xref: /titanic_51/usr/src/uts/common/io/rum/rum.c (revision f53eecf557986dac6ededb388fedd6ca63be0350)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2005-2007 Damien Bergamini <damien.bergamini@free.fr>
8  * Copyright (c) 2006 Niall O'Higgins <niallo@openbsd.org>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2501USB/RT2601USB chipset driver
25  * http://www.ralinktech.com.tw/
26  */
27 #include <sys/types.h>
28 #include <sys/cmn_err.h>
29 #include <sys/strsubr.h>
30 #include <sys/modctl.h>
31 #include <sys/devops.h>
32 #include <sys/mac_provider.h>
33 #include <sys/mac_wifi.h>
34 #include <sys/net80211.h>
35 
36 #define	USBDRV_MAJOR_VER	2
37 #define	USBDRV_MINOR_VER	0
38 #include <sys/usb/usba.h>
39 #include <sys/usb/usba/usba_types.h>
40 
41 #include "rum_reg.h"
42 #include "rum_var.h"
43 #include "rt2573_ucode.h"
44 
45 static void *rum_soft_state_p = NULL;
46 
47 #define	RAL_TXBUF_SIZE  	(IEEE80211_MAX_LEN)
48 #define	RAL_RXBUF_SIZE  	(IEEE80211_MAX_LEN)
49 
50 /* quickly determine if a given rate is CCK or OFDM */
51 #define	RUM_RATE_IS_OFDM(rate)	((rate) >= 12 && (rate) != 22)
52 #define	RUM_ACK_SIZE	14	/* 10 + 4(FCS) */
53 #define	RUM_CTS_SIZE	14	/* 10 + 4(FCS) */
54 
55 #define	RUM_N(a)		(sizeof (a) / sizeof ((a)[0]))
56 
57 /*
58  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
59  */
60 static const struct ieee80211_rateset rum_rateset_11a =
61 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
62 
63 static const struct ieee80211_rateset rum_rateset_11b =
64 	{ 4, { 2, 4, 11, 22 } };
65 
66 static const struct ieee80211_rateset rum_rateset_11g =
67 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
68 
69 static const struct {
70 	uint32_t	reg;
71 	uint32_t	val;
72 } rum_def_mac[] = {
73 	{ RT2573_TXRX_CSR0,  0x025fb032 },
74 	{ RT2573_TXRX_CSR1,  0x9eaa9eaf },
75 	{ RT2573_TXRX_CSR2,  0x8a8b8c8d },
76 	{ RT2573_TXRX_CSR3,  0x00858687 },
77 	{ RT2573_TXRX_CSR7,  0x2e31353b },
78 	{ RT2573_TXRX_CSR8,  0x2a2a2a2c },
79 	{ RT2573_TXRX_CSR15, 0x0000000f },
80 	{ RT2573_MAC_CSR6,   0x00000fff },
81 	{ RT2573_MAC_CSR8,   0x016c030a },
82 	{ RT2573_MAC_CSR10,  0x00000718 },
83 	{ RT2573_MAC_CSR12,  0x00000004 },
84 	{ RT2573_MAC_CSR13,  0x00007f00 },
85 	{ RT2573_SEC_CSR0,   0x00000000 },
86 	{ RT2573_SEC_CSR1,   0x00000000 },
87 	{ RT2573_SEC_CSR5,   0x00000000 },
88 	{ RT2573_PHY_CSR1,   0x000023b0 },
89 	{ RT2573_PHY_CSR5,   0x00040a06 },
90 	{ RT2573_PHY_CSR6,   0x00080606 },
91 	{ RT2573_PHY_CSR7,   0x00000408 },
92 	{ RT2573_AIFSN_CSR,  0x00002273 },
93 	{ RT2573_CWMIN_CSR,  0x00002344 },
94 	{ RT2573_CWMAX_CSR,  0x000034aa }
95 };
96 
97 static const struct {
98 	uint8_t	reg;
99 	uint8_t	val;
100 } rum_def_bbp[] = {
101 	{   3, 0x80 },
102 	{  15, 0x30 },
103 	{  17, 0x20 },
104 	{  21, 0xc8 },
105 	{  22, 0x38 },
106 	{  23, 0x06 },
107 	{  24, 0xfe },
108 	{  25, 0x0a },
109 	{  26, 0x0d },
110 	{  32, 0x0b },
111 	{  34, 0x12 },
112 	{  37, 0x07 },
113 	{  39, 0xf8 },
114 	{  41, 0x60 },
115 	{  53, 0x10 },
116 	{  54, 0x18 },
117 	{  60, 0x10 },
118 	{  61, 0x04 },
119 	{  62, 0x04 },
120 	{  75, 0xfe },
121 	{  86, 0xfe },
122 	{  88, 0xfe },
123 	{  90, 0x0f },
124 	{  99, 0x00 },
125 	{ 102, 0x16 },
126 	{ 107, 0x04 }
127 };
128 
129 static const struct rfprog {
130 	uint8_t		chan;
131 	uint32_t	r1, r2, r3, r4;
132 }  rum_rf5226[] = {
133 	{   1, 0x00b03, 0x001e1, 0x1a014, 0x30282 },
134 	{   2, 0x00b03, 0x001e1, 0x1a014, 0x30287 },
135 	{   3, 0x00b03, 0x001e2, 0x1a014, 0x30282 },
136 	{   4, 0x00b03, 0x001e2, 0x1a014, 0x30287 },
137 	{   5, 0x00b03, 0x001e3, 0x1a014, 0x30282 },
138 	{   6, 0x00b03, 0x001e3, 0x1a014, 0x30287 },
139 	{   7, 0x00b03, 0x001e4, 0x1a014, 0x30282 },
140 	{   8, 0x00b03, 0x001e4, 0x1a014, 0x30287 },
141 	{   9, 0x00b03, 0x001e5, 0x1a014, 0x30282 },
142 	{  10, 0x00b03, 0x001e5, 0x1a014, 0x30287 },
143 	{  11, 0x00b03, 0x001e6, 0x1a014, 0x30282 },
144 	{  12, 0x00b03, 0x001e6, 0x1a014, 0x30287 },
145 	{  13, 0x00b03, 0x001e7, 0x1a014, 0x30282 },
146 	{  14, 0x00b03, 0x001e8, 0x1a014, 0x30284 },
147 
148 	{  34, 0x00b03, 0x20266, 0x36014, 0x30282 },
149 	{  38, 0x00b03, 0x20267, 0x36014, 0x30284 },
150 	{  42, 0x00b03, 0x20268, 0x36014, 0x30286 },
151 	{  46, 0x00b03, 0x20269, 0x36014, 0x30288 },
152 
153 	{  36, 0x00b03, 0x00266, 0x26014, 0x30288 },
154 	{  40, 0x00b03, 0x00268, 0x26014, 0x30280 },
155 	{  44, 0x00b03, 0x00269, 0x26014, 0x30282 },
156 	{  48, 0x00b03, 0x0026a, 0x26014, 0x30284 },
157 	{  52, 0x00b03, 0x0026b, 0x26014, 0x30286 },
158 	{  56, 0x00b03, 0x0026c, 0x26014, 0x30288 },
159 	{  60, 0x00b03, 0x0026e, 0x26014, 0x30280 },
160 	{  64, 0x00b03, 0x0026f, 0x26014, 0x30282 },
161 
162 	{ 100, 0x00b03, 0x0028a, 0x2e014, 0x30280 },
163 	{ 104, 0x00b03, 0x0028b, 0x2e014, 0x30282 },
164 	{ 108, 0x00b03, 0x0028c, 0x2e014, 0x30284 },
165 	{ 112, 0x00b03, 0x0028d, 0x2e014, 0x30286 },
166 	{ 116, 0x00b03, 0x0028e, 0x2e014, 0x30288 },
167 	{ 120, 0x00b03, 0x002a0, 0x2e014, 0x30280 },
168 	{ 124, 0x00b03, 0x002a1, 0x2e014, 0x30282 },
169 	{ 128, 0x00b03, 0x002a2, 0x2e014, 0x30284 },
170 	{ 132, 0x00b03, 0x002a3, 0x2e014, 0x30286 },
171 	{ 136, 0x00b03, 0x002a4, 0x2e014, 0x30288 },
172 	{ 140, 0x00b03, 0x002a6, 0x2e014, 0x30280 },
173 
174 	{ 149, 0x00b03, 0x002a8, 0x2e014, 0x30287 },
175 	{ 153, 0x00b03, 0x002a9, 0x2e014, 0x30289 },
176 	{ 157, 0x00b03, 0x002ab, 0x2e014, 0x30281 },
177 	{ 161, 0x00b03, 0x002ac, 0x2e014, 0x30283 },
178 	{ 165, 0x00b03, 0x002ad, 0x2e014, 0x30285 }
179 }, rum_rf5225[] = {
180 	{   1, 0x00b33, 0x011e1, 0x1a014, 0x30282 },
181 	{   2, 0x00b33, 0x011e1, 0x1a014, 0x30287 },
182 	{   3, 0x00b33, 0x011e2, 0x1a014, 0x30282 },
183 	{   4, 0x00b33, 0x011e2, 0x1a014, 0x30287 },
184 	{   5, 0x00b33, 0x011e3, 0x1a014, 0x30282 },
185 	{   6, 0x00b33, 0x011e3, 0x1a014, 0x30287 },
186 	{   7, 0x00b33, 0x011e4, 0x1a014, 0x30282 },
187 	{   8, 0x00b33, 0x011e4, 0x1a014, 0x30287 },
188 	{   9, 0x00b33, 0x011e5, 0x1a014, 0x30282 },
189 	{  10, 0x00b33, 0x011e5, 0x1a014, 0x30287 },
190 	{  11, 0x00b33, 0x011e6, 0x1a014, 0x30282 },
191 	{  12, 0x00b33, 0x011e6, 0x1a014, 0x30287 },
192 	{  13, 0x00b33, 0x011e7, 0x1a014, 0x30282 },
193 	{  14, 0x00b33, 0x011e8, 0x1a014, 0x30284 },
194 
195 	{  34, 0x00b33, 0x01266, 0x26014, 0x30282 },
196 	{  38, 0x00b33, 0x01267, 0x26014, 0x30284 },
197 	{  42, 0x00b33, 0x01268, 0x26014, 0x30286 },
198 	{  46, 0x00b33, 0x01269, 0x26014, 0x30288 },
199 
200 	{  36, 0x00b33, 0x01266, 0x26014, 0x30288 },
201 	{  40, 0x00b33, 0x01268, 0x26014, 0x30280 },
202 	{  44, 0x00b33, 0x01269, 0x26014, 0x30282 },
203 	{  48, 0x00b33, 0x0126a, 0x26014, 0x30284 },
204 	{  52, 0x00b33, 0x0126b, 0x26014, 0x30286 },
205 	{  56, 0x00b33, 0x0126c, 0x26014, 0x30288 },
206 	{  60, 0x00b33, 0x0126e, 0x26014, 0x30280 },
207 	{  64, 0x00b33, 0x0126f, 0x26014, 0x30282 },
208 
209 	{ 100, 0x00b33, 0x0128a, 0x2e014, 0x30280 },
210 	{ 104, 0x00b33, 0x0128b, 0x2e014, 0x30282 },
211 	{ 108, 0x00b33, 0x0128c, 0x2e014, 0x30284 },
212 	{ 112, 0x00b33, 0x0128d, 0x2e014, 0x30286 },
213 	{ 116, 0x00b33, 0x0128e, 0x2e014, 0x30288 },
214 	{ 120, 0x00b33, 0x012a0, 0x2e014, 0x30280 },
215 	{ 124, 0x00b33, 0x012a1, 0x2e014, 0x30282 },
216 	{ 128, 0x00b33, 0x012a2, 0x2e014, 0x30284 },
217 	{ 132, 0x00b33, 0x012a3, 0x2e014, 0x30286 },
218 	{ 136, 0x00b33, 0x012a4, 0x2e014, 0x30288 },
219 	{ 140, 0x00b33, 0x012a6, 0x2e014, 0x30280 },
220 
221 	{ 149, 0x00b33, 0x012a8, 0x2e014, 0x30287 },
222 	{ 153, 0x00b33, 0x012a9, 0x2e014, 0x30289 },
223 	{ 157, 0x00b33, 0x012ab, 0x2e014, 0x30281 },
224 	{ 161, 0x00b33, 0x012ac, 0x2e014, 0x30283 },
225 	{ 165, 0x00b33, 0x012ad, 0x2e014, 0x30285 }
226 };
227 
228 /*
229  * device operations
230  */
231 static int rum_attach(dev_info_t *, ddi_attach_cmd_t);
232 static int rum_detach(dev_info_t *, ddi_detach_cmd_t);
233 
234 /*
235  * Module Loading Data & Entry Points
236  */
237 DDI_DEFINE_STREAM_OPS(rum_dev_ops, nulldev, nulldev, rum_attach,
238     rum_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);
239 
240 static struct modldrv rum_modldrv = {
241 	&mod_driverops,		/* Type of module.  This one is a driver */
242 	"rum driver v1.2",	/* short description */
243 	&rum_dev_ops		/* driver specific ops */
244 };
245 
246 static struct modlinkage modlinkage = {
247 	MODREV_1,
248 	(void *)&rum_modldrv,
249 	NULL
250 };
251 
252 static int	rum_m_stat(void *,  uint_t, uint64_t *);
253 static int	rum_m_start(void *);
254 static void	rum_m_stop(void *);
255 static int	rum_m_promisc(void *, boolean_t);
256 static int	rum_m_multicst(void *, boolean_t, const uint8_t *);
257 static int	rum_m_unicst(void *, const uint8_t *);
258 static mblk_t	*rum_m_tx(void *, mblk_t *);
259 static void	rum_m_ioctl(void *, queue_t *, mblk_t *);
260 static int	rum_m_setprop(void *, const char *, mac_prop_id_t,
261     uint_t, const void *);
262 static int	rum_m_getprop(void *, const char *, mac_prop_id_t,
263     uint_t, uint_t, void *, uint_t *);
264 
265 static mac_callbacks_t rum_m_callbacks = {
266 	MC_IOCTL | MC_SETPROP | MC_GETPROP,
267 	rum_m_stat,
268 	rum_m_start,
269 	rum_m_stop,
270 	rum_m_promisc,
271 	rum_m_multicst,
272 	rum_m_unicst,
273 	rum_m_tx,
274 	rum_m_ioctl,
275 	NULL,		/* mc_getcapab */
276 	NULL,
277 	NULL,
278 	rum_m_setprop,
279 	rum_m_getprop
280 };
281 
282 static void rum_amrr_start(struct rum_softc *, struct ieee80211_node *);
283 static int  rum_tx_trigger(struct rum_softc *, mblk_t *);
284 static int  rum_rx_trigger(struct rum_softc *);
285 
286 uint32_t rum_dbg_flags = 0;
287 
288 void
289 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
290 {
291 	va_list args;
292 
293 	if (dbg_flags & rum_dbg_flags) {
294 		va_start(args, fmt);
295 		vcmn_err(CE_CONT, fmt, args);
296 		va_end(args);
297 	}
298 }
299 
300 static void
301 rum_read_multi(struct rum_softc *sc, uint16_t reg, void *buf, int len)
302 {
303 	usb_ctrl_setup_t req;
304 	usb_cr_t cr;
305 	usb_cb_flags_t cf;
306 	mblk_t *mp;
307 	int err;
308 
309 	bzero(&req, sizeof (req));
310 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
311 	req.bRequest = RT2573_READ_MULTI_MAC;
312 	req.wValue = 0;
313 	req.wIndex = reg;
314 	req.wLength = (uint16_t)len;
315 	req.attrs = USB_ATTRS_AUTOCLEARING;
316 
317 	mp = NULL;
318 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
319 	    &cr, &cf, 0);
320 
321 	if (err != USB_SUCCESS) {
322 		ral_debug(RAL_DBG_ERR,
323 		    "rum_read_multi(): could not read MAC register:"
324 		    "cr:%s(%d), cf:(%x)\n",
325 		    usb_str_cr(cr), cr, cf);
326 		return;
327 	}
328 
329 	bcopy(mp->b_rptr, buf, len);
330 	freemsg(mp);
331 }
332 
333 static uint32_t
334 rum_read(struct rum_softc *sc, uint16_t reg)
335 {
336 	uint32_t val;
337 
338 	rum_read_multi(sc, reg, &val, sizeof (val));
339 
340 	return (LE_32(val));
341 }
342 
343 static void
344 rum_write_multi(struct rum_softc *sc, uint16_t reg, void *buf, size_t len)
345 {
346 	usb_ctrl_setup_t req;
347 	usb_cr_t cr;
348 	usb_cb_flags_t cf;
349 	mblk_t *mp;
350 	int err;
351 
352 	bzero(&req, sizeof (req));
353 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
354 	req.bRequest = RT2573_WRITE_MULTI_MAC;
355 	req.wValue = 0;
356 	req.wIndex = reg;
357 	req.wLength = (uint16_t)len;
358 	req.attrs = USB_ATTRS_NONE;
359 
360 	if ((mp = allocb(len, BPRI_HI)) == NULL) {
361 		ral_debug(RAL_DBG_ERR, "rum_write_multi(): failed alloc mblk.");
362 		return;
363 	}
364 
365 	bcopy(buf, mp->b_wptr, len);
366 	mp->b_wptr += len;
367 
368 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
369 	    &cr, &cf, 0);
370 
371 	if (err != USB_SUCCESS) {
372 		ral_debug(RAL_DBG_USB,
373 		    "rum_write_multi(): could not write MAC register:"
374 		    "cr:%s(%d), cf:(%x)\n",
375 		    usb_str_cr(cr), cr, cf);
376 	}
377 
378 	freemsg(mp);
379 }
380 
381 static void
382 rum_write(struct rum_softc *sc, uint16_t reg, uint32_t val)
383 {
384 	uint32_t tmp = LE_32(val);
385 
386 	rum_write_multi(sc, reg, &tmp, sizeof (tmp));
387 }
388 
389 #define	UGETDW(w) ((w)[0] | ((w)[1] << 8) | ((w)[2] << 16) | ((w)[3] << 24))
390 
391 static int
392 rum_load_microcode(struct rum_softc *sc)
393 {
394 	usb_ctrl_setup_t req;
395 	usb_cr_t cr;
396 	usb_cb_flags_t cf;
397 	int err;
398 
399 	const uint8_t *ucode;
400 	int size;
401 	uint16_t reg = RT2573_MCU_CODE_BASE;
402 
403 	ucode = rt2573_ucode;
404 	size  = sizeof (rt2573_ucode);
405 
406 	/* copy firmware image into NIC */
407 	for (; size >= 4; reg += 4, ucode += 4, size -= 4) {
408 		rum_write(sc, reg, UGETDW(ucode));
409 		/* rum_write(sc, reg, *(uint32_t *)(ucode)); */
410 	}
411 
412 	bzero(&req, sizeof (req));
413 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
414 	req.bRequest = RT2573_MCU_CNTL;
415 	req.wValue = RT2573_MCU_RUN;
416 	req.wIndex = 0;
417 	req.wLength = 0;
418 	req.attrs = USB_ATTRS_NONE;
419 
420 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
421 	    &cr, &cf, 0);
422 
423 	if (err != USB_SUCCESS) {
424 		ral_debug(RAL_DBG_ERR,
425 		    "rum_load_microcode(): could not run firmware: "
426 		    "cr:%s(%d), cf:(%x)\n",
427 		    usb_str_cr(cr), cr, cf);
428 	}
429 
430 	ral_debug(RAL_DBG_MSG,
431 	    "rum_load_microcode(%d): done\n", sizeof (rt2573_ucode));
432 
433 	return (err);
434 }
435 
436 static void
437 rum_eeprom_read(struct rum_softc *sc, uint16_t addr, void *buf, int len)
438 {
439 	usb_ctrl_setup_t req;
440 	usb_cr_t cr;
441 	usb_cb_flags_t cf;
442 	mblk_t *mp;
443 	int err;
444 
445 	bzero(&req, sizeof (req));
446 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
447 	req.bRequest = RT2573_READ_EEPROM;
448 	req.wValue = 0;
449 	req.wIndex = addr;
450 	req.wLength = (uint16_t)len;
451 
452 	mp = NULL;
453 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
454 	    &cr, &cf, 0);
455 
456 	if (err != USB_SUCCESS) {
457 		ral_debug(RAL_DBG_USB,
458 		    "rum_eeprom_read(): could not read EEPROM:"
459 		    "cr:%s(%d), cf:(%x)\n",
460 		    usb_str_cr(cr), cr, cf);
461 		return;
462 	}
463 
464 	bcopy(mp->b_rptr, buf, len);
465 	freemsg(mp);
466 }
467 
468 /* ARGSUSED */
469 static void
470 rum_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
471 {
472 	struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
473 	struct ieee80211com *ic = &sc->sc_ic;
474 
475 	ral_debug(RAL_DBG_TX,
476 	    "rum_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
477 	    usb_str_cr(req->bulk_completion_reason),
478 	    req->bulk_completion_reason,
479 	    req->bulk_cb_flags,
480 	    sc->tx_queued);
481 
482 	if (req->bulk_completion_reason != USB_CR_OK)
483 		sc->sc_tx_err++;
484 
485 	mutex_enter(&sc->tx_lock);
486 
487 	sc->tx_queued--;
488 	sc->sc_tx_timer = 0;
489 
490 	if (sc->sc_need_sched) {
491 		sc->sc_need_sched = 0;
492 		mac_tx_update(ic->ic_mach);
493 	}
494 
495 	mutex_exit(&sc->tx_lock);
496 	usb_free_bulk_req(req);
497 }
498 
499 /* ARGSUSED */
500 static void
501 rum_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
502 {
503 	struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
504 	struct ieee80211com *ic = &sc->sc_ic;
505 
506 	struct rum_rx_desc *desc;
507 	struct ieee80211_frame *wh;
508 	struct ieee80211_node *ni;
509 
510 	mblk_t *m, *mp;
511 	int len, pktlen;
512 	char *rxbuf;
513 
514 	mp = req->bulk_data;
515 	req->bulk_data = NULL;
516 
517 	ral_debug(RAL_DBG_RX,
518 	    "rum_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
519 	    usb_str_cr(req->bulk_completion_reason),
520 	    req->bulk_completion_reason,
521 	    req->bulk_cb_flags,
522 	    sc->rx_queued);
523 
524 	if (req->bulk_completion_reason != USB_CR_OK) {
525 		sc->sc_rx_err++;
526 		goto fail;
527 	}
528 
529 	len = msgdsize(mp);
530 	rxbuf = (char *)mp->b_rptr;
531 
532 
533 	if (len < RT2573_RX_DESC_SIZE + sizeof (struct ieee80211_frame_min)) {
534 		ral_debug(RAL_DBG_ERR,
535 		    "rum_rxeof(): xfer too short %d\n", len);
536 		sc->sc_rx_err++;
537 		goto fail;
538 	}
539 
540 	/* rx descriptor is located at the head, different from RT2500USB */
541 	desc = (struct rum_rx_desc *)rxbuf;
542 
543 	if (LE_32(desc->flags) & RT2573_RX_CRC_ERROR) {
544 		/*
545 		 * This should not happen since we did not request to receive
546 		 * those frames when we filled RT2573_TXRX_CSR0.
547 		 */
548 		ral_debug(RAL_DBG_ERR, "CRC error\n");
549 		sc->sc_rx_err++;
550 		goto fail;
551 	}
552 
553 	pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
554 
555 	if (pktlen > (len - RT2573_RX_DESC_SIZE)) {
556 		ral_debug(RAL_DBG_ERR,
557 		    "rum_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
558 		goto fail;
559 	}
560 
561 	if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
562 		ral_debug(RAL_DBG_ERR,
563 		    "rum_rxeof(): allocate mblk failed.\n");
564 		sc->sc_rx_nobuf++;
565 		goto fail;
566 	}
567 
568 	bcopy(rxbuf + RT2573_RX_DESC_SIZE, m->b_rptr, pktlen);
569 	m->b_wptr += pktlen;
570 
571 	wh = (struct ieee80211_frame *)m->b_rptr;
572 	ni = ieee80211_find_rxnode(ic, wh);
573 
574 	/* send the frame to the 802.11 layer */
575 	(void) ieee80211_input(ic, m, ni, desc->rssi, 0);
576 
577 	/* node is no longer needed */
578 	ieee80211_free_node(ni);
579 
580 fail:
581 	mutex_enter(&sc->rx_lock);
582 	sc->rx_queued--;
583 	mutex_exit(&sc->rx_lock);
584 
585 	freemsg(mp);
586 	usb_free_bulk_req(req);
587 
588 	if (RAL_IS_RUNNING(sc))
589 		(void) rum_rx_trigger(sc);
590 }
591 
592 /*
593  * Return the expected ack rate for a frame transmitted at rate `rate'.
594  */
595 static int
596 rum_ack_rate(struct ieee80211com *ic, int rate)
597 {
598 	switch (rate) {
599 	/* CCK rates */
600 	case 2:
601 		return (2);
602 	case 4:
603 	case 11:
604 	case 22:
605 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
606 
607 	/* OFDM rates */
608 	case 12:
609 	case 18:
610 		return (12);
611 	case 24:
612 	case 36:
613 		return (24);
614 	case 48:
615 	case 72:
616 	case 96:
617 	case 108:
618 		return (48);
619 	}
620 
621 	/* default to 1Mbps */
622 	return (2);
623 }
624 
625 /*
626  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
627  * The function automatically determines the operating mode depending on the
628  * given rate. `flags' indicates whether short preamble is in use or not.
629  */
630 static uint16_t
631 rum_txtime(int len, int rate, uint32_t flags)
632 {
633 	uint16_t txtime;
634 
635 	if (RUM_RATE_IS_OFDM(rate)) {
636 		/* IEEE Std 802.11a-1999, pp. 37 */
637 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
638 		txtime = 16 + 4 + 4 * txtime + 6;
639 	} else {
640 		/* IEEE Std 802.11b-1999, pp. 28 */
641 		txtime = (16 * len + rate - 1) / rate;
642 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
643 			txtime +=  72 + 24;
644 		else
645 			txtime += 144 + 48;
646 	}
647 	return (txtime);
648 }
649 
650 static uint8_t
651 rum_plcp_signal(int rate)
652 {
653 	switch (rate) {
654 	/* CCK rates (returned values are device-dependent) */
655 	case 2:		return (0x0);
656 	case 4:		return (0x1);
657 	case 11:	return (0x2);
658 	case 22:	return (0x3);
659 
660 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
661 	case 12:	return (0xb);
662 	case 18:	return (0xf);
663 	case 24:	return (0xa);
664 	case 36:	return (0xe);
665 	case 48:	return (0x9);
666 	case 72:	return (0xd);
667 	case 96:	return (0x8);
668 	case 108:	return (0xc);
669 
670 	/* unsupported rates (should not get there) */
671 	default:	return (0xff);
672 	}
673 }
674 
675 static void
676 rum_setup_tx_desc(struct rum_softc *sc, struct rum_tx_desc *desc,
677     uint32_t flags, uint16_t xflags, int len, int rate)
678 {
679 	struct ieee80211com *ic = &sc->sc_ic;
680 	uint16_t plcp_length;
681 	int remainder;
682 
683 	desc->flags = LE_32(flags);
684 	desc->flags |= LE_32(RT2573_TX_VALID);
685 	desc->flags |= LE_32(len << 16);
686 
687 	desc->xflags = LE_16(xflags);
688 
689 	desc->wme = LE_16(RT2573_QID(0) | RT2573_AIFSN(2) |
690 	    RT2573_LOGCWMIN(4) | RT2573_LOGCWMAX(10));
691 
692 	/* setup PLCP fields */
693 	desc->plcp_signal  = rum_plcp_signal(rate);
694 	desc->plcp_service = 4;
695 
696 	len += IEEE80211_CRC_LEN;
697 	if (RUM_RATE_IS_OFDM(rate)) {
698 		desc->flags |= LE_32(RT2573_TX_OFDM);
699 
700 		plcp_length = len & 0xfff;
701 		desc->plcp_length_hi = plcp_length >> 6;
702 		desc->plcp_length_lo = plcp_length & 0x3f;
703 	} else {
704 		plcp_length = (16 * len + rate - 1) / rate;
705 		if (rate == 22) {
706 			remainder = (16 * len) % 22;
707 			if (remainder != 0 && remainder < 7)
708 				desc->plcp_service |= RT2573_PLCP_LENGEXT;
709 		}
710 		desc->plcp_length_hi = plcp_length >> 8;
711 		desc->plcp_length_lo = plcp_length & 0xff;
712 
713 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
714 			desc->plcp_signal |= 0x08;
715 	}
716 }
717 
718 #define	RUM_TX_TIMEOUT	5
719 
720 static int
721 rum_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
722 {
723 	struct rum_softc *sc = (struct rum_softc *)ic;
724 	struct rum_tx_desc *desc;
725 
726 	struct ieee80211_frame *wh;
727 	struct ieee80211_key *k;
728 
729 	uint16_t dur;
730 	uint32_t flags = 0;
731 	int rate, err = DDI_SUCCESS, rv;
732 
733 	struct ieee80211_node *ni = NULL;
734 	mblk_t *m, *m0;
735 	int off, mblen, pktlen, xferlen;
736 
737 	/* discard packets while suspending or not inited */
738 	if (!RAL_IS_RUNNING(sc)) {
739 		freemsg(mp);
740 		return (ENXIO);
741 	}
742 
743 	mutex_enter(&sc->tx_lock);
744 
745 	if (sc->tx_queued > RAL_TX_LIST_COUNT) {
746 		ral_debug(RAL_DBG_TX, "rum_send(): "
747 		    "no TX buffer available!\n");
748 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
749 		    IEEE80211_FC0_TYPE_DATA) {
750 			sc->sc_need_sched = 1;
751 		}
752 		sc->sc_tx_nobuf++;
753 		err = ENOMEM;
754 		goto fail;
755 	}
756 
757 	m = allocb(RAL_TXBUF_SIZE + RT2573_TX_DESC_SIZE, BPRI_MED);
758 	if (m == NULL) {
759 		ral_debug(RAL_DBG_ERR, "rum_send(): can't alloc mblk.\n");
760 		err = DDI_FAILURE;
761 		goto fail;
762 	}
763 
764 	m->b_rptr += RT2573_TX_DESC_SIZE;	/* skip TX descriptor */
765 	m->b_wptr += RT2573_TX_DESC_SIZE;
766 
767 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
768 		mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
769 		(void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
770 		off += mblen;
771 	}
772 	m->b_wptr += off;
773 
774 	wh = (struct ieee80211_frame *)m->b_rptr;
775 
776 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
777 	if (ni == NULL) {
778 		err = DDI_FAILURE;
779 		sc->sc_tx_err++;
780 		freemsg(m);
781 		goto fail;
782 	}
783 
784 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
785 	    IEEE80211_FC0_TYPE_DATA) {
786 		(void) ieee80211_encap(ic, m, ni);
787 	}
788 
789 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
790 		k = ieee80211_crypto_encap(ic, m);
791 		if (k == NULL) {
792 			sc->sc_tx_err++;
793 			err = DDI_FAILURE;
794 			freemsg(m);
795 			goto fail;
796 		}
797 		/* packet header may have moved, reset our local pointer */
798 		wh = (struct ieee80211_frame *)m->b_rptr;
799 	}
800 
801 	m->b_rptr -= RT2573_TX_DESC_SIZE;	/* restore */
802 	desc = (struct rum_tx_desc *)m->b_rptr;
803 
804 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
805 	    IEEE80211_FC0_TYPE_DATA) {	/* DATA */
806 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
807 			rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
808 		else
809 			rate = ni->in_rates.ir_rates[ni->in_txrate];
810 
811 		rate &= IEEE80211_RATE_VAL;
812 		if (rate <= 0) {
813 			rate = 2;	/* basic rate */
814 		}
815 
816 
817 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
818 			flags |= RT2573_TX_NEED_ACK;
819 			flags |= RT2573_TX_MORE_FRAG;
820 
821 			dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
822 			    ic->ic_flags) + sc->sifs;
823 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
824 		}
825 	} else {	/* MGMT */
826 		rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
827 
828 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
829 			flags |= RT2573_TX_NEED_ACK;
830 
831 			dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
832 			    ic->ic_flags) + sc->sifs;
833 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
834 
835 			/* tell hardware to add timestamp for probe responses */
836 			if ((wh->i_fc[0] &
837 			    (IEEE80211_FC0_TYPE_MASK |
838 			    IEEE80211_FC0_SUBTYPE_MASK)) ==
839 			    (IEEE80211_FC0_TYPE_MGT |
840 			    IEEE80211_FC0_SUBTYPE_PROBE_RESP))
841 				flags |= RT2573_TX_TIMESTAMP;
842 		}
843 	}
844 
845 	pktlen = msgdsize(m) - RT2573_TX_DESC_SIZE;
846 	rum_setup_tx_desc(sc, desc, flags, 0, pktlen, rate);
847 
848 	/* align end on a 4-bytes boundary */
849 	xferlen = (RT2573_TX_DESC_SIZE + pktlen + 3) & ~3;
850 
851 	/*
852 	 * No space left in the last URB to store the extra 4 bytes, force
853 	 * sending of another URB.
854 	 */
855 	if ((xferlen % 64) == 0)
856 		xferlen += 4;
857 
858 	m->b_wptr = m->b_rptr + xferlen;
859 
860 	ral_debug(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
861 	    pktlen, rate, xferlen);
862 
863 	rv = rum_tx_trigger(sc, m);
864 
865 	if (rv == 0) {
866 		ic->ic_stats.is_tx_frags++;
867 		ic->ic_stats.is_tx_bytes += pktlen;
868 	}
869 
870 fail:
871 	if (ni != NULL)
872 		ieee80211_free_node(ni);
873 
874 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
875 	    err == 0) {
876 		freemsg(mp);
877 	}
878 
879 	mutex_exit(&sc->tx_lock);
880 
881 	return (err);
882 }
883 
884 static mblk_t *
885 rum_m_tx(void *arg, mblk_t *mp)
886 {
887 	struct rum_softc *sc = (struct rum_softc *)arg;
888 	struct ieee80211com *ic = &sc->sc_ic;
889 	mblk_t *next;
890 
891 	/*
892 	 * No data frames go out unless we're associated; this
893 	 * should not happen as the 802.11 layer does not enable
894 	 * the xmit queue until we enter the RUN state.
895 	 */
896 	if (ic->ic_state != IEEE80211_S_RUN) {
897 		ral_debug(RAL_DBG_ERR, "rum_m_tx(): "
898 		    "discard, state %u\n", ic->ic_state);
899 		freemsgchain(mp);
900 		return (NULL);
901 	}
902 
903 	while (mp != NULL) {
904 		next = mp->b_next;
905 		mp->b_next = NULL;
906 		if (rum_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
907 			mp->b_next = next;
908 			freemsgchain(mp);
909 			return (NULL);
910 		}
911 		mp = next;
912 	}
913 	return (mp);
914 }
915 
916 static void
917 rum_bbp_write(struct rum_softc *sc, uint8_t reg, uint8_t val)
918 {
919 	uint32_t tmp;
920 	int ntries;
921 
922 	for (ntries = 0; ntries < 5; ntries++) {
923 		if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
924 			break;
925 	}
926 	if (ntries == 5) {
927 		ral_debug(RAL_DBG_ERR,
928 		    "rum_bbp_write(): could not write to BBP\n");
929 		return;
930 	}
931 
932 	tmp = RT2573_BBP_BUSY | (reg & 0x7f) << 8 | val;
933 	rum_write(sc, RT2573_PHY_CSR3, tmp);
934 }
935 
936 static uint8_t
937 rum_bbp_read(struct rum_softc *sc, uint8_t reg)
938 {
939 	uint32_t val;
940 	int ntries;
941 
942 	for (ntries = 0; ntries < 5; ntries++) {
943 		if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
944 			break;
945 	}
946 	if (ntries == 5) {
947 		ral_debug(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
948 		return (0);
949 	}
950 
951 	val = RT2573_BBP_BUSY | RT2573_BBP_READ | reg << 8;
952 	rum_write(sc, RT2573_PHY_CSR3, val);
953 
954 	for (ntries = 0; ntries < 100; ntries++) {
955 		val = rum_read(sc, RT2573_PHY_CSR3);
956 		if (!(val & RT2573_BBP_BUSY))
957 			return (val & 0xff);
958 		drv_usecwait(1);
959 	}
960 
961 	ral_debug(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
962 	return (0);
963 }
964 
965 static void
966 rum_rf_write(struct rum_softc *sc, uint8_t reg, uint32_t val)
967 {
968 	uint32_t tmp;
969 	int ntries;
970 
971 	for (ntries = 0; ntries < 5; ntries++) {
972 		if (!(rum_read(sc, RT2573_PHY_CSR4) & RT2573_RF_BUSY))
973 			break;
974 	}
975 	if (ntries == 5) {
976 		ral_debug(RAL_DBG_ERR,
977 		    "rum_rf_write(): could not write to RF\n");
978 		return;
979 	}
980 
981 	tmp = RT2573_RF_BUSY | RT2573_RF_20BIT | (val & 0xfffff) << 2 |
982 	    (reg & 3);
983 	rum_write(sc, RT2573_PHY_CSR4, tmp);
984 
985 	/* remember last written value in sc */
986 	sc->rf_regs[reg] = val;
987 
988 	ral_debug(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 3, val & 0xfffff);
989 }
990 
991 static void
992 rum_select_antenna(struct rum_softc *sc)
993 {
994 	uint8_t bbp4, bbp77;
995 	uint32_t tmp;
996 
997 	bbp4  = rum_bbp_read(sc, 4);
998 	bbp77 = rum_bbp_read(sc, 77);
999 
1000 	/* make sure Rx is disabled before switching antenna */
1001 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1002 	rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1003 
1004 	rum_bbp_write(sc,  4, bbp4);
1005 	rum_bbp_write(sc, 77, bbp77);
1006 
1007 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1008 }
1009 
1010 /*
1011  * Enable multi-rate retries for frames sent at OFDM rates.
1012  * In 802.11b/g mode, allow fallback to CCK rates.
1013  */
1014 static void
1015 rum_enable_mrr(struct rum_softc *sc)
1016 {
1017 	struct ieee80211com *ic = &sc->sc_ic;
1018 	uint32_t tmp;
1019 
1020 	tmp = rum_read(sc, RT2573_TXRX_CSR4);
1021 
1022 	tmp &= ~RT2573_MRR_CCK_FALLBACK;
1023 	if (!IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
1024 		tmp |= RT2573_MRR_CCK_FALLBACK;
1025 	tmp |= RT2573_MRR_ENABLED;
1026 
1027 	rum_write(sc, RT2573_TXRX_CSR4, tmp);
1028 }
1029 
1030 static void
1031 rum_set_txpreamble(struct rum_softc *sc)
1032 {
1033 	uint32_t tmp;
1034 
1035 	tmp = rum_read(sc, RT2573_TXRX_CSR4);
1036 
1037 	tmp &= ~RT2573_SHORT_PREAMBLE;
1038 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1039 		tmp |= RT2573_SHORT_PREAMBLE;
1040 
1041 	rum_write(sc, RT2573_TXRX_CSR4, tmp);
1042 }
1043 
1044 static void
1045 rum_set_basicrates(struct rum_softc *sc)
1046 {
1047 	struct ieee80211com *ic = &sc->sc_ic;
1048 
1049 	/* update basic rate set */
1050 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1051 		/* 11b basic rates: 1, 2Mbps */
1052 		rum_write(sc, RT2573_TXRX_CSR5, 0x3);
1053 	} else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1054 		/* 11a basic rates: 6, 12, 24Mbps */
1055 		rum_write(sc, RT2573_TXRX_CSR5, 0x150);
1056 	} else {
1057 		/* 11b/g basic rates: 1, 2, 5.5, 11Mbps */
1058 		rum_write(sc, RT2573_TXRX_CSR5, 0xf);
1059 	}
1060 }
1061 
1062 /*
1063  * Reprogram MAC/BBP to switch to a new band.  Values taken from the reference
1064  * driver.
1065  */
1066 static void
1067 rum_select_band(struct rum_softc *sc, struct ieee80211_channel *c)
1068 {
1069 	uint8_t bbp17, bbp35, bbp96, bbp97, bbp98, bbp104;
1070 	uint32_t tmp;
1071 
1072 	/* update all BBP registers that depend on the band */
1073 	bbp17 = 0x20; bbp96 = 0x48; bbp104 = 0x2c;
1074 	bbp35 = 0x50; bbp97 = 0x48; bbp98  = 0x48;
1075 	if (IEEE80211_IS_CHAN_5GHZ(c)) {
1076 		bbp17 += 0x08; bbp96 += 0x10; bbp104 += 0x0c;
1077 		bbp35 += 0x10; bbp97 += 0x10; bbp98  += 0x10;
1078 	}
1079 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1080 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1081 		bbp17 += 0x10; bbp96 += 0x10; bbp104 += 0x10;
1082 	}
1083 
1084 	sc->bbp17 = bbp17;
1085 	rum_bbp_write(sc,  17, bbp17);
1086 	rum_bbp_write(sc,  96, bbp96);
1087 	rum_bbp_write(sc, 104, bbp104);
1088 
1089 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1090 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1091 		rum_bbp_write(sc, 75, 0x80);
1092 		rum_bbp_write(sc, 86, 0x80);
1093 		rum_bbp_write(sc, 88, 0x80);
1094 	}
1095 
1096 	rum_bbp_write(sc, 35, bbp35);
1097 	rum_bbp_write(sc, 97, bbp97);
1098 	rum_bbp_write(sc, 98, bbp98);
1099 
1100 	tmp = rum_read(sc, RT2573_PHY_CSR0);
1101 	tmp &= ~(RT2573_PA_PE_2GHZ | RT2573_PA_PE_5GHZ);
1102 	if (IEEE80211_IS_CHAN_2GHZ(c))
1103 		tmp |= RT2573_PA_PE_2GHZ;
1104 	else
1105 		tmp |= RT2573_PA_PE_5GHZ;
1106 	rum_write(sc, RT2573_PHY_CSR0, tmp);
1107 
1108 	/* 802.11a uses a 16 microseconds short interframe space */
1109 	sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
1110 }
1111 
1112 static void
1113 rum_set_chan(struct rum_softc *sc, struct ieee80211_channel *c)
1114 {
1115 	struct ieee80211com *ic = &sc->sc_ic;
1116 	const struct rfprog *rfprog;
1117 	uint8_t bbp3, bbp94 = RT2573_BBPR94_DEFAULT;
1118 	int8_t power;
1119 	uint_t i, chan;
1120 
1121 	chan = ieee80211_chan2ieee(ic, c);
1122 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1123 		return;
1124 
1125 	/* select the appropriate RF settings based on what EEPROM says */
1126 	rfprog = (sc->rf_rev == RT2573_RF_5225 ||
1127 	    sc->rf_rev == RT2573_RF_2527) ? rum_rf5225 : rum_rf5226;
1128 
1129 	/* find the settings for this channel (we know it exists) */
1130 	for (i = 0; rfprog[i].chan != chan; i++) {
1131 	}
1132 
1133 	power = sc->txpow[i];
1134 	if (power < 0) {
1135 		bbp94 += power;
1136 		power = 0;
1137 	} else if (power > 31) {
1138 		bbp94 += power - 31;
1139 		power = 31;
1140 	}
1141 
1142 	/*
1143 	 * If we are switching from the 2GHz band to the 5GHz band or
1144 	 * vice-versa, BBP registers need to be reprogrammed.
1145 	 */
1146 	if (c->ich_flags != ic->ic_curchan->ich_flags) {
1147 		rum_select_band(sc, c);
1148 		rum_select_antenna(sc);
1149 	}
1150 	ic->ic_curchan = c;
1151 
1152 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1153 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1154 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1155 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1156 
1157 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1158 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1159 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7 | 1);
1160 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1161 
1162 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1163 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1164 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1165 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1166 
1167 	drv_usecwait(10);
1168 
1169 	/* enable smart mode for MIMO-capable RFs */
1170 	bbp3 = rum_bbp_read(sc, 3);
1171 
1172 	bbp3 &= ~RT2573_SMART_MODE;
1173 	if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_2527)
1174 		bbp3 |= RT2573_SMART_MODE;
1175 
1176 	rum_bbp_write(sc, 3, bbp3);
1177 
1178 	if (bbp94 != RT2573_BBPR94_DEFAULT)
1179 		rum_bbp_write(sc, 94, bbp94);
1180 }
1181 
1182 /*
1183  * Enable TSF synchronization and tell h/w to start sending beacons for IBSS
1184  * and HostAP operating modes.
1185  */
1186 static void
1187 rum_enable_tsf_sync(struct rum_softc *sc)
1188 {
1189 	struct ieee80211com *ic = &sc->sc_ic;
1190 	uint32_t tmp;
1191 
1192 	if (ic->ic_opmode != IEEE80211_M_STA) {
1193 		/*
1194 		 * Change default 16ms TBTT adjustment to 8ms.
1195 		 * Must be done before enabling beacon generation.
1196 		 */
1197 		rum_write(sc, RT2573_TXRX_CSR10, 1 << 12 | 8);
1198 	}
1199 
1200 	tmp = rum_read(sc, RT2573_TXRX_CSR9) & 0xff000000;
1201 
1202 	/* set beacon interval (in 1/16ms unit) */
1203 	tmp |= ic->ic_bss->in_intval * 16;
1204 
1205 	tmp |= RT2573_TSF_TICKING | RT2573_ENABLE_TBTT;
1206 	if (ic->ic_opmode == IEEE80211_M_STA)
1207 		tmp |= RT2573_TSF_MODE(1);
1208 	else
1209 		tmp |= RT2573_TSF_MODE(2) | RT2573_GENERATE_BEACON;
1210 
1211 	rum_write(sc, RT2573_TXRX_CSR9, tmp);
1212 }
1213 
1214 /* ARGSUSED */
1215 static void
1216 rum_update_slot(struct ieee80211com *ic, int onoff)
1217 {
1218 	struct rum_softc *sc = (struct rum_softc *)ic;
1219 	uint8_t slottime;
1220 	uint32_t tmp;
1221 
1222 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1223 
1224 	tmp = rum_read(sc, RT2573_MAC_CSR9);
1225 	tmp = (tmp & ~0xff) | slottime;
1226 	rum_write(sc, RT2573_MAC_CSR9, tmp);
1227 
1228 	ral_debug(RAL_DBG_HW, "setting slot time to %uus\n", slottime);
1229 }
1230 
1231 static void
1232 rum_set_bssid(struct rum_softc *sc, const uint8_t *bssid)
1233 {
1234 	uint32_t tmp;
1235 
1236 	tmp = bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24;
1237 	rum_write(sc, RT2573_MAC_CSR4, tmp);
1238 
1239 	tmp = bssid[4] | bssid[5] << 8 | RT2573_ONE_BSSID << 16;
1240 	rum_write(sc, RT2573_MAC_CSR5, tmp);
1241 }
1242 
1243 static void
1244 rum_set_macaddr(struct rum_softc *sc, const uint8_t *addr)
1245 {
1246 	uint32_t tmp;
1247 
1248 	tmp = addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24;
1249 	rum_write(sc, RT2573_MAC_CSR2, tmp);
1250 
1251 	tmp = addr[4] | addr[5] << 8 | 0xff << 16;
1252 	rum_write(sc, RT2573_MAC_CSR3, tmp);
1253 
1254 	ral_debug(RAL_DBG_HW,
1255 	    "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1256 }
1257 
1258 static void
1259 rum_update_promisc(struct rum_softc *sc)
1260 {
1261 	uint32_t tmp;
1262 
1263 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1264 
1265 	tmp &= ~RT2573_DROP_NOT_TO_ME;
1266 	if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1267 		tmp |= RT2573_DROP_NOT_TO_ME;
1268 
1269 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1270 
1271 	ral_debug(RAL_DBG_HW, "%s promiscuous mode\n",
1272 	    (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1273 }
1274 
1275 static const char *
1276 rum_get_rf(int rev)
1277 {
1278 	switch (rev) {
1279 	case RT2573_RF_2527:	return ("RT2527 (MIMO XR)");
1280 	case RT2573_RF_2528:	return ("RT2528");
1281 	case RT2573_RF_5225:	return ("RT5225 (MIMO XR)");
1282 	case RT2573_RF_5226:	return ("RT5226");
1283 	default:		return ("unknown");
1284 	}
1285 }
1286 
1287 static void
1288 rum_read_eeprom(struct rum_softc *sc)
1289 {
1290 	struct ieee80211com *ic = &sc->sc_ic;
1291 	uint16_t val;
1292 
1293 	/* read MAC address */
1294 	rum_eeprom_read(sc, RT2573_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1295 
1296 	rum_eeprom_read(sc, RT2573_EEPROM_ANTENNA, &val, 2);
1297 	val = LE_16(val);
1298 	sc->rf_rev =   (val >> 11) & 0x1f;
1299 	sc->hw_radio = (val >> 10) & 0x1;
1300 	sc->rx_ant =   (val >> 4)  & 0x3;
1301 	sc->tx_ant =   (val >> 2)  & 0x3;
1302 	sc->nb_ant =   val & 0x3;
1303 
1304 	ral_debug(RAL_DBG_HW, "RF revision=%d\n", sc->rf_rev);
1305 
1306 	rum_eeprom_read(sc, RT2573_EEPROM_CONFIG2, &val, 2);
1307 	val = LE_16(val);
1308 	sc->ext_5ghz_lna = (val >> 6) & 0x1;
1309 	sc->ext_2ghz_lna = (val >> 4) & 0x1;
1310 
1311 	ral_debug(RAL_DBG_HW, "External 2GHz LNA=%d\nExternal 5GHz LNA=%d\n",
1312 	    sc->ext_2ghz_lna, sc->ext_5ghz_lna);
1313 
1314 	rum_eeprom_read(sc, RT2573_EEPROM_RSSI_2GHZ_OFFSET, &val, 2);
1315 	val = LE_16(val);
1316 	if ((val & 0xff) != 0xff)
1317 		sc->rssi_2ghz_corr = (int8_t)(val & 0xff);	/* signed */
1318 
1319 	rum_eeprom_read(sc, RT2573_EEPROM_RSSI_5GHZ_OFFSET, &val, 2);
1320 	val = LE_16(val);
1321 	if ((val & 0xff) != 0xff)
1322 		sc->rssi_5ghz_corr = (int8_t)(val & 0xff);	/* signed */
1323 
1324 	ral_debug(RAL_DBG_HW, "RSSI 2GHz corr=%d\nRSSI 5GHz corr=%d\n",
1325 	    sc->rssi_2ghz_corr, sc->rssi_5ghz_corr);
1326 
1327 	rum_eeprom_read(sc, RT2573_EEPROM_FREQ_OFFSET, &val, 2);
1328 	val = LE_16(val);
1329 	if ((val & 0xff) != 0xff)
1330 		sc->rffreq = val & 0xff;
1331 
1332 	ral_debug(RAL_DBG_HW, "RF freq=%d\n", sc->rffreq);
1333 
1334 	/* read Tx power for all a/b/g channels */
1335 	rum_eeprom_read(sc, RT2573_EEPROM_TXPOWER, sc->txpow, 14);
1336 	/* default Tx power for 802.11a channels */
1337 	(void) memset(sc->txpow + 14, 24, sizeof (sc->txpow) - 14);
1338 
1339 	/* read default values for BBP registers */
1340 	rum_eeprom_read(sc, RT2573_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1341 }
1342 
1343 static int
1344 rum_bbp_init(struct rum_softc *sc)
1345 {
1346 	int i, ntries;
1347 
1348 	/* wait for BBP to be ready */
1349 	for (ntries = 0; ntries < 100; ntries++) {
1350 		const uint8_t val = rum_bbp_read(sc, 0);
1351 		if (val != 0 && val != 0xff)
1352 			break;
1353 		drv_usecwait(1000);
1354 	}
1355 	if (ntries == 100) {
1356 		ral_debug(RAL_DBG_ERR, "timeout waiting for BBP\n");
1357 		return (EIO);
1358 	}
1359 
1360 	/* initialize BBP registers to default values */
1361 	for (i = 0; i < RUM_N(rum_def_bbp); i++)
1362 		rum_bbp_write(sc, rum_def_bbp[i].reg, rum_def_bbp[i].val);
1363 
1364 	/* write vendor-specific BBP values (from EEPROM) */
1365 	for (i = 0; i < 16; i++) {
1366 		if (sc->bbp_prom[i].reg == 0 || sc->bbp_prom[i].reg == 0xff)
1367 			continue;
1368 		rum_bbp_write(sc, sc->bbp_prom[i].reg, sc->bbp_prom[i].val);
1369 	}
1370 
1371 	return (0);
1372 }
1373 
1374 /*
1375  * This function is called periodically (every 200ms) during scanning to
1376  * switch from one channel to another.
1377  */
1378 static void
1379 rum_next_scan(void *arg)
1380 {
1381 	struct rum_softc *sc = arg;
1382 	struct ieee80211com *ic = &sc->sc_ic;
1383 
1384 	if (ic->ic_state == IEEE80211_S_SCAN)
1385 		ieee80211_next_scan(ic);
1386 }
1387 
1388 static int
1389 rum_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1390 {
1391 	struct rum_softc *sc = (struct rum_softc *)ic;
1392 	enum ieee80211_state ostate;
1393 	struct ieee80211_node *ni;
1394 	int err;
1395 	uint32_t tmp;
1396 
1397 	RAL_LOCK(sc);
1398 
1399 	ostate = ic->ic_state;
1400 
1401 	if (sc->sc_scan_id != 0) {
1402 		(void) untimeout(sc->sc_scan_id);
1403 		sc->sc_scan_id = 0;
1404 	}
1405 
1406 	if (sc->sc_amrr_id != 0) {
1407 		(void) untimeout(sc->sc_amrr_id);
1408 		sc->sc_amrr_id = 0;
1409 	}
1410 
1411 	switch (nstate) {
1412 	case IEEE80211_S_INIT:
1413 		if (ostate == IEEE80211_S_RUN) {
1414 			/* abort TSF synchronization */
1415 			tmp = rum_read(sc, RT2573_TXRX_CSR9);
1416 			rum_write(sc, RT2573_TXRX_CSR9, tmp & ~0x00ffffff);
1417 		}
1418 		break;
1419 
1420 	case IEEE80211_S_SCAN:
1421 		rum_set_chan(sc, ic->ic_curchan);
1422 		sc->sc_scan_id = timeout(rum_next_scan, (void *)sc,
1423 		    drv_usectohz(sc->dwelltime * 1000));
1424 		break;
1425 
1426 	case IEEE80211_S_AUTH:
1427 		rum_set_chan(sc, ic->ic_curchan);
1428 		break;
1429 
1430 	case IEEE80211_S_ASSOC:
1431 		rum_set_chan(sc, ic->ic_curchan);
1432 		break;
1433 
1434 	case IEEE80211_S_RUN:
1435 		rum_set_chan(sc, ic->ic_curchan);
1436 
1437 		ni = ic->ic_bss;
1438 
1439 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1440 			rum_update_slot(ic, 1);
1441 			rum_enable_mrr(sc);
1442 			rum_set_txpreamble(sc);
1443 			rum_set_basicrates(sc);
1444 			rum_set_bssid(sc, ni->in_bssid);
1445 		}
1446 
1447 		if (ic->ic_opmode != IEEE80211_M_MONITOR)
1448 			rum_enable_tsf_sync(sc);
1449 
1450 		/* enable automatic rate adaptation in STA mode */
1451 		if (ic->ic_opmode == IEEE80211_M_STA &&
1452 		    ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1453 			rum_amrr_start(sc, ni);
1454 		break;
1455 	}
1456 
1457 	RAL_UNLOCK(sc);
1458 
1459 	err = sc->sc_newstate(ic, nstate, arg);
1460 	/*
1461 	 * Finally, start any timers.
1462 	 */
1463 	if (nstate == IEEE80211_S_RUN)
1464 		ieee80211_start_watchdog(ic, 1);
1465 
1466 	return (err);
1467 }
1468 
1469 static void
1470 rum_close_pipes(struct rum_softc *sc)
1471 {
1472 	usb_flags_t flags = USB_FLAGS_SLEEP;
1473 
1474 	if (sc->sc_rx_pipeh != NULL) {
1475 		usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1476 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1477 		sc->sc_rx_pipeh = NULL;
1478 	}
1479 
1480 	if (sc->sc_tx_pipeh != NULL) {
1481 		usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1482 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1483 		sc->sc_tx_pipeh = NULL;
1484 	}
1485 }
1486 
1487 static int
1488 rum_open_pipes(struct rum_softc *sc)
1489 {
1490 	usb_ep_data_t *ep_node;
1491 	usb_pipe_policy_t policy;
1492 	int err;
1493 
1494 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1495 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1496 
1497 	bzero(&policy, sizeof (usb_pipe_policy_t));
1498 	policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1499 
1500 	if ((err = usb_pipe_open(sc->sc_dev,
1501 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1502 	    &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1503 		ral_debug(RAL_DBG_ERR,
1504 		    "rum_open_pipes(): %x failed to open tx pipe\n", err);
1505 		goto fail;
1506 	}
1507 
1508 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1509 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1510 
1511 	bzero(&policy, sizeof (usb_pipe_policy_t));
1512 	policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1513 
1514 	if ((err = usb_pipe_open(sc->sc_dev,
1515 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1516 	    &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1517 		ral_debug(RAL_DBG_ERR,
1518 		    "rum_open_pipes(): %x failed to open rx pipe\n", err);
1519 		goto fail;
1520 	}
1521 
1522 	return (USB_SUCCESS);
1523 
1524 fail:
1525 	if (sc->sc_rx_pipeh != NULL) {
1526 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1527 		    USB_FLAGS_SLEEP, NULL, 0);
1528 		sc->sc_rx_pipeh = NULL;
1529 	}
1530 
1531 	if (sc->sc_tx_pipeh != NULL) {
1532 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1533 		    USB_FLAGS_SLEEP, NULL, 0);
1534 		sc->sc_tx_pipeh = NULL;
1535 	}
1536 
1537 	return (USB_FAILURE);
1538 }
1539 
1540 static int
1541 rum_tx_trigger(struct rum_softc *sc, mblk_t *mp)
1542 {
1543 	usb_bulk_req_t *req;
1544 	int err;
1545 
1546 	sc->sc_tx_timer = RUM_TX_TIMEOUT;
1547 
1548 	req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1549 	if (req == NULL) {
1550 		ral_debug(RAL_DBG_ERR,
1551 		    "rum_tx_trigger(): failed to allocate req");
1552 		freemsg(mp);
1553 		return (-1);
1554 	}
1555 
1556 	req->bulk_len		= msgdsize(mp);
1557 	req->bulk_data		= mp;
1558 	req->bulk_client_private = (usb_opaque_t)sc;
1559 	req->bulk_timeout	= RUM_TX_TIMEOUT;
1560 	req->bulk_attributes	= USB_ATTRS_AUTOCLEARING;
1561 	req->bulk_cb		= rum_txeof;
1562 	req->bulk_exc_cb	= rum_txeof;
1563 	req->bulk_completion_reason = 0;
1564 	req->bulk_cb_flags	= 0;
1565 
1566 	if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1567 	    != USB_SUCCESS) {
1568 
1569 		ral_debug(RAL_DBG_ERR, "rum_tx_trigger(): "
1570 		    "failed to do tx xfer, %d", err);
1571 		usb_free_bulk_req(req);
1572 		return (-1);
1573 	}
1574 
1575 	sc->tx_queued++;
1576 
1577 	return (0);
1578 }
1579 
1580 static int
1581 rum_rx_trigger(struct rum_softc *sc)
1582 {
1583 	usb_bulk_req_t *req;
1584 	int err;
1585 
1586 	req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1587 	if (req == NULL) {
1588 		ral_debug(RAL_DBG_ERR,
1589 		    "rum_rx_trigger(): failed to allocate req");
1590 		return (-1);
1591 	}
1592 
1593 	req->bulk_len		= RAL_RXBUF_SIZE;
1594 	req->bulk_client_private = (usb_opaque_t)sc;
1595 	req->bulk_timeout	= 0;
1596 	req->bulk_attributes	= USB_ATTRS_SHORT_XFER_OK
1597 	    | USB_ATTRS_AUTOCLEARING;
1598 	req->bulk_cb		= rum_rxeof;
1599 	req->bulk_exc_cb	= rum_rxeof;
1600 	req->bulk_completion_reason = 0;
1601 	req->bulk_cb_flags	= 0;
1602 
1603 	err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1604 
1605 	if (err != USB_SUCCESS) {
1606 		ral_debug(RAL_DBG_ERR, "rum_rx_trigger(): "
1607 		    "failed to do rx xfer, %d", err);
1608 		usb_free_bulk_req(req);
1609 
1610 		return (-1);
1611 	}
1612 
1613 	mutex_enter(&sc->rx_lock);
1614 	sc->rx_queued++;
1615 	mutex_exit(&sc->rx_lock);
1616 
1617 	return (0);
1618 }
1619 
1620 static void
1621 rum_init_tx_queue(struct rum_softc *sc)
1622 {
1623 	sc->tx_queued = 0;
1624 }
1625 
1626 static int
1627 rum_init_rx_queue(struct rum_softc *sc)
1628 {
1629 	int	i;
1630 
1631 	sc->rx_queued = 0;
1632 
1633 	for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1634 		if (rum_rx_trigger(sc) != 0) {
1635 			return (USB_FAILURE);
1636 		}
1637 	}
1638 
1639 	return (USB_SUCCESS);
1640 }
1641 
1642 static void
1643 rum_stop(struct rum_softc *sc)
1644 {
1645 	struct ieee80211com *ic = &sc->sc_ic;
1646 	uint32_t tmp;
1647 
1648 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1649 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1650 
1651 	RAL_LOCK(sc);
1652 
1653 	sc->sc_tx_timer = 0;
1654 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1655 
1656 	/* disable Rx */
1657 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1658 	rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1659 
1660 	/* reset ASIC */
1661 	rum_write(sc, RT2573_MAC_CSR1, 3);
1662 	rum_write(sc, RT2573_MAC_CSR1, 0);
1663 
1664 	rum_close_pipes(sc);
1665 
1666 	RAL_UNLOCK(sc);
1667 }
1668 
1669 static int
1670 rum_init(struct rum_softc *sc)
1671 {
1672 	struct ieee80211com *ic = &sc->sc_ic;
1673 	uint32_t tmp;
1674 	int i, ntries;
1675 
1676 	rum_stop(sc);
1677 
1678 	/* initialize MAC registers to default values */
1679 	for (i = 0; i < RUM_N(rum_def_mac); i++)
1680 		rum_write(sc, rum_def_mac[i].reg, rum_def_mac[i].val);
1681 
1682 	/* set host ready */
1683 	rum_write(sc, RT2573_MAC_CSR1, 3);
1684 	rum_write(sc, RT2573_MAC_CSR1, 0);
1685 
1686 	/* wait for BBP/RF to wakeup */
1687 	for (ntries = 0; ntries < 1000; ntries++) {
1688 		if (rum_read(sc, RT2573_MAC_CSR12) & 8)
1689 			break;
1690 		rum_write(sc, RT2573_MAC_CSR12, 4);	/* force wakeup */
1691 		drv_usecwait(1000);
1692 	}
1693 	if (ntries == 1000) {
1694 		ral_debug(RAL_DBG_ERR,
1695 		    "rum_init(): timeout waiting for BBP/RF to wakeup\n");
1696 		goto fail;
1697 	}
1698 
1699 	if (rum_bbp_init(sc) != 0)
1700 		goto fail;
1701 
1702 	/* select default channel */
1703 	rum_select_band(sc, ic->ic_curchan);
1704 	rum_select_antenna(sc);
1705 	rum_set_chan(sc, ic->ic_curchan);
1706 
1707 	/* clear STA registers */
1708 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1709 
1710 	rum_set_macaddr(sc, ic->ic_macaddr);
1711 
1712 	/* initialize ASIC */
1713 	rum_write(sc, RT2573_MAC_CSR1, 4);
1714 
1715 	if (rum_open_pipes(sc) != USB_SUCCESS) {
1716 		ral_debug(RAL_DBG_ERR, "rum_init(): "
1717 		    "could not open pipes.\n");
1718 		goto fail;
1719 	}
1720 
1721 	rum_init_tx_queue(sc);
1722 
1723 	if (rum_init_rx_queue(sc) != USB_SUCCESS)
1724 		goto fail;
1725 
1726 	/* update Rx filter */
1727 	tmp = rum_read(sc, RT2573_TXRX_CSR0) & 0xffff;
1728 	tmp |= RT2573_DROP_PHY_ERROR | RT2573_DROP_CRC_ERROR;
1729 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1730 		tmp |= RT2573_DROP_CTL | RT2573_DROP_VER_ERROR |
1731 		    RT2573_DROP_ACKCTS;
1732 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1733 			tmp |= RT2573_DROP_TODS;
1734 		if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1735 			tmp |= RT2573_DROP_NOT_TO_ME;
1736 	}
1737 
1738 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1739 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1740 
1741 	return (DDI_SUCCESS);
1742 fail:
1743 	rum_stop(sc);
1744 	return (DDI_FAILURE);
1745 }
1746 
1747 static int
1748 rum_disconnect(dev_info_t *devinfo)
1749 {
1750 	struct rum_softc *sc;
1751 	struct ieee80211com *ic;
1752 
1753 	/*
1754 	 * We can't call rum_stop() here, since the hardware is removed,
1755 	 * we can't access the register anymore.
1756 	 */
1757 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1758 	ASSERT(sc != NULL);
1759 
1760 	if (!RAL_IS_RUNNING(sc))	/* different device or not inited */
1761 		return (DDI_SUCCESS);
1762 
1763 	ic = &sc->sc_ic;
1764 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1765 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1766 
1767 	RAL_LOCK(sc);
1768 
1769 	sc->sc_tx_timer = 0;
1770 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1771 
1772 	rum_close_pipes(sc);
1773 
1774 	RAL_UNLOCK(sc);
1775 
1776 	return (DDI_SUCCESS);
1777 }
1778 
1779 static int
1780 rum_reconnect(dev_info_t *devinfo)
1781 {
1782 	struct rum_softc *sc;
1783 	int err;
1784 
1785 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1786 	ASSERT(sc != NULL);
1787 
1788 	/* check device changes after disconnect */
1789 	if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1790 	    USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1791 		ral_debug(RAL_DBG_ERR, "different device connected\n");
1792 		return (DDI_FAILURE);
1793 	}
1794 
1795 	err = rum_load_microcode(sc);
1796 	if (err != USB_SUCCESS) {
1797 		ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
1798 		goto fail;
1799 	}
1800 
1801 	err = rum_init(sc);
1802 fail:
1803 	return (err);
1804 }
1805 
1806 static void
1807 rum_resume(struct rum_softc *sc)
1808 {
1809 	int err;
1810 
1811 	/* check device changes after suspend */
1812 	if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1813 	    USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1814 		ral_debug(RAL_DBG_ERR, "no or different device connected\n");
1815 		return;
1816 	}
1817 
1818 	err = rum_load_microcode(sc);
1819 	if (err != USB_SUCCESS) {
1820 		ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
1821 		return;
1822 	}
1823 
1824 	(void) rum_init(sc);
1825 }
1826 
1827 #define	RUM_AMRR_MIN_SUCCESS_THRESHOLD	1
1828 #define	RUM_AMRR_MAX_SUCCESS_THRESHOLD	10
1829 
1830 /*
1831  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1832  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1833  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1834  * INRIA Sophia - Projet Planete
1835  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1836  *
1837  * This algorithm is particularly well suited for rum since it does not
1838  * require per-frame retry statistics.  Note however that since h/w does
1839  * not provide per-frame stats, we can't do per-node rate adaptation and
1840  * thus automatic rate adaptation is only enabled in STA operating mode.
1841  */
1842 #define	is_success(amrr)	\
1843 	((amrr)->retrycnt < (amrr)->txcnt / 10)
1844 #define	is_failure(amrr)	\
1845 	((amrr)->retrycnt > (amrr)->txcnt / 3)
1846 #define	is_enough(amrr)		\
1847 	((amrr)->txcnt > 10)
1848 #define	is_min_rate(ni)		\
1849 	((ni)->in_txrate == 0)
1850 #define	is_max_rate(ni)		\
1851 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1852 #define	increase_rate(ni)	\
1853 	((ni)->in_txrate++)
1854 #define	decrease_rate(ni)	\
1855 	((ni)->in_txrate--)
1856 #define	reset_cnt(amrr)	do {	\
1857 	(amrr)->txcnt = (amrr)->retrycnt = 0;	\
1858 	_NOTE(CONSTCOND)	\
1859 } while (/* CONSTCOND */0)
1860 
1861 static void
1862 rum_ratectl(struct rum_amrr *amrr, struct ieee80211_node *ni)
1863 {
1864 	int need_change = 0;
1865 
1866 	if (is_success(amrr) && is_enough(amrr)) {
1867 		amrr->success++;
1868 		if (amrr->success >= amrr->success_threshold &&
1869 		    !is_max_rate(ni)) {
1870 			amrr->recovery = 1;
1871 			amrr->success = 0;
1872 			increase_rate(ni);
1873 			need_change = 1;
1874 		} else {
1875 			amrr->recovery = 0;
1876 		}
1877 	} else if (is_failure(amrr)) {
1878 		amrr->success = 0;
1879 		if (!is_min_rate(ni)) {
1880 			if (amrr->recovery) {
1881 				amrr->success_threshold *= 2;
1882 				if (amrr->success_threshold >
1883 				    RUM_AMRR_MAX_SUCCESS_THRESHOLD)
1884 					amrr->success_threshold =
1885 					    RUM_AMRR_MAX_SUCCESS_THRESHOLD;
1886 			} else {
1887 				amrr->success_threshold =
1888 				    RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1889 			}
1890 			decrease_rate(ni);
1891 			need_change = 1;
1892 		}
1893 		amrr->recovery = 0;	/* original paper was incorrect */
1894 	}
1895 
1896 	if (is_enough(amrr) || need_change)
1897 		reset_cnt(amrr);
1898 }
1899 
1900 static void
1901 rum_amrr_timeout(void *arg)
1902 {
1903 	struct rum_softc *sc = (struct rum_softc *)arg;
1904 	struct rum_amrr *amrr = &sc->amrr;
1905 
1906 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1907 
1908 	/* count TX retry-fail as Tx errors */
1909 	sc->sc_tx_err += LE_32(sc->sta[5]) >> 16;
1910 	sc->sc_tx_retries += ((LE_32(sc->sta[4]) >> 16) +
1911 	    (LE_32(sc->sta[5]) & 0xffff));
1912 
1913 	amrr->retrycnt =
1914 	    (LE_32(sc->sta[4]) >> 16) +		/* TX one-retry ok count */
1915 	    (LE_32(sc->sta[5]) & 0xffff) +	/* TX more-retry ok count */
1916 	    (LE_32(sc->sta[5]) >> 16);		/* TX retry-fail count */
1917 
1918 	amrr->txcnt =
1919 	    amrr->retrycnt +
1920 	    (LE_32(sc->sta[4]) & 0xffff);	/* TX no-retry ok count */
1921 
1922 	rum_ratectl(amrr, sc->sc_ic.ic_bss);
1923 
1924 	sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1925 	    drv_usectohz(1000 * 1000)); /* 1 second */
1926 }
1927 
1928 static void
1929 rum_amrr_start(struct rum_softc *sc, struct ieee80211_node *ni)
1930 {
1931 	struct rum_amrr *amrr = &sc->amrr;
1932 	int i;
1933 
1934 	/* clear statistic registers (STA_CSR0 to STA_CSR5) */
1935 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1936 
1937 	amrr->success = 0;
1938 	amrr->recovery = 0;
1939 	amrr->txcnt = amrr->retrycnt = 0;
1940 	amrr->success_threshold = RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1941 
1942 	/* set rate to some reasonable initial value */
1943 	for (i = ni->in_rates.ir_nrates - 1;
1944 	    i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1945 	    i--) {
1946 	}
1947 
1948 	ni->in_txrate = i;
1949 
1950 	sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1951 	    drv_usectohz(1000 * 1000)); /* 1 second */
1952 }
1953 
1954 void
1955 rum_watchdog(void *arg)
1956 {
1957 	struct rum_softc *sc = arg;
1958 	struct ieee80211com *ic = &sc->sc_ic;
1959 	int ntimer = 0;
1960 
1961 	RAL_LOCK(sc);
1962 	ic->ic_watchdog_timer = 0;
1963 
1964 	if (!RAL_IS_RUNNING(sc)) {
1965 		RAL_UNLOCK(sc);
1966 		return;
1967 	}
1968 
1969 	if (sc->sc_tx_timer > 0) {
1970 		if (--sc->sc_tx_timer == 0) {
1971 			ral_debug(RAL_DBG_ERR, "tx timer timeout\n");
1972 			RAL_UNLOCK(sc);
1973 			(void) rum_init(sc);
1974 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1975 			return;
1976 		}
1977 	}
1978 
1979 	if (ic->ic_state == IEEE80211_S_RUN)
1980 		ntimer = 1;
1981 
1982 	RAL_UNLOCK(sc);
1983 
1984 	ieee80211_watchdog(ic);
1985 
1986 	if (ntimer)
1987 		ieee80211_start_watchdog(ic, ntimer);
1988 }
1989 
1990 static int
1991 rum_m_start(void *arg)
1992 {
1993 	struct rum_softc *sc = (struct rum_softc *)arg;
1994 	int err;
1995 
1996 	/*
1997 	 * initialize RT2501USB hardware
1998 	 */
1999 	err = rum_init(sc);
2000 	if (err != DDI_SUCCESS) {
2001 		ral_debug(RAL_DBG_ERR, "device configuration failed\n");
2002 		goto fail;
2003 	}
2004 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
2005 	return (err);
2006 
2007 fail:
2008 	rum_stop(sc);
2009 	return (err);
2010 }
2011 
2012 static void
2013 rum_m_stop(void *arg)
2014 {
2015 	struct rum_softc *sc = (struct rum_softc *)arg;
2016 
2017 	(void) rum_stop(sc);
2018 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
2019 }
2020 
2021 static int
2022 rum_m_unicst(void *arg, const uint8_t *macaddr)
2023 {
2024 	struct rum_softc *sc = (struct rum_softc *)arg;
2025 	struct ieee80211com *ic = &sc->sc_ic;
2026 
2027 	ral_debug(RAL_DBG_MSG, "rum_m_unicst(): " MACSTR "\n",
2028 	    MAC2STR(macaddr));
2029 
2030 	IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2031 	(void) rum_set_macaddr(sc, (uint8_t *)macaddr);
2032 	(void) rum_init(sc);
2033 
2034 	return (0);
2035 }
2036 
2037 /*ARGSUSED*/
2038 static int
2039 rum_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2040 {
2041 	return (0);
2042 }
2043 
2044 static int
2045 rum_m_promisc(void *arg, boolean_t on)
2046 {
2047 	struct rum_softc *sc = (struct rum_softc *)arg;
2048 
2049 	if (on) {
2050 		sc->sc_rcr |= RAL_RCR_PROMISC;
2051 		sc->sc_rcr |= RAL_RCR_MULTI;
2052 	} else {
2053 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2054 		sc->sc_rcr &= ~RAL_RCR_MULTI;
2055 	}
2056 
2057 	rum_update_promisc(sc);
2058 	return (0);
2059 }
2060 
2061 /*
2062  * callback functions for /get/set properties
2063  */
2064 static int
2065 rum_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2066     uint_t wldp_length, const void *wldp_buf)
2067 {
2068 	struct rum_softc *sc = (struct rum_softc *)arg;
2069 	struct ieee80211com *ic = &sc->sc_ic;
2070 	int err;
2071 
2072 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2073 	    wldp_length, wldp_buf);
2074 	RAL_LOCK(sc);
2075 	if (err == ENETRESET) {
2076 		if (RAL_IS_RUNNING(sc)) {
2077 			RAL_UNLOCK(sc);
2078 			(void) rum_init(sc);
2079 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2080 			RAL_LOCK(sc);
2081 		}
2082 		err = 0;
2083 	}
2084 	RAL_UNLOCK(sc);
2085 
2086 	return (err);
2087 }
2088 
2089 static int
2090 rum_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2091     uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm)
2092 {
2093 	struct rum_softc *sc = (struct rum_softc *)arg;
2094 	int err;
2095 
2096 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2097 	    pr_flags, wldp_length, wldp_buf, perm);
2098 
2099 	return (err);
2100 }
2101 
2102 static void
2103 rum_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2104 {
2105 	struct rum_softc *sc = (struct rum_softc *)arg;
2106 	struct ieee80211com *ic = &sc->sc_ic;
2107 	int err;
2108 
2109 	err = ieee80211_ioctl(ic, wq, mp);
2110 	RAL_LOCK(sc);
2111 	if (err == ENETRESET) {
2112 		if (RAL_IS_RUNNING(sc)) {
2113 			RAL_UNLOCK(sc);
2114 			(void) rum_init(sc);
2115 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2116 			RAL_LOCK(sc);
2117 		}
2118 	}
2119 	RAL_UNLOCK(sc);
2120 }
2121 
2122 static int
2123 rum_m_stat(void *arg, uint_t stat, uint64_t *val)
2124 {
2125 	struct rum_softc *sc  = (struct rum_softc *)arg;
2126 	ieee80211com_t	*ic = &sc->sc_ic;
2127 	ieee80211_node_t *ni;
2128 	struct ieee80211_rateset *rs;
2129 
2130 	RAL_LOCK(sc);
2131 
2132 	ni = ic->ic_bss;
2133 	rs = &ni->in_rates;
2134 
2135 	switch (stat) {
2136 	case MAC_STAT_IFSPEED:
2137 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2138 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2139 		    : ic->ic_fixed_rate) * 500000ull;
2140 		break;
2141 	case MAC_STAT_NOXMTBUF:
2142 		*val = sc->sc_tx_nobuf;
2143 		break;
2144 	case MAC_STAT_NORCVBUF:
2145 		*val = sc->sc_rx_nobuf;
2146 		break;
2147 	case MAC_STAT_IERRORS:
2148 		*val = sc->sc_rx_err;
2149 		break;
2150 	case MAC_STAT_RBYTES:
2151 		*val = ic->ic_stats.is_rx_bytes;
2152 		break;
2153 	case MAC_STAT_IPACKETS:
2154 		*val = ic->ic_stats.is_rx_frags;
2155 		break;
2156 	case MAC_STAT_OBYTES:
2157 		*val = ic->ic_stats.is_tx_bytes;
2158 		break;
2159 	case MAC_STAT_OPACKETS:
2160 		*val = ic->ic_stats.is_tx_frags;
2161 		break;
2162 	case MAC_STAT_OERRORS:
2163 	case WIFI_STAT_TX_FAILED:
2164 		*val = sc->sc_tx_err;
2165 		break;
2166 	case WIFI_STAT_TX_RETRANS:
2167 		*val = sc->sc_tx_retries;
2168 		break;
2169 	case WIFI_STAT_FCS_ERRORS:
2170 	case WIFI_STAT_WEP_ERRORS:
2171 	case WIFI_STAT_TX_FRAGS:
2172 	case WIFI_STAT_MCAST_TX:
2173 	case WIFI_STAT_RTS_SUCCESS:
2174 	case WIFI_STAT_RTS_FAILURE:
2175 	case WIFI_STAT_ACK_FAILURE:
2176 	case WIFI_STAT_RX_FRAGS:
2177 	case WIFI_STAT_MCAST_RX:
2178 	case WIFI_STAT_RX_DUPS:
2179 		RAL_UNLOCK(sc);
2180 		return (ieee80211_stat(ic, stat, val));
2181 	default:
2182 		RAL_UNLOCK(sc);
2183 		return (ENOTSUP);
2184 	}
2185 	RAL_UNLOCK(sc);
2186 
2187 	return (0);
2188 }
2189 
2190 static int
2191 rum_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2192 {
2193 	struct rum_softc *sc;
2194 	struct ieee80211com *ic;
2195 	int err, i, ntries;
2196 	uint32_t tmp;
2197 	int instance;
2198 
2199 	char strbuf[32];
2200 
2201 	wifi_data_t wd = { 0 };
2202 	mac_register_t *macp;
2203 
2204 	switch (cmd) {
2205 	case DDI_ATTACH:
2206 		break;
2207 	case DDI_RESUME:
2208 		sc = ddi_get_soft_state(rum_soft_state_p,
2209 		    ddi_get_instance(devinfo));
2210 		ASSERT(sc != NULL);
2211 		rum_resume(sc);
2212 		return (DDI_SUCCESS);
2213 	default:
2214 		return (DDI_FAILURE);
2215 	}
2216 
2217 	instance = ddi_get_instance(devinfo);
2218 
2219 	if (ddi_soft_state_zalloc(rum_soft_state_p, instance) != DDI_SUCCESS) {
2220 		ral_debug(RAL_DBG_MSG, "rum_attach(): "
2221 		    "unable to alloc soft_state_p\n");
2222 		return (DDI_FAILURE);
2223 	}
2224 
2225 	sc = ddi_get_soft_state(rum_soft_state_p, instance);
2226 	ic = (ieee80211com_t *)&sc->sc_ic;
2227 	sc->sc_dev = devinfo;
2228 
2229 	if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2230 		ral_debug(RAL_DBG_ERR,
2231 		    "rum_attach(): usb_client_attach failed\n");
2232 		goto fail1;
2233 	}
2234 
2235 	if (usb_get_dev_data(devinfo, &sc->sc_udev,
2236 	    USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2237 		sc->sc_udev = NULL;
2238 		goto fail2;
2239 	}
2240 
2241 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2242 	mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2243 	mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2244 
2245 	/* retrieve RT2573 rev. no */
2246 	for (ntries = 0; ntries < 1000; ntries++) {
2247 		if ((tmp = rum_read(sc, RT2573_MAC_CSR0)) != 0)
2248 			break;
2249 		drv_usecwait(1000);
2250 	}
2251 	if (ntries == 1000) {
2252 		ral_debug(RAL_DBG_ERR,
2253 		    "rum_attach(): timeout waiting for chip to settle\n");
2254 		goto fail3;
2255 	}
2256 
2257 	/* retrieve MAC address and various other things from EEPROM */
2258 	rum_read_eeprom(sc);
2259 
2260 	ral_debug(RAL_DBG_MSG, "rum: MAC/BBP RT2573 (rev 0x%05x), RF %s\n",
2261 	    tmp, rum_get_rf(sc->rf_rev));
2262 
2263 	err = rum_load_microcode(sc);
2264 	if (err != USB_SUCCESS) {
2265 		ral_debug(RAL_DBG_ERR, "could not load 8051 microcode\n");
2266 		goto fail3;
2267 	}
2268 
2269 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
2270 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
2271 	ic->ic_state = IEEE80211_S_INIT;
2272 
2273 	ic->ic_maxrssi = 63;
2274 	ic->ic_set_shortslot = rum_update_slot;
2275 	ic->ic_xmit = rum_send;
2276 
2277 	/* set device capabilities */
2278 	ic->ic_caps =
2279 	    IEEE80211_C_TXPMGT |	/* tx power management */
2280 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2281 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2282 
2283 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2284 
2285 #define	IEEE80211_CHAN_A	\
2286 	(IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2287 
2288 	if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_5226) {
2289 		/* set supported .11a rates */
2290 		ic->ic_sup_rates[IEEE80211_MODE_11A] = rum_rateset_11a;
2291 
2292 		/* set supported .11a channels */
2293 		for (i = 34; i <= 46; i += 4) {
2294 			ic->ic_sup_channels[i].ich_freq =
2295 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2296 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2297 		}
2298 		for (i = 36; i <= 64; i += 4) {
2299 			ic->ic_sup_channels[i].ich_freq =
2300 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2301 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2302 		}
2303 		for (i = 100; i <= 140; i += 4) {
2304 			ic->ic_sup_channels[i].ich_freq =
2305 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2306 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2307 		}
2308 		for (i = 149; i <= 165; i += 4) {
2309 			ic->ic_sup_channels[i].ich_freq =
2310 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2311 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2312 		}
2313 	}
2314 
2315 	/* set supported .11b and .11g rates */
2316 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rum_rateset_11b;
2317 	ic->ic_sup_rates[IEEE80211_MODE_11G] = rum_rateset_11g;
2318 
2319 	/* set supported .11b and .11g channels (1 through 14) */
2320 	for (i = 1; i <= 14; i++) {
2321 		ic->ic_sup_channels[i].ich_freq =
2322 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2323 		ic->ic_sup_channels[i].ich_flags =
2324 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2325 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2326 	}
2327 
2328 	ieee80211_attach(ic);
2329 
2330 	/* register WPA door */
2331 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2332 	    ddi_get_instance(devinfo));
2333 
2334 	/* override state transition machine */
2335 	sc->sc_newstate = ic->ic_newstate;
2336 	ic->ic_newstate = rum_newstate;
2337 	ic->ic_watchdog = rum_watchdog;
2338 	ieee80211_media_init(ic);
2339 	ic->ic_def_txkey = 0;
2340 
2341 	sc->sc_rcr = 0;
2342 	sc->dwelltime = 300;
2343 	sc->sc_flags = 0;
2344 
2345 	/*
2346 	 * Provide initial settings for the WiFi plugin; whenever this
2347 	 * information changes, we need to call mac_plugindata_update()
2348 	 */
2349 	wd.wd_opmode = ic->ic_opmode;
2350 	wd.wd_secalloc = WIFI_SEC_NONE;
2351 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2352 
2353 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2354 		ral_debug(RAL_DBG_ERR, "rum_attach(): "
2355 		    "MAC version mismatch\n");
2356 		goto fail3;
2357 	}
2358 
2359 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
2360 	macp->m_driver		= sc;
2361 	macp->m_dip		= devinfo;
2362 	macp->m_src_addr	= ic->ic_macaddr;
2363 	macp->m_callbacks	= &rum_m_callbacks;
2364 	macp->m_min_sdu		= 0;
2365 	macp->m_max_sdu		= IEEE80211_MTU;
2366 	macp->m_pdata		= &wd;
2367 	macp->m_pdata_size	= sizeof (wd);
2368 
2369 	err = mac_register(macp, &ic->ic_mach);
2370 	mac_free(macp);
2371 	if (err != 0) {
2372 		ral_debug(RAL_DBG_ERR, "rum_attach(): "
2373 		    "mac_register() err %x\n", err);
2374 		goto fail3;
2375 	}
2376 
2377 	if (usb_register_hotplug_cbs(devinfo, rum_disconnect,
2378 	    rum_reconnect) != USB_SUCCESS) {
2379 		ral_debug(RAL_DBG_ERR,
2380 		    "rum_attach() failed to register events");
2381 		goto fail4;
2382 	}
2383 
2384 	/*
2385 	 * Create minor node of type DDI_NT_NET_WIFI
2386 	 */
2387 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2388 	    "rum", instance);
2389 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2390 	    instance + 1, DDI_NT_NET_WIFI, 0);
2391 
2392 	if (err != DDI_SUCCESS)
2393 		ral_debug(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2394 
2395 	/*
2396 	 * Notify link is down now
2397 	 */
2398 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2399 	return (DDI_SUCCESS);
2400 
2401 fail4:
2402 	(void) mac_unregister(ic->ic_mach);
2403 fail3:
2404 	mutex_destroy(&sc->sc_genlock);
2405 	mutex_destroy(&sc->tx_lock);
2406 	mutex_destroy(&sc->rx_lock);
2407 fail2:
2408 	usb_client_detach(sc->sc_dev, sc->sc_udev);
2409 fail1:
2410 	ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2411 
2412 	return (DDI_FAILURE);
2413 }
2414 
2415 static int
2416 rum_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2417 {
2418 	struct rum_softc *sc;
2419 
2420 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
2421 	ASSERT(sc != NULL);
2422 
2423 	switch (cmd) {
2424 	case DDI_DETACH:
2425 		break;
2426 	case DDI_SUSPEND:
2427 		if (RAL_IS_RUNNING(sc))
2428 			(void) rum_stop(sc);
2429 		return (DDI_SUCCESS);
2430 	default:
2431 		return (DDI_FAILURE);
2432 	}
2433 
2434 	rum_stop(sc);
2435 	usb_unregister_hotplug_cbs(devinfo);
2436 
2437 	/*
2438 	 * Unregister from the MAC layer subsystem
2439 	 */
2440 	if (mac_unregister(sc->sc_ic.ic_mach) != 0)
2441 		return (DDI_FAILURE);
2442 
2443 	/*
2444 	 * detach ieee80211 layer
2445 	 */
2446 	ieee80211_detach(&sc->sc_ic);
2447 
2448 	mutex_destroy(&sc->sc_genlock);
2449 	mutex_destroy(&sc->tx_lock);
2450 	mutex_destroy(&sc->rx_lock);
2451 
2452 	/* pipes will be closed in rum_stop() */
2453 	usb_client_detach(devinfo, sc->sc_udev);
2454 	sc->sc_udev = NULL;
2455 
2456 	ddi_remove_minor_node(devinfo, NULL);
2457 	ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2458 
2459 	return (DDI_SUCCESS);
2460 }
2461 
2462 int
2463 _info(struct modinfo *modinfop)
2464 {
2465 	return (mod_info(&modlinkage, modinfop));
2466 }
2467 
2468 int
2469 _init(void)
2470 {
2471 	int status;
2472 
2473 	status = ddi_soft_state_init(&rum_soft_state_p,
2474 	    sizeof (struct rum_softc), 1);
2475 	if (status != 0)
2476 		return (status);
2477 
2478 	mac_init_ops(&rum_dev_ops, "rum");
2479 	status = mod_install(&modlinkage);
2480 	if (status != 0) {
2481 		mac_fini_ops(&rum_dev_ops);
2482 		ddi_soft_state_fini(&rum_soft_state_p);
2483 	}
2484 	return (status);
2485 }
2486 
2487 int
2488 _fini(void)
2489 {
2490 	int status;
2491 
2492 	status = mod_remove(&modlinkage);
2493 	if (status == 0) {
2494 		mac_fini_ops(&rum_dev_ops);
2495 		ddi_soft_state_fini(&rum_soft_state_p);
2496 	}
2497 	return (status);
2498 }
2499