1
/*-
2
 * Copyright (c) 2020-2025 The FreeBSD Foundation
3
 * Copyright (c) 2020-2025 Bjoern A. Zeeb
4
 *
5
 * This software was developed by Björn Zeeb under sponsorship from
6
 * the FreeBSD Foundation.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27
 * SUCH DAMAGE.
28
 */
29

30
/*
31
 * Public functions are called linuxkpi_*().
32
 * Internal (static) functions are called lkpi_*().
33
 *
34
 * The internal structures holding metadata over public structures are also
35
 * called lkpi_xxx (usually with a member at the end called xxx).
36
 * Note: we do not replicate the structure names but the general variable names
37
 * for these (e.g., struct hw -> struct lkpi_hw, struct sta -> struct lkpi_sta).
38
 * There are macros to access one from the other.
39
 * We call the internal versions lxxx (e.g., hw -> lhw, sta -> lsta).
40
 */
41

42
/*
43
 * TODO:
44
 * - lots :)
45
 * - HW_CRYPTO: we need a "keystore" and an ordered list for suspend/resume.
46
 */
47

48
#include <sys/param.h>
49
#include <sys/types.h>
50
#include <sys/kernel.h>
51
#include <sys/errno.h>
52
#include <sys/malloc.h>
53
#include <sys/module.h>
54
#include <sys/mutex.h>
55
#include <sys/sbuf.h>
56
#include <sys/socket.h>
57
#include <sys/sysctl.h>
58
#include <sys/queue.h>
59
#include <sys/taskqueue.h>
60
#include <sys/libkern.h>
61

62
#include <net/if.h>
63
#include <net/if_var.h>
64
#include <net/if_media.h>
65
#include <net/ethernet.h>
66

67
#include <net80211/ieee80211_var.h>
68
#include <net80211/ieee80211_proto.h>
69
#include <net80211/ieee80211_ratectl.h>
70
#include <net80211/ieee80211_radiotap.h>
71
#include <net80211/ieee80211_vht.h>
72

73
#define	LINUXKPI_NET80211
74
#include <net/mac80211.h>
75

76
#include <linux/workqueue.h>
77
#include <linux/rculist.h>
78
#include "linux_80211.h"
79

80
/* #define	LKPI_80211_USE_SCANLIST */
81
/* #define	LKPI_80211_BGSCAN */
82
#define	LKPI_80211_WME
83
#define	LKPI_80211_HW_CRYPTO
84
#define	LKPI_80211_HT
85
#define	LKPI_80211_VHT
86

87
#if defined(LKPI_80211_VHT) && !defined(LKPI_80211_HT)
88
#define	LKPI_80211_HT
89
#endif
90
#if defined(LKPI_80211_HT) && !defined(LKPI_80211_HW_CRYPTO)
91
#define	LKPI_80211_HW_CRYPTO
92
#endif
93

94
static MALLOC_DEFINE(M_LKPI80211, "lkpi80211", "LinuxKPI 80211 compat");
95

96
/* XXX-BZ really want this and others in queue.h */
97
#define	TAILQ_ELEM_INIT(elm, field) do {				\
98
	(elm)->field.tqe_next = NULL;					\
99
	(elm)->field.tqe_prev = NULL;					\
100
} while (0)
101

102
/* -------------------------------------------------------------------------- */
103

104
SYSCTL_DECL(_compat_linuxkpi);
105
SYSCTL_NODE(_compat_linuxkpi, OID_AUTO, 80211, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
106
    "LinuxKPI 802.11 compatibility layer");
107

108
static bool lkpi_order_scanlist = false;
109
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, order_scanlist, CTLFLAG_RW,
110
    &lkpi_order_scanlist, 0, "Enable LinuxKPI 802.11 scan list shuffeling");
111

112
#if defined(LKPI_80211_HW_CRYPTO)
113
static bool lkpi_hwcrypto = false;
114
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, hw_crypto, CTLFLAG_RDTUN,
115
    &lkpi_hwcrypto, 0, "Enable LinuxKPI 802.11 hardware crypto offload");
116

117
static bool lkpi_hwcrypto_tkip = false;
118
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, tkip, CTLFLAG_RDTUN,
119
    &lkpi_hwcrypto_tkip, 0, "Enable LinuxKPI 802.11 TKIP crypto offload");
120
#endif
121

122
/* Keep public for as long as header files are using it too. */
123
int linuxkpi_debug_80211;
124

125
#ifdef LINUXKPI_DEBUG_80211
126
SYSCTL_INT(_compat_linuxkpi_80211, OID_AUTO, debug, CTLFLAG_RWTUN,
127
    &linuxkpi_debug_80211, 0, "LinuxKPI 802.11 debug level");
128

129
#define	UNIMPLEMENTED		if (linuxkpi_debug_80211 & D80211_TODO)		\
130
    printf("XXX-TODO %s:%d: UNIMPLEMENTED\n", __func__, __LINE__)
131
#define	TRACEOK()		if (linuxkpi_debug_80211 & D80211_TRACEOK)	\
132
    printf("XXX-TODO %s:%d: TRACEPOINT\n", __func__, __LINE__)
133
#else
134
#define	UNIMPLEMENTED		do { } while (0)
135
#define	TRACEOK()		do { } while (0)
136
#endif
137

138
/* #define	PREP_TX_INFO_DURATION	(IEEE80211_TRANS_WAIT * 1000) */
139
#ifndef PREP_TX_INFO_DURATION
140
#define	PREP_TX_INFO_DURATION	0 /* Let the driver do its thing. */
141
#endif
142

143
/* This is DSAP | SSAP | CTRL | ProtoID/OrgCode{3}. */
144
const uint8_t rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
145

146
/* IEEE 802.11-05/0257r1 */
147
const uint8_t bridge_tunnel_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
148

149
/* IEEE 802.11e Table 20i-UP-to-AC mappings. */
150
static const uint8_t ieee80211e_up_to_ac[] = {
151
	IEEE80211_AC_BE,
152
	IEEE80211_AC_BK,
153
	IEEE80211_AC_BK,
154
	IEEE80211_AC_BE,
155
	IEEE80211_AC_VI,
156
	IEEE80211_AC_VI,
157
	IEEE80211_AC_VO,
158
	IEEE80211_AC_VO,
159
#if 0
160
	IEEE80211_AC_VO, /* We treat MGMT as TID 8, which is set as AC_VO */
161
#endif
162
};
163

164
const struct cfg80211_ops linuxkpi_mac80211cfgops = {
165
	/*
166
	 * XXX TODO need a "glue layer" to link cfg80211 ops to
167
	 * mac80211 and to the driver or net80211.
168
	 * Can we pass some on 1:1? Need to compare the (*f)().
169
	 */
170
};
171

172
#if 0
173
static struct lkpi_sta *lkpi_find_lsta_by_ni(struct lkpi_vif *,
174
    struct ieee80211_node *);
175
#endif
176
static void lkpi_sw_scan_task(void *, int);
177
static void lkpi_80211_txq_tx_one(struct lkpi_sta *, struct mbuf *);
178
static void lkpi_80211_txq_task(void *, int);
179
static void lkpi_80211_lhw_rxq_task(void *, int);
180
static void lkpi_ieee80211_free_skb_mbuf(void *);
181
#ifdef LKPI_80211_WME
182
static int lkpi_wme_update(struct lkpi_hw *, struct ieee80211vap *, bool);
183
#endif
184
static void lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *);
185

186
static const char *
187
lkpi_rate_info_bw_to_str(enum rate_info_bw bw)
188
{
189

190
	switch (bw) {
191

192
        case RATE_INFO_BW_20:
193
		return ("20");
194
		break;
195
        case RATE_INFO_BW_5:
196
		return ("5");
197
		break;
198
        case RATE_INFO_BW_10:
199
		return ("10");
200
		break;
201
        case RATE_INFO_BW_40:
202
		return ("40");
203
		break;
204
        case RATE_INFO_BW_80:
205
		return ("80");
206
		break;
207
        case RATE_INFO_BW_160:
208
		return ("160");
209
		break;
210
        case RATE_INFO_BW_HE_RU:
211
		IMPROVE("nl80211_he_ru_alloc");
212
		return ("HE_RU");
213
		break;
214
        case RATE_INFO_BW_320:
215
		return ("320");
216
		break;
217
        case RATE_INFO_BW_EHT_RU:
218
		IMPROVE("nl80211_eht_ru_alloc");
219
		return ("EHT_RU");
220
		break;
221
	default:
222
		return ("?");
223
		break;
224
	}
225
}
226

227
static void
228
lkpi_nl80211_sta_info_to_str(struct sbuf *s, const char *prefix,
229
    const uint64_t flags)
230
{
231
	int bit, i;
232

233
	sbuf_printf(s, "%s %#010jx", prefix, flags);
234

235
	i = 0;
236
	for (bit = 0; bit < BITS_PER_TYPE(flags); bit++) {
237

238
		if ((flags & BIT_ULL(bit)) == 0)
239
			continue;
240

241
#define	EXPAND_CASE(_flag)						\
242
	case NL80211_STA_INFO_ ## _flag:				\
243
		sbuf_printf(s, "%c%s", (i == 0) ? '<' : ',', #_flag);	\
244
		i++;							\
245
		break;
246

247
		switch (bit) {
248
		EXPAND_CASE(BEACON_RX)
249
		EXPAND_CASE(BEACON_SIGNAL_AVG)
250
		EXPAND_CASE(BSS_PARAM)
251
		EXPAND_CASE(CHAIN_SIGNAL)
252
		EXPAND_CASE(CHAIN_SIGNAL_AVG)
253
		EXPAND_CASE(CONNECTED_TIME)
254
		EXPAND_CASE(INACTIVE_TIME)
255
		EXPAND_CASE(SIGNAL)
256
		EXPAND_CASE(SIGNAL_AVG)
257
		EXPAND_CASE(STA_FLAGS)
258
		EXPAND_CASE(RX_BITRATE)
259
		EXPAND_CASE(RX_PACKETS)
260
		EXPAND_CASE(RX_BYTES)
261
		EXPAND_CASE(RX_DROP_MISC)
262
		EXPAND_CASE(TX_BITRATE)
263
		EXPAND_CASE(TX_PACKETS)
264
		EXPAND_CASE(TX_BYTES)
265
		EXPAND_CASE(TX_BYTES64)
266
		EXPAND_CASE(RX_BYTES64)
267
		EXPAND_CASE(TX_FAILED)
268
		EXPAND_CASE(TX_RETRIES)
269
		EXPAND_CASE(RX_DURATION)
270
		EXPAND_CASE(TX_DURATION)
271
		EXPAND_CASE(ACK_SIGNAL)
272
		EXPAND_CASE(ACK_SIGNAL_AVG)
273
		default:
274
			sbuf_printf(s, "%c?%d", (i == 0) ? '<' : ',', bit);
275
			break;
276
		}
277
	}
278
#undef	EXPAND_CASE
279
	if (i > 0)
280
		sbuf_printf(s, ">");
281
	sbuf_printf(s, "\n");
282
}
283

284
static void
285
lkpi_80211_dump_lvif_stas(struct lkpi_vif *lvif, struct sbuf *s)
286
{
287
	struct lkpi_hw *lhw;
288
	struct ieee80211_hw *hw;
289
	struct ieee80211vap *vap;
290
	struct ieee80211_vif *vif;
291
	struct lkpi_sta *lsta;
292
	struct ieee80211_sta *sta;
293
	struct station_info sinfo;
294
	int error;
295

296
	vif = LVIF_TO_VIF(lvif);
297
	vap = LVIF_TO_VAP(lvif);
298
	lhw = vap->iv_ic->ic_softc;
299
	hw = LHW_TO_HW(lhw);
300

301
	wiphy_lock(hw->wiphy);
302
	list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
303
		sta = LSTA_TO_STA(lsta);
304

305
		sbuf_putc(s, '\n');
306
		sbuf_printf(s, "lsta %p sta %p added_to_drv %d\n", lsta, sta, lsta->added_to_drv);
307

308
		memset(&sinfo, 0, sizeof(sinfo));
309
		error = lkpi_80211_mo_sta_statistics(hw, vif, sta, &sinfo);
310
		if (error == EEXIST)	/* Not added to driver. */
311
			continue;
312
		if (error == ENOTSUPP) {
313
			sbuf_printf(s, " sta_statistics not supported\n");
314
			continue;
315
		}
316
		if (error != 0) {
317
			sbuf_printf(s, " sta_statistics failed: %d\n", error);
318
			continue;
319
		}
320

321
		/* If no RX_BITRATE is reported, try to fill it in from the lsta sinfo. */
322
		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) == 0 &&
323
		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) != 0) {
324
			memcpy(&sinfo.rxrate, &lsta->sinfo.rxrate, sizeof(sinfo.rxrate));
325
			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
326
		}
327
		/* If no CHAIN_SIGNAL is reported,  try to fill it in from the lsta sinfo. */
328
		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) == 0 &&
329
		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) != 0) {
330
			sinfo.chains = lsta->sinfo.chains;
331
			memcpy(sinfo.chain_signal, lsta->sinfo.chain_signal,
332
			    sizeof(sinfo.chain_signal));
333
			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
334
		}
335

336
		lkpi_nl80211_sta_info_to_str(s, " nl80211_sta_info (valid fields)", sinfo.filled);
337
		sbuf_printf(s, " connected_time %u inactive_time %u\n",
338
		    sinfo.connected_time, sinfo.inactive_time);
339
		sbuf_printf(s, " rx_bytes %ju rx_packets %u rx_dropped_misc %u\n",
340
		    (uintmax_t)sinfo.rx_bytes, sinfo.rx_packets, sinfo.rx_dropped_misc);
341
		sbuf_printf(s, " rx_duration %ju rx_beacon %u rx_beacon_signal_avg %d\n",
342
		    (uintmax_t)sinfo.rx_duration, sinfo.rx_beacon, (int8_t)sinfo.rx_beacon_signal_avg);
343

344
		sbuf_printf(s, " tx_bytes %ju tx_packets %u tx_failed %u\n",
345
		    (uintmax_t)sinfo.tx_bytes, sinfo.tx_packets, sinfo.tx_failed);
346
		sbuf_printf(s, " tx_duration %ju tx_retries %u\n",
347
		    (uintmax_t)sinfo.tx_duration, sinfo.tx_retries);
348

349
		sbuf_printf(s, " signal %d signal_avg %d ack_signal %d avg_ack_signal %d\n",
350
		    sinfo.signal, sinfo.signal_avg, sinfo.ack_signal, sinfo.avg_ack_signal);
351
		sbuf_printf(s, " generation %d assoc_req_ies_len %zu chains %#04x\n",
352
		    sinfo.generation, sinfo.assoc_req_ies_len, sinfo.chains);
353

354
		for (int i = 0; i < nitems(sinfo.chain_signal) && i < IEEE80211_MAX_CHAINS; i++) {
355
			if (!(sinfo.chains & BIT(i)))
356
				continue;
357
			sbuf_printf(s, "  chain[%d] signal %d signal_avg %d\n",
358
			    i, (int8_t)sinfo.chain_signal[i], (int8_t)sinfo.chain_signal_avg[i]);
359
		}
360

361
		/* assoc_req_ies, bss_param, sta_flags */
362

363
		sbuf_printf(s, " rxrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
364
		    sinfo.rxrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
365
		    sinfo.rxrate.bw, lkpi_rate_info_bw_to_str(sinfo.rxrate.bw),
366
		    sinfo.rxrate.legacy * 100,
367
		    sinfo.rxrate.mcs, sinfo.rxrate.nss);
368
		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
369
		    sinfo.rxrate.he_dcm, sinfo.rxrate.he_gi, sinfo.rxrate.he_ru_alloc,
370
		    sinfo.rxrate.eht_gi);
371
		sbuf_printf(s, " txrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
372
		    sinfo.txrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
373
		    sinfo.txrate.bw, lkpi_rate_info_bw_to_str(sinfo.txrate.bw),
374
		    sinfo.txrate.legacy * 100,
375
		    sinfo.txrate.mcs, sinfo.txrate.nss);
376
		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
377
		    sinfo.txrate.he_dcm, sinfo.txrate.he_gi, sinfo.txrate.he_ru_alloc,
378
		    sinfo.txrate.eht_gi);
379
	}
380
	wiphy_unlock(hw->wiphy);
381
}
382

383
static int
384
lkpi_80211_dump_stas(SYSCTL_HANDLER_ARGS)
385
{
386
	struct lkpi_vif *lvif;
387
	struct sbuf s;
388

389
	if (req->newptr)
390
		return (EPERM);
391

392
	lvif = (struct lkpi_vif *)arg1;
393

394
	sbuf_new_for_sysctl(&s, NULL, 1024, req);
395

396
	lkpi_80211_dump_lvif_stas(lvif, &s);
397

398
	sbuf_finish(&s);
399
	sbuf_delete(&s);
400

401
	return (0);
402
}
403

404
static enum ieee80211_sta_rx_bandwidth
405
lkpi_cw_to_rx_bw(enum nl80211_chan_width cw)
406
{
407
	switch (cw) {
408
	case NL80211_CHAN_WIDTH_320:
409
		return (IEEE80211_STA_RX_BW_320);
410
	case NL80211_CHAN_WIDTH_160:
411
	case NL80211_CHAN_WIDTH_80P80:
412
		return (IEEE80211_STA_RX_BW_160);
413
	case NL80211_CHAN_WIDTH_80:
414
		return (IEEE80211_STA_RX_BW_80);
415
	case NL80211_CHAN_WIDTH_40:
416
		return (IEEE80211_STA_RX_BW_40);
417
	case NL80211_CHAN_WIDTH_20:
418
	case NL80211_CHAN_WIDTH_20_NOHT:
419
		return (IEEE80211_STA_RX_BW_20);
420
	case NL80211_CHAN_WIDTH_5:
421
	case NL80211_CHAN_WIDTH_10:
422
		/* Unsupported input. */
423
		return (IEEE80211_STA_RX_BW_20);
424
	}
425
}
426

427
static enum nl80211_chan_width
428
lkpi_rx_bw_to_cw(enum ieee80211_sta_rx_bandwidth rx_bw)
429
{
430
	switch (rx_bw) {
431
	case IEEE80211_STA_RX_BW_20:
432
		return (NL80211_CHAN_WIDTH_20);	/* _NOHT */
433
	case IEEE80211_STA_RX_BW_40:
434
		return (NL80211_CHAN_WIDTH_40);
435
	case IEEE80211_STA_RX_BW_80:
436
		return (NL80211_CHAN_WIDTH_80);
437
	case IEEE80211_STA_RX_BW_160:
438
		return (NL80211_CHAN_WIDTH_160); /* 80P80 */
439
	case IEEE80211_STA_RX_BW_320:
440
		return (NL80211_CHAN_WIDTH_320);
441
	}
442
}
443

444
static void
445
lkpi_sync_chanctx_cw_from_rx_bw(struct ieee80211_hw *hw,
446
    struct ieee80211_vif *vif, struct ieee80211_sta *sta)
447
{
448
	struct ieee80211_chanctx_conf *chanctx_conf;
449
	enum ieee80211_sta_rx_bandwidth old_bw;
450
	uint32_t changed;
451

452
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
453
	    lockdep_is_held(&hw->wiphy->mtx));
454
	if (chanctx_conf == NULL)
455
		return;
456

457
	old_bw = lkpi_cw_to_rx_bw(chanctx_conf->def.width);
458
	if (old_bw == sta->deflink.bandwidth)
459
		return;
460

461
	chanctx_conf->def.width = lkpi_rx_bw_to_cw(sta->deflink.bandwidth);
462
	if (chanctx_conf->def.width == NL80211_CHAN_WIDTH_20 &&
463
	    !sta->deflink.ht_cap.ht_supported)
464
		chanctx_conf->def.width = NL80211_CHAN_WIDTH_20_NOHT;
465

466
	chanctx_conf->min_def = chanctx_conf->def;
467

468
	vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
469

470
	changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
471
	changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
472
	lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
473
}
474

475
#if defined(LKPI_80211_HT)
476
static void
477
lkpi_sta_sync_ht_from_ni(struct ieee80211_vif *vif, struct ieee80211_sta *sta,
478
    struct ieee80211_node *ni)
479
{
480
	struct ieee80211vap *vap;
481
	uint8_t *ie;
482
	struct ieee80211_ht_cap *htcap;
483
	int i, rx_nss;
484

485
	if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) {
486
		sta->deflink.ht_cap.ht_supported = false;
487
		return;
488
	}
489

490
	sta->deflink.ht_cap.ht_supported = true;
491

492
	/* htcap->ampdu_params_info */
493
	vap = ni->ni_vap;
494
	sta->deflink.ht_cap.ampdu_density = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MPDUDENSITY);
495
	if (sta->deflink.ht_cap.ampdu_density > vap->iv_ampdu_density)
496
		sta->deflink.ht_cap.ampdu_density = vap->iv_ampdu_density;
497
	sta->deflink.ht_cap.ampdu_factor = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MAXRXAMPDU);
498
	if (sta->deflink.ht_cap.ampdu_factor > vap->iv_ampdu_rxmax)
499
		sta->deflink.ht_cap.ampdu_factor = vap->iv_ampdu_rxmax;
500

501
	ie = ni->ni_ies.htcap_ie;
502
	KASSERT(ie != NULL, ("%s: HT but no htcap_ie on ni %p\n", __func__, ni));
503
	if (ie[0] == IEEE80211_ELEMID_VENDOR)
504
		ie += 4;
505
	ie += 2;
506
	htcap = (struct ieee80211_ht_cap *)ie;
507
	sta->deflink.ht_cap.cap = htcap->cap_info;
508
	sta->deflink.ht_cap.mcs = htcap->mcs;
509

510
	/*
511
	 * 802.11n-2009 20.6 Parameters for HT MCSs gives the mandatory/
512
	 * optional MCS for Nss=1..4.  We need to check the first four
513
	 * MCS sets from the Rx MCS Bitmask; then there is MCS 32 and
514
	 * MCS33.. is UEQM.
515
	 */
516
	rx_nss = 0;
517
	for (i = 0; i < 4; i++) {
518
		if (htcap->mcs.rx_mask[i] != 0)
519
			rx_nss++;
520
	}
521
	if (rx_nss > 0) {
522
		sta->deflink.rx_nss = rx_nss;
523
	} else {
524
		sta->deflink.ht_cap.ht_supported = false;
525
		return;
526
	}
527

528
	if ((sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) != 0 &&
529
	    IEEE80211_IS_CHAN_HT40(ni->ni_chan))
530
		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_40;
531
	else
532
		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
533

534
	IMPROVE("sta->wme");
535

536
	if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_MAX_AMSDU)
537
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_7935;
538
	else
539
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_3839;
540
	sta->deflink.agg.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
541
#ifdef __handled_by_driver__	/* iwlwifi only? actually unused? */
542
	for (i = 0; i < nitems(sta.deflink.agg.max_tid_amsdu_len); i++) {
543
		sta->deflink.agg.max_tid_amsdu_len[j] = ;
544
	}
545
#endif
546
}
547
#endif
548

549
#if defined(LKPI_80211_VHT)
550
static void
551
lkpi_sta_sync_vht_from_ni(struct ieee80211_vif *vif, struct ieee80211_sta *sta,
552
    struct ieee80211_node *ni)
553
{
554
	enum ieee80211_sta_rx_bandwidth bw;
555
	uint32_t width;
556
	int rx_nss;
557
	uint16_t rx_mcs_map;
558
	uint8_t mcs;
559

560
	if ((ni->ni_flags & IEEE80211_NODE_VHT) == 0 ||
561
	    !IEEE80211_IS_CHAN_VHT_5GHZ(ni->ni_chan)) {
562
		sta->deflink.vht_cap.vht_supported = false;
563
		return;
564
	}
565

566
	sta->deflink.vht_cap.vht_supported = true;
567

568
	sta->deflink.vht_cap.cap = ni->ni_vhtcap;
569
	sta->deflink.vht_cap.vht_mcs = ni->ni_vht_mcsinfo;
570

571
	/*
572
	 * If VHT20/40 are selected do not update the bandwidth
573
	 * from HT but stya on VHT.
574
	 */
575
	if (ni->ni_vht_chanwidth == IEEE80211_VHT_CHANWIDTH_USE_HT)
576
		goto skip_bw;
577

578
	bw = sta->deflink.bandwidth;
579
	width = (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK);
580
	switch (width) {
581
	/* Deprecated. */
582
	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
583
	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
584
		bw = IEEE80211_STA_RX_BW_160;
585
		break;
586
	default:
587
		/* Check if we do support 160Mhz somehow after all. */
588
		if ((sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_EXT_NSS_BW_MASK) != 0)
589
			bw = IEEE80211_STA_RX_BW_160;
590
		else
591
			bw = IEEE80211_STA_RX_BW_80;
592
	}
593
	/*
594
	 * While we can set what is possibly supported we also need to be
595
	 * on a channel which supports that bandwidth; e.g., we can support
596
	 * VHT160 but the AP only does VHT80.
597
	 * Further ni_chan will also have filtered out what we disabled
598
	 * by configuration.
599
	 * Once net80211 channel selection is fixed for 802.11-2020 and
600
	 * VHT160 we can possibly spare ourselves the above.
601
	 */
602
	if (bw == IEEE80211_STA_RX_BW_160 &&
603
	    !IEEE80211_IS_CHAN_VHT160(ni->ni_chan) &&
604
	    !IEEE80211_IS_CHAN_VHT80P80(ni->ni_chan))
605
		bw = IEEE80211_STA_RX_BW_80;
606
	if (bw == IEEE80211_STA_RX_BW_80 &&
607
	    !IEEE80211_IS_CHAN_VHT80(ni->ni_chan))
608
		bw = sta->deflink.bandwidth;
609
	sta->deflink.bandwidth = bw;
610
skip_bw:
611

612
	rx_nss = 0;
613
	rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
614
	for (int i = 7; i >= 0; i--) {
615
		mcs = rx_mcs_map >> (2 * i);
616
		mcs &= 0x3;
617
		if (mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
618
			rx_nss = i + 1;
619
			break;
620
		}
621
	}
622
	if (rx_nss > 0)
623
		sta->deflink.rx_nss = rx_nss;
624

625
	switch (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MAX_MPDU_MASK) {
626
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454:
627
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_11454;
628
		break;
629
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991:
630
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_7991;
631
		break;
632
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895:
633
	default:
634
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_3895;
635
		break;
636
	}
637
}
638
#endif
639

640
static void
641
lkpi_sta_sync_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
642
    struct ieee80211_sta *sta, struct ieee80211_node *ni, bool updchnctx)
643
{
644

645
#if defined(LKPI_80211_HT)
646
	lkpi_sta_sync_ht_from_ni(vif, sta, ni);
647
#endif
648
#if defined(LKPI_80211_VHT)
649
	lkpi_sta_sync_vht_from_ni(vif, sta, ni);
650
#endif
651

652
	/*
653
	 * Ensure rx_nss is at least 1 as otherwise drivers run into
654
	 * unexpected problems.
655
	 */
656
	sta->deflink.rx_nss = MAX(1, sta->deflink.rx_nss);
657

658
	/*
659
	 * We are also called from node allocation which net80211
660
	 * can do even on `ifconfig down`; in that case the chanctx
661
	 * may still be valid and we get a discrepancy between
662
	 * sta and chanctx.  Thus do not try to update the chanctx
663
	 * when called from lkpi_lsta_alloc().
664
	 */
665
	if (updchnctx)
666
		lkpi_sync_chanctx_cw_from_rx_bw(hw, vif, sta);
667
}
668

669
static uint8_t
670
lkpi_get_max_rx_chains(struct ieee80211_node *ni)
671
{
672
	uint8_t chains;
673
#if defined(LKPI_80211_HT) || defined(LKPI_80211_VHT)
674
	struct lkpi_sta *lsta;
675
	struct ieee80211_sta *sta;
676

677
	lsta = ni->ni_drv_data;
678
	sta = LSTA_TO_STA(lsta);
679
#endif
680

681
	chains = 1;
682
#if defined(LKPI_80211_HT)
683
	IMPROVE("We should factor counting MCS/NSS out for sync and here");
684
	if (sta->deflink.ht_cap.ht_supported)
685
		chains = MAX(chains, sta->deflink.rx_nss);
686
#endif
687

688
#if defined(LKPI_80211_VHT)
689
	if (sta->deflink.vht_cap.vht_supported)
690
		chains = MAX(chains, sta->deflink.rx_nss);
691
#endif
692

693
	return (chains);
694
}
695

696
static void
697
lkpi_lsta_dump(struct lkpi_sta *lsta, struct ieee80211_node *ni,
698
    const char *_f, int _l)
699
{
700

701
#ifdef LINUXKPI_DEBUG_80211
702
	if ((linuxkpi_debug_80211 & D80211_TRACE_STA) == 0)
703
		return;
704
	if (lsta == NULL)
705
		return;
706

707
	printf("%s:%d lsta %p ni %p sta %p\n",
708
	    _f, _l, lsta, ni, &lsta->sta);
709
	if (ni != NULL)
710
		ieee80211_dump_node(NULL, ni);
711
	printf("\ttxq_task txq len %d mtx\n", mbufq_len(&lsta->txq));
712
	printf("\tkc %p state %d added_to_drv %d in_mgd %d\n",
713
		&lsta->kc[0], lsta->state, lsta->added_to_drv, lsta->in_mgd);
714
#endif
715
}
716

717
static void
718
lkpi_lsta_remove(struct lkpi_sta *lsta, struct lkpi_vif *lvif)
719
{
720

721
	lockdep_assert_wiphy(lsta->hw->wiphy);
722

723
	KASSERT(!list_empty(&lsta->lsta_list),
724
	    ("%s: lsta %p ni %p\n", __func__, lsta, lsta->ni));
725
	list_del_init(&lsta->lsta_list);
726
}
727

728
static struct lkpi_sta *
729
lkpi_lsta_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN],
730
    struct ieee80211_hw *hw, struct ieee80211_node *ni)
731
{
732
	struct lkpi_sta *lsta;
733
	struct lkpi_vif *lvif;
734
	struct ieee80211_vif *vif;
735
	struct ieee80211_sta *sta;
736
	int band, i, tid;
737

738
	lsta = malloc(sizeof(*lsta) + hw->sta_data_size, M_LKPI80211,
739
	    M_NOWAIT | M_ZERO);
740
	if (lsta == NULL)
741
		return (NULL);
742

743
	lsta->hw = hw;
744
	lsta->added_to_drv = false;
745
	lsta->state = IEEE80211_STA_NOTEXIST;
746
	/*
747
	 * Link the ni to the lsta here without taking a reference.
748
	 * For one we would have to take the reference in node_init()
749
	 * as ieee80211_alloc_node() will initialise the refcount after us.
750
	 * For the other a ni and an lsta are 1:1 mapped and always together
751
	 * from [ic_]node_alloc() to [ic_]node_free() so we are essentally
752
	 * using the ni references for the lsta as well despite it being
753
	 * two separate allocations.
754
	 */
755
	lsta->ni = ni;
756
	/* The back-pointer "drv_data" to net80211_node let's us get lsta. */
757
	ni->ni_drv_data = lsta;
758

759
	lvif = VAP_TO_LVIF(vap);
760
	vif = LVIF_TO_VIF(lvif);
761
	sta = LSTA_TO_STA(lsta);
762

763
	IEEE80211_ADDR_COPY(sta->addr, mac);
764

765
	/* TXQ */
766
	for (tid = 0; tid < nitems(sta->txq); tid++) {
767
		struct lkpi_txq *ltxq;
768

769
		/* We are not limiting ourselves to hw.queues here. */
770
		ltxq = malloc(sizeof(*ltxq) + hw->txq_data_size,
771
		    M_LKPI80211, M_NOWAIT | M_ZERO);
772
		if (ltxq == NULL)
773
			goto cleanup;
774
		/* iwlwifi//mvm/sta.c::tid_to_mac80211_ac[] */
775
		if (tid == IEEE80211_NUM_TIDS) {
776
			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ)) {
777
				free(ltxq, M_LKPI80211);
778
				continue;
779
			}
780
			IMPROVE("AP/if we support non-STA here too");
781
			ltxq->txq.ac = IEEE80211_AC_VO;
782
		} else {
783
			ltxq->txq.ac = ieee80211e_up_to_ac[tid & 7];
784
		}
785
		ltxq->seen_dequeue = false;
786
		ltxq->stopped = false;
787
		ltxq->txq.vif = vif;
788
		ltxq->txq.tid = tid;
789
		ltxq->txq.sta = sta;
790
		TAILQ_ELEM_INIT(ltxq, txq_entry);
791
		skb_queue_head_init(&ltxq->skbq);
792
		LKPI_80211_LTXQ_LOCK_INIT(ltxq);
793
		sta->txq[tid] = &ltxq->txq;
794
	}
795

796
	/* Deflink information. */
797
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
798
		struct ieee80211_supported_band *supband;
799

800
		supband = hw->wiphy->bands[band];
801
		if (supband == NULL)
802
			continue;
803

804
		for (i = 0; i < supband->n_bitrates; i++) {
805
			switch (band) {
806
			case NL80211_BAND_2GHZ:
807
				switch (supband->bitrates[i].bitrate) {
808
				case 240:	/* 11g only */
809
				case 120:	/* 11g only */
810
				case 110:
811
				case 60:	/* 11g only */
812
				case 55:
813
				case 20:
814
				case 10:
815
					sta->deflink.supp_rates[band] |= BIT(i);
816
					break;
817
				}
818
				break;
819
			case NL80211_BAND_5GHZ:
820
				switch (supband->bitrates[i].bitrate) {
821
				case 240:
822
				case 120:
823
				case 60:
824
					sta->deflink.supp_rates[band] |= BIT(i);
825
					break;
826
				}
827
				break;
828
			}
829
		}
830
	}
831

832
	sta->deflink.smps_mode = IEEE80211_SMPS_OFF;
833
	sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
834
	sta->deflink.rx_nss = 1;
835

836
	lkpi_sta_sync_from_ni(hw, vif, sta, ni, false);
837

838
	IMPROVE("he, eht, bw_320, ... smps_mode, ..");
839

840
	/* Link configuration. */
841
	IEEE80211_ADDR_COPY(sta->deflink.addr, sta->addr);
842
	sta->link[0] = &sta->deflink;
843
	for (i = 1; i < nitems(sta->link); i++) {
844
		IMPROVE("more links; only link[0] = deflink currently.");
845
	}
846
	IMPROVE("11be");
847
	sta->mlo = false;
848

849
	/* Deferred TX path. */
850
	LKPI_80211_LSTA_TXQ_LOCK_INIT(lsta);
851
	TASK_INIT(&lsta->txq_task, 0, lkpi_80211_txq_task, lsta);
852
	mbufq_init(&lsta->txq, 32 * NAPI_POLL_WEIGHT);
853
	lsta->txq_ready = true;
854

855
	return (lsta);
856

857
cleanup:
858
	for (; tid >= 0; tid--) {
859
		struct lkpi_txq *ltxq;
860

861
		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
862
		LKPI_80211_LTXQ_LOCK_DESTROY(ltxq);
863
		free(sta->txq[tid], M_LKPI80211);
864
	}
865
	free(lsta, M_LKPI80211);
866
	return (NULL);
867
}
868

869
static void
870
lkpi_lsta_free(struct lkpi_sta *lsta, struct ieee80211_node *ni)
871
{
872
	struct mbuf *m;
873

874
	if (lsta->added_to_drv)
875
		panic("%s: Trying to free an lsta still known to firmware: "
876
		    "lsta %p ni %p added_to_drv %d\n",
877
		    __func__, lsta, ni, lsta->added_to_drv);
878

879
	/* XXX-BZ free resources, ... */
880
	IMPROVE();
881

882
	/* Drain sta->txq[] */
883

884
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
885
	lsta->txq_ready = false;
886
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
887

888
	/* Drain taskq, won't be restarted until added_to_drv is set again. */
889
	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
890
		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
891

892
	/* Flush mbufq (make sure to release ni refs!). */
893
	m = mbufq_dequeue(&lsta->txq);
894
	while (m != NULL) {
895
		struct ieee80211_node *nim;
896

897
		nim = (struct ieee80211_node *)m->m_pkthdr.rcvif;
898
		if (nim != NULL)
899
			ieee80211_free_node(nim);
900
		m_freem(m);
901
		m = mbufq_dequeue(&lsta->txq);
902
	}
903
	KASSERT(mbufq_empty(&lsta->txq), ("%s: lsta %p has txq len %d != 0\n",
904
	    __func__, lsta, mbufq_len(&lsta->txq)));
905
	LKPI_80211_LSTA_TXQ_LOCK_DESTROY(lsta);
906

907
	/* Remove lsta from vif; that is done by the state machine.  Should assert it? */
908

909
	IMPROVE("Make sure everything is cleaned up.");
910

911
	/* Free lsta. */
912
	lsta->ni = NULL;
913
	ni->ni_drv_data = NULL;
914
	free(lsta, M_LKPI80211);
915
}
916

917

918
static enum nl80211_band
919
lkpi_net80211_chan_to_nl80211_band(struct ieee80211_channel *c)
920
{
921

922
	if (IEEE80211_IS_CHAN_2GHZ(c))
923
		return (NL80211_BAND_2GHZ);
924
	else if (IEEE80211_IS_CHAN_5GHZ(c))
925
		return (NL80211_BAND_5GHZ);
926
#ifdef __notyet__
927
	else if ()
928
		return (NL80211_BAND_6GHZ);
929
	else if ()
930
		return (NL80211_BAND_60GHZ);
931
	else if (IEEE80211_IS_CHAN_GSM(c))
932
		return (NL80211_BAND_XXX);
933
#endif
934
	else
935
		panic("%s: unsupported band. c %p flags %#x\n",
936
		    __func__, c, c->ic_flags);
937
}
938

939
static uint32_t
940
lkpi_nl80211_band_to_net80211_band(enum nl80211_band band)
941
{
942

943
	/* XXX-BZ this is just silly; net80211 is too convoluted. */
944
	/* IEEE80211_CHAN_A / _G / .. doesn't really work either. */
945
	switch (band) {
946
	case NL80211_BAND_2GHZ:
947
		return (IEEE80211_CHAN_2GHZ);
948
		break;
949
	case NL80211_BAND_5GHZ:
950
		return (IEEE80211_CHAN_5GHZ);
951
		break;
952
	case NL80211_BAND_60GHZ:
953
		break;
954
	case NL80211_BAND_6GHZ:
955
		break;
956
	default:
957
		panic("%s: unsupported band %u\n", __func__, band);
958
		break;
959
	}
960

961
	IMPROVE();
962
	return (0x00);
963
}
964

965
#ifdef LINUXKPI_DEBUG_80211
966
static const char *
967
lkpi_nl80211_band_name(enum nl80211_band band)
968
{
969
	switch (band) {
970
	case NL80211_BAND_2GHZ:
971
		return "2Ghz";
972
		break;
973
	case NL80211_BAND_5GHZ:
974
		return "5Ghz";
975
		break;
976
	case NL80211_BAND_60GHZ:
977
		return "60Ghz";
978
		break;
979
	case NL80211_BAND_6GHZ:
980
		return "6Ghz";
981
		break;
982
	default:
983
		panic("%s: unsupported band %u\n", __func__, band);
984
		break;
985
	}
986
}
987
#endif
988

989
#if 0
990
static enum ieee80211_ac_numbers
991
lkpi_ac_net_to_l80211(int ac)
992
{
993

994
	switch (ac) {
995
	case WME_AC_VO:
996
		return (IEEE80211_AC_VO);
997
	case WME_AC_VI:
998
		return (IEEE80211_AC_VI);
999
	case WME_AC_BE:
1000
		return (IEEE80211_AC_BE);
1001
	case WME_AC_BK:
1002
		return (IEEE80211_AC_BK);
1003
	default:
1004
		printf("%s: invalid WME_AC_* input: ac = %d\n", __func__, ac);
1005
		return (IEEE80211_AC_BE);
1006
	}
1007
}
1008
#endif
1009

1010
static enum nl80211_iftype
1011
lkpi_opmode_to_vif_type(enum ieee80211_opmode opmode)
1012
{
1013

1014
	switch (opmode) {
1015
	case IEEE80211_M_IBSS:
1016
		return (NL80211_IFTYPE_ADHOC);
1017
		break;
1018
	case IEEE80211_M_STA:
1019
		return (NL80211_IFTYPE_STATION);
1020
		break;
1021
	case IEEE80211_M_WDS:
1022
		return (NL80211_IFTYPE_WDS);
1023
		break;
1024
	case IEEE80211_M_HOSTAP:
1025
		return (NL80211_IFTYPE_AP);
1026
		break;
1027
	case IEEE80211_M_MONITOR:
1028
		return (NL80211_IFTYPE_MONITOR);
1029
		break;
1030
	case IEEE80211_M_MBSS:
1031
		return (NL80211_IFTYPE_MESH_POINT);
1032
		break;
1033
	case IEEE80211_M_AHDEMO:
1034
		/* FALLTHROUGH */
1035
	default:
1036
		printf("ERROR: %s: unsupported opmode %d\n", __func__, opmode);
1037
		/* FALLTHROUGH */
1038
	}
1039
	return (NL80211_IFTYPE_UNSPECIFIED);
1040
}
1041

1042
#ifdef LKPI_80211_HW_CRYPTO
1043
static const char *
1044
lkpi_cipher_suite_to_name(uint32_t wlan_cipher_suite)
1045
{
1046
	switch (wlan_cipher_suite) {
1047
	case WLAN_CIPHER_SUITE_WEP40:
1048
		return ("WEP40");
1049
	case WLAN_CIPHER_SUITE_WEP104:
1050
		return ("WEP104");
1051
	case WLAN_CIPHER_SUITE_TKIP:
1052
		return ("TKIP");
1053
	case WLAN_CIPHER_SUITE_CCMP:
1054
		return ("CCMP");
1055
	case WLAN_CIPHER_SUITE_CCMP_256:
1056
		return ("CCMP_256");
1057
	case WLAN_CIPHER_SUITE_GCMP:
1058
		return ("GCMP");
1059
	case WLAN_CIPHER_SUITE_GCMP_256:
1060
		return ("GCMP_256");
1061
	case WLAN_CIPHER_SUITE_AES_CMAC:
1062
		return ("AES_CMAC");
1063
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1064
		return ("BIP_CMAC_256");
1065
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1066
		return ("BIP_GMAC_128");
1067
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1068
		return ("BIP_GMAC_256");
1069
	default:
1070
		return ("??");
1071
	}
1072
}
1073

1074
static uint32_t
1075
lkpi_l80211_to_net80211_cyphers(struct ieee80211com *ic,
1076
    uint32_t wlan_cipher_suite)
1077
{
1078
	switch (wlan_cipher_suite) {
1079
	case WLAN_CIPHER_SUITE_WEP40:
1080
		return (IEEE80211_CRYPTO_WEP);
1081
	case WLAN_CIPHER_SUITE_WEP104:
1082
		return (IEEE80211_CRYPTO_WEP);
1083
	case WLAN_CIPHER_SUITE_TKIP:
1084
		return (IEEE80211_CRYPTO_TKIP);
1085
	case WLAN_CIPHER_SUITE_CCMP:
1086
		return (IEEE80211_CRYPTO_AES_CCM);
1087
	case WLAN_CIPHER_SUITE_CCMP_256:
1088
		return (IEEE80211_CRYPTO_AES_CCM_256);
1089
	case WLAN_CIPHER_SUITE_GCMP:
1090
		return (IEEE80211_CRYPTO_AES_GCM_128);
1091
	case WLAN_CIPHER_SUITE_GCMP_256:
1092
		return (IEEE80211_CRYPTO_AES_GCM_256);
1093
	case WLAN_CIPHER_SUITE_AES_CMAC:
1094
		return (IEEE80211_CRYPTO_BIP_CMAC_128);
1095
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1096
		return (IEEE80211_CRYPTO_BIP_CMAC_256);
1097
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1098
		return (IEEE80211_CRYPTO_BIP_GMAC_128);
1099
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1100
		return (IEEE80211_CRYPTO_BIP_GMAC_256);
1101
	default:
1102
		ic_printf(ic, "%s: unknown WLAN Cipher Suite %#08x | %u (%s)\n",
1103
		    __func__,
1104
		    wlan_cipher_suite >> 8, wlan_cipher_suite & 0xff,
1105
		    lkpi_cipher_suite_to_name(wlan_cipher_suite));
1106
		return (0);
1107
	}
1108
}
1109

1110
static uint32_t
1111
lkpi_net80211_to_l80211_cipher_suite(uint32_t cipher, uint8_t keylen)
1112
{
1113

1114
	switch (cipher) {
1115
	case IEEE80211_CIPHER_WEP:
1116
		if (keylen == (40/NBBY))
1117
			return (WLAN_CIPHER_SUITE_WEP40);
1118
		else if (keylen == (104/NBBY))
1119
			return (WLAN_CIPHER_SUITE_WEP104);
1120
		else {
1121
			printf("%s: WEP with unsupported keylen %d\n",
1122
			    __func__, keylen * NBBY);
1123
			return (0);
1124
		}
1125
		break;
1126
	case IEEE80211_CIPHER_TKIP:
1127
		return (WLAN_CIPHER_SUITE_TKIP);
1128
	case IEEE80211_CIPHER_AES_CCM:
1129
		return (WLAN_CIPHER_SUITE_CCMP);
1130
	case IEEE80211_CIPHER_AES_CCM_256:
1131
		return (WLAN_CIPHER_SUITE_CCMP_256);
1132
	case IEEE80211_CIPHER_AES_GCM_128:
1133
		return (WLAN_CIPHER_SUITE_GCMP);
1134
	case IEEE80211_CIPHER_AES_GCM_256:
1135
		return (WLAN_CIPHER_SUITE_GCMP_256);
1136
	case IEEE80211_CIPHER_BIP_CMAC_128:
1137
		return (WLAN_CIPHER_SUITE_AES_CMAC);
1138
	case IEEE80211_CIPHER_BIP_CMAC_256:
1139
		return (WLAN_CIPHER_SUITE_BIP_CMAC_256);
1140
	case IEEE80211_CIPHER_BIP_GMAC_128:
1141
		return (WLAN_CIPHER_SUITE_BIP_GMAC_128);
1142
	case IEEE80211_CIPHER_BIP_GMAC_256:
1143
		return (WLAN_CIPHER_SUITE_BIP_GMAC_256);
1144

1145
	case IEEE80211_CIPHER_AES_OCB:
1146
	case IEEE80211_CIPHER_TKIPMIC:
1147
		/*
1148
		 * TKIP w/ hw MIC support
1149
		 * (gone wrong; should really be a crypto flag in net80211).
1150
		 */
1151
	case IEEE80211_CIPHER_CKIP:
1152
	case IEEE80211_CIPHER_NONE:
1153
		printf("%s: unsupported cipher %#010x\n", __func__, cipher);
1154
		break;
1155
	default:
1156
		printf("%s: unknown cipher %#010x\n", __func__, cipher);
1157
	};
1158
	return (0);
1159
}
1160
#endif
1161

1162
#ifdef __notyet__
1163
static enum ieee80211_sta_state
1164
lkpi_net80211_state_to_sta_state(enum ieee80211_state state)
1165
{
1166

1167
	/*
1168
	 * XXX-BZ The net80211 states are "try to ..", the lkpi8011 states are
1169
	 * "done".  Also ASSOC/AUTHORIZED are both "RUN" then?
1170
	 */
1171
	switch (state) {
1172
	case IEEE80211_S_INIT:
1173
		return (IEEE80211_STA_NOTEXIST);
1174
	case IEEE80211_S_SCAN:
1175
		return (IEEE80211_STA_NONE);
1176
	case IEEE80211_S_AUTH:
1177
		return (IEEE80211_STA_AUTH);
1178
	case IEEE80211_S_ASSOC:
1179
		return (IEEE80211_STA_ASSOC);
1180
	case IEEE80211_S_RUN:
1181
		return (IEEE80211_STA_AUTHORIZED);
1182
	case IEEE80211_S_CAC:
1183
	case IEEE80211_S_CSA:
1184
	case IEEE80211_S_SLEEP:
1185
	default:
1186
		UNIMPLEMENTED;
1187
	};
1188

1189
	return (IEEE80211_STA_NOTEXIST);
1190
}
1191
#endif
1192

1193
static struct linuxkpi_ieee80211_channel *
1194
lkpi_find_lkpi80211_chan(struct lkpi_hw *lhw,
1195
    struct ieee80211_channel *c)
1196
{
1197
	struct ieee80211_hw *hw;
1198
	struct linuxkpi_ieee80211_channel *channels;
1199
	enum nl80211_band band;
1200
	int i, nchans;
1201

1202
	hw = LHW_TO_HW(lhw);
1203
	band = lkpi_net80211_chan_to_nl80211_band(c);
1204
	if (hw->wiphy->bands[band] == NULL)
1205
		return (NULL);
1206

1207
	nchans = hw->wiphy->bands[band]->n_channels;
1208
	if (nchans <= 0)
1209
		return (NULL);
1210

1211
	channels = hw->wiphy->bands[band]->channels;
1212
	for (i = 0; i < nchans; i++) {
1213
		if (channels[i].center_freq == c->ic_freq)
1214
			return (&channels[i]);
1215
	}
1216

1217
	return (NULL);
1218
}
1219

1220
#if 0
1221
static struct linuxkpi_ieee80211_channel *
1222
lkpi_get_lkpi80211_chan(struct ieee80211com *ic, struct ieee80211_node *ni)
1223
{
1224
	struct linuxkpi_ieee80211_channel *chan;
1225
	struct ieee80211_channel *c;
1226
	struct lkpi_hw *lhw;
1227

1228
	chan = NULL;
1229
	if (ni != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC)
1230
		c = ni->ni_chan;
1231
	else if (ic->ic_bsschan != IEEE80211_CHAN_ANYC)
1232
		c = ic->ic_bsschan;
1233
	else if (ic->ic_curchan != IEEE80211_CHAN_ANYC)
1234
		c = ic->ic_curchan;
1235
	else
1236
		c = NULL;
1237

1238
	if (c != NULL && c != IEEE80211_CHAN_ANYC) {
1239
		lhw = ic->ic_softc;
1240
		chan = lkpi_find_lkpi80211_chan(lhw, c);
1241
	}
1242

1243
	return (chan);
1244
}
1245
#endif
1246

1247
struct linuxkpi_ieee80211_channel *
1248
linuxkpi_ieee80211_get_channel(struct wiphy *wiphy, uint32_t freq)
1249
{
1250
	enum nl80211_band band;
1251

1252
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
1253
		struct ieee80211_supported_band *supband;
1254
		struct linuxkpi_ieee80211_channel *channels;
1255
		int i;
1256

1257
		supband = wiphy->bands[band];
1258
		if (supband == NULL || supband->n_channels == 0)
1259
			continue;
1260

1261
		channels = supband->channels;
1262
		for (i = 0; i < supband->n_channels; i++) {
1263
			if (channels[i].center_freq == freq)
1264
				return (&channels[i]);
1265
		}
1266
	}
1267

1268
	return (NULL);
1269
}
1270

1271
#ifdef LKPI_80211_HW_CRYPTO
1272
static int
1273
lkpi_sta_del_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1274
    struct lkpi_sta *lsta)
1275
{
1276
	int error;
1277

1278
	if (!lkpi_hwcrypto)
1279
		return (0);
1280

1281
	lockdep_assert_wiphy(hw->wiphy);
1282
	ieee80211_ref_node(lsta->ni);
1283

1284
	error = 0;
1285
	for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc); keyix++) {
1286
		struct ieee80211_key_conf *kc;
1287
		int err;
1288

1289
		if (lsta->kc[keyix] == NULL)
1290
			continue;
1291
		kc = lsta->kc[keyix];
1292

1293
#ifdef LINUXKPI_DEBUG_80211
1294
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1295
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: running set_key cmd %d(%s) for "
1296
			    "sta %6D: keyidx %u hw_key_idx %u flags %b\n",
1297
			    curthread->td_tid, jiffies, __func__,
1298
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1299
			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1300
#endif
1301

1302
		err = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif,
1303
		    LSTA_TO_STA(lsta), kc);
1304
		if (err != 0) {
1305
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1306
			    "sta %6D failed: %d\n", curthread->td_tid, jiffies, __func__,
1307
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":", err);
1308
			error++;
1309

1310
			/*
1311
			 * If we free the key here we will never be able to get it
1312
			 * removed from the driver/fw which will likely make us
1313
			 * crash (firmware).
1314
			 */
1315
			continue;
1316
		}
1317
#ifdef LINUXKPI_DEBUG_80211
1318
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1319
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1320
			    "sta %6D succeeded: keyidx %u hw_key_idx %u flags %b\n",
1321
			    curthread->td_tid, jiffies, __func__,
1322
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1323
			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1324
#endif
1325

1326
		lsta->kc[keyix] = NULL;
1327
		free(kc, M_LKPI80211);
1328
	}
1329
	ieee80211_free_node(lsta->ni);
1330
	return (error);
1331
}
1332

1333
/* XXX-BZ one day we should replace this iterating over VIFs, or node list? */
1334
/* See also lkpi_sta_del_keys() these days. */
1335
static int
1336
lkpi_iv_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
1337
{
1338
	struct ieee80211com *ic;
1339
	struct lkpi_hw *lhw;
1340
	struct ieee80211_hw *hw;
1341
	struct lkpi_vif *lvif;
1342
	struct lkpi_sta *lsta;
1343
	struct ieee80211_vif *vif;
1344
	struct ieee80211_sta *sta;
1345
	struct ieee80211_node *ni;
1346
	struct ieee80211_key_conf *kc;
1347
	int error;
1348

1349
	ic = vap->iv_ic;
1350
	lhw = ic->ic_softc;
1351
	hw = LHW_TO_HW(lhw);
1352
	lvif = VAP_TO_LVIF(vap);
1353
	vif = LVIF_TO_VIF(lvif);
1354

1355
	/*
1356
	 * Make sure we do not make it here without going through
1357
	 * lkpi_iv_key_update_begin() first.
1358
	 */
1359
	lockdep_assert_wiphy(hw->wiphy);
1360

1361
	/*
1362
	 * While we are assoc we may still send packets.  We cannot delete the
1363
	 * keys as otherwise packets could go out unencrypted.  Some firmware
1364
	 * does not like this and will fire an assert.
1365
	 * net80211 needs to drive this better but given we want the disassoc
1366
	 * frame out and have to unlock we are open to a race currently.
1367
	 * This check should prevent problems.
1368
	 * How to test: run 800Mbit/s UDP traffic and during that restart your
1369
	 * supplicant.  You want to survive that.
1370
	 */
1371
	if (vif->cfg.assoc) {
1372
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1373
			ic_printf(ic, "%d %lu %s: vif still assoc; not deleting keys\n",
1374
			    curthread->td_tid, jiffies, __func__);
1375
		return (0);
1376
	}
1377

1378
	if (IEEE80211_KEY_UNDEFINED(k)) {
1379
		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1380
		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1381
		return (0);
1382
	}
1383

1384
	if (vap->iv_bss == NULL) {
1385
		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1386
		    __func__, vap->iv_bss, vap);
1387
		return (0);
1388
	}
1389

1390
	ni = ieee80211_ref_node(vap->iv_bss);
1391
	lsta = ni->ni_drv_data;
1392
	if (lsta == NULL) {
1393
		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1394
		    __func__, ni, ni->ni_bssid, ":");
1395
		ieee80211_free_node(ni);
1396
		return (0);
1397
	}
1398
	sta = LSTA_TO_STA(lsta);
1399

1400
	if (lsta->kc[k->wk_keyix] == NULL) {
1401
#ifdef LINUXKPI_DEBUG_80211
1402
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1403
			ic_printf(ic, "%d %lu %s: sta %6D and no key information, "
1404
			    "keyidx %u wk_macaddr %6D; returning success\n",
1405
			    curthread->td_tid, jiffies, __func__, sta->addr, ":",
1406
			    k->wk_keyix, k->wk_macaddr, ":");
1407
#endif
1408
		ieee80211_free_node(ni);
1409
		return (1);
1410
	}
1411
	kc = lsta->kc[k->wk_keyix];
1412

1413
#ifdef LINUXKPI_DEBUG_80211
1414
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1415
		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1416
		    "keyidx %u hw_key_idx %u flags %b\n",
1417
		    curthread->td_tid, jiffies, __func__,
1418
		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1419
		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1420
#endif
1421

1422
	error = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif, sta, kc);
1423
	if (error != 0) {
1424
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1425
		    curthread->td_tid, jiffies, __func__,
1426
		    DISABLE_KEY, "DISABLE", sta->addr, ":", error);
1427
		error = 0;
1428
		goto out;
1429
	}
1430

1431
#ifdef LINUXKPI_DEBUG_80211
1432
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1433
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1434
		    "keyidx %u hw_key_idx %u flags %b\n",
1435
		    curthread->td_tid, jiffies, __func__,
1436
		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1437
		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1438
#endif
1439
	lsta->kc[k->wk_keyix] = NULL;
1440
	free(kc, M_LKPI80211);
1441
	error = 1;
1442
out:
1443
	ieee80211_free_node(ni);
1444
	return (error);
1445
}
1446

1447
static int
1448
lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
1449
{
1450
	struct ieee80211com *ic;
1451
	struct lkpi_hw *lhw;
1452
	struct ieee80211_hw *hw;
1453
	struct lkpi_vif *lvif;
1454
	struct lkpi_sta *lsta;
1455
	struct ieee80211_vif *vif;
1456
	struct ieee80211_sta *sta;
1457
	struct ieee80211_node *ni;
1458
	struct ieee80211_key_conf *kc;
1459
	uint32_t lcipher;
1460
	uint16_t exp_flags;
1461
	uint8_t keylen;
1462
	int error;
1463

1464
	ic = vap->iv_ic;
1465
	lhw = ic->ic_softc;
1466
	hw = LHW_TO_HW(lhw);
1467

1468
	/*
1469
	 * Make sure we do not make it here without going through
1470
	 * lkpi_iv_key_update_begin() first.
1471
	 */
1472
	lockdep_assert_wiphy(hw->wiphy);
1473

1474
	if (IEEE80211_KEY_UNDEFINED(k)) {
1475
		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1476
		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1477
		return (0);
1478
	}
1479

1480
	if (vap->iv_bss == NULL) {
1481
		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1482
		    __func__, vap->iv_bss, vap);
1483
		return (0);
1484
	}
1485
	ni = ieee80211_ref_node(vap->iv_bss);
1486
	lsta = ni->ni_drv_data;
1487
	if (lsta == NULL) {
1488
		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1489
		    __func__, ni, ni->ni_bssid, ":");
1490
		ieee80211_free_node(ni);
1491
		return (0);
1492
	}
1493
	sta = LSTA_TO_STA(lsta);
1494

1495
	keylen = k->wk_keylen;
1496
	lcipher = lkpi_net80211_to_l80211_cipher_suite(
1497
	    k->wk_cipher->ic_cipher, k->wk_keylen);
1498
	switch (lcipher) {
1499
	case WLAN_CIPHER_SUITE_TKIP:
1500
		keylen += 2 * k->wk_cipher->ic_miclen;
1501
		break;
1502
	case WLAN_CIPHER_SUITE_CCMP:
1503
	case WLAN_CIPHER_SUITE_GCMP:
1504
		break;
1505
	default:
1506
		ic_printf(ic, "%s: CIPHER SUITE %#x (%s) not supported\n",
1507
		    __func__, lcipher, lkpi_cipher_suite_to_name(lcipher));
1508
		IMPROVE();
1509
		ieee80211_free_node(ni);
1510
		return (0);
1511
	}
1512

1513
	if (lsta->kc[k->wk_keyix] != NULL) {
1514
		IMPROVE("Still in firmware? Del first. Can we assert this cannot happen?");
1515
		ic_printf(ic, "%s: sta %6D found with key information\n",
1516
		    __func__, sta->addr, ":");
1517
		kc = lsta->kc[k->wk_keyix];
1518
		lsta->kc[k->wk_keyix] = NULL;
1519
		free(kc, M_LKPI80211);
1520
		kc = NULL;	/* safeguard */
1521
	}
1522

1523
	kc = malloc(sizeof(*kc) + keylen, M_LKPI80211, M_WAITOK | M_ZERO);
1524
	kc->_k = k;		/* Save the pointer to net80211. */
1525
	kc->cipher = lcipher;
1526
	kc->keyidx = k->wk_keyix;
1527
#if 0
1528
	kc->hw_key_idx = /* set by hw and needs to be passed for TX */;
1529
#endif
1530
	atomic64_set(&kc->tx_pn, k->wk_keytsc);
1531
	kc->keylen = k->wk_keylen;
1532
	memcpy(kc->key, k->wk_key, k->wk_keylen);
1533

1534
	if (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))
1535
		kc->flags |= IEEE80211_KEY_FLAG_PAIRWISE;
1536
	if (k->wk_flags & IEEE80211_KEY_GROUP)
1537
		kc->flags &= ~IEEE80211_KEY_FLAG_PAIRWISE;
1538

1539
	kc->iv_len = k->wk_cipher->ic_header;
1540
	kc->icv_len = k->wk_cipher->ic_trailer;
1541

1542
	switch (kc->cipher) {
1543
	case WLAN_CIPHER_SUITE_TKIP:
1544
		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, k->wk_txmic, k->wk_cipher->ic_miclen);
1545
		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY, k->wk_rxmic, k->wk_cipher->ic_miclen);
1546
		break;
1547
	case WLAN_CIPHER_SUITE_CCMP:
1548
	case WLAN_CIPHER_SUITE_GCMP:
1549
		break;
1550
	default:
1551
		/* currently UNREACH */
1552
		IMPROVE();
1553
		break;
1554
	};
1555
	lsta->kc[k->wk_keyix] = kc;
1556

1557
#ifdef LINUXKPI_DEBUG_80211
1558
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1559
		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1560
		    "kc %p keyidx %u hw_key_idx %u keylen %u flags %b\n",
1561
		    curthread->td_tid, jiffies, __func__,
1562
		    SET_KEY, "SET", sta->addr, ":", kc, kc->keyidx, kc->hw_key_idx,
1563
		    kc->keylen, kc->flags, IEEE80211_KEY_FLAG_BITS);
1564
#endif
1565

1566
	lvif = VAP_TO_LVIF(vap);
1567
	vif = LVIF_TO_VIF(lvif);
1568
	error = lkpi_80211_mo_set_key(hw, SET_KEY, vif, sta, kc);
1569
	if (error != 0) {
1570
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1571
		    curthread->td_tid, jiffies, __func__,
1572
		    SET_KEY, "SET", sta->addr, ":", error);
1573
		lsta->kc[k->wk_keyix] = NULL;
1574
		free(kc, M_LKPI80211);
1575
		ieee80211_free_node(ni);
1576
		return (0);
1577
	}
1578

1579
#ifdef LINUXKPI_DEBUG_80211
1580
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1581
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1582
		    "kc %p keyidx %u hw_key_idx %u flags %b\n",
1583
		    curthread->td_tid, jiffies, __func__,
1584
		    SET_KEY, "SET", sta->addr, ":",
1585
		    kc, kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1586
#endif
1587

1588
	exp_flags = 0;
1589
	switch (kc->cipher) {
1590
	case WLAN_CIPHER_SUITE_TKIP:
1591
		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1592
			IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1593
			IEEE80211_KEY_FLAG_GENERATE_MMIC |
1594
			IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
1595
#define	TKIP_INVAL_COMBINATION						\
1596
     (IEEE80211_KEY_FLAG_PUT_MIC_SPACE|IEEE80211_KEY_FLAG_GENERATE_MMIC)
1597
		if ((kc->flags & TKIP_INVAL_COMBINATION) == TKIP_INVAL_COMBINATION) {
1598
			ic_printf(ic, "%s: SET_KEY for %s returned invalid "
1599
			    "combination %b\n", __func__,
1600
			    lkpi_cipher_suite_to_name(kc->cipher),
1601
			    kc->flags, IEEE80211_KEY_FLAG_BITS);
1602
		}
1603
#undef	TKIP_INVAL_COMBINATION
1604
#ifdef __notyet__
1605
		/* Do flags surgery; special see linuxkpi_ieee80211_ifattach(). */
1606
		if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) != 0) {
1607
			k->wk_flags &= ~(IEEE80211_KEY_NOMICMGT|IEEE80211_KEY_NOMIC);
1608
			k->wk_flags |= IEEE80211_KEY_SWMIC;
1609
			ic->ic_cryptocaps &= ~IEEE80211_CRYPTO_TKIPMIC
1610
		}
1611
#endif
1612
		break;
1613
	case WLAN_CIPHER_SUITE_CCMP:
1614
	case WLAN_CIPHER_SUITE_GCMP:
1615
		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1616
		    IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1617
		    IEEE80211_KEY_FLAG_GENERATE_IV |
1618
		    IEEE80211_KEY_FLAG_GENERATE_IV_MGMT |	/* Only needs IV geeration for MGMT frames. */
1619
		    IEEE80211_KEY_FLAG_SW_MGMT_TX);		/* MFP in software */
1620
		break;
1621
	}
1622
	if ((kc->flags & ~exp_flags) != 0)
1623
		ic_printf(ic, "%s: SET_KEY for %s returned unexpected key flags: "
1624
		    " %#06x & ~%#06x = %b\n", __func__,
1625
		    lkpi_cipher_suite_to_name(kc->cipher), kc->flags, exp_flags,
1626
		    (kc->flags & ~exp_flags), IEEE80211_KEY_FLAG_BITS);
1627

1628
#ifdef __notyet__
1629
	/* Do flags surgery. */
1630
	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) == 0)
1631
		k->wk_flags |= IEEE80211_KEY_NOIVMGT;
1632
	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
1633
		k->wk_flags |= IEEE80211_KEY_NOIV;
1634
#endif
1635

1636
	ieee80211_free_node(ni);
1637
	return (1);
1638
}
1639

1640
static void
1641
lkpi_iv_key_update_begin(struct ieee80211vap *vap)
1642
{
1643
	struct ieee80211_node_table *nt;
1644
	struct ieee80211com *ic;
1645
	struct lkpi_hw *lhw;
1646
	struct ieee80211_hw *hw;
1647
	struct lkpi_vif *lvif;
1648
	struct ieee80211_node *ni;
1649
	bool icislocked, ntislocked;
1650

1651
	ic = vap->iv_ic;
1652
	lhw = ic->ic_softc;
1653
	hw = LHW_TO_HW(lhw);
1654
	lvif = VAP_TO_LVIF(vap);
1655
	nt = &ic->ic_sta;
1656

1657
	icislocked = IEEE80211_IS_LOCKED(ic);
1658
	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1659

1660
#ifdef LINUXKPI_DEBUG_80211
1661
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1662
		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1663
		    "lvif ic_unlocked %d nt_unlocked %d\n",
1664
		    curthread->td_tid, jiffies, __func__, vap,
1665
		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1666
		    lvif->ic_unlocked, lvif->nt_unlocked);
1667
#endif
1668

1669
	/*
1670
	 * This is inconsistent net80211 locking to be fixed one day.
1671
	 */
1672
	/* Try to make sure the node does not go away while possibly unlocked. */
1673
	ni = NULL;
1674
	if (icislocked || ntislocked) {
1675
		if (vap->iv_bss != NULL)
1676
			ni = ieee80211_ref_node(vap->iv_bss);
1677
	}
1678

1679
	if (icislocked)
1680
		IEEE80211_UNLOCK(ic);
1681
	if (ntislocked)
1682
		IEEE80211_NODE_UNLOCK(nt);
1683

1684
	wiphy_lock(hw->wiphy);
1685

1686
	KASSERT(lvif->key_update_iv_bss == NULL, ("%s: key_update_iv_bss not NULL %p",
1687
	    __func__, lvif->key_update_iv_bss));
1688
	lvif->key_update_iv_bss = ni;
1689

1690
	/*
1691
	 * ic/nt_unlocked could be a bool given we are under the lock and there
1692
	 * must only be a single thread.
1693
	 * In case anything in the future disturbs the order the refcnt will
1694
	 * help us catching problems a lot easier.
1695
	 */
1696
	if (icislocked)
1697
		refcount_acquire(&lvif->ic_unlocked);
1698
	if (ntislocked)
1699
		refcount_acquire(&lvif->nt_unlocked);
1700

1701
	/*
1702
	 * Stop the queues while doing key updates.
1703
	 */
1704
	ieee80211_stop_queues(hw);
1705
}
1706

1707
static void
1708
lkpi_iv_key_update_end(struct ieee80211vap *vap)
1709
{
1710
	struct ieee80211_node_table *nt;
1711
	struct ieee80211com *ic;
1712
	struct lkpi_hw *lhw;
1713
	struct ieee80211_hw *hw;
1714
	struct lkpi_vif *lvif;
1715
	bool icislocked, ntislocked;
1716

1717
	ic = vap->iv_ic;
1718
	lhw = ic->ic_softc;
1719
	hw = LHW_TO_HW(lhw);
1720
	lvif = VAP_TO_LVIF(vap);
1721
	nt = &ic->ic_sta;
1722

1723
	/*
1724
	 * Re-enabled the queues after the key update.
1725
	 */
1726
	lkpi_ieee80211_wake_queues_locked(hw);
1727

1728
	icislocked = IEEE80211_IS_LOCKED(ic);
1729
	MPASS(!icislocked);
1730
	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1731
	MPASS(!ntislocked);
1732

1733
#ifdef LINUXKPI_DEBUG_80211
1734
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1735
		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1736
		    "lvif ic_unlocked %d nt_unlocked %d\n",
1737
		    curthread->td_tid, jiffies, __func__, vap,
1738
		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1739
		    lvif->ic_unlocked, lvif->nt_unlocked);
1740
#endif
1741

1742
	/*
1743
	 * Check under lock; see comment in lkpi_iv_key_update_begin().
1744
	 * In case the refcnt gets out of sync locking in net80211 will
1745
	 * quickly barf as well (trying to unlock a lock not held).
1746
	 */
1747
	icislocked = refcount_release_if_last(&lvif->ic_unlocked);
1748
	ntislocked = refcount_release_if_last(&lvif->nt_unlocked);
1749

1750
	if (lvif->key_update_iv_bss != NULL) {
1751
		ieee80211_free_node(lvif->key_update_iv_bss);
1752
		lvif->key_update_iv_bss = NULL;
1753
	}
1754

1755
	wiphy_unlock(hw->wiphy);
1756

1757
	/*
1758
	 * This is inconsistent net80211 locking to be fixed one day.
1759
	 * ic before nt to avoid a LOR.
1760
	 */
1761
	if (icislocked)
1762
		IEEE80211_LOCK(ic);
1763
	if (ntislocked)
1764
		IEEE80211_NODE_LOCK(nt);
1765
}
1766
#endif
1767

1768
static void
1769
lkpi_cleanup_mcast_list_locked(struct lkpi_hw *lhw)
1770
{
1771
	struct list_head *le, *next;
1772
	struct netdev_hw_addr *addr;
1773

1774
	if (lhw->mc_list.count != 0) {
1775
		list_for_each_safe(le, next, &lhw->mc_list.addr_list) {
1776
			addr = list_entry(le, struct netdev_hw_addr, addr_list);
1777
			list_del(le);
1778
			lhw->mc_list.count--;
1779
			free(addr, M_LKPI80211);
1780
		}
1781
	}
1782
	KASSERT(lhw->mc_list.count == 0, ("%s: mc_list %p count %d != 0\n",
1783
	    __func__, &lhw->mc_list, lhw->mc_list.count));
1784
}
1785

1786
static u_int
1787
lkpi_ic_update_mcast_copy(void *arg, struct sockaddr_dl *sdl, u_int cnt)
1788
{
1789
	struct netdev_hw_addr_list *mc_list;
1790
	struct netdev_hw_addr *addr;
1791

1792
	KASSERT(arg != NULL && sdl != NULL, ("%s: arg %p sdl %p cnt %u\n",
1793
	    __func__, arg, sdl, cnt));
1794

1795
	mc_list = arg;
1796
	/* If it is on the list already skip it. */
1797
	netdev_hw_addr_list_for_each(addr, mc_list) {
1798
		if (!memcmp(addr->addr, LLADDR(sdl), sdl->sdl_alen))
1799
			return (0);
1800
	}
1801

1802
	addr = malloc(sizeof(*addr), M_LKPI80211, M_NOWAIT | M_ZERO);
1803
	if (addr == NULL)
1804
		return (0);
1805

1806
	INIT_LIST_HEAD(&addr->addr_list);
1807
	memcpy(addr->addr, LLADDR(sdl), sdl->sdl_alen);
1808
	/* XXX this should be a netdev function? */
1809
	list_add(&addr->addr_list, &mc_list->addr_list);
1810
	mc_list->count++;
1811

1812
#ifdef LINUXKPI_DEBUG_80211
1813
	if (linuxkpi_debug_80211 & D80211_TRACE)
1814
		printf("%s:%d: mc_list count %d: added %6D\n",
1815
		    __func__, __LINE__, mc_list->count, addr->addr, ":");
1816
#endif
1817

1818
	return (1);
1819
}
1820

1821
static void
1822
lkpi_update_mcast_filter(struct ieee80211com *ic)
1823
{
1824
	struct lkpi_hw *lhw;
1825
	struct ieee80211_hw *hw;
1826
	u64 mc;
1827
	unsigned int changed_flags, flags;
1828
	bool scanning;
1829

1830
	lhw = ic->ic_softc;
1831

1832
	if (lhw->ops->prepare_multicast == NULL ||
1833
	    lhw->ops->configure_filter == NULL)
1834
		return;
1835

1836
	LKPI_80211_LHW_SCAN_LOCK(lhw);
1837
	scanning = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
1838
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
1839

1840
	LKPI_80211_LHW_MC_LOCK(lhw);
1841

1842
	flags = 0;
1843
	if (scanning)
1844
		flags |= FIF_BCN_PRBRESP_PROMISC;
1845
	if (lhw->mc_all_multi)
1846
		flags |= FIF_ALLMULTI;
1847

1848
	hw = LHW_TO_HW(lhw);
1849
	mc = lkpi_80211_mo_prepare_multicast(hw, &lhw->mc_list);
1850

1851
	changed_flags = (lhw->mc_flags ^ flags) & FIF_FLAGS_MASK;
1852
	lkpi_80211_mo_configure_filter(hw, changed_flags, &flags, mc);
1853
	lhw->mc_flags = flags;
1854

1855
#ifdef LINUXKPI_DEBUG_80211
1856
	if (linuxkpi_debug_80211 & D80211_TRACE)
1857
		printf("%s: changed_flags %#06x count %d mc_flags %#010x\n",
1858
		    __func__, changed_flags, lhw->mc_list.count, lhw->mc_flags);
1859
#endif
1860

1861
	LKPI_80211_LHW_MC_UNLOCK(lhw);
1862
}
1863

1864
static enum ieee80211_bss_changed
1865
lkpi_update_dtim_tsf(struct ieee80211_vif *vif, struct ieee80211_node *ni,
1866
    struct ieee80211vap *vap, const char *_f, int _l)
1867
{
1868
	enum ieee80211_bss_changed bss_changed;
1869

1870
	bss_changed = 0;
1871

1872
#ifdef LINUXKPI_DEBUG_80211
1873
	if (linuxkpi_debug_80211 & D80211_TRACE)
1874
		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
1875
		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
1876
		    "sync_device_ts %u bss_changed %#010jx\n",
1877
			__func__, __LINE__, _f, _l,
1878
			vif->cfg.assoc, vif->cfg.aid,
1879
			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
1880
			vif->bss_conf.sync_dtim_count,
1881
			(uintmax_t)vif->bss_conf.sync_tsf,
1882
			vif->bss_conf.sync_device_ts,
1883
			(uintmax_t)bss_changed);
1884
#endif
1885

1886
	if (vif->bss_conf.beacon_int != ni->ni_intval) {
1887
		vif->bss_conf.beacon_int = ni->ni_intval;
1888
		/* iwlwifi FW bug workaround; iwl_mvm_mac_sta_state. */
1889
		if (vif->bss_conf.beacon_int < 16)
1890
			vif->bss_conf.beacon_int = 16;
1891
		bss_changed |= BSS_CHANGED_BEACON_INT;
1892
	}
1893

1894
	/*
1895
	 * lkpi_iv_sta_recv_mgmt() will directly call into this function.
1896
	 * iwlwifi(4) in iwl_mvm_bss_info_changed_station_common() will
1897
	 * stop seesion protection the moment it sees
1898
	 * BSS_CHANGED_BEACON_INFO (with the expectations that it was
1899
	 * "a beacon from the associated AP"). It will also update
1900
	 * the beacon filter in that case.  This is the only place
1901
	 * we set the BSS_CHANGED_BEACON_INFO on the non-teardown
1902
	 * path so make sure we only do run this check once we are
1903
	 * assoc. (*iv_recv_mgmt)() will be called before we enter
1904
	 * here so the ni will be updates with information from the
1905
	 * beacon via net80211::sta_recv_mgmt().  We also need to
1906
	 * make sure we do not do it on every beacon we still may
1907
	 * get so only do if something changed.  vif->bss_conf.dtim_period
1908
	 * should be 0 as we start up (we also reset it on teardown).
1909
	 */
1910
	if (vif->cfg.assoc &&
1911
	    vif->bss_conf.dtim_period != ni->ni_dtim_period &&
1912
	    ni->ni_dtim_period > 0) {
1913
		vif->bss_conf.dtim_period = ni->ni_dtim_period;
1914
		bss_changed |= BSS_CHANGED_BEACON_INFO;
1915
	}
1916

1917
	vif->bss_conf.sync_dtim_count = ni->ni_dtim_count;
1918
	vif->bss_conf.sync_tsf = le64toh(ni->ni_tstamp.tsf);
1919
	/* vif->bss_conf.sync_device_ts = set in linuxkpi_ieee80211_rx. */
1920

1921
#ifdef LINUXKPI_DEBUG_80211
1922
	if (linuxkpi_debug_80211 & D80211_TRACE)
1923
		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
1924
		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
1925
		    "sync_device_ts %u bss_changed %#010jx\n",
1926
			__func__, __LINE__, _f, _l,
1927
			vif->cfg.assoc, vif->cfg.aid,
1928
			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
1929
			vif->bss_conf.sync_dtim_count,
1930
			(uintmax_t)vif->bss_conf.sync_tsf,
1931
			vif->bss_conf.sync_device_ts,
1932
			(uintmax_t)bss_changed);
1933
#endif
1934

1935
	return (bss_changed);
1936
}
1937

1938
static void
1939
lkpi_stop_hw_scan(struct lkpi_hw *lhw, struct ieee80211_vif *vif)
1940
{
1941
	struct ieee80211_hw *hw;
1942
	int error;
1943
	bool cancel;
1944

1945
	TRACE_SCAN(lhw->ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
1946

1947
	LKPI_80211_LHW_SCAN_LOCK(lhw);
1948
	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
1949
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
1950
	if (!cancel)
1951
		return;
1952

1953
	hw = LHW_TO_HW(lhw);
1954

1955
	IEEE80211_UNLOCK(lhw->ic);
1956
	wiphy_lock(hw->wiphy);
1957
	/* Need to cancel the scan. */
1958
	lkpi_80211_mo_cancel_hw_scan(hw, vif);
1959
	wiphy_unlock(hw->wiphy);
1960

1961
	/* Need to make sure we see ieee80211_scan_completed. */
1962
	LKPI_80211_LHW_SCAN_LOCK(lhw);
1963
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0)
1964
		error = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz/2);
1965
	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
1966
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
1967

1968
	IEEE80211_LOCK(lhw->ic);
1969

1970
	if (cancel)
1971
		ic_printf(lhw->ic, "%s: failed to cancel scan: %d (%p, %p)\n",
1972
		    __func__, error, lhw, vif);
1973
}
1974

1975
static void
1976
lkpi_hw_conf_idle(struct ieee80211_hw *hw, bool new)
1977
{
1978
	struct lkpi_hw *lhw;
1979
	int error;
1980
	bool old;
1981

1982
	old = hw->conf.flags & IEEE80211_CONF_IDLE;
1983
	if (old == new)
1984
		return;
1985

1986
	hw->conf.flags ^= IEEE80211_CONF_IDLE;
1987
	error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_IDLE);
1988
	if (error != 0 && error != EOPNOTSUPP) {
1989
		lhw = HW_TO_LHW(hw);
1990
		ic_printf(lhw->ic, "ERROR: %s: config %#0x returned %d\n",
1991
		    __func__, IEEE80211_CONF_CHANGE_IDLE, error);
1992
	}
1993
}
1994

1995
static enum ieee80211_bss_changed
1996
lkpi_disassoc(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1997
    struct lkpi_hw *lhw)
1998
{
1999
	enum ieee80211_bss_changed changed;
2000
	struct lkpi_vif *lvif;
2001

2002
	changed = 0;
2003
	sta->aid = 0;
2004
	if (vif->cfg.assoc) {
2005

2006
		vif->cfg.assoc = false;
2007
		vif->cfg.aid = 0;
2008
		changed |= BSS_CHANGED_ASSOC;
2009
		IMPROVE();
2010

2011
		lkpi_update_mcast_filter(lhw->ic);
2012

2013
		/*
2014
		 * Executing the bss_info_changed(BSS_CHANGED_ASSOC) with
2015
		 * assoc = false right away here will remove the sta from
2016
		 * firmware for iwlwifi.
2017
		 * We no longer do this but only return the BSS_CHNAGED value.
2018
		 * The caller is responsible for removing the sta gong to
2019
		 * IEEE80211_STA_NOTEXIST and then executing the
2020
		 * bss_info_changed() update.
2021
		 * See lkpi_sta_run_to_init() for more detailed comment.
2022
		 */
2023

2024
		lvif = VIF_TO_LVIF(vif);
2025
		lvif->beacons = 0;
2026
	}
2027

2028
	return (changed);
2029
}
2030

2031
static void
2032
lkpi_wake_tx_queues(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
2033
    bool dequeue_seen, bool no_emptyq)
2034
{
2035
	struct lkpi_txq *ltxq;
2036
	int tid;
2037
	bool ltxq_empty;
2038

2039
	/* Wake up all queues to know they are allocated in the driver. */
2040
	for (tid = 0; tid < nitems(sta->txq); tid++) {
2041

2042
		if (tid == IEEE80211_NUM_TIDS) {
2043
			IMPROVE("station specific?");
2044
			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ))
2045
				continue;
2046
		} else if (tid >= hw->queues)
2047
			continue;
2048

2049
		if (sta->txq[tid] == NULL)
2050
			continue;
2051

2052
		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
2053
		if (dequeue_seen && !ltxq->seen_dequeue)
2054
			continue;
2055

2056
		LKPI_80211_LTXQ_LOCK(ltxq);
2057
		ltxq_empty = skb_queue_empty(&ltxq->skbq);
2058
		LKPI_80211_LTXQ_UNLOCK(ltxq);
2059
		if (no_emptyq && ltxq_empty)
2060
			continue;
2061

2062
		lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid]);
2063
	}
2064
}
2065

2066
/*
2067
 * On the way down from RUN -> ASSOC -> AUTH we may send a DISASSOC or DEAUTH
2068
 * packet.  The problem is that the state machine functions tend to hold the
2069
 * LHW lock which will prevent lkpi_80211_txq_tx_one() from sending the packet.
2070
 * We call this after dropping the ic lock and before acquiring the LHW lock.
2071
 * we make sure no further packets are queued and if they are queued the task
2072
 * will finish or be cancelled.  At the end if a packet is left we manually
2073
 * send it.  scan_to_auth() would re-enable sending if the lsta would be
2074
 * re-used.
2075
 */
2076
static void
2077
lkpi_80211_flush_tx(struct lkpi_hw *lhw, struct lkpi_sta *lsta)
2078
{
2079
	struct ieee80211_hw *hw;
2080
	struct mbufq mq;
2081
	struct mbuf *m;
2082
	int len;
2083

2084
	/* There is no lockdep_assert_not_held_wiphy(). */
2085
	hw = LHW_TO_HW(lhw);
2086
	lockdep_assert_not_held(&hw->wiphy->mtx);
2087

2088
	/* Do not accept any new packets until scan_to_auth or lsta_free(). */
2089
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2090
	lsta->txq_ready = false;
2091
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2092

2093
	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
2094
		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
2095

2096
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2097
	len = mbufq_len(&lsta->txq);
2098
	if (len <= 0) {
2099
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2100
		return;
2101
	}
2102

2103
	mbufq_init(&mq, IFQ_MAXLEN);
2104
	mbufq_concat(&mq, &lsta->txq);
2105
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2106

2107
	m = mbufq_dequeue(&mq);
2108
	while (m != NULL) {
2109
		lkpi_80211_txq_tx_one(lsta, m);
2110
		m = mbufq_dequeue(&mq);
2111
	}
2112
}
2113

2114

2115
static void
2116
lkpi_remove_chanctx(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2117
{
2118
	struct ieee80211_chanctx_conf *chanctx_conf;
2119
	struct lkpi_chanctx *lchanctx;
2120

2121
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2122
	    lockdep_is_held(&hw->wiphy->mtx));
2123

2124
	if (chanctx_conf == NULL)
2125
		return;
2126

2127
	/* Remove vif context. */
2128
	lkpi_80211_mo_unassign_vif_chanctx(hw, vif, &vif->bss_conf, chanctx_conf);
2129

2130
	lkpi_hw_conf_idle(hw, true);
2131

2132
	/* Remove chan ctx. */
2133
	lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2134

2135
	/* Cleanup. */
2136
	rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2137
	lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2138
	list_del(&lchanctx->entry);
2139
	free(lchanctx, M_LKPI80211);
2140
}
2141

2142

2143
/* -------------------------------------------------------------------------- */
2144

2145
static int
2146
lkpi_sta_state_do_nada(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2147
{
2148

2149
	return (0);
2150
}
2151

2152
/* lkpi_iv_newstate() handles the stop scan case generally. */
2153
#define	lkpi_sta_scan_to_init(_v, _n, _a)	lkpi_sta_state_do_nada(_v, _n, _a)
2154

2155
static int
2156
lkpi_sta_scan_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2157
{
2158
	struct linuxkpi_ieee80211_channel *chan;
2159
	struct lkpi_chanctx *lchanctx;
2160
	struct ieee80211_chanctx_conf *chanctx_conf;
2161
	struct lkpi_hw *lhw;
2162
	struct ieee80211_hw *hw;
2163
	struct lkpi_vif *lvif;
2164
	struct ieee80211_vif *vif;
2165
	struct ieee80211_node *ni;
2166
	struct lkpi_sta *lsta;
2167
	enum ieee80211_bss_changed bss_changed;
2168
	struct ieee80211_prep_tx_info prep_tx_info;
2169
	uint32_t changed;
2170
	int error;
2171
	bool synched;
2172

2173
	/*
2174
	 * In here we use vap->iv_bss until lvif->lvif_bss is set.
2175
	 * For all later (STATE >= AUTH) functions we need to use the lvif
2176
	 * cache which will be tracked even through (*iv_update_bss)().
2177
	 */
2178

2179
	if (vap->iv_bss == NULL) {
2180
		ic_printf(vap->iv_ic, "%s: no iv_bss for vap %p\n", __func__, vap);
2181
		return (EINVAL);
2182
	}
2183
	/*
2184
	 * Keep the ni alive locally.  In theory (and practice) iv_bss can change
2185
	 * once we unlock here.  This is due to net80211 allowing state changes
2186
	 * and new join1() despite having an active node as well as due to
2187
	 * the fact that the iv_bss can be swapped under the hood in (*iv_update_bss).
2188
	 */
2189
	ni = ieee80211_ref_node(vap->iv_bss);
2190
	if (ni->ni_chan == NULL || ni->ni_chan == IEEE80211_CHAN_ANYC) {
2191
		ic_printf(vap->iv_ic, "%s: no channel set for iv_bss ni %p "
2192
		    "on vap %p\n", __func__, ni, vap);
2193
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2194
		return (EINVAL);
2195
	}
2196

2197
	lhw = vap->iv_ic->ic_softc;
2198
	chan = lkpi_find_lkpi80211_chan(lhw, ni->ni_chan);
2199
	if (chan == NULL) {
2200
		ic_printf(vap->iv_ic, "%s: failed to get LKPI channel from "
2201
		    "iv_bss ni %p on vap %p\n", __func__, ni, vap);
2202
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2203
		return (ESRCH);
2204
	}
2205

2206
	hw = LHW_TO_HW(lhw);
2207
	lvif = VAP_TO_LVIF(vap);
2208
	vif = LVIF_TO_VIF(lvif);
2209

2210
	LKPI_80211_LVIF_LOCK(lvif);
2211
	/* XXX-BZ KASSERT later? */
2212
	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL) {
2213
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2214
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2215
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2216
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2217
		    lvif->lvif_bss_synched);
2218
		LKPI_80211_LVIF_UNLOCK(lvif);
2219
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2220
		return (EBUSY);
2221
	}
2222
	LKPI_80211_LVIF_UNLOCK(lvif);
2223

2224
	IEEE80211_UNLOCK(vap->iv_ic);
2225
	wiphy_lock(hw->wiphy);
2226

2227
	/* Add chanctx (or if exists, change it). */
2228
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2229
	    lockdep_is_held(&hw->wiphy->mtx));
2230
	if (chanctx_conf != NULL) {
2231
		lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2232
		IMPROVE("diff changes for changed, working on live copy, rcu");
2233
	} else {
2234
		/* Keep separate alloc as in Linux this is rcu managed? */
2235
		lchanctx = malloc(sizeof(*lchanctx) + hw->chanctx_data_size,
2236
		    M_LKPI80211, M_WAITOK | M_ZERO);
2237
		chanctx_conf = &lchanctx->chanctx_conf;
2238
	}
2239

2240
	chanctx_conf->rx_chains_static = 1;
2241
	chanctx_conf->rx_chains_dynamic = 1;
2242
	chanctx_conf->radar_enabled =
2243
	    (chan->flags & IEEE80211_CHAN_RADAR) ? true : false;
2244
	chanctx_conf->def.chan = chan;
2245
	chanctx_conf->def.width = NL80211_CHAN_WIDTH_20_NOHT;
2246
	chanctx_conf->def.center_freq1 = ieee80211_get_channel_center_freq1(ni->ni_chan);
2247
	chanctx_conf->def.center_freq2 = ieee80211_get_channel_center_freq2(ni->ni_chan);
2248
	IMPROVE("Check vht_cap from band not just chan?");
2249
	KASSERT(ni->ni_chan != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC,
2250
	   ("%s:%d: ni %p ni_chan %p\n", __func__, __LINE__, ni, ni->ni_chan));
2251

2252
#ifdef LKPI_80211_HT
2253
	if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2254
		if (IEEE80211_IS_CHAN_HT40(ni->ni_chan))
2255
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_40;
2256
		else
2257
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_20;
2258
	}
2259
#endif
2260
#ifdef LKPI_80211_VHT
2261
	if (IEEE80211_IS_CHAN_VHT_5GHZ(ni->ni_chan)) {
2262
		if (IEEE80211_IS_CHAN_VHT80P80(ni->ni_chan))
2263
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_80P80;
2264
		else if (IEEE80211_IS_CHAN_VHT160(ni->ni_chan))
2265
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_160;
2266
		else if (IEEE80211_IS_CHAN_VHT80(ni->ni_chan))
2267
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_80;
2268
	}
2269
#endif
2270
	chanctx_conf->rx_chains_dynamic = lkpi_get_max_rx_chains(ni);
2271
	/* Responder ... */
2272
#if 0
2273
	chanctx_conf->min_def.chan = chanctx_conf->def.chan;
2274
	chanctx_conf->min_def.width = NL80211_CHAN_WIDTH_20_NOHT;
2275
#ifdef LKPI_80211_HT
2276
	if (IEEE80211_IS_CHAN_HT(ni->ni_chan) || IEEE80211_IS_CHAN_VHT(ni->ni_chan))
2277
		chanctx_conf->min_def.width = NL80211_CHAN_WIDTH_20;
2278
#endif
2279
	chanctx_conf->min_def.center_freq1 = chanctx_conf->def.center_freq1;
2280
	chanctx_conf->min_def.center_freq2 = chanctx_conf->def.center_freq2;
2281
#else
2282
	chanctx_conf->min_def = chanctx_conf->def;
2283
#endif
2284

2285
	/* Set bss info (bss_info_changed). */
2286
	bss_changed = 0;
2287
	vif->bss_conf.bssid = ni->ni_bssid;
2288
	bss_changed |= BSS_CHANGED_BSSID;
2289
	vif->bss_conf.txpower = ni->ni_txpower;
2290
	bss_changed |= BSS_CHANGED_TXPOWER;
2291
	vif->cfg.idle = false;
2292
	bss_changed |= BSS_CHANGED_IDLE;
2293

2294
	/* vif->bss_conf.basic_rates ? Where exactly? */
2295

2296
	lvif->beacons = 0;
2297
	/* Should almost assert it is this. */
2298
	vif->cfg.assoc = false;
2299
	vif->cfg.aid = 0;
2300

2301
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
2302

2303
	error = 0;
2304
	if (vif->bss_conf.chanctx_conf == chanctx_conf) {
2305
		changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
2306
		changed |= IEEE80211_CHANCTX_CHANGE_RADAR;
2307
		changed |= IEEE80211_CHANCTX_CHANGE_RX_CHAINS;
2308
		changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
2309
		lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
2310
	} else {
2311
		error = lkpi_80211_mo_add_chanctx(hw, chanctx_conf);
2312
		if (error == 0 || error == EOPNOTSUPP) {
2313
			vif->bss_conf.chanreq.oper.chan = chanctx_conf->def.chan;
2314
			vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
2315
			vif->bss_conf.chanreq.oper.center_freq1 =
2316
			    chanctx_conf->def.center_freq1;
2317
			vif->bss_conf.chanreq.oper.center_freq2 =
2318
			    chanctx_conf->def.center_freq2;
2319
		} else {
2320
			ic_printf(vap->iv_ic, "%s:%d: mo_add_chanctx "
2321
			    "failed: %d\n", __func__, __LINE__, error);
2322
			goto out;
2323
		}
2324

2325
		list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list);
2326
		rcu_assign_pointer(vif->bss_conf.chanctx_conf, chanctx_conf);
2327

2328
		/* Assign vif chanctx. */
2329
		if (error == 0)
2330
			error = lkpi_80211_mo_assign_vif_chanctx(hw, vif,
2331
			    &vif->bss_conf, chanctx_conf);
2332
		if (error == EOPNOTSUPP)
2333
			error = 0;
2334
		if (error != 0) {
2335
			ic_printf(vap->iv_ic, "%s:%d: mo_assign_vif_chanctx "
2336
			    "failed: %d\n", __func__, __LINE__, error);
2337
			lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2338
			rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2339
			lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2340
			list_del(&lchanctx->entry);
2341
			free(lchanctx, M_LKPI80211);
2342
			goto out;
2343
		}
2344
	}
2345
	IMPROVE("update radiotap chan fields too");
2346

2347
	/* RATES */
2348
	IMPROVE("bss info: not all needs to come now and rates are missing");
2349
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2350

2351
	/*
2352
	 * Given ni and lsta are 1:1 from alloc to free we can assert that
2353
	 * ni always has lsta data attach despite net80211 node swapping
2354
	 * under the hoods.
2355
	 */
2356
	KASSERT(ni->ni_drv_data != NULL, ("%s: ni %p ni_drv_data %p\n",
2357
	    __func__, ni, ni->ni_drv_data));
2358
	lsta = ni->ni_drv_data;
2359

2360
	/* Insert the [l]sta into the list of known stations. */
2361
	list_add_tail(&lsta->lsta_list, &lvif->lsta_list);
2362

2363
	/* Add (or adjust) sta and change state (from NOTEXIST) to NONE. */
2364
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2365
	KASSERT(lsta->state == IEEE80211_STA_NOTEXIST, ("%s: lsta %p state not "
2366
	    "NOTEXIST: %#x\n", __func__, lsta, lsta->state));
2367
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
2368
	if (error != 0) {
2369
		IMPROVE("do we need to undo the chan ctx?");
2370
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
2371
		    "failed: %d\n", __func__, __LINE__, error);
2372
		goto out;
2373
	}
2374
#if 0
2375
	lsta->added_to_drv = true;	/* mo manages. */
2376
#endif
2377

2378
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2379

2380
#if 0
2381
	/*
2382
	 * Wakeup all queues now that sta is there so we have as much time to
2383
	 * possibly prepare the queue in the driver to be ready for the 1st
2384
	 * packet;  lkpi_80211_txq_tx_one() still has a workaround as there
2385
	 * is no guarantee or way to check.
2386
	 * XXX-BZ and by now we know that this does not work on all drivers
2387
	 * for all queues.
2388
	 */
2389
	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, false);
2390
#endif
2391

2392
	/* Start mgd_prepare_tx. */
2393
	memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2394
	prep_tx_info.duration = PREP_TX_INFO_DURATION;
2395
	lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2396
	lsta->in_mgd = true;
2397

2398
	/*
2399
	 * What is going to happen next:
2400
	 * - <twiddle> .. we should end up in "auth_to_assoc"
2401
	 * - event_callback
2402
	 * - update sta_state (NONE to AUTH)
2403
	 * - mgd_complete_tx
2404
	 * (ideally we'd do that on a callback for something else ...)
2405
	 */
2406

2407
	wiphy_unlock(hw->wiphy);
2408
	IEEE80211_LOCK(vap->iv_ic);
2409

2410
	LKPI_80211_LVIF_LOCK(lvif);
2411
	/* Re-check given (*iv_update_bss) could have happened while we were unlocked. */
2412
	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL ||
2413
	    lsta->ni != vap->iv_bss)
2414
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2415
		    "lvif_bss->ni %p synched %d, ni %p lsta %p\n", __func__, __LINE__,
2416
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2417
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2418
		    lvif->lvif_bss_synched, ni, lsta);
2419

2420
	/*
2421
	 * Reference the "ni" for caching the lsta/ni in lvif->lvif_bss.
2422
	 * Given we cache lsta we use lsta->ni instead of ni here (even though
2423
	 * lsta->ni == ni) to be distinct from the rest of the code where we do
2424
	 * assume that ni == vap->iv_bss which it may or may not be.
2425
	 * So do NOT use iv_bss here anymore as that may have diverged from our
2426
	 * function local ni already while ic was unlocked and would lead to
2427
	 * inconsistencies.  Go and see if we lost a race and do not update
2428
	 * lvif_bss_synched in that case.
2429
	 */
2430
	ieee80211_ref_node(lsta->ni);
2431
	lvif->lvif_bss = lsta;
2432
	if (lsta->ni == vap->iv_bss) {
2433
		lvif->lvif_bss_synched = synched = true;
2434
	} else {
2435
		/* Set to un-synched no matter what. */
2436
		lvif->lvif_bss_synched = synched = false;
2437
		/*
2438
		 * We do not error as someone has to take us down.
2439
		 * If we are followed by a 2nd, new net80211::join1() going to
2440
		 * AUTH lkpi_sta_a_to_a() will error, lkpi_sta_auth_to_{scan,init}()
2441
		 * will take the lvif->lvif_bss node down eventually.
2442
		 * What happens with the vap->iv_bss node will entirely be up
2443
		 * to net80211 as we never used the node beyond alloc()/free()
2444
		 * and we do not hold an extra reference for that anymore given
2445
		 * ni : lsta == 1:1.
2446
		 * Problem is if we do not error a MGMT/AUTH frame will be
2447
		 * sent from net80211::sta_newstate(); disable lsta queue below.
2448
		 */
2449
	}
2450
	LKPI_80211_LVIF_UNLOCK(lvif);
2451
	/*
2452
	 * Make sure in case the sta did not change and we re-added it,
2453
	 * that we can tx again but only if the vif/iv_bss are in sync.
2454
	 * Otherwise this should prevent the MGMT/AUTH frame from being
2455
	 * sent triggering a warning in iwlwifi.
2456
	 */
2457
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2458
	lsta->txq_ready = synched;
2459
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2460
	goto out_relocked;
2461

2462
out:
2463
	wiphy_unlock(hw->wiphy);
2464
	IEEE80211_LOCK(vap->iv_ic);
2465
out_relocked:
2466
	/*
2467
	 * Release the reference that kept the ni stable locally
2468
	 * during the work of this function.
2469
	 */
2470
	if (ni != NULL)
2471
		ieee80211_free_node(ni);
2472
	return (error);
2473
}
2474

2475
static int
2476
lkpi_sta_auth_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2477
{
2478
	struct lkpi_hw *lhw;
2479
	struct ieee80211_hw *hw;
2480
	struct lkpi_vif *lvif;
2481
	struct ieee80211_vif *vif;
2482
	struct ieee80211_node *ni;
2483
	struct lkpi_sta *lsta;
2484
	struct ieee80211_sta *sta;
2485
	struct ieee80211_prep_tx_info prep_tx_info;
2486
	enum ieee80211_bss_changed bss_changed;
2487
	int error;
2488

2489
	lhw = vap->iv_ic->ic_softc;
2490
	hw = LHW_TO_HW(lhw);
2491
	lvif = VAP_TO_LVIF(vap);
2492
	vif = LVIF_TO_VIF(lvif);
2493

2494
	LKPI_80211_LVIF_LOCK(lvif);
2495
#ifdef LINUXKPI_DEBUG_80211
2496
	/* XXX-BZ KASSERT later; state going down so no action. */
2497
	if (lvif->lvif_bss == NULL)
2498
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2499
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2500
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2501
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2502
		    lvif->lvif_bss_synched);
2503
#endif
2504

2505
	lsta = lvif->lvif_bss;
2506
	LKPI_80211_LVIF_UNLOCK(lvif);
2507
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
2508
	    "lvif %p vap %p\n", __func__,
2509
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
2510
	ni = lsta->ni;			/* Reference held for lvif_bss. */
2511
	sta = LSTA_TO_STA(lsta);
2512

2513
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2514

2515
	IEEE80211_UNLOCK(vap->iv_ic);
2516
	wiphy_lock(hw->wiphy);
2517

2518
	/* flush, drop. */
2519
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
2520

2521
	/* Wake tx queues to get packet(s) out. */
2522
	lkpi_wake_tx_queues(hw, sta, false, true);
2523

2524
	/* flush, no drop */
2525
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
2526

2527
	/* End mgd_complete_tx. */
2528
	if (lsta->in_mgd) {
2529
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2530
		prep_tx_info.success = false;
2531
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2532
		lsta->in_mgd = false;
2533
	}
2534

2535
	/* sync_rx_queues */
2536
	lkpi_80211_mo_sync_rx_queues(hw);
2537

2538
	/* sta_pre_rcu_remove */
2539
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
2540

2541
	/* Take the station down. */
2542

2543
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
2544
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2545
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2546
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
2547
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
2548
	if (error != 0) {
2549
		IMPROVE("do we need to undo the chan ctx?");
2550
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
2551
		    "failed: %d\n", __func__, __LINE__, error);
2552
		goto out;
2553
	}
2554
#if 0
2555
	lsta->added_to_drv = false;	/* mo manages. */
2556
#endif
2557

2558
	bss_changed = 0;
2559
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
2560
	bss_changed |= BSS_CHANGED_BEACON_INFO;
2561
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2562

2563
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2564

2565
	LKPI_80211_LVIF_LOCK(lvif);
2566
	/* Remove ni reference for this cache of lsta. */
2567
	lvif->lvif_bss = NULL;
2568
	lvif->lvif_bss_synched = false;
2569
	LKPI_80211_LVIF_UNLOCK(lvif);
2570
	lkpi_lsta_remove(lsta, lvif);
2571

2572
	/* conf_tx */
2573

2574
	lkpi_remove_chanctx(hw, vif);
2575

2576
out:
2577
	wiphy_unlock(hw->wiphy);
2578
	IEEE80211_LOCK(vap->iv_ic);
2579
	if (error == 0) {
2580
		/*
2581
		 * We do this outside the wiphy lock as net80211::node_free() may call
2582
		 * into crypto code to delete keys and we have a recursed on
2583
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
2584
		 *
2585
		 * The very last release the reference on the ni for the ni/lsta on
2586
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
2587
		 * and potentially freed.
2588
		 */
2589
		ieee80211_free_node(ni);
2590
	}
2591
	return (error);
2592
}
2593

2594
static int
2595
lkpi_sta_auth_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2596
{
2597
	int error;
2598

2599
	error = lkpi_sta_auth_to_scan(vap, nstate, arg);
2600
	if (error == 0)
2601
		error = lkpi_sta_scan_to_init(vap, nstate, arg);
2602
	return (error);
2603
}
2604

2605
static int
2606
lkpi_sta_auth_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2607
{
2608
	struct lkpi_hw *lhw;
2609
	struct ieee80211_hw *hw;
2610
	struct lkpi_vif *lvif;
2611
	struct ieee80211_vif *vif;
2612
	struct lkpi_sta *lsta;
2613
	struct ieee80211_prep_tx_info prep_tx_info;
2614
	int error;
2615

2616
	lhw = vap->iv_ic->ic_softc;
2617
	hw = LHW_TO_HW(lhw);
2618
	lvif = VAP_TO_LVIF(vap);
2619
	vif = LVIF_TO_VIF(lvif);
2620

2621
	IEEE80211_UNLOCK(vap->iv_ic);
2622
	wiphy_lock(hw->wiphy);
2623

2624
	LKPI_80211_LVIF_LOCK(lvif);
2625
	/* XXX-BZ KASSERT later? */
2626
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2627
#ifdef LINUXKPI_DEBUG_80211
2628
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2629
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2630
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2631
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2632
		    lvif->lvif_bss_synched);
2633
#endif
2634
		error = ENOTRECOVERABLE;
2635
		LKPI_80211_LVIF_UNLOCK(lvif);
2636
		goto out;
2637
	}
2638
	lsta = lvif->lvif_bss;
2639
	LKPI_80211_LVIF_UNLOCK(lvif);
2640

2641
	KASSERT(lsta != NULL, ("%s: lsta %p\n", __func__, lsta));
2642

2643
	/* Finish auth. */
2644
	IMPROVE("event callback");
2645

2646
	/* Update sta_state (NONE to AUTH). */
2647
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2648
	    "NONE: %#x\n", __func__, lsta, lsta->state));
2649
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
2650
	if (error != 0) {
2651
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
2652
		    "failed: %d\n", __func__, __LINE__, error);
2653
		goto out;
2654
	}
2655

2656
	/* End mgd_complete_tx. */
2657
	if (lsta->in_mgd) {
2658
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2659
		prep_tx_info.success = true;
2660
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2661
		lsta->in_mgd = false;
2662
	}
2663

2664
	/* Now start assoc. */
2665

2666
	/* Start mgd_prepare_tx. */
2667
	if (!lsta->in_mgd) {
2668
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2669
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2670
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2671
		lsta->in_mgd = true;
2672
	}
2673

2674
	/* Wake tx queue to get packet out. */
2675
	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, true);
2676

2677
	/*
2678
	 * <twiddle> .. we end up in "assoc_to_run"
2679
	 * - update sta_state (AUTH to ASSOC)
2680
	 * - conf_tx [all]
2681
	 * - bss_info_changed (assoc, aid, ssid, ..)
2682
	 * - change_chanctx (if needed)
2683
	 * - event_callback
2684
	 * - mgd_complete_tx
2685
	 */
2686

2687
out:
2688
	wiphy_unlock(hw->wiphy);
2689
	IEEE80211_LOCK(vap->iv_ic);
2690
	return (error);
2691
}
2692

2693
/* auth_to_auth, assoc_to_assoc. */
2694
static int
2695
lkpi_sta_a_to_a(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2696
{
2697
	struct lkpi_hw *lhw;
2698
	struct ieee80211_hw *hw;
2699
	struct lkpi_vif *lvif;
2700
	struct ieee80211_vif *vif;
2701
	struct lkpi_sta *lsta;
2702
	struct ieee80211_prep_tx_info prep_tx_info;
2703
	int error;
2704

2705
	lhw = vap->iv_ic->ic_softc;
2706
	hw = LHW_TO_HW(lhw);
2707
	lvif = VAP_TO_LVIF(vap);
2708
	vif = LVIF_TO_VIF(lvif);
2709

2710
	IEEE80211_UNLOCK(vap->iv_ic);
2711
	wiphy_lock(hw->wiphy);
2712

2713
	LKPI_80211_LVIF_LOCK(lvif);
2714
	/* XXX-BZ KASSERT later? */
2715
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2716
#ifdef LINUXKPI_DEBUG_80211
2717
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2718
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2719
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2720
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2721
		    lvif->lvif_bss_synched);
2722
#endif
2723
		LKPI_80211_LVIF_UNLOCK(lvif);
2724
		error = ENOTRECOVERABLE;
2725
		goto out;
2726
	}
2727
	lsta = lvif->lvif_bss;
2728
	LKPI_80211_LVIF_UNLOCK(lvif);
2729

2730
	KASSERT(lsta != NULL, ("%s: lsta %p! lvif %p vap %p\n", __func__,
2731
	    lsta, lvif, vap));
2732

2733
	IMPROVE("event callback?");
2734

2735
	/* End mgd_complete_tx. */
2736
	if (lsta->in_mgd) {
2737
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2738
		prep_tx_info.success = false;
2739
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2740
		lsta->in_mgd = false;
2741
	}
2742

2743
	/* Now start assoc. */
2744

2745
	/* Start mgd_prepare_tx. */
2746
	if (!lsta->in_mgd) {
2747
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2748
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2749
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2750
		lsta->in_mgd = true;
2751
	}
2752

2753
	error = 0;
2754
out:
2755
	wiphy_unlock(hw->wiphy);
2756
	IEEE80211_LOCK(vap->iv_ic);
2757

2758
	return (error);
2759
}
2760

2761
static int
2762
_lkpi_sta_assoc_to_down(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2763
{
2764
	struct lkpi_hw *lhw;
2765
	struct ieee80211_hw *hw;
2766
	struct lkpi_vif *lvif;
2767
	struct ieee80211_vif *vif;
2768
	struct ieee80211_node *ni;
2769
	struct lkpi_sta *lsta;
2770
	struct ieee80211_sta *sta;
2771
	struct ieee80211_prep_tx_info prep_tx_info;
2772
	enum ieee80211_bss_changed bss_changed;
2773
	int error;
2774

2775
	lhw = vap->iv_ic->ic_softc;
2776
	hw = LHW_TO_HW(lhw);
2777
	lvif = VAP_TO_LVIF(vap);
2778
	vif = LVIF_TO_VIF(lvif);
2779

2780
	IEEE80211_UNLOCK(vap->iv_ic);
2781
	wiphy_lock(hw->wiphy);
2782

2783
	LKPI_80211_LVIF_LOCK(lvif);
2784
#ifdef LINUXKPI_DEBUG_80211
2785
	/* XXX-BZ KASSERT later; state going down so no action. */
2786
	if (lvif->lvif_bss == NULL)
2787
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2788
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2789
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2790
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2791
		    lvif->lvif_bss_synched);
2792
#endif
2793
	lsta = lvif->lvif_bss;
2794
	LKPI_80211_LVIF_UNLOCK(lvif);
2795
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
2796
	    "lvif %p vap %p\n", __func__,
2797
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
2798

2799
	ni = lsta->ni;		/* Reference held for lvif_bss. */
2800
	sta = LSTA_TO_STA(lsta);
2801

2802
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2803

2804
	/* flush, drop. */
2805
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
2806

2807
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
2808
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
2809
	    !lsta->in_mgd) {
2810
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2811
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2812
		prep_tx_info.was_assoc = true;
2813
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2814
		lsta->in_mgd = true;
2815
	}
2816

2817
	wiphy_unlock(hw->wiphy);
2818
	IEEE80211_LOCK(vap->iv_ic);
2819

2820
	/* Call iv_newstate first so we get potential DEAUTH packet out. */
2821
	error = lvif->iv_newstate(vap, nstate, arg);
2822
	if (error != 0) {
2823
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
2824
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
2825
		goto outni;
2826
	}
2827

2828
	IEEE80211_UNLOCK(vap->iv_ic);
2829

2830
	/* Ensure the packets get out. */
2831
	lkpi_80211_flush_tx(lhw, lsta);
2832

2833
	wiphy_lock(hw->wiphy);
2834

2835
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2836

2837
	/* Wake tx queues to get packet(s) out. */
2838
	lkpi_wake_tx_queues(hw, sta, false, true);
2839

2840
	/* flush, no drop */
2841
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
2842

2843
	/* End mgd_complete_tx. */
2844
	if (lsta->in_mgd) {
2845
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2846
		prep_tx_info.success = false;
2847
		prep_tx_info.was_assoc = true;
2848
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2849
		lsta->in_mgd = false;
2850
	}
2851

2852
	/* sync_rx_queues */
2853
	lkpi_80211_mo_sync_rx_queues(hw);
2854

2855
	/* sta_pre_rcu_remove */
2856
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
2857

2858
	/* Take the station down. */
2859

2860
	/* Update sta and change state (from AUTH) to NONE. */
2861
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2862
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
2863
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
2864
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
2865
	if (error != 0) {
2866
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
2867
		    "failed: %d\n", __func__, __LINE__, error);
2868
		goto out;
2869
	}
2870

2871
	/* See comment in lkpi_sta_run_to_init(). */
2872
	bss_changed = 0;
2873
	bss_changed |= lkpi_disassoc(sta, vif, lhw);
2874

2875
#ifdef LKPI_80211_HW_CRYPTO
2876
	/*
2877
	 * In theory we remove keys here but there must not exist any for this
2878
	 * state change until we clean them up again into small steps and no
2879
	 * code duplication.
2880
	 */
2881
#endif
2882

2883
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2884

2885
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
2886
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2887
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2888
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
2889
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
2890
	if (error != 0) {
2891
		IMPROVE("do we need to undo the chan ctx?");
2892
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
2893
		    "failed: %d\n", __func__, __LINE__, error);
2894
		goto out;
2895
	}
2896

2897
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);	/* sta no longer save to use. */
2898

2899
	IMPROVE("Any bss_info changes to announce?");
2900
	vif->bss_conf.qos = 0;
2901
	bss_changed |= BSS_CHANGED_QOS;
2902
	vif->cfg.ssid_len = 0;
2903
	memset(vif->cfg.ssid, '\0', sizeof(vif->cfg.ssid));
2904
	bss_changed |= BSS_CHANGED_BSSID;
2905
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
2906
	bss_changed |= BSS_CHANGED_BEACON_INFO;
2907
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2908

2909
	LKPI_80211_LVIF_LOCK(lvif);
2910
	/* Remove ni reference for this cache of lsta. */
2911
	lvif->lvif_bss = NULL;
2912
	lvif->lvif_bss_synched = false;
2913
	LKPI_80211_LVIF_UNLOCK(lvif);
2914
	lkpi_lsta_remove(lsta, lvif);
2915

2916
	/* conf_tx */
2917

2918
	lkpi_remove_chanctx(hw, vif);
2919

2920
	error = EALREADY;
2921
out:
2922
	wiphy_unlock(hw->wiphy);
2923
	IEEE80211_LOCK(vap->iv_ic);
2924
	if (error == EALREADY) {
2925
		/*
2926
		 * We do this outside the wiphy lock as net80211::node_free() may call
2927
		 * into crypto code to delete keys and we have a recursed on
2928
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
2929
		 *
2930
		 * The very last release the reference on the ni for the ni/lsta on
2931
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
2932
		 * and potentially freed.
2933
		 */
2934
		ieee80211_free_node(ni);
2935
	}
2936
outni:
2937
	return (error);
2938
}
2939

2940
static int
2941
lkpi_sta_assoc_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2942
{
2943
	int error;
2944

2945
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
2946
	if (error != 0 && error != EALREADY)
2947
		return (error);
2948

2949
	/* At this point iv_bss is long a new node! */
2950

2951
	error |= lkpi_sta_scan_to_auth(vap, nstate, 0);
2952
	return (error);
2953
}
2954

2955
static int
2956
lkpi_sta_assoc_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2957
{
2958
	int error;
2959

2960
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
2961
	return (error);
2962
}
2963

2964
static int
2965
lkpi_sta_assoc_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2966
{
2967
	int error;
2968

2969
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
2970
	return (error);
2971
}
2972

2973
static int
2974
lkpi_sta_assoc_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2975
{
2976
	struct lkpi_hw *lhw;
2977
	struct ieee80211_hw *hw;
2978
	struct lkpi_vif *lvif;
2979
	struct ieee80211_vif *vif;
2980
	struct ieee80211_node *ni;
2981
	struct lkpi_sta *lsta;
2982
	struct ieee80211_sta *sta;
2983
	struct ieee80211_prep_tx_info prep_tx_info;
2984
	enum ieee80211_bss_changed bss_changed;
2985
	int error;
2986

2987
	lhw = vap->iv_ic->ic_softc;
2988
	hw = LHW_TO_HW(lhw);
2989
	lvif = VAP_TO_LVIF(vap);
2990
	vif = LVIF_TO_VIF(lvif);
2991

2992
	IEEE80211_UNLOCK(vap->iv_ic);
2993
	wiphy_lock(hw->wiphy);
2994

2995
	LKPI_80211_LVIF_LOCK(lvif);
2996
	/* XXX-BZ KASSERT later? */
2997
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2998
#ifdef LINUXKPI_DEBUG_80211
2999
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3000
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3001
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3002
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3003
		    lvif->lvif_bss_synched);
3004
#endif
3005
		LKPI_80211_LVIF_UNLOCK(lvif);
3006
		error = ENOTRECOVERABLE;
3007
		goto out;
3008
	}
3009
	lsta = lvif->lvif_bss;
3010
	LKPI_80211_LVIF_UNLOCK(lvif);
3011
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3012
	    "lvif %p vap %p\n", __func__,
3013
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3014

3015
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3016

3017
	IMPROVE("ponder some of this moved to ic_newassoc, scan_assoc_success, "
3018
	    "and to lesser extend ieee80211_notify_node_join");
3019

3020
	/* Finish assoc. */
3021
	/* Update sta_state (AUTH to ASSOC) and set aid. */
3022
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
3023
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
3024
	sta = LSTA_TO_STA(lsta);
3025
	sta->aid = IEEE80211_NODE_AID(ni);
3026
#ifdef LKPI_80211_WME
3027
	if (vap->iv_flags & IEEE80211_F_WME)
3028
		sta->wme = true;
3029
#endif
3030
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3031
	if (error != 0) {
3032
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3033
		    "failed: %d\n", __func__, __LINE__, error);
3034
		goto out;
3035
	}
3036

3037
	IMPROVE("wme / conf_tx [all]");
3038

3039
	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
3040
	bss_changed = 0;
3041
#ifdef LKPI_80211_WME
3042
	bss_changed |= lkpi_wme_update(lhw, vap, true);
3043
#endif
3044
	if (!vif->cfg.assoc || vif->cfg.aid != IEEE80211_NODE_AID(ni)) {
3045
		lvif->beacons = 0;
3046
		vif->cfg.assoc = true;
3047
		vif->cfg.aid = IEEE80211_NODE_AID(ni);
3048
		bss_changed |= BSS_CHANGED_ASSOC;
3049
	}
3050
	/* We set SSID but this is not BSSID! */
3051
	vif->cfg.ssid_len = ni->ni_esslen;
3052
	memcpy(vif->cfg.ssid, ni->ni_essid, ni->ni_esslen);
3053
	if ((vap->iv_flags & IEEE80211_F_SHPREAMBLE) !=
3054
	    vif->bss_conf.use_short_preamble) {
3055
		vif->bss_conf.use_short_preamble ^= 1;
3056
		/* bss_changed |= BSS_CHANGED_??? */
3057
	}
3058
	if ((vap->iv_flags & IEEE80211_F_SHSLOT) !=
3059
	    vif->bss_conf.use_short_slot) {
3060
		vif->bss_conf.use_short_slot ^= 1;
3061
		/* bss_changed |= BSS_CHANGED_??? */
3062
	}
3063
	if ((ni->ni_flags & IEEE80211_NODE_QOS) !=
3064
	    vif->bss_conf.qos) {
3065
		vif->bss_conf.qos ^= 1;
3066
		bss_changed |= BSS_CHANGED_QOS;
3067
	}
3068

3069
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
3070
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3071

3072
	/* - change_chanctx (if needed)
3073
	 * - event_callback
3074
	 */
3075

3076
	/* End mgd_complete_tx. */
3077
	if (lsta->in_mgd) {
3078
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3079
		prep_tx_info.success = true;
3080
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3081
		lsta->in_mgd = false;
3082
	}
3083

3084
	lkpi_hw_conf_idle(hw, false);
3085

3086
	/*
3087
	 * And then:
3088
	 * - (more packets)?
3089
	 * - set_key
3090
	 * - set_default_unicast_key
3091
	 * - set_key (?)
3092
	 * - ipv6_addr_change (?)
3093
	 */
3094

3095
	if (!ieee80211_node_is_authorized(ni)) {
3096
		IMPROVE("net80211 does not consider node authorized");
3097
	}
3098

3099
	IMPROVE("Is this the right spot, has net80211 done all updates already?");
3100
	lkpi_sta_sync_from_ni(hw, vif, sta, ni, true);
3101

3102
	/* Update thresholds. */
3103
	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
3104
	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
3105
	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
3106
	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
3107

3108
	/* Update sta_state (ASSOC to AUTHORIZED). */
3109
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3110
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3111
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3112
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTHORIZED);
3113
	if (error != 0) {
3114
		IMPROVE("undo some changes?");
3115
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTHORIZED) "
3116
		    "failed: %d\n", __func__, __LINE__, error);
3117
		goto out;
3118
	}
3119

3120
	/* - drv_config (?)
3121
	 * - bss_info_changed
3122
	 * - set_rekey_data (?)
3123
	 *
3124
	 * And now we should be passing packets.
3125
	 */
3126
	IMPROVE("Need that bssid setting, and the keys");
3127

3128
	bss_changed = 0;
3129
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
3130
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3131

3132
	/* Prepare_multicast && configure_filter. */
3133
	lkpi_update_mcast_filter(vap->iv_ic);
3134

3135
out:
3136
	wiphy_unlock(hw->wiphy);
3137
	IEEE80211_LOCK(vap->iv_ic);
3138
	return (error);
3139
}
3140

3141
static int
3142
lkpi_sta_auth_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3143
{
3144
	int error;
3145

3146
	error = lkpi_sta_auth_to_assoc(vap, nstate, arg);
3147
	if (error == 0)
3148
		error = lkpi_sta_assoc_to_run(vap, nstate, arg);
3149
	return (error);
3150
}
3151

3152
static int
3153
lkpi_sta_run_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3154
{
3155
	struct lkpi_hw *lhw;
3156
	struct ieee80211_hw *hw;
3157
	struct lkpi_vif *lvif;
3158
	struct ieee80211_vif *vif;
3159
	struct ieee80211_node *ni;
3160
	struct lkpi_sta *lsta;
3161
	struct ieee80211_sta *sta;
3162
	struct ieee80211_prep_tx_info prep_tx_info;
3163
#if 0
3164
	enum ieee80211_bss_changed bss_changed;
3165
#endif
3166
	int error;
3167

3168
	lhw = vap->iv_ic->ic_softc;
3169
	hw = LHW_TO_HW(lhw);
3170
	lvif = VAP_TO_LVIF(vap);
3171
	vif = LVIF_TO_VIF(lvif);
3172

3173
	LKPI_80211_LVIF_LOCK(lvif);
3174
#ifdef LINUXKPI_DEBUG_80211
3175
	/* XXX-BZ KASSERT later; state going down so no action. */
3176
	if (lvif->lvif_bss == NULL)
3177
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3178
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3179
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3180
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3181
		    lvif->lvif_bss_synched);
3182
#endif
3183
	lsta = lvif->lvif_bss;
3184
	LKPI_80211_LVIF_UNLOCK(lvif);
3185
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3186
	    "lvif %p vap %p\n", __func__,
3187
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3188

3189
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3190
	sta = LSTA_TO_STA(lsta);
3191

3192
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3193

3194
	IEEE80211_UNLOCK(vap->iv_ic);
3195
	wiphy_lock(hw->wiphy);
3196

3197
	/* flush, drop. */
3198
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3199

3200
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
3201
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
3202
	    !lsta->in_mgd) {
3203
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3204
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
3205
		prep_tx_info.was_assoc = true;
3206
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3207
		lsta->in_mgd = true;
3208
	}
3209

3210
	wiphy_unlock(hw->wiphy);
3211
	IEEE80211_LOCK(vap->iv_ic);
3212

3213
	/* Call iv_newstate first so we get potential DISASSOC packet out. */
3214
	error = lvif->iv_newstate(vap, nstate, arg);
3215
	if (error != 0) {
3216
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
3217
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
3218
		goto outni;
3219
	}
3220

3221
	IEEE80211_UNLOCK(vap->iv_ic);
3222

3223
	/* Ensure the packets get out. */
3224
	lkpi_80211_flush_tx(lhw, lsta);
3225

3226
	wiphy_lock(hw->wiphy);
3227

3228
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3229

3230
	/* Wake tx queues to get packet(s) out. */
3231
	lkpi_wake_tx_queues(hw, sta, false, true);
3232

3233
	/* flush, no drop */
3234
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3235

3236
	/* End mgd_complete_tx. */
3237
	if (lsta->in_mgd) {
3238
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3239
		prep_tx_info.success = false;
3240
		prep_tx_info.was_assoc = true;
3241
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3242
		lsta->in_mgd = false;
3243
	}
3244

3245
#if 0
3246
	/* sync_rx_queues */
3247
	lkpi_80211_mo_sync_rx_queues(hw);
3248

3249
	/* sta_pre_rcu_remove */
3250
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3251
#endif
3252

3253
	/* Take the station down. */
3254

3255
	/* Adjust sta and change state (from AUTHORIZED) to ASSOC. */
3256
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3257
	KASSERT(lsta->state == IEEE80211_STA_AUTHORIZED, ("%s: lsta %p state not "
3258
	    "AUTHORIZED: %#x\n", __func__, lsta, lsta->state));
3259
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3260
	if (error != 0) {
3261
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3262
		    "failed: %d\n", __func__, __LINE__, error);
3263
		goto out;
3264
	}
3265

3266
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3267

3268
#ifdef LKPI_80211_HW_CRYPTO
3269
	if (lkpi_hwcrypto) {
3270
		error = lkpi_sta_del_keys(hw, vif, lsta);
3271
		if (error != 0) {
3272
			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3273
			    "failed: %d\n", __func__, __LINE__, error);
3274
			/*
3275
			 * Either drv/fw will crash or cleanup itself,
3276
			 * otherwise net80211 will delete the keys (at a
3277
			 * less appropriate time).
3278
			 */
3279
			/* goto out; */
3280
		}
3281
	}
3282
#endif
3283

3284
	/* Update sta_state (ASSOC to AUTH). */
3285
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3286
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3287
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3288
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
3289
	if (error != 0) {
3290
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
3291
		    "failed: %d\n", __func__, __LINE__, error);
3292
		goto out;
3293
	}
3294

3295
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3296

3297
#if 0
3298
	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
3299
	lkpi_disassoc(sta, vif, lhw);
3300
#endif
3301

3302
	error = EALREADY;
3303
out:
3304
	wiphy_unlock(hw->wiphy);
3305
	IEEE80211_LOCK(vap->iv_ic);
3306
outni:
3307
	return (error);
3308
}
3309

3310
static int
3311
lkpi_sta_run_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3312
{
3313
	struct lkpi_hw *lhw;
3314
	struct ieee80211_hw *hw;
3315
	struct lkpi_vif *lvif;
3316
	struct ieee80211_vif *vif;
3317
	struct ieee80211_node *ni;
3318
	struct lkpi_sta *lsta;
3319
	struct ieee80211_sta *sta;
3320
	struct ieee80211_prep_tx_info prep_tx_info;
3321
	enum ieee80211_bss_changed bss_changed;
3322
	int error;
3323

3324
	lhw = vap->iv_ic->ic_softc;
3325
	hw = LHW_TO_HW(lhw);
3326
	lvif = VAP_TO_LVIF(vap);
3327
	vif = LVIF_TO_VIF(lvif);
3328

3329
	IEEE80211_UNLOCK(vap->iv_ic);
3330
	wiphy_lock(hw->wiphy);
3331

3332
	LKPI_80211_LVIF_LOCK(lvif);
3333
#ifdef LINUXKPI_DEBUG_80211
3334
	/* XXX-BZ KASSERT later; state going down so no action. */
3335
	if (lvif->lvif_bss == NULL)
3336
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3337
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3338
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3339
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3340
		    lvif->lvif_bss_synched);
3341
#endif
3342
	lsta = lvif->lvif_bss;
3343
	LKPI_80211_LVIF_UNLOCK(lvif);
3344
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3345
	    "lvif %p vap %p\n", __func__,
3346
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3347

3348
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3349
	sta = LSTA_TO_STA(lsta);
3350

3351
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3352

3353
	/* flush, drop. */
3354
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3355

3356
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
3357
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
3358
	    !lsta->in_mgd) {
3359
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3360
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
3361
		prep_tx_info.was_assoc = true;
3362
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3363
		lsta->in_mgd = true;
3364
	}
3365

3366
	wiphy_unlock(hw->wiphy);
3367
	IEEE80211_LOCK(vap->iv_ic);
3368

3369
	/* Call iv_newstate first so we get potential DISASSOC packet out. */
3370
	error = lvif->iv_newstate(vap, nstate, arg);
3371
	if (error != 0) {
3372
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
3373
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
3374
		goto outni;
3375
	}
3376

3377
	IEEE80211_UNLOCK(vap->iv_ic);
3378

3379
	/* Ensure the packets get out. */
3380
	lkpi_80211_flush_tx(lhw, lsta);
3381

3382
	wiphy_lock(hw->wiphy);
3383

3384
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3385

3386
	/* Wake tx queues to get packet(s) out. */
3387
	lkpi_wake_tx_queues(hw, sta, false, true);
3388

3389
	/* flush, no drop */
3390
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3391

3392
	/* End mgd_complete_tx. */
3393
	if (lsta->in_mgd) {
3394
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3395
		prep_tx_info.success = false;
3396
		prep_tx_info.was_assoc = true;
3397
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3398
		lsta->in_mgd = false;
3399
	}
3400

3401
	/* sync_rx_queues */
3402
	lkpi_80211_mo_sync_rx_queues(hw);
3403

3404
	/* sta_pre_rcu_remove */
3405
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3406

3407
	/* Take the station down. */
3408

3409
	/* Adjust sta and change state (from AUTHORIZED) to ASSOC. */
3410
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3411
	KASSERT(lsta->state == IEEE80211_STA_AUTHORIZED, ("%s: lsta %p state not "
3412
	    "AUTHORIZED: %#x\n", __func__, lsta, lsta->state));
3413
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3414
	if (error != 0) {
3415
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3416
		    "failed: %d\n", __func__, __LINE__, error);
3417
		goto out;
3418
	}
3419

3420
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3421

3422
#ifdef LKPI_80211_HW_CRYPTO
3423
	if (lkpi_hwcrypto) {
3424
		/*
3425
		 * In theory we only need to do this if we changed assoc.
3426
		 * If we were not assoc, there should be no keys and we
3427
		 * should not be here.
3428
		 */
3429
#ifdef notyet
3430
		KASSERT((bss_changed & BSS_CHANGED_ASSOC) != 0, ("%s: "
3431
		    "trying to remove keys but were not assoc: %#010jx, lvif %p\n",
3432
		    __func__, (uintmax_t)bss_changed, lvif));
3433
#endif
3434
		error = lkpi_sta_del_keys(hw, vif, lsta);
3435
		if (error != 0) {
3436
			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3437
			    "failed: %d\n", __func__, __LINE__, error);
3438
			/*
3439
			 * Either drv/fw will crash or cleanup itself,
3440
			 * otherwise net80211 will delete the keys (at a
3441
			 * less appropriate time).
3442
			 */
3443
			/* goto out; */
3444
		}
3445
	}
3446
#endif
3447

3448
	/* Update sta_state (ASSOC to AUTH). */
3449
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3450
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3451
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3452
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
3453
	if (error != 0) {
3454
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
3455
		    "failed: %d\n", __func__, __LINE__, error);
3456
		goto out;
3457
	}
3458

3459
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3460

3461
	/* Update sta and change state (from AUTH) to NONE. */
3462
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3463
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
3464
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
3465
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
3466
	if (error != 0) {
3467
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
3468
		    "failed: %d\n", __func__, __LINE__, error);
3469
		goto out;
3470
	}
3471

3472
	bss_changed = 0;
3473
	/*
3474
	 * Start updating bss info (bss_info_changed) (assoc, aid, ..).
3475
	 *
3476
	 * One would expect this to happen when going off AUTHORIZED.
3477
	 * See comment there; removes the sta from fw if not careful
3478
	 * (bss_info_changed() change is executed right away).
3479
	 *
3480
	 * We need to do this now, before sta changes to IEEE80211_STA_NOTEXIST
3481
	 * as otherwise drivers (iwlwifi at least) will silently not remove
3482
	 * the sta from the firmware and when we will add a new one trigger
3483
	 * a fw assert.
3484
	 *
3485
	 * The order which works best so far avoiding early removal or silent
3486
	 * non-removal seems to be (for iwlwifi::mld-mac80211.c cases;
3487
	 * the iwlwifi:mac80211.c case still to be tested):
3488
	 * 1) lkpi_disassoc(): set vif->cfg.assoc = false (aid=0 side effect here)
3489
	 * 2) call the last sta_state update -> IEEE80211_STA_NOTEXIST
3490
	 *    (removes the sta given assoc is false)
3491
	 * 3) add the remaining BSS_CHANGED changes and call bss_info_changed()
3492
	 * 4) call unassign_vif_chanctx
3493
	 * 5) call lkpi_hw_conf_idle
3494
	 * 6) call remove_chanctx
3495
	 *
3496
	 * Note: vif->driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC
3497
	 * might change this.
3498
	 */
3499
	bss_changed |= lkpi_disassoc(sta, vif, lhw);
3500

3501
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3502

3503
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
3504
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3505
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
3506
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
3507
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
3508
	if (error != 0) {
3509
		IMPROVE("do we need to undo the chan ctx?");
3510
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
3511
		    "failed: %d\n", __func__, __LINE__, error);
3512
		goto out;
3513
	}
3514

3515
	lkpi_lsta_remove(lsta, lvif);
3516

3517
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);	/* sta no longer save to use. */
3518

3519
	IMPROVE("Any bss_info changes to announce?");
3520
	vif->bss_conf.qos = 0;
3521
	bss_changed |= BSS_CHANGED_QOS;
3522
	vif->cfg.ssid_len = 0;
3523
	memset(vif->cfg.ssid, '\0', sizeof(vif->cfg.ssid));
3524
	bss_changed |= BSS_CHANGED_BSSID;
3525
	vif->bss_conf.use_short_preamble = false;
3526
	vif->bss_conf.qos = false;
3527
	/* XXX BSS_CHANGED_???? */
3528
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
3529
	bss_changed |= BSS_CHANGED_BEACON_INFO;
3530
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3531

3532
	LKPI_80211_LVIF_LOCK(lvif);
3533
	/* Remove ni reference for this cache of lsta. */
3534
	lvif->lvif_bss = NULL;
3535
	lvif->lvif_bss_synched = false;
3536
	LKPI_80211_LVIF_UNLOCK(lvif);
3537

3538
	/* conf_tx */
3539

3540
	lkpi_remove_chanctx(hw, vif);
3541

3542
	error = EALREADY;
3543
out:
3544
	wiphy_unlock(hw->wiphy);
3545
	IEEE80211_LOCK(vap->iv_ic);
3546
	if (error == EALREADY) {
3547
		/*
3548
		 * We do this outside the wiphy lock as net80211::node_free() may call
3549
		 * into crypto code to delete keys and we have a recursed on
3550
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
3551
		 *
3552
		 * The very last release the reference on the ni for the ni/lsta on
3553
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
3554
		 * and potentially freed.
3555
		 */
3556
		ieee80211_free_node(ni);
3557
	}
3558
outni:
3559
	return (error);
3560
}
3561

3562
static int
3563
lkpi_sta_run_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3564
{
3565

3566
	return (lkpi_sta_run_to_init(vap, nstate, arg));
3567
}
3568

3569
static int
3570
lkpi_sta_run_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3571
{
3572
	int error;
3573

3574
	error = lkpi_sta_run_to_init(vap, nstate, arg);
3575
	if (error != 0 && error != EALREADY)
3576
		return (error);
3577

3578
	/* At this point iv_bss is long a new node! */
3579

3580
	error |= lkpi_sta_scan_to_auth(vap, nstate, 0);
3581
	return (error);
3582
}
3583

3584
/* -------------------------------------------------------------------------- */
3585

3586
/*
3587
 * The matches the documented state changes in net80211::sta_newstate().
3588
 * XXX (1) without CSA and SLEEP yet, * XXX (2) not all unhandled cases
3589
 * there are "invalid" (so there is a room for failure here).
3590
 */
3591
struct fsm_state {
3592
	/* INIT, SCAN, AUTH, ASSOC, CAC, RUN, CSA, SLEEP */
3593
	enum ieee80211_state ostate;
3594
	enum ieee80211_state nstate;
3595
	int (*handler)(struct ieee80211vap *, enum ieee80211_state, int);
3596
} sta_state_fsm[] = {
3597
	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },
3598
	{ IEEE80211_S_SCAN,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },	/* scan_to_init */
3599
	{ IEEE80211_S_AUTH,	IEEE80211_S_INIT, lkpi_sta_auth_to_init },	/* not explicitly in sta_newstate() */
3600
	{ IEEE80211_S_ASSOC,	IEEE80211_S_INIT, lkpi_sta_assoc_to_init },	/* Send DEAUTH. */
3601
	{ IEEE80211_S_RUN,	IEEE80211_S_INIT, lkpi_sta_run_to_init },	/* Send DISASSOC. */
3602

3603
	{ IEEE80211_S_INIT,	IEEE80211_S_SCAN, lkpi_sta_state_do_nada },
3604
	{ IEEE80211_S_SCAN,	IEEE80211_S_SCAN, lkpi_sta_state_do_nada },
3605
	{ IEEE80211_S_AUTH,	IEEE80211_S_SCAN, lkpi_sta_auth_to_scan },
3606
	{ IEEE80211_S_ASSOC,	IEEE80211_S_SCAN, lkpi_sta_assoc_to_scan },
3607
	{ IEEE80211_S_RUN,	IEEE80211_S_SCAN, lkpi_sta_run_to_scan },	/* Beacon miss. */
3608

3609
	{ IEEE80211_S_INIT,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* Send AUTH. */
3610
	{ IEEE80211_S_SCAN,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* Send AUTH. */
3611
	{ IEEE80211_S_AUTH,	IEEE80211_S_AUTH, lkpi_sta_a_to_a },		/* Send ?AUTH. */
3612
	{ IEEE80211_S_ASSOC,	IEEE80211_S_AUTH, lkpi_sta_assoc_to_auth },	/* Send ?AUTH. */
3613
	{ IEEE80211_S_RUN,	IEEE80211_S_AUTH, lkpi_sta_run_to_auth },	/* Send ?AUTH. */
3614

3615
	{ IEEE80211_S_AUTH,	IEEE80211_S_ASSOC, lkpi_sta_auth_to_assoc },	/* Send ASSOCREQ. */
3616
	{ IEEE80211_S_ASSOC,	IEEE80211_S_ASSOC, lkpi_sta_a_to_a },		/* Send ASSOCREQ. */
3617
	{ IEEE80211_S_RUN,	IEEE80211_S_ASSOC, lkpi_sta_run_to_assoc },	/* Send ASSOCREQ/REASSOCREQ. */
3618

3619
	{ IEEE80211_S_AUTH,	IEEE80211_S_RUN, lkpi_sta_auth_to_run },
3620
	{ IEEE80211_S_ASSOC,	IEEE80211_S_RUN, lkpi_sta_assoc_to_run },
3621
	{ IEEE80211_S_RUN,	IEEE80211_S_RUN, lkpi_sta_state_do_nada },
3622

3623
	/* Dummy at the end without handler. */
3624
	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, NULL },
3625
};
3626

3627
static int
3628
lkpi_iv_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3629
{
3630
	struct ieee80211com *ic;
3631
	struct lkpi_hw *lhw;
3632
	struct lkpi_vif *lvif;
3633
	struct ieee80211_vif *vif;
3634
	struct fsm_state *s;
3635
	enum ieee80211_state ostate;
3636
	int error;
3637

3638
	ic = vap->iv_ic;
3639
	IEEE80211_LOCK_ASSERT(ic);
3640
	ostate = vap->iv_state;
3641

3642
#ifdef LINUXKPI_DEBUG_80211
3643
	if (linuxkpi_debug_80211 & D80211_TRACE)
3644
		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x\n",
3645
		    __func__, __LINE__, vap, nstate, arg);
3646
#endif
3647

3648
	if (vap->iv_opmode == IEEE80211_M_STA) {
3649

3650
		lhw = ic->ic_softc;
3651
		lvif = VAP_TO_LVIF(vap);
3652
		vif = LVIF_TO_VIF(lvif);
3653

3654
		/* No need to replicate this in most state handlers. */
3655
		if (nstate > IEEE80211_S_SCAN)
3656
			lkpi_stop_hw_scan(lhw, vif);
3657

3658
		s = sta_state_fsm;
3659

3660
	} else {
3661
		ic_printf(vap->iv_ic, "%s: only station mode currently supported: "
3662
		    "cap %p iv_opmode %d\n", __func__, vap, vap->iv_opmode);
3663
		return (ENOSYS);
3664
	}
3665

3666
	error = 0;
3667
	for (; s->handler != NULL; s++) {
3668
		if (ostate == s->ostate && nstate == s->nstate) {
3669
#ifdef LINUXKPI_DEBUG_80211
3670
			if (linuxkpi_debug_80211 & D80211_TRACE)
3671
				ic_printf(vap->iv_ic, "%s: new state %d (%s) ->"
3672
				    " %d (%s): arg %d.\n", __func__,
3673
				    ostate, ieee80211_state_name[ostate],
3674
				    nstate, ieee80211_state_name[nstate], arg);
3675
#endif
3676
			error = s->handler(vap, nstate, arg);
3677
			break;
3678
		}
3679
	}
3680
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3681

3682
	if (s->handler == NULL) {
3683
		IMPROVE("turn this into a KASSERT\n");
3684
		ic_printf(vap->iv_ic, "%s: unsupported state transition "
3685
		    "%d (%s) -> %d (%s)\n", __func__,
3686
		    ostate, ieee80211_state_name[ostate],
3687
		    nstate, ieee80211_state_name[nstate]);
3688
		return (ENOSYS);
3689
	}
3690

3691
	if (error == EALREADY) {
3692
#ifdef LINUXKPI_DEBUG_80211
3693
		if (linuxkpi_debug_80211 & D80211_TRACE)
3694
			ic_printf(vap->iv_ic, "%s: state transition %d (%s) -> "
3695
			    "%d (%s): iv_newstate already handled: %d.\n",
3696
			    __func__, ostate, ieee80211_state_name[ostate],
3697
			    nstate, ieee80211_state_name[nstate], error);
3698
#endif
3699
		return (0);
3700
	}
3701

3702
	if (error != 0) {
3703
		ic_printf(vap->iv_ic, "%s: error %d during state transition "
3704
		    "%d (%s) -> %d (%s)\n", __func__, error,
3705
		    ostate, ieee80211_state_name[ostate],
3706
		    nstate, ieee80211_state_name[nstate]);
3707
		return (error);
3708
	}
3709

3710
#ifdef LINUXKPI_DEBUG_80211
3711
	if (linuxkpi_debug_80211 & D80211_TRACE)
3712
		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x "
3713
		    "calling net80211 parent\n",
3714
		    __func__, __LINE__, vap, nstate, arg);
3715
#endif
3716

3717
	return (lvif->iv_newstate(vap, nstate, arg));
3718
}
3719

3720
/* -------------------------------------------------------------------------- */
3721

3722
/*
3723
 * We overload (*iv_update_bss) as otherwise we have cases in, e.g.,
3724
 * net80211::ieee80211_sta_join1() where vap->iv_bss gets replaced by a
3725
 * new node without us knowing and thus our ni/lsta are out of sync.
3726
 */
3727
static struct ieee80211_node *
3728
lkpi_iv_update_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
3729
{
3730
	struct lkpi_vif *lvif;
3731
	struct ieee80211_node *rni;
3732

3733
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3734

3735
	lvif = VAP_TO_LVIF(vap);
3736

3737
	LKPI_80211_LVIF_LOCK(lvif);
3738
	lvif->lvif_bss_synched = false;
3739
	LKPI_80211_LVIF_UNLOCK(lvif);
3740

3741
	rni = lvif->iv_update_bss(vap, ni);
3742
	return (rni);
3743
}
3744

3745
#ifdef LKPI_80211_WME
3746
static int
3747
lkpi_wme_update(struct lkpi_hw *lhw, struct ieee80211vap *vap, bool planned)
3748
{
3749
	struct ieee80211com *ic;
3750
	struct ieee80211_hw *hw;
3751
	struct lkpi_vif *lvif;
3752
	struct ieee80211_vif *vif;
3753
	struct chanAccParams chp;
3754
	struct wmeParams wmeparr[WME_NUM_AC];
3755
	struct ieee80211_tx_queue_params txqp;
3756
	enum ieee80211_bss_changed changed;
3757
	int error;
3758
	uint16_t ac;
3759

3760
	hw = LHW_TO_HW(lhw);
3761
	lockdep_assert_wiphy(hw->wiphy);
3762

3763
	IMPROVE();
3764
	KASSERT(WME_NUM_AC == IEEE80211_NUM_ACS, ("%s: WME_NUM_AC %d != "
3765
	    "IEEE80211_NUM_ACS %d\n", __func__, WME_NUM_AC, IEEE80211_NUM_ACS));
3766

3767
	if (vap == NULL)
3768
		return (0);
3769

3770
	if ((vap->iv_flags & IEEE80211_F_WME) == 0)
3771
		return (0);
3772

3773
	if (lhw->ops->conf_tx == NULL)
3774
		return (0);
3775

3776
	if (!planned && (vap->iv_state != IEEE80211_S_RUN)) {
3777
		lhw->update_wme = true;
3778
		return (0);
3779
	}
3780
	lhw->update_wme = false;
3781

3782
	ic = lhw->ic;
3783
	ieee80211_wme_ic_getparams(ic, &chp);
3784
	IEEE80211_LOCK(ic);
3785
	for (ac = 0; ac < WME_NUM_AC; ac++)
3786
		wmeparr[ac] = chp.cap_wmeParams[ac];
3787
	IEEE80211_UNLOCK(ic);
3788

3789
	lvif = VAP_TO_LVIF(vap);
3790
	vif = LVIF_TO_VIF(lvif);
3791

3792
	/* Configure tx queues (conf_tx) & send BSS_CHANGED_QOS. */
3793
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3794
		struct wmeParams *wmep;
3795

3796
		wmep = &wmeparr[ac];
3797
		bzero(&txqp, sizeof(txqp));
3798
		txqp.cw_min = wmep->wmep_logcwmin;
3799
		txqp.cw_max = wmep->wmep_logcwmax;
3800
		txqp.txop = wmep->wmep_txopLimit;
3801
		txqp.aifs = wmep->wmep_aifsn;
3802
		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
3803
		if (error != 0)
3804
			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
3805
			    __func__, ac, error);
3806
	}
3807
	changed = BSS_CHANGED_QOS;
3808
	if (!planned)
3809
		lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
3810

3811
	return (changed);
3812
}
3813
#endif
3814

3815
static int
3816
lkpi_ic_wme_update(struct ieee80211com *ic)
3817
{
3818
#ifdef LKPI_80211_WME
3819
	struct ieee80211vap *vap;
3820
	struct lkpi_hw *lhw;
3821
	struct ieee80211_hw *hw;
3822

3823
	IMPROVE("Use the per-VAP callback in net80211.");
3824
	vap = TAILQ_FIRST(&ic->ic_vaps);
3825
	if (vap == NULL)
3826
		return (0);
3827

3828
	lhw = ic->ic_softc;
3829
	hw = LHW_TO_HW(lhw);
3830

3831
	wiphy_lock(hw->wiphy);
3832
	lkpi_wme_update(lhw, vap, false);
3833
	wiphy_unlock(hw->wiphy);
3834
#endif
3835
	return (0);	/* unused */
3836
}
3837

3838
static void
3839
lkpi_iv_sta_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
3840
    int subtype, const struct ieee80211_rx_stats *rxs, int rssi, int nf)
3841
{
3842
	struct lkpi_hw *lhw;
3843
	struct ieee80211_hw *hw;
3844
	struct lkpi_vif *lvif;
3845
	struct ieee80211_vif *vif;
3846
	enum ieee80211_bss_changed bss_changed;
3847

3848
	lvif = VAP_TO_LVIF(ni->ni_vap);
3849
	vif = LVIF_TO_VIF(lvif);
3850

3851
	lvif->iv_recv_mgmt(ni, m0, subtype, rxs, rssi, nf);
3852

3853
	switch (subtype) {
3854
	case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
3855
		break;
3856
	case IEEE80211_FC0_SUBTYPE_BEACON:
3857
		/*
3858
		 * Only count beacons when assoc. SCAN has its own logging.
3859
		 * This is for connection/beacon loss/session protection almost
3860
		 * over debugging when trying to get into a stable RUN state.
3861
		 */
3862
		if (vif->cfg.assoc)
3863
			lvif->beacons++;
3864
		break;
3865
	default:
3866
		return;
3867
	}
3868

3869
	lhw = ni->ni_ic->ic_softc;
3870
	hw = LHW_TO_HW(lhw);
3871

3872
	/*
3873
	 * If this direct call to mo_bss_info_changed will not work due to
3874
	 * locking, see if queue_work() is fast enough.
3875
	 */
3876
	bss_changed = lkpi_update_dtim_tsf(vif, ni, ni->ni_vap, __func__, __LINE__);
3877
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3878
}
3879

3880
/*
3881
 * Change link-layer address on the vif (if the vap is not started/"UP").
3882
 * This can happen if a user changes 'ether' using ifconfig.
3883
 * The code is based on net80211/ieee80211_freebsd.c::wlan_iflladdr() but
3884
 * we do use a per-[l]vif event handler to be sure we exist as we
3885
 * cannot assume that from every vap derives a vif and we have a hard
3886
 * time checking based on net80211 information.
3887
 * Should this ever become a real problem we could add a callback function
3888
 * to wlan_iflladdr() to be set optionally but that would be for a
3889
 * single-consumer (or needs a list) -- was just too complicated for an
3890
 * otherwise perfect mechanism FreeBSD already provides.
3891
 */
3892
static void
3893
lkpi_vif_iflladdr(void *arg, struct ifnet *ifp)
3894
{
3895
	struct epoch_tracker et;
3896
	struct ieee80211_vif *vif;
3897

3898
	NET_EPOCH_ENTER(et);
3899
	/* NB: identify vap's by if_transmit; left as an extra check. */
3900
	if (if_gettransmitfn(ifp) != ieee80211_vap_transmit ||
3901
	    (if_getflags(ifp) & IFF_UP) != 0) {
3902
		NET_EPOCH_EXIT(et);
3903
		return;
3904
	}
3905

3906
	vif = arg;
3907
	IEEE80211_ADDR_COPY(vif->bss_conf.addr, if_getlladdr(ifp));
3908
	NET_EPOCH_EXIT(et);
3909
}
3910

3911
static struct ieee80211vap *
3912
lkpi_ic_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ],
3913
    int unit, enum ieee80211_opmode opmode, int flags,
3914
    const uint8_t bssid[IEEE80211_ADDR_LEN],
3915
    const uint8_t mac[IEEE80211_ADDR_LEN])
3916
{
3917
	struct lkpi_hw *lhw;
3918
	struct ieee80211_hw *hw;
3919
	struct lkpi_vif *lvif;
3920
	struct ieee80211vap *vap;
3921
	struct ieee80211_vif *vif;
3922
	struct ieee80211_tx_queue_params txqp;
3923
	enum ieee80211_bss_changed changed;
3924
	struct sysctl_oid *node;
3925
	size_t len;
3926
	int error, i;
3927
	uint16_t ac;
3928

3929
	if (!TAILQ_EMPTY(&ic->ic_vaps))	/* 1 so far. Add <n> once this works. */
3930
		return (NULL);
3931

3932
	lhw = ic->ic_softc;
3933
	hw = LHW_TO_HW(lhw);
3934

3935
	len = sizeof(*lvif);
3936
	len += hw->vif_data_size;	/* vif->drv_priv */
3937

3938
	lvif = malloc(len, M_80211_VAP, M_WAITOK | M_ZERO);
3939
	mtx_init(&lvif->mtx, "lvif", NULL, MTX_DEF);
3940
	TASK_INIT(&lvif->sw_scan_task, 0, lkpi_sw_scan_task, lvif);
3941
	INIT_LIST_HEAD(&lvif->lsta_list);
3942
	lvif->lvif_bss = NULL;
3943
	refcount_init(&lvif->nt_unlocked, 0);
3944
	lvif->lvif_bss_synched = false;
3945
	vap = LVIF_TO_VAP(lvif);
3946

3947
	vif = LVIF_TO_VIF(lvif);
3948
	memcpy(vif->addr, mac, IEEE80211_ADDR_LEN);
3949
	vif->p2p = false;
3950
	vif->probe_req_reg = false;
3951
	vif->type = lkpi_opmode_to_vif_type(opmode);
3952
	lvif->wdev.iftype = vif->type;
3953
	/* Need to fill in other fields as well. */
3954
	IMPROVE();
3955

3956
	/* XXX-BZ hardcoded for now! */
3957
#if 1
3958
	RCU_INIT_POINTER(vif->bss_conf.chanctx_conf, NULL);
3959
	vif->bss_conf.vif = vif;
3960
	/* vap->iv_myaddr is not set until net80211::vap_setup or vap_attach. */
3961
	IEEE80211_ADDR_COPY(vif->bss_conf.addr, mac);
3962
	lvif->lvif_ifllevent = EVENTHANDLER_REGISTER(iflladdr_event,
3963
	    lkpi_vif_iflladdr, vif, EVENTHANDLER_PRI_ANY);
3964
	vif->bss_conf.link_id = 0;	/* Non-MLO operation. */
3965
	vif->bss_conf.chanreq.oper.width = NL80211_CHAN_WIDTH_20_NOHT;
3966
	vif->bss_conf.use_short_preamble = false;	/* vap->iv_flags IEEE80211_F_SHPREAMBLE */
3967
	vif->bss_conf.use_short_slot = false;		/* vap->iv_flags IEEE80211_F_SHSLOT */
3968
	vif->bss_conf.qos = false;
3969
	vif->bss_conf.use_cts_prot = false;		/* vap->iv_protmode */
3970
	vif->bss_conf.ht_operation_mode = IEEE80211_HT_OP_MODE_PROTECTION_NONE;
3971
	vif->cfg.aid = 0;
3972
	vif->cfg.assoc = false;
3973
	vif->cfg.idle = true;
3974
	vif->cfg.ps = false;
3975
	IMPROVE("Check other fields and then figure out whats is left elsewhere of them");
3976
	/*
3977
	 * We need to initialize it to something as the bss_info_changed call
3978
	 * will try to copy from it in iwlwifi and NULL is a panic.
3979
	 * We will set the proper one in scan_to_auth() before being assoc.
3980
	 */
3981
	vif->bss_conf.bssid = ieee80211broadcastaddr;
3982
#endif
3983
#if 0
3984
	vif->bss_conf.dtim_period = 0; /* IEEE80211_DTIM_DEFAULT ; must stay 0. */
3985
	IEEE80211_ADDR_COPY(vif->bss_conf.bssid, bssid);
3986
	vif->bss_conf.beacon_int = ic->ic_bintval;
3987
	/* iwlwifi bug. */
3988
	if (vif->bss_conf.beacon_int < 16)
3989
		vif->bss_conf.beacon_int = 16;
3990
#endif
3991

3992
	/* Link Config */
3993
	vif->link_conf[0] = &vif->bss_conf;
3994
	for (i = 0; i < nitems(vif->link_conf); i++) {
3995
		IMPROVE("more than 1 link one day");
3996
	}
3997

3998
	/* Setup queue defaults; driver may override in (*add_interface). */
3999
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
4000
		if (ieee80211_hw_check(hw, QUEUE_CONTROL))
4001
			vif->hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
4002
		else if (hw->queues >= IEEE80211_NUM_ACS)
4003
			vif->hw_queue[i] = i;
4004
		else
4005
			vif->hw_queue[i] = 0;
4006

4007
		/* Initialize the queue to running. Stopped? */
4008
		lvif->hw_queue_stopped[i] = false;
4009
	}
4010
	vif->cab_queue = IEEE80211_INVAL_HW_QUEUE;
4011

4012
	IMPROVE();
4013

4014
	wiphy_lock(hw->wiphy);
4015
	error = lkpi_80211_mo_start(hw);
4016
	if (error != 0) {
4017
		wiphy_unlock(hw->wiphy);
4018
		ic_printf(ic, "%s: failed to start hw: %d\n", __func__, error);
4019
		mtx_destroy(&lvif->mtx);
4020
		free(lvif, M_80211_VAP);
4021
		return (NULL);
4022
	}
4023

4024
	error = lkpi_80211_mo_add_interface(hw, vif);
4025
	if (error != 0) {
4026
		IMPROVE();	/* XXX-BZ mo_stop()? */
4027
		wiphy_unlock(hw->wiphy);
4028
		ic_printf(ic, "%s: failed to add interface: %d\n", __func__, error);
4029
		mtx_destroy(&lvif->mtx);
4030
		free(lvif, M_80211_VAP);
4031
		return (NULL);
4032
	}
4033
	wiphy_unlock(hw->wiphy);
4034

4035
	LKPI_80211_LHW_LVIF_LOCK(lhw);
4036
	TAILQ_INSERT_TAIL(&lhw->lvif_head, lvif, lvif_entry);
4037
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4038

4039
	/* Set bss_info. */
4040
	changed = 0;
4041
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
4042

4043
	/* Configure tx queues (conf_tx), default WME & send BSS_CHANGED_QOS. */
4044
	IMPROVE("Hardcoded values; to fix see 802.11-2016, 9.4.2.29 EDCA Parameter Set element");
4045
	wiphy_lock(hw->wiphy);
4046
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4047

4048
		bzero(&txqp, sizeof(txqp));
4049
		txqp.cw_min = 15;
4050
		txqp.cw_max = 1023;
4051
		txqp.txop = 0;
4052
		txqp.aifs = 2;
4053
		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
4054
		if (error != 0)
4055
			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
4056
			    __func__, ac, error);
4057
	}
4058
	wiphy_unlock(hw->wiphy);
4059
	changed = BSS_CHANGED_QOS;
4060
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
4061

4062
	/* Force MC init. */
4063
	lkpi_update_mcast_filter(ic);
4064

4065
	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
4066

4067
	/* Now we have a valid vap->iv_ifp.  Any checksum offloading goes below. */
4068

4069
	IMPROVE();
4070

4071
	/* Override with LinuxKPI method so we can drive mac80211/cfg80211. */
4072
	lvif->iv_newstate = vap->iv_newstate;
4073
	vap->iv_newstate = lkpi_iv_newstate;
4074
	lvif->iv_update_bss = vap->iv_update_bss;
4075
	vap->iv_update_bss = lkpi_iv_update_bss;
4076
	lvif->iv_recv_mgmt = vap->iv_recv_mgmt;
4077
	vap->iv_recv_mgmt = lkpi_iv_sta_recv_mgmt;
4078

4079
#ifdef LKPI_80211_HW_CRYPTO
4080
	/* Key management. */
4081
	if (lkpi_hwcrypto && lhw->ops->set_key != NULL) {
4082
		vap->iv_key_set = lkpi_iv_key_set;
4083
		vap->iv_key_delete = lkpi_iv_key_delete;
4084
		vap->iv_key_update_begin = lkpi_iv_key_update_begin;
4085
		vap->iv_key_update_end = lkpi_iv_key_update_end;
4086
	}
4087
#endif
4088

4089
#ifdef LKPI_80211_HT
4090
	/* Stay with the iv_ampdu_rxmax,limit / iv_ampdu_density defaults until later. */
4091
#endif
4092

4093
	ieee80211_ratectl_init(vap);
4094

4095
	/* Complete setup. */
4096
	ieee80211_vap_attach(vap, ieee80211_media_change,
4097
	    ieee80211_media_status, mac);
4098

4099
#ifdef LKPI_80211_HT
4100
	/*
4101
	 * Modern chipset/fw/drv will do A-MPDU in drv/fw and fail
4102
	 * to do so if they cannot do the crypto too.
4103
	 */
4104
	if (!lkpi_hwcrypto && IEEE80211_CONF_AMPDU_OFFLOAD(ic))
4105
		vap->iv_flags_ht &= ~IEEE80211_FHT_AMPDU_RX;
4106
#endif
4107

4108
	if (hw->max_listen_interval == 0)
4109
		hw->max_listen_interval = 7 * (ic->ic_lintval / ic->ic_bintval);
4110
	hw->conf.listen_interval = hw->max_listen_interval;
4111
	ic->ic_set_channel(ic);
4112

4113
	/* XXX-BZ do we need to be able to update these? */
4114
	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
4115
	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
4116
	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
4117
	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
4118
	/* any others? */
4119

4120
	/* Add per-VIF/VAP sysctls. */
4121
	sysctl_ctx_init(&lvif->sysctl_ctx);
4122

4123
	node = SYSCTL_ADD_NODE(&lvif->sysctl_ctx,
4124
	    SYSCTL_CHILDREN(&sysctl___compat_linuxkpi_80211),
4125
	    OID_AUTO, if_name(vap->iv_ifp),
4126
	    CTLFLAG_RD | CTLFLAG_SKIP | CTLFLAG_MPSAFE, NULL, "VIF Information");
4127

4128
	SYSCTL_ADD_PROC(&lvif->sysctl_ctx,
4129
	    SYSCTL_CHILDREN(node), OID_AUTO, "dump_stas",
4130
	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, lvif, 0,
4131
	    lkpi_80211_dump_stas, "A", "Dump sta statistics of this vif");
4132

4133
	IMPROVE();
4134

4135
	return (vap);
4136
}
4137

4138
void
4139
linuxkpi_ieee80211_unregister_hw(struct ieee80211_hw *hw)
4140
{
4141

4142
	wiphy_unregister(hw->wiphy);
4143
	linuxkpi_ieee80211_ifdetach(hw);
4144

4145
	IMPROVE();
4146
}
4147

4148
void
4149
linuxkpi_ieee80211_restart_hw(struct ieee80211_hw *hw)
4150
{
4151

4152
	TODO();
4153
}
4154

4155
static void
4156
lkpi_ic_vap_delete(struct ieee80211vap *vap)
4157
{
4158
	struct ieee80211com *ic;
4159
	struct lkpi_hw *lhw;
4160
	struct ieee80211_hw *hw;
4161
	struct lkpi_vif *lvif;
4162
	struct ieee80211_vif *vif;
4163

4164
	lvif = VAP_TO_LVIF(vap);
4165
	vif = LVIF_TO_VIF(lvif);
4166
	ic = vap->iv_ic;
4167
	lhw = ic->ic_softc;
4168
	hw = LHW_TO_HW(lhw);
4169

4170
	EVENTHANDLER_DEREGISTER(iflladdr_event, lvif->lvif_ifllevent);
4171

4172
	/* Clear up per-VIF/VAP sysctls. */
4173
	sysctl_ctx_free(&lvif->sysctl_ctx);
4174

4175
	ieee80211_draintask(ic, &lvif->sw_scan_task);
4176

4177
	LKPI_80211_LHW_LVIF_LOCK(lhw);
4178
	TAILQ_REMOVE(&lhw->lvif_head, lvif, lvif_entry);
4179
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4180

4181
	ieee80211_ratectl_deinit(vap);
4182
	ieee80211_vap_detach(vap);
4183

4184
	IMPROVE("clear up other bits in this state");
4185

4186
	lkpi_80211_mo_remove_interface(hw, vif);
4187

4188
	/* Single VAP, so we can do this here. */
4189
	lkpi_80211_mo_stop(hw, false);			/* XXX SUSPEND */
4190

4191
	mtx_destroy(&lvif->mtx);
4192
	free(lvif, M_80211_VAP);
4193
}
4194

4195
static void
4196
lkpi_ic_update_mcast(struct ieee80211com *ic)
4197
{
4198
	struct ieee80211vap *vap;
4199
	struct lkpi_hw *lhw;
4200

4201
	lhw = ic->ic_softc;
4202
	if (lhw->ops->prepare_multicast == NULL ||
4203
	    lhw->ops->configure_filter == NULL)
4204
		return;
4205

4206
	LKPI_80211_LHW_MC_LOCK(lhw);
4207
	/* Cleanup anything on the current list. */
4208
	lkpi_cleanup_mcast_list_locked(lhw);
4209

4210
	/* Build up the new list (or allmulti). */
4211
	if (ic->ic_allmulti == 0) {
4212
		TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
4213
			if_foreach_llmaddr(vap->iv_ifp,
4214
			    lkpi_ic_update_mcast_copy, &lhw->mc_list);
4215
		lhw->mc_all_multi = false;
4216
	} else {
4217
		lhw->mc_all_multi = true;
4218
	}
4219
	LKPI_80211_LHW_MC_UNLOCK(lhw);
4220

4221
	lkpi_update_mcast_filter(ic);
4222
	TRACEOK();
4223
}
4224

4225
static void
4226
lkpi_ic_update_promisc(struct ieee80211com *ic)
4227
{
4228

4229
	UNIMPLEMENTED;
4230
}
4231

4232
static void
4233
lkpi_ic_update_chw(struct ieee80211com *ic)
4234
{
4235

4236
	UNIMPLEMENTED;
4237
}
4238

4239
/* Start / stop device. */
4240
static void
4241
lkpi_ic_parent(struct ieee80211com *ic)
4242
{
4243
	struct lkpi_hw *lhw;
4244
	struct ieee80211_hw *hw;
4245
#ifdef HW_START_STOP
4246
	int error;
4247
#endif
4248
	bool start_all;
4249

4250
	IMPROVE();
4251

4252
	lhw = ic->ic_softc;
4253
	hw = LHW_TO_HW(lhw);
4254
	start_all = false;
4255

4256
	/* IEEE80211_UNLOCK(ic); */
4257
	wiphy_lock(hw->wiphy);
4258
	if (ic->ic_nrunning > 0) {
4259
#ifdef HW_START_STOP
4260
		error = lkpi_80211_mo_start(hw);
4261
		if (error == 0)
4262
#endif
4263
			start_all = true;
4264
	} else {
4265
#ifdef HW_START_STOP
4266
		lkpi_80211_mo_stop(hw, false);		/* XXX SUSPEND */
4267
#endif
4268
	}
4269
	wiphy_unlock(hw->wiphy);
4270
	/* IEEE80211_LOCK(ic); */
4271

4272
	if (start_all)
4273
		ieee80211_start_all(ic);
4274
}
4275

4276
bool
4277
linuxkpi_ieee80211_is_ie_id_in_ie_buf(const u8 ie, const u8 *ie_ids,
4278
    size_t ie_ids_len)
4279
{
4280
	int i;
4281

4282
	for (i = 0; i < ie_ids_len; i++) {
4283
		if (ie == *ie_ids)
4284
			return (true);
4285
	}
4286

4287
	return (false);
4288
}
4289

4290
/* Return true if skipped; false if error. */
4291
bool
4292
linuxkpi_ieee80211_ie_advance(size_t *xp, const u8 *ies, size_t ies_len)
4293
{
4294
	size_t x;
4295
	uint8_t l;
4296

4297
	x = *xp;
4298

4299
	KASSERT(x < ies_len, ("%s: x %zu ies_len %zu ies %p\n",
4300
	    __func__, x, ies_len, ies));
4301
	l = ies[x + 1];
4302
	x += 2 + l;
4303

4304
	if (x > ies_len)
4305
		return (false);
4306

4307
	*xp = x;
4308
	return (true);
4309
}
4310

4311
static uint8_t *
4312
lkpi_scan_ies_add(uint8_t *p, struct ieee80211_scan_ies *scan_ies,
4313
    uint32_t band_mask, struct ieee80211vap *vap, struct ieee80211_hw *hw)
4314
{
4315
	struct ieee80211_supported_band *supband;
4316
	struct linuxkpi_ieee80211_channel *channels;
4317
	struct ieee80211com *ic;
4318
	const struct ieee80211_channel *chan;
4319
	const struct ieee80211_rateset *rs;
4320
	uint8_t *pb;
4321
	int band, i;
4322

4323
	ic = vap->iv_ic;
4324
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
4325
		if ((band_mask & (1 << band)) == 0)
4326
			continue;
4327

4328
		supband = hw->wiphy->bands[band];
4329
		/*
4330
		 * This should not happen;
4331
		 * band_mask is a bitmask of valid bands to scan on.
4332
		 */
4333
		if (supband == NULL || supband->n_channels == 0)
4334
			continue;
4335

4336
		/* Find a first channel to get the mode and rates from. */
4337
		channels = supband->channels;
4338
		chan = NULL;
4339
		for (i = 0; i < supband->n_channels; i++) {
4340
			uint32_t flags;
4341

4342
			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
4343
				continue;
4344

4345
			flags = 0;
4346
			switch (band) {
4347
			case NL80211_BAND_2GHZ:
4348
				flags |= IEEE80211_CHAN_G;
4349
				break;
4350
			case NL80211_BAND_5GHZ:
4351
				flags |= IEEE80211_CHAN_A;
4352
				break;
4353
			default:
4354
				panic("%s:%d: unupported band %d\n",
4355
				    __func__, __LINE__, band);
4356
			}
4357

4358
			chan = ieee80211_find_channel(ic,
4359
			    channels[i].center_freq, flags);
4360
			if (chan != NULL)
4361
				break;
4362
		}
4363

4364
		/* This really should not happen. */
4365
		if (chan == NULL)
4366
			continue;
4367

4368
		pb = p;
4369
		rs = ieee80211_get_suprates(ic, chan);	/* calls chan2mode */
4370
		p = ieee80211_add_rates(p, rs);
4371
		p = ieee80211_add_xrates(p, rs);
4372

4373
#if defined(LKPI_80211_HT)
4374
		if ((vap->iv_flags_ht & IEEE80211_FHT_HT) != 0) {
4375
			struct ieee80211_channel *c;
4376

4377
			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4378
			    vap->iv_flags_ht);
4379
			p = ieee80211_add_htcap_ch(p, vap, c);
4380
		}
4381
#endif
4382
#if defined(LKPI_80211_VHT)
4383
		if (band == NL80211_BAND_5GHZ &&
4384
		    (vap->iv_vht_flags & IEEE80211_FVHT_VHT) != 0) {
4385
			struct ieee80211_channel *c;
4386

4387
			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4388
			    vap->iv_flags_ht);
4389
			c = ieee80211_vht_adjust_channel(ic, c,
4390
			    vap->iv_vht_flags);
4391
			p = ieee80211_add_vhtcap_ch(p, vap, c);
4392
		}
4393
#endif
4394

4395
		scan_ies->ies[band] = pb;
4396
		scan_ies->len[band] = p - pb;
4397
	}
4398

4399
	/* Add common_ies */
4400
	pb = p;
4401
	if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4402
	    vap->iv_wpa_ie != NULL) {
4403
		memcpy(p, vap->iv_wpa_ie, 2 + vap->iv_wpa_ie[1]);
4404
		p += 2 + vap->iv_wpa_ie[1];
4405
	}
4406
	if (vap->iv_appie_probereq != NULL) {
4407
		memcpy(p, vap->iv_appie_probereq->ie_data,
4408
		    vap->iv_appie_probereq->ie_len);
4409
		p += vap->iv_appie_probereq->ie_len;
4410
	}
4411
	scan_ies->common_ies = pb;
4412
	scan_ies->common_ie_len = p - pb;
4413

4414
	return (p);
4415
}
4416

4417
static void
4418
lkpi_enable_hw_scan(struct lkpi_hw *lhw)
4419
{
4420

4421
	if (lhw->ops->hw_scan) {
4422
		/*
4423
		 * Advertise full-offload scanning.
4424
		 *
4425
		 * Not limiting to SINGLE_SCAN_ON_ALL_BANDS here as otherwise
4426
		 * we essentially disable hw_scan for all drivers not setting
4427
		 * the flag.
4428
		 */
4429
		lhw->ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD;
4430
		lhw->scan_flags |= LKPI_LHW_SCAN_HW;
4431
	}
4432
}
4433

4434
#ifndef LKPI_80211_USE_SCANLIST
4435
static const uint32_t chan_pri[] = {
4436
	5180, 5500, 5745,
4437
	5260, 5580, 5660, 5825,
4438
	5220, 5300, 5540, 5620, 5700, 5785, 5865,
4439
	2437, 2412, 2422, 2462, 2472, 2432, 2452
4440
};
4441

4442
static int
4443
lkpi_scan_chan_list_idx(const struct linuxkpi_ieee80211_channel *lc)
4444
{
4445
	int i;
4446

4447
	for (i = 0; i < nitems(chan_pri); i++) {
4448
		if (lc->center_freq == chan_pri[i])
4449
			return (i);
4450
	}
4451

4452
	return (-1);
4453
}
4454

4455
static int
4456
lkpi_scan_chan_list_comp(const  struct linuxkpi_ieee80211_channel *lc1,
4457
    const  struct linuxkpi_ieee80211_channel *lc2)
4458
{
4459
	int idx1, idx2;
4460

4461
	/* Find index in list. */
4462
	idx1 = lkpi_scan_chan_list_idx(lc1);
4463
	idx2 = lkpi_scan_chan_list_idx(lc2);
4464

4465
	if (idx1 == -1 && idx2 != -1)
4466
		return (1);
4467
	if (idx1 != -1 && idx2 == -1)
4468
		return (-1);
4469

4470
	/* Neither on the list, use center_freq. */
4471
	if (idx1 == -1 && idx2 == -1)
4472
		return (lc1->center_freq - lc2->center_freq);
4473

4474
	/* Whichever is first in the list. */
4475
	return (idx1 - idx2);
4476
}
4477

4478
static void
4479
lkpi_scan_chan_list_resort(struct linuxkpi_ieee80211_channel **cpp, size_t nchan)
4480
{
4481
	struct linuxkpi_ieee80211_channel *lc, *nc;
4482
	size_t i, j;
4483
	int rc;
4484

4485
	for (i = (nchan - 1); i > 0; i--) {
4486
		for (j = i; j > 0 ; j--) {
4487
			lc = *(cpp + j);
4488
			nc = *(cpp + j - 1);
4489
			rc = lkpi_scan_chan_list_comp(lc, nc);
4490
			if (rc < 0) {
4491
				*(cpp + j) = nc;
4492
				*(cpp + j - 1) = lc;
4493
			}
4494
		}
4495
	}
4496
}
4497

4498
static bool
4499
lkpi_scan_chan(struct linuxkpi_ieee80211_channel *c,
4500
    struct ieee80211com *ic, bool log)
4501
{
4502

4503
	if ((c->flags & IEEE80211_CHAN_DISABLED) != 0) {
4504
		if (log)
4505
			TRACE_SCAN(ic, "Skipping disabled chan "
4506
			    "on band %s [%#x/%u/%#x]",
4507
			    lkpi_nl80211_band_name(c->band), c->hw_value,
4508
			    c->center_freq, c->flags);
4509
		return (false);
4510
	}
4511
	if (isclr(ic->ic_chan_active, ieee80211_mhz2ieee(c->center_freq,
4512
	    lkpi_nl80211_band_to_net80211_band(c->band)))) {
4513
		if (log)
4514
			TRACE_SCAN(ic, "Skipping !active chan "
4515
			    "on band %s [%#x/%u/%#x]",
4516
			    lkpi_nl80211_band_name(c->band), c->hw_value,
4517
			    c->center_freq, c->flags);
4518
		return (false);
4519
	}
4520
	return (true);
4521
}
4522
#endif
4523

4524
static void
4525
lkpi_ic_scan_start(struct ieee80211com *ic)
4526
{
4527
	struct lkpi_hw *lhw;
4528
	struct ieee80211_hw *hw;
4529
	struct lkpi_vif *lvif;
4530
	struct ieee80211_vif *vif;
4531
	struct ieee80211_scan_state *ss;
4532
	struct ieee80211vap *vap;
4533
	int error;
4534
	bool is_hw_scan;
4535

4536
	lhw = ic->ic_softc;
4537
	ss = ic->ic_scan;
4538
	vap = ss->ss_vap;
4539
	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4540

4541
	LKPI_80211_LHW_SCAN_LOCK(lhw);
4542
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4543
		/* A scan is still running. */
4544
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4545
		TRACE_SCAN(ic, "Trying to start new scan while still running; "
4546
		    "cancelling new net80211 scan; scan_flags %b",
4547
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4548
		ieee80211_cancel_scan(vap);
4549
		return;
4550
	}
4551
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
4552
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4553

4554
#if 0
4555
	if (vap->iv_state != IEEE80211_S_SCAN) {
4556
		TODO("We need to be able to scan if not in S_SCAN");
4557
		TRACE_SCAN(ic, "scan_flags %b iv_state %d",
4558
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, vap->iv_state);
4559
		ieee80211_cancel_scan(vap);
4560
		return;
4561
	}
4562
#endif
4563

4564
	hw = LHW_TO_HW(lhw);
4565
	if (!is_hw_scan) {
4566
		/* If hw_scan is cleared clear FEXT_SCAN_OFFLOAD too. */
4567
		vap->iv_flags_ext &= ~IEEE80211_FEXT_SCAN_OFFLOAD;
4568

4569
		lvif = VAP_TO_LVIF(vap);
4570
		vif = LVIF_TO_VIF(lvif);
4571

4572
		if (vap->iv_state == IEEE80211_S_SCAN)
4573
			lkpi_hw_conf_idle(hw, false);
4574

4575
		LKPI_80211_LHW_SCAN_LOCK(lhw);
4576
		lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4577
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4578

4579
		lkpi_update_mcast_filter(ic);
4580

4581
		TRACE_SCAN(vap->iv_ic, "Starting SW_SCAN: scan_flags %b",
4582
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4583
		lkpi_80211_mo_sw_scan_start(hw, vif, vif->addr);
4584
		/* net80211::scan_start() handled PS for us. */
4585
		IMPROVE();
4586
		/* XXX Also means it is too late to flush queues?
4587
		 * need to check iv_sta_ps or overload? */
4588
		/* XXX want to adjust ss end time/ maxdwell? */
4589

4590
	} else {
4591
		struct ieee80211_scan_request *hw_req;
4592
		struct linuxkpi_ieee80211_channel *lc, **cpp;
4593
		struct cfg80211_ssid *ssids;
4594
		struct cfg80211_scan_6ghz_params *s6gp;
4595
		size_t chan_len, nchan, ssids_len, s6ghzlen;
4596
		int band, i, ssid_count, common_ie_len;
4597
#ifndef LKPI_80211_USE_SCANLIST
4598
		int n;
4599
#endif
4600
		uint32_t band_mask;
4601
		uint8_t *ie, *ieend;
4602
		bool running;
4603

4604
		ssid_count = min(ss->ss_nssid, hw->wiphy->max_scan_ssids);
4605
		ssids_len = ssid_count * sizeof(*ssids);
4606
		s6ghzlen = 0 * (sizeof(*s6gp));			/* XXX-BZ */
4607

4608
		band_mask = 0;
4609
		nchan = 0;
4610
		if (ieee80211_hw_check(hw, SINGLE_SCAN_ON_ALL_BANDS)) {
4611
#ifdef LKPI_80211_USE_SCANLIST
4612
		/* Avoid net80211 scan lists until it has proper scan offload support. */
4613
			for (i = ss->ss_next; i < ss->ss_last; i++) {
4614
				nchan++;
4615
				band = lkpi_net80211_chan_to_nl80211_band(
4616
				    ss->ss_chans[ss->ss_next + i]);
4617
				band_mask |= (1 << band);
4618
			}
4619
#else
4620
			/* Instead we scan for all channels all the time. */
4621
			for (band = 0; band < NUM_NL80211_BANDS; band++) {
4622
				switch (band) {
4623
				case NL80211_BAND_2GHZ:
4624
				case NL80211_BAND_5GHZ:
4625
					break;
4626
				default:
4627
					continue;
4628
				}
4629
				if (hw->wiphy->bands[band] != NULL) {
4630
					struct linuxkpi_ieee80211_channel *channels;
4631
					int n;
4632

4633
					band_mask |= (1 << band);
4634

4635
					channels = hw->wiphy->bands[band]->channels;
4636
					n = hw->wiphy->bands[band]->n_channels;
4637
					for (i = 0; i < n; i++) {
4638
						if (lkpi_scan_chan(&channels[i], ic, true))
4639
							nchan++;
4640
					}
4641
				}
4642
			}
4643
#endif
4644
		} else {
4645
			IMPROVE("individual band scans not yet supported, only scanning first band");
4646
			/* In theory net80211 should drive this. */
4647
			/* Probably we need to add local logic for now;
4648
			 * need to deal with scan_complete
4649
			 * and cancel_scan and keep local state.
4650
			 * Also cut the nchan down above.
4651
			 */
4652
			/* XXX-BZ ath10k does not set this but still does it? &$%^ */
4653
		}
4654

4655
		chan_len = nchan * (sizeof(lc) + sizeof(*lc));
4656

4657
		common_ie_len = 0;
4658
		if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4659
		    vap->iv_wpa_ie != NULL)
4660
			common_ie_len += vap->iv_wpa_ie[1];
4661
		if (vap->iv_appie_probereq != NULL)
4662
			common_ie_len += vap->iv_appie_probereq->ie_len;
4663

4664
		/* We would love to check this at an earlier stage... */
4665
		if (common_ie_len >  hw->wiphy->max_scan_ie_len) {
4666
			ic_printf(ic, "WARNING: %s: common_ie_len %d > "
4667
			    "wiphy->max_scan_ie_len %d\n", __func__,
4668
			    common_ie_len, hw->wiphy->max_scan_ie_len);
4669
		}
4670

4671
		hw_req = malloc(sizeof(*hw_req) + ssids_len +
4672
		    s6ghzlen + chan_len + lhw->supbands * lhw->scan_ie_len +
4673
		    common_ie_len, M_LKPI80211, M_WAITOK | M_ZERO);
4674

4675
		hw_req->req.flags = 0;			/* XXX ??? */
4676
		/* hw_req->req.wdev */
4677
		hw_req->req.wiphy = hw->wiphy;
4678
		hw_req->req.no_cck = false;		/* XXX */
4679

4680
		/*
4681
		 * In general setting duration[_mandatory] seems to pessimise
4682
		 * default scanning behaviour.  We only use it for BGSCANnig
4683
		 * to keep the dwell times small.
4684
		 * Setting duration_mandatory makes this the maximum dwell
4685
		 * time (otherwise may be shorter).  Duration is in TU.
4686
		 */
4687
		if ((ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN) != 0) {
4688
			unsigned long dwell;
4689

4690
			if ((ic->ic_caps & IEEE80211_C_BGSCAN) == 0 ||
4691
			    (vap->iv_flags & IEEE80211_F_BGSCAN) == 0)
4692
				ic_printf(ic, "BGSCAN despite off: %b, %b, %b\n",
4693
				    ic->ic_flags_ext, IEEE80211_FEXT_BITS,
4694
				    vap->iv_flags, IEEE80211_F_BITS,
4695
				    ic->ic_caps, IEEE80211_C_BITS);
4696

4697
			dwell = ss->ss_mindwell;
4698
			if (dwell == 0)
4699
				dwell = msecs_to_ticks(20);
4700

4701
			hw_req->req.duration_mandatory = true;
4702
			hw_req->req.duration = TICKS_2_USEC(dwell) / 1024;
4703
		}
4704

4705
#ifdef __notyet__
4706
		hw_req->req.flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
4707
		memcpy(hw_req->req.mac_addr, xxx, IEEE80211_ADDR_LEN);
4708
		memset(hw_req->req.mac_addr_mask, 0xxx, IEEE80211_ADDR_LEN);
4709
#endif
4710
		eth_broadcast_addr(hw_req->req.bssid);
4711

4712
		hw_req->req.n_channels = nchan;
4713
		cpp = (struct linuxkpi_ieee80211_channel **)(hw_req + 1);
4714
		lc = (struct linuxkpi_ieee80211_channel *)(cpp + nchan);
4715
#ifdef LKPI_80211_USE_SCANLIST
4716
		for (i = 0; i < nchan; i++) {
4717
			*(cpp + i) =
4718
			    (struct linuxkpi_ieee80211_channel *)(lc + i);
4719
		}
4720
		/* Avoid net80211 scan lists until it has proper scan offload support. */
4721
		for (i = 0; i < nchan; i++) {
4722
			struct ieee80211_channel *c;
4723

4724
			c = ss->ss_chans[ss->ss_next + i];
4725
			lc->center_freq = c->ic_freq;	/* XXX */
4726
			/* lc->flags */
4727
			lc->band = lkpi_net80211_chan_to_nl80211_band(c);
4728
			lc->max_power = c->ic_maxpower;
4729
			/* lc-> ... */
4730
			lc++;
4731
		}
4732
#else
4733
		/* Add bands in reverse order for scanning. */
4734
		n = 0;
4735
		for (band = NUM_NL80211_BANDS - 1; band >= 0; band--) {
4736
			struct ieee80211_supported_band *supband;
4737
			struct linuxkpi_ieee80211_channel *channels;
4738

4739
			/* Band disabled for scanning? */
4740
			if ((band_mask & (1 << band)) == 0)
4741
				continue;
4742

4743
			/* Nothing to scan in band? */
4744
			supband = hw->wiphy->bands[band];
4745
			if (supband == NULL || supband->n_channels == 0)
4746
				continue;
4747

4748
			channels = supband->channels;
4749
			for (i = 0; i < supband->n_channels; i++) {
4750
				if (lkpi_scan_chan(&channels[i], ic, false))
4751
					*(cpp + n++) = &channels[i];
4752
			}
4753
		}
4754
		if (lkpi_order_scanlist)
4755
			lkpi_scan_chan_list_resort(cpp, nchan);
4756

4757
		if ((linuxkpi_debug_80211 & D80211_SCAN) != 0) {
4758
			printf("%s:%d: %s SCAN Channel List (nchan=%zu): ",
4759
			    __func__, __LINE__, ic->ic_name, nchan);
4760
			for (i = 0; i < nchan; i++) {
4761
				struct linuxkpi_ieee80211_channel *xc;
4762

4763
				xc = *(cpp + i);
4764
				printf(" %d(%d)",
4765
				    ieee80211_mhz2ieee(xc->center_freq,
4766
				        lkpi_nl80211_band_to_net80211_band(
4767
					xc->band)),
4768
				    xc->center_freq);
4769
			}
4770
			printf("\n");
4771
		}
4772
#endif
4773

4774
		hw_req->req.n_ssids = ssid_count;
4775
		if (hw_req->req.n_ssids > 0) {
4776
			ssids = (struct cfg80211_ssid *)lc;
4777
			hw_req->req.ssids = ssids;
4778
			for (i = 0; i < ssid_count; i++) {
4779
				ssids->ssid_len = ss->ss_ssid[i].len;
4780
				memcpy(ssids->ssid, ss->ss_ssid[i].ssid,
4781
				    ss->ss_ssid[i].len);
4782
				ssids++;
4783
			}
4784
			s6gp = (struct cfg80211_scan_6ghz_params *)ssids;
4785
		} else {
4786
			s6gp = (struct cfg80211_scan_6ghz_params *)lc;
4787
		}
4788

4789
		/* 6GHz one day. */
4790
		hw_req->req.n_6ghz_params = 0;
4791
		hw_req->req.scan_6ghz_params = NULL;
4792
		hw_req->req.scan_6ghz = false;	/* Weird boolean; not what you think. */
4793
		/* s6gp->... */
4794

4795
		ie = ieend = (uint8_t *)s6gp;
4796
		/* Copy per-band IEs, copy common IEs */
4797
		ieend = lkpi_scan_ies_add(ie, &hw_req->ies, band_mask, vap, hw);
4798
		hw_req->req.ie = ie;
4799
		hw_req->req.ie_len = ieend - ie;
4800
		hw_req->req.scan_start = jiffies;
4801

4802
		lvif = VAP_TO_LVIF(vap);
4803
		vif = LVIF_TO_VIF(lvif);
4804

4805
		LKPI_80211_LHW_SCAN_LOCK(lhw);
4806
		/* Re-check under lock. */
4807
		running = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
4808
		if (!running) {
4809
			KASSERT(lhw->hw_req == NULL, ("%s: ic %p lhw %p hw_req %p "
4810
			    "!= NULL\n", __func__, ic, lhw, lhw->hw_req));
4811

4812
			lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4813
			lhw->hw_req = hw_req;
4814
		}
4815
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4816
		if (running) {
4817
			free(hw_req, M_LKPI80211);
4818
			TRACE_SCAN(ic, "Trying to start new scan while still "
4819
			    "running (2); cancelling new net80211 scan; "
4820
			    "scan_flags %b",
4821
			    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4822
			ieee80211_cancel_scan(vap);
4823
			return;
4824
		}
4825

4826
		lkpi_update_mcast_filter(ic);
4827
		TRACE_SCAN(ic, "Starting HW_SCAN: scan_flags %b, "
4828
		    "ie_len %d, n_ssids %d, n_chan %d, common_ie_len %d [%d, %d]",
4829
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, hw_req->req.ie_len,
4830
		    hw_req->req.n_ssids, hw_req->req.n_channels,
4831
		    hw_req->ies.common_ie_len,
4832
		    hw_req->ies.len[NL80211_BAND_2GHZ],
4833
		    hw_req->ies.len[NL80211_BAND_5GHZ]);
4834

4835
		error = lkpi_80211_mo_hw_scan(hw, vif, hw_req);
4836
		if (error != 0) {
4837
			bool scan_done;
4838
			int e;
4839

4840
			TRACE_SCAN(ic, "hw_scan failed; scan_flags %b, error %d",
4841
			    lhw->scan_flags, LKPI_LHW_SCAN_BITS, error);
4842
			ieee80211_cancel_scan(vap);
4843

4844
			/*
4845
			 * ieee80211_scan_completed must be called in either
4846
			 * case of error or none.  So let the free happen there
4847
			 * and only there.
4848
			 * That would be fine in theory but in practice drivers
4849
			 * behave differently:
4850
			 * ath10k does not return hw_scan until after scan_complete
4851
			 *        and can then still return an error.
4852
			 * rtw88 can return 1 or -EBUSY without scan_complete
4853
			 * iwlwifi can return various errors before scan starts
4854
			 * ...
4855
			 * So we cannot rely on that behaviour and have to check
4856
			 * and balance between both code paths.
4857
			 */
4858
			e = 0;
4859
			scan_done = true;
4860
			LKPI_80211_LHW_SCAN_LOCK(lhw);
4861
			if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4862

4863
				free(lhw->hw_req, M_LKPI80211);
4864
				lhw->hw_req = NULL;
4865
				/*
4866
				 * The ieee80211_cancel_scan() above runs in a
4867
				 * taskq and it may take ages for the previous
4868
				 * scan to clear;  starting a new one right away
4869
				 * we run into the problem that the old one is
4870
				 * still active.
4871
				 */
4872
				e = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz);
4873
				scan_done = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
4874

4875
				/*
4876
				 * Now we can clear running if no one else did.
4877
				 */
4878
				lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
4879
			}
4880
			LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4881
			lkpi_update_mcast_filter(ic);
4882
			if (!scan_done) {
4883
				ic_printf(ic, "ERROR: %s: timeout/error to wait "
4884
				    "for ieee80211_cancel_scan: %d\n", __func__, e);
4885
				return;
4886
			}
4887

4888
			/*
4889
			 * XXX-SIGH magic number.
4890
			 * rtw88 has a magic "return 1" if offloading scan is
4891
			 * not possible.  Fall back to sw scan in that case.
4892
			 */
4893
			if (error == 1) {
4894
				/*
4895
				 * We need to put this into some defered context
4896
				 * the net80211 scan may not be done yet
4897
				 * (ic_flags & IEEE80211_F_SCAN) and we cannot
4898
				 * wait here; if we do scan_curchan_task always
4899
				 * runs after our timeout to finalize the scan.
4900
				 */
4901
				ieee80211_runtask(ic, &lvif->sw_scan_task);
4902
				return;
4903
			}
4904

4905
			ic_printf(ic, "ERROR: %s: hw_scan returned %d\n",
4906
			    __func__, error);
4907
		}
4908
	}
4909
}
4910

4911
static void
4912
lkpi_sw_scan_task(void *arg, int pending __unused)
4913
{
4914
	struct lkpi_hw *lhw;
4915
	struct lkpi_vif *lvif;
4916
	struct ieee80211vap *vap;
4917
	struct ieee80211_scan_state *ss;
4918

4919
	lvif = arg;
4920
	vap = LVIF_TO_VAP(lvif);
4921
	lhw = vap->iv_ic->ic_softc;
4922
	ss = vap->iv_ic->ic_scan;
4923

4924
	LKPI_80211_LHW_SCAN_LOCK(lhw);
4925
	/*
4926
	 * We will re-enable this at scan_end calling lkpi_enable_hw_scan().
4927
	 * IEEE80211_FEXT_SCAN_OFFLOAD will be cleared by lkpi_ic_scan_start.
4928
	 */
4929
	lhw->scan_flags &= ~LKPI_LHW_SCAN_HW;
4930
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4931

4932
	TRACE_SCAN(vap->iv_ic, "Triggering SW_SCAN: pending %d, scan_flags %b",
4933
	    pending, lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4934

4935
	/*
4936
	 * This will call ic_scan_start() and we will get into the right path
4937
	 * unless other scans started in between.
4938
	 */
4939
	ieee80211_start_scan(vap,
4940
	    IEEE80211_SCAN_ONCE,
4941
	    msecs_to_ticks(10000), /* 10000 ms (=~ 50 chan * 200 ms) */
4942
	    ss->ss_mindwell ? ss->ss_mindwell : msecs_to_ticks(20),
4943
	    ss->ss_maxdwell ? ss->ss_maxdwell : msecs_to_ticks(200),
4944
	    vap->iv_des_nssid, vap->iv_des_ssid);
4945
}
4946

4947
static void
4948
lkpi_ic_scan_end(struct ieee80211com *ic)
4949
{
4950
	struct lkpi_hw *lhw;
4951
	bool is_hw_scan;
4952

4953
	lhw = ic->ic_softc;
4954
	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4955

4956
	LKPI_80211_LHW_SCAN_LOCK(lhw);
4957
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) == 0) {
4958
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4959
		return;
4960
	}
4961
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
4962
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4963

4964
	if (!is_hw_scan) {
4965
		struct ieee80211_scan_state *ss;
4966
		struct ieee80211vap *vap;
4967
		struct ieee80211_hw *hw;
4968
		struct lkpi_vif *lvif;
4969
		struct ieee80211_vif *vif;
4970

4971
		ss = ic->ic_scan;
4972
		vap = ss->ss_vap;
4973
		hw = LHW_TO_HW(lhw);
4974
		lvif = VAP_TO_LVIF(vap);
4975
		vif = LVIF_TO_VIF(lvif);
4976

4977
		lkpi_80211_mo_sw_scan_complete(hw, vif);
4978

4979
		/* Send PS to stop buffering if n80211 does not for us? */
4980

4981
		if (vap->iv_state == IEEE80211_S_SCAN)
4982
			lkpi_hw_conf_idle(hw, true);
4983
	}
4984

4985
	/*
4986
	 * In case we disabled the hw_scan in lkpi_ic_scan_start() and
4987
	 * switched to swscan, re-enable hw_scan if available.
4988
	 */
4989
	lkpi_enable_hw_scan(lhw);
4990

4991
	LKPI_80211_LHW_SCAN_LOCK(lhw);
4992
	wakeup(lhw);
4993
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4994
}
4995

4996
static void
4997
lkpi_ic_scan_curchan(struct ieee80211_scan_state *ss,
4998
    unsigned long maxdwell)
4999
{
5000
	struct lkpi_hw *lhw;
5001
	bool is_hw_scan;
5002

5003
	lhw = ss->ss_ic->ic_softc;
5004
	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d maxdwell %lu",
5005
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5006
	    ss->ss_ic->ic_curchan->ic_ieee, maxdwell);
5007

5008
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5009
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5010
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5011
	if (!is_hw_scan)
5012
		lhw->ic_scan_curchan(ss, maxdwell);
5013
}
5014

5015
static void
5016
lkpi_ic_scan_mindwell(struct ieee80211_scan_state *ss)
5017
{
5018
	struct lkpi_hw *lhw;
5019
	bool is_hw_scan;
5020

5021
	lhw = ss->ss_ic->ic_softc;
5022
	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d mindwell %lu",
5023
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5024
	    ss->ss_ic->ic_curchan->ic_ieee, ss->ss_mindwell);
5025

5026
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5027
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5028
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5029
	if (!is_hw_scan)
5030
		lhw->ic_scan_mindwell(ss);
5031
}
5032

5033
static void
5034
lkpi_ic_set_channel(struct ieee80211com *ic)
5035
{
5036
	struct lkpi_hw *lhw;
5037
	struct ieee80211_hw *hw;
5038
	struct ieee80211_channel *c;
5039
	struct linuxkpi_ieee80211_channel *chan;
5040
	int error;
5041
	bool hw_scan_running;
5042

5043
	lhw = ic->ic_softc;
5044

5045
	/* If we do not support (*config)() save us the work. */
5046
	if (lhw->ops->config == NULL)
5047
		return;
5048

5049
	/* If we have a hw_scan running do not switch channels. */
5050
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5051
	hw_scan_running =
5052
	    (lhw->scan_flags & (LKPI_LHW_SCAN_RUNNING|LKPI_LHW_SCAN_HW)) ==
5053
		(LKPI_LHW_SCAN_RUNNING|LKPI_LHW_SCAN_HW);
5054
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5055
	if (hw_scan_running)
5056
		return;
5057

5058
	c = ic->ic_curchan;
5059
	if (c == NULL || c == IEEE80211_CHAN_ANYC) {
5060
		ic_printf(ic, "%s: c %p ops->config %p\n", __func__,
5061
		    c, lhw->ops->config);
5062
		return;
5063
	}
5064

5065
	chan = lkpi_find_lkpi80211_chan(lhw, c);
5066
	if (chan == NULL) {
5067
		ic_printf(ic, "%s: c %p chan %p\n", __func__,
5068
		    c, chan);
5069
		return;
5070
	}
5071

5072
	/* XXX max power for scanning? */
5073
	IMPROVE();
5074

5075
	hw = LHW_TO_HW(lhw);
5076
	cfg80211_chandef_create(&hw->conf.chandef, chan,
5077
#ifdef LKPI_80211_HT
5078
	    (ic->ic_flags_ht & IEEE80211_FHT_HT) ? NL80211_CHAN_HT20 :
5079
#endif
5080
	    NL80211_CHAN_NO_HT);
5081

5082
	error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_CHANNEL);
5083
	if (error != 0 && error != EOPNOTSUPP) {
5084
		ic_printf(ic, "ERROR: %s: config %#0x returned %d\n",
5085
		    __func__, IEEE80211_CONF_CHANGE_CHANNEL, error);
5086
		/* XXX should we unroll to the previous chandef? */
5087
		IMPROVE();
5088
	} else {
5089
		/* Update radiotap channels as well. */
5090
		lhw->rtap_tx.wt_chan_freq = htole16(c->ic_freq);
5091
		lhw->rtap_tx.wt_chan_flags = htole16(c->ic_flags);
5092
		lhw->rtap_rx.wr_chan_freq = htole16(c->ic_freq);
5093
		lhw->rtap_rx.wr_chan_flags = htole16(c->ic_flags);
5094
	}
5095

5096
	/* Currently PS is hard coded off! Not sure it belongs here. */
5097
	IMPROVE();
5098
	if (ieee80211_hw_check(hw, SUPPORTS_PS) &&
5099
	    (hw->conf.flags & IEEE80211_CONF_PS) != 0) {
5100
		hw->conf.flags &= ~IEEE80211_CONF_PS;
5101
		error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_PS);
5102
		if (error != 0 && error != EOPNOTSUPP)
5103
			ic_printf(ic, "ERROR: %s: config %#0x returned "
5104
			    "%d\n", __func__, IEEE80211_CONF_CHANGE_PS,
5105
			    error);
5106
	}
5107
}
5108

5109
static struct ieee80211_node *
5110
lkpi_ic_node_alloc(struct ieee80211vap *vap,
5111
    const uint8_t mac[IEEE80211_ADDR_LEN])
5112
{
5113
	struct ieee80211com *ic;
5114
	struct lkpi_hw *lhw;
5115
	struct ieee80211_node *ni;
5116
	struct ieee80211_hw *hw;
5117
	struct lkpi_sta *lsta;
5118

5119
	ic = vap->iv_ic;
5120
	lhw = ic->ic_softc;
5121

5122
	/* We keep allocations de-coupled so we can deal with the two worlds. */
5123
	if (lhw->ic_node_alloc == NULL)
5124
		return (NULL);
5125

5126
	ni = lhw->ic_node_alloc(vap, mac);
5127
	if (ni == NULL)
5128
		return (NULL);
5129

5130
	hw = LHW_TO_HW(lhw);
5131
	lsta = lkpi_lsta_alloc(vap, mac, hw, ni);
5132
	if (lsta == NULL) {
5133
		if (lhw->ic_node_free != NULL)
5134
			lhw->ic_node_free(ni);
5135
		return (NULL);
5136
	}
5137

5138
	return (ni);
5139
}
5140

5141
static int
5142
lkpi_ic_node_init(struct ieee80211_node *ni)
5143
{
5144
	struct ieee80211com *ic;
5145
	struct lkpi_hw *lhw;
5146
	int error;
5147

5148
	ic = ni->ni_ic;
5149
	lhw = ic->ic_softc;
5150

5151
	if (lhw->ic_node_init != NULL) {
5152
		error = lhw->ic_node_init(ni);
5153
		if (error != 0)
5154
			return (error);
5155
	}
5156

5157
	/* XXX-BZ Sync other state over. */
5158
	IMPROVE();
5159

5160
	return (0);
5161
}
5162

5163
static void
5164
lkpi_ic_node_cleanup(struct ieee80211_node *ni)
5165
{
5166
	struct ieee80211com *ic;
5167
	struct lkpi_hw *lhw;
5168

5169
	ic = ni->ni_ic;
5170
	lhw = ic->ic_softc;
5171

5172
	/* XXX-BZ remove from driver, ... */
5173
	IMPROVE();
5174

5175
	if (lhw->ic_node_cleanup != NULL)
5176
		lhw->ic_node_cleanup(ni);
5177
}
5178

5179
static void
5180
lkpi_ic_node_free(struct ieee80211_node *ni)
5181
{
5182
	struct ieee80211com *ic;
5183
	struct lkpi_hw *lhw;
5184
	struct lkpi_sta *lsta;
5185

5186
	ic = ni->ni_ic;
5187
	lhw = ic->ic_softc;
5188
	lsta = ni->ni_drv_data;
5189

5190
	/* KASSERT lsta is not NULL here. Print ni/ni__refcnt. */
5191

5192
	/*
5193
	 * Pass in the original ni just in case of error we could check that
5194
	 * it is the same as lsta->ni.
5195
	 */
5196
	lkpi_lsta_free(lsta, ni);
5197

5198
	if (lhw->ic_node_free != NULL)
5199
		lhw->ic_node_free(ni);
5200
}
5201

5202
/*
5203
 * lkpi_xmit() called from both the (*ic_raw_xmit) as well as the (*ic_transmit)
5204
 * call path.
5205
 * Unfortunately they have slightly different invariants.  See
5206
 * ieee80211_raw_output() and ieee80211_parent_xmitpkt().
5207
 * Both take care of the ni reference in case of error, and otherwise during
5208
 * the callback after transmit.
5209
 * The difference is that in case of error (*ic_raw_xmit) needs us to release
5210
 * the mbuf, while (*ic_transmit) will free the mbuf itself.
5211
 */
5212
static int
5213
lkpi_xmit(struct ieee80211_node *ni, struct mbuf *m,
5214
    const struct ieee80211_bpf_params *params __unused,
5215
    bool freem)
5216
{
5217
	struct lkpi_sta *lsta;
5218
	int error;
5219

5220
	lsta = ni->ni_drv_data;
5221
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5222
#if 0
5223
	if (!lsta->added_to_drv || !lsta->txq_ready) {
5224
#else
5225
	/*
5226
	 * Backout this part of 886653492945f which breaks rtw88 or
5227
	 * in general drivers without (*sta_state)() but only the
5228
	 * legacy fallback to (*sta_add)().
5229
	 */
5230
	if (!lsta->txq_ready) {
5231
#endif
5232
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5233
		if (freem)
5234
			m_free(m);
5235
		return (ENETDOWN);
5236
	}
5237

5238
	/* Queue the packet and enqueue the task to handle it. */
5239
	error = mbufq_enqueue(&lsta->txq, m);
5240
	if (error != 0) {
5241
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5242
		if (freem)
5243
			m_free(m);
5244
#ifdef LINUXKPI_DEBUG_80211
5245
		if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5246
			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
5247
			    __func__, error);
5248
#endif
5249
		return (ENETDOWN);
5250
	}
5251
	taskqueue_enqueue(taskqueue_thread, &lsta->txq_task);
5252
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5253

5254
#ifdef LINUXKPI_DEBUG_80211
5255
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5256
		printf("%s:%d lsta %p ni %p %6D mbuf_qlen %d\n",
5257
		    __func__, __LINE__, lsta, ni, ni->ni_macaddr, ":",
5258
		    mbufq_len(&lsta->txq));
5259
#endif
5260

5261
	return (0);
5262
}
5263

5264
static int
5265
lkpi_ic_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
5266
        const struct ieee80211_bpf_params *params __unused)
5267
{
5268
	return (lkpi_xmit(ni, m, NULL, true));
5269
}
5270

5271
#ifdef LKPI_80211_HW_CRYPTO
5272
/*
5273
 * This is a bit of a hack given we know we are operating on a
5274
 * single frame and we know that hardware will deal with it.
5275
 * But otherwise the enmic bit and the encrypt bit need to be
5276
 * decoupled.
5277
 */
5278
static int
5279
lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
5280
    struct ieee80211_key_conf *kc, struct sk_buff *skb)
5281
{
5282
	struct ieee80211_hdr *hdr;
5283
	uint32_t hlen, hdrlen;
5284
	uint8_t *p;
5285

5286
	/*
5287
	 * TKIP only happens on data.
5288
	 */
5289
	hdr = (void *)skb->data;
5290
	if (!ieee80211_is_data_present(hdr->frame_control))
5291
		return (0);
5292

5293
	/*
5294
	 * "enmic" (though we do not do that).
5295
	 */
5296
	/* any conditions to not apply this? */
5297
	if (skb_tailroom(skb) < k->wk_cipher->ic_miclen)
5298
		return (ENOBUFS);
5299

5300
	p = skb_put(skb, k->wk_cipher->ic_miclen);
5301
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) != 0)
5302
		goto encrypt;
5303

5304
	/*
5305
	 * (*enmic) which we hopefully do not have to do with hw accel.
5306
	 * That means if we make it here we have a problem.
5307
	 */
5308
	TODO("(*enmic)");
5309
	return (ENXIO);
5310

5311
encrypt:
5312
	/*
5313
	 * "encrypt" (though we do not do that).
5314
	 */
5315
	/*
5316
	 * Check if we have anything to do as requested by driver
5317
	 * or if we are done?
5318
	 */
5319
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5320
	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
5321
			return (0);
5322

5323
	hlen = k->wk_cipher->ic_header;
5324
	if (skb_headroom(skb) < hlen)
5325
		return (ENOBUFS);
5326

5327
	hdr = (void *)skb->data;
5328
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5329
	p = skb_push(skb, hlen);
5330
	memmove(p, p + hlen, hdrlen);
5331

5332
	/* If driver request space only we are done. */
5333
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5334
		return (0);
5335

5336
	p += hdrlen;
5337
	k->wk_cipher->ic_setiv(k, p);
5338

5339
	/* If we make it hear we do sw encryption. */
5340
	TODO("sw encrypt");
5341
	return (ENXIO);
5342
}
5343

5344
static int
5345
lkpi_hw_crypto_prepare_ccmp(struct ieee80211_key *k,
5346
    struct ieee80211_key_conf *kc, struct sk_buff *skb)
5347
{
5348
	struct ieee80211_hdr *hdr;
5349
	uint32_t hlen, hdrlen;
5350
	uint8_t *p;
5351

5352
	hdr = (void *)skb->data;
5353

5354
	/*
5355
	 * Check if we have anythig to do as requested by driver
5356
	 * or if we are done?
5357
	 */
5358
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5359
	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0 &&
5360
	    /* MFP */
5361
	    !((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) != 0 &&
5362
		ieee80211_is_mgmt(hdr->frame_control)))
5363
			return (0);
5364

5365
	hlen = k->wk_cipher->ic_header;
5366
	if (skb_headroom(skb) < hlen)
5367
		return (ENOBUFS);
5368

5369
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5370
	p = skb_push(skb, hlen);
5371
	memmove(p, p + hlen, hdrlen);
5372

5373
	/* If driver request space only we are done. */
5374
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5375
		return (0);
5376

5377
	p += hdrlen;
5378
	k->wk_cipher->ic_setiv(k, p);
5379

5380
	return (0);
5381
}
5382

5383
static int
5384
lkpi_hw_crypto_prepare(struct lkpi_sta *lsta, struct ieee80211_key *k,
5385
    struct sk_buff *skb)
5386
{
5387
	struct ieee80211_tx_info *info;
5388
	struct ieee80211_key_conf *kc;
5389

5390
	KASSERT(lsta != NULL, ("%s: lsta is NULL", __func__));
5391
	KASSERT(k != NULL, ("%s: key is NULL", __func__));
5392
	KASSERT(skb != NULL, ("%s: skb is NULL", __func__));
5393

5394
	kc = lsta->kc[k->wk_keyix];
5395

5396
	info = IEEE80211_SKB_CB(skb);
5397
	info->control.hw_key = kc;
5398

5399
	/* MUST NOT happen. KASSERT? */
5400
	if (kc == NULL) {
5401
		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p skb %p, "
5402
		    "kc is NULL on hw crypto offload\n", __func__, lsta, k, skb);
5403
		return (ENXIO);
5404
	}
5405

5406
	switch (kc->cipher) {
5407
	case WLAN_CIPHER_SUITE_TKIP:
5408
		return (lkpi_hw_crypto_prepare_tkip(k, kc, skb));
5409
	case WLAN_CIPHER_SUITE_CCMP:
5410
		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5411
	case WLAN_CIPHER_SUITE_GCMP:
5412
		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5413
	case WLAN_CIPHER_SUITE_WEP40:
5414
	case WLAN_CIPHER_SUITE_WEP104:
5415
	case WLAN_CIPHER_SUITE_CCMP_256:
5416
	case WLAN_CIPHER_SUITE_GCMP_256:
5417
	case WLAN_CIPHER_SUITE_AES_CMAC:
5418
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
5419
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
5420
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
5421
	default:
5422
		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p kc %p skb %p, "
5423
		    "unsupported cipher suite %u (%s)\n", __func__, lsta, k, kc,
5424
		    skb, kc->cipher, lkpi_cipher_suite_to_name(kc->cipher));
5425
		return (EOPNOTSUPP);
5426
	}
5427
}
5428

5429
static uint8_t
5430
lkpi_hw_crypto_tailroom(struct lkpi_sta *lsta, struct ieee80211_key *k)
5431
{
5432
	struct ieee80211_key_conf *kc;
5433

5434
	kc = lsta->kc[k->wk_keyix];
5435
	if (kc == NULL)
5436
		return (0);
5437

5438
	IMPROVE("which other flags need tailroom?");
5439
	if (kc->flags & (IEEE80211_KEY_FLAG_PUT_MIC_SPACE))
5440
		return (32);	/* Large enough to hold everything and pow2. */
5441

5442
	return (0);
5443
}
5444
#endif
5445

5446
static void
5447
lkpi_80211_txq_tx_one(struct lkpi_sta *lsta, struct mbuf *m)
5448
{
5449
	struct ieee80211_node *ni;
5450
	struct ieee80211_frame *wh;
5451
	struct ieee80211_key *k;
5452
	struct sk_buff *skb;
5453
	struct ieee80211com *ic;
5454
	struct lkpi_hw *lhw;
5455
	struct ieee80211_hw *hw;
5456
	struct lkpi_vif *lvif;
5457
	struct ieee80211_vif *vif;
5458
	struct ieee80211_channel *c;
5459
	struct ieee80211_tx_control control;
5460
	struct ieee80211_tx_info *info;
5461
	struct ieee80211_sta *sta;
5462
	struct ieee80211_hdr *hdr;
5463
	struct lkpi_txq *ltxq;
5464
	void *buf;
5465
	ieee80211_keyix keyix;
5466
	uint8_t ac, tid, tailroom;
5467

5468
	M_ASSERTPKTHDR(m);
5469
#ifdef LINUXKPI_DEBUG_80211
5470
	if (linuxkpi_debug_80211 & D80211_TRACE_TX_DUMP)
5471
		hexdump(mtod(m, const void *), m->m_len, "RAW TX (plain) ", 0);
5472
#endif
5473

5474
	ni = lsta->ni;
5475
	k = NULL;
5476
	keyix = IEEE80211_KEYIX_NONE;
5477
	wh = mtod(m, struct ieee80211_frame *);
5478
	if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
5479

5480
#ifdef LKPI_80211_HW_CRYPTO
5481
		if (lkpi_hwcrypto) {
5482
			k = ieee80211_crypto_get_txkey(ni, m);
5483
			if (k != NULL && lsta->kc[k->wk_keyix] != NULL)
5484
				keyix = k->wk_keyix;
5485
		}
5486
#endif
5487

5488
		/* Encrypt the frame if need be. */
5489
		if (keyix == IEEE80211_KEYIX_NONE) {
5490
			/* Retrieve key for TX && do software encryption. */
5491
			k = ieee80211_crypto_encap(ni, m);
5492
			if (k == NULL) {
5493
				ieee80211_free_node(ni);
5494
				m_freem(m);
5495
				return;
5496
			}
5497
		}
5498
	}
5499

5500
	ic = ni->ni_ic;
5501
	lhw = ic->ic_softc;
5502
	hw = LHW_TO_HW(lhw);
5503
	c = ni->ni_chan;
5504

5505
	if (ieee80211_radiotap_active_vap(ni->ni_vap)) {
5506
		struct lkpi_radiotap_tx_hdr *rtap;
5507

5508
		rtap = &lhw->rtap_tx;
5509
		rtap->wt_flags = 0;
5510
		if (k != NULL)
5511
			rtap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
5512
		if (m->m_flags & M_FRAG)
5513
			rtap->wt_flags |= IEEE80211_RADIOTAP_F_FRAG;
5514
		IMPROVE();
5515
		rtap->wt_rate = 0;
5516
		if (c != NULL && c != IEEE80211_CHAN_ANYC) {
5517
			rtap->wt_chan_freq = htole16(c->ic_freq);
5518
			rtap->wt_chan_flags = htole16(c->ic_flags);
5519
		}
5520

5521
		ieee80211_radiotap_tx(ni->ni_vap, m);
5522
	}
5523

5524
#ifdef LKPI_80211_HW_CRYPTO
5525
	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE)
5526
		tailroom = lkpi_hw_crypto_tailroom(lsta, k);
5527
	else
5528
#endif
5529
		tailroom = 0;
5530

5531
	/*
5532
	 * net80211 should handle hw->extra_tx_headroom.
5533
	 * Though for as long as we are copying we don't mind.
5534
	 * XXX-BZ rtw88 asks for too much headroom for ipv6+tcp:
5535
	 * https://lists.freebsd.org/archives/freebsd-transport/2022-February/000012.html
5536
	 */
5537
	skb = dev_alloc_skb(hw->extra_tx_headroom + tailroom + m->m_pkthdr.len);
5538
	if (skb == NULL) {
5539
		static uint8_t skb_alloc_failures = 0;
5540

5541
		if (skb_alloc_failures++ == 0) {
5542
			int tid;
5543

5544
			sta = LSTA_TO_STA(lsta);
5545
			ic_printf(ic, "ERROR %s: skb alloc failed %d + %d, lsta %p sta %p ni %p\n",
5546
			    __func__, hw->extra_tx_headroom, m->m_pkthdr.len, lsta, sta, ni);
5547
			for (tid = 0; tid < nitems(sta->txq); tid++) {
5548
				if (sta->txq[tid] == NULL)
5549
					continue;
5550
				ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
5551
				ic_printf(ic, "  tid %d ltxq %p seen_dequeue %d stopped %d skb_queue_len %u\n",
5552
				    tid, ltxq, ltxq->seen_dequeue, ltxq->stopped, skb_queue_len(&ltxq->skbq));
5553
			}
5554
		}
5555
		ieee80211_free_node(ni);
5556
		m_freem(m);
5557
		return;
5558
	}
5559
	skb_reserve(skb, hw->extra_tx_headroom);
5560

5561
	/* XXX-BZ we need a SKB version understanding mbuf. */
5562
	/* Save the mbuf for ieee80211_tx_complete(). */
5563
	skb->m_free_func = lkpi_ieee80211_free_skb_mbuf;
5564
	skb->m = m;
5565
#if 0
5566
	skb_put_data(skb, m->m_data, m->m_pkthdr.len);
5567
#else
5568
	buf = skb_put(skb, m->m_pkthdr.len);
5569
	m_copydata(m, 0, m->m_pkthdr.len, buf);
5570
#endif
5571
	/* Save the ni. */
5572
	m->m_pkthdr.PH_loc.ptr = ni;
5573

5574
	lvif = VAP_TO_LVIF(ni->ni_vap);
5575
	vif = LVIF_TO_VIF(lvif);
5576

5577
	hdr = (void *)skb->data;
5578
	tid = linuxkpi_ieee80211_get_tid(hdr, true);
5579
	if (tid == IEEE80211_NONQOS_TID) { /* == IEEE80211_NUM_TIDS */
5580
		if (!ieee80211_is_data(hdr->frame_control)) {
5581
			/* MGMT and CTRL frames go on TID 7/VO. */
5582
			skb->priority = 7;
5583
			ac = IEEE80211_AC_VO;
5584
		} else {
5585
			/* Other non-QOS traffic goes to BE. */
5586
			/* Contrary to net80211 we MUST NOT promote M_EAPOL. */
5587
			skb->priority = 0;
5588
			ac = IEEE80211_AC_BE;
5589
		}
5590
	} else {
5591
		skb->priority = tid & IEEE80211_QOS_CTL_TID_MASK;
5592
		ac = ieee80211e_up_to_ac[tid & 7];
5593
	}
5594
	skb_set_queue_mapping(skb, ac);
5595

5596
	info = IEEE80211_SKB_CB(skb);
5597
	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
5598
	/* Slight delay; probably only happens on scanning so fine? */
5599
	if (c == NULL || c == IEEE80211_CHAN_ANYC)
5600
		c = ic->ic_curchan;
5601
	info->band = lkpi_net80211_chan_to_nl80211_band(c);
5602
	info->hw_queue = vif->hw_queue[ac];
5603
	if (m->m_flags & M_EAPOL)
5604
		info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
5605
	info->control.vif = vif;
5606
	/* XXX-BZ info->control.rates */
5607
#ifdef __notyet__
5608
#ifdef LKPI_80211_HT
5609
	info->control.rts_cts_rate_idx=
5610
	info->control.use_rts= /* RTS */
5611
	info->control.use_cts_prot= /* RTS/CTS*/
5612
#endif
5613
#endif
5614

5615
	sta = LSTA_TO_STA(lsta);
5616
#ifdef LKPI_80211_HW_CRYPTO
5617
	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE) {
5618
		int error;
5619

5620
		error = lkpi_hw_crypto_prepare(lsta, k, skb);
5621
		if (error != 0) {
5622
			/*
5623
			 * We only have to free the skb which will free the
5624
			 * mbuf and release the reference on the ni.
5625
			 */
5626
			dev_kfree_skb(skb);
5627
			return;
5628
		}
5629
	}
5630
#endif
5631

5632
	IMPROVE();
5633

5634
	ltxq = NULL;
5635
	if (!ieee80211_is_data_present(hdr->frame_control)) {
5636
		if (vif->type == NL80211_IFTYPE_STATION &&
5637
		    lsta->added_to_drv &&
5638
		    sta->txq[IEEE80211_NUM_TIDS] != NULL)
5639
			ltxq = TXQ_TO_LTXQ(sta->txq[IEEE80211_NUM_TIDS]);
5640
	} else if (lsta->added_to_drv &&
5641
	    sta->txq[skb->priority] != NULL) {
5642
		ltxq = TXQ_TO_LTXQ(sta->txq[skb->priority]);
5643
	}
5644
	if (ltxq == NULL)
5645
		goto ops_tx;
5646

5647
	KASSERT(ltxq != NULL, ("%s: lsta %p sta %p m %p skb %p "
5648
	    "ltxq %p != NULL\n", __func__, lsta, sta, m, skb, ltxq));
5649

5650
	LKPI_80211_LTXQ_LOCK(ltxq);
5651
	skb_queue_tail(&ltxq->skbq, skb);
5652
#ifdef LINUXKPI_DEBUG_80211
5653
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5654
		printf("%s:%d mo_wake_tx_queue :: %d %lu lsta %p sta %p "
5655
		    "ni %p %6D skb %p lxtq %p { qlen %u, ac %d tid %u } "
5656
		    "WAKE_TX_Q ac %d prio %u qmap %u\n",
5657
		    __func__, __LINE__,
5658
		    curthread->td_tid, jiffies,
5659
		    lsta, sta, ni, ni->ni_macaddr, ":", skb, ltxq,
5660
		    skb_queue_len(&ltxq->skbq), ltxq->txq.ac,
5661
		    ltxq->txq.tid, ac, skb->priority, skb->qmap);
5662
#endif
5663
	LKPI_80211_LTXQ_UNLOCK(ltxq);
5664
	wiphy_lock(hw->wiphy);
5665
	lkpi_80211_mo_wake_tx_queue(hw, &ltxq->txq);
5666
	wiphy_unlock(hw->wiphy);
5667
	return;
5668

5669
ops_tx:
5670
#ifdef LINUXKPI_DEBUG_80211
5671
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5672
		printf("%s:%d mo_tx :: lsta %p sta %p ni %p %6D skb %p "
5673
		    "TX ac %d prio %u qmap %u\n",
5674
		    __func__, __LINE__, lsta, sta, ni, ni->ni_macaddr, ":",
5675
		    skb, ac, skb->priority, skb->qmap);
5676
#endif
5677
	memset(&control, 0, sizeof(control));
5678
	control.sta = sta;
5679
	wiphy_lock(hw->wiphy);
5680
	lkpi_80211_mo_tx(hw, &control, skb);
5681
	wiphy_unlock(hw->wiphy);
5682
}
5683

5684
static void
5685
lkpi_80211_txq_task(void *ctx, int pending)
5686
{
5687
	struct lkpi_sta *lsta;
5688
	struct mbufq mq;
5689
	struct mbuf *m;
5690
	bool shall_tx;
5691

5692
	lsta = ctx;
5693

5694
#ifdef LINUXKPI_DEBUG_80211
5695
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5696
		printf("%s:%d lsta %p ni %p %6D pending %d mbuf_qlen %d\n",
5697
		    __func__, __LINE__, lsta, lsta->ni, lsta->ni->ni_macaddr, ":",
5698
		    pending, mbufq_len(&lsta->txq));
5699
#endif
5700

5701
	mbufq_init(&mq, IFQ_MAXLEN);
5702

5703
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5704
	/*
5705
	 * Do not re-check lsta->txq_ready here; we may have a pending
5706
	 * disassoc/deauth frame still.  On the contrary if txq_ready is
5707
	 * false we do not have a valid sta anymore in the firmware so no
5708
	 * point to try to TX.
5709
	 * We also use txq_ready as a semaphore and will drain the txq manually
5710
	 * if needed on our way towards SCAN/INIT in the state machine.
5711
	 */
5712
#if 0
5713
	shall_tx = lsta->added_to_drv && lsta->txq_ready;
5714
#else
5715
	/*
5716
	 * Backout this part of 886653492945f which breaks rtw88 or
5717
	 * in general drivers without (*sta_state)() but only the
5718
	 * legacy fallback to (*sta_add)().
5719
	 */
5720
	shall_tx = lsta->txq_ready;
5721
#endif
5722
	if (__predict_true(shall_tx))
5723
		mbufq_concat(&mq, &lsta->txq);
5724
	/*
5725
	 * else a state change will push the packets out manually or
5726
	 * lkpi_lsta_free() will drain the lsta->txq and free the mbufs.
5727
	 */
5728
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5729

5730
	m = mbufq_dequeue(&mq);
5731
	while (m != NULL) {
5732
		lkpi_80211_txq_tx_one(lsta, m);
5733
		m = mbufq_dequeue(&mq);
5734
	}
5735
}
5736

5737
static int
5738
lkpi_ic_transmit(struct ieee80211com *ic, struct mbuf *m)
5739
{
5740

5741
	/* XXX TODO */
5742
	IMPROVE();
5743

5744
	/* Quick and dirty cheating hack. */
5745
	struct ieee80211_node *ni;
5746

5747
	ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5748
	return (lkpi_xmit(ni, m, NULL, false));
5749
}
5750

5751
#ifdef LKPI_80211_HT
5752
static int
5753
lkpi_ic_recv_action(struct ieee80211_node *ni, const struct ieee80211_frame *wh,
5754
    const uint8_t *frm, const uint8_t *efrm)
5755
{
5756
	struct ieee80211com *ic;
5757
	struct lkpi_hw *lhw;
5758

5759
	ic = ni->ni_ic;
5760
	lhw = ic->ic_softc;
5761

5762
	IMPROVE_HT("recv_action called; nothing to do in lkpi; make debugging");
5763

5764
	return (lhw->ic_recv_action(ni, wh, frm, efrm));
5765
}
5766

5767
static int
5768
lkpi_ic_send_action(struct ieee80211_node *ni, int category, int action, void *sa)
5769
{
5770
	struct ieee80211com *ic;
5771
	struct lkpi_hw *lhw;
5772

5773
	ic = ni->ni_ic;
5774
	lhw = ic->ic_softc;
5775

5776
	IMPROVE_HT("send_action called; nothing to do in lkpi; make debugging");
5777

5778
	return (lhw->ic_send_action(ni, category, action, sa));
5779
}
5780

5781

5782
static int
5783
lkpi_ic_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
5784
{
5785
	struct ieee80211com *ic;
5786
	struct lkpi_hw *lhw;
5787

5788
	ic = ni->ni_ic;
5789
	lhw = ic->ic_softc;
5790

5791
	IMPROVE_HT("ieee80211_ampdu_enable called; nothing to do in lkpi for now; make debugging");
5792

5793
	return (lhw->ic_ampdu_enable(ni, tap));
5794
}
5795

5796
/*
5797
 * (*ic_addba_request)() is called by ieee80211_ampdu_request() before
5798
 * calling send_action(CAT_BA, BA_ADDBA_REQUEST).
5799
 *
5800
 * NB: returns 0 on ERROR!
5801
 */
5802
static int
5803
lkpi_ic_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5804
    int dialogtoken, int baparamset, int batimeout)
5805
{
5806
	struct ieee80211com *ic;
5807
	struct lkpi_hw *lhw;
5808
	struct ieee80211_hw *hw;
5809
	struct ieee80211vap *vap;
5810
	struct lkpi_vif *lvif;
5811
	struct ieee80211_vif *vif;
5812
	struct lkpi_sta *lsta;
5813
	struct ieee80211_sta *sta;
5814
	struct ieee80211_ampdu_params params = { };
5815
	int error;
5816

5817
	ic = ni->ni_ic;
5818
	lhw = ic->ic_softc;
5819
	hw = LHW_TO_HW(lhw);
5820
	vap = ni->ni_vap;
5821
	lvif = VAP_TO_LVIF(vap);
5822
	vif = LVIF_TO_VIF(lvif);
5823
	lsta = ni->ni_drv_data;
5824
	sta = LSTA_TO_STA(lsta);
5825

5826
	if (!lsta->added_to_drv) {
5827
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
5828
		    __func__, lsta, ni, sta);
5829
		return (0);
5830
	}
5831

5832
	params.sta = sta;
5833
	params.action = IEEE80211_AMPDU_TX_START;
5834
	/* Keep 0 here! */
5835
	params.buf_size = 0;
5836
	params.timeout = 0;
5837
	params.ssn = tap->txa_start & (IEEE80211_SEQ_RANGE-1);
5838
	params.tid = tap->txa_tid;
5839
	params.amsdu = false;
5840

5841
	IEEE80211_UNLOCK(ic);
5842
	wiphy_lock(hw->wiphy);
5843
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
5844
	wiphy_unlock(hw->wiphy);
5845
	IEEE80211_LOCK(ic);
5846
	if (error != 0) {
5847
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
5848
		    __func__, error, ni, tap);
5849
		return (0);
5850
	}
5851

5852
	return (lhw->ic_addba_request(ni, tap, dialogtoken, baparamset, batimeout));
5853
}
5854

5855
/*
5856
 * (*ic_addba_response)() is called from ht_recv_action_ba_addba_response()
5857
 * and calls the default ieee80211_addba_response() which always returns 1.
5858
 *
5859
 * NB: No error checking in net80211!
5860
 * Staying with 0 is an error.
5861
 */
5862
static int
5863
lkpi_ic_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5864
    int status, int baparamset, int batimeout)
5865
{
5866
	struct ieee80211com *ic;
5867
	struct lkpi_hw *lhw;
5868
	struct ieee80211_hw *hw;
5869
	struct ieee80211vap *vap;
5870
	struct lkpi_vif *lvif;
5871
	struct ieee80211_vif *vif;
5872
	struct lkpi_sta *lsta;
5873
	struct ieee80211_sta *sta;
5874
	struct ieee80211_ampdu_params params = { };
5875
	int error;
5876

5877
	ic = ni->ni_ic;
5878
	lhw = ic->ic_softc;
5879
	hw = LHW_TO_HW(lhw);
5880
	vap = ni->ni_vap;
5881
	lvif = VAP_TO_LVIF(vap);
5882
	vif = LVIF_TO_VIF(lvif);
5883
	lsta = ni->ni_drv_data;
5884
	sta = LSTA_TO_STA(lsta);
5885

5886
	if (!lsta->added_to_drv) {
5887
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
5888
		    __func__, lsta, ni, sta);
5889
		return (0);
5890
	}
5891

5892
	if (status == IEEE80211_STATUS_SUCCESS) {
5893
		params.sta = sta;
5894
		params.action = IEEE80211_AMPDU_TX_OPERATIONAL;
5895
		params.buf_size = tap->txa_wnd;
5896
		params.timeout = 0;
5897
		params.ssn = 0;
5898
		params.tid = tap->txa_tid;
5899
		if ((tap->txa_flags & IEEE80211_AGGR_AMSDU) != 0)
5900
			params.amsdu = true;
5901
		else
5902
			params.amsdu = false;
5903
	} else {
5904
		/* We need to free the allocated resources. */
5905
		params.sta = sta;
5906
		switch (status) {
5907
			/* params.action = FLUSH, FLUSH_CONT */
5908
		default:
5909
			params.action = IEEE80211_AMPDU_TX_STOP_CONT;
5910
			break;
5911
		}
5912
		params.buf_size = 0;
5913
		params.timeout = 0;
5914
		params.ssn = 0;
5915
		params.tid = tap->txa_tid;
5916
		params.amsdu = false;
5917
	}
5918

5919
	IEEE80211_UNLOCK(ic);
5920
	wiphy_lock(hw->wiphy);
5921
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
5922
	wiphy_unlock(hw->wiphy);
5923
	IEEE80211_LOCK(ic);
5924
	if (error != 0) {
5925
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
5926
		    __func__, error, ni, tap);
5927
		return (0);
5928
	}
5929

5930
	IMPROVE_HT("who unleashes the TXQ? and when?, do we need to ni->ni_txseqs[tid] = tap->txa_start & 0xfff;");
5931

5932
	return (lhw->ic_addba_response(ni, tap, status, baparamset, batimeout));
5933
}
5934

5935
/*
5936
 * (*ic_addba_stop)() is called from ampdu_tx_stop(), ht_recv_action_ba_delba(),
5937
 * and ieee80211_ampdu_stop() and calls the default ieee80211_addba_stop().
5938
 */
5939
static void
5940
lkpi_ic_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
5941
{
5942
	struct ieee80211com *ic;
5943
	struct lkpi_hw *lhw;
5944
	struct ieee80211_hw *hw;
5945
	struct ieee80211vap *vap;
5946
	struct lkpi_vif *lvif;
5947
	struct ieee80211_vif *vif;
5948
	struct lkpi_sta *lsta;
5949
	struct ieee80211_sta *sta;
5950
	struct ieee80211_ampdu_params params = { };
5951
	int error;
5952

5953
	ic = ni->ni_ic;
5954
	lhw = ic->ic_softc;
5955
	hw = LHW_TO_HW(lhw);
5956
	vap = ni->ni_vap;
5957
	lvif = VAP_TO_LVIF(vap);
5958
	vif = LVIF_TO_VIF(lvif);
5959
	lsta = ni->ni_drv_data;
5960
	sta = LSTA_TO_STA(lsta);
5961

5962
	if (!lsta->added_to_drv) {
5963
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
5964
		    __func__, lsta, ni, sta);
5965
		goto n80211;
5966
	}
5967

5968
	/* We need to free the allocated resources. */
5969
	params.sta = sta;
5970
	IMPROVE("net80211 does not provide a reason to us");
5971
	params.action = IEEE80211_AMPDU_TX_STOP_CONT; /* params.action = FLUSH, FLUSH_CONT */
5972
	params.buf_size = 0;
5973
	params.timeout = 0;
5974
	params.ssn = 0;
5975
	params.tid = tap->txa_tid;
5976
	params.amsdu = false;
5977

5978
	IEEE80211_UNLOCK(ic);
5979
	wiphy_lock(hw->wiphy);
5980
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
5981
	wiphy_unlock(hw->wiphy);
5982
	IEEE80211_LOCK(ic);
5983
	if (error != 0) {
5984
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
5985
		    __func__, error, ni, tap);
5986
		goto n80211;
5987
	}
5988

5989
	IMPROVE_HT("anyting else?");
5990

5991
n80211:
5992
	lhw->ic_addba_stop(ni, tap);
5993
}
5994

5995
static void
5996
lkpi_ic_addba_response_timeout(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
5997
{
5998
	struct ieee80211com *ic;
5999
	struct lkpi_hw *lhw;
6000

6001
	ic = ni->ni_ic;
6002
	lhw = ic->ic_softc;
6003

6004
	IMPROVE_HT();
6005

6006
	lhw->ic_addba_response_timeout(ni, tap);
6007
}
6008

6009
static void
6010
lkpi_ic_bar_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6011
    int status)
6012
{
6013
	struct ieee80211com *ic;
6014
	struct lkpi_hw *lhw;
6015

6016
	ic = ni->ni_ic;
6017
	lhw = ic->ic_softc;
6018

6019
	IMPROVE_HT();
6020

6021
	lhw->ic_bar_response(ni, tap, status);
6022
}
6023

6024
static int
6025
lkpi_ic_ampdu_rx_start(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap,
6026
    int baparamset, int batimeout, int baseqctl)
6027
{
6028
	struct ieee80211com *ic;
6029
	struct lkpi_hw *lhw;
6030
	struct ieee80211_hw *hw;
6031
	struct ieee80211vap *vap;
6032
	struct lkpi_vif *lvif;
6033
	struct ieee80211_vif *vif;
6034
	struct lkpi_sta *lsta;
6035
	struct ieee80211_sta *sta;
6036
	struct ieee80211_ampdu_params params = { };
6037
	int error;
6038

6039
	ic = ni->ni_ic;
6040
	lhw = ic->ic_softc;
6041
	hw = LHW_TO_HW(lhw);
6042
	vap = ni->ni_vap;
6043
	lvif = VAP_TO_LVIF(vap);
6044
	vif = LVIF_TO_VIF(lvif);
6045
	lsta = ni->ni_drv_data;
6046
	sta = LSTA_TO_STA(lsta);
6047

6048
	IEEE80211_UNLOCK_ASSERT(ic);
6049

6050
	if (!lsta->added_to_drv) {
6051
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6052
		    __func__, lsta, ni, vap, sta);
6053
		return (-ENXIO);
6054
	}
6055

6056
	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6057
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6058
		    __func__, lsta, ni, vap, sta, lsta->state);
6059
		return (-ENXIO);
6060
	}
6061

6062
	params.sta = sta;
6063
	params.action = IEEE80211_AMPDU_RX_START;
6064
	params.buf_size = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_BUFSIZ);
6065
	if (params.buf_size == 0)
6066
		params.buf_size = IEEE80211_MAX_AMPDU_BUF_HT;
6067
	else
6068
		params.buf_size = min(params.buf_size, IEEE80211_MAX_AMPDU_BUF_HT);
6069
	if (hw->max_rx_aggregation_subframes > 0 &&
6070
	    params.buf_size > hw->max_rx_aggregation_subframes)
6071
		params.buf_size = hw->max_rx_aggregation_subframes;
6072
	params.timeout = le16toh(batimeout);
6073
	params.ssn = _IEEE80211_MASKSHIFT(le16toh(baseqctl), IEEE80211_BASEQ_START);
6074
	params.tid = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_TID);
6075

6076
	/* Based on net80211::ampdu_rx_start(). */
6077
	if ((vap->iv_htcaps & IEEE80211_HTC_RX_AMSDU_AMPDU) &&
6078
	    (_IEEE80211_MASKSHIFT(baparamset, IEEE80211_BAPS_AMSDU)))
6079
		params.amsdu = true;
6080
	else
6081
		params.amsdu = false;
6082

6083
	wiphy_lock(hw->wiphy);
6084
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6085
	wiphy_unlock(hw->wiphy);
6086
	if (error != 0) {
6087
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6088
		    __func__, error, ni, rap);
6089
		return (error);
6090
	}
6091

6092
	if (!ieee80211_hw_check(hw, SUPPORTS_REORDERING_BUFFER)) {
6093
		IMPROVE("%s: TODO: SUPPORTS_REORDERING_BUFFER not set; check net80211\n", __func__);
6094
	}
6095

6096
	IMPROVE_HT("net80211 is missing the error check on return and assumes success");
6097

6098
	error = lhw->ic_ampdu_rx_start(ni, rap, baparamset, batimeout, baseqctl);
6099
	return (error);
6100
}
6101

6102
static void
6103
lkpi_ic_ampdu_rx_stop(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap)
6104
{
6105
	struct ieee80211com *ic;
6106
	struct lkpi_hw *lhw;
6107
	struct ieee80211_hw *hw;
6108
	struct ieee80211vap *vap;
6109
	struct lkpi_vif *lvif;
6110
	struct ieee80211_vif *vif;
6111
	struct lkpi_sta *lsta;
6112
	struct ieee80211_sta *sta;
6113
	struct ieee80211_ampdu_params params = { };
6114
	int error;
6115
	uint8_t tid;
6116
	bool ic_locked;
6117

6118
	ic = ni->ni_ic;
6119
	lhw = ic->ic_softc;
6120

6121
	/*
6122
	 * We should not (cannot) call into mac80211 ops with AMPDU_RX_STOP if
6123
	 * we did not START.  Some drivers pass it down to firmware which will
6124
	 * simply barf and net80211 calls ieee80211_ht_node_cleanup() from
6125
	 * ieee80211_ht_node_init() amongst others which will iterate over all
6126
	 * tid and call ic_ampdu_rx_stop() unconditionally.
6127
	 * XXX net80211 should probably be more "gentle" in these cases and
6128
	 * track some state itself.
6129
	 */
6130
	if ((rap->rxa_flags & IEEE80211_AGGR_RUNNING) == 0)
6131
		goto net80211_only;
6132

6133
	hw = LHW_TO_HW(lhw);
6134
	vap = ni->ni_vap;
6135
	lvif = VAP_TO_LVIF(vap);
6136
	vif = LVIF_TO_VIF(lvif);
6137
	lsta = ni->ni_drv_data;
6138
	if (lsta == NULL) {
6139
		ic_printf(ic, "%s: lsta %p ni %p vap %p, lsta is NULL\n",
6140
		    __func__, lsta, ni, vap);
6141
		goto net80211_only;
6142
	}
6143
	sta = LSTA_TO_STA(lsta);
6144

6145
	if (!lsta->added_to_drv) {
6146
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6147
		    __func__, lsta, ni, vap, sta);
6148
		goto net80211_only;
6149
	}
6150

6151
	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6152
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6153
		    __func__, lsta, ni, vap, sta, lsta->state);
6154
		goto net80211_only;
6155
	}
6156

6157
	IMPROVE_HT("This really should be passed from ht_recv_action_ba_delba.");
6158
	for (tid = 0; tid < WME_NUM_TID; tid++) {
6159
		if (&ni->ni_rx_ampdu[tid] == rap)
6160
			break;
6161
	}
6162
	if (tid == WME_NUM_TID) {
6163
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p TID not found\n",
6164
		    __func__, lsta, ni, vap, sta);
6165
		goto net80211_only;
6166
	}
6167

6168
	params.sta = sta;
6169
	params.action = IEEE80211_AMPDU_RX_STOP;
6170
	params.buf_size = 0;
6171
	params.timeout = 0;
6172
	params.ssn = 0;
6173
	params.tid = tid;
6174
	params.amsdu = false;
6175

6176
	ic_locked = IEEE80211_IS_LOCKED(ic);
6177
	if (ic_locked)
6178
		IEEE80211_UNLOCK(ic);
6179
	wiphy_lock(hw->wiphy);
6180
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6181
	wiphy_unlock(hw->wiphy);
6182
	if (ic_locked)
6183
		IEEE80211_LOCK(ic);
6184
	if (error != 0)
6185
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6186
		    __func__, error, ni, rap);
6187

6188
net80211_only:
6189
	lhw->ic_ampdu_rx_stop(ni, rap);
6190
}
6191
#endif
6192

6193
static void
6194
lkpi_ic_getradiocaps_ht(struct ieee80211com *ic, struct ieee80211_hw *hw,
6195
    uint8_t *bands, int *chan_flags, enum nl80211_band band)
6196
{
6197
#ifdef LKPI_80211_HT
6198
	struct ieee80211_sta_ht_cap *ht_cap;
6199

6200
	ht_cap = &hw->wiphy->bands[band]->ht_cap;
6201
	if (!ht_cap->ht_supported)
6202
		return;
6203

6204
	switch (band) {
6205
	case NL80211_BAND_2GHZ:
6206
		setbit(bands, IEEE80211_MODE_11NG);
6207
		break;
6208
	case NL80211_BAND_5GHZ:
6209
		setbit(bands, IEEE80211_MODE_11NA);
6210
		break;
6211
	default:
6212
		IMPROVE("Unsupported band %d", band);
6213
		return;
6214
	}
6215

6216
	ic->ic_htcaps = IEEE80211_HTC_HT;	/* HT operation */
6217

6218
	/*
6219
	 * Rather than manually checking each flag and
6220
	 * translating IEEE80211_HT_CAP_ to IEEE80211_HTCAP_,
6221
	 * simply copy the 16bits.
6222
	 */
6223
	ic->ic_htcaps |= ht_cap->cap;
6224

6225
	/* Then deal with the other flags. */
6226
	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6227
		ic->ic_htcaps |= IEEE80211_HTC_AMPDU;
6228
#ifdef __notyet__
6229
	if (ieee80211_hw_check(hw, TX_AMSDU))
6230
		ic->ic_htcaps |= IEEE80211_HTC_AMSDU;
6231
	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6232
		ic->ic_htcaps |= (IEEE80211_HTC_RX_AMSDU_AMPDU |
6233
		    IEEE80211_HTC_TX_AMSDU_AMPDU);
6234
#endif
6235

6236
	IMPROVE("PS, ampdu_*, ht_cap.mcs.tx_params, ...");
6237
	ic->ic_htcaps |= IEEE80211_HTCAP_SMPS_OFF;
6238

6239
	/* Only add HT40 channels if supported. */
6240
	if ((ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) != 0 &&
6241
	    chan_flags != NULL)
6242
		*chan_flags |= NET80211_CBW_FLAG_HT40;
6243
#endif
6244
}
6245

6246
static void
6247
lkpi_ic_getradiocaps(struct ieee80211com *ic, int maxchan,
6248
    int *n, struct ieee80211_channel *c)
6249
{
6250
	struct lkpi_hw *lhw;
6251
	struct ieee80211_hw *hw;
6252
	struct linuxkpi_ieee80211_channel *channels;
6253
	uint8_t bands[IEEE80211_MODE_BYTES];
6254
	int chan_flags, error, i, nchans;
6255

6256
	/* Channels */
6257
	lhw = ic->ic_softc;
6258
	hw = LHW_TO_HW(lhw);
6259

6260
	/* NL80211_BAND_2GHZ */
6261
	nchans = 0;
6262
	if (hw->wiphy->bands[NL80211_BAND_2GHZ] != NULL)
6263
		nchans = hw->wiphy->bands[NL80211_BAND_2GHZ]->n_channels;
6264
	if (nchans > 0) {
6265
		memset(bands, 0, sizeof(bands));
6266
		chan_flags = 0;
6267
		setbit(bands, IEEE80211_MODE_11B);
6268
		/* XXX-BZ unclear how to check for 11g. */
6269

6270
		IMPROVE("the bitrates may have flags?");
6271
		setbit(bands, IEEE80211_MODE_11G);
6272

6273
		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6274
		    NL80211_BAND_2GHZ);
6275

6276
		channels = hw->wiphy->bands[NL80211_BAND_2GHZ]->channels;
6277
		for (i = 0; i < nchans && *n < maxchan; i++) {
6278
			uint32_t nflags = 0;
6279
			int cflags = chan_flags;
6280

6281
			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6282
				ic_printf(ic, "%s: Skipping disabled chan "
6283
				    "[%u/%u/%#x]\n", __func__,
6284
				    channels[i].hw_value,
6285
				    channels[i].center_freq, channels[i].flags);
6286
				continue;
6287
			}
6288
			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6289
				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6290
			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6291
				nflags |= IEEE80211_CHAN_DFS;
6292
			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6293
				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6294
			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6295
				cflags &= ~NET80211_CBW_FLAG_VHT80;
6296
			/* XXX how to map the remaining enum ieee80211_channel_flags? */
6297
			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6298
				cflags &= ~NET80211_CBW_FLAG_HT40;
6299

6300
			error = ieee80211_add_channel_cbw(c, maxchan, n,
6301
			    ieee80211_mhz2ieee(channels[i].center_freq,
6302
				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6303
			    channels[i].center_freq, channels[i].max_power,
6304
			    nflags, bands, cflags);
6305
			/* net80211::ENOBUFS: *n >= maxchans */
6306
			if (error != 0 && error != ENOBUFS)
6307
				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6308
				    "returned error %d\n",
6309
				    __func__, channels[i].hw_value,
6310
				    channels[i].center_freq, channels[i].flags,
6311
				    nflags, chan_flags, cflags, error);
6312
			if (error != 0)
6313
				break;
6314
		}
6315
	}
6316

6317
	/* NL80211_BAND_5GHZ */
6318
	nchans = 0;
6319
	if (hw->wiphy->bands[NL80211_BAND_5GHZ] != NULL)
6320
		nchans = hw->wiphy->bands[NL80211_BAND_5GHZ]->n_channels;
6321
	if (nchans > 0) {
6322
		memset(bands, 0, sizeof(bands));
6323
		chan_flags = 0;
6324
		setbit(bands, IEEE80211_MODE_11A);
6325

6326
		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6327
		    NL80211_BAND_5GHZ);
6328

6329
#ifdef LKPI_80211_VHT
6330
		if (hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_supported) {
6331

6332
			ic->ic_flags_ext |= IEEE80211_FEXT_VHT;
6333
			ic->ic_vht_cap.vht_cap_info =
6334
			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.cap;
6335
			ic->ic_vht_cap.supp_mcs =
6336
			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_mcs;
6337

6338
			setbit(bands, IEEE80211_MODE_VHT_5GHZ);
6339
			chan_flags |= NET80211_CBW_FLAG_VHT80;
6340
			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160MHZ(
6341
			    ic->ic_vht_cap.vht_cap_info))
6342
				chan_flags |= NET80211_CBW_FLAG_VHT160;
6343
			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160_80P80MHZ(
6344
			    ic->ic_vht_cap.vht_cap_info))
6345
				chan_flags |= NET80211_CBW_FLAG_VHT80P80;
6346
		}
6347
#endif
6348

6349
		channels = hw->wiphy->bands[NL80211_BAND_5GHZ]->channels;
6350
		for (i = 0; i < nchans && *n < maxchan; i++) {
6351
			uint32_t nflags = 0;
6352
			int cflags = chan_flags;
6353

6354
			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6355
				ic_printf(ic, "%s: Skipping disabled chan "
6356
				    "[%u/%u/%#x]\n", __func__,
6357
				    channels[i].hw_value,
6358
				    channels[i].center_freq, channels[i].flags);
6359
				continue;
6360
			}
6361
			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6362
				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6363
			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6364
				nflags |= IEEE80211_CHAN_DFS;
6365
			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6366
				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6367
			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6368
				cflags &= ~NET80211_CBW_FLAG_VHT80;
6369
			/* XXX hwo to map the remaining enum ieee80211_channel_flags? */
6370
			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6371
				cflags &= ~NET80211_CBW_FLAG_HT40;
6372

6373
			error = ieee80211_add_channel_cbw(c, maxchan, n,
6374
			    ieee80211_mhz2ieee(channels[i].center_freq,
6375
				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6376
			    channels[i].center_freq, channels[i].max_power,
6377
			    nflags, bands, cflags);
6378
			/* net80211::ENOBUFS: *n >= maxchans */
6379
			if (error != 0 && error != ENOBUFS)
6380
				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6381
				    "returned error %d\n",
6382
				    __func__, channels[i].hw_value,
6383
				    channels[i].center_freq, channels[i].flags,
6384
				    nflags, chan_flags, cflags, error);
6385
			if (error != 0)
6386
				break;
6387
		}
6388
	}
6389
}
6390

6391
static void *
6392
lkpi_ieee80211_ifalloc(void)
6393
{
6394
	struct ieee80211com *ic;
6395

6396
	ic = malloc(sizeof(*ic), M_LKPI80211, M_WAITOK | M_ZERO);
6397

6398
	/* Setting these happens later when we have device information. */
6399
	ic->ic_softc = NULL;
6400
	ic->ic_name = "linuxkpi";
6401

6402
	return (ic);
6403
}
6404

6405
struct ieee80211_hw *
6406
linuxkpi_ieee80211_alloc_hw(size_t priv_len, const struct ieee80211_ops *ops)
6407
{
6408
	struct ieee80211_hw *hw;
6409
	struct lkpi_hw *lhw;
6410
	struct wiphy *wiphy;
6411
	int ac;
6412

6413
	/* Get us and the driver data also allocated. */
6414
	wiphy = wiphy_new(&linuxkpi_mac80211cfgops, sizeof(*lhw) + priv_len);
6415
	if (wiphy == NULL)
6416
		return (NULL);
6417

6418
	lhw = wiphy_priv(wiphy);
6419
	lhw->ops = ops;
6420

6421
	LKPI_80211_LHW_SCAN_LOCK_INIT(lhw);
6422
	LKPI_80211_LHW_TXQ_LOCK_INIT(lhw);
6423
	spin_lock_init(&lhw->txq_lock);
6424
	sx_init_flags(&lhw->lvif_sx, "lhw-lvif", SX_RECURSE | SX_DUPOK);
6425
	LKPI_80211_LHW_MC_LOCK_INIT(lhw);
6426
	TAILQ_INIT(&lhw->lvif_head);
6427
	__hw_addr_init(&lhw->mc_list);
6428
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
6429
		lhw->txq_generation[ac] = 1;
6430
		TAILQ_INIT(&lhw->scheduled_txqs[ac]);
6431
	}
6432

6433
	/* Chanctx_conf */
6434
	INIT_LIST_HEAD(&lhw->lchanctx_list);
6435

6436
	/* Deferred RX path. */
6437
	LKPI_80211_LHW_RXQ_LOCK_INIT(lhw);
6438
	TASK_INIT(&lhw->rxq_task, 0, lkpi_80211_lhw_rxq_task, lhw);
6439
	mbufq_init(&lhw->rxq, 32 * NAPI_POLL_WEIGHT);
6440
	lhw->rxq_stopped = false;
6441

6442
	/*
6443
	 * XXX-BZ TODO make sure there is a "_null" function to all ops
6444
	 * not initialized.
6445
	 */
6446
	hw = LHW_TO_HW(lhw);
6447
	hw->wiphy = wiphy;
6448
	hw->conf.flags |= IEEE80211_CONF_IDLE;
6449
	hw->priv = (void *)(lhw + 1);
6450

6451
	/* BSD Specific. */
6452
	lhw->ic = lkpi_ieee80211_ifalloc();
6453

6454
	IMPROVE();
6455

6456
	return (hw);
6457
}
6458

6459
void
6460
linuxkpi_ieee80211_iffree(struct ieee80211_hw *hw)
6461
{
6462
	struct lkpi_hw *lhw;
6463
	struct mbuf *m;
6464

6465
	lhw = HW_TO_LHW(hw);
6466
	free(lhw->ic, M_LKPI80211);
6467
	lhw->ic = NULL;
6468

6469
	/*
6470
	 * Drain the deferred RX path.
6471
	 */
6472
	LKPI_80211_LHW_RXQ_LOCK(lhw);
6473
	lhw->rxq_stopped = true;
6474
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
6475

6476
	/* Drain taskq, won't be restarted due to rxq_stopped being set. */
6477
	while (taskqueue_cancel(taskqueue_thread, &lhw->rxq_task, NULL) != 0)
6478
		taskqueue_drain(taskqueue_thread, &lhw->rxq_task);
6479

6480
	/* Flush mbufq (make sure to release ni refs!). */
6481
	m = mbufq_dequeue(&lhw->rxq);
6482
	while (m != NULL) {
6483
#ifdef LKPI_80211_USE_MTAG
6484
		struct m_tag *mtag;
6485

6486
		mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
6487
		if (mtag != NULL) {
6488
			struct lkpi_80211_tag_rxni *rxni;
6489

6490
			rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
6491
			ieee80211_free_node(rxni->ni);
6492
		}
6493
#else
6494
		if (m->m_pkthdr.PH_loc.ptr != NULL) {
6495
			struct ieee80211_node *ni;
6496

6497
			ni = m->m_pkthdr.PH_loc.ptr;
6498
			ieee80211_free_node(ni);
6499
		}
6500
#endif
6501
		m_freem(m);
6502
		m = mbufq_dequeue(&lhw->rxq);
6503
	}
6504
	KASSERT(mbufq_empty(&lhw->rxq), ("%s: lhw %p has rxq len %d != 0\n",
6505
	    __func__, lhw, mbufq_len(&lhw->rxq)));
6506
	LKPI_80211_LHW_RXQ_LOCK_DESTROY(lhw);
6507

6508
	/* Chanctx_conf. */
6509
	if (!list_empty_careful(&lhw->lchanctx_list)) {
6510
		struct lkpi_chanctx *lchanctx, *next;
6511
		struct ieee80211_chanctx_conf *chanctx_conf;
6512

6513
		list_for_each_entry_safe(lchanctx, next, &lhw->lchanctx_list, entry) {
6514
			if (lchanctx->added_to_drv) {
6515
				/* In reality we should panic? */
6516
				chanctx_conf = &lchanctx->chanctx_conf;
6517
				lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
6518
			}
6519
			list_del(&lchanctx->entry);
6520
			free(lchanctx, M_LKPI80211);
6521
		}
6522
	}
6523

6524
	LKPI_80211_LHW_MC_LOCK(lhw);
6525
	lkpi_cleanup_mcast_list_locked(lhw);
6526
	LKPI_80211_LHW_MC_UNLOCK(lhw);
6527

6528
	/* Cleanup more of lhw here or in wiphy_free()? */
6529
	spin_lock_destroy(&lhw->txq_lock);
6530
	LKPI_80211_LHW_TXQ_LOCK_DESTROY(lhw);
6531
	LKPI_80211_LHW_SCAN_LOCK_DESTROY(lhw);
6532
	sx_destroy(&lhw->lvif_sx);
6533
	LKPI_80211_LHW_MC_LOCK_DESTROY(lhw)
6534
	IMPROVE();
6535
}
6536

6537
void
6538
linuxkpi_set_ieee80211_dev(struct ieee80211_hw *hw)
6539
{
6540
	struct lkpi_hw *lhw;
6541
	struct ieee80211com *ic;
6542
	struct device *dev;
6543

6544
	lhw = HW_TO_LHW(hw);
6545
	ic = lhw->ic;
6546

6547
	/* Save the backpointer from net80211 to LinuxKPI. */
6548
	ic->ic_softc = lhw;
6549

6550
	/*
6551
	 * Set a proper name before ieee80211_ifattach() if dev is set.
6552
	 * ath1xk also unset the dev so we need to check.
6553
	 */
6554
	dev = wiphy_dev(hw->wiphy);
6555
	if (dev != NULL) {
6556
		ic->ic_name = dev_name(dev);
6557
	} else {
6558
		TODO("adjust arguments to still have the old dev or go through "
6559
		    "the hoops of getting the bsddev from hw and detach; "
6560
		    "or do in XXX; check ath1kx drivers");
6561
	}
6562

6563
	/* XXX-BZ do we also need to set wiphy name? */
6564
}
6565

6566
struct ieee80211_hw *
6567
linuxkpi_wiphy_to_ieee80211_hw(struct wiphy *wiphy)
6568
{
6569
	struct lkpi_hw *lhw;
6570

6571
	lhw = wiphy_priv(wiphy);
6572
	return (LHW_TO_HW(lhw));
6573
}
6574

6575
static void
6576
lkpi_radiotap_attach(struct lkpi_hw *lhw)
6577
{
6578
	struct ieee80211com *ic;
6579

6580
	ic = lhw->ic;
6581
	ieee80211_radiotap_attach(ic,
6582
	    &lhw->rtap_tx.wt_ihdr, sizeof(lhw->rtap_tx),
6583
	    LKPI_RTAP_TX_FLAGS_PRESENT,
6584
	    &lhw->rtap_rx.wr_ihdr, sizeof(lhw->rtap_rx),
6585
	    LKPI_RTAP_RX_FLAGS_PRESENT);
6586
}
6587

6588
int
6589
linuxkpi_ieee80211_ifattach(struct ieee80211_hw *hw)
6590
{
6591
	struct ieee80211com *ic;
6592
	struct lkpi_hw *lhw;
6593
	int band, i;
6594

6595
	lhw = HW_TO_LHW(hw);
6596
	ic = lhw->ic;
6597

6598
	/* We do it this late as wiphy->dev should be set for the name. */
6599
	lhw->workq = alloc_ordered_workqueue(wiphy_name(hw->wiphy), 0);
6600
	if (lhw->workq == NULL)
6601
		return (-EAGAIN);
6602

6603
	/* XXX-BZ figure this out how they count his... */
6604
	if (!is_zero_ether_addr(hw->wiphy->perm_addr)) {
6605
		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6606
		    hw->wiphy->perm_addr);
6607
	} else if (hw->wiphy->n_addresses > 0) {
6608
		/* We take the first one. */
6609
		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6610
		    hw->wiphy->addresses[0].addr);
6611
	} else {
6612
		ic_printf(ic, "%s: warning, no hardware address!\n", __func__);
6613
	}
6614

6615
#ifdef __not_yet__
6616
	/* See comment in lkpi_80211_txq_tx_one(). */
6617
	ic->ic_headroom = hw->extra_tx_headroom;
6618
#endif
6619

6620
	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
6621
	ic->ic_opmode = IEEE80211_M_STA;
6622

6623
	/* Set device capabilities. */
6624
	/* XXX-BZ we need to get these from linux80211/drivers and convert. */
6625
	ic->ic_caps =
6626
	    IEEE80211_C_STA |
6627
	    IEEE80211_C_MONITOR |
6628
	    IEEE80211_C_WPA |		/* WPA/RSN */
6629
#ifdef LKPI_80211_WME
6630
	    IEEE80211_C_WME |
6631
#endif
6632
#if 0
6633
	    IEEE80211_C_PMGT |
6634
#endif
6635
	    IEEE80211_C_SHSLOT |	/* short slot time supported */
6636
	    IEEE80211_C_SHPREAMBLE	/* short preamble supported */
6637
	    ;
6638

6639
#ifdef LKPI_80211_BGSCAN
6640
	if (lhw->ops->hw_scan)
6641
		ic->ic_caps |= IEEE80211_C_BGSCAN;
6642
#endif
6643

6644
	lkpi_enable_hw_scan(lhw);
6645

6646
	/* Does HW support Fragmentation offload? */
6647
	if (ieee80211_hw_check(hw, SUPPORTS_TX_FRAG))
6648
		ic->ic_flags_ext |= IEEE80211_FEXT_FRAG_OFFLOAD;
6649

6650
	/* Does HW support full AMPDU[-TX] offload? */
6651
	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6652
		ic->ic_flags_ext |= IEEE80211_FEXT_AMPDU_OFFLOAD;
6653
#ifdef __notyet__
6654
	if (ieee80211_hw_check(hw, TX_AMSDU))
6655
	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6656
#endif
6657

6658
	/*
6659
	 * The wiphy variables report bitmasks of avail antennas.
6660
	 * (*get_antenna) get the current bitmask sets which can be
6661
	 * altered by (*set_antenna) for some drivers.
6662
	 * XXX-BZ will the count alone do us much good long-term in net80211?
6663
	 */
6664
	if (hw->wiphy->available_antennas_rx ||
6665
	    hw->wiphy->available_antennas_tx) {
6666
		uint32_t rxs, txs;
6667

6668
		if (lkpi_80211_mo_get_antenna(hw, &txs, &rxs) == 0) {
6669
			ic->ic_rxstream = bitcount32(rxs);
6670
			ic->ic_txstream = bitcount32(txs);
6671
		}
6672
	}
6673

6674
	ic->ic_cryptocaps = 0;
6675
#ifdef LKPI_80211_HW_CRYPTO
6676
	if (lkpi_hwcrypto && hw->wiphy->n_cipher_suites > 0) {
6677
		uint32_t hwciphers;
6678

6679
		hwciphers = 0;
6680
		for (i = 0; i < hw->wiphy->n_cipher_suites; i++) {
6681
			uint32_t cs;
6682

6683
			cs = lkpi_l80211_to_net80211_cyphers(
6684
			    ic, hw->wiphy->cipher_suites[i]);
6685
			if (cs == IEEE80211_CRYPTO_TKIP) {
6686
				/*
6687
				 * We do set this here.  We will only find out
6688
				 * when doing a SET_KEY operation depending on
6689
				 * what the driver returns.
6690
				 * net80211::ieee80211_crypto_newkey()
6691
				 * checks this so we will have to do flags
6692
				 * surgery later.
6693
				 */
6694
				cs |= IEEE80211_CRYPTO_TKIPMIC;
6695
			}
6696
			hwciphers |= cs;
6697
		}
6698
		/*
6699
		 * (20250415) nothing anywhere in the path checks we actually
6700
		 * support all these in net80211.
6701
		 * net80211 supports _256 variants but the ioctl does not.
6702
		 */
6703
		IMPROVE("as net80211 grows more support, enable them");
6704
		hwciphers &= (IEEE80211_CRYPTO_WEP |
6705
		    IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_TKIPMIC |
6706
		    IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_AES_GCM_128);
6707
		/*
6708
		 * We only support CCMP here, so further filter.
6709
		 * Also permit TKIP if turned on.
6710
		 */
6711
		hwciphers &= (IEEE80211_CRYPTO_AES_CCM |
6712
		    IEEE80211_CRYPTO_AES_GCM_128 |
6713
		    (lkpi_hwcrypto_tkip ? (IEEE80211_CRYPTO_TKIP |
6714
		    IEEE80211_CRYPTO_TKIPMIC) : 0));
6715
		ieee80211_set_hardware_ciphers(ic, hwciphers);
6716
	}
6717
#endif
6718

6719
	lkpi_ic_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6720
	    ic->ic_channels);
6721

6722
	ieee80211_ifattach(ic);
6723

6724
	ic->ic_update_mcast = lkpi_ic_update_mcast;
6725
	ic->ic_update_promisc = lkpi_ic_update_promisc;
6726
	ic->ic_update_chw = lkpi_ic_update_chw;
6727
	ic->ic_parent = lkpi_ic_parent;
6728
	ic->ic_scan_start = lkpi_ic_scan_start;
6729
	ic->ic_scan_end = lkpi_ic_scan_end;
6730
	ic->ic_set_channel = lkpi_ic_set_channel;
6731
	ic->ic_transmit = lkpi_ic_transmit;
6732
	ic->ic_raw_xmit = lkpi_ic_raw_xmit;
6733
	ic->ic_vap_create = lkpi_ic_vap_create;
6734
	ic->ic_vap_delete = lkpi_ic_vap_delete;
6735
	ic->ic_getradiocaps = lkpi_ic_getradiocaps;
6736
	ic->ic_wme.wme_update = lkpi_ic_wme_update;
6737

6738
	lhw->ic_scan_curchan = ic->ic_scan_curchan;
6739
	ic->ic_scan_curchan = lkpi_ic_scan_curchan;
6740
	lhw->ic_scan_mindwell = ic->ic_scan_mindwell;
6741
	ic->ic_scan_mindwell = lkpi_ic_scan_mindwell;
6742

6743
	lhw->ic_node_alloc = ic->ic_node_alloc;
6744
	ic->ic_node_alloc = lkpi_ic_node_alloc;
6745
	lhw->ic_node_init = ic->ic_node_init;
6746
	ic->ic_node_init = lkpi_ic_node_init;
6747
	lhw->ic_node_cleanup = ic->ic_node_cleanup;
6748
	ic->ic_node_cleanup = lkpi_ic_node_cleanup;
6749
	lhw->ic_node_free = ic->ic_node_free;
6750
	ic->ic_node_free = lkpi_ic_node_free;
6751

6752
#ifdef LKPI_80211_HT
6753
	/*
6754
	 * Only attach if the driver/firmware supports (*ampdu_action)().
6755
	 * Otherwise it is in the hands of net80211.
6756
	 */
6757
	if (lhw->ops->ampdu_action != NULL) {
6758
		lhw->ic_recv_action = ic->ic_recv_action;
6759
		ic->ic_recv_action = lkpi_ic_recv_action;
6760
		lhw->ic_send_action = ic->ic_send_action;
6761
		ic->ic_send_action = lkpi_ic_send_action;
6762

6763
		lhw->ic_ampdu_enable = ic->ic_ampdu_enable;
6764
		ic->ic_ampdu_enable = lkpi_ic_ampdu_enable;
6765

6766
		lhw->ic_addba_request = ic->ic_addba_request;
6767
		ic->ic_addba_request = lkpi_ic_addba_request;
6768
		lhw->ic_addba_response = ic->ic_addba_response;
6769
		ic->ic_addba_response = lkpi_ic_addba_response;
6770
		lhw->ic_addba_stop = ic->ic_addba_stop;
6771
		ic->ic_addba_stop = lkpi_ic_addba_stop;
6772
		lhw->ic_addba_response_timeout = ic->ic_addba_response_timeout;
6773
		ic->ic_addba_response_timeout = lkpi_ic_addba_response_timeout;
6774

6775
		lhw->ic_bar_response = ic->ic_bar_response;
6776
		ic->ic_bar_response = lkpi_ic_bar_response;
6777

6778
		lhw->ic_ampdu_rx_start = ic->ic_ampdu_rx_start;
6779
		ic->ic_ampdu_rx_start = lkpi_ic_ampdu_rx_start;
6780
		lhw->ic_ampdu_rx_stop = ic->ic_ampdu_rx_stop;
6781
		ic->ic_ampdu_rx_stop = lkpi_ic_ampdu_rx_stop;
6782
	}
6783
#endif
6784

6785
	lkpi_radiotap_attach(lhw);
6786

6787
	/*
6788
	 * Assign the first possible channel for now;  seems Realtek drivers
6789
	 * expect one.
6790
	 * Also remember the amount of bands we support and the most rates
6791
	 * in any band so we can scale [(ext) sup rates] IE(s) accordingly.
6792
	 */
6793
	lhw->supbands = lhw->max_rates = 0;
6794
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
6795
		struct ieee80211_supported_band *supband;
6796
		struct linuxkpi_ieee80211_channel *channels;
6797

6798
		supband = hw->wiphy->bands[band];
6799
		if (supband == NULL || supband->n_channels == 0)
6800
			continue;
6801

6802
		lhw->supbands++;
6803
		lhw->max_rates = max(lhw->max_rates, supband->n_bitrates);
6804

6805
		/* If we have a channel, we need to keep counting supbands. */
6806
		if (hw->conf.chandef.chan != NULL)
6807
			continue;
6808

6809
		channels = supband->channels;
6810
		for (i = 0; i < supband->n_channels; i++) {
6811

6812
			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
6813
				continue;
6814

6815
			cfg80211_chandef_create(&hw->conf.chandef, &channels[i],
6816
#ifdef LKPI_80211_HT
6817
			    (ic->ic_flags_ht & IEEE80211_FHT_HT) ? NL80211_CHAN_HT20 :
6818
#endif
6819
			    NL80211_CHAN_NO_HT);
6820
			break;
6821
		}
6822
	}
6823

6824
	IMPROVE("see net80211::ieee80211_chan_init vs. wiphy->bands[].bitrates possibly in lkpi_ic_getradiocaps?");
6825

6826
	/* Make sure we do not support more than net80211 is willing to take. */
6827
	if (lhw->max_rates > IEEE80211_RATE_MAXSIZE) {
6828
		ic_printf(ic, "%s: limiting max_rates %d to %d!\n", __func__,
6829
		    lhw->max_rates, IEEE80211_RATE_MAXSIZE);
6830
		lhw->max_rates = IEEE80211_RATE_MAXSIZE;
6831
	}
6832

6833
	/*
6834
	 * The maximum supported bitrates on any band + size for
6835
	 * DSSS Parameter Set give our per-band IE size.
6836
	 * SSID is the responsibility of the driver and goes on the side.
6837
	 * The user specified bits coming from the vap go into the
6838
	 * "common ies" fields.
6839
	 */
6840
	lhw->scan_ie_len = 2 + IEEE80211_RATE_SIZE;
6841
	if (lhw->max_rates > IEEE80211_RATE_SIZE)
6842
		lhw->scan_ie_len += 2 + (lhw->max_rates - IEEE80211_RATE_SIZE);
6843

6844
	if (hw->wiphy->features & NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) {
6845
		/*
6846
		 * net80211 does not seem to support the DSSS Parameter Set but
6847
		 * some of the drivers insert it so calculate the extra fixed
6848
		 * space in.
6849
		 */
6850
		lhw->scan_ie_len += 2 + 1;
6851
	}
6852

6853
#if defined(LKPI_80211_HT)
6854
	if ((ic->ic_htcaps & IEEE80211_HTC_HT) != 0)
6855
		lhw->scan_ie_len += sizeof(struct ieee80211_ie_htcap);
6856
#endif
6857
#if defined(LKPI_80211_VHT)
6858
	if (IEEE80211_CONF_VHT(ic))
6859
		lhw->scan_ie_len += 2 + sizeof(struct ieee80211_vht_cap);
6860
#endif
6861

6862
	/* Reduce the max_scan_ie_len "left" by the amount we consume already. */
6863
	if (hw->wiphy->max_scan_ie_len > 0) {
6864
		if (lhw->scan_ie_len > hw->wiphy->max_scan_ie_len)
6865
			goto err;
6866
		hw->wiphy->max_scan_ie_len -= lhw->scan_ie_len;
6867
	}
6868

6869
	if (bootverbose) {
6870
		ic_printf(ic, "netdev_features %b\n", hw->netdev_features, NETIF_F_BITS);
6871
		ieee80211_announce(ic);
6872
	}
6873

6874
	return (0);
6875
err:
6876
	IMPROVE("TODO FIXME CLEANUP");
6877
	return (-EAGAIN);
6878
}
6879

6880
void
6881
linuxkpi_ieee80211_ifdetach(struct ieee80211_hw *hw)
6882
{
6883
	struct lkpi_hw *lhw;
6884
	struct ieee80211com *ic;
6885

6886
	lhw = HW_TO_LHW(hw);
6887
	ic = lhw->ic;
6888
	ieee80211_ifdetach(ic);
6889
}
6890

6891
void
6892
linuxkpi_ieee80211_iterate_interfaces(struct ieee80211_hw *hw,
6893
    enum ieee80211_iface_iter flags,
6894
    void(*iterfunc)(void *, uint8_t *, struct ieee80211_vif *),
6895
    void *arg)
6896
{
6897
	struct lkpi_hw *lhw;
6898
	struct lkpi_vif *lvif;
6899
	struct ieee80211_vif *vif;
6900
	bool active, atomic, nin_drv;
6901

6902
	lhw = HW_TO_LHW(hw);
6903

6904
	if (flags & ~(IEEE80211_IFACE_ITER_NORMAL|
6905
	    IEEE80211_IFACE_ITER_RESUME_ALL|
6906
	    IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER|
6907
	    IEEE80211_IFACE_ITER_ACTIVE|IEEE80211_IFACE_ITER__ATOMIC)) {
6908
		ic_printf(lhw->ic, "XXX TODO %s flags(%#x) not yet supported.\n",
6909
		    __func__, flags);
6910
	}
6911

6912
	active = (flags & IEEE80211_IFACE_ITER_ACTIVE) != 0;
6913
	atomic = (flags & IEEE80211_IFACE_ITER__ATOMIC) != 0;
6914
	nin_drv = (flags & IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) != 0;
6915

6916
	if (atomic)
6917
		LKPI_80211_LHW_LVIF_LOCK(lhw);
6918
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
6919
		struct ieee80211vap *vap;
6920

6921
		vif = LVIF_TO_VIF(lvif);
6922

6923
		/*
6924
		 * If we want "active" interfaces, we need to distinguish on
6925
		 * whether the driver knows about them or not to be able to
6926
		 * handle the "resume" case correctly.  Skip the ones the
6927
		 * driver does not know about.
6928
		 */
6929
		if (active && !lvif->added_to_drv &&
6930
		    (flags & IEEE80211_IFACE_ITER_RESUME_ALL) != 0)
6931
			continue;
6932

6933
		/*
6934
		 * If we shall skip interfaces not added to the driver do so
6935
		 * if we haven't yet.
6936
		 */
6937
		if (nin_drv && !lvif->added_to_drv)
6938
			continue;
6939

6940
		/*
6941
		 * Run the iterator function if we are either not asking
6942
		 * asking for active only or if the VAP is "running".
6943
		 */
6944
		/* XXX-BZ probably should have state in the lvif as well. */
6945
		vap = LVIF_TO_VAP(lvif);
6946
		if (!active || (vap->iv_state != IEEE80211_S_INIT))
6947
			iterfunc(arg, vif->addr, vif);
6948
	}
6949
	if (atomic)
6950
		LKPI_80211_LHW_LVIF_UNLOCK(lhw);
6951
}
6952

6953
static void
6954
lkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
6955
    ieee80211_keyix keyix, struct lkpi_sta *lsta,
6956
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
6957
	struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
6958
    void *arg)
6959
{
6960
	if (!lsta->added_to_drv)
6961
		return;
6962

6963
	if (lsta->kc[keyix] == NULL)
6964
		return;
6965

6966
	iterfunc(hw, vif, LSTA_TO_STA(lsta), lsta->kc[keyix], arg);
6967
}
6968

6969
void
6970
linuxkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw,
6971
    struct ieee80211_vif *vif,
6972
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
6973
        struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
6974
    void *arg, bool rcu)
6975
{
6976
	struct lkpi_sta *lsta;
6977
	struct lkpi_vif *lvif;
6978

6979
	lvif = VIF_TO_LVIF(vif);
6980

6981
	if (rcu) {
6982
		rcu_read_lock_held();		/* XXX-BZ is this correct? */
6983

6984
		if (vif == NULL) {
6985
			TODO();
6986
		} else {
6987
			list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
6988
				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
6989
				    keyix++)
6990
					lkpi_ieee80211_iterate_keys(hw, vif,
6991
					    keyix, lsta, iterfunc, arg);
6992
			}
6993
		}
6994
	} else {
6995
		TODO("Used by suspend/resume; order of keys as installed to "
6996
		"firmware is important; we'll need to rewrite some code for that");
6997
		lockdep_assert_wiphy(hw->wiphy);
6998

6999
		if (vif == NULL) {
7000
			TODO();
7001
		} else {
7002
			list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
7003
				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
7004
				    keyix++)
7005
					lkpi_ieee80211_iterate_keys(hw, vif,
7006
					    keyix, lsta, iterfunc, arg);
7007
			}
7008
		}
7009
	}
7010
}
7011

7012
void
7013
linuxkpi_ieee80211_iterate_chan_contexts(struct ieee80211_hw *hw,
7014
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_chanctx_conf *,
7015
	void *),
7016
    void *arg)
7017
{
7018
	struct lkpi_hw *lhw;
7019
	struct lkpi_chanctx *lchanctx;
7020

7021
	KASSERT(hw != NULL && iterfunc != NULL,
7022
	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7023

7024
	lhw = HW_TO_LHW(hw);
7025

7026
	rcu_read_lock();
7027
	list_for_each_entry_rcu(lchanctx, &lhw->lchanctx_list, entry) {
7028
		if (!lchanctx->added_to_drv)
7029
			continue;
7030
		iterfunc(hw, &lchanctx->chanctx_conf, arg);
7031
	}
7032
	rcu_read_unlock();
7033
}
7034

7035
void
7036
linuxkpi_ieee80211_iterate_stations_atomic(struct ieee80211_hw *hw,
7037
   void (*iterfunc)(void *, struct ieee80211_sta *), void *arg)
7038
{
7039
	struct lkpi_hw *lhw;
7040
	struct lkpi_vif *lvif;
7041
	struct lkpi_sta *lsta;
7042
	struct ieee80211_sta *sta;
7043

7044
	KASSERT(hw != NULL && iterfunc != NULL,
7045
	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7046

7047
	lhw = HW_TO_LHW(hw);
7048

7049
	LKPI_80211_LHW_LVIF_LOCK(lhw);
7050
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
7051

7052
		rcu_read_lock();
7053
		list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7054
			if (!lsta->added_to_drv)
7055
				continue;
7056
			sta = LSTA_TO_STA(lsta);
7057
			iterfunc(arg, sta);
7058
		}
7059
		rcu_read_unlock();
7060
	}
7061
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
7062
}
7063

7064
struct linuxkpi_ieee80211_regdomain *
7065
lkpi_get_linuxkpi_ieee80211_regdomain(size_t n)
7066
{
7067
	struct linuxkpi_ieee80211_regdomain *regd;
7068

7069
	regd = kzalloc(sizeof(*regd) + n * sizeof(struct ieee80211_reg_rule),
7070
	    GFP_KERNEL);
7071
	return (regd);
7072
}
7073

7074
int
7075
linuxkpi_regulatory_set_wiphy_regd_sync(struct wiphy *wiphy,
7076
    struct linuxkpi_ieee80211_regdomain *regd)
7077
{
7078
	struct lkpi_hw *lhw;
7079
	struct ieee80211com *ic;
7080
	struct ieee80211_regdomain *rd;
7081

7082
	lhw = wiphy_priv(wiphy);
7083
	ic = lhw->ic;
7084

7085
	rd = &ic->ic_regdomain;
7086
	if (rd->isocc[0] == '\0') {
7087
		rd->isocc[0] = regd->alpha2[0];
7088
		rd->isocc[1] = regd->alpha2[1];
7089
	}
7090

7091
	TODO();
7092
	/* XXX-BZ finish the rest. */
7093

7094
	return (0);
7095
}
7096

7097
void
7098
linuxkpi_ieee80211_scan_completed(struct ieee80211_hw *hw,
7099
    struct cfg80211_scan_info *info)
7100
{
7101
	struct lkpi_hw *lhw;
7102
	struct ieee80211com *ic;
7103
	struct ieee80211_scan_state *ss;
7104

7105
	lhw = wiphy_priv(hw->wiphy);
7106
	ic = lhw->ic;
7107
	ss = ic->ic_scan;
7108

7109
	TRACE_SCAN(ic, "scan_flags %b info { %ju, %6D, aborted %d }",
7110
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7111
	    (uintmax_t)info->scan_start_tsf, info->tsf_bssid, ":",
7112
	    info->aborted);
7113

7114
	ieee80211_scan_done(ss->ss_vap);
7115

7116
	LKPI_80211_LHW_SCAN_LOCK(lhw);
7117
	free(lhw->hw_req, M_LKPI80211);
7118
	lhw->hw_req = NULL;
7119
	lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
7120
	/* The wakeup(lhw) will be called from lkpi_ic_scan_end(). */
7121
	/* wakeup(lhw); */
7122
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
7123

7124
	return;
7125
}
7126

7127
static void
7128
lkpi_80211_lhw_rxq_rx_one(struct lkpi_hw *lhw, struct mbuf *m)
7129
{
7130
	struct ieee80211_node *ni;
7131
#ifdef LKPI_80211_USE_MTAG
7132
	struct m_tag *mtag;
7133
#endif
7134
	int ok;
7135

7136
	ni = NULL;
7137
#ifdef LKPI_80211_USE_MTAG
7138
        mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
7139
	if (mtag != NULL) {
7140
		struct lkpi_80211_tag_rxni *rxni;
7141

7142
		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
7143
		ni = rxni->ni;
7144
	}
7145
#else
7146
	if (m->m_pkthdr.PH_loc.ptr != NULL) {
7147
		ni = m->m_pkthdr.PH_loc.ptr;
7148
		m->m_pkthdr.PH_loc.ptr = NULL;
7149
	}
7150
#endif
7151

7152
	if (ni != NULL) {
7153
		ok = ieee80211_input_mimo(ni, m);
7154
		ieee80211_free_node(ni);		/* Release the reference. */
7155
		if (ok < 0)
7156
			m_freem(m);
7157
	} else {
7158
		ok = ieee80211_input_mimo_all(lhw->ic, m);
7159
		/* mbuf got consumed. */
7160
	}
7161

7162
#ifdef LINUXKPI_DEBUG_80211
7163
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7164
		printf("TRACE-RX: %s: handled frame type %#0x\n", __func__, ok);
7165
#endif
7166
}
7167

7168
static void
7169
lkpi_80211_lhw_rxq_task(void *ctx, int pending)
7170
{
7171
	struct lkpi_hw *lhw;
7172
	struct mbufq mq;
7173
	struct mbuf *m;
7174

7175
	lhw = ctx;
7176

7177
#ifdef LINUXKPI_DEBUG_80211
7178
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7179
		printf("TRACE-RX: %s: lhw %p pending %d mbuf_qlen %d\n",
7180
		    __func__, lhw, pending, mbufq_len(&lhw->rxq));
7181
#endif
7182

7183
	mbufq_init(&mq, IFQ_MAXLEN);
7184

7185
	LKPI_80211_LHW_RXQ_LOCK(lhw);
7186
	mbufq_concat(&mq, &lhw->rxq);
7187
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7188

7189
	m = mbufq_dequeue(&mq);
7190
	while (m != NULL) {
7191
		lkpi_80211_lhw_rxq_rx_one(lhw, m);
7192
		m = mbufq_dequeue(&mq);
7193
	}
7194
}
7195

7196
static void
7197
lkpi_convert_rx_status(struct ieee80211_hw *hw, struct lkpi_sta *lsta,
7198
    struct ieee80211_rx_status *rx_status,
7199
    struct ieee80211_rx_stats *rx_stats,
7200
    uint8_t *rssip)
7201
{
7202
	struct ieee80211_supported_band *supband;
7203
	struct rate_info rxrate;
7204
	int i;
7205
	uint8_t rssi;
7206

7207
	memset(&rxrate, 0, sizeof(rxrate));
7208
	memset(rx_stats, 0, sizeof(*rx_stats));
7209
	rx_stats->r_flags = IEEE80211_R_NF | IEEE80211_R_RSSI;
7210
	/* XXX-BZ correct hardcoded noise floor, survey data? */
7211
	rx_stats->c_nf = -96;
7212
	if (ieee80211_hw_check(hw, SIGNAL_DBM) &&
7213
	    !(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7214
		rssi = rx_status->signal;
7215
	else
7216
		rssi = rx_stats->c_nf;
7217
	/*
7218
	 * net80211 signal strength data are in .5 dBm units relative to
7219
	 * the current noise floor (see comment in ieee80211_node.h).
7220
	 */
7221
	rssi -= rx_stats->c_nf;
7222
	if (rssip != NULL)
7223
		*rssip = rssi;
7224
	rx_stats->c_rssi = rssi * 2;
7225
	rx_stats->r_flags |= IEEE80211_R_BAND;
7226
	rx_stats->c_band =
7227
	    lkpi_nl80211_band_to_net80211_band(rx_status->band);
7228
	rx_stats->r_flags |= IEEE80211_R_FREQ | IEEE80211_R_IEEE;
7229
	rx_stats->c_freq = rx_status->freq;
7230
	rx_stats->c_ieee = ieee80211_mhz2ieee(rx_stats->c_freq, rx_stats->c_band);
7231

7232
	rx_stats->c_rx_tsf = rx_status->mactime;
7233

7234
	/* XXX RX_FLAG_MACTIME_IS_RTAP_TS64 ? */
7235
	if ((rx_status->flag & RX_FLAG_MACTIME) ==
7236
	    (RX_FLAG_MACTIME_START|RX_FLAG_MACTIME_END)) {
7237
		rx_stats->r_flags |= IEEE80211_R_TSF64;
7238
		/* XXX RX_FLAG_MACTIME_PLCP_START ? */
7239
		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_START)
7240
			rx_stats->r_flags |= IEEE80211_R_TSF_START;
7241
		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_END)
7242
			rx_stats->r_flags |= IEEE80211_R_TSF_END;
7243
		/* XXX-BZ if TSF_END will net80211 do the unwind of time? */
7244
	}
7245

7246
	if (rx_status->chains != 0) {
7247
		int cc;
7248
		int8_t crssi;
7249

7250
		rx_stats->c_chain = rx_status->chains;
7251
		rx_stats->r_flags |= IEEE80211_R_C_CHAIN;
7252

7253
		cc = 0;
7254
		for (i = 0; i < nitems(rx_status->chain_signal); i++) {
7255
			if (!(rx_status->chains & BIT(i)))
7256
				continue;
7257
			crssi = rx_status->chain_signal[i];
7258
			crssi -= rx_stats->c_nf;
7259
			rx_stats->c_rssi_ctl[i] = crssi * 2;
7260
			rx_stats->c_rssi_ext[i] = crssi * 2;	/* XXX _ext ??? ATH thing? */
7261
			/* We currently only have the global noise floor value. */
7262
			rx_stats->c_nf_ctl[i] = rx_stats->c_nf;
7263
			rx_stats->c_nf_ext[i] = rx_stats->c_nf;
7264
			cc++;
7265
		}
7266
		if (cc > 0)
7267
			 rx_stats->r_flags |= (IEEE80211_R_C_NF | IEEE80211_R_C_RSSI);
7268
	}
7269

7270
	/* XXX-NET80211 We are not going to populate c_phytype! */
7271

7272
	switch (rx_status->encoding) {
7273
	case RX_ENC_LEGACY:
7274
	{
7275
		uint32_t legacy = 0;
7276

7277
		supband = hw->wiphy->bands[rx_status->band];
7278
		if (supband != NULL)
7279
			legacy = supband->bitrates[rx_status->rate_idx].bitrate;
7280
		rx_stats->c_rate = legacy;
7281
		rxrate.legacy = legacy;
7282
		/* Is there a LinuxKPI way of reporting IEEE80211_RX_F_CCK / _OFDM? */
7283
		break;
7284
	}
7285
	case RX_ENC_HT:
7286
		rx_stats->c_pktflags |= IEEE80211_RX_F_HT;
7287
		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7288
		rxrate.flags |= RATE_INFO_FLAGS_MCS;
7289
		rxrate.mcs = rx_status->rate_idx;
7290
		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7291
			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7292
			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7293
		}
7294
		break;
7295
	case RX_ENC_VHT:
7296
		rx_stats->c_pktflags |= IEEE80211_RX_F_VHT;
7297
		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7298
		rx_stats->c_vhtnss = rx_status->nss;
7299
		rxrate.flags |= RATE_INFO_FLAGS_VHT_MCS;
7300
		rxrate.mcs = rx_status->rate_idx;
7301
		rxrate.nss = rx_status->nss;
7302
		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7303
			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7304
			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7305
		}
7306
		break;
7307
	case RX_ENC_HE:
7308
		rxrate.flags |= RATE_INFO_FLAGS_HE_MCS;
7309
		rxrate.mcs = rx_status->rate_idx;
7310
		rxrate.nss = rx_status->nss;
7311
		/* XXX TODO */
7312
		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7313
		break;
7314
	case RX_ENC_EHT:
7315
		rxrate.flags |= RATE_INFO_FLAGS_EHT_MCS;
7316
		rxrate.mcs = rx_status->rate_idx;
7317
		rxrate.nss = rx_status->nss;
7318
		/* XXX TODO */
7319
		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7320
		break;
7321
	}
7322

7323
	rxrate.bw = rx_status->bw;
7324
	switch (rx_status->bw) {
7325
	case RATE_INFO_BW_20:
7326
		rx_stats->c_width = IEEE80211_RX_FW_20MHZ;
7327
		break;
7328
	case RATE_INFO_BW_40:
7329
		rx_stats->c_width = IEEE80211_RX_FW_40MHZ;
7330
		break;
7331
	case RATE_INFO_BW_80:
7332
		rx_stats->c_width = IEEE80211_RX_FW_80MHZ;
7333
		break;
7334
	case RATE_INFO_BW_160:
7335
		rx_stats->c_width = IEEE80211_RX_FW_160MHZ;
7336
		break;
7337
	case RATE_INFO_BW_320:
7338
	case RATE_INFO_BW_HE_RU:
7339
	case RATE_INFO_BW_EHT_RU:
7340
	case RATE_INFO_BW_5:
7341
	case RATE_INFO_BW_10:
7342
		TODO("net80211 has not matching bandwidth for %u", rx_status->bw);
7343
		break;
7344
	}
7345

7346
	if ((rx_status->enc_flags & RX_ENC_FLAG_LDPC) != 0)
7347
		rx_stats->c_pktflags |= IEEE80211_RX_F_LDPC;
7348
	if ((rx_status->enc_flags & RX_ENC_FLAG_STBC_MASK) != 0)
7349
		 rx_stats->c_pktflags |= IEEE80211_RX_F_STBC;
7350

7351
	/*
7352
	 * We only need these for LKPI_80211_HW_CRYPTO in theory but in
7353
	 * case the hardware does something we do not expect always leave
7354
	 * these enabled.  Leaving this commant as documentation for the || 1.
7355
	 */
7356
#if defined(LKPI_80211_HW_CRYPTO) || 1
7357
	if (rx_status->flag & RX_FLAG_DECRYPTED) {
7358
		rx_stats->c_pktflags |= IEEE80211_RX_F_DECRYPTED;
7359
		/* Only valid if decrypted is set. */
7360
		if (rx_status->flag & RX_FLAG_PN_VALIDATED)
7361
			rx_stats->c_pktflags |= IEEE80211_RX_F_PN_VALIDATED;
7362
	}
7363
	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
7364
		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
7365
	if (rx_status->flag & RX_FLAG_ICV_STRIPPED)
7366
		rx_stats->c_pktflags |= IEEE80211_RX_F_ICV_STRIP;
7367
	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
7368
		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
7369
	if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
7370
		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
7371
	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
7372
		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
7373
	if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7374
		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
7375
#endif
7376

7377
	/* Fill in some sinfo bits to fill gaps not reported byt the driver. */
7378
	if (lsta != NULL) {
7379
		memcpy(&lsta->sinfo.rxrate, &rxrate, sizeof(rxrate));
7380
		lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
7381

7382
		if (rx_status->chains != 0) {
7383
			lsta->sinfo.chains = rx_status->chains;
7384
			memcpy(lsta->sinfo.chain_signal, rx_status->chain_signal,
7385
			    sizeof(lsta->sinfo.chain_signal));
7386
			lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
7387
		}
7388
	}
7389
}
7390

7391
#ifdef LINUXKPI_DEBUG_80211
7392
static void
7393
lkpi_rx_log_beacon(struct mbuf *m, struct lkpi_hw *lhw,
7394
    struct ieee80211_rx_status *rx_status)
7395
{
7396
	struct ieee80211_mgmt *f;
7397
	uint8_t *e;
7398
	char ssid[IEEE80211_NWID_LEN * 4 + 1];
7399

7400
	memset(ssid, '\0', sizeof(ssid));
7401

7402
	f = mtod(m, struct ieee80211_mgmt *);
7403
	e = f->u.beacon.variable;
7404
	/*
7405
	 * Usually SSID is right after the fixed part and for debugging we will
7406
	 * be fine should we miss it if it is not.
7407
	 */
7408
	while ((e - (uint8_t *)f) < m->m_len) {
7409
		if (*e == IEEE80211_ELEMID_SSID)
7410
			break;
7411
		e += (2 + *(e + 1));
7412
	}
7413
	if (*e == IEEE80211_ELEMID_SSID) {
7414
		int i, len;
7415
		char *p;
7416

7417
		p = ssid;
7418
		len = m->m_len - ((e + 2) - (uint8_t *)f);
7419
		if (len > *(e + 1))
7420
			len = *(e + 1);
7421
		e += 2;
7422
		for (i = 0; i < len; i++) {
7423
			/* Printable character? */
7424
			if (*e >= 0x20 && *e < 0x7f) {
7425
				*p++ = *e++;
7426
			} else {
7427
				snprintf(p, 5, "%#04x", *e++);
7428
				p += 4;
7429
			}
7430
		}
7431
		*p = '\0';
7432
	}
7433

7434
	/* We print skb, skb->data, m as we are seeing 'ghost beacons'. */
7435
	TRACE_SCAN_BEACON(lhw->ic, "Beacon: scan_flags %b, band %s freq %u chan %-4d "
7436
	    "len %d { %#06x %#06x %6D %6D %6D %#06x %ju %u %#06x SSID '%s' }",
7437
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7438
	    lkpi_nl80211_band_name(rx_status->band), rx_status->freq,
7439
	    linuxkpi_ieee80211_frequency_to_channel(rx_status->freq, 0),
7440
	    m->m_pkthdr.len, f->frame_control, f->duration_id,
7441
	    f->da, ":", f->sa, ":", f->bssid, ":", f->seq_ctrl,
7442
	    (uintmax_t)le64_to_cpu(f->u.beacon.timestamp),
7443
	    le16_to_cpu(f->u.beacon.beacon_int),
7444
	    le16_to_cpu(f->u.beacon.capab_info), ssid);
7445
}
7446
#endif
7447

7448
/* For %list see comment towards the end of the function. */
7449
void
7450
linuxkpi_ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
7451
    struct ieee80211_sta *sta, struct napi_struct *napi __unused,
7452
    struct list_head *list __unused)
7453
{
7454
	struct lkpi_hw *lhw;
7455
	struct ieee80211com *ic;
7456
	struct mbuf *m;
7457
	struct skb_shared_info *shinfo;
7458
	struct ieee80211_rx_status *rx_status;
7459
	struct ieee80211_rx_stats rx_stats;
7460
	struct ieee80211_node *ni;
7461
	struct ieee80211vap *vap;
7462
	struct ieee80211_hdr *hdr;
7463
	struct lkpi_sta *lsta;
7464
	int i, offset, ok, error;
7465
	uint8_t rssi;
7466
	bool is_beacon;
7467

7468
	lhw = HW_TO_LHW(hw);
7469
	ic = lhw->ic;
7470

7471
	if (skb->len < 2) {
7472
		/* Need 80211 stats here. */
7473
		counter_u64_add(ic->ic_ierrors, 1);
7474
		IMPROVE();
7475
		goto err;
7476
	}
7477

7478
	/*
7479
	 * For now do the data copy; we can later improve things. Might even
7480
	 * have an mbuf backing the skb data then?
7481
	 */
7482
	m = m_get3(skb->len, M_NOWAIT, MT_DATA, M_PKTHDR);
7483
	if (m == NULL) {
7484
		counter_u64_add(ic->ic_ierrors, 1);
7485
		goto err;
7486
	}
7487
	m_copyback(m, 0, skb->tail - skb->data, skb->data);
7488

7489
	shinfo = skb_shinfo(skb);
7490
	offset = m->m_len;
7491
	for (i = 0; i < shinfo->nr_frags; i++) {
7492
		m_copyback(m, offset, shinfo->frags[i].size,
7493
		    (uint8_t *)linux_page_address(shinfo->frags[i].page) +
7494
		    shinfo->frags[i].offset);
7495
		offset += shinfo->frags[i].size;
7496
	}
7497

7498
	rx_status = IEEE80211_SKB_RXCB(skb);
7499

7500
	hdr = (void *)skb->data;
7501
	is_beacon = ieee80211_is_beacon(hdr->frame_control);
7502

7503
#ifdef LINUXKPI_DEBUG_80211
7504
	/*
7505
	 * We use the mbuf here as otherwise the variable part might
7506
	 * be in skb frags.
7507
	 */
7508
	if (is_beacon && ((linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0))
7509
		lkpi_rx_log_beacon(m, lhw, rx_status);
7510

7511
	if (is_beacon && (linuxkpi_debug_80211 & D80211_TRACE_RX_BEACONS) == 0 &&
7512
	   (linuxkpi_debug_80211 & D80211_SCAN_BEACON) == 0)
7513
		goto no_trace_beacons;
7514

7515
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7516
		printf("TRACE-RX: %s: skb %p l/d/t-len (%u/%u/%u) "
7517
		    "h %p d %p t %p e %p sh %p (%u) m %p plen %u len %u%s\n",
7518
		    __func__, skb, skb->len, skb->data_len,
7519
		    skb->truesize, skb->head, skb->data, skb->tail, skb->end,
7520
		    shinfo, shinfo->nr_frags,
7521
		    m, m->m_pkthdr.len, m->m_len, is_beacon ? " beacon" : "");
7522

7523
	if (linuxkpi_debug_80211 & D80211_TRACE_RX_DUMP)
7524
		hexdump(mtod(m, const void *), m->m_len, "RX (raw) ", 0);
7525

7526
	/* Implement a dump_rxcb() !!! */
7527
	if ((linuxkpi_debug_80211 & D80211_TRACE_RX) != 0 ||
7528
	    (linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0)
7529
		printf("TRACE-RX: %s: RXCB: %ju %ju %u, %b, %u, %#0x, %#0x, "
7530
		    "%u band %u, %u { %d %d %d %d }, %d, %#x %#x %#x %#x %u %u %u\n",
7531
			__func__,
7532
			(uintmax_t)rx_status->boottime_ns,
7533
			(uintmax_t)rx_status->mactime,
7534
			rx_status->device_timestamp,
7535
			rx_status->flag, IEEE80211_RX_STATUS_FLAGS_BITS,
7536
			rx_status->freq,
7537
			rx_status->bw,
7538
			rx_status->encoding,
7539
			rx_status->ampdu_reference,
7540
			rx_status->band,
7541
			rx_status->chains,
7542
			rx_status->chain_signal[0],
7543
			rx_status->chain_signal[1],
7544
			rx_status->chain_signal[2],
7545
			rx_status->chain_signal[3],
7546
			rx_status->signal,
7547
			rx_status->enc_flags,
7548
			rx_status->he_dcm,
7549
			rx_status->he_gi,
7550
			rx_status->he_ru,
7551
			rx_status->zero_length_psdu_type,
7552
			rx_status->nss,
7553
			rx_status->rate_idx);
7554
no_trace_beacons:
7555
#endif
7556

7557
	lsta = NULL;
7558
	if (sta != NULL) {
7559
		lsta = STA_TO_LSTA(sta);
7560
		ni = ieee80211_ref_node(lsta->ni);
7561
	} else {
7562
		struct ieee80211_frame_min *wh;
7563

7564
		wh = mtod(m, struct ieee80211_frame_min *);
7565
		ni = ieee80211_find_rxnode(ic, wh);
7566
		if (ni != NULL)
7567
			lsta = ni->ni_drv_data;
7568
	}
7569

7570
	rssi = 0;
7571
	lkpi_convert_rx_status(hw, lsta, rx_status, &rx_stats, &rssi);
7572

7573
	ok = ieee80211_add_rx_params(m, &rx_stats);
7574
	if (ok == 0) {
7575
		m_freem(m);
7576
		counter_u64_add(ic->ic_ierrors, 1);
7577
		goto err;
7578
	}
7579

7580
	if (ni != NULL)
7581
		vap = ni->ni_vap;
7582
	else
7583
		/*
7584
		 * XXX-BZ can we improve this by looking at the frame hdr
7585
		 * or other meta-data passed up?
7586
		 */
7587
		vap = TAILQ_FIRST(&ic->ic_vaps);
7588

7589
#ifdef LINUXKPI_DEBUG_80211
7590
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7591
		printf("TRACE-RX: %s: sta %p lsta %p state %d ni %p vap %p%s\n",
7592
		    __func__, sta, lsta, (lsta != NULL) ? lsta->state : -1,
7593
		    ni, vap, is_beacon ? " beacon" : "");
7594
#endif
7595

7596
	if (ni != NULL && vap != NULL && is_beacon &&
7597
	    rx_status->device_timestamp > 0 &&
7598
	    m->m_pkthdr.len >= sizeof(struct ieee80211_frame)) {
7599
		struct lkpi_vif *lvif;
7600
		struct ieee80211_vif *vif;
7601
		struct ieee80211_frame *wh;
7602

7603
		wh = mtod(m, struct ieee80211_frame *);
7604
		if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid))
7605
			goto skip_device_ts;
7606

7607
		lvif = VAP_TO_LVIF(vap);
7608
		vif = LVIF_TO_VIF(lvif);
7609

7610
		IMPROVE("TIMING_BEACON_ONLY?");
7611
		/* mac80211 specific (not net80211) so keep it here. */
7612
		vif->bss_conf.sync_device_ts = rx_status->device_timestamp;
7613
		/*
7614
		 * net80211 should take care of the other information (sync_tsf,
7615
		 * sync_dtim_count) as otherwise we need to parse the beacon.
7616
		 */
7617
skip_device_ts:
7618
		;
7619
	}
7620

7621
	if (vap != NULL && vap->iv_state > IEEE80211_S_INIT &&
7622
	    ieee80211_radiotap_active_vap(vap)) {
7623
		struct lkpi_radiotap_rx_hdr *rtap;
7624

7625
		rtap = &lhw->rtap_rx;
7626
		rtap->wr_tsft = rx_status->device_timestamp;
7627
		rtap->wr_flags = 0;
7628
		if (rx_status->enc_flags & RX_ENC_FLAG_SHORTPRE)
7629
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
7630
		if (rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI)
7631
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTGI;
7632
#if 0	/* .. or it does not given we strip it below. */
7633
		if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7634
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_FCS;
7635
#endif
7636
		if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7637
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_BADFCS;
7638
		rtap->wr_rate = 0;
7639
		IMPROVE();
7640
		/* XXX TODO status->encoding / rate_index / bw */
7641
		rtap->wr_chan_freq = htole16(rx_stats.c_freq);
7642
		if (ic->ic_curchan->ic_ieee == rx_stats.c_ieee)
7643
			rtap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
7644
		rtap->wr_dbm_antsignal = rssi;
7645
		rtap->wr_dbm_antnoise = rx_stats.c_nf;
7646
	}
7647

7648
	if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7649
		m_adj(m, -IEEE80211_CRC_LEN);
7650

7651
#if 0
7652
	if (list != NULL) {
7653
		/*
7654
		* Normally this would be queued up and delivered by
7655
		* netif_receive_skb_list(), napi_gro_receive(), or the like.
7656
		* See mt76::mac80211.c as only current possible consumer.
7657
		*/
7658
		IMPROVE("we simply pass the packet to net80211 to deal with.");
7659
	}
7660
#endif
7661

7662
	/* Attach meta-information to the mbuf for the deferred RX path. */
7663
	if (ni != NULL) {
7664
#ifdef LKPI_80211_USE_MTAG
7665
		struct m_tag *mtag;
7666
		struct lkpi_80211_tag_rxni *rxni;
7667

7668
		mtag = m_tag_alloc(MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI,
7669
		    sizeof(*rxni), IEEE80211_M_NOWAIT);
7670
		if (mtag == NULL) {
7671
			m_freem(m);
7672
			counter_u64_add(ic->ic_ierrors, 1);
7673
			goto err;
7674
		}
7675
		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
7676
		rxni->ni = ni;		/* We hold a reference. */
7677
		m_tag_prepend(m, mtag);
7678
#else
7679
		m->m_pkthdr.PH_loc.ptr = ni;	/* We hold a reference. */
7680
#endif
7681
	}
7682

7683
	LKPI_80211_LHW_RXQ_LOCK(lhw);
7684
	if (lhw->rxq_stopped) {
7685
		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7686
		m_freem(m);
7687
		counter_u64_add(ic->ic_ierrors, 1);
7688
		goto err;
7689
	}
7690

7691
	error = mbufq_enqueue(&lhw->rxq, m);
7692
	if (error != 0) {
7693
		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7694
		m_freem(m);
7695
		counter_u64_add(ic->ic_ierrors, 1);
7696
#ifdef LINUXKPI_DEBUG_80211
7697
		if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7698
			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
7699
			    __func__, error);
7700
#endif
7701
		goto err;
7702
	}
7703
	taskqueue_enqueue(taskqueue_thread, &lhw->rxq_task);
7704
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7705

7706
	IMPROVE();
7707

7708
err:
7709
	/* The skb is ours so we can free it :-) */
7710
	kfree_skb(skb);
7711
}
7712

7713
uint8_t
7714
linuxkpi_ieee80211_get_tid(struct ieee80211_hdr *hdr, bool nonqos_ok)
7715
{
7716
	const struct ieee80211_frame *wh;
7717
	uint8_t tid;
7718

7719
	/* Linux seems to assume this is a QOS-Data-Frame */
7720
	KASSERT(nonqos_ok || ieee80211_is_data_qos(hdr->frame_control),
7721
	   ("%s: hdr %p fc %#06x not qos_data\n", __func__, hdr,
7722
	   hdr->frame_control));
7723

7724
	wh = (const struct ieee80211_frame *)hdr;
7725
	tid = ieee80211_gettid(wh);
7726
	KASSERT(nonqos_ok || tid == (tid & IEEE80211_QOS_TID), ("%s: tid %u "
7727
	   "not expected (%u?)\n", __func__, tid, IEEE80211_NONQOS_TID));
7728

7729
	return (tid);
7730
}
7731

7732
/* -------------------------------------------------------------------------- */
7733

7734
static void
7735
lkpi_wiphy_work(struct work_struct *work)
7736
{
7737
	struct lkpi_wiphy *lwiphy;
7738
	struct wiphy *wiphy;
7739
	struct wiphy_work *wk;
7740

7741
	lwiphy = container_of(work, struct lkpi_wiphy, wwk);
7742
	wiphy = LWIPHY_TO_WIPHY(lwiphy);
7743

7744
	wiphy_lock(wiphy);
7745

7746
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7747
	wk = list_first_entry_or_null(&lwiphy->wwk_list, struct wiphy_work, entry);
7748
	/* If there is nothing we do nothing. */
7749
	if (wk == NULL) {
7750
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7751
		wiphy_unlock(wiphy);
7752
		return;
7753
	}
7754
	list_del_init(&wk->entry);
7755

7756
	/* More work to do? */
7757
	if (!list_empty(&lwiphy->wwk_list))
7758
		schedule_work(work);
7759
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7760

7761
	/* Finally call the (*wiphy_work_fn)() function. */
7762
	wk->fn(wiphy, wk);
7763

7764
	wiphy_unlock(wiphy);
7765
}
7766

7767
void
7768
linuxkpi_wiphy_work_queue(struct wiphy *wiphy, struct wiphy_work *wwk)
7769
{
7770
	struct lkpi_wiphy *lwiphy;
7771

7772
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7773

7774
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7775
	/* Do not double-queue. */
7776
	if (list_empty(&wwk->entry))
7777
		list_add_tail(&wwk->entry, &lwiphy->wwk_list);
7778
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7779

7780
	/*
7781
	 * See how ieee80211_queue_work() work continues in Linux or if things
7782
	 * migrate here over time?
7783
	 * Use a system queue from linux/workqueue.h for now.
7784
	 */
7785
	queue_work(system_wq, &lwiphy->wwk);
7786
}
7787

7788
void
7789
linuxkpi_wiphy_work_cancel(struct wiphy *wiphy, struct wiphy_work *wwk)
7790
{
7791
	struct lkpi_wiphy *lwiphy;
7792

7793
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7794

7795
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7796
	/* Only cancel if queued. */
7797
	if (!list_empty(&wwk->entry))
7798
		list_del_init(&wwk->entry);
7799
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7800
}
7801

7802
void
7803
linuxkpi_wiphy_work_flush(struct wiphy *wiphy, struct wiphy_work *wwk)
7804
{
7805
	struct lkpi_wiphy *lwiphy;
7806
	struct wiphy_work *wk;
7807

7808
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7809
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7810
	/* If wwk is unset, flush everything; called when wiphy is shut down. */
7811
	if (wwk != NULL && list_empty(&wwk->entry)) {
7812
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7813
		return;
7814
	}
7815

7816
	while (!list_empty(&lwiphy->wwk_list)) {
7817

7818
		wk = list_first_entry(&lwiphy->wwk_list, struct wiphy_work,
7819
		    entry);
7820
		list_del_init(&wk->entry);
7821
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7822
		wk->fn(wiphy, wk);
7823
		LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7824
		if (wk == wwk)
7825
			break;
7826
	}
7827
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7828
}
7829

7830
void
7831
lkpi_wiphy_delayed_work_timer(struct timer_list *tl)
7832
{
7833
	struct wiphy_delayed_work *wdwk;
7834

7835
	wdwk = timer_container_of(wdwk, tl, timer);
7836
        wiphy_work_queue(wdwk->wiphy, &wdwk->work);
7837
}
7838

7839
void
7840
linuxkpi_wiphy_delayed_work_queue(struct wiphy *wiphy,
7841
    struct wiphy_delayed_work *wdwk, unsigned long delay)
7842
{
7843
	if (delay == 0) {
7844
		/* Run right away. */
7845
		del_timer(&wdwk->timer);
7846
		wiphy_work_queue(wiphy, &wdwk->work);
7847
	} else {
7848
		wdwk->wiphy = wiphy;
7849
		mod_timer(&wdwk->timer, jiffies + delay);
7850
	}
7851
}
7852

7853
void
7854
linuxkpi_wiphy_delayed_work_cancel(struct wiphy *wiphy,
7855
    struct wiphy_delayed_work *wdwk)
7856
{
7857
	del_timer_sync(&wdwk->timer);
7858
	wiphy_work_cancel(wiphy, &wdwk->work);
7859
}
7860

7861
/* -------------------------------------------------------------------------- */
7862

7863
struct wiphy *
7864
linuxkpi_wiphy_new(const struct cfg80211_ops *ops, size_t priv_len)
7865
{
7866
	struct lkpi_wiphy *lwiphy;
7867
	struct wiphy *wiphy;
7868

7869
	lwiphy = kzalloc(sizeof(*lwiphy) + priv_len, GFP_KERNEL);
7870
	if (lwiphy == NULL)
7871
		return (NULL);
7872
	lwiphy->ops = ops;
7873

7874
	LKPI_80211_LWIPHY_WORK_LOCK_INIT(lwiphy);
7875
	INIT_LIST_HEAD(&lwiphy->wwk_list);
7876
	INIT_WORK(&lwiphy->wwk, lkpi_wiphy_work);
7877

7878
	wiphy = LWIPHY_TO_WIPHY(lwiphy);
7879

7880
	mutex_init(&wiphy->mtx);
7881
	TODO();
7882

7883
	return (wiphy);
7884
}
7885

7886
void
7887
linuxkpi_wiphy_free(struct wiphy *wiphy)
7888
{
7889
	struct lkpi_wiphy *lwiphy;
7890

7891
	if (wiphy == NULL)
7892
		return;
7893

7894
	linuxkpi_wiphy_work_flush(wiphy, NULL);
7895
	mutex_destroy(&wiphy->mtx);
7896

7897
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7898
	LKPI_80211_LWIPHY_WORK_LOCK_DESTROY(lwiphy);
7899

7900
	kfree(lwiphy);
7901
}
7902

7903
static uint32_t
7904
lkpi_cfg80211_calculate_bitrate_ht(struct rate_info *rate)
7905
{
7906
	TODO("cfg80211_calculate_bitrate_ht");
7907
	return (rate->legacy);
7908
}
7909

7910
static uint32_t
7911
lkpi_cfg80211_calculate_bitrate_vht(struct rate_info *rate)
7912
{
7913
	TODO("cfg80211_calculate_bitrate_vht");
7914
	return (rate->legacy);
7915
}
7916

7917
uint32_t
7918
linuxkpi_cfg80211_calculate_bitrate(struct rate_info *rate)
7919
{
7920

7921
	/* Beware: order! */
7922
	if (rate->flags & RATE_INFO_FLAGS_MCS)
7923
		return (lkpi_cfg80211_calculate_bitrate_ht(rate));
7924

7925
	if (rate->flags & RATE_INFO_FLAGS_VHT_MCS)
7926
		return (lkpi_cfg80211_calculate_bitrate_vht(rate));
7927

7928
	IMPROVE("HE/EHT/...");
7929

7930
	return (rate->legacy);
7931
}
7932

7933
uint32_t
7934
linuxkpi_ieee80211_channel_to_frequency(uint32_t channel,
7935
    enum nl80211_band band)
7936
{
7937

7938
	switch (band) {
7939
	case NL80211_BAND_2GHZ:
7940
		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_2GHZ));
7941
		break;
7942
	case NL80211_BAND_5GHZ:
7943
		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_5GHZ));
7944
		break;
7945
	default:
7946
		/* XXX abort, retry, error, panic? */
7947
		break;
7948
	}
7949

7950
	return (0);
7951
}
7952

7953
uint32_t
7954
linuxkpi_ieee80211_frequency_to_channel(uint32_t freq, uint32_t flags __unused)
7955
{
7956

7957
	return (ieee80211_mhz2ieee(freq, 0));
7958
}
7959

7960
#if 0
7961
static struct lkpi_sta *
7962
lkpi_find_lsta_by_ni(struct lkpi_vif *lvif, struct ieee80211_node *ni)
7963
{
7964
	struct lkpi_sta *lsta, *temp;
7965

7966
	rcu_read_lock();
7967
	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7968
		if (lsta->ni == ni) {
7969
			rcu_read_unlock();
7970
			return (lsta);
7971
		}
7972
	}
7973
	rcu_read_unlock();
7974

7975
	return (NULL);
7976
}
7977
#endif
7978

7979
struct ieee80211_sta *
7980
linuxkpi_ieee80211_find_sta(struct ieee80211_vif *vif, const u8 *peer)
7981
{
7982
	struct lkpi_vif *lvif;
7983
	struct lkpi_sta *lsta;
7984
	struct ieee80211_sta *sta;
7985

7986
	lvif = VIF_TO_LVIF(vif);
7987

7988
	rcu_read_lock();
7989
	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7990
		sta = LSTA_TO_STA(lsta);
7991
		if (IEEE80211_ADDR_EQ(sta->addr, peer)) {
7992
			rcu_read_unlock();
7993
			return (sta);
7994
		}
7995
	}
7996
	rcu_read_unlock();
7997
	return (NULL);
7998
}
7999

8000
struct ieee80211_sta *
8001
linuxkpi_ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
8002
    const uint8_t *addr, const uint8_t *ourvifaddr)
8003
{
8004
	struct lkpi_hw *lhw;
8005
	struct lkpi_vif *lvif;
8006
	struct lkpi_sta *lsta;
8007
	struct ieee80211_vif *vif;
8008
	struct ieee80211_sta *sta;
8009

8010
	lhw = wiphy_priv(hw->wiphy);
8011
	sta = NULL;
8012

8013
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8014
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8015

8016
		/* XXX-BZ check our address from the vif. */
8017

8018
		vif = LVIF_TO_VIF(lvif);
8019
		if (ourvifaddr != NULL &&
8020
		    !IEEE80211_ADDR_EQ(vif->addr, ourvifaddr))
8021
			continue;
8022
		sta = linuxkpi_ieee80211_find_sta(vif, addr);
8023
		if (sta != NULL)
8024
			break;
8025
	}
8026
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8027

8028
	if (sta != NULL) {
8029
		lsta = STA_TO_LSTA(sta);
8030
		if (!lsta->added_to_drv)
8031
			return (NULL);
8032
	}
8033

8034
	return (sta);
8035
}
8036

8037
struct sk_buff *
8038
linuxkpi_ieee80211_tx_dequeue(struct ieee80211_hw *hw,
8039
    struct ieee80211_txq *txq)
8040
{
8041
	struct lkpi_txq *ltxq;
8042
	struct lkpi_vif *lvif;
8043
	struct sk_buff *skb;
8044

8045
	IMPROVE("wiphy_lock? or assert?");
8046
	skb = NULL;
8047
	ltxq = TXQ_TO_LTXQ(txq);
8048
	ltxq->seen_dequeue = true;
8049

8050
	if (ltxq->stopped)
8051
		goto stopped;
8052

8053
	lvif = VIF_TO_LVIF(ltxq->txq.vif);
8054
	if (lvif->hw_queue_stopped[ltxq->txq.ac]) {
8055
		ltxq->stopped = true;
8056
		goto stopped;
8057
	}
8058

8059
	IMPROVE("hw(TX_FRAG_LIST)");
8060

8061
	LKPI_80211_LTXQ_LOCK(ltxq);
8062
	skb = skb_dequeue(&ltxq->skbq);
8063
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8064

8065
stopped:
8066
	return (skb);
8067
}
8068

8069
void
8070
linuxkpi_ieee80211_txq_get_depth(struct ieee80211_txq *txq,
8071
    unsigned long *frame_cnt, unsigned long *byte_cnt)
8072
{
8073
	struct lkpi_txq *ltxq;
8074
	struct sk_buff *skb;
8075
	unsigned long fc, bc;
8076

8077
	ltxq = TXQ_TO_LTXQ(txq);
8078

8079
	fc = bc = 0;
8080
	LKPI_80211_LTXQ_LOCK(ltxq);
8081
	skb_queue_walk(&ltxq->skbq, skb) {
8082
		fc++;
8083
		bc += skb->len;
8084
	}
8085
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8086
	if (frame_cnt)
8087
		*frame_cnt = fc;
8088
	if (byte_cnt)
8089
		*byte_cnt = bc;
8090

8091
	/* Validate that this is doing the correct thing. */
8092
	/* Should we keep track on en/dequeue? */
8093
	IMPROVE();
8094
}
8095

8096
/*
8097
 * We are called from ieee80211_free_txskb() or ieee80211_tx_status().
8098
 * The latter tries to derive the success status from the info flags
8099
 * passed back from the driver.  rawx_mit() saves the ni on the m and the
8100
 * m on the skb for us to be able to give feedback to net80211.
8101
 */
8102
static void
8103
_lkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8104
    int status)
8105
{
8106
	struct ieee80211_node *ni;
8107
	struct mbuf *m;
8108

8109
	m = skb->m;
8110
	skb->m = NULL;
8111

8112
	if (m != NULL) {
8113
		ni = m->m_pkthdr.PH_loc.ptr;
8114
		/* Status: 0 is ok, != 0 is error. */
8115
		ieee80211_tx_complete(ni, m, status);
8116
		/* ni & mbuf were consumed. */
8117
	}
8118
}
8119

8120
void
8121
linuxkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8122
    int status)
8123
{
8124

8125
	_lkpi_ieee80211_free_txskb(hw, skb, status);
8126
	kfree_skb(skb);
8127
}
8128

8129
void
8130
linuxkpi_ieee80211_tx_status_ext(struct ieee80211_hw *hw,
8131
    struct ieee80211_tx_status *txstat)
8132
{
8133
	struct sk_buff *skb;
8134
	struct ieee80211_tx_info *info;
8135
	struct ieee80211_ratectl_tx_status txs;
8136
	struct ieee80211_node *ni;
8137
	int status;
8138

8139
	skb = txstat->skb;
8140
	if (skb->m != NULL) {
8141
		struct mbuf *m;
8142

8143
		m = skb->m;
8144
		ni = m->m_pkthdr.PH_loc.ptr;
8145
		memset(&txs, 0, sizeof(txs));
8146
	} else {
8147
		ni = NULL;
8148
	}
8149

8150
	info = txstat->info;
8151
	if (info->flags & IEEE80211_TX_STAT_ACK) {
8152
		status = 0;	/* No error. */
8153
		txs.status = IEEE80211_RATECTL_TX_SUCCESS;
8154
	} else {
8155
		status = 1;
8156
		txs.status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
8157
	}
8158

8159
	if (ni != NULL) {
8160
		txs.pktlen = skb->len;
8161
		txs.flags |= IEEE80211_RATECTL_STATUS_PKTLEN;
8162
		if (info->status.rates[0].count > 1) {
8163
			txs.long_retries = info->status.rates[0].count - 1;	/* 1 + retries in drivers. */
8164
			txs.flags |= IEEE80211_RATECTL_STATUS_LONG_RETRY;
8165
		}
8166
#if 0		/* Unused in net80211 currently. */
8167
		/* XXX-BZ convert check .flags for MCS/VHT/.. */
8168
		txs.final_rate = info->status.rates[0].idx;
8169
		txs.flags |= IEEE80211_RATECTL_STATUS_FINAL_RATE;
8170
#endif
8171
		if (info->status.flags & IEEE80211_TX_STATUS_ACK_SIGNAL_VALID) {
8172
			txs.rssi = info->status.ack_signal;		/* XXX-BZ CONVERT? */
8173
			txs.flags |= IEEE80211_RATECTL_STATUS_RSSI;
8174
		}
8175

8176
		IMPROVE("only update rate if needed but that requires us to get a proper rate from mo_sta_statistics");
8177
		ieee80211_ratectl_tx_complete(ni, &txs);
8178
		ieee80211_ratectl_rate(ni->ni_vap->iv_bss, NULL, 0);
8179

8180
#ifdef LINUXKPI_DEBUG_80211
8181
		if (linuxkpi_debug_80211 & D80211_TRACE_TX) {
8182
			printf("TX-RATE: %s: long_retries %d\n", __func__,
8183
			    txs.long_retries);
8184
		}
8185
#endif
8186
	}
8187

8188
#ifdef LINUXKPI_DEBUG_80211
8189
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
8190
		printf("TX-STATUS: %s: hw %p skb %p status %d : flags %#x "
8191
		    "band %u hw_queue %u tx_time_est %d : "
8192
		    "rates [ %u %u %#x, %u %u %#x, %u %u %#x, %u %u %#x ] "
8193
		    "ack_signal %u ampdu_ack_len %u ampdu_len %u antenna %u "
8194
		    "tx_time %u flags %#x "
8195
		    "status_driver_data [ %p %p ]\n",
8196
		    __func__, hw, skb, status, info->flags,
8197
		    info->band, info->hw_queue, info->tx_time_est,
8198
		    info->status.rates[0].idx, info->status.rates[0].count,
8199
		    info->status.rates[0].flags,
8200
		    info->status.rates[1].idx, info->status.rates[1].count,
8201
		    info->status.rates[1].flags,
8202
		    info->status.rates[2].idx, info->status.rates[2].count,
8203
		    info->status.rates[2].flags,
8204
		    info->status.rates[3].idx, info->status.rates[3].count,
8205
		    info->status.rates[3].flags,
8206
		    info->status.ack_signal, info->status.ampdu_ack_len,
8207
		    info->status.ampdu_len, info->status.antenna,
8208
		    info->status.tx_time, info->status.flags,
8209
		    info->status.status_driver_data[0],
8210
		    info->status.status_driver_data[1]);
8211
#endif
8212

8213
	if (txstat->free_list) {
8214
		_lkpi_ieee80211_free_txskb(hw, skb, status);
8215
		list_add_tail(&skb->list, txstat->free_list);
8216
	} else {
8217
		linuxkpi_ieee80211_free_txskb(hw, skb, status);
8218
	}
8219
}
8220

8221
void
8222
linuxkpi_ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
8223
{
8224
	struct ieee80211_tx_status status;
8225

8226
	memset(&status, 0, sizeof(status));
8227
	status.info = IEEE80211_SKB_CB(skb);
8228
	status.skb = skb;
8229
	/* sta, n_rates, rates, free_list? */
8230

8231
	ieee80211_tx_status_ext(hw, &status);
8232
}
8233

8234
/*
8235
 * This is an internal bandaid for the moment for the way we glue
8236
 * skbs and mbufs together for TX.  Once we have skbs backed by
8237
 * mbufs this should go away.
8238
 * This is a public function but kept on the private KPI (lkpi_)
8239
 * and is not exposed by a header file.
8240
 */
8241
static void
8242
lkpi_ieee80211_free_skb_mbuf(void *p)
8243
{
8244
	struct ieee80211_node *ni;
8245
	struct mbuf *m;
8246

8247
	if (p == NULL)
8248
		return;
8249

8250
	m = (struct mbuf *)p;
8251
	M_ASSERTPKTHDR(m);
8252

8253
	ni = m->m_pkthdr.PH_loc.ptr;
8254
	m->m_pkthdr.PH_loc.ptr = NULL;
8255
	if (ni != NULL)
8256
		ieee80211_free_node(ni);
8257
	m_freem(m);
8258
}
8259

8260
void
8261
linuxkpi_ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
8262
    struct delayed_work *w, int delay)
8263
{
8264
	struct lkpi_hw *lhw;
8265

8266
	/* Need to make sure hw is in a stable (non-suspended) state. */
8267
	IMPROVE();
8268

8269
	lhw = HW_TO_LHW(hw);
8270
	queue_delayed_work(lhw->workq, w, delay);
8271
}
8272

8273
void
8274
linuxkpi_ieee80211_queue_work(struct ieee80211_hw *hw,
8275
    struct work_struct *w)
8276
{
8277
	struct lkpi_hw *lhw;
8278

8279
	/* Need to make sure hw is in a stable (non-suspended) state. */
8280
	IMPROVE();
8281

8282
	lhw = HW_TO_LHW(hw);
8283
	queue_work(lhw->workq, w);
8284
}
8285

8286
struct sk_buff *
8287
linuxkpi_ieee80211_probereq_get(struct ieee80211_hw *hw, const uint8_t *addr,
8288
    const uint8_t *ssid, size_t ssid_len, size_t tailroom)
8289
{
8290
	struct sk_buff *skb;
8291
	struct ieee80211_frame *wh;
8292
	uint8_t *p;
8293
	size_t len;
8294

8295
	len = sizeof(*wh);
8296
	len += 2 + ssid_len;
8297

8298
	skb = dev_alloc_skb(hw->extra_tx_headroom + len + tailroom);
8299
	if (skb == NULL)
8300
		return (NULL);
8301

8302
	skb_reserve(skb, hw->extra_tx_headroom);
8303

8304
	wh = skb_put_zero(skb, sizeof(*wh));
8305
	wh->i_fc[0] = IEEE80211_FC0_VERSION_0;
8306
	wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PROBE_REQ | IEEE80211_FC0_TYPE_MGT;
8307
	IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
8308
	IEEE80211_ADDR_COPY(wh->i_addr2, addr);
8309
	IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr);
8310

8311
	p = skb_put(skb, 2 + ssid_len);
8312
	*p++ = IEEE80211_ELEMID_SSID;
8313
	*p++ = ssid_len;
8314
	if (ssid_len > 0)
8315
		memcpy(p, ssid, ssid_len);
8316

8317
	return (skb);
8318
}
8319

8320
struct sk_buff *
8321
linuxkpi_ieee80211_pspoll_get(struct ieee80211_hw *hw,
8322
    struct ieee80211_vif *vif)
8323
{
8324
	struct lkpi_vif *lvif;
8325
	struct ieee80211vap *vap;
8326
	struct sk_buff *skb;
8327
	struct ieee80211_frame_pspoll *psp;
8328
	uint16_t v;
8329

8330
	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*psp));
8331
	if (skb == NULL)
8332
		return (NULL);
8333

8334
	skb_reserve(skb, hw->extra_tx_headroom);
8335

8336
	lvif = VIF_TO_LVIF(vif);
8337
	vap = LVIF_TO_VAP(lvif);
8338

8339
	psp = skb_put_zero(skb, sizeof(*psp));
8340
	psp->i_fc[0] = IEEE80211_FC0_VERSION_0;
8341
	psp->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PS_POLL | IEEE80211_FC0_TYPE_CTL;
8342
	v = htole16(vif->cfg.aid | 1<<15 | 1<<16);
8343
	memcpy(&psp->i_aid, &v, sizeof(v));
8344
	IEEE80211_ADDR_COPY(psp->i_bssid, vap->iv_bss->ni_macaddr);
8345
	IEEE80211_ADDR_COPY(psp->i_ta, vif->addr);
8346

8347
	return (skb);
8348
}
8349

8350
struct sk_buff *
8351
linuxkpi_ieee80211_nullfunc_get(struct ieee80211_hw *hw,
8352
    struct ieee80211_vif *vif, int linkid, bool qos)
8353
{
8354
	struct lkpi_vif *lvif;
8355
	struct ieee80211vap *vap;
8356
	struct sk_buff *skb;
8357
	struct ieee80211_frame *nullf;
8358

8359
	IMPROVE("linkid");
8360

8361
	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*nullf));
8362
	if (skb == NULL)
8363
		return (NULL);
8364

8365
	skb_reserve(skb, hw->extra_tx_headroom);
8366

8367
	lvif = VIF_TO_LVIF(vif);
8368
	vap = LVIF_TO_VAP(lvif);
8369

8370
	nullf = skb_put_zero(skb, sizeof(*nullf));
8371
	nullf->i_fc[0] = IEEE80211_FC0_VERSION_0;
8372
	nullf->i_fc[0] |= IEEE80211_FC0_SUBTYPE_NODATA | IEEE80211_FC0_TYPE_DATA;
8373
	nullf->i_fc[1] = IEEE80211_FC1_DIR_TODS;
8374

8375
	IEEE80211_ADDR_COPY(nullf->i_addr1, vap->iv_bss->ni_bssid);
8376
	IEEE80211_ADDR_COPY(nullf->i_addr2, vif->addr);
8377
	IEEE80211_ADDR_COPY(nullf->i_addr3, vap->iv_bss->ni_macaddr);
8378

8379
	return (skb);
8380
}
8381

8382
struct wireless_dev *
8383
linuxkpi_ieee80211_vif_to_wdev(struct ieee80211_vif *vif)
8384
{
8385
	struct lkpi_vif *lvif;
8386

8387
	lvif = VIF_TO_LVIF(vif);
8388
	return (&lvif->wdev);
8389
}
8390

8391
void
8392
linuxkpi_ieee80211_connection_loss(struct ieee80211_vif *vif)
8393
{
8394
	struct lkpi_vif *lvif;
8395
	struct ieee80211vap *vap;
8396
	enum ieee80211_state nstate;
8397
	int arg;
8398

8399
	lvif = VIF_TO_LVIF(vif);
8400
	vap = LVIF_TO_VAP(lvif);
8401

8402
	/*
8403
	 * Go to init; otherwise we need to elaborately check state and
8404
	 * handle accordingly, e.g., if in RUN we could call iv_bmiss.
8405
	 * Let the statemachine handle all neccessary changes.
8406
	 */
8407
	nstate = IEEE80211_S_INIT;
8408
	arg = 0;	/* Not a valid reason. */
8409

8410
	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8411
	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8412
	    ieee80211_state_name[vap->iv_state],
8413
	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8414
	    vif->bss_conf.dtim_period);
8415
	ieee80211_new_state(vap, nstate, arg);
8416
}
8417

8418
void
8419
linuxkpi_ieee80211_beacon_loss(struct ieee80211_vif *vif)
8420
{
8421
	struct lkpi_vif *lvif;
8422
	struct ieee80211vap *vap;
8423

8424
	lvif = VIF_TO_LVIF(vif);
8425
	vap = LVIF_TO_VAP(lvif);
8426

8427
	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8428
	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8429
	    ieee80211_state_name[vap->iv_state],
8430
	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8431
	    vif->bss_conf.dtim_period);
8432
	ieee80211_beacon_miss(vap->iv_ic);
8433
}
8434

8435
/* -------------------------------------------------------------------------- */
8436

8437
void
8438
linuxkpi_ieee80211_stop_queue(struct ieee80211_hw *hw, int qnum)
8439
{
8440
	struct lkpi_hw *lhw;
8441
	struct lkpi_vif *lvif;
8442
	struct ieee80211_vif *vif;
8443
	int ac_count, ac;
8444

8445
	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
8446
	    __func__, qnum, hw->queues, hw));
8447

8448
	lhw = wiphy_priv(hw->wiphy);
8449

8450
	/* See lkpi_ic_vap_create(). */
8451
	if (hw->queues >= IEEE80211_NUM_ACS)
8452
		ac_count = IEEE80211_NUM_ACS;
8453
	else
8454
		ac_count = 1;
8455

8456
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8457
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8458

8459
		vif = LVIF_TO_VIF(lvif);
8460
		for (ac = 0; ac < ac_count; ac++) {
8461
			IMPROVE_TXQ("LOCKING");
8462
			if (qnum == vif->hw_queue[ac]) {
8463
#ifdef LINUXKPI_DEBUG_80211
8464
				/*
8465
				 * For now log this to better understand
8466
				 * how this is supposed to work.
8467
				 */
8468
				if (lvif->hw_queue_stopped[ac] &&
8469
				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8470
					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8471
					    "lvif %p vif %p ac %d qnum %d already "
8472
					    "stopped\n", __func__, __LINE__,
8473
					    lhw, hw, lvif, vif, ac, qnum);
8474
#endif
8475
				lvif->hw_queue_stopped[ac] = true;
8476
			}
8477
		}
8478
	}
8479
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8480
}
8481

8482
void
8483
linuxkpi_ieee80211_stop_queues(struct ieee80211_hw *hw)
8484
{
8485
	int i;
8486

8487
	IMPROVE_TXQ("Locking; do we need further info?");
8488
	for (i = 0; i < hw->queues; i++)
8489
		linuxkpi_ieee80211_stop_queue(hw, i);
8490
}
8491

8492

8493
static void
8494
lkpi_ieee80211_wake_queues(struct ieee80211_hw *hw, int hwq)
8495
{
8496
	struct lkpi_hw *lhw;
8497
	struct lkpi_vif *lvif;
8498
	struct lkpi_sta *lsta;
8499
	int ac_count, ac, tid;
8500

8501
	/* See lkpi_ic_vap_create(). */
8502
	if (hw->queues >= IEEE80211_NUM_ACS)
8503
		ac_count = IEEE80211_NUM_ACS;
8504
	else
8505
		ac_count = 1;
8506

8507
	lhw = wiphy_priv(hw->wiphy);
8508

8509
	IMPROVE_TXQ("Locking");
8510
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8511
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8512
		struct ieee80211_vif *vif;
8513

8514
		vif = LVIF_TO_VIF(lvif);
8515
		for (ac = 0; ac < ac_count; ac++) {
8516

8517
			if (hwq == vif->hw_queue[ac]) {
8518

8519
				/* XXX-BZ what about software scan? */
8520

8521
#ifdef LINUXKPI_DEBUG_80211
8522
				/*
8523
				 * For now log this to better understand
8524
				 * how this is supposed to work.
8525
				 */
8526
				if (!lvif->hw_queue_stopped[ac] &&
8527
				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8528
					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8529
					    "lvif %p vif %p ac %d hw_q not stopped\n",
8530
					    __func__, __LINE__,
8531
					    lhw, hw, lvif, vif, ac);
8532
#endif
8533
				lvif->hw_queue_stopped[ac] = false;
8534

8535
				rcu_read_lock();
8536
				list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8537
					struct ieee80211_sta *sta;
8538

8539
					sta = LSTA_TO_STA(lsta);
8540
					for (tid = 0; tid < nitems(sta->txq); tid++) {
8541
						struct lkpi_txq *ltxq;
8542

8543
						if (sta->txq[tid] == NULL)
8544
							continue;
8545

8546
						if (sta->txq[tid]->ac != ac)
8547
							continue;
8548

8549
						ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
8550
						if (!ltxq->stopped)
8551
							continue;
8552

8553
						ltxq->stopped = false;
8554

8555
						if (!skb_queue_empty(&ltxq->skbq))
8556
							lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid]);
8557
					}
8558
				}
8559
				rcu_read_unlock();
8560
			}
8561
		}
8562
	}
8563
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8564
}
8565

8566
static void
8567
lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *hw)
8568
{
8569
	int i;
8570

8571
	IMPROVE_TXQ("Is this all/enough here?");
8572
	for (i = 0; i < hw->queues; i++)
8573
		lkpi_ieee80211_wake_queues(hw, i);
8574
}
8575

8576
void
8577
linuxkpi_ieee80211_wake_queues(struct ieee80211_hw *hw)
8578
{
8579
	struct lkpi_hw *lhw;
8580
	unsigned long flags;
8581

8582
	lhw = HW_TO_LHW(hw);
8583

8584
	spin_lock_irqsave(&lhw->txq_lock, flags);
8585
	lkpi_ieee80211_wake_queues_locked(hw);
8586
	spin_unlock_irqrestore(&lhw->txq_lock, flags);
8587
}
8588

8589
void
8590
linuxkpi_ieee80211_wake_queue(struct ieee80211_hw *hw, int qnum)
8591
{
8592
	struct lkpi_hw *lhw;
8593
	unsigned long flags;
8594

8595
	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
8596
	    __func__, qnum, hw->queues, hw));
8597

8598
	lhw = HW_TO_LHW(hw);
8599

8600
	spin_lock_irqsave(&lhw->txq_lock, flags);
8601
	lkpi_ieee80211_wake_queues(hw, qnum);
8602
	spin_unlock_irqrestore(&lhw->txq_lock, flags);
8603
}
8604

8605
/* This is just hardware queues. */
8606
void
8607
linuxkpi_ieee80211_txq_schedule_start(struct ieee80211_hw *hw, uint8_t ac)
8608
{
8609
	struct lkpi_hw *lhw;
8610

8611
	lhw = HW_TO_LHW(hw);
8612

8613
	IMPROVE_TXQ("Are there reasons why we wouldn't schedule?");
8614
	IMPROVE_TXQ("LOCKING");
8615
	if (++lhw->txq_generation[ac] == 0)
8616
		lhw->txq_generation[ac]++;
8617
}
8618

8619
struct ieee80211_txq *
8620
linuxkpi_ieee80211_next_txq(struct ieee80211_hw *hw, uint8_t ac)
8621
{
8622
	struct lkpi_hw *lhw;
8623
	struct ieee80211_txq *txq;
8624
	struct lkpi_txq *ltxq;
8625

8626
	lhw = HW_TO_LHW(hw);
8627
	txq = NULL;
8628

8629
	IMPROVE_TXQ("LOCKING");
8630

8631
	/* Check that we are scheduled. */
8632
	if (lhw->txq_generation[ac] == 0)
8633
		goto out;
8634

8635
	ltxq = TAILQ_FIRST(&lhw->scheduled_txqs[ac]);
8636
	if (ltxq == NULL)
8637
		goto out;
8638
	if (ltxq->txq_generation == lhw->txq_generation[ac])
8639
		goto out;
8640

8641
	ltxq->txq_generation = lhw->txq_generation[ac];
8642
	TAILQ_REMOVE(&lhw->scheduled_txqs[ac], ltxq, txq_entry);
8643
	txq = &ltxq->txq;
8644
	TAILQ_ELEM_INIT(ltxq, txq_entry);
8645

8646
out:
8647
	return (txq);
8648
}
8649

8650
void linuxkpi_ieee80211_schedule_txq(struct ieee80211_hw *hw,
8651
    struct ieee80211_txq *txq, bool withoutpkts)
8652
{
8653
	struct lkpi_hw *lhw;
8654
	struct lkpi_txq *ltxq;
8655
	bool ltxq_empty;
8656

8657
	ltxq = TXQ_TO_LTXQ(txq);
8658

8659
	IMPROVE_TXQ("LOCKING");
8660

8661
	/* Only schedule if work to do or asked to anyway. */
8662
	LKPI_80211_LTXQ_LOCK(ltxq);
8663
	ltxq_empty = skb_queue_empty(&ltxq->skbq);
8664
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8665
	if (!withoutpkts && ltxq_empty)
8666
		goto out;
8667

8668
	/*
8669
	 * Make sure we do not double-schedule. We do this by checking tqe_prev,
8670
	 * the previous entry in our tailq. tqe_prev is always valid if this entry
8671
	 * is queued, tqe_next may be NULL if this is the only element in the list.
8672
	 */
8673
	if (ltxq->txq_entry.tqe_prev != NULL)
8674
		goto out;
8675

8676
	lhw = HW_TO_LHW(hw);
8677
	TAILQ_INSERT_TAIL(&lhw->scheduled_txqs[txq->ac], ltxq, txq_entry);
8678
out:
8679
	return;
8680
}
8681

8682
void
8683
linuxkpi_ieee80211_handle_wake_tx_queue(struct ieee80211_hw *hw,
8684
    struct ieee80211_txq *txq)
8685
{
8686
	struct lkpi_hw *lhw;
8687
	struct ieee80211_txq *ntxq;
8688
	struct ieee80211_tx_control control;
8689
        struct sk_buff *skb;
8690

8691
	lhw = HW_TO_LHW(hw);
8692

8693
	LKPI_80211_LHW_TXQ_LOCK(lhw);
8694
	ieee80211_txq_schedule_start(hw, txq->ac);
8695
	do {
8696
		ntxq = ieee80211_next_txq(hw, txq->ac);
8697
		if (ntxq == NULL)
8698
			break;
8699

8700
		memset(&control, 0, sizeof(control));
8701
		control.sta = ntxq->sta;
8702
		do {
8703
			skb = linuxkpi_ieee80211_tx_dequeue(hw, ntxq);
8704
			if (skb == NULL)
8705
				break;
8706
			lkpi_80211_mo_tx(hw, &control, skb);
8707
		} while(1);
8708

8709
		ieee80211_return_txq(hw, ntxq, false);
8710
	} while (1);
8711
	ieee80211_txq_schedule_end(hw, txq->ac);
8712
	LKPI_80211_LHW_TXQ_UNLOCK(lhw);
8713
}
8714

8715
/* -------------------------------------------------------------------------- */
8716

8717
struct lkpi_cfg80211_bss {
8718
	u_int refcnt;
8719
	struct cfg80211_bss bss;
8720
};
8721

8722
struct lkpi_cfg80211_get_bss_iter_lookup {
8723
	struct wiphy *wiphy;
8724
	struct linuxkpi_ieee80211_channel *chan;
8725
	const uint8_t *bssid;
8726
	const uint8_t *ssid;
8727
	size_t ssid_len;
8728
	enum ieee80211_bss_type bss_type;
8729
	enum ieee80211_privacy privacy;
8730

8731
	/*
8732
	 * Something to store a copy of the result as the net80211 scan cache
8733
	 * is not refoucnted so a scan entry might go away any time.
8734
	 */
8735
	bool match;
8736
	struct cfg80211_bss *bss;
8737
};
8738

8739
static void
8740
lkpi_cfg80211_get_bss_iterf(void *arg, const struct ieee80211_scan_entry *se)
8741
{
8742
	struct lkpi_cfg80211_get_bss_iter_lookup *lookup;
8743
	size_t ielen;
8744

8745
	lookup = arg;
8746

8747
	/* Do not try to find another match. */
8748
	if (lookup->match)
8749
		return;
8750

8751
	/* Nothing to store result. */
8752
	if (lookup->bss == NULL)
8753
		return;
8754

8755
	if (lookup->privacy != IEEE80211_PRIVACY_ANY) {
8756
		/* if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) */
8757
		/* We have no idea what to compare to as the drivers only request ANY */
8758
		return;
8759
	}
8760

8761
	if (lookup->bss_type != IEEE80211_BSS_TYPE_ANY) {
8762
		/* if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS)) */
8763
		/* We have no idea what to compare to as the drivers only request ANY */
8764
		return;
8765
	}
8766

8767
	if (lookup->chan != NULL) {
8768
		struct linuxkpi_ieee80211_channel *chan;
8769

8770
		chan = linuxkpi_ieee80211_get_channel(lookup->wiphy,
8771
		    se->se_chan->ic_freq);
8772
		if (chan == NULL || chan != lookup->chan)
8773
			return;
8774
	}
8775

8776
	if (lookup->bssid && !IEEE80211_ADDR_EQ(lookup->bssid, se->se_bssid))
8777
		return;
8778

8779
	if (lookup->ssid) {
8780
		if (lookup->ssid_len != se->se_ssid[1] ||
8781
		    se->se_ssid[1] == 0)
8782
			return;
8783
		if (memcmp(lookup->ssid, se->se_ssid+2, lookup->ssid_len) != 0)
8784
			return;
8785
	}
8786

8787
	ielen = se->se_ies.len;
8788

8789
	lookup->bss->ies = malloc(sizeof(*lookup->bss->ies) + ielen,
8790
	    M_LKPI80211, M_NOWAIT | M_ZERO);
8791
	if (lookup->bss->ies == NULL)
8792
		return;
8793

8794
	lookup->bss->ies->data = (uint8_t *)lookup->bss->ies + sizeof(*lookup->bss->ies);
8795
	lookup->bss->ies->len = ielen;
8796
	if (ielen)
8797
		memcpy(lookup->bss->ies->data, se->se_ies.data, ielen);
8798

8799
	lookup->match = true;
8800
}
8801

8802
struct cfg80211_bss *
8803
linuxkpi_cfg80211_get_bss(struct wiphy *wiphy, struct linuxkpi_ieee80211_channel *chan,
8804
    const uint8_t *bssid, const uint8_t *ssid, size_t ssid_len,
8805
    enum ieee80211_bss_type bss_type, enum ieee80211_privacy privacy)
8806
{
8807
	struct lkpi_cfg80211_bss *lbss;
8808
	struct lkpi_cfg80211_get_bss_iter_lookup lookup;
8809
	struct lkpi_hw *lhw;
8810
	struct ieee80211vap *vap;
8811

8812
	lhw = wiphy_priv(wiphy);
8813

8814
	/* Let's hope we can alloc. */
8815
	lbss = malloc(sizeof(*lbss), M_LKPI80211, M_NOWAIT | M_ZERO);
8816
	if (lbss == NULL) {
8817
		ic_printf(lhw->ic, "%s: alloc failed.\n", __func__);
8818
		return (NULL);
8819
	}
8820

8821
	lookup.wiphy = wiphy;
8822
	lookup.chan = chan;
8823
	lookup.bssid = bssid;
8824
	lookup.ssid = ssid;
8825
	lookup.ssid_len = ssid_len;
8826
	lookup.bss_type = bss_type;
8827
	lookup.privacy = privacy;
8828
	lookup.match = false;
8829
	lookup.bss = &lbss->bss;
8830

8831
	IMPROVE("Iterate over all VAPs comparing perm_addr and addresses?");
8832
	vap = TAILQ_FIRST(&lhw->ic->ic_vaps);
8833
	ieee80211_scan_iterate(vap, lkpi_cfg80211_get_bss_iterf, &lookup);
8834
	if (!lookup.match) {
8835
		free(lbss, M_LKPI80211);
8836
		return (NULL);
8837
	}
8838

8839
	refcount_init(&lbss->refcnt, 1);
8840
	return (&lbss->bss);
8841
}
8842

8843
void
8844
linuxkpi_cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *bss)
8845
{
8846
	struct lkpi_cfg80211_bss *lbss;
8847

8848
	lbss = container_of(bss, struct lkpi_cfg80211_bss, bss);
8849

8850
	/* Free everything again on refcount ... */
8851
	if (refcount_release(&lbss->refcnt)) {
8852
		free(lbss->bss.ies, M_LKPI80211);
8853
		free(lbss, M_LKPI80211);
8854
	}
8855
}
8856

8857
void
8858
linuxkpi_cfg80211_bss_flush(struct wiphy *wiphy)
8859
{
8860
	struct lkpi_hw *lhw;
8861
	struct ieee80211com *ic;
8862
	struct ieee80211vap *vap;
8863

8864
	lhw = wiphy_priv(wiphy);
8865
	ic = lhw->ic;
8866

8867
	/*
8868
	 * If we haven't called ieee80211_ifattach() yet
8869
	 * or there is no VAP, there are no scans to flush.
8870
	 */
8871
	if (ic == NULL ||
8872
	    (lhw->sc_flags & LKPI_MAC80211_DRV_STARTED) == 0)
8873
		return;
8874

8875
	/* Should only happen on the current one? Not seen it late enough. */
8876
	IEEE80211_LOCK(ic);
8877
	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
8878
		ieee80211_scan_flush(vap);
8879
	IEEE80211_UNLOCK(ic);
8880
}
8881

8882
/* -------------------------------------------------------------------------- */
8883

8884
/*
8885
 * hw->conf get initialized/set in various places for us:
8886
 * - linuxkpi_ieee80211_alloc_hw(): flags
8887
 * - linuxkpi_ieee80211_ifattach(): chandef
8888
 * - lkpi_ic_vap_create(): listen_interval
8889
 * - lkpi_ic_set_channel(): chandef, flags
8890
 */
8891

8892
int lkpi_80211_update_chandef(struct ieee80211_hw *hw,
8893
    struct ieee80211_chanctx_conf *new)
8894
{
8895
	struct cfg80211_chan_def *cd;
8896
	uint32_t changed;
8897
	int error;
8898

8899
	changed = 0;
8900
	if (new == NULL || new->def.chan == NULL)
8901
		cd = NULL;
8902
	else
8903
		cd = &new->def;
8904

8905
	if (cd && cd->chan != hw->conf.chandef.chan) {
8906
		/* Copy; the chan pointer is fine and will stay valid. */
8907
		hw->conf.chandef = *cd;
8908
		changed |= IEEE80211_CONF_CHANGE_CHANNEL;
8909
	}
8910
	IMPROVE("IEEE80211_CONF_CHANGE_PS, IEEE80211_CONF_CHANGE_POWER");
8911

8912
	if (changed == 0)
8913
		return (0);
8914

8915
	error = lkpi_80211_mo_config(hw, changed);
8916
	return (error);
8917
}
8918

8919
/* -------------------------------------------------------------------------- */
8920

8921
MODULE_VERSION(linuxkpi_wlan, 1);
8922
MODULE_DEPEND(linuxkpi_wlan, linuxkpi, 1, 1, 1);
8923
MODULE_DEPEND(linuxkpi_wlan, wlan, 1, 1, 1);
8924

8925