xref: /titanic_52/usr/src/uts/common/io/ural/ural.c (revision 02b4e56ca3a4e4a4fe9e52fca9c2972101f0e57f)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2005, 2006
8  *	Damien Bergamini <damien.bergamini@free.fr>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2500USB chipset driver
25  * http://www.ralinktech.com/
26  */
27 #include <sys/types.h>
28 #include <sys/cmn_err.h>
29 #include <sys/strsubr.h>
30 #include <sys/modctl.h>
31 #include <sys/devops.h>
32 #include <sys/byteorder.h>
33 #include <sys/mac_provider.h>
34 #include <sys/mac_wifi.h>
35 #include <sys/net80211.h>
36 
37 #define	USBDRV_MAJOR_VER	2
38 #define	USBDRV_MINOR_VER	0
39 #include <sys/usb/usba.h>
40 #include <sys/usb/usba/usba_types.h>
41 
42 #include "ural_reg.h"
43 #include "ural_var.h"
44 
45 static void *ural_soft_state_p = NULL;
46 
47 #define	RAL_TXBUF_SIZE  	(IEEE80211_MAX_LEN)
48 #define	RAL_RXBUF_SIZE  	(IEEE80211_MAX_LEN)
49 
50 /* quickly determine if a given rate is CCK or OFDM */
51 #define	RAL_RATE_IS_OFDM(rate)	((rate) >= 12 && (rate) != 22)
52 #define	RAL_ACK_SIZE		14	/* 10 + 4(FCS) */
53 #define	RAL_CTS_SIZE		14	/* 10 + 4(FCS) */
54 #define	RAL_SIFS		10	/* us */
55 #define	RAL_RXTX_TURNAROUND	5	/* us */
56 
57 #define	URAL_N(a)		(sizeof (a) / sizeof ((a)[0]))
58 
59 /*
60  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
61  */
62 static const struct ieee80211_rateset ural_rateset_11a =
63 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
64 
65 static const struct ieee80211_rateset ural_rateset_11b =
66 	{ 4, { 2, 4, 11, 22 } };
67 
68 static const struct ieee80211_rateset ural_rateset_11g =
69 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
70 
71 /*
72  * Default values for MAC registers; values taken from the reference driver.
73  */
74 static const struct {
75 	uint16_t	reg;
76 	uint16_t	val;
77 } ural_def_mac[] = {
78 	{ RAL_TXRX_CSR5,  0x8c8d },
79 	{ RAL_TXRX_CSR6,  0x8b8a },
80 	{ RAL_TXRX_CSR7,  0x8687 },
81 	{ RAL_TXRX_CSR8,  0x0085 },
82 	{ RAL_MAC_CSR13,  0x1111 },
83 	{ RAL_MAC_CSR14,  0x1e11 },
84 	{ RAL_TXRX_CSR21, 0xe78f },
85 	{ RAL_MAC_CSR9,   0xff1d },
86 	{ RAL_MAC_CSR11,  0x0002 },
87 	{ RAL_MAC_CSR22,  0x0053 },
88 	{ RAL_MAC_CSR15,  0x0000 },
89 	{ RAL_MAC_CSR8,   0x0780 },
90 	{ RAL_TXRX_CSR19, 0x0000 },
91 	{ RAL_TXRX_CSR18, 0x005a },
92 	{ RAL_PHY_CSR2,   0x0000 },
93 	{ RAL_TXRX_CSR0,  0x1ec0 },
94 	{ RAL_PHY_CSR4,   0x000f }
95 };
96 
97 /*
98  * Default values for BBP registers; values taken from the reference driver.
99  */
100 static const struct {
101 	uint8_t	reg;
102 	uint8_t	val;
103 } ural_def_bbp[] = {
104 	{  3, 0x02 },
105 	{  4, 0x19 },
106 	{ 14, 0x1c },
107 	{ 15, 0x30 },
108 	{ 16, 0xac },
109 	{ 17, 0x48 },
110 	{ 18, 0x18 },
111 	{ 19, 0xff },
112 	{ 20, 0x1e },
113 	{ 21, 0x08 },
114 	{ 22, 0x08 },
115 	{ 23, 0x08 },
116 	{ 24, 0x80 },
117 	{ 25, 0x50 },
118 	{ 26, 0x08 },
119 	{ 27, 0x23 },
120 	{ 30, 0x10 },
121 	{ 31, 0x2b },
122 	{ 32, 0xb9 },
123 	{ 34, 0x12 },
124 	{ 35, 0x50 },
125 	{ 39, 0xc4 },
126 	{ 40, 0x02 },
127 	{ 41, 0x60 },
128 	{ 53, 0x10 },
129 	{ 54, 0x18 },
130 	{ 56, 0x08 },
131 	{ 57, 0x10 },
132 	{ 58, 0x08 },
133 	{ 61, 0x60 },
134 	{ 62, 0x10 },
135 	{ 75, 0xff }
136 };
137 
138 /*
139  * Default values for RF register R2 indexed by channel numbers.
140  */
141 static const uint32_t ural_rf2522_r2[] = {
142 	0x307f6, 0x307fb, 0x30800, 0x30805, 0x3080a, 0x3080f, 0x30814,
143 	0x30819, 0x3081e, 0x30823, 0x30828, 0x3082d, 0x30832, 0x3083e
144 };
145 
146 static const uint32_t ural_rf2523_r2[] = {
147 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
148 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
149 };
150 
151 static const uint32_t ural_rf2524_r2[] = {
152 	0x00327, 0x00328, 0x00329, 0x0032a, 0x0032b, 0x0032c, 0x0032d,
153 	0x0032e, 0x0032f, 0x00340, 0x00341, 0x00342, 0x00343, 0x00346
154 };
155 
156 static const uint32_t ural_rf2525_r2[] = {
157 	0x20327, 0x20328, 0x20329, 0x2032a, 0x2032b, 0x2032c, 0x2032d,
158 	0x2032e, 0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20346
159 };
160 
161 static const uint32_t ural_rf2525_hi_r2[] = {
162 	0x2032f, 0x20340, 0x20341, 0x20342, 0x20343, 0x20344, 0x20345,
163 	0x20346, 0x20347, 0x20348, 0x20349, 0x2034a, 0x2034b, 0x2034e
164 };
165 
166 static const uint32_t ural_rf2525e_r2[] = {
167 	0x2044d, 0x2044e, 0x2044f, 0x20460, 0x20461, 0x20462, 0x20463,
168 	0x20464, 0x20465, 0x20466, 0x20467, 0x20468, 0x20469, 0x2046b
169 };
170 
171 static const uint32_t ural_rf2526_hi_r2[] = {
172 	0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d, 0x0022d,
173 	0x0022e, 0x0022e, 0x0022f, 0x0022d, 0x00240, 0x00240, 0x00241
174 };
175 
176 static const uint32_t ural_rf2526_r2[] = {
177 	0x00226, 0x00227, 0x00227, 0x00228, 0x00228, 0x00229, 0x00229,
178 	0x0022a, 0x0022a, 0x0022b, 0x0022b, 0x0022c, 0x0022c, 0x0022d
179 };
180 
181 /*
182  * For dual-band RF, RF registers R1 and R4 also depend on channel number;
183  * values taken from the reference driver.
184  */
185 static const struct {
186 	uint8_t		chan;
187 	uint32_t	r1;
188 	uint32_t	r2;
189 	uint32_t	r4;
190 } ural_rf5222[] = {
191 	{   1, 0x08808, 0x0044d, 0x00282 },
192 	{   2, 0x08808, 0x0044e, 0x00282 },
193 	{   3, 0x08808, 0x0044f, 0x00282 },
194 	{   4, 0x08808, 0x00460, 0x00282 },
195 	{   5, 0x08808, 0x00461, 0x00282 },
196 	{   6, 0x08808, 0x00462, 0x00282 },
197 	{   7, 0x08808, 0x00463, 0x00282 },
198 	{   8, 0x08808, 0x00464, 0x00282 },
199 	{   9, 0x08808, 0x00465, 0x00282 },
200 	{  10, 0x08808, 0x00466, 0x00282 },
201 	{  11, 0x08808, 0x00467, 0x00282 },
202 	{  12, 0x08808, 0x00468, 0x00282 },
203 	{  13, 0x08808, 0x00469, 0x00282 },
204 	{  14, 0x08808, 0x0046b, 0x00286 },
205 
206 	{  36, 0x08804, 0x06225, 0x00287 },
207 	{  40, 0x08804, 0x06226, 0x00287 },
208 	{  44, 0x08804, 0x06227, 0x00287 },
209 	{  48, 0x08804, 0x06228, 0x00287 },
210 	{  52, 0x08804, 0x06229, 0x00287 },
211 	{  56, 0x08804, 0x0622a, 0x00287 },
212 	{  60, 0x08804, 0x0622b, 0x00287 },
213 	{  64, 0x08804, 0x0622c, 0x00287 },
214 
215 	{ 100, 0x08804, 0x02200, 0x00283 },
216 	{ 104, 0x08804, 0x02201, 0x00283 },
217 	{ 108, 0x08804, 0x02202, 0x00283 },
218 	{ 112, 0x08804, 0x02203, 0x00283 },
219 	{ 116, 0x08804, 0x02204, 0x00283 },
220 	{ 120, 0x08804, 0x02205, 0x00283 },
221 	{ 124, 0x08804, 0x02206, 0x00283 },
222 	{ 128, 0x08804, 0x02207, 0x00283 },
223 	{ 132, 0x08804, 0x02208, 0x00283 },
224 	{ 136, 0x08804, 0x02209, 0x00283 },
225 	{ 140, 0x08804, 0x0220a, 0x00283 },
226 
227 	{ 149, 0x08808, 0x02429, 0x00281 },
228 	{ 153, 0x08808, 0x0242b, 0x00281 },
229 	{ 157, 0x08808, 0x0242d, 0x00281 },
230 	{ 161, 0x08808, 0x0242f, 0x00281 }
231 };
232 
233 /*
234  * device operations
235  */
236 static int ural_attach(dev_info_t *, ddi_attach_cmd_t);
237 static int ural_detach(dev_info_t *, ddi_detach_cmd_t);
238 
239 /*
240  * Module Loading Data & Entry Points
241  */
242 DDI_DEFINE_STREAM_OPS(ural_dev_ops, nulldev, nulldev, ural_attach,
243     ural_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);
244 
245 static struct modldrv ural_modldrv = {
246 	&mod_driverops,		/* Type of module.  This one is a driver */
247 	"ural driver v1.4",	/* short description */
248 	&ural_dev_ops		/* driver specific ops */
249 };
250 
251 static struct modlinkage modlinkage = {
252 	MODREV_1,
253 	(void *)&ural_modldrv,
254 	NULL
255 };
256 
257 static int	ural_m_stat(void *,  uint_t, uint64_t *);
258 static int	ural_m_start(void *);
259 static void	ural_m_stop(void *);
260 static int	ural_m_promisc(void *, boolean_t);
261 static int	ural_m_multicst(void *, boolean_t, const uint8_t *);
262 static int	ural_m_unicst(void *, const uint8_t *);
263 static mblk_t	*ural_m_tx(void *, mblk_t *);
264 static void	ural_m_ioctl(void *, queue_t *, mblk_t *);
265 static int	ural_m_setprop(void *, const char *, mac_prop_id_t,
266     uint_t, const void *);
267 static int	ural_m_getprop(void *, const char *, mac_prop_id_t,
268     uint_t, void *);
269 static void	ural_m_propinfo(void *, const char *, mac_prop_id_t,
270     mac_prop_info_handle_t);
271 
272 static mac_callbacks_t ural_m_callbacks = {
273 	MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
274 	ural_m_stat,
275 	ural_m_start,
276 	ural_m_stop,
277 	ural_m_promisc,
278 	ural_m_multicst,
279 	ural_m_unicst,
280 	ural_m_tx,
281 	NULL,
282 	ural_m_ioctl,
283 	NULL,		/* mc_getcapab */
284 	NULL,
285 	NULL,
286 	ural_m_setprop,
287 	ural_m_getprop,
288 	ural_m_propinfo
289 };
290 
291 static void ural_amrr_start(struct ural_softc *, struct ieee80211_node *);
292 static int  ural_tx_trigger(struct ural_softc *, mblk_t *);
293 static int  ural_rx_trigger(struct ural_softc *);
294 
295 uint32_t ural_dbg_flags = 0;
296 
297 void
298 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
299 {
300 	va_list args;
301 
302 	if (dbg_flags & ural_dbg_flags) {
303 		va_start(args, fmt);
304 		vcmn_err(CE_CONT, fmt, args);
305 		va_end(args);
306 	}
307 }
308 
309 static uint16_t
310 ural_read(struct ural_softc *sc, uint16_t reg)
311 {
312 	usb_ctrl_setup_t req;
313 	usb_cr_t cr;
314 	usb_cb_flags_t cf;
315 	mblk_t *mp;
316 	int err;
317 	uint16_t val;
318 
319 	bzero(&req, sizeof (req));
320 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
321 	req.bRequest = RAL_READ_MAC;
322 	req.wValue = 0;
323 	req.wIndex = reg;
324 	req.wLength = sizeof (uint16_t);
325 
326 	mp = NULL;
327 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
328 	    &cr, &cf, 0);
329 
330 	if (err != USB_SUCCESS) {
331 		ral_debug(RAL_DBG_ERR,
332 		    "ural_read(): could not read MAC register:"
333 		    " cr:%s(%d), cf:(%x)\n",
334 		    usb_str_cr(cr), cr, cf);
335 		return (0);
336 	}
337 
338 	bcopy(mp->b_rptr, &val, sizeof (uint16_t));
339 
340 	if (mp)
341 		freemsg(mp);
342 
343 	return (LE_16(val));
344 }
345 
346 static void
347 ural_read_multi(struct ural_softc *sc, uint16_t reg, void *buf, int len)
348 {
349 	usb_ctrl_setup_t req;
350 	usb_cr_t cr;
351 	usb_cb_flags_t cf;
352 	mblk_t *mp;
353 	int err;
354 
355 	bzero(&req, sizeof (req));
356 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
357 	req.bRequest = RAL_READ_MULTI_MAC;
358 	req.wValue = 0;
359 	req.wIndex = reg;
360 	req.wLength = (uint16_t)len;
361 	req.attrs = USB_ATTRS_AUTOCLEARING;
362 
363 	mp = NULL;
364 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
365 	    &cr, &cf, 0);
366 
367 	if (err != USB_SUCCESS) {
368 		ral_debug(RAL_DBG_ERR,
369 		    "ural_read_multi(): could not read MAC register:"
370 		    "cr:%s(%d), cf:(%x)\n",
371 		    usb_str_cr(cr), cr, cf);
372 		return;
373 	}
374 
375 	bcopy(mp->b_rptr, buf, len);
376 
377 	if (mp)
378 		freemsg(mp);
379 }
380 
381 static void
382 ural_write(struct ural_softc *sc, uint16_t reg, uint16_t val)
383 {
384 	usb_ctrl_setup_t req;
385 	usb_cr_t cr;
386 	usb_cb_flags_t cf;
387 	int err;
388 
389 	bzero(&req, sizeof (req));
390 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
391 	req.bRequest = RAL_WRITE_MAC;
392 	req.wValue = val;
393 	req.wIndex = reg;
394 	req.wLength = 0;
395 	req.attrs = USB_ATTRS_NONE;
396 
397 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
398 	    &cr, &cf, 0);
399 
400 	if (err != USB_SUCCESS) {
401 		ral_debug(RAL_DBG_ERR,
402 		    "ural_write(): could not write MAC register:"
403 		    "cr:%s(%d), cf:(%x)\n",
404 		    usb_str_cr(cr), cr, cf);
405 	}
406 }
407 
408 /* ARGSUSED */
409 static void
410 ural_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
411 {
412 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
413 	struct ieee80211com *ic = &sc->sc_ic;
414 
415 	ral_debug(RAL_DBG_TX,
416 	    "ural_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
417 	    usb_str_cr(req->bulk_completion_reason),
418 	    req->bulk_completion_reason,
419 	    req->bulk_cb_flags,
420 	    sc->tx_queued);
421 
422 	if (req->bulk_completion_reason != USB_CR_OK)
423 		sc->sc_tx_err++;
424 
425 	mutex_enter(&sc->tx_lock);
426 
427 	sc->tx_queued--;
428 	sc->sc_tx_timer = 0;
429 
430 	if (sc->sc_need_sched) {
431 		sc->sc_need_sched = 0;
432 		mac_tx_update(ic->ic_mach);
433 	}
434 
435 	mutex_exit(&sc->tx_lock);
436 	usb_free_bulk_req(req);
437 }
438 
439 /* ARGSUSED */
440 static void
441 ural_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
442 {
443 	struct ural_softc *sc = (struct ural_softc *)req->bulk_client_private;
444 	struct ieee80211com *ic = &sc->sc_ic;
445 
446 	struct ural_rx_desc *desc;
447 	struct ieee80211_frame *wh;
448 	struct ieee80211_node *ni;
449 
450 	mblk_t *m, *mp;
451 	int len, pktlen;
452 	char *rxbuf;
453 
454 	mp = req->bulk_data;
455 	req->bulk_data = NULL;
456 
457 	ral_debug(RAL_DBG_RX,
458 	    "ural_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
459 	    usb_str_cr(req->bulk_completion_reason),
460 	    req->bulk_completion_reason,
461 	    req->bulk_cb_flags,
462 	    sc->rx_queued);
463 
464 	if (req->bulk_completion_reason != USB_CR_OK) {
465 		sc->sc_rx_err++;
466 		goto fail;
467 	}
468 
469 	len = (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
470 	rxbuf = (char *)mp->b_rptr;
471 
472 	if (len < RAL_RX_DESC_SIZE + IEEE80211_MIN_LEN) {
473 		ral_debug(RAL_DBG_ERR,
474 		    "ural_rxeof(): xfer too short %d\n", len);
475 		sc->sc_rx_err++;
476 		goto fail;
477 	}
478 
479 	/* rx descriptor is located at the end */
480 	desc = (struct ural_rx_desc *)(rxbuf + len - RAL_RX_DESC_SIZE);
481 
482 	if ((LE_32(desc->flags) & RAL_RX_PHY_ERROR) ||
483 	    (LE_32(desc->flags) & RAL_RX_CRC_ERROR)) {
484 		/*
485 		 * This should not happen since we did not request to receive
486 		 * those frames when we filled RAL_TXRX_CSR2.
487 		 */
488 		ral_debug(RAL_DBG_ERR, "PHY or CRC error\n");
489 		sc->sc_rx_err++;
490 		goto fail;
491 	}
492 
493 	pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
494 
495 	if (pktlen > (len - RAL_RX_DESC_SIZE)) {
496 		ral_debug(RAL_DBG_ERR,
497 		    "ural_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
498 		goto fail;
499 	}
500 
501 	/* Strip trailing 802.11 MAC FCS. */
502 	pktlen -= IEEE80211_CRC_LEN;
503 
504 	if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
505 		ral_debug(RAL_DBG_ERR,
506 		    "ural_rxeof(): allocate mblk failed.\n");
507 		sc->sc_rx_nobuf++;
508 		goto fail;
509 	}
510 
511 	bcopy(rxbuf, m->b_rptr, pktlen);
512 	m->b_wptr += pktlen;
513 
514 	wh = (struct ieee80211_frame *)m->b_rptr;
515 	ni = ieee80211_find_rxnode(ic, wh);
516 
517 	/* send the frame to the 802.11 layer */
518 	(void) ieee80211_input(ic, m, ni, desc->rssi, 0);
519 
520 	/* node is no longer needed */
521 	ieee80211_free_node(ni);
522 fail:
523 	mutex_enter(&sc->rx_lock);
524 	sc->rx_queued--;
525 	mutex_exit(&sc->rx_lock);
526 
527 	freemsg(mp);
528 	usb_free_bulk_req(req);
529 
530 	if (RAL_IS_RUNNING(sc))
531 		(void) ural_rx_trigger(sc);
532 }
533 
534 /*
535  * Return the expected ack rate for a frame transmitted at rate `rate'.
536  * this should depend on the destination node basic rate set.
537  */
538 static int
539 ural_ack_rate(struct ieee80211com *ic, int rate)
540 {
541 	switch (rate) {
542 	/* CCK rates */
543 	case 2:
544 		return (2);
545 	case 4:
546 	case 11:
547 	case 22:
548 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
549 
550 	/* OFDM rates */
551 	case 12:
552 	case 18:
553 		return (12);
554 	case 24:
555 	case 36:
556 		return (24);
557 	case 48:
558 	case 72:
559 	case 96:
560 	case 108:
561 		return (48);
562 	}
563 
564 	/* default to 1Mbps */
565 	return (2);
566 }
567 
568 /*
569  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
570  * The function automatically determines the operating mode depending on the
571  * given rate. `flags' indicates whether short preamble is in use or not.
572  */
573 static uint16_t
574 ural_txtime(int len, int rate, uint32_t flags)
575 {
576 	uint16_t txtime;
577 
578 	if (RAL_RATE_IS_OFDM(rate)) {
579 		/* IEEE Std 802.11a-1999, pp. 37 */
580 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
581 		txtime = 16 + 4 + 4 * txtime + 6;
582 	} else {
583 		/* IEEE Std 802.11b-1999, pp. 28 */
584 		txtime = (16 * len + rate - 1) / rate;
585 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
586 			txtime +=  72 + 24;
587 		else
588 			txtime += 144 + 48;
589 	}
590 	return (txtime);
591 }
592 
593 static uint8_t
594 ural_plcp_signal(int rate)
595 {
596 	switch (rate) {
597 	/* CCK rates (returned values are device-dependent) */
598 	case 2:		return (0x0);
599 	case 4:		return (0x1);
600 	case 11:	return (0x2);
601 	case 22:	return (0x3);
602 
603 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
604 	case 12:	return (0xb);
605 	case 18:	return (0xf);
606 	case 24:	return (0xa);
607 	case 36:	return (0xe);
608 	case 48:	return (0x9);
609 	case 72:	return (0xd);
610 	case 96:	return (0x8);
611 	case 108:	return (0xc);
612 
613 	/* unsupported rates (should not get there) */
614 	default:	return (0xff);
615 	}
616 }
617 
618 static void
619 ural_setup_tx_desc(struct ural_softc *sc, struct ural_tx_desc *desc,
620     uint32_t flags, int len, int rate)
621 {
622 	struct ieee80211com *ic = &sc->sc_ic;
623 	uint16_t plcp_length;
624 	int remainder;
625 
626 	desc->flags = LE_32(flags);
627 	desc->flags |= LE_32(RAL_TX_NEWSEQ);
628 	desc->flags |= LE_32(len << 16);
629 
630 	desc->wme = LE_16(RAL_AIFSN(2) | RAL_LOGCWMIN(3) | RAL_LOGCWMAX(5));
631 	desc->wme |= LE_16(RAL_IVOFFSET(sizeof (struct ieee80211_frame)));
632 
633 	/* setup PLCP fields */
634 	desc->plcp_signal  = ural_plcp_signal(rate);
635 	desc->plcp_service = 4;
636 
637 	len += IEEE80211_CRC_LEN;
638 	if (RAL_RATE_IS_OFDM(rate)) {
639 		desc->flags |= LE_32(RAL_TX_OFDM);
640 
641 		plcp_length = len & 0xfff;
642 		desc->plcp_length_hi = plcp_length >> 6;
643 		desc->plcp_length_lo = plcp_length & 0x3f;
644 	} else {
645 		plcp_length = (16 * len + rate - 1) / rate;
646 		if (rate == 22) {
647 			remainder = (16 * len) % 22;
648 			if (remainder != 0 && remainder < 7)
649 				desc->plcp_service |= RAL_PLCP_LENGEXT;
650 		}
651 		desc->plcp_length_hi = plcp_length >> 8;
652 		desc->plcp_length_lo = plcp_length & 0xff;
653 
654 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
655 			desc->plcp_signal |= 0x08;
656 	}
657 
658 	desc->iv = 0;
659 	desc->eiv = 0;
660 }
661 
662 #define	RAL_TX_TIMEOUT		5
663 
664 static int
665 ural_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
666 {
667 	struct ural_softc *sc = (struct ural_softc *)ic;
668 	struct ural_tx_desc *desc;
669 
670 	struct ieee80211_frame *wh;
671 	struct ieee80211_key *k;
672 
673 	uint16_t dur;
674 	uint32_t flags = 0;
675 	int rate, err = DDI_SUCCESS;
676 
677 	struct ieee80211_node *ni = NULL;
678 	mblk_t *m, *m0;
679 	int off, mblen, pktlen, xferlen;
680 
681 	/* discard packets while suspending or not inited */
682 	if (!RAL_IS_RUNNING(sc)) {
683 		freemsg(mp);
684 		return (ENXIO);
685 	}
686 
687 	mutex_enter(&sc->tx_lock);
688 
689 	if (sc->tx_queued > RAL_TX_LIST_COUNT) {
690 		ral_debug(RAL_DBG_TX, "ural_send(): "
691 		    "no TX buffer available!\n");
692 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
693 		    IEEE80211_FC0_TYPE_DATA) {
694 			sc->sc_need_sched = 1;
695 		}
696 		sc->sc_tx_nobuf++;
697 		err = ENOMEM;
698 		goto fail;
699 	}
700 
701 	m = allocb(RAL_TXBUF_SIZE + RAL_TX_DESC_SIZE, BPRI_MED);
702 	if (m == NULL) {
703 		ral_debug(RAL_DBG_ERR, "ural_send(): can't alloc mblk.\n");
704 		err = DDI_FAILURE;
705 		goto fail;
706 	}
707 
708 	m->b_rptr += RAL_TX_DESC_SIZE;	/* skip TX descriptor */
709 	m->b_wptr += RAL_TX_DESC_SIZE;
710 
711 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
712 		mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
713 		(void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
714 		off += mblen;
715 	}
716 	m->b_wptr += off;
717 
718 	wh = (struct ieee80211_frame *)m->b_rptr;
719 
720 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
721 	if (ni == NULL) {
722 		err = DDI_FAILURE;
723 		sc->sc_tx_err++;
724 		freemsg(m);
725 		goto fail;
726 	}
727 
728 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
729 	    IEEE80211_FC0_TYPE_DATA) {
730 		(void) ieee80211_encap(ic, m, ni);
731 	}
732 
733 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
734 		k = ieee80211_crypto_encap(ic, m);
735 		if (k == NULL) {
736 			sc->sc_tx_err++;
737 			freemsg(m);
738 			err = DDI_FAILURE;
739 			goto fail;
740 		}
741 		/* packet header may have moved, reset our local pointer */
742 		wh = (struct ieee80211_frame *)m->b_rptr;
743 	}
744 
745 	m->b_rptr -= RAL_TX_DESC_SIZE;	/* restore */
746 	desc = (struct ural_tx_desc *)m->b_rptr;
747 
748 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
749 	    IEEE80211_FC0_TYPE_DATA) {	/* DATA */
750 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
751 			rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
752 		else
753 			rate = ni->in_rates.ir_rates[ni->in_txrate];
754 
755 		rate &= IEEE80211_RATE_VAL;
756 		if (rate <= 0) {
757 			rate = 2;	/* basic rate */
758 		}
759 
760 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
761 			flags |= RAL_TX_ACK;
762 			flags |= RAL_TX_RETRY(7);
763 
764 			dur = ural_txtime(RAL_ACK_SIZE, ural_ack_rate(ic, rate),
765 			    ic->ic_flags) + RAL_SIFS;
766 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
767 		}
768 	} else {	/* MGMT */
769 		rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
770 
771 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
772 			flags |= RAL_TX_ACK;
773 
774 			dur = ural_txtime(RAL_ACK_SIZE, rate, ic->ic_flags)
775 			    + RAL_SIFS;
776 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
777 
778 			/* tell hardware to add timestamp for probe responses */
779 			if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
780 			    IEEE80211_FC0_TYPE_MGT &&
781 			    (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
782 			    IEEE80211_FC0_SUBTYPE_PROBE_RESP)
783 				flags |= RAL_TX_TIMESTAMP;
784 		}
785 	}
786 
787 	pktlen = (uintptr_t)m->b_wptr - (uintptr_t)m->b_rptr - RAL_TX_DESC_SIZE;
788 	ural_setup_tx_desc(sc, desc, flags, pktlen, rate);
789 
790 	/* align end on a 2-bytes boundary */
791 	xferlen = (RAL_TX_DESC_SIZE + pktlen + 1) & ~1;
792 
793 	/*
794 	 * No space left in the last URB to store the extra 2 bytes, force
795 	 * sending of another URB.
796 	 */
797 	if ((xferlen % 64) == 0)
798 		xferlen += 2;
799 
800 	m->b_wptr = m->b_rptr + xferlen;
801 
802 	ral_debug(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
803 	    pktlen, rate, xferlen);
804 
805 	(void) ural_tx_trigger(sc, m);
806 
807 	ic->ic_stats.is_tx_frags++;
808 	ic->ic_stats.is_tx_bytes += pktlen;
809 
810 fail:
811 	if (ni != NULL)
812 		ieee80211_free_node(ni);
813 
814 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
815 	    err == 0) {
816 		freemsg(mp);
817 	}
818 
819 	mutex_exit(&sc->tx_lock);
820 
821 	return (err);
822 }
823 
824 static mblk_t *
825 ural_m_tx(void *arg, mblk_t *mp)
826 {
827 	struct ural_softc *sc = (struct ural_softc *)arg;
828 	struct ieee80211com *ic = &sc->sc_ic;
829 	mblk_t *next;
830 
831 	/*
832 	 * No data frames go out unless we're associated; this
833 	 * should not happen as the 802.11 layer does not enable
834 	 * the xmit queue until we enter the RUN state.
835 	 */
836 	if (ic->ic_state != IEEE80211_S_RUN) {
837 		ral_debug(RAL_DBG_ERR, "ural_m_tx(): "
838 		    "discard, state %u\n", ic->ic_state);
839 		freemsgchain(mp);
840 		return (NULL);
841 	}
842 
843 	while (mp != NULL) {
844 		next = mp->b_next;
845 		mp->b_next = NULL;
846 		if (ural_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
847 			mp->b_next = next;
848 			freemsgchain(mp);
849 			return (NULL);
850 		}
851 		mp = next;
852 	}
853 	return (mp);
854 }
855 
856 static void
857 ural_set_testmode(struct ural_softc *sc)
858 {
859 	usb_ctrl_setup_t req;
860 	usb_cr_t cr;
861 	usb_cb_flags_t cf;
862 	int err;
863 
864 	bzero(&req, sizeof (req));
865 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
866 	req.bRequest = RAL_VENDOR_REQUEST;
867 	req.wValue = 4;
868 	req.wIndex = 1;
869 	req.wLength = 0;
870 	req.attrs = USB_ATTRS_NONE;
871 
872 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
873 	    &cr, &cf, 0);
874 
875 	if (err != USB_SUCCESS) {
876 		ral_debug(RAL_DBG_USB,
877 		    "ural_set_testmode(): could not set test mode:"
878 		    "cr:%s(%d), cf:%(x)\n",
879 		    usb_str_cr(cr), cr, cf);
880 	}
881 }
882 
883 static void
884 ural_eeprom_read(struct ural_softc *sc, uint16_t addr, void *buf, int len)
885 {
886 	usb_ctrl_setup_t req;
887 	usb_cr_t cr;
888 	usb_cb_flags_t cf;
889 	mblk_t *mp;
890 	int err;
891 
892 	bzero(&req, sizeof (req));
893 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
894 	req.bRequest = RAL_READ_EEPROM;
895 	req.wValue = 0;
896 	req.wIndex = addr;
897 	req.wLength = (uint16_t)len;
898 
899 	mp = NULL;
900 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
901 	    &cr, &cf, 0);
902 
903 	if (err != USB_SUCCESS) {
904 		ral_debug(RAL_DBG_USB,
905 		    "ural_eeprom_read(): could not read EEPROM:"
906 		    "cr:%s(%d), cf:(%x)\n",
907 		    usb_str_cr(cr), cr, cf);
908 		return;
909 	}
910 
911 	bcopy(mp->b_rptr, buf, len);
912 
913 	if (mp)
914 		freemsg(mp);
915 }
916 
917 static void
918 ural_bbp_write(struct ural_softc *sc, uint8_t reg, uint8_t val)
919 {
920 	uint16_t tmp;
921 	int ntries;
922 
923 	for (ntries = 0; ntries < 5; ntries++) {
924 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
925 			break;
926 	}
927 	if (ntries == 5) {
928 		ral_debug(RAL_DBG_ERR,
929 		    "ural_bbp_write(): could not write to BBP\n");
930 		return;
931 	}
932 
933 	tmp = reg << 8 | val;
934 	ural_write(sc, RAL_PHY_CSR7, tmp);
935 }
936 
937 static uint8_t
938 ural_bbp_read(struct ural_softc *sc, uint8_t reg)
939 {
940 	uint16_t val;
941 	int ntries;
942 
943 	val = RAL_BBP_WRITE | reg << 8;
944 	ural_write(sc, RAL_PHY_CSR7, val);
945 
946 	for (ntries = 0; ntries < 5; ntries++) {
947 		if (!(ural_read(sc, RAL_PHY_CSR8) & RAL_BBP_BUSY))
948 			break;
949 	}
950 	if (ntries == 5) {
951 		ral_debug(RAL_DBG_ERR, "ural_bbp_read(): could not read BBP\n");
952 		return (0);
953 	}
954 
955 	return (ural_read(sc, RAL_PHY_CSR7) & 0xff);
956 }
957 
958 static void
959 ural_rf_write(struct ural_softc *sc, uint8_t reg, uint32_t val)
960 {
961 	uint32_t tmp;
962 	int ntries;
963 
964 	for (ntries = 0; ntries < 5; ntries++) {
965 		if (!(ural_read(sc, RAL_PHY_CSR10) & RAL_RF_LOBUSY))
966 			break;
967 	}
968 	if (ntries == 5) {
969 		ral_debug(RAL_DBG_ERR,
970 		    "ural_rf_write(): could not write to RF\n");
971 		return;
972 	}
973 
974 	tmp = RAL_RF_BUSY | RAL_RF_20BIT | (val & 0xffff) << 2 | (reg & 0x3);
975 	ural_write(sc, RAL_PHY_CSR9,  tmp & 0xffff);
976 	ural_write(sc, RAL_PHY_CSR10, tmp >> 16);
977 
978 	/* remember last written value in sc */
979 	sc->rf_regs[reg] = val;
980 
981 	ral_debug(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 0x3, val & 0xfffff);
982 }
983 
984 /*
985  * Disable RF auto-tuning.
986  */
987 static void
988 ural_disable_rf_tune(struct ural_softc *sc)
989 {
990 	uint32_t tmp;
991 
992 	if (sc->rf_rev != RAL_RF_2523) {
993 		tmp = sc->rf_regs[RAL_RF1] & ~RAL_RF1_AUTOTUNE;
994 		ural_rf_write(sc, RAL_RF1, tmp);
995 	}
996 
997 	tmp = sc->rf_regs[RAL_RF3] & ~RAL_RF3_AUTOTUNE;
998 	ural_rf_write(sc, RAL_RF3, tmp);
999 
1000 	ral_debug(RAL_DBG_HW, "disabling RF autotune\n");
1001 }
1002 
1003 
1004 static void
1005 ural_set_chan(struct ural_softc *sc, struct ieee80211_channel *c)
1006 {
1007 	struct ieee80211com *ic = &sc->sc_ic;
1008 	uint8_t power, tmp;
1009 	uint_t i, chan;
1010 
1011 	chan = ieee80211_chan2ieee(ic, c);
1012 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1013 		return;
1014 
1015 	if (IEEE80211_IS_CHAN_2GHZ(c))
1016 		power = min(sc->txpow[chan - 1], 31);
1017 	else
1018 		power = 31;
1019 
1020 	/* adjust txpower using ifconfig settings */
1021 	power -= (100 - ic->ic_txpowlimit) / 8;
1022 
1023 	ral_debug(RAL_DBG_HW, "setting channel to %u, txpower to %u\n",
1024 	    chan, power);
1025 
1026 	switch (sc->rf_rev) {
1027 	case RAL_RF_2522:
1028 		ural_rf_write(sc, RAL_RF1, 0x00814);
1029 		ural_rf_write(sc, RAL_RF2, ural_rf2522_r2[chan - 1]);
1030 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1031 		break;
1032 
1033 	case RAL_RF_2523:
1034 		ural_rf_write(sc, RAL_RF1, 0x08804);
1035 		ural_rf_write(sc, RAL_RF2, ural_rf2523_r2[chan - 1]);
1036 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x38044);
1037 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1038 		break;
1039 
1040 	case RAL_RF_2524:
1041 		ural_rf_write(sc, RAL_RF1, 0x0c808);
1042 		ural_rf_write(sc, RAL_RF2, ural_rf2524_r2[chan - 1]);
1043 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1044 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1045 		break;
1046 
1047 	case RAL_RF_2525:
1048 		ural_rf_write(sc, RAL_RF1, 0x08808);
1049 		ural_rf_write(sc, RAL_RF2, ural_rf2525_hi_r2[chan - 1]);
1050 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1051 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1052 
1053 		ural_rf_write(sc, RAL_RF1, 0x08808);
1054 		ural_rf_write(sc, RAL_RF2, ural_rf2525_r2[chan - 1]);
1055 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1056 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00280 : 0x00286);
1057 		break;
1058 
1059 	case RAL_RF_2525E:
1060 		ural_rf_write(sc, RAL_RF1, 0x08808);
1061 		ural_rf_write(sc, RAL_RF2, ural_rf2525e_r2[chan - 1]);
1062 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1063 		ural_rf_write(sc, RAL_RF4, (chan == 14) ? 0x00286 : 0x00282);
1064 		break;
1065 
1066 	case RAL_RF_2526:
1067 		ural_rf_write(sc, RAL_RF2, ural_rf2526_hi_r2[chan - 1]);
1068 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1069 		ural_rf_write(sc, RAL_RF1, 0x08804);
1070 
1071 		ural_rf_write(sc, RAL_RF2, ural_rf2526_r2[chan - 1]);
1072 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x18044);
1073 		ural_rf_write(sc, RAL_RF4, (chan & 1) ? 0x00386 : 0x00381);
1074 		break;
1075 
1076 	/* dual-band RF */
1077 	case RAL_RF_5222:
1078 		for (i = 0; ural_rf5222[i].chan != chan; i++) {
1079 			if (i > URAL_N(ural_rf5222)) break;
1080 		}
1081 
1082 		ural_rf_write(sc, RAL_RF1, ural_rf5222[i].r1);
1083 		ural_rf_write(sc, RAL_RF2, ural_rf5222[i].r2);
1084 		ural_rf_write(sc, RAL_RF3, power << 7 | 0x00040);
1085 		ural_rf_write(sc, RAL_RF4, ural_rf5222[i].r4);
1086 		break;
1087 	}
1088 
1089 	if (ic->ic_opmode != IEEE80211_M_MONITOR &&
1090 	    ic->ic_state != IEEE80211_S_SCAN) {
1091 		/* set Japan filter bit for channel 14 */
1092 		tmp = ural_bbp_read(sc, 70);
1093 
1094 		tmp &= ~RAL_JAPAN_FILTER;
1095 		if (chan == 14)
1096 			tmp |= RAL_JAPAN_FILTER;
1097 
1098 		ural_bbp_write(sc, 70, tmp);
1099 
1100 		/* clear CRC errs */
1101 		(void) ural_read(sc, RAL_STA_CSR0);
1102 
1103 		drv_usecwait(10000);
1104 		ural_disable_rf_tune(sc);
1105 	}
1106 }
1107 
1108 /*
1109  * Refer to IEEE Std 802.11-1999 pp. 123 for more information on TSF
1110  * synchronization.
1111  */
1112 static void
1113 ural_enable_tsf_sync(struct ural_softc *sc)
1114 {
1115 	struct ieee80211com *ic = &sc->sc_ic;
1116 	uint16_t logcwmin, preload, tmp;
1117 
1118 	/* first, disable TSF synchronization */
1119 	ural_write(sc, RAL_TXRX_CSR19, 0);
1120 
1121 	tmp = (16 * ic->ic_bss->in_intval) << 4;
1122 	ural_write(sc, RAL_TXRX_CSR18, tmp);
1123 
1124 	logcwmin = (ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 0;
1125 	preload = (ic->ic_opmode == IEEE80211_M_IBSS) ? 320 : 6;
1126 	tmp = logcwmin << 12 | preload;
1127 	ural_write(sc, RAL_TXRX_CSR20, tmp);
1128 
1129 	/* finally, enable TSF synchronization */
1130 	tmp = RAL_ENABLE_TSF | RAL_ENABLE_TBCN;
1131 	if (ic->ic_opmode == IEEE80211_M_STA)
1132 		tmp |= RAL_ENABLE_TSF_SYNC(1);
1133 	else
1134 		tmp |= RAL_ENABLE_TSF_SYNC(2) | RAL_ENABLE_BEACON_GENERATOR;
1135 	ural_write(sc, RAL_TXRX_CSR19, tmp);
1136 
1137 	ral_debug(RAL_DBG_HW, "enabling TSF synchronization\n");
1138 }
1139 
1140 /*
1141  * This function can be called by ieee80211_set_shortslottime(). Refer to
1142  * IEEE Std 802.11-1999 pp. 85 to know how these values are computed.
1143  */
1144 /* ARGSUSED */
1145 static void
1146 ural_update_slot(struct ieee80211com *ic, int onoff)
1147 {
1148 	struct ural_softc *sc = (struct ural_softc *)ic;
1149 	uint16_t slottime, sifs, eifs;
1150 
1151 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1152 	/* slottime = (onoff ? 9 : 20); */
1153 
1154 	/*
1155 	 * These settings may sound a bit inconsistent but this is what the
1156 	 * reference driver does.
1157 	 */
1158 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1159 		sifs = 16 - RAL_RXTX_TURNAROUND;
1160 		eifs = 364;
1161 	} else {
1162 		sifs = 10 - RAL_RXTX_TURNAROUND;
1163 		eifs = 64;
1164 	}
1165 
1166 	ural_write(sc, RAL_MAC_CSR10, slottime);
1167 	ural_write(sc, RAL_MAC_CSR11, sifs);
1168 	ural_write(sc, RAL_MAC_CSR12, eifs);
1169 }
1170 
1171 static void
1172 ural_set_txpreamble(struct ural_softc *sc)
1173 {
1174 	uint16_t tmp;
1175 
1176 	tmp = ural_read(sc, RAL_TXRX_CSR10);
1177 
1178 	tmp &= ~RAL_SHORT_PREAMBLE;
1179 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1180 		tmp |= RAL_SHORT_PREAMBLE;
1181 
1182 	ural_write(sc, RAL_TXRX_CSR10, tmp);
1183 }
1184 
1185 static void
1186 ural_set_basicrates(struct ural_softc *sc)
1187 {
1188 	struct ieee80211com *ic = &sc->sc_ic;
1189 
1190 	/* update basic rate set */
1191 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1192 		/* 11b basic rates: 1, 2Mbps */
1193 		ural_write(sc, RAL_TXRX_CSR11, 0x3);
1194 	} else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1195 		/* 11a basic rates: 6, 12, 24Mbps */
1196 		ural_write(sc, RAL_TXRX_CSR11, 0x150);
1197 	} else {
1198 		/* 11g basic rates: 1, 2, 5.5, 11, 6, 12, 24Mbps */
1199 		ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1200 	}
1201 }
1202 
1203 static void
1204 ural_set_bssid(struct ural_softc *sc, uint8_t *bssid)
1205 {
1206 	uint16_t tmp;
1207 
1208 	tmp = bssid[0] | bssid[1] << 8;
1209 	ural_write(sc, RAL_MAC_CSR5, tmp);
1210 
1211 	tmp = bssid[2] | bssid[3] << 8;
1212 	ural_write(sc, RAL_MAC_CSR6, tmp);
1213 
1214 	tmp = bssid[4] | bssid[5] << 8;
1215 	ural_write(sc, RAL_MAC_CSR7, tmp);
1216 
1217 	ral_debug(RAL_DBG_HW, "setting BSSID to " MACSTR "\n", MAC2STR(bssid));
1218 }
1219 
1220 static void
1221 ural_set_macaddr(struct ural_softc *sc, uint8_t *addr)
1222 {
1223 	uint16_t tmp;
1224 
1225 	tmp = addr[0] | addr[1] << 8;
1226 	ural_write(sc, RAL_MAC_CSR2, tmp);
1227 
1228 	tmp = addr[2] | addr[3] << 8;
1229 	ural_write(sc, RAL_MAC_CSR3, tmp);
1230 
1231 	tmp = addr[4] | addr[5] << 8;
1232 	ural_write(sc, RAL_MAC_CSR4, tmp);
1233 
1234 	ral_debug(RAL_DBG_HW,
1235 	    "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1236 }
1237 
1238 static void
1239 ural_update_promisc(struct ural_softc *sc)
1240 {
1241 	uint32_t tmp;
1242 
1243 	tmp = ural_read(sc, RAL_TXRX_CSR2);
1244 
1245 	tmp &= ~RAL_DROP_NOT_TO_ME;
1246 	if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1247 		tmp |= RAL_DROP_NOT_TO_ME;
1248 
1249 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1250 
1251 	ral_debug(RAL_DBG_HW, "%s promiscuous mode\n",
1252 	    (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1253 }
1254 
1255 static const char *
1256 ural_get_rf(int rev)
1257 {
1258 	switch (rev) {
1259 	case RAL_RF_2522:	return ("RT2522");
1260 	case RAL_RF_2523:	return ("RT2523");
1261 	case RAL_RF_2524:	return ("RT2524");
1262 	case RAL_RF_2525:	return ("RT2525");
1263 	case RAL_RF_2525E:	return ("RT2525e");
1264 	case RAL_RF_2526:	return ("RT2526");
1265 	case RAL_RF_5222:	return ("RT5222");
1266 	default:		return ("unknown");
1267 	}
1268 }
1269 
1270 static void
1271 ural_read_eeprom(struct ural_softc *sc)
1272 {
1273 	struct ieee80211com *ic = &sc->sc_ic;
1274 	uint16_t val;
1275 
1276 	ural_eeprom_read(sc, RAL_EEPROM_CONFIG0, &val, 2);
1277 	val = LE_16(val);
1278 	sc->rf_rev =   (val >> 11) & 0x7;
1279 	sc->hw_radio = (val >> 10) & 0x1;
1280 	sc->led_mode = (val >> 6)  & 0x7;
1281 	sc->rx_ant =   (val >> 4)  & 0x3;
1282 	sc->tx_ant =   (val >> 2)  & 0x3;
1283 	sc->nb_ant =   val & 0x3;
1284 
1285 	/* read MAC address */
1286 	ural_eeprom_read(sc, RAL_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1287 
1288 	/* read default values for BBP registers */
1289 	ural_eeprom_read(sc, RAL_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1290 
1291 	/* read Tx power for all b/g channels */
1292 	ural_eeprom_read(sc, RAL_EEPROM_TXPOWER, sc->txpow, 14);
1293 }
1294 
1295 static int
1296 ural_bbp_init(struct ural_softc *sc)
1297 {
1298 	int i, ntries;
1299 
1300 	/* wait for BBP to be ready */
1301 	for (ntries = 0; ntries < 100; ntries++) {
1302 		if (ural_bbp_read(sc, RAL_BBP_VERSION) != 0)
1303 			break;
1304 		drv_usecwait(1000);
1305 	}
1306 	if (ntries == 100) {
1307 		ral_debug(RAL_DBG_ERR, "timeout waiting for BBP\n");
1308 		return (EIO);
1309 	}
1310 
1311 	/* initialize BBP registers to default values */
1312 	for (i = 0; i < URAL_N(ural_def_bbp); i++)
1313 		ural_bbp_write(sc, ural_def_bbp[i].reg, ural_def_bbp[i].val);
1314 
1315 	return (0);
1316 }
1317 
1318 static void
1319 ural_set_txantenna(struct ural_softc *sc, int antenna)
1320 {
1321 	uint16_t tmp;
1322 	uint8_t tx;
1323 
1324 	tx = ural_bbp_read(sc, RAL_BBP_TX) & ~RAL_BBP_ANTMASK;
1325 	if (antenna == 1)
1326 		tx |= RAL_BBP_ANTA;
1327 	else if (antenna == 2)
1328 		tx |= RAL_BBP_ANTB;
1329 	else
1330 		tx |= RAL_BBP_DIVERSITY;
1331 
1332 	/* need to force I/Q flip for RF 2525e, 2526 and 5222 */
1333 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526 ||
1334 	    sc->rf_rev == RAL_RF_5222)
1335 		tx |= RAL_BBP_FLIPIQ;
1336 
1337 	ural_bbp_write(sc, RAL_BBP_TX, tx);
1338 
1339 	/* update values in PHY_CSR5 and PHY_CSR6 */
1340 	tmp = ural_read(sc, RAL_PHY_CSR5) & ~0x7;
1341 	ural_write(sc, RAL_PHY_CSR5, tmp | (tx & 0x7));
1342 
1343 	tmp = ural_read(sc, RAL_PHY_CSR6) & ~0x7;
1344 	ural_write(sc, RAL_PHY_CSR6, tmp | (tx & 0x7));
1345 }
1346 
1347 static void
1348 ural_set_rxantenna(struct ural_softc *sc, int antenna)
1349 {
1350 	uint8_t rx;
1351 
1352 	rx = ural_bbp_read(sc, RAL_BBP_RX) & ~RAL_BBP_ANTMASK;
1353 	if (antenna == 1)
1354 		rx |= RAL_BBP_ANTA;
1355 	else if (antenna == 2)
1356 		rx |= RAL_BBP_ANTB;
1357 	else
1358 		rx |= RAL_BBP_DIVERSITY;
1359 
1360 	/* need to force no I/Q flip for RF 2525e and 2526 */
1361 	if (sc->rf_rev == RAL_RF_2525E || sc->rf_rev == RAL_RF_2526)
1362 		rx &= ~RAL_BBP_FLIPIQ;
1363 
1364 	ural_bbp_write(sc, RAL_BBP_RX, rx);
1365 }
1366 
1367 /*
1368  * This function is called periodically (every 200ms) during scanning to
1369  * switch from one channel to another.
1370  */
1371 static void
1372 ural_next_scan(void *arg)
1373 {
1374 	struct ural_softc *sc = arg;
1375 	struct ieee80211com *ic = &sc->sc_ic;
1376 
1377 	if (ic->ic_state == IEEE80211_S_SCAN)
1378 		ieee80211_next_scan(ic);
1379 }
1380 
1381 static int
1382 ural_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1383 {
1384 	struct ural_softc *sc = (struct ural_softc *)ic;
1385 	enum ieee80211_state ostate;
1386 	struct ieee80211_node *ni;
1387 	int err;
1388 
1389 	RAL_LOCK(sc);
1390 
1391 	ostate = ic->ic_state;
1392 
1393 	if (sc->sc_scan_id != 0) {
1394 		(void) untimeout(sc->sc_scan_id);
1395 		sc->sc_scan_id = 0;
1396 	}
1397 
1398 	if (sc->sc_amrr_id != 0) {
1399 		(void) untimeout(sc->sc_amrr_id);
1400 		sc->sc_amrr_id = 0;
1401 	}
1402 
1403 	switch (nstate) {
1404 	case IEEE80211_S_INIT:
1405 		if (ostate == IEEE80211_S_RUN) {
1406 			/* abort TSF synchronization */
1407 			ural_write(sc, RAL_TXRX_CSR19, 0);
1408 			/* force tx led to stop blinking */
1409 			ural_write(sc, RAL_MAC_CSR20, 0);
1410 		}
1411 		break;
1412 
1413 	case IEEE80211_S_SCAN:
1414 		ural_set_chan(sc, ic->ic_curchan);
1415 		sc->sc_scan_id = timeout(ural_next_scan, (void *)sc,
1416 		    drv_usectohz(sc->dwelltime * 1000));
1417 		break;
1418 
1419 	case IEEE80211_S_AUTH:
1420 		ural_set_chan(sc, ic->ic_curchan);
1421 		break;
1422 
1423 	case IEEE80211_S_ASSOC:
1424 		ural_set_chan(sc, ic->ic_curchan);
1425 		break;
1426 
1427 	case IEEE80211_S_RUN:
1428 		ural_set_chan(sc, ic->ic_curchan);
1429 
1430 		ni = ic->ic_bss;
1431 
1432 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1433 			ural_update_slot(ic, 1);
1434 			ural_set_txpreamble(sc);
1435 			ural_set_basicrates(sc);
1436 			ural_set_bssid(sc, ni->in_bssid);
1437 		}
1438 
1439 
1440 		/* make tx led blink on tx (controlled by ASIC) */
1441 		ural_write(sc, RAL_MAC_CSR20, 1);
1442 
1443 		if (ic->ic_opmode != IEEE80211_M_MONITOR)
1444 			ural_enable_tsf_sync(sc);
1445 
1446 		/* enable automatic rate adaptation in STA mode */
1447 		if (ic->ic_opmode == IEEE80211_M_STA &&
1448 		    ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1449 			ural_amrr_start(sc, ni);
1450 
1451 		break;
1452 	}
1453 
1454 	RAL_UNLOCK(sc);
1455 
1456 	err = sc->sc_newstate(ic, nstate, arg);
1457 	/*
1458 	 * Finally, start any timers.
1459 	 */
1460 	if (nstate == IEEE80211_S_RUN)
1461 		ieee80211_start_watchdog(ic, 1);
1462 
1463 	return (err);
1464 }
1465 
1466 
1467 
1468 static void
1469 ural_close_pipes(struct ural_softc *sc)
1470 {
1471 	usb_flags_t flags = USB_FLAGS_SLEEP;
1472 
1473 	if (sc->sc_rx_pipeh != NULL) {
1474 		usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1475 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1476 		sc->sc_rx_pipeh = NULL;
1477 	}
1478 
1479 	if (sc->sc_tx_pipeh != NULL) {
1480 		usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1481 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1482 		sc->sc_tx_pipeh = NULL;
1483 	}
1484 }
1485 
1486 static int
1487 ural_open_pipes(struct ural_softc *sc)
1488 {
1489 	usb_ep_data_t *ep_node;
1490 	usb_pipe_policy_t policy;
1491 	int err;
1492 
1493 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1494 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1495 
1496 	bzero(&policy, sizeof (usb_pipe_policy_t));
1497 	policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1498 
1499 	if ((err = usb_pipe_open(sc->sc_dev,
1500 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1501 	    &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1502 		ral_debug(RAL_DBG_ERR,
1503 		    "ural_open_pipes(): %x failed to open tx pipe\n", err);
1504 		goto fail;
1505 	}
1506 
1507 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1508 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1509 
1510 	bzero(&policy, sizeof (usb_pipe_policy_t));
1511 	policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1512 
1513 	if ((err = usb_pipe_open(sc->sc_dev,
1514 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1515 	    &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1516 		ral_debug(RAL_DBG_ERR,
1517 		    "ural_open_pipes(): %x failed to open rx pipe\n", err);
1518 		goto fail;
1519 	}
1520 
1521 	return (USB_SUCCESS);
1522 
1523 fail:
1524 	if (sc->sc_rx_pipeh != NULL) {
1525 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1526 		    USB_FLAGS_SLEEP, NULL, 0);
1527 		sc->sc_rx_pipeh = NULL;
1528 	}
1529 
1530 	if (sc->sc_tx_pipeh != NULL) {
1531 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1532 		    USB_FLAGS_SLEEP, NULL, 0);
1533 		sc->sc_tx_pipeh = NULL;
1534 	}
1535 
1536 	return (USB_FAILURE);
1537 }
1538 
1539 static int
1540 ural_tx_trigger(struct ural_softc *sc, mblk_t *mp)
1541 {
1542 	usb_bulk_req_t *req;
1543 	int err;
1544 
1545 	sc->sc_tx_timer = RAL_TX_TIMEOUT;
1546 
1547 	req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1548 	if (req == NULL) {
1549 		ral_debug(RAL_DBG_ERR,
1550 		    "ural_tx_trigger(): failed to allocate req");
1551 		freemsg(mp);
1552 		return (-1);
1553 	}
1554 
1555 	req->bulk_len		= (uintptr_t)mp->b_wptr - (uintptr_t)mp->b_rptr;
1556 	req->bulk_data		= mp;
1557 	req->bulk_client_private = (usb_opaque_t)sc;
1558 	req->bulk_timeout	= RAL_TX_TIMEOUT;
1559 	req->bulk_attributes	= USB_ATTRS_AUTOCLEARING;
1560 	req->bulk_cb		= ural_txeof;
1561 	req->bulk_exc_cb	= ural_txeof;
1562 	req->bulk_completion_reason = 0;
1563 	req->bulk_cb_flags	= 0;
1564 
1565 	if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1566 	    != USB_SUCCESS) {
1567 
1568 		ral_debug(RAL_DBG_ERR, "ural_tx_trigger(): "
1569 		    "failed to do tx xfer, %d", err);
1570 		usb_free_bulk_req(req);
1571 		return (-1);
1572 	}
1573 
1574 	sc->tx_queued++;
1575 
1576 	return (0);
1577 }
1578 
1579 static int
1580 ural_rx_trigger(struct ural_softc *sc)
1581 {
1582 	usb_bulk_req_t *req;
1583 	int err;
1584 
1585 	req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1586 	if (req == NULL) {
1587 		ral_debug(RAL_DBG_ERR,
1588 		    "ural_rx_trigger(): failed to allocate req");
1589 		return (-1);
1590 	}
1591 
1592 	req->bulk_len		= RAL_RXBUF_SIZE;
1593 	req->bulk_client_private = (usb_opaque_t)sc;
1594 	req->bulk_timeout	= 0;
1595 	req->bulk_attributes	= USB_ATTRS_SHORT_XFER_OK
1596 	    | USB_ATTRS_AUTOCLEARING;
1597 	req->bulk_cb		= ural_rxeof;
1598 	req->bulk_exc_cb	= ural_rxeof;
1599 	req->bulk_completion_reason = 0;
1600 	req->bulk_cb_flags	= 0;
1601 
1602 	err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1603 
1604 	if (err != USB_SUCCESS) {
1605 		ral_debug(RAL_DBG_ERR, "ural_rx_trigger(): "
1606 		    "failed to do rx xfer, %d", err);
1607 		usb_free_bulk_req(req);
1608 
1609 		return (-1);
1610 	}
1611 
1612 	mutex_enter(&sc->rx_lock);
1613 	sc->rx_queued++;
1614 	mutex_exit(&sc->rx_lock);
1615 
1616 	return (0);
1617 }
1618 
1619 static void
1620 ural_init_tx_queue(struct ural_softc *sc)
1621 {
1622 	sc->tx_queued = 0;
1623 }
1624 
1625 static int
1626 ural_init_rx_queue(struct ural_softc *sc)
1627 {
1628 	int	i;
1629 
1630 	sc->rx_queued = 0;
1631 
1632 	for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1633 		if (ural_rx_trigger(sc) != 0) {
1634 			return (USB_FAILURE);
1635 		}
1636 	}
1637 
1638 	return (USB_SUCCESS);
1639 }
1640 
1641 static void
1642 ural_stop(struct ural_softc *sc)
1643 {
1644 	struct ieee80211com *ic = &sc->sc_ic;
1645 
1646 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1647 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1648 
1649 	RAL_LOCK(sc);
1650 
1651 	sc->sc_tx_timer = 0;
1652 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1653 
1654 	/* disable Rx */
1655 	ural_write(sc, RAL_TXRX_CSR2, RAL_DISABLE_RX);
1656 
1657 	/* reset ASIC and BBP (but won't reset MAC registers!) */
1658 	ural_write(sc, RAL_MAC_CSR1, RAL_RESET_ASIC | RAL_RESET_BBP);
1659 	ural_write(sc, RAL_MAC_CSR1, 0);
1660 
1661 	ural_close_pipes(sc);
1662 
1663 	RAL_UNLOCK(sc);
1664 }
1665 
1666 static int
1667 ural_init(struct ural_softc *sc)
1668 {
1669 	struct ieee80211com *ic = &sc->sc_ic;
1670 	uint16_t tmp;
1671 	int i, ntries;
1672 
1673 	ural_set_testmode(sc);
1674 	ural_write(sc, 0x308, 0x00f0);	/* magic */
1675 
1676 	ural_stop(sc);
1677 
1678 	/* initialize MAC registers to default values */
1679 	for (i = 0; i < URAL_N(ural_def_mac); i++)
1680 		ural_write(sc, ural_def_mac[i].reg, ural_def_mac[i].val);
1681 
1682 	/* wait for BBP and RF to wake up (this can take a long time!) */
1683 	for (ntries = 0; ntries < 100; ntries++) {
1684 		tmp = ural_read(sc, RAL_MAC_CSR17);
1685 		if ((tmp & (RAL_BBP_AWAKE | RAL_RF_AWAKE)) ==
1686 		    (RAL_BBP_AWAKE | RAL_RF_AWAKE))
1687 			break;
1688 		drv_usecwait(1000);
1689 	}
1690 	if (ntries == 100) {
1691 		ral_debug(RAL_DBG_ERR,
1692 		    "ural_init(): timeout waiting for BBP/RF to wakeup\n");
1693 		goto fail;
1694 	}
1695 
1696 	/* we're ready! */
1697 	ural_write(sc, RAL_MAC_CSR1, RAL_HOST_READY);
1698 
1699 	/* set basic rate set (will be updated later) */
1700 	ural_write(sc, RAL_TXRX_CSR11, 0x15f);
1701 
1702 	if (ural_bbp_init(sc) != 0)
1703 		goto fail;
1704 
1705 	/* set default BSS channel */
1706 	ural_set_chan(sc, ic->ic_curchan);
1707 
1708 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1709 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1710 
1711 	ural_set_txantenna(sc, sc->tx_ant);
1712 	ural_set_rxantenna(sc, sc->rx_ant);
1713 
1714 	ural_set_macaddr(sc, ic->ic_macaddr);
1715 
1716 	if (ural_open_pipes(sc) != USB_SUCCESS) {
1717 		ral_debug(RAL_DBG_ERR, "ural_init(): "
1718 		    "could not open pipes.\n");
1719 		goto fail;
1720 	}
1721 
1722 	ural_init_tx_queue(sc);
1723 
1724 	if (ural_init_rx_queue(sc) != USB_SUCCESS)
1725 		goto fail;
1726 
1727 	/* kick Rx */
1728 	tmp = RAL_DROP_PHY | RAL_DROP_CRC;
1729 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1730 		tmp |= RAL_DROP_CTL | RAL_DROP_BAD_VERSION;
1731 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1732 			tmp |= RAL_DROP_TODS;
1733 		if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1734 			tmp |= RAL_DROP_NOT_TO_ME;
1735 	}
1736 	ural_write(sc, RAL_TXRX_CSR2, tmp);
1737 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1738 
1739 	return (DDI_SUCCESS);
1740 fail:
1741 	ural_stop(sc);
1742 	return (EIO);
1743 }
1744 
1745 static int
1746 ural_disconnect(dev_info_t *devinfo)
1747 {
1748 	struct ural_softc *sc;
1749 	struct ieee80211com *ic;
1750 
1751 	/*
1752 	 * We can't call ural_stop() here, since the hardware is removed,
1753 	 * we can't access the register anymore.
1754 	 */
1755 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1756 	ASSERT(sc != NULL);
1757 
1758 	if (!RAL_IS_RUNNING(sc))	/* different device or not inited */
1759 		return (DDI_SUCCESS);
1760 
1761 	ic = &sc->sc_ic;
1762 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1763 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1764 
1765 	RAL_LOCK(sc);
1766 
1767 	sc->sc_tx_timer = 0;
1768 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1769 
1770 	ural_close_pipes(sc);
1771 
1772 	RAL_UNLOCK(sc);
1773 
1774 	return (DDI_SUCCESS);
1775 }
1776 
1777 static int
1778 ural_reconnect(dev_info_t *devinfo)
1779 {
1780 	struct ural_softc *sc;
1781 	int err;
1782 
1783 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
1784 	ASSERT(sc != NULL);
1785 
1786 	/* check device changes after disconnect */
1787 	if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1788 	    USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1789 		ral_debug(RAL_DBG_ERR, "different device connected\n");
1790 		return (DDI_FAILURE);
1791 	}
1792 
1793 	err = ural_init(sc);
1794 
1795 	return (err);
1796 }
1797 
1798 static void
1799 ural_resume(struct ural_softc *sc)
1800 {
1801 	/* check device changes after suspend */
1802 	if (usb_check_same_device(sc->sc_dev, NULL, USB_LOG_L2, -1,
1803 	    USB_CHK_BASIC | USB_CHK_CFG, NULL) != USB_SUCCESS) {
1804 		ral_debug(RAL_DBG_ERR, "no or different device connected\n");
1805 		return;
1806 	}
1807 
1808 	(void) ural_init(sc);
1809 }
1810 
1811 #define	URAL_AMRR_MIN_SUCCESS_THRESHOLD	1
1812 #define	URAL_AMRR_MAX_SUCCESS_THRESHOLD	10
1813 
1814 /*
1815  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1816  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1817  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1818  * INRIA Sophia - Projet Planete
1819  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1820  *
1821  * This algorithm is particularly well suited for ural since it does not
1822  * require per-frame retry statistics.  Note however that since h/w does
1823  * not provide per-frame stats, we can't do per-node rate adaptation and
1824  * thus automatic rate adaptation is only enabled in STA operating mode.
1825  */
1826 #define	is_success(amrr)	\
1827 	((amrr)->retrycnt < (amrr)->txcnt / 10)
1828 #define	is_failure(amrr)	\
1829 	((amrr)->retrycnt > (amrr)->txcnt / 3)
1830 #define	is_enough(amrr)		\
1831 	((amrr)->txcnt > 10)
1832 #define	is_min_rate(ni)		\
1833 	((ni)->in_txrate == 0)
1834 #define	is_max_rate(ni)		\
1835 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1836 #define	increase_rate(ni)	\
1837 	((ni)->in_txrate++)
1838 #define	decrease_rate(ni)	\
1839 	((ni)->in_txrate--)
1840 #define	reset_cnt(amrr)	do {	\
1841 	(amrr)->txcnt = (amrr)->retrycnt = 0;	\
1842 	_NOTE(CONSTCOND)	\
1843 } while (/* CONSTCOND */0)
1844 
1845 static void
1846 ural_ratectl(struct ural_amrr *amrr, struct ieee80211_node *ni)
1847 {
1848 	int need_change = 0;
1849 
1850 	if (is_success(amrr) && is_enough(amrr)) {
1851 		amrr->success++;
1852 		if (amrr->success >= amrr->success_threshold &&
1853 		    !is_max_rate(ni)) {
1854 			amrr->recovery = 1;
1855 			amrr->success = 0;
1856 			increase_rate(ni);
1857 			need_change = 1;
1858 		} else {
1859 			amrr->recovery = 0;
1860 		}
1861 	} else if (is_failure(amrr)) {
1862 		amrr->success = 0;
1863 		if (!is_min_rate(ni)) {
1864 			if (amrr->recovery) {
1865 				amrr->success_threshold *= 2;
1866 				if (amrr->success_threshold >
1867 				    URAL_AMRR_MAX_SUCCESS_THRESHOLD)
1868 					amrr->success_threshold =
1869 					    URAL_AMRR_MAX_SUCCESS_THRESHOLD;
1870 			} else {
1871 				amrr->success_threshold =
1872 				    URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1873 			}
1874 			decrease_rate(ni);
1875 			need_change = 1;
1876 		}
1877 		amrr->recovery = 0;	/* original paper was incorrect */
1878 	}
1879 
1880 	if (is_enough(amrr) || need_change)
1881 		reset_cnt(amrr);
1882 }
1883 
1884 static void
1885 ural_amrr_timeout(void *arg)
1886 {
1887 	struct ural_softc *sc = (struct ural_softc *)arg;
1888 	struct ural_amrr *amrr = &sc->amrr;
1889 
1890 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1891 
1892 	/* count TX retry-fail as Tx errors */
1893 	sc->sc_tx_err += sc->sta[9];
1894 	sc->sc_tx_retries += (sc->sta[7] + sc->sta[8]);
1895 
1896 	amrr->retrycnt =
1897 	    sc->sta[7] +	/* TX one-retry ok count */
1898 	    sc->sta[8] +	/* TX more-retry ok count */
1899 	    sc->sta[9];		/* TX retry-fail count */
1900 
1901 	amrr->txcnt =
1902 	    amrr->retrycnt +
1903 	    sc->sta[6];		/* TX no-retry ok count */
1904 
1905 	ural_ratectl(amrr, sc->sc_ic.ic_bss);
1906 
1907 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1908 	    drv_usectohz(1000 * 1000)); /* 1 second */
1909 }
1910 
1911 
1912 static void
1913 ural_amrr_start(struct ural_softc *sc, struct ieee80211_node *ni)
1914 {
1915 	struct ural_amrr *amrr = &sc->amrr;
1916 	int i;
1917 
1918 	/* clear statistic registers (STA_CSR0 to STA_CSR10) */
1919 	ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof (sc->sta));
1920 
1921 	amrr->success = 0;
1922 	amrr->recovery = 0;
1923 	amrr->txcnt = amrr->retrycnt = 0;
1924 	amrr->success_threshold = URAL_AMRR_MIN_SUCCESS_THRESHOLD;
1925 
1926 	/* set rate to some reasonable initial value */
1927 	for (i = ni->in_rates.ir_nrates - 1;
1928 	    i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1929 	    i--) {
1930 	}
1931 
1932 	ni->in_txrate = i;
1933 
1934 	sc->sc_amrr_id = timeout(ural_amrr_timeout, (void *)sc,
1935 	    drv_usectohz(1000 * 1000)); /* 1 second */
1936 }
1937 
1938 void
1939 ural_watchdog(void *arg)
1940 {
1941 	struct ural_softc *sc = arg;
1942 	struct ieee80211com *ic = &sc->sc_ic;
1943 	int ntimer = 0;
1944 
1945 	RAL_LOCK(sc);
1946 	ic->ic_watchdog_timer = 0;
1947 
1948 	if (!RAL_IS_RUNNING(sc)) {
1949 		RAL_UNLOCK(sc);
1950 		return;
1951 	}
1952 
1953 	if (sc->sc_tx_timer > 0) {
1954 		if (--sc->sc_tx_timer == 0) {
1955 			ral_debug(RAL_DBG_ERR, "tx timer timeout\n");
1956 			RAL_UNLOCK(sc);
1957 			(void) ural_init(sc);
1958 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1959 			return;
1960 		}
1961 	}
1962 
1963 	if (ic->ic_state == IEEE80211_S_RUN)
1964 		ntimer = 1;
1965 
1966 	RAL_UNLOCK(sc);
1967 
1968 	ieee80211_watchdog(ic);
1969 
1970 	if (ntimer)
1971 		ieee80211_start_watchdog(ic, ntimer);
1972 }
1973 
1974 static int
1975 ural_m_start(void *arg)
1976 {
1977 	struct ural_softc *sc = (struct ural_softc *)arg;
1978 	int err;
1979 
1980 	/*
1981 	 * initialize RT2500USB hardware
1982 	 */
1983 	err = ural_init(sc);
1984 	if (err != DDI_SUCCESS) {
1985 		ral_debug(RAL_DBG_ERR, "device configuration failed\n");
1986 		goto fail;
1987 	}
1988 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1989 	return (err);
1990 
1991 fail:
1992 	ural_stop(sc);
1993 	return (err);
1994 }
1995 
1996 static void
1997 ural_m_stop(void *arg)
1998 {
1999 	struct ural_softc *sc = (struct ural_softc *)arg;
2000 
2001 	(void) ural_stop(sc);
2002 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
2003 }
2004 
2005 static int
2006 ural_m_unicst(void *arg, const uint8_t *macaddr)
2007 {
2008 	struct ural_softc *sc = (struct ural_softc *)arg;
2009 	struct ieee80211com *ic = &sc->sc_ic;
2010 
2011 	ral_debug(RAL_DBG_MSG, "ural_m_unicst(): " MACSTR "\n",
2012 	    MAC2STR(macaddr));
2013 
2014 	IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2015 	(void) ural_set_macaddr(sc, (uint8_t *)macaddr);
2016 	(void) ural_init(sc);
2017 
2018 	return (0);
2019 }
2020 
2021 /*ARGSUSED*/
2022 static int
2023 ural_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2024 {
2025 	return (0);
2026 }
2027 
2028 static int
2029 ural_m_promisc(void *arg, boolean_t on)
2030 {
2031 	struct ural_softc *sc = (struct ural_softc *)arg;
2032 
2033 	if (on) {
2034 		sc->sc_rcr |= RAL_RCR_PROMISC;
2035 		sc->sc_rcr |= RAL_RCR_MULTI;
2036 	} else {
2037 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2038 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2039 	}
2040 
2041 	ural_update_promisc(sc);
2042 	return (0);
2043 }
2044 
2045 /*
2046  * callback functions for /get/set properties
2047  */
2048 static int
2049 ural_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2050     uint_t wldp_length, const void *wldp_buf)
2051 {
2052 	struct ural_softc *sc = (struct ural_softc *)arg;
2053 	struct ieee80211com *ic = &sc->sc_ic;
2054 	int err;
2055 
2056 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2057 	    wldp_length, wldp_buf);
2058 	RAL_LOCK(sc);
2059 	if (err == ENETRESET) {
2060 		if (RAL_IS_RUNNING(sc)) {
2061 			RAL_UNLOCK(sc);
2062 			(void) ural_init(sc);
2063 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2064 			RAL_LOCK(sc);
2065 		}
2066 		err = 0;
2067 	}
2068 	RAL_UNLOCK(sc);
2069 
2070 	return (err);
2071 }
2072 
2073 static int
2074 ural_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2075     uint_t wldp_length, void *wldp_buf)
2076 {
2077 	struct ural_softc *sc = (struct ural_softc *)arg;
2078 	int err;
2079 
2080 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2081 	    wldp_length, wldp_buf);
2082 
2083 	return (err);
2084 }
2085 
2086 static void
2087 ural_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2088     mac_prop_info_handle_t mph)
2089 {
2090 	struct ural_softc *sc = (struct ural_softc *)arg;
2091 
2092 	ieee80211_propinfo(&sc->sc_ic, pr_name, wldp_pr_num, mph);
2093 }
2094 
2095 static void
2096 ural_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2097 {
2098 	struct ural_softc *sc = (struct ural_softc *)arg;
2099 	struct ieee80211com *ic = &sc->sc_ic;
2100 	int err;
2101 
2102 	err = ieee80211_ioctl(ic, wq, mp);
2103 	RAL_LOCK(sc);
2104 	if (err == ENETRESET) {
2105 		if (RAL_IS_RUNNING(sc)) {
2106 			RAL_UNLOCK(sc);
2107 			(void) ural_init(sc);
2108 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2109 			RAL_LOCK(sc);
2110 		}
2111 	}
2112 	RAL_UNLOCK(sc);
2113 }
2114 
2115 static int
2116 ural_m_stat(void *arg, uint_t stat, uint64_t *val)
2117 {
2118 	struct ural_softc *sc  = (struct ural_softc *)arg;
2119 	ieee80211com_t	*ic = &sc->sc_ic;
2120 	ieee80211_node_t *ni = ic->ic_bss;
2121 	struct ieee80211_rateset *rs = &ni->in_rates;
2122 
2123 	RAL_LOCK(sc);
2124 	switch (stat) {
2125 	case MAC_STAT_IFSPEED:
2126 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2127 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2128 		    : ic->ic_fixed_rate) / 2 * 1000000;
2129 		break;
2130 	case MAC_STAT_NOXMTBUF:
2131 		*val = sc->sc_tx_nobuf;
2132 		break;
2133 	case MAC_STAT_NORCVBUF:
2134 		*val = sc->sc_rx_nobuf;
2135 		break;
2136 	case MAC_STAT_IERRORS:
2137 		*val = sc->sc_rx_err;
2138 		break;
2139 	case MAC_STAT_RBYTES:
2140 		*val = ic->ic_stats.is_rx_bytes;
2141 		break;
2142 	case MAC_STAT_IPACKETS:
2143 		*val = ic->ic_stats.is_rx_frags;
2144 		break;
2145 	case MAC_STAT_OBYTES:
2146 		*val = ic->ic_stats.is_tx_bytes;
2147 		break;
2148 	case MAC_STAT_OPACKETS:
2149 		*val = ic->ic_stats.is_tx_frags;
2150 		break;
2151 	case MAC_STAT_OERRORS:
2152 	case WIFI_STAT_TX_FAILED:
2153 		*val = sc->sc_tx_err;
2154 		break;
2155 	case WIFI_STAT_TX_RETRANS:
2156 		*val = sc->sc_tx_retries;
2157 		break;
2158 	case WIFI_STAT_FCS_ERRORS:
2159 	case WIFI_STAT_WEP_ERRORS:
2160 	case WIFI_STAT_TX_FRAGS:
2161 	case WIFI_STAT_MCAST_TX:
2162 	case WIFI_STAT_RTS_SUCCESS:
2163 	case WIFI_STAT_RTS_FAILURE:
2164 	case WIFI_STAT_ACK_FAILURE:
2165 	case WIFI_STAT_RX_FRAGS:
2166 	case WIFI_STAT_MCAST_RX:
2167 	case WIFI_STAT_RX_DUPS:
2168 		RAL_UNLOCK(sc);
2169 		return (ieee80211_stat(ic, stat, val));
2170 	default:
2171 		RAL_UNLOCK(sc);
2172 		return (ENOTSUP);
2173 	}
2174 	RAL_UNLOCK(sc);
2175 
2176 	return (0);
2177 }
2178 
2179 
2180 static int
2181 ural_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2182 {
2183 	struct ural_softc *sc;
2184 	struct ieee80211com *ic;
2185 	int err, i;
2186 	int instance;
2187 
2188 	char strbuf[32];
2189 
2190 	wifi_data_t wd = { 0 };
2191 	mac_register_t *macp;
2192 
2193 	switch (cmd) {
2194 	case DDI_ATTACH:
2195 		break;
2196 	case DDI_RESUME:
2197 		sc = ddi_get_soft_state(ural_soft_state_p,
2198 		    ddi_get_instance(devinfo));
2199 		ASSERT(sc != NULL);
2200 		ural_resume(sc);
2201 		return (DDI_SUCCESS);
2202 	default:
2203 		return (DDI_FAILURE);
2204 	}
2205 
2206 	instance = ddi_get_instance(devinfo);
2207 
2208 	if (ddi_soft_state_zalloc(ural_soft_state_p, instance) != DDI_SUCCESS) {
2209 		ral_debug(RAL_DBG_MSG, "ural_attach(): "
2210 		    "unable to alloc soft_state_p\n");
2211 		return (DDI_FAILURE);
2212 	}
2213 
2214 	sc = ddi_get_soft_state(ural_soft_state_p, instance);
2215 	ic = (ieee80211com_t *)&sc->sc_ic;
2216 	sc->sc_dev = devinfo;
2217 
2218 	if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2219 		ral_debug(RAL_DBG_ERR,
2220 		    "ural_attach(): usb_client_attach failed\n");
2221 		goto fail1;
2222 	}
2223 
2224 	if (usb_get_dev_data(devinfo, &sc->sc_udev,
2225 	    USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2226 		sc->sc_udev = NULL;
2227 		goto fail2;
2228 	}
2229 
2230 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2231 	mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2232 	mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2233 
2234 	/* retrieve RT2570 rev. no */
2235 	sc->asic_rev = ural_read(sc, RAL_MAC_CSR0);
2236 
2237 	/* retrieve MAC address and various other things from EEPROM */
2238 	ural_read_eeprom(sc);
2239 
2240 	ral_debug(RAL_DBG_MSG, "ural: MAC/BBP RT2570 (rev 0x%02x), RF %s\n",
2241 	    sc->asic_rev, ural_get_rf(sc->rf_rev));
2242 
2243 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
2244 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
2245 	ic->ic_state = IEEE80211_S_INIT;
2246 
2247 	ic->ic_maxrssi = 63;
2248 	ic->ic_set_shortslot = ural_update_slot;
2249 	ic->ic_xmit = ural_send;
2250 
2251 	/* set device capabilities */
2252 	ic->ic_caps =
2253 	    IEEE80211_C_TXPMGT |	/* tx power management */
2254 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2255 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2256 
2257 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2258 
2259 #define	IEEE80211_CHAN_A	\
2260 	(IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2261 
2262 	if (sc->rf_rev == RAL_RF_5222) {
2263 		/* set supported .11a rates */
2264 		ic->ic_sup_rates[IEEE80211_MODE_11A] = ural_rateset_11a;
2265 
2266 		/* set supported .11a channels */
2267 		for (i = 36; i <= 64; i += 4) {
2268 			ic->ic_sup_channels[i].ich_freq =
2269 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2270 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2271 		}
2272 		for (i = 100; i <= 140; i += 4) {
2273 			ic->ic_sup_channels[i].ich_freq =
2274 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2275 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2276 		}
2277 		for (i = 149; i <= 161; i += 4) {
2278 			ic->ic_sup_channels[i].ich_freq =
2279 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2280 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2281 		}
2282 	}
2283 
2284 	/* set supported .11b and .11g rates */
2285 	ic->ic_sup_rates[IEEE80211_MODE_11B] = ural_rateset_11b;
2286 	ic->ic_sup_rates[IEEE80211_MODE_11G] = ural_rateset_11g;
2287 
2288 	/* set supported .11b and .11g channels (1 through 14) */
2289 	for (i = 1; i <= 14; i++) {
2290 		ic->ic_sup_channels[i].ich_freq =
2291 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2292 		ic->ic_sup_channels[i].ich_flags =
2293 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2294 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2295 	}
2296 
2297 	ieee80211_attach(ic);
2298 
2299 	/* register WPA door */
2300 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2301 	    ddi_get_instance(devinfo));
2302 
2303 	/* override state transition machine */
2304 	sc->sc_newstate = ic->ic_newstate;
2305 	ic->ic_newstate = ural_newstate;
2306 	ic->ic_watchdog = ural_watchdog;
2307 	ieee80211_media_init(ic);
2308 	ic->ic_def_txkey = 0;
2309 
2310 	sc->sc_rcr = 0;
2311 	sc->dwelltime = 300;
2312 	sc->sc_flags &= 0;
2313 
2314 	/*
2315 	 * Provide initial settings for the WiFi plugin; whenever this
2316 	 * information changes, we need to call mac_plugindata_update()
2317 	 */
2318 	wd.wd_opmode = ic->ic_opmode;
2319 	wd.wd_secalloc = WIFI_SEC_NONE;
2320 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2321 
2322 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2323 		ral_debug(RAL_DBG_ERR, "ural_attach(): "
2324 		    "MAC version mismatch\n");
2325 		goto fail3;
2326 	}
2327 
2328 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
2329 	macp->m_driver		= sc;
2330 	macp->m_dip		= devinfo;
2331 	macp->m_src_addr	= ic->ic_macaddr;
2332 	macp->m_callbacks	= &ural_m_callbacks;
2333 	macp->m_min_sdu		= 0;
2334 	macp->m_max_sdu		= IEEE80211_MTU;
2335 	macp->m_pdata		= &wd;
2336 	macp->m_pdata_size	= sizeof (wd);
2337 
2338 	err = mac_register(macp, &ic->ic_mach);
2339 	mac_free(macp);
2340 	if (err != 0) {
2341 		ral_debug(RAL_DBG_ERR, "ural_attach(): "
2342 		    "mac_register() err %x\n", err);
2343 		goto fail3;
2344 	}
2345 
2346 	if (usb_register_hotplug_cbs(devinfo, ural_disconnect,
2347 	    ural_reconnect) != USB_SUCCESS) {
2348 		ral_debug(RAL_DBG_ERR,
2349 		    "ural: ural_attach() failed to register events");
2350 		goto fail4;
2351 	}
2352 
2353 	/*
2354 	 * Create minor node of type DDI_NT_NET_WIFI
2355 	 */
2356 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2357 	    "ural", instance);
2358 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2359 	    instance + 1, DDI_NT_NET_WIFI, 0);
2360 
2361 	if (err != DDI_SUCCESS)
2362 		ral_debug(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2363 
2364 	/*
2365 	 * Notify link is down now
2366 	 */
2367 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2368 
2369 	return (DDI_SUCCESS);
2370 fail4:
2371 	(void) mac_unregister(ic->ic_mach);
2372 fail3:
2373 	mutex_destroy(&sc->sc_genlock);
2374 	mutex_destroy(&sc->tx_lock);
2375 	mutex_destroy(&sc->rx_lock);
2376 fail2:
2377 	usb_client_detach(sc->sc_dev, sc->sc_udev);
2378 fail1:
2379 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2380 
2381 	return (DDI_FAILURE);
2382 }
2383 
2384 static int
2385 ural_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2386 {
2387 	struct ural_softc *sc;
2388 
2389 	sc = ddi_get_soft_state(ural_soft_state_p, ddi_get_instance(devinfo));
2390 	ASSERT(sc != NULL);
2391 
2392 	switch (cmd) {
2393 	case DDI_DETACH:
2394 		break;
2395 	case DDI_SUSPEND:
2396 		if (RAL_IS_RUNNING(sc))
2397 			(void) ural_stop(sc);
2398 		return (DDI_SUCCESS);
2399 	default:
2400 		return (DDI_FAILURE);
2401 	}
2402 
2403 	if (mac_disable(sc->sc_ic.ic_mach) != 0)
2404 		return (DDI_FAILURE);
2405 
2406 	ural_stop(sc);
2407 	usb_unregister_hotplug_cbs(devinfo);
2408 
2409 	/*
2410 	 * Unregister from the MAC layer subsystem
2411 	 */
2412 	(void) mac_unregister(sc->sc_ic.ic_mach);
2413 
2414 	/*
2415 	 * detach ieee80211 layer
2416 	 */
2417 	ieee80211_detach(&sc->sc_ic);
2418 
2419 	mutex_destroy(&sc->sc_genlock);
2420 	mutex_destroy(&sc->tx_lock);
2421 	mutex_destroy(&sc->rx_lock);
2422 
2423 	/* pipes will be close in ural_stop() */
2424 	usb_client_detach(devinfo, sc->sc_udev);
2425 	sc->sc_udev = NULL;
2426 
2427 	ddi_remove_minor_node(devinfo, NULL);
2428 	ddi_soft_state_free(ural_soft_state_p, ddi_get_instance(devinfo));
2429 
2430 	return (DDI_SUCCESS);
2431 }
2432 
2433 int
2434 _info(struct modinfo *modinfop)
2435 {
2436 	return (mod_info(&modlinkage, modinfop));
2437 }
2438 
2439 int
2440 _init(void)
2441 {
2442 	int status;
2443 
2444 	status = ddi_soft_state_init(&ural_soft_state_p,
2445 	    sizeof (struct ural_softc), 1);
2446 	if (status != 0)
2447 		return (status);
2448 
2449 	mac_init_ops(&ural_dev_ops, "ural");
2450 	status = mod_install(&modlinkage);
2451 	if (status != 0) {
2452 		mac_fini_ops(&ural_dev_ops);
2453 		ddi_soft_state_fini(&ural_soft_state_p);
2454 	}
2455 	return (status);
2456 }
2457 
2458 int
2459 _fini(void)
2460 {
2461 	int status;
2462 
2463 	status = mod_remove(&modlinkage);
2464 	if (status == 0) {
2465 		mac_fini_ops(&ural_dev_ops);
2466 		ddi_soft_state_fini(&ural_soft_state_p);
2467 	}
2468 	return (status);
2469 }
2470