CSR11, 0x3);
1207 	} else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1208 		/* 11a basic rates: 6, 12, 24Mbps */
1209 		ural_write(sc, RAL_TXRX_CSR11, 0x150);
1210 	} else {
1211 		/* 11g basic rates: 1, 2, 5.5, 11, 6, 12, 24Mbps */
1212 		ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1213 	}
1214 }
1215 
1216 static void
1217 ural_set_bssid(struct ural_softc *sc, uint8_t *bssid)
1218 {
1219 	uint16_t tmp;
1220 
1221 	tmp = bssid[0] | bssid[1] << 8;
1222 	ural_write(sc, RAL_MAC_CSR5, tmp);
1223 
1224 	tmp = bssid[2] | bssid[3] << 8;
1225 	ural_write(sc, RAL_MAC_CSR6, tmp);
1226 
1227 	tmp = bssid[4] | bssid[5] << 8;
1228 	ural_write(sc, RAL_MAC_CSR7, tmp);
1229 
1230 	RAL_DEBUG(RAL_DBG_HW, "setting BSSID to " MACSTR "\n", MAC2STR(bssid));
1231 }
1232 
1233 static void
1234 ural_set_macaddr(struct ural_softc *sc, uint8_t *addr)
1235 {
1236 	uint16_t tmp;
1237 
1238 	tmp = addr[0] | addr[1] << 8;
1239 	ural_write(sc, RAL_MAC_CSR2, tmp);
1240 
1241 	tmp = addr[2] | addr[3] << 8;
1242 	ural_write(sc, RAL_MAC_CSR3, tmp);
1243 
1244 	tmp = addr[4] | addr[5] << 8;
1245 	ural_write(sc, RAL_MAC_CSR4, tmp);
1246 
1247 	RAL_DEBUG(RAL_DBG_HW,
1248 	    "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1249 }
1250 
1251 static void
1252 ural_update_promisc(struct ural_softc *sc)
1253 {
1254 	uint32_t tmp;
1255 
1256 	tmp = ural_read(sc, RAL_TXRX_CSR2);
1257 
1258 	tmp &= ~RAL_DROP_NOT_TO_ME;
1259 	if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1260 		tmp |= RAL_DROP_NOT_TO_ME;
1261 
1262 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1263 
1264 	RAL_DEBUG(RAL_DBG_HW, "%s promiscuous mode\n",
1265 	    (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1266 }
1267 
1268 static const char *
1269 ural_get_rf(int rev)
1270 {
1271 	switch (rev) {
1272 	case RAL_RF_2522:	return ("RT2522");
1273 	case RAL_RF_2523:	return ("RT2523");
1274 	case RAL_RF_2524:	return ("RT2524");
1275 	case RAL_RF_2525:	return ("RT2525");
1276 	case RAL_RF_2525E:	return ("RT2525e");
1277 	case RAL_RF_2526:	return ("RT2526");
1278 	case RAL_RF_5222:	return ("RT5222");
1279 	default:		return ("unknown");
1280 	}
1281 }
1282 
1283 static void
1284 ural_read_eeprom(struct ural_softc *sc)
1285 {
1286 	struct ieee80211com *ic = &sc->sc_ic;
1287 	uint16_t val;
1288 
1289 	ural_eeprom_read(sc, RAL_EEPROM_CONFIG0, &val, 2);
1290 	val = LE_16(val);
1291 	sc->rf_rev =   (val >> 11) & 0x7;
1292 	sc->hw_radio = (val >> 10) & 0x1;
1293 	sc->led_mode = (val >> 6)  & 0x7;
1294 	sc->rx_ant =   (val >> 4)  & 0x3;
1295 	sc->tx_ant =   (val >> 2)  & 0x3;
1296 	sc->nb_ant =   val & 0x3;
1297 
1298 	/* read MAC address */
1299 	ural_eeprom_read(sc, RAL_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1300 
1301 	/* read default values for BBP registers */
1302 	ural_eeprom_read(sc, RAL_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1303 
1304 	/* read Tx power for all b/g channels */
1305 	ural_eeprom_read(sc, RAL_EEPROM_TXPOWER, sc->txpow, 14);
1306 }
1307 
1308 static int
1309 ural_bbp_init(struct ural_softc *sc)
1310 {
1311 	int i, ntries;
1312 
1313 	/* wait for BBP to be ready */
1314 	for (ntries = 0; ntries < 100; ntries++) {
1315 		if (ural_bbp_read(sc, RAL_BBP_VERSION) != 0)
1316 			break;
1317 		drv_usecwait(1000);
1318 	}
1319 	if (ntries == 100) {
1320 		RAL_DEBUG(RAL_DBG_ERR, "timeout waiting for BBP\n");
1321 		return (EIO);
1322 	}
1323 
1324 	/* initialize BBP registers to default values */
1325 	for (i = 0; i < URAL_N(ural_def_bbp); i++)
1326 		ural_bbp_write(sc, ural_def_bbp[i].reg, ural_def_bbp[i].val);
1327 
1328 	return (0);
1329 }
1330 
1331 static void
1332 ural_set_txantenna(struct ural_softc *sc, int antenna)
1333 {
1334 	uint16_t tmp;
1335 	uint8_t tx;
1336 
1337 	tx = ural_bbp_read(sc, RAL_BBP_TX) & ~RAL_BBP_ANTMASK;
1338 	if (antenna == 1)
1339 		tx |= RAL_BBP_ANTA;
1340 	else if (antenna == 2)
1341 		tx |= RAL_BBP_ANTB;
1342 	else
1343 		tx |= RAL_BBP_DIVERSITY;
1344 
1345 	/* need to force I/Q flip for RF 2525e, 2526 and 5222 */
1346 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526 ||
1347 	    sc->rf_rev == RAL_RF_5222)
1348 		tx |= RAL_BBP_FLIPIQ;
1349 
1350 	ural_bbp_write(sc, RAL_BBP_TX, tx);
1351 
1352 	/* update values in PHY_CSR5 and PHY_CSR6 */
1353 	tmp = ural_read(sc, RAL_PHY_CSR5) & ~0x7;
1354 	ural_write(sc, RAL_PHY_CSR5, tmp | (tx & 0x7));
1355 
1356 	tmp = ural_read(sc, RAL_PHY_CSR6) & ~0x7;
1357 	ural_write(sc, RAL_PHY_CSR6, tmp | (tx & 0x7));
1358 }
1359 
1360 static void
1361 ural_set_rxantenna(struct ural_softc *sc, int antenna)
1362 {
1363 	uint8_t rx;
1364 
1365 	rx = ural_bbp_read(sc, RAL_BBP_RX) & ~RAL_BBP_ANTMASK;
1366 	if (antenna == 1)
1367 		rx |= RAL_BBP_ANTA;
1368 	else if (antenna == 2)
1369 		rx |= RAL_BBP_ANTB;
1370 	else
1371 		rx |= RAL_BBP_DIVERSITY;
1372 
1373 	/* need to force no I/Q flip for RF 2525e and 2526 */
1374 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526)
1375 		rx &= ~RAL_BBP_FLIPIQ;
1376 
1377 	ural_bbp_write(sc, RAL_BBP_RX, rx);
1378 }
1379 
1380 /*
1381  * This function is called periodically (every 200ms) during scanning to
1382  * switch from one channel to another.
1383  */
1384 static void
1385 ural_next_scan(void *arg)
1386 {
1387 	struct ural_softc *sc = arg;
1388 	struct ieee80211com *ic = &sc->sc_ic;
1389 
1390 	if (ic->ic_state == IEEE80211_S_SCAN)
1391 		ieee80211_next_scan(ic);
1392 }
1393 
1394 static int
1395 ural_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1396 {
1397 	struct ural_softc *sc = (struct ural_softc *)ic;
1398 	enum ieee80211_state ostate;
1399 	struct ieee80211_node *ni;
1400 	int err;
1401 
1402 	RAL_LOCK(sc);
1403 
1404 	ostate = ic->ic_state;
1405 
1406 	if (sc->sc_scan_id != 0) {
1407 		(void) untimeout(sc->sc_scan_id);
1408 		sc->sc_scan_id = 0;
1409 	}
1410 
1411 	if (sc->sc_amrr_id != 0) {
1412 		(void) untimeout(sc->sc_amrr_id);
1413 		sc->sc_amrr_id = 0;
1414 	}
1415 
1416 	switch (nstate) {
1417 	case IEEE80211_S_INIT:
1418 		if (ostate == IEEE80211_S_RUN) {
1419 			/* abort TSF synchronization */
1420 			ural_write(sc, RAL_TXRX_CSR19, 0);
1421 			/* force tx led to stop blinking */
1422 			ural_write(sc, RAL_MAC_CSR20, 0);
1423 		}
1424 		break;
1425 
1426 	case IEEE80211_S_SCAN:
1427 		ural_set_chan(sc, ic->ic_curchan);
1428 		sc->sc_scan_id = timeout(ural_next_scan, (void *)sc,
1429 		    drv_usectohz(sc->dwelltime * 1000));
1430 		break;
1431 
1432 	case IEEE80211_S_AUTH:
1433 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_AUTH ...\n");
1434 		ural_set_chan(sc, ic->ic_curchan);
1435 		break;
1436 
1437 	case IEEE80211_S_ASSOC:
1438 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_ASSOC ...\n");
1439 		ural_set_chan(sc, ic->ic_curchan);
1440 		break;
1441 
1442 	case IEEE80211_S_RUN:
1443 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_RUN ...\n");
1444 		ural_set_chan(sc, ic->ic_curchan);
1445 
1446 		ni = ic->ic_bss;
1447 
1448 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1449 			ural_update_slot(ic, 1);
1450 			ural_set_txpreamble(sc);
1451 			ural_set_basicrates(sc);
1452 			ural_set_bssid(sc, ni->in_bssid);
1453 		}
1454 
1455 
1456 		/* make tx led blink on tx (controlled by ASIC) */
1457 		ural_write(sc, RAL_MAC_CSR20, 1);
1458 
1459 		if (ic->ic_opmode != IEEE80211_M_MONITOR)
1460 			ural_enable_tsf_sync(sc);
1461 
1462 		/* enable automatic rate adaptation in STA mode */
1463 		if (ic->ic_opmode == IEEE80211_M_STA &&
1464 		    ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1465 			ural_amrr_start(sc, ni);
1466 
1467 		break;
1468 	}
1469 
1470 	RAL_UNLOCK(sc);
1471 
1472 	err = sc->sc_newstate(ic, nstate, arg);
1473 	/*
1474 	 * Finally, start any timers.
1475 	 */
1476 	if (nstate == IEEE80211_S_RUN)
1477 		ieee80211_start_watchdog(ic, 1);
1478 
1479 	return (err);
1480 }
1481 
1482 
1483 
1484 static void
1485 ural_close_pipes(struct ural_softc *sc)
1486 {
1487 	usb_flags_t flags = USB_FLAGS_SLEEP;
1488 
1489 	if (sc->sc_rx_pipeh != NULL) {
1490 		usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1491 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1492 		sc->sc_rx_pipeh = NULL;
1493 	}
1494 
1495 	if (sc->sc_tx_pipeh != NULL) {
1496 		usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1497 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1498 		sc->sc_tx_pipeh = NULL;
1499 	}
1500 }
1501 
1502 static int
1503 ural_open_pipes(struct ural_softc *sc)
1504 {
1505 	usb_ep_data_t *ep_node;
1506 	usb_pipe_policy_t policy;
1507 	int err;
1508 
1509 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1510 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1511 
1512 	bzero(&policy, sizeof (usb_pipe_policy_t));
1513 	policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1514 
1515 	if ((err = usb_pipe_open(sc->sc_dev,
1516 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1517 	    &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1518 		RAL_DEBUG(RAL_DBG_ERR,
1519 		    "ural_open_pipes(): %x failed to open tx pipe\n", err);
1520 		goto fail;
1521 	}
1522 
1523 	RAL_DEBUG(RAL_DBG_MSG, "tx pipe opened\n");
1524 
1525 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1526 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1527 
1528 	bzero(&policy, sizeof (usb_pipe_policy_t));
1529 	policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1530 
1531 	if ((err = usb_pipe_open(sc->sc_dev,
1532 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1533 	    &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1534 		RAL_DEBUG(RAL_DBG_ERR,
1535 		    "ural_open_pipes(): %x failed to open rx pipe\n", err);
1536 		goto fail;
1537 	}
1538 
1539 	RAL_DEBUG(RAL_DBG_MSG, "rx pipe opened\n");
1540 
1541 	return (USB_SUCCESS);
1542 
1543 fail:
1544 	if (sc->sc_rx_pipeh != NULL) {
1545 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1546 		    USB_FLAGS_SLEEP, NULL, 0);
1547 		sc->sc_rx_pipeh = NULL;
1548 	}
1549 
1550 	if (sc->sc_tx_pipeh != NULL) {
1551 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1552 		    USB_FLAGS_SLEEP, NULL, 0);
1553 		sc->sc_tx_pipeh = NULL;
1554 	}
1555 
1556 	return (USB_FAILURE);
1557 }
1558 
1559 static int
1560 ural_tx_trigger(struct ural_softc *sc, mblk_t *mp)
1561 {
1562 	usb_bulk_req_t *req;
1563 	int err;
1564 
1565 	sc->sc_tx_timer = RAL_TX_TIMEOUT;
1566 
1567 	req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1568 	if (req == NULL) {
1569 		RAL_DEBUG(RAL_DBG_ERR,
1570 		    "ural_tx_trigger(): failed to allocate req");
1571 		freemsg(mp);
1572 		return (-1);
1573 	}
1574 
1575 	req->bulk_len		= (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
1576 	req->bulk_data		= mp;
1577 	req->bulk_client_private = (usb_opaque_t)sc;
1578 	req->bulk_timeout	= RAL_TX_TIMEOUT;
1579 	req->bulk_attributes	= USB_ATTRS_AUTOCLEARING;
1580 	req->bulk_cb		= ural_txeof;
1581 	req->bulk_exc_cb	= ural_txeof;
1582 	req->bulk_completion_reason = 0;
1583 	req->bulk_cb_flags	= 0;
1584 
1585 	if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1586 	    != USB_SUCCESS) {
1587 
1588 		RAL_DEBUG(RAL_DBG_ERR, "ural_tx_trigger(): "
1589 		    "failed to do tx xfer, %d", err);
1590 		usb_free_bulk_req(req);
1591 		return (-1);
1592 	}
1593 
1594 	sc->tx_queued++;
1595 
1596 	return (0);
1597 }
1598 
1599 static int
1600 ural_rx_trigger(struct ural_softc *sc)
1601 {
1602 	usb_bulk_req_t *req;
1603 	int err;
1604 
1605 	req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1606 	if (req == NULL) {
1607 		RAL_DEBUG(RAL_DBG_ERR,
1608 		    "ural_rx_trigger(): failed to allocate req");
1609 		return (-1);
1610 	}
1611 
1612 	req->bulk_len		= RAL_RXBUF_SIZE;
1613 	req->bulk_client_private = (usb_opaque_t)sc;
1614 	req->bulk_timeout	= 0;
1615 	req->bulk_attributes	= USB_ATTRS_SHORT_XFER_OK
1616 	    | USB_ATTRS_AUTOCLEARING;
1617 	req->bulk_cb		= ural_rxeof;
1618 	req->bulk_exc_cb	= ural_rxeof;
1619 	req->bulk_completion_reason = 0;
1620 	req->bulk_cb_flags	= 0;
1621 
1622 	err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1623 
1624 	if (err != USB_SUCCESS) {
1625 		RAL_DEBUG(RAL_DBG_ERR, "ural_rx_trigger(): "
1626 		    "failed to do rx xfer, %d", err);
1627 		usb_free_bulk_req(req);
1628 
1629 		return (-1);
1630 	}
1631 
1632 	mutex_enter(&sc->rx_lock);
1633 	sc->rx_queued++;
1634 	mutex_exit(&sc->rx_lock);
1635 
1636 	return (0);
1637 }
1638 
1639 static void
1640 ural_init_tx_queue(struct ural_softc *sc)
1641 {
1642 	sc->tx_queued = 0;
1643 }
1644 
1645 static int
1646 ural_init_rx_queue(struct ural_softc *sc)
1647 {
1648 	int	i;
1649 
1650 	sc->rx_queued = 0;
1651 
1652 	for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1653 		if (ural_rx_trigger(sc) != 0) {
1654 			return (USB_FAILURE);
1655 		}
1656 	}
1657 
1658 	return (USB_SUCCESS);
1659 }
1660 
1661 static void
1662 ural_stop(struct ural_softc *sc)
1663 {
1664 	struct ieee80211com *ic = &sc->sc_ic;
1665 
1666 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1667 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1668 
1669 	RAL_LOCK(sc);
1670 
1671 	sc->sc_tx_timer = 0;
1672 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1673 
1674 	/* disable Rx */
1675 	ural_write(sc, RAL_TXRX_CSR2, RAL_DISABLE_RX);
1676 
1677 	/* reset ASIC and BBP (but won't reset MAC registers!) */
1678 	ural_write(sc, RAL_MAC_CSR1, RAL_RESET_ASIC | RAL_RESET_BBP);
1679 	ural_write(sc, RAL_MAC_CSR1, 0);
1680 
1681 	ural_close_pipes(sc);
1682 
1683 	RAL_UNLOCK(sc);
1684 }
1685 
1686 static int
1687 ural_init(struct ural_softc *sc)
1688 {
1689 	struct ieee80211com *ic = &sc->sc_ic;
1690 	uint16_t tmp;
1691 	int i, ntries;
1692 
1693 	ural_set_testmode(sc);
1694 	ural_write(sc, 0x308, 0x00f0);	/* magic */
1695 
1696 	ural_stop(sc);
1697 
1698 	/* initialize MAC registers to default values */
1699 	for (i = 0; i < URAL_N(ural_def_mac); i++)
1700 		ural_write(sc, ural_def_mac[i].reg, ural_def_mac[i].val);
1701 
1702 	/* wait for BBP and RF to wake up (this can take a long time!) */
1703 	for (ntries = 0; ntries < 100; ntries++) {
1704 		tmp = ural_read(sc, RAL_MAC_CSR17);
1705 		if ((tmp & (RAL_BBP_AWAKE | RAL_RF_AWAKE)) ==
1706 		    (RAL_BBP_AWAKE | RAL_RF_AWAKE))
1707 			break;
1708 		drv_usecwait(1000);
1709 	}
1710 	if (ntries == 100) {
1711 		RAL_DEBUG(RAL_DBG_ERR,
1712 		    "ural_init(): timeout waiting for BBP/RF to wakeup\n");
1713 		goto fail;
1714 	}
1715 
1716 	/* we're ready! */
1717 	ural_write(sc, RAL_MAC_CSR1, RAL_HOST_READY);
1718 
1719 	/* set basic rate set (will be updated later) */
1720 	ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1721 
1722 	if (ural_bbp_init(sc) != 0)
1723 		goto fail;
1724 
1725 	/* set default BSS channel */
1726 	ural_set_chan(sc, ic->ic_curchan);
1727 
1728 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1729 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1730 
1731 	ural_set_txantenna(sc, sc->tx_ant);
1732 	ural_set_rxantenna(sc, sc->rx_ant);
1733 
1734 	ural_set_macaddr(sc, ic->ic_macaddr);
1735 
1736 	if (ural_open_pipes(sc) != USB_SUCCESS) {
1737 		RAL_DEBUG(RAL_DBG_ERR, "ural_init(): "
1738 		    "could not open pipes.\n");
1739 		goto fail;
1740 	}
1741 
1742 	ural_init_tx_queue(sc);
1743 
1744 	if (ural_init_rx_queue(sc) != USB_SUCCESS)
1745 		goto fail;
1746 
1747 	/* kick Rx */
1748 	tmp = RAL_DROP_PHY | RAL_DROP_CRC;
1749 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1750 		tmp |= RAL_DROP_CTL | RAL_DROP_BAD_VERSION;
1751 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1752 			tmp |= RAL_DROP_TODS;
1753 		if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1754 			tmp |= RAL_DROP_NOT_TO_ME;
1755 	}
1756 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1757 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1758 
1759 	return (DDI_SUCCESS);
1760 fail:
1761 	ural_stop(sc);
1762 	return (EIO);
1763 }
1764 
1765 static int
1766 ural_offline(dev_info_t *devinfo)
1767 {
1768 	struct ural_softc *sc;
1769 	struct ieee80211com *ic;
1770 
1771 	RAL_DEBUG(RAL_DBG_MSG, "ural_offline()\n");
1772 
1773 	/*
1774 	 * We can't call ural_stop() here, since the hardware is removed,
1775 	 * we can't access the register anymore.
1776 	 */
1777 
1778 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1779 	ic = &sc->sc_ic;
1780 
1781 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1782 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1783 
1784 	RAL_LOCK(sc);
1785 
1786 	sc->sc_tx_timer = 0;
1787 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1788 
1789 	ural_close_pipes(sc);
1790 
1791 	RAL_UNLOCK(sc);
1792 
1793 	return (DDI_SUCCESS);
1794 }
1795 
1796 static int
1797 ural_online(dev_info_t *devinfo)
1798 {
1799 	struct ural_softc *sc;
1800 	int err;
1801 
1802 	RAL_DEBUG(RAL_DBG_MSG, "ural_online()\n");
1803 
1804 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1805 	err = ural_init(sc);
1806 
1807 	return (err);
1808 }
1809 
1810 #define	URAL_AMRR_MIN_SUCCESS_THRESHOLD	1
1811 #define	URAL_AMRR_MAX_SUCCESS_THRESHOLD	10
1812 
1813 /*
1814  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1815  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1816  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1817  * INRIA Sophia - Projet Planete
1818  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1819  *
1820  * This algorithm is particularly well suited for ural since it does not
1821  * require per-frame retry statistics.  Note however that since h/w does
1822  * not provide per-frame stats, we can't do per-node rate adaptation and
1823  * thus automatic rate adaptation is only enabled in STA operating mode.
1824  */
1825 #define	is_success(amrr)	\
1826 	((amrr)->retrycnt < (amrr)->txcnt / 10)
1827 #define	is_failure(amrr)	\
1828 	((amrr)->retrycnt > (amrr)->txcnt / 3)
1829 #define	is_enough(amrr)		\
1830 	((amrr)->txcnt > 10)
1831 #define	is_min_rate(ni)		\
1832 	((ni)->in_txrate == 0)
1833 #define	is_max_rate(ni)		\
1834 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1835 #define	increase_rate(ni)	\
1836 	((ni)->in_txrate++)
1837 #define	decrease_rate(ni)	\
1838 	((ni)->in_txrate--)
1839 #define	reset_cnt(amrr)	do {	\
1840 	(amrr)->txcnt = (amrr)->retrycnt = 0;	\
1841 	_NOTE(CONSTCOND)	\
1842 } while (/* CONSTCOND */0)
1843 
1844 static void
1845 ural_ratectl(struct ural_amrr *amrr, struct ieee80211_node *ni)
1846 {
1847 	int need_change = 0;
1848 
1849 	if (is_success(amrr) && is_enough(amrr)) {
1850 		amrr->success++;
1851 		if (amrr->success >= amrr->success_threshold &&
1852 		    !is_max_rate(ni)) {
1853 			amrr->recovery = 1;
1854 			amrr->success = 0;
1855 			increase_rate(ni);
1856 			need_change = 1;
1857 		} else {
1858 			amrr->recovery = 0;
1859 		}
1860 	} else if (is_failure(amrr)) {
1861 		amrr->success = 0;
1862 		if (!is_min_rate(ni)) {
1863 			if (amrr->recovery) {
1864 				amrr->success_threshold *= 2;
1865 				if (amrr->success_threshold >
1866 				    URAL_AMRR_MAX_SUCCESS_THRESHOLD)
1867 					amrr->success_threshold =
1868 					    URAL_AMRR_MAX_SUCCESS_THRESHOLD;
1869 			} else {
1870 				amrr->success_threshold =
1871 				    URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1872 			}
1873 			decrease_rate(ni);
1874 			need_change = 1;
1875 		}
1876 		amrr->recovery = 0;	/* original paper was incorrect */
1877 	}
1878 
1879 	if (is_enough(amrr) || need_change)
1880 		reset_cnt(amrr);
1881 }
1882 
1883 static void
1884 ural_amrr_timeout(void *arg)
1885 {
1886 	struct ural_softc *sc = (struct ural_softc *)arg;
1887 	struct ural_amrr *amrr = &sc->amrr;
1888 
1889 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1890 
1891 	/* count TX retry-fail as Tx errors */
1892 	sc->sc_tx_err += sc->sta[9];
1893 	sc->sc_tx_retries += (sc->sta[7] + sc->sta[8]);
1894 
1895 	amrr->retrycnt =
1896 	    sc->sta[7] +	/* TX one-retry ok count */
1897 	    sc->sta[8] +	/* TX more-retry ok count */
1898 	    sc->sta[9];		/* TX retry-fail count */
1899 
1900 	amrr->txcnt =
1901 	    amrr->retrycnt +
1902 	    sc->sta[6];		/* TX no-retry ok count */
1903 
1904 	ural_ratectl(amrr, sc->sc_ic.ic_bss);
1905 
1906 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1907 	    drv_usectohz(1000 * 1000)); /* 1 second */
1908 }
1909 
1910 
1911 static void
1912 ural_amrr_start(struct ural_softc *sc, struct ieee80211_node *ni)
1913 {
1914 	struct ural_amrr *amrr = &sc->amrr;
1915 	int i;
1916 
1917 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1918 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1919 
1920 	amrr->success = 0;
1921 	amrr->recovery = 0;
1922 	amrr->txcnt = amrr->retrycnt = 0;
1923 	amrr->success_threshold = URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1924 
1925 	/* set rate to some reasonable initial value */
1926 	for (i = ni->in_rates.ir_nrates - 1;
1927 	    i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1928 	    i--) {
1929 	}
1930 
1931 	ni->in_txrate = i;
1932 
1933 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1934 	    drv_usectohz(1000 * 1000)); /* 1 second */
1935 }
1936 
1937 void
1938 ural_watchdog(void *arg)
1939 {
1940 	struct ural_softc *sc = arg;
1941 	struct ieee80211com *ic = &sc->sc_ic;
1942 	int ntimer = 0;
1943 
1944 	RAL_LOCK(sc);
1945 	ic->ic_watchdog_timer = 0;
1946 
1947 	if (!RAL_IS_RUNNING(sc)) {
1948 		RAL_UNLOCK(sc);
1949 		return;
1950 	}
1951 
1952 	if (sc->sc_tx_timer > 0) {
1953 		if (--sc->sc_tx_timer == 0) {
1954 			RAL_DEBUG(RAL_DBG_ERR, "tx timer timeout\n");
1955 			RAL_UNLOCK(sc);
1956 			(void) ural_init(sc);
1957 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1958 			return;
1959 		}
1960 	}
1961 
1962 	if (ic->ic_state == IEEE80211_S_RUN)
1963 		ntimer = 1;
1964 
1965 	RAL_UNLOCK(sc);
1966 
1967 	ieee80211_watchdog(ic);
1968 
1969 	if (ntimer)
1970 		ieee80211_start_watchdog(ic, ntimer);
1971 }
1972 
1973 static int
1974 ural_m_start(void *arg)
1975 {
1976 	struct ural_softc *sc = (struct ural_softc *)arg;
1977 	crypto_mech_type_t type;
1978 	int err;
1979 
1980 
1981 	type = crypto_mech2id(SUN_CKM_RC4); /* load rc4 module into kernel */
1982 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_start(%d)\n", type);
1983 
1984 	/*
1985 	 * initialize RT2500USB hardware
1986 	 */
1987 	err = ural_init(sc);
1988 	if (err != DDI_SUCCESS) {
1989 		RAL_DEBUG(RAL_DBG_ERR, "device configuration failed\n");
1990 		goto fail;
1991 	}
1992 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1993 	return (err);
1994 
1995 fail:
1996 	ural_stop(sc);
1997 	return (err);
1998 }
1999 
2000 static void
2001 ural_m_stop(void *arg)
2002 {
2003 	struct ural_softc *sc = (struct ural_softc *)arg;
2004 
2005 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_stop()\n");
2006 
2007 	(void) ural_stop(sc);
2008 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
2009 }
2010 
2011 static int
2012 ural_m_unicst(void *arg, const uint8_t *macaddr)
2013 {
2014 	struct ural_softc *sc = (struct ural_softc *)arg;
2015 	struct ieee80211com *ic = &sc->sc_ic;
2016 
2017 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_unicst(): " MACSTR "\n",
2018 	    MAC2STR(macaddr));
2019 
2020 	IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2021 	(void) ural_set_macaddr(sc, (uint8_t *)macaddr);
2022 	(void) ural_init(sc);
2023 
2024 	return (0);
2025 }
2026 
2027 /*ARGSUSED*/
2028 static int
2029 ural_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2030 {
2031 	return (0);
2032 }
2033 
2034 static int
2035 ural_m_promisc(void *arg, boolean_t on)
2036 {
2037 	struct ural_softc *sc = (struct ural_softc *)arg;
2038 
2039 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_promisc()\n");
2040 
2041 	if (on) {
2042 		sc->sc_rcr |= RAL_RCR_PROMISC;
2043 		sc->sc_rcr |= RAL_RCR_MULTI;
2044 	} else {
2045 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2046 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2047 	}
2048 
2049 	ural_update_promisc(sc);
2050 	return (0);
2051 }
2052 
2053 /*
2054  * callback functions for /get/set properties
2055  */
2056 static int
2057 ural_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2058     uint_t wldp_length, const void *wldp_buf)
2059 {
2060 	struct ural_softc *sc = (struct ural_softc *)arg;
2061 	struct ieee80211com *ic = &sc->sc_ic;
2062 	int err;
2063 
2064 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2065 	    wldp_length, wldp_buf);
2066 	RAL_LOCK(sc);
2067 	if (err == ENETRESET) {
2068 		if (RAL_IS_RUNNING(sc)) {
2069 			RAL_UNLOCK(sc);
2070 			(void) ural_init(sc);
2071 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2072 			RAL_LOCK(sc);
2073 		}
2074 		err = 0;
2075 	}
2076 	RAL_UNLOCK(sc);
2077 
2078 	return (err);
2079 }
2080 
2081 static int
2082 ural_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2083     uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm)
2084 {
2085 	struct ural_softc *sc = (struct ural_softc *)arg;
2086 	int err;
2087 
2088 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2089 	    pr_flags, wldp_length, wldp_buf, perm);
2090 
2091 	return (err);
2092 }
2093 
2094 static void
2095 ural_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2096 {
2097 	struct ural_softc *sc = (struct ural_softc *)arg;
2098 	struct ieee80211com *ic = &sc->sc_ic;
2099 	int err;
2100 
2101 	err = ieee80211_ioctl(ic, wq, mp);
2102 	RAL_LOCK(sc);
2103 	if (err == ENETRESET) {
2104 		if (RAL_IS_RUNNING(sc)) {
2105 			RAL_UNLOCK(sc);
2106 			(void) ural_init(sc);
2107 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2108 			RAL_LOCK(sc);
2109 		}
2110 	}
2111 	RAL_UNLOCK(sc);
2112 }
2113 
2114 static int
2115 ural_m_stat(void *arg, uint_t stat, uint64_t *val)
2116 {
2117 	struct ural_softc *sc  = (struct ural_softc *)arg;
2118 	ieee80211com_t	*ic = &sc->sc_ic;
2119 	ieee80211_node_t *ni = ic->ic_bss;
2120 	struct ieee80211_rateset *rs = &ni->in_rates;
2121 
2122 	RAL_LOCK(sc);
2123 	switch (stat) {
2124 	case MAC_STAT_IFSPEED:
2125 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2126 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2127 		    : ic->ic_fixed_rate) / 2 * 1000000;
2128 		break;
2129 	case MAC_STAT_NOXMTBUF:
2130 		*val = sc->sc_tx_nobuf;
2131 		break;
2132 	case MAC_STAT_NORCVBUF:
2133 		*val = sc->sc_rx_nobuf;
2134 		break;
2135 	case MAC_STAT_IERRORS:
2136 		*val = sc->sc_rx_err;
2137 		break;
2138 	case MAC_STAT_RBYTES:
2139 		*val = ic->ic_stats.is_rx_bytes;
2140 		break;
2141 	case MAC_STAT_IPACKETS:
2142 		*val = ic->ic_stats.is_rx_frags;
2143 		break;
2144 	case MAC_STAT_OBYTES:
2145 		*val = ic->ic_stats.is_tx_bytes;
2146 		break;
2147 	case MAC_STAT_OPACKETS:
2148 		*val = ic->ic_stats.is_tx_frags;
2149 		break;
2150 	case MAC_STAT_OERRORS:
2151 	case WIFI_STAT_TX_FAILED:
2152 		*val = sc->sc_tx_err;
2153 		break;
2154 	case WIFI_STAT_TX_RETRANS:
2155 		*val = sc->sc_tx_retries;
2156 		break;
2157 	case WIFI_STAT_FCS_ERRORS:
2158 	case WIFI_STAT_WEP_ERRORS:
2159 	case WIFI_STAT_TX_FRAGS:
2160 	case WIFI_STAT_MCAST_TX:
2161 	case WIFI_STAT_RTS_SUCCESS:
2162 	case WIFI_STAT_RTS_FAILURE:
2163 	case WIFI_STAT_ACK_FAILURE:
2164 	case WIFI_STAT_RX_FRAGS:
2165 	case WIFI_STAT_MCAST_RX:
2166 	case WIFI_STAT_RX_DUPS:
2167 		RAL_UNLOCK(sc);
2168 		return (ieee80211_stat(ic, stat, val));
2169 	default:
2170 		RAL_UNLOCK(sc);
2171 		return (ENOTSUP);
2172 	}
2173 	RAL_UNLOCK(sc);
2174 
2175 	return (0);
2176 }
2177 
2178 
2179 static int
2180 ural_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2181 {
2182 	struct ural_softc *sc;
2183 	struct ieee80211com *ic;
2184 	int err, i;
2185 	int instance;
2186 
2187 	char strbuf[32];
2188 
2189 	wifi_data_t wd = { 0 };
2190 	mac_register_t *macp;
2191 
2192 	RAL_DEBUG(RAL_DBG_MSG, "ural_attach()\n");
2193 
2194 	if (cmd != DDI_ATTACH)
2195 		return (DDI_FAILURE);
2196 
2197 	instance = ddi_get_instance(devinfo);
2198 
2199 	if (ddi_soft_state_zalloc(ural_soft_state_p, instance) != DDI_SUCCESS) {
2200 		RAL_DEBUG(RAL_DBG_MSG, "ural_attach(): "
2201 		    "unable to alloc soft_state_p\n");
2202 		return (DDI_FAILURE);
2203 	}
2204 
2205 	sc = ddi_get_soft_state(ural_soft_state_p, instance);
2206 	ic = (ieee80211com_t *)&sc->sc_ic;
2207 	sc->sc_dev = devinfo;
2208 
2209 	if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2210 		RAL_DEBUG(RAL_DBG_ERR,
2211 		    "ural_attach(): usb_client_attach failed\n");
2212 		goto fail1;
2213 	}
2214 
2215 	if (usb_get_dev_data(devinfo, &sc->sc_udev,
2216 	    USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2217 		sc->sc_udev = NULL;
2218 		goto fail2;
2219 	}
2220 
2221 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2222 	mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2223 	mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2224 
2225 	/* retrieve RT2570 rev. no */
2226 	sc->asic_rev = ural_read(sc, RAL_MAC_CSR0);
2227 
2228 	/* retrieve MAC address and various other things from EEPROM */
2229 	ural_read_eeprom(sc);
2230 
2231 	RAL_DEBUG(RAL_DBG_MSG, "ural: MAC/BBP RT2570 (rev 0x%02x), RF %s\n",
2232 	    sc->asic_rev, ural_get_rf(sc->rf_rev));
2233 
2234 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
2235 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
2236 	ic->ic_state = IEEE80211_S_INIT;
2237 
2238 	ic->ic_maxrssi = 63;
2239 	ic->ic_set_shortslot = ural_update_slot;
2240 	ic->ic_xmit = ural_send;
2241 
2242 	/* set device capabilities */
2243 	ic->ic_caps =
2244 	    IEEE80211_C_TXPMGT |	/* tx power management */
2245 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2246 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2247 
2248 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2249 
2250 #define	IEEE80211_CHAN_A	\
2251 	(IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2252 
2253 	if (sc->rf_rev == RAL_RF_5222) {
2254 		/* set supported .11a rates */
2255 		ic->ic_sup_rates[IEEE80211_MODE_11A] = ural_rateset_11a;
2256 
2257 		/* set supported .11a channels */
2258 		for (i = 36; i <= 64; i += 4) {
2259 			ic->ic_sup_channels[i].ich_freq =
2260 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2261 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2262 		}
2263 		for (i = 100; i <= 140; i += 4) {
2264 			ic->ic_sup_channels[i].ich_freq =
2265 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2266 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2267 		}
2268 		for (i = 149; i <= 161; i += 4) {
2269 			ic->ic_sup_channels[i].ich_freq =
2270 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2271 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2272 		}
2273 	}
2274 
2275 	/* set supported .11b and .11g rates */
2276 	ic->ic_sup_rates[IEEE80211_MODE_11B] = ural_rateset_11b;
2277 	ic->ic_sup_rates[IEEE80211_MODE_11G] = ural_rateset_11g;
2278 
2279 	/* set supported .11b and .11g channels (1 through 14) */
2280 	for (i = 1; i <= 14; i++) {
2281 		ic->ic_sup_channels[i].ich_freq =
2282 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2283 		ic->ic_sup_channels[i].ich_flags =
2284 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2285 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2286 	}
2287 
2288 	ieee80211_attach(ic);
2289 
2290 	/* register WPA door */
2291 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2292 	    ddi_get_instance(devinfo));
2293 
2294 	/* override state transition machine */
2295 	sc->sc_newstate = ic->ic_newstate;
2296 	ic->ic_newstate = ural_newstate;
2297 	ic->ic_watchdog = ural_watchdog;
2298 	ieee80211_media_init(ic);
2299 	ic->ic_def_txkey = 0;
2300 
2301 	sc->sc_rcr = 0;
2302 	sc->dwelltime = 300;
2303 	sc->sc_flags &= ~RAL_FLAG_RUNNING;
2304 
2305 	/*
2306 	 * Provide initial settings for the WiFi plugin; whenever this
2307 	 * information changes, we need to call mac_plugindata_update()
2308 	 */
2309 	wd.wd_opmode = ic->ic_opmode;
2310 	wd.wd_secalloc = WIFI_SEC_NONE;
2311 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2312 
2313 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2314 		RAL_DEBUG(RAL_DBG_ERR, "ural_attach(): "
2315 		    "MAC version mismatch\n");
2316 		goto fail3;
2317 	}
2318 
2319 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
2320 	macp->m_driver		= sc;
2321 	macp->m_dip		= devinfo;
2322 	macp->m_src_addr	= ic->ic_macaddr;
2323 	macp->m_callbacks	= &ural_m_callbacks;
2324 	macp->m_min_sdu		= 0;
2325 	macp->m_max_sdu		= IEEE80211_MTU;
2326 	macp->m_pdata		= &wd;
2327 	macp->m_pdata_size	= sizeof (wd);
2328 
2329 	err = mac_register(macp, &ic->ic_mach);
2330 	mac_free(macp);
2331 	if (err != 0) {
2332 		RAL_DEBUG(RAL_DBG_ERR, "ural_attach(): "
2333 		    "mac_register() err %x\n", err);
2334 		goto fail3;
2335 	}
2336 
2337 	if (usb_register_hotplug_cbs(devinfo, ural_offline,
2338 	    ural_online) != USB_SUCCESS) {
2339 		RAL_DEBUG(RAL_DBG_ERR,
2340 		    "ural: ural_attach() failed to register events");
2341 		goto fail4;
2342 	}
2343 
2344 	/*
2345 	 * Create minor node of type DDI_NT_NET_WIFI
2346 	 */
2347 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2348 	    "ural", instance);
2349 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2350 	    instance + 1, DDI_NT_NET_WIFI, 0);
2351 
2352 	if (err != DDI_SUCCESS)
2353 		RAL_DEBUG(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2354 
2355 	/*
2356 	 * Notify link is down now
2357 	 */
2358 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2359 
2360 	RAL_DEBUG(RAL_DBG_MSG, "ural_attach() done successfully.\n");
2361 	return (DDI_SUCCESS);
2362 fail4:
2363 	(void) mac_unregister(ic->ic_mach);
2364 fail3:
2365 	mutex_destroy(&sc->sc_genlock);
2366 	mutex_destroy(&sc->tx_lock);
2367 	mutex_destroy(&sc->rx_lock);
2368 fail2:
2369 	usb_client_detach(sc->sc_dev, sc->sc_udev);
2370 fail1:
2371 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2372 
2373 	return (DDI_FAILURE);
2374 }
2375 
2376 static int
2377 ural_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2378 {
2379 	struct ural_softc *sc;
2380 
2381 	RAL_DEBUG(RAL_DBG_MSG, "ural_detach()\n");
2382 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
2383 
2384 	if (cmd != DDI_DETACH)
2385 		return (DDI_FAILURE);
2386 
2387 	if (mac_disable(sc->sc_ic.ic_mach) != 0)
2388 		return (DDI_FAILURE);
2389 
2390 	ural_stop(sc);
2391 	usb_unregister_hotplug_cbs(devinfo);
2392 
2393 	/*
2394 	 * Unregister from the MAC layer subsystem
2395 	 */
2396 	(void) mac_unregister(sc->sc_ic.ic_mach);
2397 
2398 	/*
2399 	 * detach ieee80211 layer
2400 	 */
2401 	ieee80211_detach(&sc->sc_ic);
2402 
2403 	mutex_destroy(&sc->sc_genlock);
2404 	mutex_destroy(&sc->tx_lock);
2405 	mutex_destroy(&sc->rx_lock);
2406 
2407 	/* pipes will be close in ural_stop() */
2408 	usb_client_detach(devinfo, sc->sc_udev);
2409 	sc->sc_udev = NULL;
2410 
2411 	ddi_remove_minor_node(devinfo, NULL);
2412 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2413 
2414 	return (DDI_SUCCESS);
2415 }
2416 
2417 int
2418 _info(struct modinfo *modinfop)
2419 {
2420 	return (mod_info(&modlinkage, modinfop));
2421 }
2422 
2423 int
2424 _init(void)
2425 {
2426 	int status;
2427 
2428 	status = ddi_soft_state_init(&ural_soft_state_p,
2429 	    sizeof (struct ural_softc), 1);
2430 	if (status != 0)
2431 		return (status);
2432 
2433 	mac_init_ops(&ural_dev_ops, "ural");
2434 	status = mod_install(&modlinkage);
2435 	if (status != 0) {
2436 		mac_fini_ops(&ural_dev_ops);
2437 		ddi_soft_state_fini(&ural_soft_state_p);
2438 	}
2439 	return (status);
2440 }
2441 
2442 int
2443 _fini(void)
2444 {
2445 	int status;
2446 
2447 	status = mod_remove(&modlinkage);
2448 	if (status == 0) {
2449 		mac_fini_ops(&ural_dev_ops);
2450 		ddi_soft_state_fini(&ural_soft_state_p);
2451 	}
2452 	return (status);
2453 }
2454