xref: /titanic_41/usr/src/uts/common/io/ural/ural.c (revision 323a81d93e2f58a7d62f6e523f9fddbc029d3d0b)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2005, 2006
8  *	Damien Bergamini <damien.bergamini@free.fr>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2500USB chipset driver
25  * http://www.ralinktech.com/
26  */
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <sys/types.h>
31 #include <sys/byteorder.h>
32 #include <sys/conf.h>
33 #include <sys/cmn_err.h>
34 #include <sys/stat.h>
35 #include <sys/ddi.h>
36 #include <sys/sunddi.h>
37 #include <sys/strsubr.h>
38 #include <sys/ethernet.h>
39 #include <inet/common.h>
40 #include <inet/nd.h>
41 #include <inet/mi.h>
42 #include <sys/note.h>
43 #include <sys/stream.h>
44 #include <sys/strsun.h>
45 #include <sys/modctl.h>
46 #include <sys/devops.h>
47 #include <sys/dlpi.h>
48 #include <sys/mac.h>
49 #include <sys/mac_wifi.h>
50 #include <sys/net80211.h>
51 #include <sys/net80211_proto.h>
52 #include <sys/varargs.h>
53 #include <sys/policy.h>
54 #include <sys/pci.h>
55 #include <sys/crypto/common.h>
56 #include <sys/crypto/api.h>
57 #include <inet/wifi_ioctl.h>
58 
59 #define	USBDRV_MAJOR_VER	2
60 #define	USBDRV_MINOR_VER	0
61 #include <sys/usb/usba.h>
62 
63 #include "ural_reg.h"
64 #include "ural_var.h"
65 
66 static void *ural_soft_state_p = NULL;
67 
68 #define	RAL_TXBUF_SIZE  	(IEEE80211_MAX_LEN)
69 #define	RAL_RXBUF_SIZE  	(IEEE80211_MAX_LEN)
70 
71 /* quickly determine if a given rate is CCK or OFDM */
72 #define	RAL_RATE_IS_OFDM(rate)	((rate) >= 12 && (rate) != 22)
73 #define	RAL_ACK_SIZE		14	/* 10 + 4(FCS) */
74 #define	RAL_CTS_SIZE		14	/* 10 + 4(FCS) */
75 #define	RAL_SIFS		10	/* us */
76 #define	RAL_RXTX_TURNAROUND	5	/* us */
77 
78 #define	URAL_N(a)		(sizeof (a) / sizeof ((a)[0]))
79 
80 /*
81  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
82  */
83 static const struct ieee80211_rateset ural_rateset_11a =
84 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
85 
86 static const struct ieee80211_rateset ural_rateset_11b =
87 	{ 4, { 2, 4, 11, 22 } };
88 
89 static const struct ieee80211_rateset ural_rateset_11g =
90 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
91 
92 /*
93  * Default values for MAC registers; values taken from the reference driver.
94  */
95 static const struct {
96 	uint16_t	reg;
97 	uint16_t	val;
98 } ural_def_mac[] = {
99 	{ RAL_TXRX_CSR5,  0x8c8d },
100 	{ RAL_TXRX_CSR6,  0x8b8a },
101 	{ RAL_TXRX_CSR7,  0x8687 },
102 	{ RAL_TXRX_CSR8,  0x0085 },
103 	{ RAL_MAC_CSR13,  0x1111 },
104 	{ RAL_MAC_CSR14,  0x1e11 },
105 	{ RAL_TXRX_CSR21, 0xe78f },
106 	{ RAL_MAC_CSR9,   0xff1d },
107 	{ RAL_MAC_CSR11,  0x0002 },
108 	{ RAL_MAC_CSR22,  0x0053 },
109 	{ RAL_MAC_CSR15,  0x0000 },
110 	{ RAL_MAC_CSR8,   0x0780 },
111 	{ RAL_TXRX_CSR19, 0x0000 },
112 	{ RAL_TXRX_CSR18, 0x005a },
113 	{ RAL_PHY_CSR2,   0x0000 },
114 	{ RAL_TXRX_CSR0,  0x1ec0 },
115 	{ RAL_PHY_CSR4,   0x000f }
116 };
117 
118 /*
119  * Default values for BBP registers; values taken from the reference driver.
120  */
121 static const struct {
122 	uint8_t	reg;
123 	uint8_t	val;
124 } ural_def_bbp[] = {
125 	{  3, 0x02 },
126 	{  4, 0x19 },
127 	{ 14, 0x1c },
128 	{ 15, 0x30 },
129 	{ 16, 0xac },
130 	{ 17, 0x48 },
131 	{ 18, 0x18 },
132 	{ 19, 0xff },
133 	{ 20, 0x1e },
134 	{ 21, 0x08 },
135 	{ 22, 0x08 },
136 	{ 23, 0x08 },
137 	{ 24, 0x80 },
138 	{ 25, 0x50 },
139 	{ 26, 0x08 },
140 	{ 27, 0x23 },
141 	{ 30, 0x10 },
142 	{ 31, 0x2b },
143 	{ 32, 0xb9 },
144 	{ 34, 0x12 },
145 	{ 35, 0x50 },
146 	{ 39, 0xc4 },
147 	{ 40, 0x02 },
148 	{ 41, 0x60 },
149 	{ 53, 0x10 },
150 	{ 54, 0x18 },
151 	{ 56, 0x08 },
152 	{ 57, 0x10 },
153 	{ 58, 0x08 },
154 	{ 61, 0x60 },
155 	{ 62, 0x10 },
156 	{ 75, 0xff }
157 };
158 
159 /*
160  * Default values for RF register R2 indexed by channel numbers.
161  */
162 static const uint32_t ural_rf2522_r2[] = {
163 	0x307f6, 0x307fb, 0x30800, 0x30805, 0x3080a, 0x3080f, 0x30814,
164 	0x30819, 0x3081e, 0x30823, 0x30828, 0x3082d, 0x30832, 0x3083e
165 };
166 
167 static const uint32_t ural_rf2523_r2[] = {
168 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
169 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
170 };
171 
172 static const uint32_t ural_rf2524_r2[] = {
173 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
174 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
175 };
176 
177 static const uint32_t ural_rf2525_r2[] = {
178 	0x20327, 0x20328, 0x20329, 0x2032a, 0x2032b, 0x2032c, 0x2032d,
179 	0x2032e, 0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20346
180 };
181 
182 static const uint32_t ural_rf2525_hi_r2[] = {
183 	0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20344, 0x20345,
184 	0x20346, 0x20347, 0x20348, 0x20349, 0x2034a, 0x2034b, 0x2034e
185 };
186 
187 static const uint32_t ural_rf2525e_r2[] = {
188 	0x2044d, 0x2044e, 0x2044f, 0x20460, 0x20461, 0x20462, 0x20463,
189 	0x20464, 0x20465, 0x20466, 0x20467, 0x20468, 0x20469, 0x2046b
190 };
191 
192 static const uint32_t ural_rf2526_hi_r2[] = {
193 	0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d, 0x0022d,
194 	0x0022e, 0x0022e, 0x0022f, 0x0022d, 0x00240, 0x00240, 0x00241
195 };
196 
197 static const uint32_t ural_rf2526_r2[] = {
198 	0x00226, 0x00227, 0x00227, 0x00228, 0x00228, 0x00229, 0x00229,
199 	0x0022a, 0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d
200 };
201 
202 /*
203  * For dual-band RF, RF registers R1 and R4 also depend on channel number;
204  * values taken from the reference driver.
205  */
206 static const struct {
207 	uint8_t		chan;
208 	uint32_t	r1;
209 	uint32_t	r2;
210 	uint32_t	r4;
211 } ural_rf5222[] = {
212 	{   1, 0x08808, 0x0044d, 0x00282 },
213 	{   2, 0x08808, 0x0044e, 0x00282 },
214 	{   3, 0x08808, 0x0044f, 0x00282 },
215 	{   4, 0x08808, 0x00460, 0x00282 },
216 	{   5, 0x08808, 0x00461, 0x00282 },
217 	{   6, 0x08808, 0x00462, 0x00282 },
218 	{   7, 0x08808, 0x00463, 0x00282 },
219 	{   8, 0x08808, 0x00464, 0x00282 },
220 	{   9, 0x08808, 0x00465, 0x00282 },
221 	{  10, 0x08808, 0x00466, 0x00282 },
222 	{  11, 0x08808, 0x00467, 0x00282 },
223 	{  12, 0x08808, 0x00468, 0x00282 },
224 	{  13, 0x08808, 0x00469, 0x00282 },
225 	{  14, 0x08808, 0x0046b, 0x00286 },
226 
227 	{  36, 0x08804, 0x06225, 0x00287 },
228 	{  40, 0x08804, 0x06226, 0x00287 },
229 	{  44, 0x08804, 0x06227, 0x00287 },
230 	{  48, 0x08804, 0x06228, 0x00287 },
231 	{  52, 0x08804, 0x06229, 0x00287 },
232 	{  56, 0x08804, 0x0622a, 0x00287 },
233 	{  60, 0x08804, 0x0622b, 0x00287 },
234 	{  64, 0x08804, 0x0622c, 0x00287 },
235 
236 	{ 100, 0x08804, 0x02200, 0x00283 },
237 	{ 104, 0x08804, 0x02201, 0x00283 },
238 	{ 108, 0x08804, 0x02202, 0x00283 },
239 	{ 112, 0x08804, 0x02203, 0x00283 },
240 	{ 116, 0x08804, 0x02204, 0x00283 },
241 	{ 120, 0x08804, 0x02205, 0x00283 },
242 	{ 124, 0x08804, 0x02206, 0x00283 },
243 	{ 128, 0x08804, 0x02207, 0x00283 },
244 	{ 132, 0x08804, 0x02208, 0x00283 },
245 	{ 136, 0x08804, 0x02209, 0x00283 },
246 	{ 140, 0x08804, 0x0220a, 0x00283 },
247 
248 	{ 149, 0x08808, 0x02429, 0x00281 },
249 	{ 153, 0x08808, 0x0242b, 0x00281 },
250 	{ 157, 0x08808, 0x0242d, 0x00281 },
251 	{ 161, 0x08808, 0x0242f, 0x00281 }
252 };
253 
254 /*
255  * device operations
256  */
257 static int ural_attach(dev_info_t *, ddi_attach_cmd_t);
258 static int ural_detach(dev_info_t *, ddi_detach_cmd_t);
259 
260 /*
261  * Module Loading Data & Entry Points
262  */
263 DDI_DEFINE_STREAM_OPS(ural_dev_ops, nulldev, nulldev, ural_attach,
264     ural_detach, nodev, NULL, D_MP, NULL);
265 
266 static struct modldrv ural_modldrv = {
267 	&mod_driverops,		/* Type of module.  This one is a driver */
268 	"ural driver v%I%",	/* short description */
269 	&ural_dev_ops		/* driver specific ops */
270 };
271 
272 static struct modlinkage modlinkage = {
273 	MODREV_1,
274 	(void *)&ural_modldrv,
275 	NULL
276 };
277 
278 static int	ural_m_stat(void *,  uint_t, uint64_t *);
279 static int	ural_m_start(void *);
280 static void	ural_m_stop(void *);
281 static int	ural_m_promisc(void *, boolean_t);
282 static int	ural_m_multicst(void *, boolean_t, const uint8_t *);
283 static int	ural_m_unicst(void *, const uint8_t *);
284 static mblk_t	*ural_m_tx(void *, mblk_t *);
285 static void	ural_m_ioctl(void *, queue_t *, mblk_t *);
286 
287 static mac_callbacks_t ural_m_callbacks = {
288 	MC_IOCTL,
289 	ural_m_stat,
290 	ural_m_start,
291 	ural_m_stop,
292 	ural_m_promisc,
293 	ural_m_multicst,
294 	ural_m_unicst,
295 	ural_m_tx,
296 	NULL,		/* mc_resources; */
297 	ural_m_ioctl,
298 	NULL		/* mc_getcapab */
299 };
300 
301 extern const char *usb_str_cr(int);
302 static void ural_amrr_start(struct ural_softc *, struct ieee80211_node *);
303 static int  ural_tx_trigger(struct ural_softc *, mblk_t *);
304 static int  ural_rx_trigger(struct ural_softc *);
305 
306 uint32_t ural_dbg_flags = 0;
307 
308 #ifdef DEBUG
309 void
310 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
311 {
312 	va_list args;
313 
314 	if (dbg_flags & ural_dbg_flags) {
315 		va_start(args, fmt);
316 		vcmn_err(CE_CONT, fmt, args);
317 		va_end(args);
318 	}
319 }
320 #endif
321 
322 static uint16_t
323 ural_read(struct ural_softc *sc, uint16_t reg)
324 {
325 	usb_ctrl_setup_t req;
326 	usb_cr_t cr;
327 	usb_cb_flags_t cf;
328 	mblk_t *mp;
329 	int err;
330 	uint16_t val;
331 
332 	bzero(&req, sizeof (req));
333 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
334 	req.bRequest = RAL_READ_MAC;
335 	req.wValue = 0;
336 	req.wIndex = reg;
337 	req.wLength = sizeof (uint16_t);
338 
339 	mp = NULL;
340 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
341 	    &cr, &cf, 0);
342 
343 	if (err != USB_SUCCESS) {
344 		RAL_DEBUG(RAL_DBG_ERR,
345 		    "ural_read(): could not read MAC register:"
346 		    " cr:%s(%d), cf:(%x)\n",
347 		    usb_str_cr(cr), cr, cf);
348 		return (0);
349 	}
350 
351 	bcopy(mp->b_rptr, &val, sizeof (uint16_t));
352 
353 	if (mp)
354 		freemsg(mp);
355 
356 	return (LE_16(val));
357 }
358 
359 static void
360 ural_read_multi(struct ural_softc *sc, uint16_t reg, void *buf, int len)
361 {
362 	usb_ctrl_setup_t req;
363 	usb_cr_t cr;
364 	usb_cb_flags_t cf;
365 	mblk_t *mp;
366 	int err;
367 
368 	bzero(&req, sizeof (req));
369 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
370 	req.bRequest = RAL_READ_MULTI_MAC;
371 	req.wValue = 0;
372 	req.wIndex = reg;
373 	req.wLength = (uint16_t)len;
374 	req.attrs = USB_ATTRS_AUTOCLEARING;
375 
376 	mp = NULL;
377 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
378 	    &cr, &cf, 0);
379 
380 	if (err != USB_SUCCESS) {
381 		RAL_DEBUG(RAL_DBG_ERR,
382 		    "ural_read_multi(): could not read MAC register:"
383 		    "cr:%s(%d), cf:(%x)\n",
384 		    usb_str_cr(cr), cr, cf);
385 		return;
386 	}
387 
388 	bcopy(mp->b_rptr, buf, len);
389 
390 	if (mp)
391 		freemsg(mp);
392 }
393 
394 static void
395 ural_write(struct ural_softc *sc, uint16_t reg, uint16_t val)
396 {
397 	usb_ctrl_setup_t req;
398 	usb_cr_t cr;
399 	usb_cb_flags_t cf;
400 	int err;
401 
402 	bzero(&req, sizeof (req));
403 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
404 	req.bRequest = RAL_WRITE_MAC;
405 	req.wValue = val;
406 	req.wIndex = reg;
407 	req.wLength = 0;
408 	req.attrs = USB_ATTRS_NONE;
409 
410 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
411 	    &cr, &cf, 0);
412 
413 	if (err != USB_SUCCESS) {
414 		RAL_DEBUG(RAL_DBG_ERR,
415 		    "ural_write(): could not write MAC register:"
416 		    "cr:%s(%d), cf:(%x)\n",
417 		    usb_str_cr(cr), cr, cf);
418 	}
419 }
420 
421 /* ARGSUSED */
422 static void
423 ural_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
424 {
425 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
426 	struct ieee80211com *ic = &sc->sc_ic;
427 
428 	RAL_DEBUG(RAL_DBG_TX,
429 	    "ural_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
430 	    usb_str_cr(req->bulk_completion_reason),
431 	    req->bulk_completion_reason,
432 	    req->bulk_cb_flags,
433 	    sc->tx_queued);
434 
435 	if (req->bulk_completion_reason != USB_CR_OK)
436 		sc->sc_tx_err++;
437 
438 	mutex_enter(&sc->tx_lock);
439 
440 	sc->tx_queued--;
441 	sc->sc_tx_timer = 0;
442 
443 	if (sc->sc_need_sched) {
444 		sc->sc_need_sched = 0;
445 		mac_tx_update(ic->ic_mach);
446 	}
447 
448 	mutex_exit(&sc->tx_lock);
449 	usb_free_bulk_req(req);
450 }
451 
452 /* ARGSUSED */
453 static void
454 ural_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
455 {
456 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
457 	struct ieee80211com *ic = &sc->sc_ic;
458 
459 	struct ural_rx_desc *desc;
460 	struct ieee80211_frame *wh;
461 	struct ieee80211_node *ni;
462 
463 	mblk_t *m, *mp;
464 	int len, pktlen;
465 	char *rxbuf;
466 
467 	mp = req->bulk_data;
468 	req->bulk_data = NULL;
469 
470 	RAL_DEBUG(RAL_DBG_RX,
471 	    "ural_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
472 	    usb_str_cr(req->bulk_completion_reason),
473 	    req->bulk_completion_reason,
474 	    req->bulk_cb_flags,
475 	    sc->rx_queued);
476 
477 	if (req->bulk_completion_reason != USB_CR_OK) {
478 		sc->sc_rx_err++;
479 		goto fail;
480 	}
481 
482 	len = (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
483 	rxbuf = (char *)mp->b_rptr;
484 
485 	if (len < RAL_RX_DESC_SIZE + IEEE80211_MIN_LEN) {
486 		RAL_DEBUG(RAL_DBG_ERR,
487 		    "ural_rxeof(): xfer too short %d\n", len);
488 		sc->sc_rx_err++;
489 		goto fail;
490 	}
491 
492 	/* rx descriptor is located at the end */
493 	desc = (struct ural_rx_desc *)(rxbuf + len - RAL_RX_DESC_SIZE);
494 
495 	if ((LE_32(desc->flags) & RAL_RX_PHY_ERROR) ||
496 	    (LE_32(desc->flags) & RAL_RX_CRC_ERROR)) {
497 		/*
498 		 * This should not happen since we did not request to receive
499 		 * those frames when we filled RAL_TXRX_CSR2.
500 		 */
501 		RAL_DEBUG(RAL_DBG_ERR, "PHY or CRC error\n");
502 		sc->sc_rx_err++;
503 		goto fail;
504 	}
505 
506 	pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
507 
508 	if (pktlen > (len - RAL_RX_DESC_SIZE)) {
509 		RAL_DEBUG(RAL_DBG_ERR,
510 		    "ural_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
511 		goto fail;
512 	}
513 
514 	/* Strip trailing 802.11 MAC FCS. */
515 	pktlen -= IEEE80211_CRC_LEN;
516 
517 	if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
518 		RAL_DEBUG(RAL_DBG_ERR,
519 		    "ural_rxeof(): allocate mblk failed.\n");
520 		sc->sc_rx_nobuf++;
521 		goto fail;
522 	}
523 
524 	bcopy(rxbuf, m->b_rptr, pktlen);
525 	m->b_wptr += pktlen;
526 
527 	wh = (struct ieee80211_frame *)m->b_rptr;
528 	ni = ieee80211_find_rxnode(ic, wh);
529 
530 	/* send the frame to the 802.11 layer */
531 	(void) ieee80211_input(ic, m, ni, desc->rssi, 0);
532 
533 	/* node is no longer needed */
534 	ieee80211_free_node(ni);
535 fail:
536 	mutex_enter(&sc->rx_lock);
537 	sc->rx_queued--;
538 	mutex_exit(&sc->rx_lock);
539 
540 	freemsg(mp);
541 	usb_free_bulk_req(req);
542 
543 	if (RAL_IS_RUNNING(sc))
544 		(void) ural_rx_trigger(sc);
545 }
546 
547 /*
548  * Return the expected ack rate for a frame transmitted at rate `rate'.
549  * this should depend on the destination node basic rate set.
550  */
551 static int
552 ural_ack_rate(struct ieee80211com *ic, int rate)
553 {
554 	switch (rate) {
555 	/* CCK rates */
556 	case 2:
557 		return (2);
558 	case 4:
559 	case 11:
560 	case 22:
561 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
562 
563 	/* OFDM rates */
564 	case 12:
565 	case 18:
566 		return (12);
567 	case 24:
568 	case 36:
569 		return (24);
570 	case 48:
571 	case 72:
572 	case 96:
573 	case 108:
574 		return (48);
575 	}
576 
577 	/* default to 1Mbps */
578 	return (2);
579 }
580 
581 /*
582  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
583  * The function automatically determines the operating mode depending on the
584  * given rate. `flags' indicates whether short preamble is in use or not.
585  */
586 static uint16_t
587 ural_txtime(int len, int rate, uint32_t flags)
588 {
589 	uint16_t txtime;
590 
591 	if (RAL_RATE_IS_OFDM(rate)) {
592 		/* IEEE Std 802.11a-1999, pp. 37 */
593 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
594 		txtime = 16 + 4 + 4 * txtime + 6;
595 	} else {
596 		/* IEEE Std 802.11b-1999, pp. 28 */
597 		txtime = (16 * len + rate - 1) / rate;
598 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
599 			txtime +=  72 + 24;
600 		else
601 			txtime += 144 + 48;
602 	}
603 	return (txtime);
604 }
605 
606 static uint8_t
607 ural_plcp_signal(int rate)
608 {
609 	switch (rate) {
610 	/* CCK rates (returned values are device-dependent) */
611 	case 2:		return (0x0);
612 	case 4:		return (0x1);
613 	case 11:	return (0x2);
614 	case 22:	return (0x3);
615 
616 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
617 	case 12:	return (0xb);
618 	case 18:	return (0xf);
619 	case 24:	return (0xa);
620 	case 36:	return (0xe);
621 	case 48:	return (0x9);
622 	case 72:	return (0xd);
623 	case 96:	return (0x8);
624 	case 108:	return (0xc);
625 
626 	/* unsupported rates (should not get there) */
627 	default:	return (0xff);
628 	}
629 }
630 
631 static void
632 ural_setup_tx_desc(struct ural_softc *sc, struct ural_tx_desc *desc,
633     uint32_t flags, int len, int rate)
634 {
635 	struct ieee80211com *ic = &sc->sc_ic;
636 	uint16_t plcp_length;
637 	int remainder;
638 
639 	desc->flags = LE_32(flags);
640 	desc->flags |= LE_32(RAL_TX_NEWSEQ);
641 	desc->flags |= LE_32(len << 16);
642 
643 	desc->wme = LE_16(RAL_AIFSN(2) | RAL_LOGCWMIN(3) | RAL_LOGCWMAX(5));
644 	desc->wme |= LE_16(RAL_IVOFFSET(sizeof (struct ieee80211_frame)));
645 
646 	/* setup PLCP fields */
647 	desc->plcp_signal  = ural_plcp_signal(rate);
648 	desc->plcp_service = 4;
649 
650 	len += IEEE80211_CRC_LEN;
651 	if (RAL_RATE_IS_OFDM(rate)) {
652 		desc->flags |= LE_32(RAL_TX_OFDM);
653 
654 		plcp_length = len & 0xfff;
655 		desc->plcp_length_hi = plcp_length >> 6;
656 		desc->plcp_length_lo = plcp_length & 0x3f;
657 	} else {
658 		plcp_length = (16 * len + rate - 1) / rate;
659 		if (rate == 22) {
660 			remainder = (16 * len) % 22;
661 			if (remainder != 0 && remainder < 7)
662 				desc->plcp_service |= RAL_PLCP_LENGEXT;
663 		}
664 		desc->plcp_length_hi = plcp_length >> 8;
665 		desc->plcp_length_lo = plcp_length & 0xff;
666 
667 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
668 			desc->plcp_signal |= 0x08;
669 	}
670 
671 	desc->iv = 0;
672 	desc->eiv = 0;
673 }
674 
675 #define	RAL_TX_TIMEOUT		5
676 
677 static int
678 ural_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
679 {
680 	struct ural_softc *sc = (struct ural_softc *)ic;
681 	struct ural_tx_desc *desc;
682 
683 	struct ieee80211_frame *wh;
684 	struct ieee80211_key *k;
685 
686 	uint16_t dur;
687 	uint32_t flags = 0;
688 	int rate, err = DDI_SUCCESS;
689 
690 	struct ieee80211_node *ni = NULL;
691 	mblk_t *m, *m0;
692 	int off, mblen, pktlen, xferlen;
693 
694 	mutex_enter(&sc->tx_lock);
695 
696 	if (sc->tx_queued > RAL_TX_LIST_COUNT) {
697 		RAL_DEBUG(RAL_DBG_TX, "ural_send(): "
698 		    "no TX buffer available!\n");
699 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
700 		    IEEE80211_FC0_TYPE_DATA) {
701 			sc->sc_need_sched = 1;
702 		}
703 		sc->sc_tx_nobuf++;
704 		err = ENOMEM;
705 		goto fail;
706 	}
707 
708 	m = allocb(RAL_TXBUF_SIZE + RAL_TX_DESC_SIZE, BPRI_MED);
709 	if (m == NULL) {
710 		RAL_DEBUG(RAL_DBG_ERR, "ural_send(): can't alloc mblk.\n");
711 		err = DDI_FAILURE;
712 		goto fail;
713 	}
714 
715 	m->b_rptr += RAL_TX_DESC_SIZE;	/* skip TX descriptor */
716 	m->b_wptr += RAL_TX_DESC_SIZE;
717 
718 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
719 		mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
720 		(void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
721 		off += mblen;
722 	}
723 	m->b_wptr += off;
724 
725 	wh = (struct ieee80211_frame *)m->b_rptr;
726 
727 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
728 	if (ni == NULL) {
729 		err = DDI_FAILURE;
730 		sc->sc_tx_err++;
731 		freemsg(m);
732 		goto fail;
733 	}
734 
735 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
736 	    IEEE80211_FC0_TYPE_DATA) {
737 		(void) ieee80211_encap(ic, m, ni);
738 	}
739 
740 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
741 		k = ieee80211_crypto_encap(ic, m);
742 		if (k == NULL) {
743 			sc->sc_tx_err++;
744 			freemsg(m);
745 			err = DDI_FAILURE;
746 			goto fail;
747 		}
748 		/* packet header may have moved, reset our local pointer */
749 		wh = (struct ieee80211_frame *)m->b_rptr;
750 	}
751 
752 	m->b_rptr -= RAL_TX_DESC_SIZE;	/* restore */
753 	desc = (struct ural_tx_desc *)m->b_rptr;
754 
755 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
756 	    IEEE80211_FC0_TYPE_DATA) {	/* DATA */
757 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
758 			rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
759 		else
760 			rate = ni->in_rates.ir_rates[ni->in_txrate];
761 
762 		rate &= IEEE80211_RATE_VAL;
763 		if (rate <= 0) {
764 			rate = 2;	/* basic rate */
765 		}
766 
767 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
768 			flags |= RAL_TX_ACK;
769 			flags |= RAL_TX_RETRY(7);
770 
771 			dur = ural_txtime(RAL_ACK_SIZE, ural_ack_rate(ic, rate),
772 			    ic->ic_flags) + RAL_SIFS;
773 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
774 		}
775 	} else {	/* MGMT */
776 		rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
777 
778 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
779 			flags |= RAL_TX_ACK;
780 
781 			dur = ural_txtime(RAL_ACK_SIZE, rate, ic->ic_flags)
782 			    + RAL_SIFS;
783 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
784 
785 			/* tell hardware to add timestamp for probe responses */
786 			if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
787 			    IEEE80211_FC0_TYPE_MGT &&
788 			    (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
789 			    IEEE80211_FC0_SUBTYPE_PROBE_RESP)
790 				flags |= RAL_TX_TIMESTAMP;
791 		}
792 	}
793 
794 	pktlen = (uintptr_t)m->b_wptr - (uintptr_t)m->b_rptr - RAL_TX_DESC_SIZE;
795 	ural_setup_tx_desc(sc, desc, flags, pktlen, rate);
796 
797 	/* align end on a 2-bytes boundary */
798 	xferlen = (RAL_TX_DESC_SIZE + pktlen + 1) & ~1;
799 
800 	/*
801 	 * No space left in the last URB to store the extra 2 bytes, force
802 	 * sending of another URB.
803 	 */
804 	if ((xferlen % 64) == 0)
805 		xferlen += 2;
806 
807 	m->b_wptr = m->b_rptr + xferlen;
808 
809 	RAL_DEBUG(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
810 	    pktlen, rate, xferlen);
811 
812 	(void) ural_tx_trigger(sc, m);
813 
814 	ic->ic_stats.is_tx_frags++;
815 	ic->ic_stats.is_tx_bytes += pktlen;
816 
817 fail:
818 	if (ni != NULL)
819 		ieee80211_free_node(ni);
820 
821 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
822 	    err == 0) {
823 		freemsg(mp);
824 	}
825 
826 	mutex_exit(&sc->tx_lock);
827 
828 	return (err);
829 }
830 
831 static mblk_t *
832 ural_m_tx(void *arg, mblk_t *mp)
833 {
834 	struct ural_softc *sc = (struct ural_softc *)arg;
835 	struct ieee80211com *ic = &sc->sc_ic;
836 	mblk_t *next;
837 
838 	/*
839 	 * No data frames go out unless we're associated; this
840 	 * should not happen as the 802.11 layer does not enable
841 	 * the xmit queue until we enter the RUN state.
842 	 */
843 	if (ic->ic_state != IEEE80211_S_RUN) {
844 		RAL_DEBUG(RAL_DBG_ERR, "ural_m_tx(): "
845 		    "discard, state %u\n", ic->ic_state);
846 		freemsgchain(mp);
847 		return (NULL);
848 	}
849 
850 	while (mp != NULL) {
851 		next = mp->b_next;
852 		mp->b_next = NULL;
853 		if (ural_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
854 			mp->b_next = next;
855 			freemsgchain(mp);
856 			return (NULL);
857 		}
858 		mp = next;
859 	}
860 	return (mp);
861 }
862 
863 static void
864 ural_set_testmode(struct ural_softc *sc)
865 {
866 	usb_ctrl_setup_t req;
867 	usb_cr_t cr;
868 	usb_cb_flags_t cf;
869 	int err;
870 
871 	bzero(&req, sizeof (req));
872 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
873 	req.bRequest = RAL_VENDOR_REQUEST;
874 	req.wValue = 4;
875 	req.wIndex = 1;
876 	req.wLength = 0;
877 	req.attrs = USB_ATTRS_NONE;
878 
879 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
880 	    &cr, &cf, 0);
881 
882 	if (err != USB_SUCCESS) {
883 		RAL_DEBUG(RAL_DBG_USB,
884 		    "ural_set_testmode(): could not set test mode:"
885 		    "cr:%s(%d), cf:%(x)\n",
886 		    usb_str_cr(cr), cr, cf);
887 	}
888 }
889 
890 static void
891 ural_eeprom_read(struct ural_softc *sc, uint16_t addr, void *buf, int len)
892 {
893 	usb_ctrl_setup_t req;
894 	usb_cr_t cr;
895 	usb_cb_flags_t cf;
896 	mblk_t *mp;
897 	int err;
898 
899 	bzero(&req, sizeof (req));
900 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
901 	req.bRequest = RAL_READ_EEPROM;
902 	req.wValue = 0;
903 	req.wIndex = addr;
904 	req.wLength = (uint16_t)len;
905 
906 	mp = NULL;
907 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
908 	    &cr, &cf, 0);
909 
910 	if (err != USB_SUCCESS) {
911 		RAL_DEBUG(RAL_DBG_USB,
912 		    "ural_eeprom_read(): could not read EEPROM:"
913 		    "cr:%s(%d), cf:(%x)\n",
914 		    usb_str_cr(cr), cr, cf);
915 		return;
916 	}
917 
918 	bcopy(mp->b_rptr, buf, len);
919 
920 	if (mp)
921 		freemsg(mp);
922 }
923 
924 static void
925 ural_bbp_write(struct ural_softc *sc, uint8_t reg, uint8_t val)
926 {
927 	uint16_t tmp;
928 	int ntries;
929 
930 	for (ntries = 0; ntries < 5; ntries++) {
931 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
932 			break;
933 	}
934 	if (ntries == 5) {
935 		RAL_DEBUG(RAL_DBG_ERR,
936 		    "ural_bbp_write(): could not write to BBP\n");
937 		return;
938 	}
939 
940 	tmp = reg << 8 | val;
941 	ural_write(sc, RAL_PHY_CSR7, tmp);
942 }
943 
944 static uint8_t
945 ural_bbp_read(struct ural_softc *sc, uint8_t reg)
946 {
947 	uint16_t val;
948 	int ntries;
949 
950 	val = RAL_BBP_WRITE | reg << 8;
951 	ural_write(sc, RAL_PHY_CSR7, val);
952 
953 	for (ntries = 0; ntries < 5; ntries++) {
954 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
955 			break;
956 	}
957 	if (ntries == 5) {
958 		RAL_DEBUG(RAL_DBG_ERR, "ural_bbp_read(): could not read BBP\n");
959 		return (0);
960 	}
961 
962 	return (ural_read(sc, RAL_PHY_CSR7) & 0xff);
963 }
964 
965 static void
966 ural_rf_write(struct ural_softc *sc, uint8_t reg, uint32_t val)
967 {
968 	uint32_t tmp;
969 	int ntries;
970 
971 	for (ntries = 0; ntries < 5; ntries++) {
972 		if (!(ural_read(sc, RAL_PHY_CSR10) & RAL_RF_LOBUSY))
973 			break;
974 	}
975 	if (ntries == 5) {
976 		RAL_DEBUG(RAL_DBG_ERR,
977 		    "ural_rf_write(): could not write to RF\n");
978 		return;
979 	}
980 
981 	tmp = RAL_RF_BUSY | RAL_RF_20BIT | (val & 0xffff) << 2 | (reg & 0x3);
982 	ural_write(sc, RAL_PHY_CSR9,  tmp & 0xffff);
983 	ural_write(sc, RAL_PHY_CSR10, tmp >> 16);
984 
985 	/* remember last written value in sc */
986 	sc->rf_regs[reg] = val;
987 
988 	RAL_DEBUG(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 0x3, val & 0xfffff);
989 }
990 
991 /*
992  * Disable RF auto-tuning.
993  */
994 static void
995 ural_disable_rf_tune(struct ural_softc *sc)
996 {
997 	uint32_t tmp;
998 
999 	if (sc->rf_rev != RAL_RF_2523) {
1000 		tmp = sc->rf_regs[RAL_RF1] & ~RAL_RF1_AUTOTUNE;
1001 		ural_rf_write(sc, RAL_RF1, tmp);
1002 	}
1003 
1004 	tmp = sc->rf_regs[RAL_RF3] & ~RAL_RF3_AUTOTUNE;
1005 	ural_rf_write(sc, RAL_RF3, tmp);
1006 
1007 	RAL_DEBUG(RAL_DBG_HW, "disabling RF autotune\n");
1008 }
1009 
1010 
1011 static void
1012 ural_set_chan(struct ural_softc *sc, struct ieee80211_channel *c)
1013 {
1014 	struct ieee80211com *ic = &sc->sc_ic;
1015 	uint8_t power, tmp;
1016 	uint_t i, chan;
1017 
1018 	chan = ieee80211_chan2ieee(ic, c);
1019 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1020 		return;
1021 
1022 	if (IEEE80211_IS_CHAN_2GHZ(c))
1023 		power = min(sc->txpow[chan - 1], 31);
1024 	else
1025 		power = 31;
1026 
1027 	/* adjust txpower using ifconfig settings */
1028 	power -= (100 - ic->ic_txpowlimit) / 8;
1029 
1030 	RAL_DEBUG(RAL_DBG_HW, "setting channel to %u, txpower to %u\n",
1031 	    chan, power);
1032 
1033 	switch (sc->rf_rev) {
1034 	case RAL_RF_2522:
1035 		ural_rf_write(sc, RAL_RF1, 0x00814);
1036 		ural_rf_write(sc, RAL_RF2, ural_rf2522_r2[chan - 1]);
1037 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1038 		break;
1039 
1040 	case RAL_RF_2523:
1041 		ural_rf_write(sc, RAL_RF1, 0x08804);
1042 		ural_rf_write(sc, RAL_RF2, ural_rf2523_r2[chan - 1]);
1043 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x38044);
1044 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1045 		break;
1046 
1047 	case RAL_RF_2524:
1048 		ural_rf_write(sc, RAL_RF1, 0x0c808);
1049 		ural_rf_write(sc, RAL_RF2, ural_rf2524_r2[chan - 1]);
1050 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1051 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1052 		break;
1053 
1054 	case RAL_RF_2525:
1055 		ural_rf_write(sc, RAL_RF1, 0x08808);
1056 		ural_rf_write(sc, RAL_RF2, ural_rf2525_hi_r2[chan - 1]);
1057 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1058 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1059 
1060 		ural_rf_write(sc, RAL_RF1, 0x08808);
1061 		ural_rf_write(sc, RAL_RF2, ural_rf2525_r2[chan - 1]);
1062 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1063 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1064 		break;
1065 
1066 	case RAL_RF_2525E:
1067 		ural_rf_write(sc, RAL_RF1, 0x08808);
1068 		ural_rf_write(sc, RAL_RF2, ural_rf2525e_r2[chan - 1]);
1069 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1070 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00286 : 0x00282);
1071 		break;
1072 
1073 	case RAL_RF_2526:
1074 		ural_rf_write(sc, RAL_RF2, ural_rf2526_hi_r2[chan - 1]);
1075 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1076 		ural_rf_write(sc, RAL_RF1, 0x08804);
1077 
1078 		ural_rf_write(sc, RAL_RF2, ural_rf2526_r2[chan - 1]);
1079 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1080 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1081 		break;
1082 
1083 	/* dual-band RF */
1084 	case RAL_RF_5222:
1085 		for (i = 0; ural_rf5222[i].chan != chan; i++) {
1086 			if (i > URAL_N(ural_rf5222)) break;
1087 		}
1088 
1089 		ural_rf_write(sc, RAL_RF1, ural_rf5222[i].r1);
1090 		ural_rf_write(sc, RAL_RF2, ural_rf5222[i].r2);
1091 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1092 		ural_rf_write(sc, RAL_RF4, ural_rf5222[i].r4);
1093 		break;
1094 	}
1095 
1096 	if (ic->ic_opmode != IEEE80211_M_MONITOR &&
1097 	    ic->ic_state != IEEE80211_S_SCAN) {
1098 		/* set Japan filter bit for channel 14 */
1099 		tmp = ural_bbp_read(sc, 70);
1100 
1101 		tmp &= ~RAL_JAPAN_FILTER;
1102 		if (chan == 14)
1103 			tmp |= RAL_JAPAN_FILTER;
1104 
1105 		ural_bbp_write(sc, 70, tmp);
1106 
1107 		/* clear CRC errs */
1108 		(void) ural_read(sc, RAL_STA_CSR0);
1109 
1110 		drv_usecwait(10000);
1111 		ural_disable_rf_tune(sc);
1112 	}
1113 }
1114 
1115 /*
1116  * Refer to IEEE Std 802.11-1999 pp. 123 for more information on TSF
1117  * synchronization.
1118  */
1119 static void
1120 ural_enable_tsf_sync(struct ural_softc *sc)
1121 {
1122 	struct ieee80211com *ic = &sc->sc_ic;
1123 	uint16_t logcwmin, preload, tmp;
1124 
1125 	/* first, disable TSF synchronization */
1126 	ural_write(sc, RAL_TXRX_CSR19, 0);
1127 
1128 	tmp = (16 * ic->ic_bss->in_intval) << 4;
1129 	ural_write(sc, RAL_TXRX_CSR18, tmp);
1130 
1131 	logcwmin = (ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 0;
1132 	preload = (ic->ic_opmode == IEEE80211_M_IBSS) ? 320 : 6;
1133 	tmp = logcwmin << 12 | preload;
1134 	ural_write(sc, RAL_TXRX_CSR20, tmp);
1135 
1136 	/* finally, enable TSF synchronization */
1137 	tmp = RAL_ENABLE_TSF | RAL_ENABLE_TBCN;
1138 	if (ic->ic_opmode == IEEE80211_M_STA)
1139 		tmp |= RAL_ENABLE_TSF_SYNC(1);
1140 	else
1141 		tmp |= RAL_ENABLE_TSF_SYNC(2) | RAL_ENABLE_BEACON_GENERATOR;
1142 	ural_write(sc, RAL_TXRX_CSR19, tmp);
1143 
1144 	RAL_DEBUG(RAL_DBG_HW, "enabling TSF synchronization\n");
1145 }
1146 
1147 /*
1148  * This function can be called by ieee80211_set_shortslottime(). Refer to
1149  * IEEE Std 802.11-1999 pp. 85 to know how these values are computed.
1150  */
1151 /* ARGSUSED */
1152 static void
1153 ural_update_slot(struct ieee80211com *ic, int onoff)
1154 {
1155 	struct ural_softc *sc = (struct ural_softc *)ic;
1156 	uint16_t slottime, sifs, eifs;
1157 
1158 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1159 	/* slottime = (onoff ? 9 : 20); */
1160 
1161 	/*
1162 	 * These settings may sound a bit inconsistent but this is what the
1163 	 * reference driver does.
1164 	 */
1165 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1166 		sifs = 16 - RAL_RXTX_TURNAROUND;
1167 		eifs = 364;
1168 	} else {
1169 		sifs = 10 - RAL_RXTX_TURNAROUND;
1170 		eifs = 64;
1171 	}
1172 
1173 	ural_write(sc, RAL_MAC_CSR10, slottime);
1174 	ural_write(sc, RAL_MAC_CSR11, sifs);
1175 	ural_write(sc, RAL_MAC_CSR12, eifs);
1176 }
1177 
1178 static void
1179 ural_set_txpreamble(struct ural_softc *sc)
1180 {
1181 	uint16_t tmp;
1182 
1183 	tmp = ural_read(sc, RAL_TXRX_CSR10);
1184 
1185 	tmp &= ~RAL_SHORT_PREAMBLE;
1186 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1187 		tmp |= RAL_SHORT_PREAMBLE;
1188 
1189 	ural_write(sc, RAL_TXRX_CSR10, tmp);
1190 }
1191 
1192 static void
1193 ural_set_basicrates(struct ural_softc *sc)
1194 {
1195 	struct ieee80211com *ic = &sc->sc_ic;
1196 
1197 	/* update basic rate set */
1198 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1199 		/* 11b basic rates: 1, 2Mbps */
1200 		ural_write(sc, RAL_TXRX_CSR11, 0x3);
1201 	} else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1202 		/* 11a basic rates: 6, 12, 24Mbps */
1203 		ural_write(sc, RAL_TXRX_CSR11, 0x150);
1204 	} else {
1205 		/* 11g basic rates: 1, 2, 5.5, 11, 6, 12, 24Mbps */
1206 		ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1207 	}
1208 }
1209 
1210 static void
1211 ural_set_bssid(struct ural_softc *sc, uint8_t *bssid)
1212 {
1213 	uint16_t tmp;
1214 
1215 	tmp = bssid[0] | bssid[1] << 8;
1216 	ural_write(sc, RAL_MAC_CSR5, tmp);
1217 
1218 	tmp = bssid[2] | bssid[3] << 8;
1219 	ural_write(sc, RAL_MAC_CSR6, tmp);
1220 
1221 	tmp = bssid[4] | bssid[5] << 8;
1222 	ural_write(sc, RAL_MAC_CSR7, tmp);
1223 
1224 	RAL_DEBUG(RAL_DBG_HW, "setting BSSID to " MACSTR "\n", MAC2STR(bssid));
1225 }
1226 
1227 static void
1228 ural_set_macaddr(struct ural_softc *sc, uint8_t *addr)
1229 {
1230 	uint16_t tmp;
1231 
1232 	tmp = addr[0] | addr[1] << 8;
1233 	ural_write(sc, RAL_MAC_CSR2, tmp);
1234 
1235 	tmp = addr[2] | addr[3] << 8;
1236 	ural_write(sc, RAL_MAC_CSR3, tmp);
1237 
1238 	tmp = addr[4] | addr[5] << 8;
1239 	ural_write(sc, RAL_MAC_CSR4, tmp);
1240 
1241 	RAL_DEBUG(RAL_DBG_HW,
1242 	    "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1243 }
1244 
1245 static void
1246 ural_update_promisc(struct ural_softc *sc)
1247 {
1248 	uint32_t tmp;
1249 
1250 	tmp = ural_read(sc, RAL_TXRX_CSR2);
1251 
1252 	tmp &= ~RAL_DROP_NOT_TO_ME;
1253 	if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1254 		tmp |= RAL_DROP_NOT_TO_ME;
1255 
1256 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1257 
1258 	RAL_DEBUG(RAL_DBG_HW, "%s promiscuous mode\n",
1259 	    (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1260 }
1261 
1262 static const char *
1263 ural_get_rf(int rev)
1264 {
1265 	switch (rev) {
1266 	case RAL_RF_2522:	return ("RT2522");
1267 	case RAL_RF_2523:	return ("RT2523");
1268 	case RAL_RF_2524:	return ("RT2524");
1269 	case RAL_RF_2525:	return ("RT2525");
1270 	case RAL_RF_2525E:	return ("RT2525e");
1271 	case RAL_RF_2526:	return ("RT2526");
1272 	case RAL_RF_5222:	return ("RT5222");
1273 	default:		return ("unknown");
1274 	}
1275 }
1276 
1277 static void
1278 ural_read_eeprom(struct ural_softc *sc)
1279 {
1280 	struct ieee80211com *ic = &sc->sc_ic;
1281 	uint16_t val;
1282 
1283 	ural_eeprom_read(sc, RAL_EEPROM_CONFIG0, &val, 2);
1284 	val = LE_16(val);
1285 	sc->rf_rev =   (val >> 11) & 0x7;
1286 	sc->hw_radio = (val >> 10) & 0x1;
1287 	sc->led_mode = (val >> 6)  & 0x7;
1288 	sc->rx_ant =   (val >> 4)  & 0x3;
1289 	sc->tx_ant =   (val >> 2)  & 0x3;
1290 	sc->nb_ant =   val & 0x3;
1291 
1292 	/* read MAC address */
1293 	ural_eeprom_read(sc, RAL_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1294 
1295 	/* read default values for BBP registers */
1296 	ural_eeprom_read(sc, RAL_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1297 
1298 	/* read Tx power for all b/g channels */
1299 	ural_eeprom_read(sc, RAL_EEPROM_TXPOWER, sc->txpow, 14);
1300 }
1301 
1302 static int
1303 ural_bbp_init(struct ural_softc *sc)
1304 {
1305 	int i, ntries;
1306 
1307 	/* wait for BBP to be ready */
1308 	for (ntries = 0; ntries < 100; ntries++) {
1309 		if (ural_bbp_read(sc, RAL_BBP_VERSION) != 0)
1310 			break;
1311 		drv_usecwait(1000);
1312 	}
1313 	if (ntries == 100) {
1314 		RAL_DEBUG(RAL_DBG_ERR, "timeout waiting for BBP\n");
1315 		return (EIO);
1316 	}
1317 
1318 	/* initialize BBP registers to default values */
1319 	for (i = 0; i < URAL_N(ural_def_bbp); i++)
1320 		ural_bbp_write(sc, ural_def_bbp[i].reg, ural_def_bbp[i].val);
1321 
1322 	return (0);
1323 }
1324 
1325 static void
1326 ural_set_txantenna(struct ural_softc *sc, int antenna)
1327 {
1328 	uint16_t tmp;
1329 	uint8_t tx;
1330 
1331 	tx = ural_bbp_read(sc, RAL_BBP_TX) & ~RAL_BBP_ANTMASK;
1332 	if (antenna == 1)
1333 		tx |= RAL_BBP_ANTA;
1334 	else if (antenna == 2)
1335 		tx |= RAL_BBP_ANTB;
1336 	else
1337 		tx |= RAL_BBP_DIVERSITY;
1338 
1339 	/* need to force I/Q flip for RF 2525e, 2526 and 5222 */
1340 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526 ||
1341 	    sc->rf_rev == RAL_RF_5222)
1342 		tx |= RAL_BBP_FLIPIQ;
1343 
1344 	ural_bbp_write(sc, RAL_BBP_TX, tx);
1345 
1346 	/* update values in PHY_CSR5 and PHY_CSR6 */
1347 	tmp = ural_read(sc, RAL_PHY_CSR5) & ~0x7;
1348 	ural_write(sc, RAL_PHY_CSR5, tmp | (tx & 0x7));
1349 
1350 	tmp = ural_read(sc, RAL_PHY_CSR6) & ~0x7;
1351 	ural_write(sc, RAL_PHY_CSR6, tmp | (tx & 0x7));
1352 }
1353 
1354 static void
1355 ural_set_rxantenna(struct ural_softc *sc, int antenna)
1356 {
1357 	uint8_t rx;
1358 
1359 	rx = ural_bbp_read(sc, RAL_BBP_RX) & ~RAL_BBP_ANTMASK;
1360 	if (antenna == 1)
1361 		rx |= RAL_BBP_ANTA;
1362 	else if (antenna == 2)
1363 		rx |= RAL_BBP_ANTB;
1364 	else
1365 		rx |= RAL_BBP_DIVERSITY;
1366 
1367 	/* need to force no I/Q flip for RF 2525e and 2526 */
1368 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526)
1369 		rx &= ~RAL_BBP_FLIPIQ;
1370 
1371 	ural_bbp_write(sc, RAL_BBP_RX, rx);
1372 }
1373 
1374 /*
1375  * This function is called periodically (every 200ms) during scanning to
1376  * switch from one channel to another.
1377  */
1378 static void
1379 ural_next_scan(void *arg)
1380 {
1381 	struct ural_softc *sc = arg;
1382 	struct ieee80211com *ic = &sc->sc_ic;
1383 
1384 	if (ic->ic_state == IEEE80211_S_SCAN)
1385 		ieee80211_next_scan(ic);
1386 }
1387 
1388 static int
1389 ural_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1390 {
1391 	struct ural_softc *sc = (struct ural_softc *)ic;
1392 	enum ieee80211_state ostate;
1393 	struct ieee80211_node *ni;
1394 	int err;
1395 
1396 	RAL_LOCK(sc);
1397 
1398 	ostate = ic->ic_state;
1399 
1400 	if (sc->sc_scan_id != 0) {
1401 		(void) untimeout(sc->sc_scan_id);
1402 		sc->sc_scan_id = 0;
1403 	}
1404 
1405 	if (sc->sc_amrr_id != 0) {
1406 		(void) untimeout(sc->sc_amrr_id);
1407 		sc->sc_amrr_id = 0;
1408 	}
1409 
1410 	switch (nstate) {
1411 	case IEEE80211_S_INIT:
1412 		if (ostate == IEEE80211_S_RUN) {
1413 			/* abort TSF synchronization */
1414 			ural_write(sc, RAL_TXRX_CSR19, 0);
1415 			/* force tx led to stop blinking */
1416 			ural_write(sc, RAL_MAC_CSR20, 0);
1417 		}
1418 		break;
1419 
1420 	case IEEE80211_S_SCAN:
1421 		ural_set_chan(sc, ic->ic_curchan);
1422 		sc->sc_scan_id = timeout(ural_next_scan, (void *)sc,
1423 		    drv_usectohz(sc->dwelltime * 1000));
1424 		break;
1425 
1426 	case IEEE80211_S_AUTH:
1427 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_AUTH ...\n");
1428 		ural_set_chan(sc, ic->ic_curchan);
1429 		break;
1430 
1431 	case IEEE80211_S_ASSOC:
1432 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_ASSOC ...\n");
1433 		ural_set_chan(sc, ic->ic_curchan);
1434 		break;
1435 
1436 	case IEEE80211_S_RUN:
1437 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_RUN ...\n");
1438 		ural_set_chan(sc, ic->ic_curchan);
1439 
1440 		ni = ic->ic_bss;
1441 
1442 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1443 			ural_update_slot(ic, 1);
1444 			ural_set_txpreamble(sc);
1445 			ural_set_basicrates(sc);
1446 			ural_set_bssid(sc, ni->in_bssid);
1447 		}
1448 
1449 
1450 		/* make tx led blink on tx (controlled by ASIC) */
1451 		ural_write(sc, RAL_MAC_CSR20, 1);
1452 
1453 		if (ic->ic_opmode != IEEE80211_M_MONITOR)
1454 			ural_enable_tsf_sync(sc);
1455 
1456 		/* enable automatic rate adaptation in STA mode */
1457 		if (ic->ic_opmode == IEEE80211_M_STA &&
1458 		    ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1459 			ural_amrr_start(sc, ni);
1460 
1461 		break;
1462 	}
1463 
1464 	RAL_UNLOCK(sc);
1465 
1466 	err = sc->sc_newstate(ic, nstate, arg);
1467 	/*
1468 	 * Finally, start any timers.
1469 	 */
1470 	if (nstate == IEEE80211_S_RUN)
1471 		ieee80211_start_watchdog(ic, 1);
1472 
1473 	return (err);
1474 }
1475 
1476 
1477 
1478 static void
1479 ural_close_pipes(struct ural_softc *sc)
1480 {
1481 	usb_flags_t flags = USB_FLAGS_SLEEP;
1482 
1483 	if (sc->sc_rx_pipeh != NULL) {
1484 		usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1485 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1486 		sc->sc_rx_pipeh = NULL;
1487 	}
1488 
1489 	if (sc->sc_tx_pipeh != NULL) {
1490 		usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1491 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1492 		sc->sc_tx_pipeh = NULL;
1493 	}
1494 }
1495 
1496 static int
1497 ural_open_pipes(struct ural_softc *sc)
1498 {
1499 	usb_ep_data_t *ep_node;
1500 	usb_pipe_policy_t policy;
1501 	int err;
1502 
1503 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1504 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1505 
1506 	bzero(&policy, sizeof (usb_pipe_policy_t));
1507 	policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1508 
1509 	if ((err = usb_pipe_open(sc->sc_dev,
1510 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1511 	    &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1512 		RAL_DEBUG(RAL_DBG_ERR,
1513 		    "ural_open_pipes(): %x failed to open tx pipe\n", err);
1514 		goto fail;
1515 	}
1516 
1517 	RAL_DEBUG(RAL_DBG_MSG, "tx pipe opened\n");
1518 
1519 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1520 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1521 
1522 	bzero(&policy, sizeof (usb_pipe_policy_t));
1523 	policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1524 
1525 	if ((err = usb_pipe_open(sc->sc_dev,
1526 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1527 	    &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1528 		RAL_DEBUG(RAL_DBG_ERR,
1529 		    "ural_open_pipes(): %x failed to open rx pipe\n", err);
1530 		goto fail;
1531 	}
1532 
1533 	RAL_DEBUG(RAL_DBG_MSG, "rx pipe opened\n");
1534 
1535 	return (USB_SUCCESS);
1536 
1537 fail:
1538 	if (sc->sc_rx_pipeh != NULL) {
1539 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1540 		    USB_FLAGS_SLEEP, NULL, 0);
1541 		sc->sc_rx_pipeh = NULL;
1542 	}
1543 
1544 	if (sc->sc_tx_pipeh != NULL) {
1545 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1546 		    USB_FLAGS_SLEEP, NULL, 0);
1547 		sc->sc_tx_pipeh = NULL;
1548 	}
1549 
1550 	return (USB_FAILURE);
1551 }
1552 
1553 static int
1554 ural_tx_trigger(struct ural_softc *sc, mblk_t *mp)
1555 {
1556 	usb_bulk_req_t *req;
1557 	int err;
1558 
1559 	sc->sc_tx_timer = RAL_TX_TIMEOUT;
1560 
1561 	req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1562 	if (req == NULL) {
1563 		RAL_DEBUG(RAL_DBG_ERR,
1564 		    "ural_tx_trigger(): failed to allocate req");
1565 		freemsg(mp);
1566 		return (-1);
1567 	}
1568 
1569 	req->bulk_len		= (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
1570 	req->bulk_data		= mp;
1571 	req->bulk_client_private = (usb_opaque_t)sc;
1572 	req->bulk_timeout	= RAL_TX_TIMEOUT;
1573 	req->bulk_attributes	= USB_ATTRS_AUTOCLEARING;
1574 	req->bulk_cb		= ural_txeof;
1575 	req->bulk_exc_cb	= ural_txeof;
1576 	req->bulk_completion_reason = 0;
1577 	req->bulk_cb_flags	= 0;
1578 
1579 	if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1580 	    != USB_SUCCESS) {
1581 
1582 		RAL_DEBUG(RAL_DBG_ERR, "ural_tx_trigger(): "
1583 		    "failed to do tx xfer, %d", err);
1584 		usb_free_bulk_req(req);
1585 		return (-1);
1586 	}
1587 
1588 	sc->tx_queued++;
1589 
1590 	return (0);
1591 }
1592 
1593 static int
1594 ural_rx_trigger(struct ural_softc *sc)
1595 {
1596 	usb_bulk_req_t *req;
1597 	int err;
1598 
1599 	req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1600 	if (req == NULL) {
1601 		RAL_DEBUG(RAL_DBG_ERR,
1602 		    "ural_rx_trigger(): failed to allocate req");
1603 		return (-1);
1604 	}
1605 
1606 	req->bulk_len		= RAL_RXBUF_SIZE;
1607 	req->bulk_client_private = (usb_opaque_t)sc;
1608 	req->bulk_timeout	= 0;
1609 	req->bulk_attributes	= USB_ATTRS_SHORT_XFER_OK
1610 	    | USB_ATTRS_AUTOCLEARING;
1611 	req->bulk_cb		= ural_rxeof;
1612 	req->bulk_exc_cb	= ural_rxeof;
1613 	req->bulk_completion_reason = 0;
1614 	req->bulk_cb_flags	= 0;
1615 
1616 	err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1617 
1618 	if (err != USB_SUCCESS) {
1619 		RAL_DEBUG(RAL_DBG_ERR, "ural_rx_trigger(): "
1620 		    "failed to do rx xfer, %d", err);
1621 		usb_free_bulk_req(req);
1622 
1623 		return (-1);
1624 	}
1625 
1626 	mutex_enter(&sc->rx_lock);
1627 	sc->rx_queued++;
1628 	mutex_exit(&sc->rx_lock);
1629 
1630 	return (0);
1631 }
1632 
1633 static void
1634 ural_init_tx_queue(struct ural_softc *sc)
1635 {
1636 	sc->tx_queued = 0;
1637 }
1638 
1639 static int
1640 ural_init_rx_queue(struct ural_softc *sc)
1641 {
1642 	int	i;
1643 
1644 	sc->rx_queued = 0;
1645 
1646 	for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1647 		if (ural_rx_trigger(sc) != 0) {
1648 			return (USB_FAILURE);
1649 		}
1650 	}
1651 
1652 	return (USB_SUCCESS);
1653 }
1654 
1655 static void
1656 ural_stop(struct ural_softc *sc)
1657 {
1658 	struct ieee80211com *ic = &sc->sc_ic;
1659 
1660 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1661 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1662 
1663 	RAL_LOCK(sc);
1664 
1665 	sc->sc_tx_timer = 0;
1666 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1667 
1668 	/* disable Rx */
1669 	ural_write(sc, RAL_TXRX_CSR2, RAL_DISABLE_RX);
1670 
1671 	/* reset ASIC and BBP (but won't reset MAC registers!) */
1672 	ural_write(sc, RAL_MAC_CSR1, RAL_RESET_ASIC | RAL_RESET_BBP);
1673 	ural_write(sc, RAL_MAC_CSR1, 0);
1674 
1675 	ural_close_pipes(sc);
1676 
1677 	RAL_UNLOCK(sc);
1678 }
1679 
1680 static int
1681 ural_init(struct ural_softc *sc)
1682 {
1683 	struct ieee80211com *ic = &sc->sc_ic;
1684 	uint16_t tmp;
1685 	int i, ntries;
1686 
1687 	ural_set_testmode(sc);
1688 	ural_write(sc, 0x308, 0x00f0);	/* magic */
1689 
1690 	ural_stop(sc);
1691 
1692 	/* initialize MAC registers to default values */
1693 	for (i = 0; i < URAL_N(ural_def_mac); i++)
1694 		ural_write(sc, ural_def_mac[i].reg, ural_def_mac[i].val);
1695 
1696 	/* wait for BBP and RF to wake up (this can take a long time!) */
1697 	for (ntries = 0; ntries < 100; ntries++) {
1698 		tmp = ural_read(sc, RAL_MAC_CSR17);
1699 		if ((tmp & (RAL_BBP_AWAKE | RAL_RF_AWAKE)) ==
1700 		    (RAL_BBP_AWAKE | RAL_RF_AWAKE))
1701 			break;
1702 		drv_usecwait(1000);
1703 	}
1704 	if (ntries == 100) {
1705 		RAL_DEBUG(RAL_DBG_ERR,
1706 		    "ural_init(): timeout waiting for BBP/RF to wakeup\n");
1707 		goto fail;
1708 	}
1709 
1710 	/* we're ready! */
1711 	ural_write(sc, RAL_MAC_CSR1, RAL_HOST_READY);
1712 
1713 	/* set basic rate set (will be updated later) */
1714 	ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1715 
1716 	if (ural_bbp_init(sc) != 0)
1717 		goto fail;
1718 
1719 	/* set default BSS channel */
1720 	ural_set_chan(sc, ic->ic_curchan);
1721 
1722 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1723 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1724 
1725 	ural_set_txantenna(sc, sc->tx_ant);
1726 	ural_set_rxantenna(sc, sc->rx_ant);
1727 
1728 	ural_set_macaddr(sc, ic->ic_macaddr);
1729 
1730 	if (ural_open_pipes(sc) != USB_SUCCESS) {
1731 		RAL_DEBUG(RAL_DBG_ERR, "ural_init(): "
1732 		    "could not open pipes.\n");
1733 		goto fail;
1734 	}
1735 
1736 	ural_init_tx_queue(sc);
1737 
1738 	if (ural_init_rx_queue(sc) != USB_SUCCESS)
1739 		goto fail;
1740 
1741 	/* kick Rx */
1742 	tmp = RAL_DROP_PHY | RAL_DROP_CRC;
1743 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1744 		tmp |= RAL_DROP_CTL | RAL_DROP_BAD_VERSION;
1745 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1746 			tmp |= RAL_DROP_TODS;
1747 		if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1748 			tmp |= RAL_DROP_NOT_TO_ME;
1749 	}
1750 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1751 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1752 
1753 	return (DDI_SUCCESS);
1754 fail:
1755 	ural_stop(sc);
1756 	return (EIO);
1757 }
1758 
1759 static int
1760 ural_offline(dev_info_t *devinfo)
1761 {
1762 	struct ural_softc *sc;
1763 	struct ieee80211com *ic;
1764 
1765 	RAL_DEBUG(RAL_DBG_MSG, "ural_offline()\n");
1766 
1767 	/*
1768 	 * We can't call ural_stop() here, since the hardware is removed,
1769 	 * we can't access the register anymore.
1770 	 */
1771 
1772 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1773 	ic = &sc->sc_ic;
1774 
1775 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1776 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1777 
1778 	RAL_LOCK(sc);
1779 
1780 	sc->sc_tx_timer = 0;
1781 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1782 
1783 	ural_close_pipes(sc);
1784 
1785 	RAL_UNLOCK(sc);
1786 
1787 	return (DDI_SUCCESS);
1788 }
1789 
1790 static int
1791 ural_online(dev_info_t *devinfo)
1792 {
1793 	struct ural_softc *sc;
1794 	int err;
1795 
1796 	RAL_DEBUG(RAL_DBG_MSG, "ural_online()\n");
1797 
1798 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1799 	err = ural_init(sc);
1800 
1801 	return (err);
1802 }
1803 
1804 #define	URAL_AMRR_MIN_SUCCESS_THRESHOLD	1
1805 #define	URAL_AMRR_MAX_SUCCESS_THRESHOLD	10
1806 
1807 /*
1808  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1809  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1810  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1811  * INRIA Sophia - Projet Planete
1812  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1813  *
1814  * This algorithm is particularly well suited for ural since it does not
1815  * require per-frame retry statistics.  Note however that since h/w does
1816  * not provide per-frame stats, we can't do per-node rate adaptation and
1817  * thus automatic rate adaptation is only enabled in STA operating mode.
1818  */
1819 #define	is_success(amrr)	\
1820 	((amrr)->retrycnt < (amrr)->txcnt / 10)
1821 #define	is_failure(amrr)	\
1822 	((amrr)->retrycnt > (amrr)->txcnt / 3)
1823 #define	is_enough(amrr)		\
1824 	((amrr)->txcnt > 10)
1825 #define	is_min_rate(ni)		\
1826 	((ni)->in_txrate == 0)
1827 #define	is_max_rate(ni)		\
1828 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1829 #define	increase_rate(ni)	\
1830 	((ni)->in_txrate++)
1831 #define	decrease_rate(ni)	\
1832 	((ni)->in_txrate--)
1833 #define	reset_cnt(amrr)	do {	\
1834 	(amrr)->txcnt = (amrr)->retrycnt = 0;	\
1835 	_NOTE(CONSTCOND)	\
1836 } while (/* CONSTCOND */0)
1837 
1838 static void
1839 ural_ratectl(struct ural_amrr *amrr, struct ieee80211_node *ni)
1840 {
1841 	int need_change = 0;
1842 
1843 	if (is_success(amrr) && is_enough(amrr)) {
1844 		amrr->success++;
1845 		if (amrr->success >= amrr->success_threshold &&
1846 		    !is_max_rate(ni)) {
1847 			amrr->recovery = 1;
1848 			amrr->success = 0;
1849 			increase_rate(ni);
1850 			need_change = 1;
1851 		} else {
1852 			amrr->recovery = 0;
1853 		}
1854 	} else if (is_failure(amrr)) {
1855 		amrr->success = 0;
1856 		if (!is_min_rate(ni)) {
1857 			if (amrr->recovery) {
1858 				amrr->success_threshold *= 2;
1859 				if (amrr->success_threshold >
1860 				    URAL_AMRR_MAX_SUCCESS_THRESHOLD)
1861 					amrr->success_threshold =
1862 					    URAL_AMRR_MAX_SUCCESS_THRESHOLD;
1863 			} else {
1864 				amrr->success_threshold =
1865 				    URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1866 			}
1867 			decrease_rate(ni);
1868 			need_change = 1;
1869 		}
1870 		amrr->recovery = 0;	/* original paper was incorrect */
1871 	}
1872 
1873 	if (is_enough(amrr) || need_change)
1874 		reset_cnt(amrr);
1875 }
1876 
1877 static void
1878 ural_amrr_timeout(void *arg)
1879 {
1880 	struct ural_softc *sc = (struct ural_softc *)arg;
1881 	struct ural_amrr *amrr = &sc->amrr;
1882 
1883 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1884 
1885 	/* count TX retry-fail as Tx errors */
1886 	sc->sc_tx_err += sc->sta[9];
1887 	sc->sc_tx_retries += (sc->sta[7] + sc->sta[8]);
1888 
1889 	amrr->retrycnt =
1890 	    sc->sta[7] +	/* TX one-retry ok count */
1891 	    sc->sta[8] +	/* TX more-retry ok count */
1892 	    sc->sta[9];		/* TX retry-fail count */
1893 
1894 	amrr->txcnt =
1895 	    amrr->retrycnt +
1896 	    sc->sta[6];		/* TX no-retry ok count */
1897 
1898 	ural_ratectl(amrr, sc->sc_ic.ic_bss);
1899 
1900 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1901 	    drv_usectohz(1000 * 1000)); /* 1 second */
1902 }
1903 
1904 
1905 static void
1906 ural_amrr_start(struct ural_softc *sc, struct ieee80211_node *ni)
1907 {
1908 	struct ural_amrr *amrr = &sc->amrr;
1909 	int i;
1910 
1911 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1912 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1913 
1914 	amrr->success = 0;
1915 	amrr->recovery = 0;
1916 	amrr->txcnt = amrr->retrycnt = 0;
1917 	amrr->success_threshold = URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1918 
1919 	/* set rate to some reasonable initial value */
1920 	for (i = ni->in_rates.ir_nrates - 1;
1921 	    i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1922 	    i--) {
1923 	}
1924 
1925 	ni->in_txrate = i;
1926 
1927 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1928 	    drv_usectohz(1000 * 1000)); /* 1 second */
1929 }
1930 
1931 void
1932 ural_watchdog(void *arg)
1933 {
1934 	struct ural_softc *sc = arg;
1935 	struct ieee80211com *ic = &sc->sc_ic;
1936 	int ntimer = 0;
1937 
1938 	RAL_LOCK(sc);
1939 	ic->ic_watchdog_timer = 0;
1940 
1941 	if (!RAL_IS_RUNNING(sc)) {
1942 		RAL_UNLOCK(sc);
1943 		return;
1944 	}
1945 
1946 	if (sc->sc_tx_timer > 0) {
1947 		if (--sc->sc_tx_timer == 0) {
1948 			RAL_DEBUG(RAL_DBG_ERR, "tx timer timeout\n");
1949 			RAL_UNLOCK(sc);
1950 			(void) ural_init(sc);
1951 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1952 			return;
1953 		}
1954 	}
1955 
1956 	if (ic->ic_state == IEEE80211_S_RUN)
1957 		ntimer = 1;
1958 
1959 	RAL_UNLOCK(sc);
1960 
1961 	ieee80211_watchdog(ic);
1962 
1963 	if (ntimer)
1964 		ieee80211_start_watchdog(ic, ntimer);
1965 }
1966 
1967 static int
1968 ural_m_start(void *arg)
1969 {
1970 	struct ural_softc *sc = (struct ural_softc *)arg;
1971 	crypto_mech_type_t type;
1972 	int err;
1973 
1974 
1975 	type = crypto_mech2id(SUN_CKM_RC4); /* load rc4 module into kernel */
1976 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_start(%d)\n", type);
1977 
1978 	/*
1979 	 * initialize RT2500USB hardware
1980 	 */
1981 	err = ural_init(sc);
1982 	if (err != DDI_SUCCESS) {
1983 		RAL_DEBUG(RAL_DBG_ERR, "device configuration failed\n");
1984 		goto fail;
1985 	}
1986 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1987 	return (err);
1988 
1989 fail:
1990 	ural_stop(sc);
1991 	return (err);
1992 }
1993 
1994 static void
1995 ural_m_stop(void *arg)
1996 {
1997 	struct ural_softc *sc = (struct ural_softc *)arg;
1998 
1999 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_stop()\n");
2000 
2001 	(void) ural_stop(sc);
2002 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
2003 }
2004 
2005 static int
2006 ural_m_unicst(void *arg, const uint8_t *macaddr)
2007 {
2008 	struct ural_softc *sc = (struct ural_softc *)arg;
2009 	struct ieee80211com *ic = &sc->sc_ic;
2010 
2011 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_unicst(): " MACSTR "\n",
2012 	    MAC2STR(macaddr));
2013 
2014 	IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2015 	(void) ural_set_macaddr(sc, (uint8_t *)macaddr);
2016 	(void) ural_init(sc);
2017 
2018 	return (0);
2019 }
2020 
2021 /*ARGSUSED*/
2022 static int
2023 ural_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2024 {
2025 	return (0);
2026 }
2027 
2028 static int
2029 ural_m_promisc(void *arg, boolean_t on)
2030 {
2031 	struct ural_softc *sc = (struct ural_softc *)arg;
2032 
2033 	RAL_DEBUG(RAL_DBG_MSG, "ural_m_promisc()\n");
2034 
2035 	if (on) {
2036 		sc->sc_rcr |= RAL_RCR_PROMISC;
2037 		sc->sc_rcr |= RAL_RCR_MULTI;
2038 	} else {
2039 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2040 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2041 	}
2042 
2043 	ural_update_promisc(sc);
2044 	return (0);
2045 }
2046 
2047 static void
2048 ural_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2049 {
2050 	struct ural_softc *sc = (struct ural_softc *)arg;
2051 	struct ieee80211com *ic = &sc->sc_ic;
2052 	int err;
2053 
2054 	err = ieee80211_ioctl(ic, wq, mp);
2055 	RAL_LOCK(sc);
2056 	if (err == ENETRESET) {
2057 		if (RAL_IS_RUNNING(sc)) {
2058 			RAL_UNLOCK(sc);
2059 			(void) ural_init(sc);
2060 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2061 			RAL_LOCK(sc);
2062 		}
2063 	}
2064 	RAL_UNLOCK(sc);
2065 }
2066 
2067 static int
2068 ural_m_stat(void *arg, uint_t stat, uint64_t *val)
2069 {
2070 	struct ural_softc *sc  = (struct ural_softc *)arg;
2071 	ieee80211com_t	*ic = &sc->sc_ic;
2072 	ieee80211_node_t *ni = ic->ic_bss;
2073 	struct ieee80211_rateset *rs = &ni->in_rates;
2074 
2075 	RAL_LOCK(sc);
2076 	switch (stat) {
2077 	case MAC_STAT_IFSPEED:
2078 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2079 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2080 		    : ic->ic_fixed_rate) / 2 * 1000000;
2081 		break;
2082 	case MAC_STAT_NOXMTBUF:
2083 		*val = sc->sc_tx_nobuf;
2084 		break;
2085 	case MAC_STAT_NORCVBUF:
2086 		*val = sc->sc_rx_nobuf;
2087 		break;
2088 	case MAC_STAT_IERRORS:
2089 		*val = sc->sc_rx_err;
2090 		break;
2091 	case MAC_STAT_RBYTES:
2092 		*val = ic->ic_stats.is_rx_bytes;
2093 		break;
2094 	case MAC_STAT_IPACKETS:
2095 		*val = ic->ic_stats.is_rx_frags;
2096 		break;
2097 	case MAC_STAT_OBYTES:
2098 		*val = ic->ic_stats.is_tx_bytes;
2099 		break;
2100 	case MAC_STAT_OPACKETS:
2101 		*val = ic->ic_stats.is_tx_frags;
2102 		break;
2103 	case MAC_STAT_OERRORS:
2104 	case WIFI_STAT_TX_FAILED:
2105 		*val = sc->sc_tx_err;
2106 		break;
2107 	case WIFI_STAT_TX_RETRANS:
2108 		*val = sc->sc_tx_retries;
2109 		break;
2110 	case WIFI_STAT_FCS_ERRORS:
2111 	case WIFI_STAT_WEP_ERRORS:
2112 	case WIFI_STAT_TX_FRAGS:
2113 	case WIFI_STAT_MCAST_TX:
2114 	case WIFI_STAT_RTS_SUCCESS:
2115 	case WIFI_STAT_RTS_FAILURE:
2116 	case WIFI_STAT_ACK_FAILURE:
2117 	case WIFI_STAT_RX_FRAGS:
2118 	case WIFI_STAT_MCAST_RX:
2119 	case WIFI_STAT_RX_DUPS:
2120 		RAL_UNLOCK(sc);
2121 		return (ieee80211_stat(ic, stat, val));
2122 	default:
2123 		RAL_UNLOCK(sc);
2124 		return (ENOTSUP);
2125 	}
2126 	RAL_UNLOCK(sc);
2127 
2128 	return (0);
2129 }
2130 
2131 
2132 static int
2133 ural_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2134 {
2135 	struct ural_softc *sc;
2136 	struct ieee80211com *ic;
2137 	int err, i;
2138 	int instance;
2139 
2140 	char strbuf[32];
2141 
2142 	wifi_data_t wd = { 0 };
2143 	mac_register_t *macp;
2144 
2145 	RAL_DEBUG(RAL_DBG_MSG, "ural_attach()\n");
2146 
2147 	if (cmd != DDI_ATTACH)
2148 		return (DDI_FAILURE);
2149 
2150 	instance = ddi_get_instance(devinfo);
2151 
2152 	if (ddi_soft_state_zalloc(ural_soft_state_p, instance) != DDI_SUCCESS) {
2153 		RAL_DEBUG(RAL_DBG_MSG, "ural_attach(): "
2154 		    "unable to alloc soft_state_p\n");
2155 		return (DDI_FAILURE);
2156 	}
2157 
2158 	sc = ddi_get_soft_state(ural_soft_state_p, instance);
2159 	ic = (ieee80211com_t *)&sc->sc_ic;
2160 	sc->sc_dev = devinfo;
2161 
2162 	if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2163 		RAL_DEBUG(RAL_DBG_ERR,
2164 		    "ural_attach(): usb_client_attach failed\n");
2165 		goto fail1;
2166 	}
2167 
2168 	if (usb_get_dev_data(devinfo, &sc->sc_udev,
2169 	    USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2170 		sc->sc_udev = NULL;
2171 		goto fail2;
2172 	}
2173 
2174 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2175 	mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2176 	mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2177 
2178 	/* retrieve RT2570 rev. no */
2179 	sc->asic_rev = ural_read(sc, RAL_MAC_CSR0);
2180 
2181 	/* retrieve MAC address and various other things from EEPROM */
2182 	ural_read_eeprom(sc);
2183 
2184 	RAL_DEBUG(RAL_DBG_MSG, "ural: MAC/BBP RT2570 (rev 0x%02x), RF %s\n",
2185 	    sc->asic_rev, ural_get_rf(sc->rf_rev));
2186 
2187 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
2188 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
2189 	ic->ic_state = IEEE80211_S_INIT;
2190 
2191 	ic->ic_maxrssi = 63;
2192 	ic->ic_set_shortslot = ural_update_slot;
2193 	ic->ic_xmit = ural_send;
2194 
2195 	/* set device capabilities */
2196 	ic->ic_caps =
2197 	    IEEE80211_C_TXPMGT |	/* tx power management */
2198 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2199 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2200 
2201 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2202 
2203 #define	IEEE80211_CHAN_A	\
2204 	(IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2205 
2206 	if (sc->rf_rev == RAL_RF_5222) {
2207 		/* set supported .11a rates */
2208 		ic->ic_sup_rates[IEEE80211_MODE_11A] = ural_rateset_11a;
2209 
2210 		/* set supported .11a channels */
2211 		for (i = 36; i <= 64; i += 4) {
2212 			ic->ic_sup_channels[i].ich_freq =
2213 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2214 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2215 		}
2216 		for (i = 100; i <= 140; i += 4) {
2217 			ic->ic_sup_channels[i].ich_freq =
2218 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2219 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2220 		}
2221 		for (i = 149; i <= 161; i += 4) {
2222 			ic->ic_sup_channels[i].ich_freq =
2223 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2224 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2225 		}
2226 	}
2227 
2228 	/* set supported .11b and .11g rates */
2229 	ic->ic_sup_rates[IEEE80211_MODE_11B] = ural_rateset_11b;
2230 	ic->ic_sup_rates[IEEE80211_MODE_11G] = ural_rateset_11g;
2231 
2232 	/* set supported .11b and .11g channels (1 through 14) */
2233 	for (i = 1; i <= 14; i++) {
2234 		ic->ic_sup_channels[i].ich_freq =
2235 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2236 		ic->ic_sup_channels[i].ich_flags =
2237 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2238 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2239 	}
2240 
2241 	ieee80211_attach(ic);
2242 
2243 	/* register WPA door */
2244 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2245 	    ddi_get_instance(devinfo));
2246 
2247 	/* override state transition machine */
2248 	sc->sc_newstate = ic->ic_newstate;
2249 	ic->ic_newstate = ural_newstate;
2250 	ic->ic_watchdog = ural_watchdog;
2251 	ieee80211_media_init(ic);
2252 	ic->ic_def_txkey = 0;
2253 
2254 	sc->sc_rcr = 0;
2255 	sc->dwelltime = 300;
2256 	sc->sc_flags &= ~RAL_FLAG_RUNNING;
2257 
2258 	/*
2259 	 * Provide initial settings for the WiFi plugin; whenever this
2260 	 * information changes, we need to call mac_plugindata_update()
2261 	 */
2262 	wd.wd_opmode = ic->ic_opmode;
2263 	wd.wd_secalloc = WIFI_SEC_NONE;
2264 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2265 
2266 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2267 		RAL_DEBUG(RAL_DBG_ERR, "ural_attach(): "
2268 		    "MAC version mismatch\n");
2269 		goto fail3;
2270 	}
2271 
2272 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
2273 	macp->m_driver		= sc;
2274 	macp->m_dip		= devinfo;
2275 	macp->m_src_addr	= ic->ic_macaddr;
2276 	macp->m_callbacks	= &ural_m_callbacks;
2277 	macp->m_min_sdu		= 0;
2278 	macp->m_max_sdu		= IEEE80211_MTU;
2279 	macp->m_pdata		= &wd;
2280 	macp->m_pdata_size	= sizeof (wd);
2281 
2282 	err = mac_register(macp, &ic->ic_mach);
2283 	mac_free(macp);
2284 	if (err != 0) {
2285 		RAL_DEBUG(RAL_DBG_ERR, "ural_attach(): "
2286 		    "mac_register() err %x\n", err);
2287 		goto fail3;
2288 	}
2289 
2290 	if (usb_register_hotplug_cbs(devinfo, ural_offline,
2291 	    ural_online) != USB_SUCCESS) {
2292 		RAL_DEBUG(RAL_DBG_ERR,
2293 		    "ural: ural_attach() failed to register events");
2294 		goto fail4;
2295 	}
2296 
2297 	/*
2298 	 * Create minor node of type DDI_NT_NET_WIFI
2299 	 */
2300 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2301 	    "ural", instance);
2302 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2303 	    instance + 1, DDI_NT_NET_WIFI, 0);
2304 
2305 	if (err != DDI_SUCCESS)
2306 		RAL_DEBUG(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2307 
2308 	/*
2309 	 * Notify link is down now
2310 	 */
2311 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2312 
2313 	RAL_DEBUG(RAL_DBG_MSG, "ural_attach() done successfully.\n");
2314 	return (DDI_SUCCESS);
2315 fail4:
2316 	(void) mac_unregister(ic->ic_mach);
2317 fail3:
2318 	mutex_destroy(&sc->sc_genlock);
2319 	mutex_destroy(&sc->tx_lock);
2320 	mutex_destroy(&sc->rx_lock);
2321 fail2:
2322 	usb_client_detach(sc->sc_dev, sc->sc_udev);
2323 fail1:
2324 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2325 
2326 	return (DDI_FAILURE);
2327 }
2328 
2329 static int
2330 ural_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2331 {
2332 	struct ural_softc *sc;
2333 
2334 	RAL_DEBUG(RAL_DBG_MSG, "ural_detach()\n");
2335 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
2336 
2337 	if (cmd != DDI_DETACH)
2338 		return (DDI_FAILURE);
2339 
2340 	ural_stop(sc);
2341 	usb_unregister_hotplug_cbs(devinfo);
2342 
2343 	/*
2344 	 * Unregister from the MAC layer subsystem
2345 	 */
2346 	if (mac_unregister(sc->sc_ic.ic_mach) != 0)
2347 		return (DDI_FAILURE);
2348 
2349 	/*
2350 	 * detach ieee80211 layer
2351 	 */
2352 	ieee80211_detach(&sc->sc_ic);
2353 
2354 	mutex_destroy(&sc->sc_genlock);
2355 	mutex_destroy(&sc->tx_lock);
2356 	mutex_destroy(&sc->rx_lock);
2357 
2358 	/* pipes will be close in ural_stop() */
2359 	usb_client_detach(devinfo, sc->sc_udev);
2360 	sc->sc_udev = NULL;
2361 
2362 	ddi_remove_minor_node(devinfo, NULL);
2363 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2364 
2365 	return (DDI_SUCCESS);
2366 }
2367 
2368 int
2369 _info(struct modinfo *modinfop)
2370 {
2371 	return (mod_info(&modlinkage, modinfop));
2372 }
2373 
2374 int
2375 _init(void)
2376 {
2377 	int status;
2378 
2379 	status = ddi_soft_state_init(&ural_soft_state_p,
2380 	    sizeof (struct ural_softc), 1);
2381 	if (status != 0)
2382 		return (status);
2383 
2384 	mac_init_ops(&ural_dev_ops, "ural");
2385 	status = mod_install(&modlinkage);
2386 	if (status != 0) {
2387 		mac_fini_ops(&ural_dev_ops);
2388 		ddi_soft_state_fini(&ural_soft_state_p);
2389 	}
2390 	return (status);
2391 }
2392 
2393 int
2394 _fini(void)
2395 {
2396 	int status;
2397 
2398 	status = mod_remove(&modlinkage);
2399 	if (status == 0) {
2400 		mac_fini_ops(&ural_dev_ops);
2401 		ddi_soft_state_fini(&ural_soft_state_p);
2402 	}
2403 	return (status);
2404 }
2405