1
/*-
2
 * Copyright (c) 2020-2026 The FreeBSD Foundation
3
 * Copyright (c) 2020-2025 Bjoern A. Zeeb
4
 *
5
 * This software was developed by Björn Zeeb under sponsorship from
6
 * the FreeBSD Foundation.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27
 * SUCH DAMAGE.
28
 */
29

30
/*
31
 * Public functions are called linuxkpi_*().
32
 * Internal (static) functions are called lkpi_*().
33
 *
34
 * The internal structures holding metadata over public structures are also
35
 * called lkpi_xxx (usually with a member at the end called xxx).
36
 * Note: we do not replicate the structure names but the general variable names
37
 * for these (e.g., struct hw -> struct lkpi_hw, struct sta -> struct lkpi_sta).
38
 * There are macros to access one from the other.
39
 * We call the internal versions lxxx (e.g., hw -> lhw, sta -> lsta).
40
 */
41

42
/*
43
 * TODO:
44
 * - lots :)
45
 * - HW_CRYPTO: we need a "keystore" and an ordered list for suspend/resume.
46
 */
47

48
#include <sys/param.h>
49
#include <sys/types.h>
50
#include <sys/kernel.h>
51
#include <sys/errno.h>
52
#include <sys/malloc.h>
53
#include <sys/module.h>
54
#include <sys/mutex.h>
55
#include <sys/sbuf.h>
56
#include <sys/socket.h>
57
#include <sys/sysctl.h>
58
#include <sys/queue.h>
59
#include <sys/taskqueue.h>
60
#include <sys/libkern.h>
61

62
#include <net/if.h>
63
#include <net/if_var.h>
64
#include <net/if_media.h>
65
#include <net/ethernet.h>
66

67
#include <net80211/ieee80211_var.h>
68
#include <net80211/ieee80211_proto.h>
69
#include <net80211/ieee80211_ratectl.h>
70
#include <net80211/ieee80211_radiotap.h>
71
#include <net80211/ieee80211_vht.h>
72

73
#define	LINUXKPI_NET80211
74
#include <net/mac80211.h>
75

76
#include <linux/workqueue.h>
77
#include <linux/rculist.h>
78
#include "linux_80211.h"
79

80
/* #define	LKPI_80211_USE_SCANLIST */
81
/* #define	LKPI_80211_BGSCAN */
82
#define	LKPI_80211_WME
83
#define	LKPI_80211_HW_CRYPTO
84
#define	LKPI_80211_HT
85
#define	LKPI_80211_VHT
86

87
#if defined(LKPI_80211_VHT) && !defined(LKPI_80211_HT)
88
#define	LKPI_80211_HT
89
#endif
90
#if defined(LKPI_80211_HT) && !defined(LKPI_80211_HW_CRYPTO)
91
#define	LKPI_80211_HW_CRYPTO
92
#endif
93

94
static MALLOC_DEFINE(M_LKPI80211, "lkpi80211", "LinuxKPI 80211 compat");
95

96
/* XXX-BZ really want this and others in queue.h */
97
#define	TAILQ_ELEM_INIT(elm, field) do {				\
98
	(elm)->field.tqe_next = NULL;					\
99
	(elm)->field.tqe_prev = NULL;					\
100
} while (0)
101

102
/* -------------------------------------------------------------------------- */
103

104
SYSCTL_DECL(_compat_linuxkpi);
105
SYSCTL_NODE(_compat_linuxkpi, OID_AUTO, 80211, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
106
    "LinuxKPI 802.11 compatibility layer");
107

108
static bool lkpi_order_scanlist = false;
109
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, order_scanlist, CTLFLAG_RW,
110
    &lkpi_order_scanlist, 0, "Enable LinuxKPI 802.11 scan list shuffeling");
111

112
#if defined(LKPI_80211_HW_CRYPTO)
113
static bool lkpi_hwcrypto = false;
114
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, hw_crypto, CTLFLAG_RDTUN,
115
    &lkpi_hwcrypto, 0, "Enable LinuxKPI 802.11 hardware crypto offload");
116

117
static bool lkpi_hwcrypto_tkip = false;
118
SYSCTL_BOOL(_compat_linuxkpi_80211, OID_AUTO, tkip, CTLFLAG_RDTUN,
119
    &lkpi_hwcrypto_tkip, 0, "Enable LinuxKPI 802.11 TKIP crypto offload");
120
#endif
121

122
/* Keep public for as long as header files are using it too. */
123
int linuxkpi_debug_80211;
124

125
#ifdef LINUXKPI_DEBUG_80211
126
SYSCTL_INT(_compat_linuxkpi_80211, OID_AUTO, debug, CTLFLAG_RWTUN,
127
    &linuxkpi_debug_80211, 0, "LinuxKPI 802.11 debug level");
128

129
#define	UNIMPLEMENTED		if (linuxkpi_debug_80211 & D80211_TODO)		\
130
    printf("XXX-TODO %s:%d: UNIMPLEMENTED\n", __func__, __LINE__)
131
#define	TRACEOK(_fmt, ...)	if (linuxkpi_debug_80211 & D80211_TRACEOK)	\
132
    printf("%s:%d: TRACEPOINT " _fmt "\n", __func__, __LINE__, ##__VA_ARGS__)
133
#else
134
#define	UNIMPLEMENTED		do { } while (0)
135
#define	TRACEOK(...)		do { } while (0)
136
#endif
137

138
/* #define	PREP_TX_INFO_DURATION	(IEEE80211_TRANS_WAIT * 1000) */
139
#ifndef PREP_TX_INFO_DURATION
140
#define	PREP_TX_INFO_DURATION	0 /* Let the driver do its thing. */
141
#endif
142

143
/* This is DSAP | SSAP | CTRL | ProtoID/OrgCode{3}. */
144
const uint8_t rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
145

146
/* IEEE 802.11-05/0257r1 */
147
const uint8_t bridge_tunnel_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
148

149
/* IEEE 802.11e Table 20i-UP-to-AC mappings. */
150
static const uint8_t ieee80211e_up_to_ac[] = {
151
	IEEE80211_AC_BE,
152
	IEEE80211_AC_BK,
153
	IEEE80211_AC_BK,
154
	IEEE80211_AC_BE,
155
	IEEE80211_AC_VI,
156
	IEEE80211_AC_VI,
157
	IEEE80211_AC_VO,
158
	IEEE80211_AC_VO,
159
#if 0
160
	IEEE80211_AC_VO, /* We treat MGMT as TID 8, which is set as AC_VO */
161
#endif
162
};
163

164
const struct cfg80211_ops linuxkpi_mac80211cfgops = {
165
	/*
166
	 * XXX TODO need a "glue layer" to link cfg80211 ops to
167
	 * mac80211 and to the driver or net80211.
168
	 * Can we pass some on 1:1? Need to compare the (*f)().
169
	 */
170
};
171

172
#if 0
173
static struct lkpi_sta *lkpi_find_lsta_by_ni(struct lkpi_vif *,
174
    struct ieee80211_node *);
175
#endif
176
static void lkpi_sw_scan_task(void *, int);
177
static void lkpi_80211_txq_tx_one(struct lkpi_sta *, struct mbuf *);
178
static void lkpi_80211_txq_task(void *, int);
179
static void lkpi_80211_lhw_rxq_task(void *, int);
180
static void lkpi_ieee80211_free_skb_mbuf(void *);
181
#ifdef LKPI_80211_WME
182
static int lkpi_wme_update(struct lkpi_hw *, struct ieee80211vap *, bool);
183
#endif
184
static void lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *);
185

186
static const char *
187
lkpi_rate_info_bw_to_str(enum rate_info_bw bw)
188
{
189

190
	switch (bw) {
191

192
        case RATE_INFO_BW_20:
193
		return ("20");
194
		break;
195
        case RATE_INFO_BW_5:
196
		return ("5");
197
		break;
198
        case RATE_INFO_BW_10:
199
		return ("10");
200
		break;
201
        case RATE_INFO_BW_40:
202
		return ("40");
203
		break;
204
        case RATE_INFO_BW_80:
205
		return ("80");
206
		break;
207
        case RATE_INFO_BW_160:
208
		return ("160");
209
		break;
210
        case RATE_INFO_BW_HE_RU:
211
		IMPROVE("nl80211_he_ru_alloc");
212
		return ("HE_RU");
213
		break;
214
        case RATE_INFO_BW_320:
215
		return ("320");
216
		break;
217
        case RATE_INFO_BW_EHT_RU:
218
		IMPROVE("nl80211_eht_ru_alloc");
219
		return ("EHT_RU");
220
		break;
221
	default:
222
		return ("?");
223
		break;
224
	}
225
}
226

227
static void
228
lkpi_nl80211_sta_info_to_str(struct sbuf *s, const char *prefix,
229
    const uint64_t flags)
230
{
231
	int bit, i;
232

233
	sbuf_printf(s, "%s %#010jx", prefix, flags);
234

235
	i = 0;
236
	for (bit = 0; bit < BITS_PER_TYPE(flags); bit++) {
237

238
		if ((flags & BIT_ULL(bit)) == 0)
239
			continue;
240

241
#define	EXPAND_CASE(_flag)						\
242
	case NL80211_STA_INFO_ ## _flag:				\
243
		sbuf_printf(s, "%c%s", (i == 0) ? '<' : ',', #_flag);	\
244
		i++;							\
245
		break;
246

247
		switch (bit) {
248
		EXPAND_CASE(BEACON_RX)
249
		EXPAND_CASE(BEACON_SIGNAL_AVG)
250
		EXPAND_CASE(BSS_PARAM)
251
		EXPAND_CASE(CHAIN_SIGNAL)
252
		EXPAND_CASE(CHAIN_SIGNAL_AVG)
253
		EXPAND_CASE(CONNECTED_TIME)
254
		EXPAND_CASE(INACTIVE_TIME)
255
		EXPAND_CASE(SIGNAL)
256
		EXPAND_CASE(SIGNAL_AVG)
257
		EXPAND_CASE(STA_FLAGS)
258
		EXPAND_CASE(RX_BITRATE)
259
		EXPAND_CASE(RX_PACKETS)
260
		EXPAND_CASE(RX_BYTES)
261
		EXPAND_CASE(RX_DROP_MISC)
262
		EXPAND_CASE(TX_BITRATE)
263
		EXPAND_CASE(TX_PACKETS)
264
		EXPAND_CASE(TX_BYTES)
265
		EXPAND_CASE(TX_BYTES64)
266
		EXPAND_CASE(RX_BYTES64)
267
		EXPAND_CASE(TX_FAILED)
268
		EXPAND_CASE(TX_RETRIES)
269
		EXPAND_CASE(RX_DURATION)
270
		EXPAND_CASE(TX_DURATION)
271
		EXPAND_CASE(ACK_SIGNAL)
272
		EXPAND_CASE(ACK_SIGNAL_AVG)
273
		default:
274
			sbuf_printf(s, "%c?%d", (i == 0) ? '<' : ',', bit);
275
			break;
276
		}
277
	}
278
#undef	EXPAND_CASE
279
	if (i > 0)
280
		sbuf_printf(s, ">");
281
	sbuf_printf(s, "\n");
282
}
283

284
static void
285
lkpi_80211_dump_lvif_stas(struct lkpi_vif *lvif, struct sbuf *s, bool dump_queues)
286
{
287
	struct lkpi_hw *lhw;
288
	struct ieee80211_hw *hw;
289
	struct ieee80211vap *vap;
290
	struct ieee80211_vif *vif;
291
	struct lkpi_sta *lsta;
292
	struct ieee80211_sta *sta;
293
	struct station_info sinfo;
294
	int error;
295
	uint8_t tid;
296

297
	vif = LVIF_TO_VIF(lvif);
298
	vap = LVIF_TO_VAP(lvif);
299
	lhw = vap->iv_ic->ic_softc;
300
	hw = LHW_TO_HW(lhw);
301

302
	wiphy_lock(hw->wiphy);
303
	list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
304
		sta = LSTA_TO_STA(lsta);
305

306
		sbuf_putc(s, '\n');
307
		sbuf_printf(s, "lsta %p sta %p added_to_drv %d\n", lsta, sta, lsta->added_to_drv);
308

309
		memset(&sinfo, 0, sizeof(sinfo));
310
		error = lkpi_80211_mo_sta_statistics(hw, vif, sta, &sinfo);
311
		if (error == EEXIST)	/* Not added to driver. */
312
			continue;
313
		if (error == ENOTSUPP) {
314
			sbuf_printf(s, " sta_statistics not supported\n");
315
			continue;
316
		}
317
		if (error != 0) {
318
			sbuf_printf(s, " sta_statistics failed: %d\n", error);
319
			continue;
320
		}
321

322
		/* If no RX_BITRATE is reported, try to fill it in from the lsta sinfo. */
323
		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) == 0 &&
324
		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) != 0) {
325
			memcpy(&sinfo.rxrate, &lsta->sinfo.rxrate, sizeof(sinfo.rxrate));
326
			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
327
		}
328
		/* If no CHAIN_SIGNAL is reported,  try to fill it in from the lsta sinfo. */
329
		if ((sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) == 0 &&
330
		    (lsta->sinfo.filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) != 0) {
331
			sinfo.chains = lsta->sinfo.chains;
332
			memcpy(sinfo.chain_signal, lsta->sinfo.chain_signal,
333
			    sizeof(sinfo.chain_signal));
334
			sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
335
		}
336

337
		lkpi_nl80211_sta_info_to_str(s, " nl80211_sta_info (valid fields)", sinfo.filled);
338
		sbuf_printf(s, " connected_time %u inactive_time %u\n",
339
		    sinfo.connected_time, sinfo.inactive_time);
340
		sbuf_printf(s, " rx_bytes %ju rx_packets %u rx_dropped_misc %u\n",
341
		    (uintmax_t)sinfo.rx_bytes, sinfo.rx_packets, sinfo.rx_dropped_misc);
342
		sbuf_printf(s, " rx_duration %ju rx_beacon %u rx_beacon_signal_avg %d\n",
343
		    (uintmax_t)sinfo.rx_duration, sinfo.rx_beacon, (int8_t)sinfo.rx_beacon_signal_avg);
344

345
		sbuf_printf(s, " tx_bytes %ju tx_packets %u tx_failed %u\n",
346
		    (uintmax_t)sinfo.tx_bytes, sinfo.tx_packets, sinfo.tx_failed);
347
		sbuf_printf(s, " tx_duration %ju tx_retries %u\n",
348
		    (uintmax_t)sinfo.tx_duration, sinfo.tx_retries);
349

350
		sbuf_printf(s, " signal %d signal_avg %d ack_signal %d avg_ack_signal %d\n",
351
		    sinfo.signal, sinfo.signal_avg, sinfo.ack_signal, sinfo.avg_ack_signal);
352
		sbuf_printf(s, " generation %d assoc_req_ies_len %zu chains %#04x\n",
353
		    sinfo.generation, sinfo.assoc_req_ies_len, sinfo.chains);
354

355
		for (int i = 0; i < nitems(sinfo.chain_signal) && i < IEEE80211_MAX_CHAINS; i++) {
356
			if (!(sinfo.chains & BIT(i)))
357
				continue;
358
			sbuf_printf(s, "  chain[%d] signal %d signal_avg %d\n",
359
			    i, (int8_t)sinfo.chain_signal[i], (int8_t)sinfo.chain_signal_avg[i]);
360
		}
361

362
		/* assoc_req_ies, bss_param, sta_flags */
363

364
		sbuf_printf(s, " rxrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
365
		    sinfo.rxrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
366
		    sinfo.rxrate.bw, lkpi_rate_info_bw_to_str(sinfo.rxrate.bw),
367
		    sinfo.rxrate.legacy * 100,
368
		    sinfo.rxrate.mcs, sinfo.rxrate.nss);
369
		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
370
		    sinfo.rxrate.he_dcm, sinfo.rxrate.he_gi, sinfo.rxrate.he_ru_alloc,
371
		    sinfo.rxrate.eht_gi);
372
		sbuf_printf(s, " txrate: flags %b bw %u(%s) legacy %u kbit/s mcs %u nss %u\n",
373
		    sinfo.txrate.flags, CFG80211_RATE_INFO_FLAGS_BITS,
374
		    sinfo.txrate.bw, lkpi_rate_info_bw_to_str(sinfo.txrate.bw),
375
		    sinfo.txrate.legacy * 100,
376
		    sinfo.txrate.mcs, sinfo.txrate.nss);
377
		sbuf_printf(s, "         he_dcm %u he_gi %u he_ru_alloc %u eht_gi %u\n",
378
		    sinfo.txrate.he_dcm, sinfo.txrate.he_gi, sinfo.txrate.he_ru_alloc,
379
		    sinfo.txrate.eht_gi);
380

381
		if (!dump_queues)
382
			continue;
383

384
		/* Dump queue information. */
385
		sbuf_printf(s, " Queue information:\n");
386
		sbuf_printf(s, "  frms direct tx %ju\n", lsta->frms_tx);
387
		for (tid = 0; tid <= IEEE80211_NUM_TIDS; tid++) {
388
			struct lkpi_txq *ltxq;
389

390
			if (sta->txq[tid] == NULL) {
391
				sbuf_printf(s, "  tid %-2u NOQ\n", tid);
392
				continue;
393
			}
394

395
			ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
396
#ifdef __notyet__
397
			sbuf_printf(s, "  tid %-2u flags: %b "
398
			    "txq_generation %u skbq len %d\n",
399
			    tid, ltxq->flags, LKPI_TXQ_FLAGS_BITS,
400
			    ltxq->txq_generation,
401
			    skb_queue_len_lockless(&ltxq->skbq));
402
#else
403
			sbuf_printf(s, "  tid %-2u "
404
			    "txq_generation %u skbq len %d\n",
405
			    tid,
406
			    ltxq->txq_generation,
407
			    skb_queue_len_lockless(&ltxq->skbq));
408
#endif
409
			sbuf_printf(s, "         frms_enqueued %ju frms_dequeued %ju "
410
			    "frms_tx %ju\n",
411
			    ltxq->frms_enqueued, ltxq->frms_dequeued, ltxq->frms_tx);
412
		}
413
	}
414
	wiphy_unlock(hw->wiphy);
415
}
416

417
static int
418
lkpi_80211_dump_stas(SYSCTL_HANDLER_ARGS)
419
{
420
	struct lkpi_vif *lvif;
421
	struct sbuf s;
422

423
	if (req->newptr)
424
		return (EPERM);
425

426
	lvif = (struct lkpi_vif *)arg1;
427

428
	sbuf_new_for_sysctl(&s, NULL, 1024, req);
429

430
	lkpi_80211_dump_lvif_stas(lvif, &s, false);
431

432
	sbuf_finish(&s);
433
	sbuf_delete(&s);
434

435
	return (0);
436
}
437

438
static int
439
lkpi_80211_dump_sta_queues(SYSCTL_HANDLER_ARGS)
440
{
441
	struct lkpi_vif *lvif;
442
	struct sbuf s;
443

444
	if (req->newptr)
445
		return (EPERM);
446

447
	lvif = (struct lkpi_vif *)arg1;
448

449
	sbuf_new_for_sysctl(&s, NULL, 1024, req);
450

451
	lkpi_80211_dump_lvif_stas(lvif, &s, true);
452

453
	sbuf_finish(&s);
454
	sbuf_delete(&s);
455

456
	return (0);
457
}
458

459
static enum ieee80211_sta_rx_bandwidth
460
lkpi_cw_to_rx_bw(enum nl80211_chan_width cw)
461
{
462
	switch (cw) {
463
	case NL80211_CHAN_WIDTH_320:
464
		return (IEEE80211_STA_RX_BW_320);
465
	case NL80211_CHAN_WIDTH_160:
466
	case NL80211_CHAN_WIDTH_80P80:
467
		return (IEEE80211_STA_RX_BW_160);
468
	case NL80211_CHAN_WIDTH_80:
469
		return (IEEE80211_STA_RX_BW_80);
470
	case NL80211_CHAN_WIDTH_40:
471
		return (IEEE80211_STA_RX_BW_40);
472
	case NL80211_CHAN_WIDTH_20:
473
	case NL80211_CHAN_WIDTH_20_NOHT:
474
		return (IEEE80211_STA_RX_BW_20);
475
	case NL80211_CHAN_WIDTH_5:
476
	case NL80211_CHAN_WIDTH_10:
477
		/* Unsupported input. */
478
		return (IEEE80211_STA_RX_BW_20);
479
	}
480
}
481

482
static enum nl80211_chan_width
483
lkpi_rx_bw_to_cw(enum ieee80211_sta_rx_bandwidth rx_bw)
484
{
485
	switch (rx_bw) {
486
	case IEEE80211_STA_RX_BW_20:
487
		return (NL80211_CHAN_WIDTH_20);	/* _NOHT */
488
	case IEEE80211_STA_RX_BW_40:
489
		return (NL80211_CHAN_WIDTH_40);
490
	case IEEE80211_STA_RX_BW_80:
491
		return (NL80211_CHAN_WIDTH_80);
492
	case IEEE80211_STA_RX_BW_160:
493
		return (NL80211_CHAN_WIDTH_160); /* 80P80 */
494
	case IEEE80211_STA_RX_BW_320:
495
		return (NL80211_CHAN_WIDTH_320);
496
	}
497
}
498

499
static void
500
lkpi_sync_chanctx_cw_from_rx_bw(struct ieee80211_hw *hw,
501
    struct ieee80211_vif *vif, struct ieee80211_sta *sta)
502
{
503
	struct ieee80211_chanctx_conf *chanctx_conf;
504
	enum ieee80211_sta_rx_bandwidth old_bw;
505
	uint32_t changed;
506

507
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
508
	    lockdep_is_held(&hw->wiphy->mtx));
509
	if (chanctx_conf == NULL)
510
		return;
511

512
	old_bw = lkpi_cw_to_rx_bw(chanctx_conf->def.width);
513
	if (old_bw == sta->deflink.bandwidth)
514
		return;
515

516
	chanctx_conf->def.width = lkpi_rx_bw_to_cw(sta->deflink.bandwidth);
517
	if (chanctx_conf->def.width == NL80211_CHAN_WIDTH_20 &&
518
	    !sta->deflink.ht_cap.ht_supported)
519
		chanctx_conf->def.width = NL80211_CHAN_WIDTH_20_NOHT;
520

521
	chanctx_conf->min_def = chanctx_conf->def;
522

523
	vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
524

525
	changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
526
	changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
527
	lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
528
}
529

530
#if defined(LKPI_80211_HT)
531
static void
532
lkpi_sta_sync_ht_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
533
    struct ieee80211_sta *sta, struct ieee80211_node *ni)
534
{
535
	struct ieee80211vap *vap;
536
	uint8_t *ie;
537
	struct ieee80211_ht_cap *htcap;
538
	struct ieee80211_sta_ht_cap *ht_cap, *sta_ht_cap;
539
	enum nl80211_band band;
540
	int i, rx_nss;
541

542
	if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) {
543
		sta->deflink.ht_cap.ht_supported = false;
544
		return;
545
	}
546

547
	sta->deflink.ht_cap.ht_supported = true;
548

549
	/* htcap->ampdu_params_info */
550
	vap = ni->ni_vap;
551
	sta->deflink.ht_cap.ampdu_density = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MPDUDENSITY);
552
	if (sta->deflink.ht_cap.ampdu_density > vap->iv_ampdu_density)
553
		sta->deflink.ht_cap.ampdu_density = vap->iv_ampdu_density;
554
	sta->deflink.ht_cap.ampdu_factor = _IEEE80211_MASKSHIFT(ni->ni_htparam, IEEE80211_HTCAP_MAXRXAMPDU);
555
	if (sta->deflink.ht_cap.ampdu_factor > vap->iv_ampdu_rxmax)
556
		sta->deflink.ht_cap.ampdu_factor = vap->iv_ampdu_rxmax;
557

558
	ie = ni->ni_ies.htcap_ie;
559
	KASSERT(ie != NULL, ("%s: HT but no htcap_ie on ni %p\n", __func__, ni));
560
	if (ie[0] == IEEE80211_ELEMID_VENDOR)
561
		ie += 4;
562
	ie += 2;
563
	htcap = (struct ieee80211_ht_cap *)ie;
564
	sta->deflink.ht_cap.cap = htcap->cap_info;
565
	sta->deflink.ht_cap.mcs = htcap->mcs;
566

567
	/*
568
	 * 802.11n-2009 20.6 Parameters for HT MCSs gives the mandatory/
569
	 * optional MCS for Nss=1..4.  We need to check the first four
570
	 * MCS sets from the Rx MCS Bitmask; then there is MCS 32 and
571
	 * MCS33.. is UEQM.
572
	 */
573
	band = vif->bss_conf.chanctx_conf->def.chan->band;
574
	ht_cap = &hw->wiphy->bands[band]->ht_cap;
575
	sta_ht_cap = &sta->deflink.ht_cap;
576
	rx_nss = 0;
577
	for (i = 0; i < 4; i++) {
578
		TRACEOK("HT rx_mask[%d] sta %#04x & hw %#04x", i,
579
		    sta_ht_cap->mcs.rx_mask[i], ht_cap->mcs.rx_mask[i]);
580
		sta_ht_cap->mcs.rx_mask[i] =
581
			sta_ht_cap->mcs.rx_mask[i] & ht_cap->mcs.rx_mask[i];
582
		/* XXX-BZ masking unequal modulation? */
583

584
		if (sta_ht_cap->mcs.rx_mask[i] != 0)
585
			rx_nss++;
586
	}
587
	if (rx_nss > 0) {
588
		TRACEOK("HT rx_nss = max(%d, %d)", rx_nss, sta->deflink.rx_nss);
589
		sta->deflink.rx_nss = MAX(rx_nss, sta->deflink.rx_nss);
590
	} else {
591
		sta->deflink.ht_cap.ht_supported = false;
592
		return;
593
	}
594

595
	if ((sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) != 0 &&
596
	    IEEE80211_IS_CHAN_HT40(ni->ni_chan))
597
		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_40;
598
	else
599
		sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
600

601
	IMPROVE("sta->wme");
602

603
	if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_MAX_AMSDU)
604
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_7935;
605
	else
606
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_3839;
607
	sta->deflink.agg.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
608
#ifdef __handled_by_driver__	/* iwlwifi only? actually unused? */
609
	for (i = 0; i < nitems(sta.deflink.agg.max_tid_amsdu_len); i++) {
610
		sta->deflink.agg.max_tid_amsdu_len[j] = ;
611
	}
612
#endif
613
}
614
#endif
615

616
#if defined(LKPI_80211_VHT)
617
static void
618
lkpi_sta_sync_vht_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
619
    struct ieee80211_sta *sta, struct ieee80211_node *ni)
620
{
621
	struct ieee80211_sta_vht_cap *vht_cap, *sta_vht_cap;;
622
	enum ieee80211_sta_rx_bandwidth bw;
623
	enum nl80211_band band;
624
	uint32_t width;
625
	int rx_nss;
626
	uint16_t rx_map, tx_map;
627

628
	if ((ni->ni_flags & IEEE80211_NODE_VHT) == 0 ||
629
	    !IEEE80211_IS_CHAN_VHT_5GHZ(ni->ni_chan)) {
630
		sta->deflink.vht_cap.vht_supported = false;
631
		return;
632
	}
633

634
	sta->deflink.vht_cap.vht_supported = true;
635

636
	sta->deflink.vht_cap.cap = ni->ni_vhtcap;
637
	sta->deflink.vht_cap.vht_mcs = ni->ni_vht_mcsinfo;
638

639
	/*
640
	 * If VHT20/40 are selected do not update the bandwidth
641
	 * from HT but stya on VHT.
642
	 */
643
	if (ni->ni_vht_chanwidth == IEEE80211_VHT_CHANWIDTH_USE_HT)
644
		goto skip_bw;
645

646
	bw = sta->deflink.bandwidth;
647
	width = (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK);
648
	switch (width) {
649
	/* Deprecated. */
650
	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
651
	case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
652
		bw = IEEE80211_STA_RX_BW_160;
653
		break;
654
	default:
655
		/* Check if we do support 160Mhz somehow after all. */
656
		if ((sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_EXT_NSS_BW_MASK) != 0)
657
			bw = IEEE80211_STA_RX_BW_160;
658
		else
659
			bw = IEEE80211_STA_RX_BW_80;
660
	}
661
	/*
662
	 * While we can set what is possibly supported we also need to be
663
	 * on a channel which supports that bandwidth; e.g., we can support
664
	 * VHT160 but the AP only does VHT80.
665
	 * Further ni_chan will also have filtered out what we disabled
666
	 * by configuration.
667
	 * Once net80211 channel selection is fixed for 802.11-2020 and
668
	 * VHT160 we can possibly spare ourselves the above.
669
	 */
670
	if (bw == IEEE80211_STA_RX_BW_160 &&
671
	    !IEEE80211_IS_CHAN_VHT160(ni->ni_chan) &&
672
	    !IEEE80211_IS_CHAN_VHT80P80(ni->ni_chan))
673
		bw = IEEE80211_STA_RX_BW_80;
674
	if (bw == IEEE80211_STA_RX_BW_80 &&
675
	    !IEEE80211_IS_CHAN_VHT80(ni->ni_chan))
676
		bw = sta->deflink.bandwidth;
677
	sta->deflink.bandwidth = bw;
678
skip_bw:
679

680
	band = vif->bss_conf.chanctx_conf->def.chan->band;
681
	vht_cap = &hw->wiphy->bands[band]->vht_cap;
682
	sta_vht_cap = &sta->deflink.vht_cap;
683

684
	rx_nss = 0;
685
	rx_map = tx_map = 0;
686
	for (int i = 7; i >= 0; i--) {
687
		uint8_t card, sta;
688

689
		card = (vht_cap->vht_mcs.rx_mcs_map >> (2 * i)) & 0x3;
690
		sta  = (sta_vht_cap->vht_mcs.rx_mcs_map >> (2 * i)) & 0x3;
691
		if (sta != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
692
			if (card == IEEE80211_VHT_MCS_NOT_SUPPORTED)
693
				sta = IEEE80211_VHT_MCS_NOT_SUPPORTED;
694
			else {
695
				sta = MIN(sta, card);
696
				if (rx_nss == 0)
697
					rx_nss = i + 1;
698
			}
699
		}
700
		rx_map |= (sta << (2 * i));
701

702
		card = (vht_cap->vht_mcs.tx_mcs_map >> (2 * i)) & 0x3;
703
		sta  = (sta_vht_cap->vht_mcs.tx_mcs_map >> (2 * i)) & 0x3;
704
		if (sta != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
705
			if (card == IEEE80211_VHT_MCS_NOT_SUPPORTED)
706
				sta = IEEE80211_VHT_MCS_NOT_SUPPORTED;
707
			else
708
				sta = MIN(sta, card);
709
		}
710
		tx_map |= (sta << (2 * i));
711
	}
712
	TRACEOK("VHT rx_mcs_map %#010x->%#010x, tx_mcs_map %#010x->%#010x, rx_nss = %d",
713
	    sta_vht_cap->vht_mcs.rx_mcs_map, rx_map,
714
	    sta_vht_cap->vht_mcs.tx_mcs_map, tx_map, rx_nss);
715
	sta_vht_cap->vht_mcs.rx_mcs_map = rx_map;
716
	sta_vht_cap->vht_mcs.tx_mcs_map = tx_map;
717
	if (rx_nss > 0) {
718
		TRACEOK("VHT rx_nss = max(%d, %d)", rx_nss, sta->deflink.rx_nss);
719
		sta->deflink.rx_nss = MAX(rx_nss, sta->deflink.rx_nss);
720
	} else {
721
		sta->deflink.vht_cap.vht_supported = false;
722
		return;
723
	}
724

725
	switch (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MAX_MPDU_MASK) {
726
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454:
727
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_11454;
728
		break;
729
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991:
730
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_7991;
731
		break;
732
	case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895:
733
	default:
734
		sta->deflink.agg.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_3895;
735
		break;
736
	}
737
}
738
#endif
739

740
static void
741
lkpi_sta_sync_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
742
    struct ieee80211_sta *sta, struct ieee80211_node *ni, bool updchnctx)
743
{
744

745
	/*
746
	 * Ensure rx_nss is at least 1 as otherwise drivers run into
747
	 * unexpected problems.
748
	 */
749
	sta->deflink.rx_nss = 1;
750

751
#if defined(LKPI_80211_HT)
752
	lkpi_sta_sync_ht_from_ni(hw, vif, sta, ni);
753
#endif
754
#if defined(LKPI_80211_VHT)
755
	lkpi_sta_sync_vht_from_ni(hw, vif, sta, ni);
756
#endif
757

758
	/*
759
	 * We are also called from node allocation which net80211
760
	 * can do even on `ifconfig down`; in that case the chanctx
761
	 * may still be valid and we get a discrepancy between
762
	 * sta and chanctx.  Thus do not try to update the chanctx
763
	 * when called from lkpi_lsta_alloc().
764
	 */
765
	if (updchnctx)
766
		lkpi_sync_chanctx_cw_from_rx_bw(hw, vif, sta);
767
}
768

769
static uint8_t
770
lkpi_get_max_rx_chains(struct ieee80211_node *ni)
771
{
772
	uint8_t chains;
773
#if defined(LKPI_80211_HT) || defined(LKPI_80211_VHT)
774
	struct lkpi_sta *lsta;
775
	struct ieee80211_sta *sta;
776

777
	lsta = ni->ni_drv_data;
778
	sta = LSTA_TO_STA(lsta);
779
#endif
780

781
	chains = 1;
782
#if defined(LKPI_80211_HT)
783
	IMPROVE("We should factor counting MCS/NSS out for sync and here");
784
	if (sta->deflink.ht_cap.ht_supported)
785
		chains = MAX(chains, sta->deflink.rx_nss);
786
#endif
787

788
#if defined(LKPI_80211_VHT)
789
	if (sta->deflink.vht_cap.vht_supported)
790
		chains = MAX(chains, sta->deflink.rx_nss);
791
#endif
792

793
	return (chains);
794
}
795

796
static void
797
lkpi_lsta_dump(struct lkpi_sta *lsta, struct ieee80211_node *ni,
798
    const char *_f, int _l)
799
{
800

801
#ifdef LINUXKPI_DEBUG_80211
802
	if ((linuxkpi_debug_80211 & D80211_TRACE_STA) == 0)
803
		return;
804
	if (lsta == NULL)
805
		return;
806

807
	printf("%s:%d lsta %p ni %p sta %p\n",
808
	    _f, _l, lsta, ni, &lsta->sta);
809
	if (ni != NULL)
810
		ieee80211_dump_node(NULL, ni);
811
	printf("\ttxq_task txq len %d mtx\n", mbufq_len(&lsta->txq));
812
	printf("\tkc %p state %d added_to_drv %d in_mgd %d\n",
813
		&lsta->kc[0], lsta->state, lsta->added_to_drv, lsta->in_mgd);
814
#endif
815
}
816

817
static void
818
lkpi_lsta_remove(struct lkpi_sta *lsta, struct lkpi_vif *lvif)
819
{
820

821
	lockdep_assert_wiphy(lsta->hw->wiphy);
822

823
	KASSERT(!list_empty(&lsta->lsta_list),
824
	    ("%s: lsta %p ni %p\n", __func__, lsta, lsta->ni));
825
	list_del_init(&lsta->lsta_list);
826
}
827

828
static struct lkpi_sta *
829
lkpi_lsta_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN],
830
    struct ieee80211_hw *hw, struct ieee80211_node *ni)
831
{
832
	struct lkpi_sta *lsta;
833
	struct lkpi_vif *lvif;
834
	struct ieee80211_vif *vif;
835
	struct ieee80211_sta *sta;
836
	int band, i, tid;
837

838
	lsta = malloc(sizeof(*lsta) + hw->sta_data_size, M_LKPI80211,
839
	    M_NOWAIT | M_ZERO);
840
	if (lsta == NULL)
841
		return (NULL);
842

843
	lsta->hw = hw;
844
	lsta->added_to_drv = false;
845
	lsta->state = IEEE80211_STA_NOTEXIST;
846
	/*
847
	 * Link the ni to the lsta here without taking a reference.
848
	 * For one we would have to take the reference in node_init()
849
	 * as ieee80211_alloc_node() will initialise the refcount after us.
850
	 * For the other a ni and an lsta are 1:1 mapped and always together
851
	 * from [ic_]node_alloc() to [ic_]node_free() so we are essentally
852
	 * using the ni references for the lsta as well despite it being
853
	 * two separate allocations.
854
	 */
855
	lsta->ni = ni;
856
	/* The back-pointer "drv_data" to net80211_node let's us get lsta. */
857
	ni->ni_drv_data = lsta;
858

859
	lvif = VAP_TO_LVIF(vap);
860
	vif = LVIF_TO_VIF(lvif);
861
	sta = LSTA_TO_STA(lsta);
862

863
	IEEE80211_ADDR_COPY(sta->addr, mac);
864

865
	/* TXQ */
866
	for (tid = 0; tid < nitems(sta->txq); tid++) {
867
		struct lkpi_txq *ltxq;
868

869
		/* We are not limiting ourselves to hw.queues here. */
870
		ltxq = malloc(sizeof(*ltxq) + hw->txq_data_size,
871
		    M_LKPI80211, M_NOWAIT | M_ZERO);
872
		if (ltxq == NULL)
873
			goto cleanup;
874
		/* iwlwifi//mvm/sta.c::tid_to_mac80211_ac[] */
875
		if (tid == IEEE80211_NUM_TIDS) {
876
			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ)) {
877
				free(ltxq, M_LKPI80211);
878
				continue;
879
			}
880
			IMPROVE("AP/if we support non-STA here too");
881
			ltxq->txq.ac = IEEE80211_AC_VO;
882
		} else {
883
			ltxq->txq.ac = ieee80211e_up_to_ac[tid & 7];
884
		}
885
		ltxq->seen_dequeue = false;
886
		ltxq->stopped = false;
887
		ltxq->txq.vif = vif;
888
		ltxq->txq.tid = tid;
889
		ltxq->txq.sta = sta;
890
		TAILQ_ELEM_INIT(ltxq, txq_entry);
891
		skb_queue_head_init(&ltxq->skbq);
892
		LKPI_80211_LTXQ_LOCK_INIT(ltxq);
893
		sta->txq[tid] = &ltxq->txq;
894
	}
895

896
	/* Deflink information. */
897
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
898
		struct ieee80211_supported_band *supband;
899
		uint32_t rate_mandatory;;
900

901
		supband = hw->wiphy->bands[band];
902
		if (supband == NULL)
903
			continue;
904

905
		switch (band) {
906
		case NL80211_BAND_2GHZ:
907
			/* We have to assume 11g support here. */
908
			rate_mandatory = IEEE80211_RATE_MANDATORY_G |
909
			    IEEE80211_RATE_MANDATORY_B;
910
			break;
911
		case NL80211_BAND_5GHZ:
912
			rate_mandatory = IEEE80211_RATE_MANDATORY_A;
913
			break;
914
		default:
915
			continue;
916
		}
917

918
		for (i = 0; i < supband->n_bitrates; i++) {
919
			if ((supband->bitrates[i].flags & rate_mandatory) != 0)
920
				sta->deflink.supp_rates[band] |= BIT(i);
921
		}
922
	}
923

924
	sta->deflink.smps_mode = IEEE80211_SMPS_OFF;
925
	sta->deflink.bandwidth = IEEE80211_STA_RX_BW_20;
926
	sta->deflink.agg.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
927
	sta->deflink.rx_nss = 1;
928
	sta->deflink.sta = sta;
929

930
	lkpi_sta_sync_from_ni(hw, vif, sta, ni, false);
931

932
	IMPROVE("he, eht, bw_320, ... smps_mode, ..");
933

934
	/* Link configuration. */
935
	IEEE80211_ADDR_COPY(sta->deflink.addr, sta->addr);
936
	sta->link[0] = &sta->deflink;
937
	for (i = 1; i < nitems(sta->link); i++) {
938
		IMPROVE("more links; only link[0] = deflink currently.");
939
	}
940
	IMPROVE("11be");
941
	sta->mlo = false;
942

943
	/* Deferred TX path. */
944
	LKPI_80211_LSTA_TXQ_LOCK_INIT(lsta);
945
	TASK_INIT(&lsta->txq_task, 0, lkpi_80211_txq_task, lsta);
946
	mbufq_init(&lsta->txq, 32 * NAPI_POLL_WEIGHT);
947
	lsta->txq_ready = true;
948

949
	return (lsta);
950

951
cleanup:
952
	for (; tid >= 0; tid--) {
953
		struct lkpi_txq *ltxq;
954

955
		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
956
		LKPI_80211_LTXQ_LOCK_DESTROY(ltxq);
957
		free(sta->txq[tid], M_LKPI80211);
958
	}
959
	free(lsta, M_LKPI80211);
960
	return (NULL);
961
}
962

963
static void
964
lkpi_lsta_free(struct lkpi_sta *lsta, struct ieee80211_node *ni)
965
{
966
	struct mbuf *m;
967

968
	if (lsta->added_to_drv)
969
		panic("%s: Trying to free an lsta still known to firmware: "
970
		    "lsta %p ni %p added_to_drv %d\n",
971
		    __func__, lsta, ni, lsta->added_to_drv);
972

973
	/* XXX-BZ free resources, ... */
974
	IMPROVE();
975

976
	/* Drain sta->txq[] */
977

978
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
979
	lsta->txq_ready = false;
980
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
981

982
	/* Drain taskq, won't be restarted until added_to_drv is set again. */
983
	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
984
		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
985

986
	/* Flush mbufq (make sure to release ni refs!). */
987
	m = mbufq_dequeue(&lsta->txq);
988
	while (m != NULL) {
989
		struct ieee80211_node *nim;
990

991
		nim = (struct ieee80211_node *)m->m_pkthdr.rcvif;
992
		if (nim != NULL)
993
			ieee80211_free_node(nim);
994
		m_freem(m);
995
		m = mbufq_dequeue(&lsta->txq);
996
	}
997
	KASSERT(mbufq_empty(&lsta->txq), ("%s: lsta %p has txq len %d != 0\n",
998
	    __func__, lsta, mbufq_len(&lsta->txq)));
999
	LKPI_80211_LSTA_TXQ_LOCK_DESTROY(lsta);
1000

1001
	/* Remove lsta from vif; that is done by the state machine.  Should assert it? */
1002

1003
	IMPROVE("Make sure everything is cleaned up.");
1004

1005
	/* Free lsta. */
1006
	lsta->ni = NULL;
1007
	ni->ni_drv_data = NULL;
1008
	free(lsta, M_LKPI80211);
1009
}
1010

1011

1012
static enum nl80211_band
1013
lkpi_net80211_chan_to_nl80211_band(struct ieee80211_channel *c)
1014
{
1015

1016
	if (IEEE80211_IS_CHAN_2GHZ(c))
1017
		return (NL80211_BAND_2GHZ);
1018
	else if (IEEE80211_IS_CHAN_5GHZ(c))
1019
		return (NL80211_BAND_5GHZ);
1020
#ifdef __notyet__
1021
	else if ()
1022
		return (NL80211_BAND_6GHZ);
1023
	else if ()
1024
		return (NL80211_BAND_60GHZ);
1025
	else if (IEEE80211_IS_CHAN_GSM(c))
1026
		return (NL80211_BAND_XXX);
1027
#endif
1028
	else
1029
		panic("%s: unsupported band. c %p flags %#x\n",
1030
		    __func__, c, c->ic_flags);
1031
}
1032

1033
static uint32_t
1034
lkpi_nl80211_band_to_net80211_band(enum nl80211_band band)
1035
{
1036

1037
	/* XXX-BZ this is just silly; net80211 is too convoluted. */
1038
	/* IEEE80211_CHAN_A / _G / .. doesn't really work either. */
1039
	switch (band) {
1040
	case NL80211_BAND_2GHZ:
1041
		return (IEEE80211_CHAN_2GHZ);
1042
		break;
1043
	case NL80211_BAND_5GHZ:
1044
		return (IEEE80211_CHAN_5GHZ);
1045
		break;
1046
	case NL80211_BAND_60GHZ:
1047
		break;
1048
	case NL80211_BAND_6GHZ:
1049
		break;
1050
	default:
1051
		panic("%s: unsupported band %u\n", __func__, band);
1052
		break;
1053
	}
1054

1055
	IMPROVE();
1056
	return (0x00);
1057
}
1058

1059
#ifdef LINUXKPI_DEBUG_80211
1060
static const char *
1061
lkpi_nl80211_band_name(enum nl80211_band band)
1062
{
1063
	switch (band) {
1064
	case NL80211_BAND_2GHZ:
1065
		return "2Ghz";
1066
		break;
1067
	case NL80211_BAND_5GHZ:
1068
		return "5Ghz";
1069
		break;
1070
	case NL80211_BAND_60GHZ:
1071
		return "60Ghz";
1072
		break;
1073
	case NL80211_BAND_6GHZ:
1074
		return "6Ghz";
1075
		break;
1076
	default:
1077
		panic("%s: unsupported band %u\n", __func__, band);
1078
		break;
1079
	}
1080
}
1081
#endif
1082

1083
#if 0
1084
static enum ieee80211_ac_numbers
1085
lkpi_ac_net_to_l80211(int ac)
1086
{
1087

1088
	switch (ac) {
1089
	case WME_AC_VO:
1090
		return (IEEE80211_AC_VO);
1091
	case WME_AC_VI:
1092
		return (IEEE80211_AC_VI);
1093
	case WME_AC_BE:
1094
		return (IEEE80211_AC_BE);
1095
	case WME_AC_BK:
1096
		return (IEEE80211_AC_BK);
1097
	default:
1098
		printf("%s: invalid WME_AC_* input: ac = %d\n", __func__, ac);
1099
		return (IEEE80211_AC_BE);
1100
	}
1101
}
1102
#endif
1103

1104
static enum nl80211_iftype
1105
lkpi_opmode_to_vif_type(enum ieee80211_opmode opmode)
1106
{
1107

1108
	switch (opmode) {
1109
	case IEEE80211_M_IBSS:
1110
		return (NL80211_IFTYPE_ADHOC);
1111
		break;
1112
	case IEEE80211_M_STA:
1113
		return (NL80211_IFTYPE_STATION);
1114
		break;
1115
	case IEEE80211_M_WDS:
1116
		return (NL80211_IFTYPE_WDS);
1117
		break;
1118
	case IEEE80211_M_HOSTAP:
1119
		return (NL80211_IFTYPE_AP);
1120
		break;
1121
	case IEEE80211_M_MONITOR:
1122
		return (NL80211_IFTYPE_MONITOR);
1123
		break;
1124
	case IEEE80211_M_MBSS:
1125
		return (NL80211_IFTYPE_MESH_POINT);
1126
		break;
1127
	case IEEE80211_M_AHDEMO:
1128
		/* FALLTHROUGH */
1129
	default:
1130
		printf("ERROR: %s: unsupported opmode %d\n", __func__, opmode);
1131
		/* FALLTHROUGH */
1132
	}
1133
	return (NL80211_IFTYPE_UNSPECIFIED);
1134
}
1135

1136
#ifdef LKPI_80211_HW_CRYPTO
1137
static const char *
1138
lkpi_cipher_suite_to_name(uint32_t wlan_cipher_suite)
1139
{
1140
	switch (wlan_cipher_suite) {
1141
	case WLAN_CIPHER_SUITE_WEP40:
1142
		return ("WEP40");
1143
	case WLAN_CIPHER_SUITE_WEP104:
1144
		return ("WEP104");
1145
	case WLAN_CIPHER_SUITE_TKIP:
1146
		return ("TKIP");
1147
	case WLAN_CIPHER_SUITE_CCMP:
1148
		return ("CCMP");
1149
	case WLAN_CIPHER_SUITE_CCMP_256:
1150
		return ("CCMP_256");
1151
	case WLAN_CIPHER_SUITE_GCMP:
1152
		return ("GCMP");
1153
	case WLAN_CIPHER_SUITE_GCMP_256:
1154
		return ("GCMP_256");
1155
	case WLAN_CIPHER_SUITE_AES_CMAC:
1156
		return ("AES_CMAC");
1157
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1158
		return ("BIP_CMAC_256");
1159
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1160
		return ("BIP_GMAC_128");
1161
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1162
		return ("BIP_GMAC_256");
1163
	default:
1164
		return ("??");
1165
	}
1166
}
1167

1168
static uint32_t
1169
lkpi_l80211_to_net80211_cyphers(struct ieee80211com *ic,
1170
    uint32_t wlan_cipher_suite)
1171
{
1172
	switch (wlan_cipher_suite) {
1173
	case WLAN_CIPHER_SUITE_WEP40:
1174
		return (IEEE80211_CRYPTO_WEP);
1175
	case WLAN_CIPHER_SUITE_WEP104:
1176
		return (IEEE80211_CRYPTO_WEP);
1177
	case WLAN_CIPHER_SUITE_TKIP:
1178
		return (IEEE80211_CRYPTO_TKIP);
1179
	case WLAN_CIPHER_SUITE_CCMP:
1180
		return (IEEE80211_CRYPTO_AES_CCM);
1181
	case WLAN_CIPHER_SUITE_CCMP_256:
1182
		return (IEEE80211_CRYPTO_AES_CCM_256);
1183
	case WLAN_CIPHER_SUITE_GCMP:
1184
		return (IEEE80211_CRYPTO_AES_GCM_128);
1185
	case WLAN_CIPHER_SUITE_GCMP_256:
1186
		return (IEEE80211_CRYPTO_AES_GCM_256);
1187
	case WLAN_CIPHER_SUITE_AES_CMAC:
1188
		return (IEEE80211_CRYPTO_BIP_CMAC_128);
1189
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1190
		return (IEEE80211_CRYPTO_BIP_CMAC_256);
1191
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1192
		return (IEEE80211_CRYPTO_BIP_GMAC_128);
1193
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1194
		return (IEEE80211_CRYPTO_BIP_GMAC_256);
1195
	default:
1196
		ic_printf(ic, "%s: unknown WLAN Cipher Suite %#08x | %u (%s)\n",
1197
		    __func__,
1198
		    wlan_cipher_suite >> 8, wlan_cipher_suite & 0xff,
1199
		    lkpi_cipher_suite_to_name(wlan_cipher_suite));
1200
		return (0);
1201
	}
1202
}
1203

1204
static uint32_t
1205
lkpi_net80211_to_l80211_cipher_suite(uint32_t cipher, uint8_t keylen)
1206
{
1207

1208
	switch (cipher) {
1209
	case IEEE80211_CIPHER_WEP:
1210
		if (keylen == (40/NBBY))
1211
			return (WLAN_CIPHER_SUITE_WEP40);
1212
		else if (keylen == (104/NBBY))
1213
			return (WLAN_CIPHER_SUITE_WEP104);
1214
		else {
1215
			printf("%s: WEP with unsupported keylen %d\n",
1216
			    __func__, keylen * NBBY);
1217
			return (0);
1218
		}
1219
		break;
1220
	case IEEE80211_CIPHER_TKIP:
1221
		return (WLAN_CIPHER_SUITE_TKIP);
1222
	case IEEE80211_CIPHER_AES_CCM:
1223
		return (WLAN_CIPHER_SUITE_CCMP);
1224
	case IEEE80211_CIPHER_AES_CCM_256:
1225
		return (WLAN_CIPHER_SUITE_CCMP_256);
1226
	case IEEE80211_CIPHER_AES_GCM_128:
1227
		return (WLAN_CIPHER_SUITE_GCMP);
1228
	case IEEE80211_CIPHER_AES_GCM_256:
1229
		return (WLAN_CIPHER_SUITE_GCMP_256);
1230
	case IEEE80211_CIPHER_BIP_CMAC_128:
1231
		return (WLAN_CIPHER_SUITE_AES_CMAC);
1232
	case IEEE80211_CIPHER_BIP_CMAC_256:
1233
		return (WLAN_CIPHER_SUITE_BIP_CMAC_256);
1234
	case IEEE80211_CIPHER_BIP_GMAC_128:
1235
		return (WLAN_CIPHER_SUITE_BIP_GMAC_128);
1236
	case IEEE80211_CIPHER_BIP_GMAC_256:
1237
		return (WLAN_CIPHER_SUITE_BIP_GMAC_256);
1238

1239
	case IEEE80211_CIPHER_AES_OCB:
1240
	case IEEE80211_CIPHER_TKIPMIC:
1241
		/*
1242
		 * TKIP w/ hw MIC support
1243
		 * (gone wrong; should really be a crypto flag in net80211).
1244
		 */
1245
	case IEEE80211_CIPHER_CKIP:
1246
	case IEEE80211_CIPHER_NONE:
1247
		printf("%s: unsupported cipher %#010x\n", __func__, cipher);
1248
		break;
1249
	default:
1250
		printf("%s: unknown cipher %#010x\n", __func__, cipher);
1251
	};
1252
	return (0);
1253
}
1254
#endif
1255

1256
#ifdef __notyet__
1257
static enum ieee80211_sta_state
1258
lkpi_net80211_state_to_sta_state(enum ieee80211_state state)
1259
{
1260

1261
	/*
1262
	 * XXX-BZ The net80211 states are "try to ..", the lkpi8011 states are
1263
	 * "done".  Also ASSOC/AUTHORIZED are both "RUN" then?
1264
	 */
1265
	switch (state) {
1266
	case IEEE80211_S_INIT:
1267
		return (IEEE80211_STA_NOTEXIST);
1268
	case IEEE80211_S_SCAN:
1269
		return (IEEE80211_STA_NONE);
1270
	case IEEE80211_S_AUTH:
1271
		return (IEEE80211_STA_AUTH);
1272
	case IEEE80211_S_ASSOC:
1273
		return (IEEE80211_STA_ASSOC);
1274
	case IEEE80211_S_RUN:
1275
		return (IEEE80211_STA_AUTHORIZED);
1276
	case IEEE80211_S_CAC:
1277
	case IEEE80211_S_CSA:
1278
	case IEEE80211_S_SLEEP:
1279
	default:
1280
		UNIMPLEMENTED;
1281
	};
1282

1283
	return (IEEE80211_STA_NOTEXIST);
1284
}
1285
#endif
1286

1287
static struct linuxkpi_ieee80211_channel *
1288
lkpi_find_lkpi80211_chan(struct lkpi_hw *lhw,
1289
    struct ieee80211_channel *c)
1290
{
1291
	struct ieee80211_hw *hw;
1292
	struct linuxkpi_ieee80211_channel *channels;
1293
	enum nl80211_band band;
1294
	int i, nchans;
1295

1296
	hw = LHW_TO_HW(lhw);
1297
	band = lkpi_net80211_chan_to_nl80211_band(c);
1298
	if (hw->wiphy->bands[band] == NULL)
1299
		return (NULL);
1300

1301
	nchans = hw->wiphy->bands[band]->n_channels;
1302
	if (nchans <= 0)
1303
		return (NULL);
1304

1305
	channels = hw->wiphy->bands[band]->channels;
1306
	for (i = 0; i < nchans; i++) {
1307
		if (channels[i].center_freq == c->ic_freq)
1308
			return (&channels[i]);
1309
	}
1310

1311
	return (NULL);
1312
}
1313

1314
#if 0
1315
static struct linuxkpi_ieee80211_channel *
1316
lkpi_get_lkpi80211_chan(struct ieee80211com *ic, struct ieee80211_node *ni)
1317
{
1318
	struct linuxkpi_ieee80211_channel *chan;
1319
	struct ieee80211_channel *c;
1320
	struct lkpi_hw *lhw;
1321

1322
	chan = NULL;
1323
	if (ni != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC)
1324
		c = ni->ni_chan;
1325
	else if (ic->ic_bsschan != IEEE80211_CHAN_ANYC)
1326
		c = ic->ic_bsschan;
1327
	else if (ic->ic_curchan != IEEE80211_CHAN_ANYC)
1328
		c = ic->ic_curchan;
1329
	else
1330
		c = NULL;
1331

1332
	if (c != NULL && c != IEEE80211_CHAN_ANYC) {
1333
		lhw = ic->ic_softc;
1334
		chan = lkpi_find_lkpi80211_chan(lhw, c);
1335
	}
1336

1337
	return (chan);
1338
}
1339
#endif
1340

1341
struct linuxkpi_ieee80211_channel *
1342
linuxkpi_ieee80211_get_channel(struct wiphy *wiphy, uint32_t freq)
1343
{
1344
	enum nl80211_band band;
1345

1346
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
1347
		struct ieee80211_supported_band *supband;
1348
		struct linuxkpi_ieee80211_channel *channels;
1349
		int i;
1350

1351
		supband = wiphy->bands[band];
1352
		if (supband == NULL || supband->n_channels == 0)
1353
			continue;
1354

1355
		channels = supband->channels;
1356
		for (i = 0; i < supband->n_channels; i++) {
1357
			if (channels[i].center_freq == freq)
1358
				return (&channels[i]);
1359
		}
1360
	}
1361

1362
	return (NULL);
1363
}
1364

1365
#ifdef LKPI_80211_HW_CRYPTO
1366
static int
1367
lkpi_sta_del_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1368
    struct lkpi_sta *lsta)
1369
{
1370
	int error;
1371

1372
	if (!lkpi_hwcrypto)
1373
		return (0);
1374

1375
	lockdep_assert_wiphy(hw->wiphy);
1376
	ieee80211_ref_node(lsta->ni);
1377

1378
	error = 0;
1379
	for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc); keyix++) {
1380
		struct ieee80211_key_conf *kc;
1381
		int err;
1382

1383
		if (lsta->kc[keyix] == NULL)
1384
			continue;
1385
		kc = lsta->kc[keyix];
1386

1387
#ifdef LINUXKPI_DEBUG_80211
1388
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1389
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: running set_key cmd %d(%s) for "
1390
			    "sta %6D: keyidx %u hw_key_idx %u flags %b\n",
1391
			    curthread->td_tid, jiffies, __func__,
1392
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1393
			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1394
#endif
1395

1396
		err = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif,
1397
		    LSTA_TO_STA(lsta), kc);
1398
		if (err != 0) {
1399
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1400
			    "sta %6D failed: %d\n", curthread->td_tid, jiffies, __func__,
1401
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":", err);
1402
			error++;
1403

1404
			/*
1405
			 * If we free the key here we will never be able to get it
1406
			 * removed from the driver/fw which will likely make us
1407
			 * crash (firmware).
1408
			 */
1409
			continue;
1410
		}
1411
#ifdef LINUXKPI_DEBUG_80211
1412
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1413
			ic_printf(lsta->ni->ni_ic, "%d %lu %s: set_key cmd %d(%s) for "
1414
			    "sta %6D succeeded: keyidx %u hw_key_idx %u flags %b\n",
1415
			    curthread->td_tid, jiffies, __func__,
1416
			    DISABLE_KEY, "DISABLE", lsta->sta.addr, ":",
1417
			    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1418
#endif
1419

1420
		lsta->kc[keyix] = NULL;
1421
		free(kc, M_LKPI80211);
1422
	}
1423
	ieee80211_free_node(lsta->ni);
1424
	return (error);
1425
}
1426

1427
/* XXX-BZ one day we should replace this iterating over VIFs, or node list? */
1428
/* See also lkpi_sta_del_keys() these days. */
1429
static int
1430
lkpi_iv_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
1431
{
1432
	struct ieee80211com *ic;
1433
	struct lkpi_hw *lhw;
1434
	struct ieee80211_hw *hw;
1435
	struct lkpi_vif *lvif;
1436
	struct lkpi_sta *lsta;
1437
	struct ieee80211_vif *vif;
1438
	struct ieee80211_sta *sta;
1439
	struct ieee80211_node *ni;
1440
	struct ieee80211_key_conf *kc;
1441
	int error;
1442

1443
	ic = vap->iv_ic;
1444
	lhw = ic->ic_softc;
1445
	hw = LHW_TO_HW(lhw);
1446
	lvif = VAP_TO_LVIF(vap);
1447
	vif = LVIF_TO_VIF(lvif);
1448

1449
	/*
1450
	 * Make sure we do not make it here without going through
1451
	 * lkpi_iv_key_update_begin() first.
1452
	 */
1453
	lockdep_assert_wiphy(hw->wiphy);
1454

1455
	/*
1456
	 * While we are assoc we may still send packets.  We cannot delete the
1457
	 * keys as otherwise packets could go out unencrypted.  Some firmware
1458
	 * does not like this and will fire an assert.
1459
	 * net80211 needs to drive this better but given we want the disassoc
1460
	 * frame out and have to unlock we are open to a race currently.
1461
	 * This check should prevent problems.
1462
	 * How to test: run 800Mbit/s UDP traffic and during that restart your
1463
	 * supplicant.  You want to survive that.
1464
	 */
1465
	if (vif->cfg.assoc) {
1466
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1467
			ic_printf(ic, "%d %lu %s: vif still assoc; not deleting keys\n",
1468
			    curthread->td_tid, jiffies, __func__);
1469
		return (0);
1470
	}
1471

1472
	if (IEEE80211_KEY_UNDEFINED(k)) {
1473
		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1474
		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1475
		return (0);
1476
	}
1477

1478
	if (vap->iv_bss == NULL) {
1479
		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1480
		    __func__, vap->iv_bss, vap);
1481
		return (0);
1482
	}
1483

1484
	ni = ieee80211_ref_node(vap->iv_bss);
1485
	lsta = ni->ni_drv_data;
1486
	if (lsta == NULL) {
1487
		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1488
		    __func__, ni, ni->ni_bssid, ":");
1489
		ieee80211_free_node(ni);
1490
		return (0);
1491
	}
1492
	sta = LSTA_TO_STA(lsta);
1493

1494
	if (lsta->kc[k->wk_keyix] == NULL) {
1495
#ifdef LINUXKPI_DEBUG_80211
1496
		if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1497
			ic_printf(ic, "%d %lu %s: sta %6D and no key information, "
1498
			    "keyidx %u wk_macaddr %6D; returning success\n",
1499
			    curthread->td_tid, jiffies, __func__, sta->addr, ":",
1500
			    k->wk_keyix, k->wk_macaddr, ":");
1501
#endif
1502
		ieee80211_free_node(ni);
1503
		return (1);
1504
	}
1505
	kc = lsta->kc[k->wk_keyix];
1506

1507
#ifdef LINUXKPI_DEBUG_80211
1508
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1509
		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1510
		    "keyidx %u hw_key_idx %u flags %b\n",
1511
		    curthread->td_tid, jiffies, __func__,
1512
		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1513
		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1514
#endif
1515

1516
	error = lkpi_80211_mo_set_key(hw, DISABLE_KEY, vif, sta, kc);
1517
	if (error != 0) {
1518
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1519
		    curthread->td_tid, jiffies, __func__,
1520
		    DISABLE_KEY, "DISABLE", sta->addr, ":", error);
1521
		error = 0;
1522
		goto out;
1523
	}
1524

1525
#ifdef LINUXKPI_DEBUG_80211
1526
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1527
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1528
		    "keyidx %u hw_key_idx %u flags %b\n",
1529
		    curthread->td_tid, jiffies, __func__,
1530
		    DISABLE_KEY, "DISABLE", sta->addr, ":",
1531
		    kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1532
#endif
1533
	lsta->kc[k->wk_keyix] = NULL;
1534
	free(kc, M_LKPI80211);
1535
	error = 1;
1536
out:
1537
	ieee80211_free_node(ni);
1538
	return (error);
1539
}
1540

1541
static int
1542
lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
1543
{
1544
	struct ieee80211com *ic;
1545
	struct lkpi_hw *lhw;
1546
	struct ieee80211_hw *hw;
1547
	struct lkpi_vif *lvif;
1548
	struct lkpi_sta *lsta;
1549
	struct ieee80211_vif *vif;
1550
	struct ieee80211_sta *sta;
1551
	struct ieee80211_node *ni;
1552
	struct ieee80211_key_conf *kc;
1553
	uint32_t lcipher;
1554
	uint16_t exp_flags;
1555
	uint8_t keylen;
1556
	int error;
1557

1558
	ic = vap->iv_ic;
1559
	lhw = ic->ic_softc;
1560
	hw = LHW_TO_HW(lhw);
1561

1562
	/*
1563
	 * Make sure we do not make it here without going through
1564
	 * lkpi_iv_key_update_begin() first.
1565
	 */
1566
	lockdep_assert_wiphy(hw->wiphy);
1567

1568
	if (IEEE80211_KEY_UNDEFINED(k)) {
1569
		ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
1570
		    __func__, vap, k, k->wk_cipher, k->wk_keyix);
1571
		return (0);
1572
	}
1573

1574
	if (vap->iv_bss == NULL) {
1575
		ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
1576
		    __func__, vap->iv_bss, vap);
1577
		return (0);
1578
	}
1579
	ni = ieee80211_ref_node(vap->iv_bss);
1580
	lsta = ni->ni_drv_data;
1581
	if (lsta == NULL) {
1582
		ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
1583
		    __func__, ni, ni->ni_bssid, ":");
1584
		ieee80211_free_node(ni);
1585
		return (0);
1586
	}
1587
	sta = LSTA_TO_STA(lsta);
1588

1589
	keylen = k->wk_keylen;
1590
	lcipher = lkpi_net80211_to_l80211_cipher_suite(
1591
	    k->wk_cipher->ic_cipher, k->wk_keylen);
1592
	switch (lcipher) {
1593
	case WLAN_CIPHER_SUITE_TKIP:
1594
		keylen += 2 * k->wk_cipher->ic_miclen;
1595
		break;
1596
	case WLAN_CIPHER_SUITE_CCMP:
1597
	case WLAN_CIPHER_SUITE_GCMP:
1598
		break;
1599
	default:
1600
		ic_printf(ic, "%s: CIPHER SUITE %#x (%s) not supported\n",
1601
		    __func__, lcipher, lkpi_cipher_suite_to_name(lcipher));
1602
		IMPROVE();
1603
		ieee80211_free_node(ni);
1604
		return (0);
1605
	}
1606

1607
	if (lsta->kc[k->wk_keyix] != NULL) {
1608
		IMPROVE("Still in firmware? Del first. Can we assert this cannot happen?");
1609
		ic_printf(ic, "%s: sta %6D found with key information\n",
1610
		    __func__, sta->addr, ":");
1611
		kc = lsta->kc[k->wk_keyix];
1612
		lsta->kc[k->wk_keyix] = NULL;
1613
		free(kc, M_LKPI80211);
1614
		kc = NULL;	/* safeguard */
1615
	}
1616

1617
	kc = malloc(sizeof(*kc) + keylen, M_LKPI80211, M_WAITOK | M_ZERO);
1618
	kc->_k = k;		/* Save the pointer to net80211. */
1619
	kc->cipher = lcipher;
1620
	kc->keyidx = k->wk_keyix;
1621
#if 0
1622
	kc->hw_key_idx = /* set by hw and needs to be passed for TX */;
1623
#endif
1624
	atomic64_set(&kc->tx_pn, k->wk_keytsc);
1625
	kc->keylen = k->wk_keylen;
1626
	memcpy(kc->key, k->wk_key, k->wk_keylen);
1627

1628
	if (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))
1629
		kc->flags |= IEEE80211_KEY_FLAG_PAIRWISE;
1630
	if (k->wk_flags & IEEE80211_KEY_GROUP)
1631
		kc->flags &= ~IEEE80211_KEY_FLAG_PAIRWISE;
1632

1633
	kc->iv_len = k->wk_cipher->ic_header;
1634
	kc->icv_len = k->wk_cipher->ic_trailer;
1635

1636
	switch (kc->cipher) {
1637
	case WLAN_CIPHER_SUITE_TKIP:
1638
		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, k->wk_txmic, k->wk_cipher->ic_miclen);
1639
		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY, k->wk_rxmic, k->wk_cipher->ic_miclen);
1640
		break;
1641
	case WLAN_CIPHER_SUITE_CCMP:
1642
	case WLAN_CIPHER_SUITE_GCMP:
1643
		break;
1644
	default:
1645
		/* currently UNREACH */
1646
		IMPROVE();
1647
		break;
1648
	};
1649
	lsta->kc[k->wk_keyix] = kc;
1650

1651
#ifdef LINUXKPI_DEBUG_80211
1652
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1653
		ic_printf(ic, "%d %lu %s: running set_key cmd %d(%s) for sta %6D: "
1654
		    "kc %p keyidx %u hw_key_idx %u keylen %u flags %b\n",
1655
		    curthread->td_tid, jiffies, __func__,
1656
		    SET_KEY, "SET", sta->addr, ":", kc, kc->keyidx, kc->hw_key_idx,
1657
		    kc->keylen, kc->flags, IEEE80211_KEY_FLAG_BITS);
1658
#endif
1659

1660
	lvif = VAP_TO_LVIF(vap);
1661
	vif = LVIF_TO_VIF(lvif);
1662
	error = lkpi_80211_mo_set_key(hw, SET_KEY, vif, sta, kc);
1663
	if (error != 0) {
1664
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D failed: %d\n",
1665
		    curthread->td_tid, jiffies, __func__,
1666
		    SET_KEY, "SET", sta->addr, ":", error);
1667
		lsta->kc[k->wk_keyix] = NULL;
1668
		free(kc, M_LKPI80211);
1669
		ieee80211_free_node(ni);
1670
		return (0);
1671
	}
1672

1673
#ifdef LINUXKPI_DEBUG_80211
1674
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1675
		ic_printf(ic, "%d %lu %s: set_key cmd %d(%s) for sta %6D succeeded: "
1676
		    "kc %p keyidx %u hw_key_idx %u flags %b\n",
1677
		    curthread->td_tid, jiffies, __func__,
1678
		    SET_KEY, "SET", sta->addr, ":",
1679
		    kc, kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
1680
#endif
1681

1682
	exp_flags = 0;
1683
	switch (kc->cipher) {
1684
	case WLAN_CIPHER_SUITE_TKIP:
1685
		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1686
			IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1687
			IEEE80211_KEY_FLAG_GENERATE_MMIC |
1688
			IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
1689
#define	TKIP_INVAL_COMBINATION						\
1690
     (IEEE80211_KEY_FLAG_PUT_MIC_SPACE|IEEE80211_KEY_FLAG_GENERATE_MMIC)
1691
		if ((kc->flags & TKIP_INVAL_COMBINATION) == TKIP_INVAL_COMBINATION) {
1692
			ic_printf(ic, "%s: SET_KEY for %s returned invalid "
1693
			    "combination %b\n", __func__,
1694
			    lkpi_cipher_suite_to_name(kc->cipher),
1695
			    kc->flags, IEEE80211_KEY_FLAG_BITS);
1696
		}
1697
#undef	TKIP_INVAL_COMBINATION
1698
#ifdef __notyet__
1699
		/* Do flags surgery; special see linuxkpi_ieee80211_ifattach(). */
1700
		if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) != 0) {
1701
			k->wk_flags &= ~(IEEE80211_KEY_NOMICMGT|IEEE80211_KEY_NOMIC);
1702
			k->wk_flags |= IEEE80211_KEY_SWMIC;
1703
			ic->ic_cryptocaps &= ~IEEE80211_CRYPTO_TKIPMIC
1704
		}
1705
#endif
1706
		break;
1707
	case WLAN_CIPHER_SUITE_CCMP:
1708
	case WLAN_CIPHER_SUITE_GCMP:
1709
		exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
1710
		    IEEE80211_KEY_FLAG_PUT_IV_SPACE |
1711
		    IEEE80211_KEY_FLAG_GENERATE_IV |
1712
		    IEEE80211_KEY_FLAG_GENERATE_IV_MGMT |	/* Only needs IV geeration for MGMT frames. */
1713
		    IEEE80211_KEY_FLAG_SW_MGMT_TX);		/* MFP in software */
1714
		break;
1715
	}
1716
	if ((kc->flags & ~exp_flags) != 0)
1717
		ic_printf(ic, "%s: SET_KEY for %s returned unexpected key flags: "
1718
		    " %#06x & ~%#06x = %b\n", __func__,
1719
		    lkpi_cipher_suite_to_name(kc->cipher), kc->flags, exp_flags,
1720
		    (kc->flags & ~exp_flags), IEEE80211_KEY_FLAG_BITS);
1721

1722
#ifdef __notyet__
1723
	/* Do flags surgery. */
1724
	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) == 0)
1725
		k->wk_flags |= IEEE80211_KEY_NOIVMGT;
1726
	if ((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
1727
		k->wk_flags |= IEEE80211_KEY_NOIV;
1728
#endif
1729

1730
	ieee80211_free_node(ni);
1731
	return (1);
1732
}
1733

1734
static void
1735
lkpi_iv_key_update_begin(struct ieee80211vap *vap)
1736
{
1737
	struct ieee80211_node_table *nt;
1738
	struct ieee80211com *ic;
1739
	struct lkpi_hw *lhw;
1740
	struct ieee80211_hw *hw;
1741
	struct lkpi_vif *lvif;
1742
	struct ieee80211_node *ni;
1743
	bool icislocked, ntislocked;
1744

1745
	ic = vap->iv_ic;
1746
	lhw = ic->ic_softc;
1747
	hw = LHW_TO_HW(lhw);
1748
	lvif = VAP_TO_LVIF(vap);
1749
	nt = &ic->ic_sta;
1750

1751
	icislocked = IEEE80211_IS_LOCKED(ic);
1752
	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1753

1754
#ifdef LINUXKPI_DEBUG_80211
1755
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1756
		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1757
		    "lvif ic_unlocked %d nt_unlocked %d\n",
1758
		    curthread->td_tid, jiffies, __func__, vap,
1759
		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1760
		    lvif->ic_unlocked, lvif->nt_unlocked);
1761
#endif
1762

1763
	/*
1764
	 * This is inconsistent net80211 locking to be fixed one day.
1765
	 */
1766
	/* Try to make sure the node does not go away while possibly unlocked. */
1767
	ni = NULL;
1768
	if (icislocked || ntislocked) {
1769
		if (vap->iv_bss != NULL)
1770
			ni = ieee80211_ref_node(vap->iv_bss);
1771
	}
1772

1773
	if (icislocked)
1774
		IEEE80211_UNLOCK(ic);
1775
	if (ntislocked)
1776
		IEEE80211_NODE_UNLOCK(nt);
1777

1778
	wiphy_lock(hw->wiphy);
1779

1780
	KASSERT(lvif->key_update_iv_bss == NULL, ("%s: key_update_iv_bss not NULL %p",
1781
	    __func__, lvif->key_update_iv_bss));
1782
	lvif->key_update_iv_bss = ni;
1783

1784
	/*
1785
	 * ic/nt_unlocked could be a bool given we are under the lock and there
1786
	 * must only be a single thread.
1787
	 * In case anything in the future disturbs the order the refcnt will
1788
	 * help us catching problems a lot easier.
1789
	 */
1790
	if (icislocked)
1791
		refcount_acquire(&lvif->ic_unlocked);
1792
	if (ntislocked)
1793
		refcount_acquire(&lvif->nt_unlocked);
1794

1795
	/*
1796
	 * Stop the queues while doing key updates.
1797
	 */
1798
	ieee80211_stop_queues(hw);
1799
}
1800

1801
static void
1802
lkpi_iv_key_update_end(struct ieee80211vap *vap)
1803
{
1804
	struct ieee80211_node_table *nt;
1805
	struct ieee80211com *ic;
1806
	struct lkpi_hw *lhw;
1807
	struct ieee80211_hw *hw;
1808
	struct lkpi_vif *lvif;
1809
	bool icislocked, ntislocked;
1810

1811
	ic = vap->iv_ic;
1812
	lhw = ic->ic_softc;
1813
	hw = LHW_TO_HW(lhw);
1814
	lvif = VAP_TO_LVIF(vap);
1815
	nt = &ic->ic_sta;
1816

1817
	/*
1818
	 * Re-enabled the queues after the key update.
1819
	 */
1820
	lkpi_ieee80211_wake_queues_locked(hw);
1821

1822
	icislocked = IEEE80211_IS_LOCKED(ic);
1823
	MPASS(!icislocked);
1824
	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
1825
	MPASS(!ntislocked);
1826

1827
#ifdef LINUXKPI_DEBUG_80211
1828
	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
1829
		ic_printf(ic, "%d %lu %s: vap %p ic %p %slocked nt %p %slocked "
1830
		    "lvif ic_unlocked %d nt_unlocked %d\n",
1831
		    curthread->td_tid, jiffies, __func__, vap,
1832
		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
1833
		    lvif->ic_unlocked, lvif->nt_unlocked);
1834
#endif
1835

1836
	/*
1837
	 * Check under lock; see comment in lkpi_iv_key_update_begin().
1838
	 * In case the refcnt gets out of sync locking in net80211 will
1839
	 * quickly barf as well (trying to unlock a lock not held).
1840
	 */
1841
	icislocked = refcount_release_if_last(&lvif->ic_unlocked);
1842
	ntislocked = refcount_release_if_last(&lvif->nt_unlocked);
1843

1844
	if (lvif->key_update_iv_bss != NULL) {
1845
		ieee80211_free_node(lvif->key_update_iv_bss);
1846
		lvif->key_update_iv_bss = NULL;
1847
	}
1848

1849
	wiphy_unlock(hw->wiphy);
1850

1851
	/*
1852
	 * This is inconsistent net80211 locking to be fixed one day.
1853
	 * ic before nt to avoid a LOR.
1854
	 */
1855
	if (icislocked)
1856
		IEEE80211_LOCK(ic);
1857
	if (ntislocked)
1858
		IEEE80211_NODE_LOCK(nt);
1859
}
1860
#endif
1861

1862
static void
1863
lkpi_cleanup_mcast_list_locked(struct lkpi_hw *lhw)
1864
{
1865
	struct list_head *le, *next;
1866
	struct netdev_hw_addr *addr;
1867

1868
	if (lhw->mc_list.count != 0) {
1869
		list_for_each_safe(le, next, &lhw->mc_list.addr_list) {
1870
			addr = list_entry(le, struct netdev_hw_addr, addr_list);
1871
			list_del(le);
1872
			lhw->mc_list.count--;
1873
			free(addr, M_LKPI80211);
1874
		}
1875
	}
1876
	KASSERT(lhw->mc_list.count == 0, ("%s: mc_list %p count %d != 0\n",
1877
	    __func__, &lhw->mc_list, lhw->mc_list.count));
1878
}
1879

1880
static u_int
1881
lkpi_ic_update_mcast_copy(void *arg, struct sockaddr_dl *sdl, u_int cnt)
1882
{
1883
	struct netdev_hw_addr_list *mc_list;
1884
	struct netdev_hw_addr *addr;
1885

1886
	KASSERT(arg != NULL && sdl != NULL, ("%s: arg %p sdl %p cnt %u\n",
1887
	    __func__, arg, sdl, cnt));
1888

1889
	mc_list = arg;
1890
	/* If it is on the list already skip it. */
1891
	netdev_hw_addr_list_for_each(addr, mc_list) {
1892
		if (!memcmp(addr->addr, LLADDR(sdl), sdl->sdl_alen))
1893
			return (0);
1894
	}
1895

1896
	addr = malloc(sizeof(*addr), M_LKPI80211, M_NOWAIT | M_ZERO);
1897
	if (addr == NULL)
1898
		return (0);
1899

1900
	INIT_LIST_HEAD(&addr->addr_list);
1901
	memcpy(addr->addr, LLADDR(sdl), sdl->sdl_alen);
1902
	/* XXX this should be a netdev function? */
1903
	list_add(&addr->addr_list, &mc_list->addr_list);
1904
	mc_list->count++;
1905

1906
#ifdef LINUXKPI_DEBUG_80211
1907
	if (linuxkpi_debug_80211 & D80211_TRACE)
1908
		printf("%s:%d: mc_list count %d: added %6D\n",
1909
		    __func__, __LINE__, mc_list->count, addr->addr, ":");
1910
#endif
1911

1912
	return (1);
1913
}
1914

1915
static void
1916
lkpi_update_mcast_filter(struct ieee80211com *ic)
1917
{
1918
	struct lkpi_hw *lhw;
1919
	struct ieee80211_hw *hw;
1920
	u64 mc;
1921
	unsigned int changed_flags, flags;
1922
	bool scanning;
1923

1924
	lhw = ic->ic_softc;
1925

1926
	LKPI_80211_LHW_SCAN_LOCK(lhw);
1927
	scanning = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
1928
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
1929

1930
	LKPI_80211_LHW_MC_LOCK(lhw);
1931

1932
	flags = 0;
1933
	if (scanning)
1934
		flags |= FIF_BCN_PRBRESP_PROMISC;
1935
	/* The latter condition may not be as expected but seems wise. */
1936
	if (lhw->mc_all_multi || lhw->ops->prepare_multicast == NULL)
1937
		flags |= FIF_ALLMULTI;
1938

1939
	hw = LHW_TO_HW(lhw);
1940
	mc = lkpi_80211_mo_prepare_multicast(hw, &lhw->mc_list);
1941

1942
	changed_flags = (lhw->mc_flags ^ flags) & FIF_FLAGS_MASK;
1943
	lkpi_80211_mo_configure_filter(hw, changed_flags, &flags, mc);
1944
	lhw->mc_flags = flags;
1945

1946
#ifdef LINUXKPI_DEBUG_80211
1947
	if (linuxkpi_debug_80211 & D80211_TRACE)
1948
		printf("%s: changed_flags %#06x count %d mc_flags %#010x\n",
1949
		    __func__, changed_flags, lhw->mc_list.count, lhw->mc_flags);
1950
#endif
1951

1952
	LKPI_80211_LHW_MC_UNLOCK(lhw);
1953
}
1954

1955
static enum ieee80211_bss_changed
1956
lkpi_update_dtim_tsf(struct ieee80211_vif *vif, struct ieee80211_node *ni,
1957
    struct ieee80211vap *vap, const char *_f, int _l)
1958
{
1959
	enum ieee80211_bss_changed bss_changed;
1960

1961
	bss_changed = 0;
1962

1963
#ifdef LINUXKPI_DEBUG_80211
1964
	if (linuxkpi_debug_80211 & D80211_TRACE)
1965
		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
1966
		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
1967
		    "sync_device_ts %u bss_changed %#010jx\n",
1968
			__func__, __LINE__, _f, _l,
1969
			vif->cfg.assoc, vif->cfg.aid,
1970
			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
1971
			vif->bss_conf.sync_dtim_count,
1972
			(uintmax_t)vif->bss_conf.sync_tsf,
1973
			vif->bss_conf.sync_device_ts,
1974
			(uintmax_t)bss_changed);
1975
#endif
1976

1977
	if (vif->bss_conf.beacon_int != ni->ni_intval) {
1978
		vif->bss_conf.beacon_int = ni->ni_intval;
1979
		/* iwlwifi FW bug workaround; iwl_mvm_mac_sta_state. */
1980
		if (vif->bss_conf.beacon_int < 16)
1981
			vif->bss_conf.beacon_int = 16;
1982
		bss_changed |= BSS_CHANGED_BEACON_INT;
1983
	}
1984

1985
	/*
1986
	 * lkpi_iv_sta_recv_mgmt() will directly call into this function.
1987
	 * iwlwifi(4) in iwl_mvm_bss_info_changed_station_common() will
1988
	 * stop seesion protection the moment it sees
1989
	 * BSS_CHANGED_BEACON_INFO (with the expectations that it was
1990
	 * "a beacon from the associated AP"). It will also update
1991
	 * the beacon filter in that case.  This is the only place
1992
	 * we set the BSS_CHANGED_BEACON_INFO on the non-teardown
1993
	 * path so make sure we only do run this check once we are
1994
	 * assoc. (*iv_recv_mgmt)() will be called before we enter
1995
	 * here so the ni will be updates with information from the
1996
	 * beacon via net80211::sta_recv_mgmt().  We also need to
1997
	 * make sure we do not do it on every beacon we still may
1998
	 * get so only do if something changed.  vif->bss_conf.dtim_period
1999
	 * should be 0 as we start up (we also reset it on teardown).
2000
	 */
2001
	if (vif->cfg.assoc &&
2002
	    vif->bss_conf.dtim_period != ni->ni_dtim_period &&
2003
	    ni->ni_dtim_period > 0) {
2004
		vif->bss_conf.dtim_period = ni->ni_dtim_period;
2005
		bss_changed |= BSS_CHANGED_BEACON_INFO;
2006
	}
2007

2008
	vif->bss_conf.sync_dtim_count = ni->ni_dtim_count;
2009
	vif->bss_conf.sync_tsf = le64toh(ni->ni_tstamp.tsf);
2010
	/* vif->bss_conf.sync_device_ts = set in linuxkpi_ieee80211_rx. */
2011

2012
#ifdef LINUXKPI_DEBUG_80211
2013
	if (linuxkpi_debug_80211 & D80211_TRACE)
2014
		printf("%s:%d [%s:%d] assoc %d aid %d beacon_int %u "
2015
		    "dtim_period %u sync_dtim_count %u sync_tsf %ju "
2016
		    "sync_device_ts %u bss_changed %#010jx\n",
2017
			__func__, __LINE__, _f, _l,
2018
			vif->cfg.assoc, vif->cfg.aid,
2019
			vif->bss_conf.beacon_int, vif->bss_conf.dtim_period,
2020
			vif->bss_conf.sync_dtim_count,
2021
			(uintmax_t)vif->bss_conf.sync_tsf,
2022
			vif->bss_conf.sync_device_ts,
2023
			(uintmax_t)bss_changed);
2024
#endif
2025

2026
	return (bss_changed);
2027
}
2028

2029
static void
2030
lkpi_stop_hw_scan(struct lkpi_hw *lhw, struct ieee80211_vif *vif)
2031
{
2032
	struct ieee80211_hw *hw;
2033
	int error;
2034
	bool cancel;
2035

2036
	TRACE_SCAN(lhw->ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
2037

2038
	LKPI_80211_LHW_SCAN_LOCK(lhw);
2039
	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
2040
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
2041
	if (!cancel)
2042
		return;
2043

2044
	hw = LHW_TO_HW(lhw);
2045

2046
	IEEE80211_UNLOCK(lhw->ic);
2047
	wiphy_lock(hw->wiphy);
2048
	/* Need to cancel the scan. */
2049
	lkpi_80211_mo_cancel_hw_scan(hw, vif);
2050
	wiphy_unlock(hw->wiphy);
2051

2052
	/* Need to make sure we see ieee80211_scan_completed. */
2053
	LKPI_80211_LHW_SCAN_LOCK(lhw);
2054
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0)
2055
		error = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz/2);
2056
	cancel = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
2057
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
2058

2059
	IEEE80211_LOCK(lhw->ic);
2060

2061
	if (cancel)
2062
		ic_printf(lhw->ic, "%s: failed to cancel scan: %d (%p, %p)\n",
2063
		    __func__, error, lhw, vif);
2064
}
2065

2066
static void
2067
lkpi_hw_conf_idle(struct ieee80211_hw *hw, bool new)
2068
{
2069
	struct lkpi_hw *lhw;
2070
	int error;
2071
	bool old;
2072

2073
	old = hw->conf.flags & IEEE80211_CONF_IDLE;
2074
	if (old == new)
2075
		return;
2076

2077
	hw->conf.flags ^= IEEE80211_CONF_IDLE;
2078
	error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_IDLE);
2079
	if (error != 0 && error != EOPNOTSUPP) {
2080
		lhw = HW_TO_LHW(hw);
2081
		ic_printf(lhw->ic, "ERROR: %s: config %#0x returned %d\n",
2082
		    __func__, IEEE80211_CONF_CHANGE_IDLE, error);
2083
	}
2084
}
2085

2086
static enum ieee80211_bss_changed
2087
lkpi_disassoc(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
2088
    struct lkpi_hw *lhw)
2089
{
2090
	enum ieee80211_bss_changed changed;
2091
	struct lkpi_vif *lvif;
2092

2093
	changed = 0;
2094
	sta->aid = 0;
2095
	if (vif->cfg.assoc) {
2096

2097
		vif->cfg.assoc = false;
2098
		vif->cfg.aid = 0;
2099
		changed |= BSS_CHANGED_ASSOC;
2100
		IMPROVE();
2101

2102
		lkpi_update_mcast_filter(lhw->ic);
2103

2104
		/*
2105
		 * Executing the bss_info_changed(BSS_CHANGED_ASSOC) with
2106
		 * assoc = false right away here will remove the sta from
2107
		 * firmware for iwlwifi.
2108
		 * We no longer do this but only return the BSS_CHNAGED value.
2109
		 * The caller is responsible for removing the sta gong to
2110
		 * IEEE80211_STA_NOTEXIST and then executing the
2111
		 * bss_info_changed() update.
2112
		 * See lkpi_sta_run_to_init() for more detailed comment.
2113
		 */
2114

2115
		lvif = VIF_TO_LVIF(vif);
2116
		lvif->beacons = 0;
2117
	}
2118

2119
	return (changed);
2120
}
2121

2122
static void
2123
lkpi_wake_tx_queues(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
2124
    bool dequeue_seen, bool no_emptyq)
2125
{
2126
	struct lkpi_txq *ltxq;
2127
	int tid;
2128
	bool ltxq_empty;
2129

2130
	/* Wake up all queues to know they are allocated in the driver. */
2131
	for (tid = 0; tid < nitems(sta->txq); tid++) {
2132

2133
		if (tid == IEEE80211_NUM_TIDS) {
2134
			IMPROVE("station specific?");
2135
			if (!ieee80211_hw_check(hw, STA_MMPDU_TXQ))
2136
				continue;
2137
		} else if (tid >= hw->queues)
2138
			continue;
2139

2140
		if (sta->txq[tid] == NULL)
2141
			continue;
2142

2143
		ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
2144
		if (dequeue_seen && !ltxq->seen_dequeue)
2145
			continue;
2146

2147
		LKPI_80211_LTXQ_LOCK(ltxq);
2148
		ltxq_empty = skb_queue_empty(&ltxq->skbq);
2149
		LKPI_80211_LTXQ_UNLOCK(ltxq);
2150
		if (no_emptyq && ltxq_empty)
2151
			continue;
2152

2153
		lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid], false);
2154
	}
2155
}
2156

2157
/*
2158
 * On the way down from RUN -> ASSOC -> AUTH we may send a DISASSOC or DEAUTH
2159
 * packet.  The problem is that the state machine functions tend to hold the
2160
 * LHW lock which will prevent lkpi_80211_txq_tx_one() from sending the packet.
2161
 * We call this after dropping the ic lock and before acquiring the LHW lock.
2162
 * we make sure no further packets are queued and if they are queued the task
2163
 * will finish or be cancelled.  At the end if a packet is left we manually
2164
 * send it.  scan_to_auth() would re-enable sending if the lsta would be
2165
 * re-used.
2166
 */
2167
static void
2168
lkpi_80211_flush_tx(struct lkpi_hw *lhw, struct lkpi_sta *lsta)
2169
{
2170
	struct ieee80211_hw *hw;
2171
	struct mbufq mq;
2172
	struct mbuf *m;
2173
	int len;
2174

2175
	/* There is no lockdep_assert_not_held_wiphy(). */
2176
	hw = LHW_TO_HW(lhw);
2177
	lockdep_assert_not_held(&hw->wiphy->mtx);
2178

2179
	/* Do not accept any new packets until scan_to_auth or lsta_free(). */
2180
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2181
	lsta->txq_ready = false;
2182
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2183

2184
	while (taskqueue_cancel(taskqueue_thread, &lsta->txq_task, NULL) != 0)
2185
		taskqueue_drain(taskqueue_thread, &lsta->txq_task);
2186

2187
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2188
	len = mbufq_len(&lsta->txq);
2189
	if (len <= 0) {
2190
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2191
		return;
2192
	}
2193

2194
	mbufq_init(&mq, IFQ_MAXLEN);
2195
	mbufq_concat(&mq, &lsta->txq);
2196
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2197

2198
	m = mbufq_dequeue(&mq);
2199
	while (m != NULL) {
2200
		lkpi_80211_txq_tx_one(lsta, m);
2201
		m = mbufq_dequeue(&mq);
2202
	}
2203
}
2204

2205

2206
static void
2207
lkpi_remove_chanctx(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2208
{
2209
	struct ieee80211_chanctx_conf *chanctx_conf;
2210
	struct lkpi_chanctx *lchanctx;
2211

2212
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2213
	    lockdep_is_held(&hw->wiphy->mtx));
2214

2215
	if (chanctx_conf == NULL)
2216
		return;
2217

2218
	/* Remove vif context. */
2219
	lkpi_80211_mo_unassign_vif_chanctx(hw, vif, &vif->bss_conf, chanctx_conf);
2220

2221
	lkpi_hw_conf_idle(hw, true);
2222

2223
	/* Remove chan ctx. */
2224
	lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2225

2226
	/* Cleanup. */
2227
	rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2228
	lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2229
	list_del(&lchanctx->entry);
2230
	free(lchanctx, M_LKPI80211);
2231
}
2232

2233

2234
/* -------------------------------------------------------------------------- */
2235

2236
static int
2237
lkpi_sta_state_do_nada(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2238
{
2239

2240
	return (0);
2241
}
2242

2243
/* lkpi_iv_newstate() handles the stop scan case generally. */
2244
#define	lkpi_sta_scan_to_init(_v, _n, _a)	lkpi_sta_state_do_nada(_v, _n, _a)
2245

2246
static int
2247
lkpi_sta_scan_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2248
{
2249
	struct linuxkpi_ieee80211_channel *chan;
2250
	struct lkpi_chanctx *lchanctx;
2251
	struct ieee80211_chanctx_conf *chanctx_conf;
2252
	struct lkpi_hw *lhw;
2253
	struct ieee80211_hw *hw;
2254
	struct lkpi_vif *lvif;
2255
	struct ieee80211_vif *vif;
2256
	struct ieee80211_node *ni;
2257
	struct lkpi_sta *lsta;
2258
	enum ieee80211_bss_changed bss_changed;
2259
	struct ieee80211_prep_tx_info prep_tx_info;
2260
	uint32_t changed;
2261
	int error;
2262
	bool synched;
2263

2264
	/*
2265
	 * In here we use vap->iv_bss until lvif->lvif_bss is set.
2266
	 * For all later (STATE >= AUTH) functions we need to use the lvif
2267
	 * cache which will be tracked even through (*iv_update_bss)().
2268
	 */
2269

2270
	if (vap->iv_bss == NULL) {
2271
		ic_printf(vap->iv_ic, "%s: no iv_bss for vap %p\n", __func__, vap);
2272
		return (EINVAL);
2273
	}
2274
	/*
2275
	 * Keep the ni alive locally.  In theory (and practice) iv_bss can change
2276
	 * once we unlock here.  This is due to net80211 allowing state changes
2277
	 * and new join1() despite having an active node as well as due to
2278
	 * the fact that the iv_bss can be swapped under the hood in (*iv_update_bss).
2279
	 */
2280
	ni = ieee80211_ref_node(vap->iv_bss);
2281
	if (ni->ni_chan == NULL || ni->ni_chan == IEEE80211_CHAN_ANYC) {
2282
		ic_printf(vap->iv_ic, "%s: no channel set for iv_bss ni %p "
2283
		    "on vap %p\n", __func__, ni, vap);
2284
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2285
		return (EINVAL);
2286
	}
2287

2288
	lhw = vap->iv_ic->ic_softc;
2289
	chan = lkpi_find_lkpi80211_chan(lhw, ni->ni_chan);
2290
	if (chan == NULL) {
2291
		ic_printf(vap->iv_ic, "%s: failed to get LKPI channel from "
2292
		    "iv_bss ni %p on vap %p\n", __func__, ni, vap);
2293
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2294
		return (ESRCH);
2295
	}
2296

2297
	hw = LHW_TO_HW(lhw);
2298
	lvif = VAP_TO_LVIF(vap);
2299
	vif = LVIF_TO_VIF(lvif);
2300

2301
	LKPI_80211_LVIF_LOCK(lvif);
2302
	/* XXX-BZ KASSERT later? */
2303
	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL) {
2304
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2305
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2306
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2307
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2308
		    lvif->lvif_bss_synched);
2309
		LKPI_80211_LVIF_UNLOCK(lvif);
2310
		ieee80211_free_node(ni);	/* Error handling for the local ni. */
2311
		return (EBUSY);
2312
	}
2313
	LKPI_80211_LVIF_UNLOCK(lvif);
2314

2315
	IEEE80211_UNLOCK(vap->iv_ic);
2316
	wiphy_lock(hw->wiphy);
2317

2318
	/* Add chanctx (or if exists, change it). */
2319
	chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf,
2320
	    lockdep_is_held(&hw->wiphy->mtx));
2321
	if (chanctx_conf != NULL) {
2322
		lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2323
		IMPROVE("diff changes for changed, working on live copy, rcu");
2324
	} else {
2325
		/* Keep separate alloc as in Linux this is rcu managed? */
2326
		lchanctx = malloc(sizeof(*lchanctx) + hw->chanctx_data_size,
2327
		    M_LKPI80211, M_WAITOK | M_ZERO);
2328
		chanctx_conf = &lchanctx->chanctx_conf;
2329
	}
2330

2331
	chanctx_conf->rx_chains_static = 1;
2332
	chanctx_conf->rx_chains_dynamic = 1;
2333
	chanctx_conf->radar_enabled =
2334
	    (chan->flags & IEEE80211_CHAN_RADAR) ? true : false;
2335
	chanctx_conf->def.chan = chan;
2336
	chanctx_conf->def.width = NL80211_CHAN_WIDTH_20_NOHT;
2337
	chanctx_conf->def.center_freq1 = ieee80211_get_channel_center_freq1(ni->ni_chan);
2338
	chanctx_conf->def.center_freq2 = ieee80211_get_channel_center_freq2(ni->ni_chan);
2339
	IMPROVE("Check vht_cap from band not just chan?");
2340
	KASSERT(ni->ni_chan != NULL && ni->ni_chan != IEEE80211_CHAN_ANYC,
2341
	   ("%s:%d: ni %p ni_chan %p\n", __func__, __LINE__, ni, ni->ni_chan));
2342

2343
#ifdef LKPI_80211_HT
2344
	if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2345
		if (IEEE80211_IS_CHAN_HT40(ni->ni_chan))
2346
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_40;
2347
		else
2348
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_20;
2349
	}
2350
#endif
2351
#ifdef LKPI_80211_VHT
2352
	if (IEEE80211_IS_CHAN_VHT_5GHZ(ni->ni_chan)) {
2353
		if (IEEE80211_IS_CHAN_VHT80P80(ni->ni_chan))
2354
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_80P80;
2355
		else if (IEEE80211_IS_CHAN_VHT160(ni->ni_chan))
2356
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_160;
2357
		else if (IEEE80211_IS_CHAN_VHT80(ni->ni_chan))
2358
			chanctx_conf->def.width = NL80211_CHAN_WIDTH_80;
2359
	}
2360
#endif
2361
	chanctx_conf->rx_chains_dynamic = lkpi_get_max_rx_chains(ni);
2362
	/* Responder ... */
2363
#if 0
2364
	chanctx_conf->min_def.chan = chanctx_conf->def.chan;
2365
	chanctx_conf->min_def.width = NL80211_CHAN_WIDTH_20_NOHT;
2366
#ifdef LKPI_80211_HT
2367
	if (IEEE80211_IS_CHAN_HT(ni->ni_chan) || IEEE80211_IS_CHAN_VHT(ni->ni_chan))
2368
		chanctx_conf->min_def.width = NL80211_CHAN_WIDTH_20;
2369
#endif
2370
	chanctx_conf->min_def.center_freq1 = chanctx_conf->def.center_freq1;
2371
	chanctx_conf->min_def.center_freq2 = chanctx_conf->def.center_freq2;
2372
#else
2373
	chanctx_conf->min_def = chanctx_conf->def;
2374
#endif
2375

2376
	/* Set bss info (bss_info_changed). */
2377
	bss_changed = 0;
2378
	vif->bss_conf.bssid = ni->ni_bssid;
2379
	bss_changed |= BSS_CHANGED_BSSID;
2380
	vif->bss_conf.txpower = ni->ni_txpower;
2381
	bss_changed |= BSS_CHANGED_TXPOWER;
2382
	vif->cfg.idle = false;
2383
	bss_changed |= BSS_CHANGED_IDLE;
2384

2385
	/* vif->bss_conf.basic_rates ? Where exactly? */
2386

2387
	lvif->beacons = 0;
2388
	/* Should almost assert it is this. */
2389
	vif->cfg.assoc = false;
2390
	vif->cfg.aid = 0;
2391

2392
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
2393

2394
	error = 0;
2395
	if (vif->bss_conf.chanctx_conf == chanctx_conf) {
2396
		changed = IEEE80211_CHANCTX_CHANGE_MIN_WIDTH;
2397
		changed |= IEEE80211_CHANCTX_CHANGE_RADAR;
2398
		changed |= IEEE80211_CHANCTX_CHANGE_RX_CHAINS;
2399
		changed |= IEEE80211_CHANCTX_CHANGE_WIDTH;
2400
		lkpi_80211_mo_change_chanctx(hw, chanctx_conf, changed);
2401
	} else {
2402
		/* The device is no longer idle. */
2403
		IMPROVE("Once we do multi-vif, only do for 1st chanctx");
2404
		lkpi_hw_conf_idle(hw, false);
2405

2406
		error = lkpi_80211_mo_add_chanctx(hw, chanctx_conf);
2407
		if (error == 0 || error == EOPNOTSUPP) {
2408
			vif->bss_conf.chanreq.oper.chan = chanctx_conf->def.chan;
2409
			vif->bss_conf.chanreq.oper.width = chanctx_conf->def.width;
2410
			vif->bss_conf.chanreq.oper.center_freq1 =
2411
			    chanctx_conf->def.center_freq1;
2412
			vif->bss_conf.chanreq.oper.center_freq2 =
2413
			    chanctx_conf->def.center_freq2;
2414
		} else {
2415
			ic_printf(vap->iv_ic, "%s:%d: mo_add_chanctx "
2416
			    "failed: %d\n", __func__, __LINE__, error);
2417
			goto out;
2418
		}
2419

2420
		list_add_rcu(&lchanctx->entry, &lhw->lchanctx_list);
2421
		rcu_assign_pointer(vif->bss_conf.chanctx_conf, chanctx_conf);
2422

2423
		/* Assign vif chanctx. */
2424
		if (error == 0)
2425
			error = lkpi_80211_mo_assign_vif_chanctx(hw, vif,
2426
			    &vif->bss_conf, chanctx_conf);
2427
		if (error == EOPNOTSUPP)
2428
			error = 0;
2429
		if (error != 0) {
2430
			ic_printf(vap->iv_ic, "%s:%d: mo_assign_vif_chanctx "
2431
			    "failed: %d\n", __func__, __LINE__, error);
2432
			lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
2433
			rcu_assign_pointer(vif->bss_conf.chanctx_conf, NULL);
2434
			lchanctx = CHANCTX_CONF_TO_LCHANCTX(chanctx_conf);
2435
			list_del(&lchanctx->entry);
2436
			free(lchanctx, M_LKPI80211);
2437
			goto out;
2438
		}
2439
	}
2440
	IMPROVE("update radiotap chan fields too");
2441

2442
	/* RATES */
2443
	IMPROVE("bss info: not all needs to come now and rates are missing");
2444
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2445

2446
	/*
2447
	 * Given ni and lsta are 1:1 from alloc to free we can assert that
2448
	 * ni always has lsta data attach despite net80211 node swapping
2449
	 * under the hoods.
2450
	 */
2451
	KASSERT(ni->ni_drv_data != NULL, ("%s: ni %p ni_drv_data %p\n",
2452
	    __func__, ni, ni->ni_drv_data));
2453
	lsta = ni->ni_drv_data;
2454

2455
	/* Insert the [l]sta into the list of known stations. */
2456
	list_add_tail(&lsta->lsta_list, &lvif->lsta_list);
2457

2458
	/* Add (or adjust) sta and change state (from NOTEXIST) to NONE. */
2459
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2460
	KASSERT(lsta->state == IEEE80211_STA_NOTEXIST, ("%s: lsta %p state not "
2461
	    "NOTEXIST: %#x\n", __func__, lsta, lsta->state));
2462
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
2463
	if (error != 0) {
2464
		IMPROVE("do we need to undo the chan ctx?");
2465
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
2466
		    "failed: %d\n", __func__, __LINE__, error);
2467
		goto out;
2468
	}
2469
#if 0
2470
	lsta->added_to_drv = true;	/* mo manages. */
2471
#endif
2472

2473
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2474

2475
#if 0
2476
	/*
2477
	 * Wakeup all queues now that sta is there so we have as much time to
2478
	 * possibly prepare the queue in the driver to be ready for the 1st
2479
	 * packet;  lkpi_80211_txq_tx_one() still has a workaround as there
2480
	 * is no guarantee or way to check.
2481
	 * XXX-BZ and by now we know that this does not work on all drivers
2482
	 * for all queues.
2483
	 */
2484
	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, false);
2485
#endif
2486

2487
	/* Start mgd_prepare_tx. */
2488
	memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2489
	prep_tx_info.duration = PREP_TX_INFO_DURATION;
2490
	lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2491
	lsta->in_mgd = true;
2492

2493
	/*
2494
	 * What is going to happen next:
2495
	 * - <twiddle> .. we should end up in "auth_to_assoc"
2496
	 * - event_callback
2497
	 * - update sta_state (NONE to AUTH)
2498
	 * - mgd_complete_tx
2499
	 * (ideally we'd do that on a callback for something else ...)
2500
	 */
2501

2502
	wiphy_unlock(hw->wiphy);
2503
	IEEE80211_LOCK(vap->iv_ic);
2504

2505
	LKPI_80211_LVIF_LOCK(lvif);
2506
	/* Re-check given (*iv_update_bss) could have happened while we were unlocked. */
2507
	if (lvif->lvif_bss_synched || lvif->lvif_bss != NULL ||
2508
	    lsta->ni != vap->iv_bss)
2509
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2510
		    "lvif_bss->ni %p synched %d, ni %p lsta %p\n", __func__, __LINE__,
2511
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2512
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2513
		    lvif->lvif_bss_synched, ni, lsta);
2514

2515
	/*
2516
	 * Reference the "ni" for caching the lsta/ni in lvif->lvif_bss.
2517
	 * Given we cache lsta we use lsta->ni instead of ni here (even though
2518
	 * lsta->ni == ni) to be distinct from the rest of the code where we do
2519
	 * assume that ni == vap->iv_bss which it may or may not be.
2520
	 * So do NOT use iv_bss here anymore as that may have diverged from our
2521
	 * function local ni already while ic was unlocked and would lead to
2522
	 * inconsistencies.  Go and see if we lost a race and do not update
2523
	 * lvif_bss_synched in that case.
2524
	 */
2525
	ieee80211_ref_node(lsta->ni);
2526
	lvif->lvif_bss = lsta;
2527
	if (lsta->ni == vap->iv_bss) {
2528
		lvif->lvif_bss_synched = synched = true;
2529
	} else {
2530
		/* Set to un-synched no matter what. */
2531
		lvif->lvif_bss_synched = synched = false;
2532
		/*
2533
		 * We do not error as someone has to take us down.
2534
		 * If we are followed by a 2nd, new net80211::join1() going to
2535
		 * AUTH lkpi_sta_a_to_a() will error, lkpi_sta_auth_to_{scan,init}()
2536
		 * will take the lvif->lvif_bss node down eventually.
2537
		 * What happens with the vap->iv_bss node will entirely be up
2538
		 * to net80211 as we never used the node beyond alloc()/free()
2539
		 * and we do not hold an extra reference for that anymore given
2540
		 * ni : lsta == 1:1.
2541
		 * Problem is if we do not error a MGMT/AUTH frame will be
2542
		 * sent from net80211::sta_newstate(); disable lsta queue below.
2543
		 */
2544
	}
2545
	LKPI_80211_LVIF_UNLOCK(lvif);
2546
	/*
2547
	 * Make sure in case the sta did not change and we re-added it,
2548
	 * that we can tx again but only if the vif/iv_bss are in sync.
2549
	 * Otherwise this should prevent the MGMT/AUTH frame from being
2550
	 * sent triggering a warning in iwlwifi.
2551
	 */
2552
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
2553
	lsta->txq_ready = synched;
2554
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
2555
	goto out_relocked;
2556

2557
out:
2558
	wiphy_unlock(hw->wiphy);
2559
	IEEE80211_LOCK(vap->iv_ic);
2560
out_relocked:
2561
	/*
2562
	 * Release the reference that kept the ni stable locally
2563
	 * during the work of this function.
2564
	 */
2565
	if (ni != NULL)
2566
		ieee80211_free_node(ni);
2567
	return (error);
2568
}
2569

2570
static int
2571
lkpi_sta_auth_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2572
{
2573
	struct lkpi_hw *lhw;
2574
	struct ieee80211_hw *hw;
2575
	struct lkpi_vif *lvif;
2576
	struct ieee80211_vif *vif;
2577
	struct ieee80211_node *ni;
2578
	struct lkpi_sta *lsta;
2579
	struct ieee80211_sta *sta;
2580
	struct ieee80211_prep_tx_info prep_tx_info;
2581
	enum ieee80211_bss_changed bss_changed;
2582
	int error;
2583

2584
	lhw = vap->iv_ic->ic_softc;
2585
	hw = LHW_TO_HW(lhw);
2586
	lvif = VAP_TO_LVIF(vap);
2587
	vif = LVIF_TO_VIF(lvif);
2588

2589
	LKPI_80211_LVIF_LOCK(lvif);
2590
#ifdef LINUXKPI_DEBUG_80211
2591
	/* XXX-BZ KASSERT later; state going down so no action. */
2592
	if (lvif->lvif_bss == NULL)
2593
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2594
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2595
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2596
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2597
		    lvif->lvif_bss_synched);
2598
#endif
2599

2600
	lsta = lvif->lvif_bss;
2601
	LKPI_80211_LVIF_UNLOCK(lvif);
2602
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
2603
	    "lvif %p vap %p\n", __func__,
2604
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
2605
	ni = lsta->ni;			/* Reference held for lvif_bss. */
2606
	sta = LSTA_TO_STA(lsta);
2607

2608
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2609

2610
	IEEE80211_UNLOCK(vap->iv_ic);
2611
	wiphy_lock(hw->wiphy);
2612

2613
	/* flush, drop. */
2614
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
2615

2616
	/* Wake tx queues to get packet(s) out. */
2617
	lkpi_wake_tx_queues(hw, sta, false, true);
2618

2619
	/* flush, no drop */
2620
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
2621

2622
	/* End mgd_complete_tx. */
2623
	if (lsta->in_mgd) {
2624
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2625
		prep_tx_info.success = false;
2626
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2627
		lsta->in_mgd = false;
2628
	}
2629

2630
	/* sync_rx_queues */
2631
	lkpi_80211_mo_sync_rx_queues(hw);
2632

2633
	/* sta_pre_rcu_remove */
2634
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
2635

2636
	/* Take the station down. */
2637

2638
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
2639
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2640
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2641
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
2642
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
2643
	if (error != 0) {
2644
		IMPROVE("do we need to undo the chan ctx?");
2645
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
2646
		    "failed: %d\n", __func__, __LINE__, error);
2647
		goto out;
2648
	}
2649
#if 0
2650
	lsta->added_to_drv = false;	/* mo manages. */
2651
#endif
2652

2653
	bss_changed = 0;
2654
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
2655
	bss_changed |= BSS_CHANGED_BEACON_INFO;
2656
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
2657

2658
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2659

2660
	LKPI_80211_LVIF_LOCK(lvif);
2661
	/* Remove ni reference for this cache of lsta. */
2662
	lvif->lvif_bss = NULL;
2663
	lvif->lvif_bss_synched = false;
2664
	LKPI_80211_LVIF_UNLOCK(lvif);
2665
	lkpi_lsta_remove(lsta, lvif);
2666

2667
	/* conf_tx */
2668

2669
	lkpi_remove_chanctx(hw, vif);
2670

2671
out:
2672
	wiphy_unlock(hw->wiphy);
2673
	IEEE80211_LOCK(vap->iv_ic);
2674
	if (error == 0) {
2675
		/*
2676
		 * We do this outside the wiphy lock as net80211::node_free() may call
2677
		 * into crypto code to delete keys and we have a recursed on
2678
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
2679
		 *
2680
		 * The very last release the reference on the ni for the ni/lsta on
2681
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
2682
		 * and potentially freed.
2683
		 */
2684
		ieee80211_free_node(ni);
2685
	}
2686
	return (error);
2687
}
2688

2689
static int
2690
lkpi_sta_auth_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2691
{
2692
	int error;
2693

2694
	error = lkpi_sta_auth_to_scan(vap, nstate, arg);
2695
	if (error == 0)
2696
		error = lkpi_sta_scan_to_init(vap, nstate, arg);
2697
	return (error);
2698
}
2699

2700
static int
2701
lkpi_sta_auth_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2702
{
2703
	struct lkpi_hw *lhw;
2704
	struct ieee80211_hw *hw;
2705
	struct lkpi_vif *lvif;
2706
	struct ieee80211_vif *vif;
2707
	struct lkpi_sta *lsta;
2708
	struct ieee80211_prep_tx_info prep_tx_info;
2709
	int error;
2710

2711
	lhw = vap->iv_ic->ic_softc;
2712
	hw = LHW_TO_HW(lhw);
2713
	lvif = VAP_TO_LVIF(vap);
2714
	vif = LVIF_TO_VIF(lvif);
2715

2716
	IEEE80211_UNLOCK(vap->iv_ic);
2717
	wiphy_lock(hw->wiphy);
2718

2719
	LKPI_80211_LVIF_LOCK(lvif);
2720
	/* XXX-BZ KASSERT later? */
2721
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2722
#ifdef LINUXKPI_DEBUG_80211
2723
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2724
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2725
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2726
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2727
		    lvif->lvif_bss_synched);
2728
#endif
2729
		error = ENOTRECOVERABLE;
2730
		LKPI_80211_LVIF_UNLOCK(lvif);
2731
		goto out;
2732
	}
2733
	lsta = lvif->lvif_bss;
2734
	LKPI_80211_LVIF_UNLOCK(lvif);
2735

2736
	KASSERT(lsta != NULL, ("%s: lsta %p\n", __func__, lsta));
2737

2738
	/* Finish auth. */
2739
	IMPROVE("event callback");
2740

2741
	/* Update sta_state (NONE to AUTH). */
2742
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2743
	    "NONE: %#x\n", __func__, lsta, lsta->state));
2744
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
2745
	if (error != 0) {
2746
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
2747
		    "failed: %d\n", __func__, __LINE__, error);
2748
		goto out;
2749
	}
2750

2751
	/* End mgd_complete_tx. */
2752
	if (lsta->in_mgd) {
2753
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2754
		prep_tx_info.success = true;
2755
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2756
		lsta->in_mgd = false;
2757
	}
2758

2759
	/* Now start assoc. */
2760

2761
	/* Start mgd_prepare_tx. */
2762
	if (!lsta->in_mgd) {
2763
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2764
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2765
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2766
		lsta->in_mgd = true;
2767
	}
2768

2769
	/* Wake tx queue to get packet out. */
2770
	lkpi_wake_tx_queues(hw, LSTA_TO_STA(lsta), false, true);
2771

2772
	/*
2773
	 * <twiddle> .. we end up in "assoc_to_run"
2774
	 * - update sta_state (AUTH to ASSOC)
2775
	 * - conf_tx [all]
2776
	 * - bss_info_changed (assoc, aid, ssid, ..)
2777
	 * - change_chanctx (if needed)
2778
	 * - event_callback
2779
	 * - mgd_complete_tx
2780
	 */
2781

2782
out:
2783
	wiphy_unlock(hw->wiphy);
2784
	IEEE80211_LOCK(vap->iv_ic);
2785
	return (error);
2786
}
2787

2788
/* auth_to_auth, assoc_to_assoc. */
2789
static int
2790
lkpi_sta_a_to_a(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2791
{
2792
	struct lkpi_hw *lhw;
2793
	struct ieee80211_hw *hw;
2794
	struct lkpi_vif *lvif;
2795
	struct ieee80211_vif *vif;
2796
	struct lkpi_sta *lsta;
2797
	struct ieee80211_prep_tx_info prep_tx_info;
2798
	int error;
2799

2800
	lhw = vap->iv_ic->ic_softc;
2801
	hw = LHW_TO_HW(lhw);
2802
	lvif = VAP_TO_LVIF(vap);
2803
	vif = LVIF_TO_VIF(lvif);
2804

2805
	IEEE80211_UNLOCK(vap->iv_ic);
2806
	wiphy_lock(hw->wiphy);
2807

2808
	LKPI_80211_LVIF_LOCK(lvif);
2809
	/* XXX-BZ KASSERT later? */
2810
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
2811
#ifdef LINUXKPI_DEBUG_80211
2812
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2813
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2814
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2815
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2816
		    lvif->lvif_bss_synched);
2817
#endif
2818
		LKPI_80211_LVIF_UNLOCK(lvif);
2819
		error = ENOTRECOVERABLE;
2820
		goto out;
2821
	}
2822
	lsta = lvif->lvif_bss;
2823
	LKPI_80211_LVIF_UNLOCK(lvif);
2824

2825
	KASSERT(lsta != NULL, ("%s: lsta %p! lvif %p vap %p\n", __func__,
2826
	    lsta, lvif, vap));
2827

2828
	IMPROVE("event callback?");
2829

2830
	/* End mgd_complete_tx. */
2831
	if (lsta->in_mgd) {
2832
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2833
		prep_tx_info.success = false;
2834
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2835
		lsta->in_mgd = false;
2836
	}
2837

2838
	/* Now start assoc. */
2839

2840
	/* Start mgd_prepare_tx. */
2841
	if (!lsta->in_mgd) {
2842
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2843
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2844
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2845
		lsta->in_mgd = true;
2846
	}
2847

2848
	error = 0;
2849
out:
2850
	wiphy_unlock(hw->wiphy);
2851
	IEEE80211_LOCK(vap->iv_ic);
2852

2853
	return (error);
2854
}
2855

2856
static int
2857
_lkpi_sta_assoc_to_down(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2858
{
2859
	struct lkpi_hw *lhw;
2860
	struct ieee80211_hw *hw;
2861
	struct lkpi_vif *lvif;
2862
	struct ieee80211_vif *vif;
2863
	struct ieee80211_node *ni;
2864
	struct lkpi_sta *lsta;
2865
	struct ieee80211_sta *sta;
2866
	struct ieee80211_prep_tx_info prep_tx_info;
2867
	enum ieee80211_bss_changed bss_changed;
2868
	int error;
2869

2870
	lhw = vap->iv_ic->ic_softc;
2871
	hw = LHW_TO_HW(lhw);
2872
	lvif = VAP_TO_LVIF(vap);
2873
	vif = LVIF_TO_VIF(lvif);
2874

2875
	IEEE80211_UNLOCK(vap->iv_ic);
2876
	wiphy_lock(hw->wiphy);
2877

2878
	LKPI_80211_LVIF_LOCK(lvif);
2879
#ifdef LINUXKPI_DEBUG_80211
2880
	/* XXX-BZ KASSERT later; state going down so no action. */
2881
	if (lvif->lvif_bss == NULL)
2882
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
2883
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
2884
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
2885
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
2886
		    lvif->lvif_bss_synched);
2887
#endif
2888
	lsta = lvif->lvif_bss;
2889
	LKPI_80211_LVIF_UNLOCK(lvif);
2890
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
2891
	    "lvif %p vap %p\n", __func__,
2892
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
2893

2894
	ni = lsta->ni;		/* Reference held for lvif_bss. */
2895
	sta = LSTA_TO_STA(lsta);
2896

2897
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2898

2899
	/* flush, drop. */
2900
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
2901

2902
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
2903
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
2904
	    !lsta->in_mgd) {
2905
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2906
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
2907
		prep_tx_info.was_assoc = true;
2908
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
2909
		lsta->in_mgd = true;
2910
	}
2911

2912
	wiphy_unlock(hw->wiphy);
2913
	IEEE80211_LOCK(vap->iv_ic);
2914

2915
	/* Call iv_newstate first so we get potential DEAUTH packet out. */
2916
	error = lvif->iv_newstate(vap, nstate, arg);
2917
	if (error != 0) {
2918
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
2919
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
2920
		goto outni;
2921
	}
2922

2923
	IEEE80211_UNLOCK(vap->iv_ic);
2924

2925
	/* Ensure the packets get out. */
2926
	lkpi_80211_flush_tx(lhw, lsta);
2927

2928
	wiphy_lock(hw->wiphy);
2929

2930
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2931

2932
	/* Wake tx queues to get packet(s) out. */
2933
	lkpi_wake_tx_queues(hw, sta, false, true);
2934

2935
	/* flush, no drop */
2936
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
2937

2938
	/* End mgd_complete_tx. */
2939
	if (lsta->in_mgd) {
2940
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
2941
		prep_tx_info.success = false;
2942
		prep_tx_info.was_assoc = true;
2943
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
2944
		lsta->in_mgd = false;
2945
	}
2946

2947
	/* sync_rx_queues */
2948
	lkpi_80211_mo_sync_rx_queues(hw);
2949

2950
	/* sta_pre_rcu_remove */
2951
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
2952

2953
	/* Take the station down. */
2954

2955
	/* Update sta and change state (from AUTH) to NONE. */
2956
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2957
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
2958
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
2959
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
2960
	if (error != 0) {
2961
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
2962
		    "failed: %d\n", __func__, __LINE__, error);
2963
		goto out;
2964
	}
2965

2966
	/* See comment in lkpi_sta_run_to_init(). */
2967
	bss_changed = 0;
2968
	bss_changed |= lkpi_disassoc(sta, vif, lhw);
2969

2970
#ifdef LKPI_80211_HW_CRYPTO
2971
	/*
2972
	 * In theory we remove keys here but there must not exist any for this
2973
	 * state change until we clean them up again into small steps and no
2974
	 * code duplication.
2975
	 */
2976
#endif
2977

2978
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
2979

2980
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
2981
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
2982
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
2983
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
2984
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
2985
	if (error != 0) {
2986
		IMPROVE("do we need to undo the chan ctx?");
2987
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
2988
		    "failed: %d\n", __func__, __LINE__, error);
2989
		goto out;
2990
	}
2991

2992
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);	/* sta no longer save to use. */
2993

2994
	IMPROVE("Any bss_info changes to announce?");
2995
	vif->bss_conf.qos = 0;
2996
	bss_changed |= BSS_CHANGED_QOS;
2997
	vif->cfg.ssid_len = 0;
2998
	memset(vif->cfg.ssid, '\0', sizeof(vif->cfg.ssid));
2999
	bss_changed |= BSS_CHANGED_BSSID;
3000
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
3001
	bss_changed |= BSS_CHANGED_BEACON_INFO;
3002
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3003

3004
	LKPI_80211_LVIF_LOCK(lvif);
3005
	/* Remove ni reference for this cache of lsta. */
3006
	lvif->lvif_bss = NULL;
3007
	lvif->lvif_bss_synched = false;
3008
	LKPI_80211_LVIF_UNLOCK(lvif);
3009
	lkpi_lsta_remove(lsta, lvif);
3010

3011
	/* conf_tx */
3012

3013
	lkpi_remove_chanctx(hw, vif);
3014

3015
	error = EALREADY;
3016
out:
3017
	wiphy_unlock(hw->wiphy);
3018
	IEEE80211_LOCK(vap->iv_ic);
3019
	if (error == EALREADY) {
3020
		/*
3021
		 * We do this outside the wiphy lock as net80211::node_free() may call
3022
		 * into crypto code to delete keys and we have a recursed on
3023
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
3024
		 *
3025
		 * The very last release the reference on the ni for the ni/lsta on
3026
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
3027
		 * and potentially freed.
3028
		 */
3029
		ieee80211_free_node(ni);
3030
	}
3031
outni:
3032
	return (error);
3033
}
3034

3035
static int
3036
lkpi_sta_assoc_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3037
{
3038
	int error;
3039

3040
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
3041
	if (error != 0 && error != EALREADY)
3042
		return (error);
3043

3044
	/* At this point iv_bss is long a new node! */
3045

3046
	error |= lkpi_sta_scan_to_auth(vap, nstate, 0);
3047
	return (error);
3048
}
3049

3050
static int
3051
lkpi_sta_assoc_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3052
{
3053
	int error;
3054

3055
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
3056
	return (error);
3057
}
3058

3059
static int
3060
lkpi_sta_assoc_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3061
{
3062
	int error;
3063

3064
	error = _lkpi_sta_assoc_to_down(vap, nstate, arg);
3065
	return (error);
3066
}
3067

3068
static int
3069
lkpi_sta_assoc_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3070
{
3071
	struct lkpi_hw *lhw;
3072
	struct ieee80211_hw *hw;
3073
	struct lkpi_vif *lvif;
3074
	struct ieee80211_vif *vif;
3075
	struct ieee80211_node *ni;
3076
	struct lkpi_sta *lsta;
3077
	struct ieee80211_sta *sta;
3078
	struct ieee80211_prep_tx_info prep_tx_info;
3079
	enum ieee80211_bss_changed bss_changed;
3080
	int error;
3081

3082
	lhw = vap->iv_ic->ic_softc;
3083
	hw = LHW_TO_HW(lhw);
3084
	lvif = VAP_TO_LVIF(vap);
3085
	vif = LVIF_TO_VIF(lvif);
3086

3087
	IEEE80211_UNLOCK(vap->iv_ic);
3088
	wiphy_lock(hw->wiphy);
3089

3090
	LKPI_80211_LVIF_LOCK(lvif);
3091
	/* XXX-BZ KASSERT later? */
3092
	if (!lvif->lvif_bss_synched || lvif->lvif_bss == NULL) {
3093
#ifdef LINUXKPI_DEBUG_80211
3094
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3095
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3096
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3097
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3098
		    lvif->lvif_bss_synched);
3099
#endif
3100
		LKPI_80211_LVIF_UNLOCK(lvif);
3101
		error = ENOTRECOVERABLE;
3102
		goto out;
3103
	}
3104
	lsta = lvif->lvif_bss;
3105
	LKPI_80211_LVIF_UNLOCK(lvif);
3106
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3107
	    "lvif %p vap %p\n", __func__,
3108
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3109

3110
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3111

3112
	IMPROVE("ponder some of this moved to ic_newassoc, scan_assoc_success, "
3113
	    "and to lesser extend ieee80211_notify_node_join");
3114

3115
	/* Finish assoc. */
3116
	/* Update sta_state (AUTH to ASSOC) and set aid. */
3117
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
3118
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
3119
	sta = LSTA_TO_STA(lsta);
3120
	sta->aid = IEEE80211_NODE_AID(ni);
3121
#ifdef LKPI_80211_WME
3122
	if (vap->iv_flags & IEEE80211_F_WME)
3123
		sta->wme = true;
3124
#endif
3125
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3126
	if (error != 0) {
3127
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3128
		    "failed: %d\n", __func__, __LINE__, error);
3129
		goto out;
3130
	}
3131

3132
	IMPROVE("wme / conf_tx [all]");
3133

3134
	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
3135
	bss_changed = 0;
3136
#ifdef LKPI_80211_WME
3137
	bss_changed |= lkpi_wme_update(lhw, vap, true);
3138
#endif
3139
	if (!vif->cfg.assoc || vif->cfg.aid != IEEE80211_NODE_AID(ni)) {
3140
		lvif->beacons = 0;
3141
		vif->cfg.assoc = true;
3142
		vif->cfg.aid = IEEE80211_NODE_AID(ni);
3143
		bss_changed |= BSS_CHANGED_ASSOC;
3144
	}
3145
	/* We set SSID but this is not BSSID! */
3146
	vif->cfg.ssid_len = ni->ni_esslen;
3147
	memcpy(vif->cfg.ssid, ni->ni_essid, ni->ni_esslen);
3148
	if ((vap->iv_flags & IEEE80211_F_SHPREAMBLE) !=
3149
	    vif->bss_conf.use_short_preamble) {
3150
		vif->bss_conf.use_short_preamble ^= 1;
3151
		/* bss_changed |= BSS_CHANGED_??? */
3152
	}
3153
	if ((vap->iv_flags & IEEE80211_F_SHSLOT) !=
3154
	    vif->bss_conf.use_short_slot) {
3155
		vif->bss_conf.use_short_slot ^= 1;
3156
		/* bss_changed |= BSS_CHANGED_??? */
3157
	}
3158
	if ((ni->ni_flags & IEEE80211_NODE_QOS) !=
3159
	    vif->bss_conf.qos) {
3160
		vif->bss_conf.qos ^= 1;
3161
		bss_changed |= BSS_CHANGED_QOS;
3162
	}
3163

3164
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
3165
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3166

3167
	/* - change_chanctx (if needed)
3168
	 * - event_callback
3169
	 */
3170

3171
	/* End mgd_complete_tx. */
3172
	if (lsta->in_mgd) {
3173
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3174
		prep_tx_info.success = true;
3175
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3176
		lsta->in_mgd = false;
3177
	}
3178

3179
	/*
3180
	 * And then:
3181
	 * - (more packets)?
3182
	 * - set_key
3183
	 * - set_default_unicast_key
3184
	 * - set_key (?)
3185
	 * - ipv6_addr_change (?)
3186
	 */
3187

3188
	if (!ieee80211_node_is_authorized(ni)) {
3189
		IMPROVE("net80211 does not consider node authorized");
3190
	}
3191

3192
	IMPROVE("Is this the right spot, has net80211 done all updates already?");
3193
	lkpi_sta_sync_from_ni(hw, vif, sta, ni, true);
3194

3195
	/* Update thresholds. */
3196
	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
3197
	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
3198
	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
3199
	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
3200

3201
	/* Update sta_state (ASSOC to AUTHORIZED). */
3202
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3203
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3204
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3205
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTHORIZED);
3206
	if (error != 0) {
3207
		IMPROVE("undo some changes?");
3208
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTHORIZED) "
3209
		    "failed: %d\n", __func__, __LINE__, error);
3210
		goto out;
3211
	}
3212

3213
	/* - drv_config (?)
3214
	 * - bss_info_changed
3215
	 * - set_rekey_data (?)
3216
	 *
3217
	 * And now we should be passing packets.
3218
	 */
3219
	IMPROVE("Need that bssid setting, and the keys");
3220

3221
	bss_changed = 0;
3222
	bss_changed |= lkpi_update_dtim_tsf(vif, ni, vap, __func__, __LINE__);
3223
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3224

3225
	/* Prepare_multicast && configure_filter. */
3226
	lkpi_update_mcast_filter(vap->iv_ic);
3227

3228
out:
3229
	wiphy_unlock(hw->wiphy);
3230
	IEEE80211_LOCK(vap->iv_ic);
3231
	return (error);
3232
}
3233

3234
static int
3235
lkpi_sta_auth_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3236
{
3237
	int error;
3238

3239
	error = lkpi_sta_auth_to_assoc(vap, nstate, arg);
3240
	if (error == 0)
3241
		error = lkpi_sta_assoc_to_run(vap, nstate, arg);
3242
	return (error);
3243
}
3244

3245
static int
3246
lkpi_sta_run_to_assoc(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3247
{
3248
	struct lkpi_hw *lhw;
3249
	struct ieee80211_hw *hw;
3250
	struct lkpi_vif *lvif;
3251
	struct ieee80211_vif *vif;
3252
	struct ieee80211_node *ni;
3253
	struct lkpi_sta *lsta;
3254
	struct ieee80211_sta *sta;
3255
	struct ieee80211_prep_tx_info prep_tx_info;
3256
#if 0
3257
	enum ieee80211_bss_changed bss_changed;
3258
#endif
3259
	int error;
3260

3261
	lhw = vap->iv_ic->ic_softc;
3262
	hw = LHW_TO_HW(lhw);
3263
	lvif = VAP_TO_LVIF(vap);
3264
	vif = LVIF_TO_VIF(lvif);
3265

3266
	LKPI_80211_LVIF_LOCK(lvif);
3267
#ifdef LINUXKPI_DEBUG_80211
3268
	/* XXX-BZ KASSERT later; state going down so no action. */
3269
	if (lvif->lvif_bss == NULL)
3270
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3271
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3272
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3273
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3274
		    lvif->lvif_bss_synched);
3275
#endif
3276
	lsta = lvif->lvif_bss;
3277
	LKPI_80211_LVIF_UNLOCK(lvif);
3278
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3279
	    "lvif %p vap %p\n", __func__,
3280
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3281

3282
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3283
	sta = LSTA_TO_STA(lsta);
3284

3285
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3286

3287
	IEEE80211_UNLOCK(vap->iv_ic);
3288
	wiphy_lock(hw->wiphy);
3289

3290
	/* flush, drop. */
3291
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3292

3293
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
3294
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
3295
	    !lsta->in_mgd) {
3296
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3297
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
3298
		prep_tx_info.was_assoc = true;
3299
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3300
		lsta->in_mgd = true;
3301
	}
3302

3303
	wiphy_unlock(hw->wiphy);
3304
	IEEE80211_LOCK(vap->iv_ic);
3305

3306
	/* Call iv_newstate first so we get potential DISASSOC packet out. */
3307
	error = lvif->iv_newstate(vap, nstate, arg);
3308
	if (error != 0) {
3309
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
3310
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
3311
		goto outni;
3312
	}
3313

3314
	IEEE80211_UNLOCK(vap->iv_ic);
3315

3316
	/* Ensure the packets get out. */
3317
	lkpi_80211_flush_tx(lhw, lsta);
3318

3319
	wiphy_lock(hw->wiphy);
3320

3321
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3322

3323
	/* Wake tx queues to get packet(s) out. */
3324
	lkpi_wake_tx_queues(hw, sta, false, true);
3325

3326
	/* flush, no drop */
3327
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3328

3329
	/* End mgd_complete_tx. */
3330
	if (lsta->in_mgd) {
3331
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3332
		prep_tx_info.success = false;
3333
		prep_tx_info.was_assoc = true;
3334
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3335
		lsta->in_mgd = false;
3336
	}
3337

3338
#if 0
3339
	/* sync_rx_queues */
3340
	lkpi_80211_mo_sync_rx_queues(hw);
3341

3342
	/* sta_pre_rcu_remove */
3343
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3344
#endif
3345

3346
	/* Take the station down. */
3347

3348
	/* Adjust sta and change state (from AUTHORIZED) to ASSOC. */
3349
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3350
	KASSERT(lsta->state == IEEE80211_STA_AUTHORIZED, ("%s: lsta %p state not "
3351
	    "AUTHORIZED: %#x\n", __func__, lsta, lsta->state));
3352
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3353
	if (error != 0) {
3354
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3355
		    "failed: %d\n", __func__, __LINE__, error);
3356
		goto out;
3357
	}
3358

3359
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3360

3361
#ifdef LKPI_80211_HW_CRYPTO
3362
	if (lkpi_hwcrypto) {
3363
		error = lkpi_sta_del_keys(hw, vif, lsta);
3364
		if (error != 0) {
3365
			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3366
			    "failed: %d\n", __func__, __LINE__, error);
3367
			/*
3368
			 * Either drv/fw will crash or cleanup itself,
3369
			 * otherwise net80211 will delete the keys (at a
3370
			 * less appropriate time).
3371
			 */
3372
			/* goto out; */
3373
		}
3374
	}
3375
#endif
3376

3377
	/* Update sta_state (ASSOC to AUTH). */
3378
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3379
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3380
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3381
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
3382
	if (error != 0) {
3383
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
3384
		    "failed: %d\n", __func__, __LINE__, error);
3385
		goto out;
3386
	}
3387

3388
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3389

3390
#if 0
3391
	/* Update bss info (bss_info_changed) (assoc, aid, ..). */
3392
	lkpi_disassoc(sta, vif, lhw);
3393
#endif
3394

3395
	error = EALREADY;
3396
out:
3397
	wiphy_unlock(hw->wiphy);
3398
	IEEE80211_LOCK(vap->iv_ic);
3399
outni:
3400
	return (error);
3401
}
3402

3403
static int
3404
lkpi_sta_run_to_init(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3405
{
3406
	struct lkpi_hw *lhw;
3407
	struct ieee80211_hw *hw;
3408
	struct lkpi_vif *lvif;
3409
	struct ieee80211_vif *vif;
3410
	struct ieee80211_node *ni;
3411
	struct lkpi_sta *lsta;
3412
	struct ieee80211_sta *sta;
3413
	struct ieee80211_prep_tx_info prep_tx_info;
3414
	enum ieee80211_bss_changed bss_changed;
3415
	int error;
3416

3417
	lhw = vap->iv_ic->ic_softc;
3418
	hw = LHW_TO_HW(lhw);
3419
	lvif = VAP_TO_LVIF(vap);
3420
	vif = LVIF_TO_VIF(lvif);
3421

3422
	IEEE80211_UNLOCK(vap->iv_ic);
3423
	wiphy_lock(hw->wiphy);
3424

3425
	LKPI_80211_LVIF_LOCK(lvif);
3426
#ifdef LINUXKPI_DEBUG_80211
3427
	/* XXX-BZ KASSERT later; state going down so no action. */
3428
	if (lvif->lvif_bss == NULL)
3429
		ic_printf(vap->iv_ic, "%s:%d: lvif %p vap %p iv_bss %p lvif_bss %p "
3430
		    "lvif_bss->ni %p synched %d\n", __func__, __LINE__,
3431
		    lvif, vap, vap->iv_bss, lvif->lvif_bss,
3432
		    (lvif->lvif_bss != NULL) ? lvif->lvif_bss->ni : NULL,
3433
		    lvif->lvif_bss_synched);
3434
#endif
3435
	lsta = lvif->lvif_bss;
3436
	LKPI_80211_LVIF_UNLOCK(lvif);
3437
	KASSERT(lsta != NULL && lsta->ni != NULL, ("%s: lsta %p ni %p "
3438
	    "lvif %p vap %p\n", __func__,
3439
	    lsta, (lsta != NULL) ? lsta->ni : NULL, lvif, vap));
3440

3441
	ni = lsta->ni;		/* Reference held for lvif_bss. */
3442
	sta = LSTA_TO_STA(lsta);
3443

3444
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3445

3446
	/* flush, drop. */
3447
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), true);
3448

3449
	IMPROVE("What are the proper conditions for DEAUTH_NEED_MGD_TX_PREP?");
3450
	if (ieee80211_hw_check(hw, DEAUTH_NEED_MGD_TX_PREP) &&
3451
	    !lsta->in_mgd) {
3452
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3453
		prep_tx_info.duration = PREP_TX_INFO_DURATION;
3454
		prep_tx_info.was_assoc = true;
3455
		lkpi_80211_mo_mgd_prepare_tx(hw, vif, &prep_tx_info);
3456
		lsta->in_mgd = true;
3457
	}
3458

3459
	wiphy_unlock(hw->wiphy);
3460
	IEEE80211_LOCK(vap->iv_ic);
3461

3462
	/* Call iv_newstate first so we get potential DISASSOC packet out. */
3463
	error = lvif->iv_newstate(vap, nstate, arg);
3464
	if (error != 0) {
3465
		ic_printf(vap->iv_ic, "%s:%d: iv_newstate(%p, %d, %d) "
3466
		    "failed: %d\n", __func__, __LINE__, vap, nstate, arg, error);
3467
		goto outni;
3468
	}
3469

3470
	IEEE80211_UNLOCK(vap->iv_ic);
3471

3472
	/* Ensure the packets get out. */
3473
	lkpi_80211_flush_tx(lhw, lsta);
3474

3475
	wiphy_lock(hw->wiphy);
3476

3477
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3478

3479
	/* Wake tx queues to get packet(s) out. */
3480
	lkpi_wake_tx_queues(hw, sta, false, true);
3481

3482
	/* flush, no drop */
3483
	lkpi_80211_mo_flush(hw, vif,  nitems(sta->txq), false);
3484

3485
	/* End mgd_complete_tx. */
3486
	if (lsta->in_mgd) {
3487
		memset(&prep_tx_info, 0, sizeof(prep_tx_info));
3488
		prep_tx_info.success = false;
3489
		prep_tx_info.was_assoc = true;
3490
		lkpi_80211_mo_mgd_complete_tx(hw, vif, &prep_tx_info);
3491
		lsta->in_mgd = false;
3492
	}
3493

3494
	/* sync_rx_queues */
3495
	lkpi_80211_mo_sync_rx_queues(hw);
3496

3497
	/* sta_pre_rcu_remove */
3498
        lkpi_80211_mo_sta_pre_rcu_remove(hw, vif, sta);
3499

3500
	/* Take the station down. */
3501

3502
	/* Adjust sta and change state (from AUTHORIZED) to ASSOC. */
3503
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3504
	KASSERT(lsta->state == IEEE80211_STA_AUTHORIZED, ("%s: lsta %p state not "
3505
	    "AUTHORIZED: %#x\n", __func__, lsta, lsta->state));
3506
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_ASSOC);
3507
	if (error != 0) {
3508
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(ASSOC) "
3509
		    "failed: %d\n", __func__, __LINE__, error);
3510
		goto out;
3511
	}
3512

3513
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3514

3515
#ifdef LKPI_80211_HW_CRYPTO
3516
	if (lkpi_hwcrypto) {
3517
		/*
3518
		 * In theory we only need to do this if we changed assoc.
3519
		 * If we were not assoc, there should be no keys and we
3520
		 * should not be here.
3521
		 */
3522
#ifdef notyet
3523
		KASSERT((bss_changed & BSS_CHANGED_ASSOC) != 0, ("%s: "
3524
		    "trying to remove keys but were not assoc: %#010jx, lvif %p\n",
3525
		    __func__, (uintmax_t)bss_changed, lvif));
3526
#endif
3527
		error = lkpi_sta_del_keys(hw, vif, lsta);
3528
		if (error != 0) {
3529
			ic_printf(vap->iv_ic, "%s:%d: lkpi_sta_del_keys "
3530
			    "failed: %d\n", __func__, __LINE__, error);
3531
			/*
3532
			 * Either drv/fw will crash or cleanup itself,
3533
			 * otherwise net80211 will delete the keys (at a
3534
			 * less appropriate time).
3535
			 */
3536
			/* goto out; */
3537
		}
3538
	}
3539
#endif
3540

3541
	/* Update sta_state (ASSOC to AUTH). */
3542
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3543
	KASSERT(lsta->state == IEEE80211_STA_ASSOC, ("%s: lsta %p state not "
3544
	    "ASSOC: %#x\n", __func__, lsta, lsta->state));
3545
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_AUTH);
3546
	if (error != 0) {
3547
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(AUTH) "
3548
		    "failed: %d\n", __func__, __LINE__, error);
3549
		goto out;
3550
	}
3551

3552
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3553

3554
	/* Update sta and change state (from AUTH) to NONE. */
3555
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3556
	KASSERT(lsta->state == IEEE80211_STA_AUTH, ("%s: lsta %p state not "
3557
	    "AUTH: %#x\n", __func__, lsta, lsta->state));
3558
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NONE);
3559
	if (error != 0) {
3560
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NONE) "
3561
		    "failed: %d\n", __func__, __LINE__, error);
3562
		goto out;
3563
	}
3564

3565
	bss_changed = 0;
3566
	/*
3567
	 * Start updating bss info (bss_info_changed) (assoc, aid, ..).
3568
	 *
3569
	 * One would expect this to happen when going off AUTHORIZED.
3570
	 * See comment there; removes the sta from fw if not careful
3571
	 * (bss_info_changed() change is executed right away).
3572
	 *
3573
	 * We need to do this now, before sta changes to IEEE80211_STA_NOTEXIST
3574
	 * as otherwise drivers (iwlwifi at least) will silently not remove
3575
	 * the sta from the firmware and when we will add a new one trigger
3576
	 * a fw assert.
3577
	 *
3578
	 * The order which works best so far avoiding early removal or silent
3579
	 * non-removal seems to be (for iwlwifi::mld-mac80211.c cases;
3580
	 * the iwlwifi:mac80211.c case still to be tested):
3581
	 * 1) lkpi_disassoc(): set vif->cfg.assoc = false (aid=0 side effect here)
3582
	 * 2) call the last sta_state update -> IEEE80211_STA_NOTEXIST
3583
	 *    (removes the sta given assoc is false)
3584
	 * 3) add the remaining BSS_CHANGED changes and call bss_info_changed()
3585
	 * 4) call unassign_vif_chanctx
3586
	 * 5) call lkpi_hw_conf_idle
3587
	 * 6) call remove_chanctx
3588
	 *
3589
	 * Note: vif->driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC
3590
	 * might change this.
3591
	 */
3592
	bss_changed |= lkpi_disassoc(sta, vif, lhw);
3593

3594
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);
3595

3596
	/* Adjust sta and change state (from NONE) to NOTEXIST. */
3597
	KASSERT(lsta != NULL, ("%s: ni %p lsta is NULL\n", __func__, ni));
3598
	KASSERT(lsta->state == IEEE80211_STA_NONE, ("%s: lsta %p state not "
3599
	    "NONE: %#x, nstate %d arg %d\n", __func__, lsta, lsta->state, nstate, arg));
3600
	error = lkpi_80211_mo_sta_state(hw, vif, lsta, IEEE80211_STA_NOTEXIST);
3601
	if (error != 0) {
3602
		IMPROVE("do we need to undo the chan ctx?");
3603
		ic_printf(vap->iv_ic, "%s:%d: mo_sta_state(NOTEXIST) "
3604
		    "failed: %d\n", __func__, __LINE__, error);
3605
		goto out;
3606
	}
3607

3608
	lkpi_lsta_remove(lsta, lvif);
3609

3610
	lkpi_lsta_dump(lsta, ni, __func__, __LINE__);	/* sta no longer save to use. */
3611

3612
	IMPROVE("Any bss_info changes to announce?");
3613
	vif->bss_conf.qos = 0;
3614
	bss_changed |= BSS_CHANGED_QOS;
3615
	vif->cfg.ssid_len = 0;
3616
	memset(vif->cfg.ssid, '\0', sizeof(vif->cfg.ssid));
3617
	bss_changed |= BSS_CHANGED_BSSID;
3618
	vif->bss_conf.use_short_preamble = false;
3619
	vif->bss_conf.qos = false;
3620
	/* XXX BSS_CHANGED_???? */
3621
	vif->bss_conf.dtim_period = 0; /* go back to 0. */
3622
	bss_changed |= BSS_CHANGED_BEACON_INFO;
3623
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3624

3625
	LKPI_80211_LVIF_LOCK(lvif);
3626
	/* Remove ni reference for this cache of lsta. */
3627
	lvif->lvif_bss = NULL;
3628
	lvif->lvif_bss_synched = false;
3629
	LKPI_80211_LVIF_UNLOCK(lvif);
3630

3631
	/* conf_tx */
3632

3633
	lkpi_remove_chanctx(hw, vif);
3634

3635
	error = EALREADY;
3636
out:
3637
	wiphy_unlock(hw->wiphy);
3638
	IEEE80211_LOCK(vap->iv_ic);
3639
	if (error == EALREADY) {
3640
		/*
3641
		 * We do this outside the wiphy lock as net80211::node_free() may call
3642
		 * into crypto code to delete keys and we have a recursed on
3643
		 * non-recursive sx panic.  Also only do this if we get here w/o error.
3644
		 *
3645
		 * The very last release the reference on the ni for the ni/lsta on
3646
		 * lvif->lvif_bss.  Upon return from this both ni and lsta are invalid
3647
		 * and potentially freed.
3648
		 */
3649
		ieee80211_free_node(ni);
3650
	}
3651
outni:
3652
	return (error);
3653
}
3654

3655
static int
3656
lkpi_sta_run_to_scan(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3657
{
3658

3659
	return (lkpi_sta_run_to_init(vap, nstate, arg));
3660
}
3661

3662
static int
3663
lkpi_sta_run_to_auth(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3664
{
3665
	int error;
3666

3667
	error = lkpi_sta_run_to_init(vap, nstate, arg);
3668
	if (error != 0 && error != EALREADY)
3669
		return (error);
3670

3671
	/* At this point iv_bss is long a new node! */
3672

3673
	error |= lkpi_sta_scan_to_auth(vap, nstate, 0);
3674
	return (error);
3675
}
3676

3677
/* -------------------------------------------------------------------------- */
3678

3679
/*
3680
 * The matches the documented state changes in net80211::sta_newstate().
3681
 * XXX (1) without CSA and SLEEP yet, * XXX (2) not all unhandled cases
3682
 * there are "invalid" (so there is a room for failure here).
3683
 */
3684
struct fsm_state {
3685
	/* INIT, SCAN, AUTH, ASSOC, CAC, RUN, CSA, SLEEP */
3686
	enum ieee80211_state ostate;
3687
	enum ieee80211_state nstate;
3688
	int (*handler)(struct ieee80211vap *, enum ieee80211_state, int);
3689
} sta_state_fsm[] = {
3690
	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },
3691
	{ IEEE80211_S_SCAN,	IEEE80211_S_INIT, lkpi_sta_state_do_nada },	/* scan_to_init */
3692
	{ IEEE80211_S_AUTH,	IEEE80211_S_INIT, lkpi_sta_auth_to_init },	/* not explicitly in sta_newstate() */
3693
	{ IEEE80211_S_ASSOC,	IEEE80211_S_INIT, lkpi_sta_assoc_to_init },	/* Send DEAUTH. */
3694
	{ IEEE80211_S_RUN,	IEEE80211_S_INIT, lkpi_sta_run_to_init },	/* Send DISASSOC. */
3695

3696
	{ IEEE80211_S_INIT,	IEEE80211_S_SCAN, lkpi_sta_state_do_nada },
3697
	{ IEEE80211_S_SCAN,	IEEE80211_S_SCAN, lkpi_sta_state_do_nada },
3698
	{ IEEE80211_S_AUTH,	IEEE80211_S_SCAN, lkpi_sta_auth_to_scan },
3699
	{ IEEE80211_S_ASSOC,	IEEE80211_S_SCAN, lkpi_sta_assoc_to_scan },
3700
	{ IEEE80211_S_RUN,	IEEE80211_S_SCAN, lkpi_sta_run_to_scan },	/* Beacon miss. */
3701

3702
	{ IEEE80211_S_INIT,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* Send AUTH. */
3703
	{ IEEE80211_S_SCAN,	IEEE80211_S_AUTH, lkpi_sta_scan_to_auth },	/* Send AUTH. */
3704
	{ IEEE80211_S_AUTH,	IEEE80211_S_AUTH, lkpi_sta_a_to_a },		/* Send ?AUTH. */
3705
	{ IEEE80211_S_ASSOC,	IEEE80211_S_AUTH, lkpi_sta_assoc_to_auth },	/* Send ?AUTH. */
3706
	{ IEEE80211_S_RUN,	IEEE80211_S_AUTH, lkpi_sta_run_to_auth },	/* Send ?AUTH. */
3707

3708
	{ IEEE80211_S_AUTH,	IEEE80211_S_ASSOC, lkpi_sta_auth_to_assoc },	/* Send ASSOCREQ. */
3709
	{ IEEE80211_S_ASSOC,	IEEE80211_S_ASSOC, lkpi_sta_a_to_a },		/* Send ASSOCREQ. */
3710
	{ IEEE80211_S_RUN,	IEEE80211_S_ASSOC, lkpi_sta_run_to_assoc },	/* Send ASSOCREQ/REASSOCREQ. */
3711

3712
	{ IEEE80211_S_AUTH,	IEEE80211_S_RUN, lkpi_sta_auth_to_run },
3713
	{ IEEE80211_S_ASSOC,	IEEE80211_S_RUN, lkpi_sta_assoc_to_run },
3714
	{ IEEE80211_S_RUN,	IEEE80211_S_RUN, lkpi_sta_state_do_nada },
3715

3716
	/* Dummy at the end without handler. */
3717
	{ IEEE80211_S_INIT,	IEEE80211_S_INIT, NULL },
3718
};
3719

3720
static int
3721
lkpi_iv_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
3722
{
3723
	struct ieee80211com *ic;
3724
	struct lkpi_hw *lhw;
3725
	struct lkpi_vif *lvif;
3726
	struct ieee80211_vif *vif;
3727
	struct fsm_state *s;
3728
	enum ieee80211_state ostate;
3729
	int error;
3730

3731
	ic = vap->iv_ic;
3732
	IEEE80211_LOCK_ASSERT(ic);
3733
	ostate = vap->iv_state;
3734

3735
#ifdef LINUXKPI_DEBUG_80211
3736
	if (linuxkpi_debug_80211 & D80211_TRACE)
3737
		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x\n",
3738
		    __func__, __LINE__, vap, nstate, arg);
3739
#endif
3740

3741
	if (vap->iv_opmode == IEEE80211_M_STA) {
3742

3743
		lhw = ic->ic_softc;
3744
		lvif = VAP_TO_LVIF(vap);
3745
		vif = LVIF_TO_VIF(lvif);
3746

3747
		/* No need to replicate this in most state handlers. */
3748
		if (nstate > IEEE80211_S_SCAN)
3749
			lkpi_stop_hw_scan(lhw, vif);
3750

3751
		s = sta_state_fsm;
3752

3753
	} else {
3754
		ic_printf(vap->iv_ic, "%s: only station mode currently supported: "
3755
		    "cap %p iv_opmode %d\n", __func__, vap, vap->iv_opmode);
3756
		return (ENOSYS);
3757
	}
3758

3759
	error = 0;
3760
	for (; s->handler != NULL; s++) {
3761
		if (ostate == s->ostate && nstate == s->nstate) {
3762
#ifdef LINUXKPI_DEBUG_80211
3763
			if (linuxkpi_debug_80211 & D80211_TRACE)
3764
				ic_printf(vap->iv_ic, "%s: new state %d (%s) ->"
3765
				    " %d (%s): arg %d.\n", __func__,
3766
				    ostate, ieee80211_state_name[ostate],
3767
				    nstate, ieee80211_state_name[nstate], arg);
3768
#endif
3769
			error = s->handler(vap, nstate, arg);
3770
			break;
3771
		}
3772
	}
3773
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3774

3775
	if (s->handler == NULL) {
3776
		IMPROVE("turn this into a KASSERT\n");
3777
		ic_printf(vap->iv_ic, "%s: unsupported state transition "
3778
		    "%d (%s) -> %d (%s)\n", __func__,
3779
		    ostate, ieee80211_state_name[ostate],
3780
		    nstate, ieee80211_state_name[nstate]);
3781
		return (ENOSYS);
3782
	}
3783

3784
	if (error == EALREADY) {
3785
#ifdef LINUXKPI_DEBUG_80211
3786
		if (linuxkpi_debug_80211 & D80211_TRACE)
3787
			ic_printf(vap->iv_ic, "%s: state transition %d (%s) -> "
3788
			    "%d (%s): iv_newstate already handled: %d.\n",
3789
			    __func__, ostate, ieee80211_state_name[ostate],
3790
			    nstate, ieee80211_state_name[nstate], error);
3791
#endif
3792
		return (0);
3793
	}
3794

3795
	if (error != 0) {
3796
		ic_printf(vap->iv_ic, "%s: error %d during state transition "
3797
		    "%d (%s) -> %d (%s)\n", __func__, error,
3798
		    ostate, ieee80211_state_name[ostate],
3799
		    nstate, ieee80211_state_name[nstate]);
3800
		return (error);
3801
	}
3802

3803
#ifdef LINUXKPI_DEBUG_80211
3804
	if (linuxkpi_debug_80211 & D80211_TRACE)
3805
		ic_printf(vap->iv_ic, "%s:%d: vap %p nstate %#x arg %#x "
3806
		    "calling net80211 parent\n",
3807
		    __func__, __LINE__, vap, nstate, arg);
3808
#endif
3809

3810
	return (lvif->iv_newstate(vap, nstate, arg));
3811
}
3812

3813
/* -------------------------------------------------------------------------- */
3814

3815
/*
3816
 * We overload (*iv_update_bss) as otherwise we have cases in, e.g.,
3817
 * net80211::ieee80211_sta_join1() where vap->iv_bss gets replaced by a
3818
 * new node without us knowing and thus our ni/lsta are out of sync.
3819
 */
3820
static struct ieee80211_node *
3821
lkpi_iv_update_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
3822
{
3823
	struct lkpi_vif *lvif;
3824
	struct ieee80211_node *rni;
3825

3826
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
3827

3828
	lvif = VAP_TO_LVIF(vap);
3829

3830
	LKPI_80211_LVIF_LOCK(lvif);
3831
	lvif->lvif_bss_synched = false;
3832
	LKPI_80211_LVIF_UNLOCK(lvif);
3833

3834
	rni = lvif->iv_update_bss(vap, ni);
3835
	return (rni);
3836
}
3837

3838
#ifdef LKPI_80211_WME
3839
static int
3840
lkpi_wme_update(struct lkpi_hw *lhw, struct ieee80211vap *vap, bool planned)
3841
{
3842
	struct ieee80211com *ic;
3843
	struct ieee80211_hw *hw;
3844
	struct lkpi_vif *lvif;
3845
	struct ieee80211_vif *vif;
3846
	struct chanAccParams chp;
3847
	struct wmeParams wmeparr[WME_NUM_AC];
3848
	struct ieee80211_tx_queue_params txqp;
3849
	enum ieee80211_bss_changed changed;
3850
	int error;
3851
	uint16_t ac;
3852

3853
	hw = LHW_TO_HW(lhw);
3854
	lockdep_assert_wiphy(hw->wiphy);
3855

3856
	IMPROVE();
3857
	KASSERT(WME_NUM_AC == IEEE80211_NUM_ACS, ("%s: WME_NUM_AC %d != "
3858
	    "IEEE80211_NUM_ACS %d\n", __func__, WME_NUM_AC, IEEE80211_NUM_ACS));
3859

3860
	if (vap == NULL)
3861
		return (0);
3862

3863
	if ((vap->iv_flags & IEEE80211_F_WME) == 0)
3864
		return (0);
3865

3866
	if (lhw->ops->conf_tx == NULL)
3867
		return (0);
3868

3869
	if (!planned && (vap->iv_state != IEEE80211_S_RUN)) {
3870
		lhw->update_wme = true;
3871
		return (0);
3872
	}
3873
	lhw->update_wme = false;
3874

3875
	ic = lhw->ic;
3876
	ieee80211_wme_ic_getparams(ic, &chp);
3877
	IEEE80211_LOCK(ic);
3878
	for (ac = 0; ac < WME_NUM_AC; ac++)
3879
		wmeparr[ac] = chp.cap_wmeParams[ac];
3880
	IEEE80211_UNLOCK(ic);
3881

3882
	lvif = VAP_TO_LVIF(vap);
3883
	vif = LVIF_TO_VIF(lvif);
3884

3885
	/* Configure tx queues (conf_tx) & send BSS_CHANGED_QOS. */
3886
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3887
		struct wmeParams *wmep;
3888

3889
		wmep = &wmeparr[ac];
3890
		bzero(&txqp, sizeof(txqp));
3891
		txqp.cw_min = wmep->wmep_logcwmin;
3892
		txqp.cw_max = wmep->wmep_logcwmax;
3893
		txqp.txop = wmep->wmep_txopLimit;
3894
		txqp.aifs = wmep->wmep_aifsn;
3895
		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
3896
		if (error != 0)
3897
			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
3898
			    __func__, ac, error);
3899
	}
3900
	changed = BSS_CHANGED_QOS;
3901
	if (!planned)
3902
		lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
3903

3904
	return (changed);
3905
}
3906
#endif
3907

3908
static int
3909
lkpi_ic_wme_update(struct ieee80211com *ic)
3910
{
3911
#ifdef LKPI_80211_WME
3912
	struct ieee80211vap *vap;
3913
	struct lkpi_hw *lhw;
3914
	struct ieee80211_hw *hw;
3915

3916
	IMPROVE("Use the per-VAP callback in net80211.");
3917
	vap = TAILQ_FIRST(&ic->ic_vaps);
3918
	if (vap == NULL)
3919
		return (0);
3920

3921
	lhw = ic->ic_softc;
3922
	hw = LHW_TO_HW(lhw);
3923

3924
	wiphy_lock(hw->wiphy);
3925
	lkpi_wme_update(lhw, vap, false);
3926
	wiphy_unlock(hw->wiphy);
3927
#endif
3928
	return (0);	/* unused */
3929
}
3930

3931
static void
3932
lkpi_iv_sta_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
3933
    int subtype, const struct ieee80211_rx_stats *rxs, int rssi, int nf)
3934
{
3935
	struct lkpi_hw *lhw;
3936
	struct ieee80211_hw *hw;
3937
	struct lkpi_vif *lvif;
3938
	struct ieee80211_vif *vif;
3939
	enum ieee80211_bss_changed bss_changed;
3940

3941
	lvif = VAP_TO_LVIF(ni->ni_vap);
3942
	vif = LVIF_TO_VIF(lvif);
3943

3944
	lvif->iv_recv_mgmt(ni, m0, subtype, rxs, rssi, nf);
3945

3946
	switch (subtype) {
3947
	case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
3948
		break;
3949
	case IEEE80211_FC0_SUBTYPE_BEACON:
3950
		/*
3951
		 * Only count beacons when assoc. SCAN has its own logging.
3952
		 * This is for connection/beacon loss/session protection almost
3953
		 * over debugging when trying to get into a stable RUN state.
3954
		 */
3955
		if (vif->cfg.assoc)
3956
			lvif->beacons++;
3957
		break;
3958
	default:
3959
		return;
3960
	}
3961

3962
	lhw = ni->ni_ic->ic_softc;
3963
	hw = LHW_TO_HW(lhw);
3964

3965
	/*
3966
	 * If this direct call to mo_bss_info_changed will not work due to
3967
	 * locking, see if queue_work() is fast enough.
3968
	 */
3969
	bss_changed = lkpi_update_dtim_tsf(vif, ni, ni->ni_vap, __func__, __LINE__);
3970
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, bss_changed);
3971
}
3972

3973
/*
3974
 * Change link-layer address on the vif (if the vap is not started/"UP").
3975
 * This can happen if a user changes 'ether' using ifconfig.
3976
 * The code is based on net80211/ieee80211_freebsd.c::wlan_iflladdr() but
3977
 * we do use a per-[l]vif event handler to be sure we exist as we
3978
 * cannot assume that from every vap derives a vif and we have a hard
3979
 * time checking based on net80211 information.
3980
 * Should this ever become a real problem we could add a callback function
3981
 * to wlan_iflladdr() to be set optionally but that would be for a
3982
 * single-consumer (or needs a list) -- was just too complicated for an
3983
 * otherwise perfect mechanism FreeBSD already provides.
3984
 */
3985
static void
3986
lkpi_vif_iflladdr(void *arg, struct ifnet *ifp)
3987
{
3988
	struct epoch_tracker et;
3989
	struct ieee80211_vif *vif;
3990

3991
	NET_EPOCH_ENTER(et);
3992
	/* NB: identify vap's by if_transmit; left as an extra check. */
3993
	if (if_gettransmitfn(ifp) != ieee80211_vap_transmit ||
3994
	    (if_getflags(ifp) & IFF_UP) != 0) {
3995
		NET_EPOCH_EXIT(et);
3996
		return;
3997
	}
3998

3999
	vif = arg;
4000
	IEEE80211_ADDR_COPY(vif->bss_conf.addr, if_getlladdr(ifp));
4001
	NET_EPOCH_EXIT(et);
4002
}
4003

4004
static struct ieee80211vap *
4005
lkpi_ic_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ],
4006
    int unit, enum ieee80211_opmode opmode, int flags,
4007
    const uint8_t bssid[IEEE80211_ADDR_LEN],
4008
    const uint8_t mac[IEEE80211_ADDR_LEN])
4009
{
4010
	struct lkpi_hw *lhw;
4011
	struct ieee80211_hw *hw;
4012
	struct lkpi_vif *lvif;
4013
	struct ieee80211vap *vap;
4014
	struct ieee80211_vif *vif;
4015
	struct ieee80211_tx_queue_params txqp;
4016
	enum ieee80211_bss_changed changed;
4017
	struct sysctl_oid *node;
4018
	size_t len;
4019
	int error, i;
4020
	uint16_t ac;
4021

4022
	if (!TAILQ_EMPTY(&ic->ic_vaps))	/* 1 so far. Add <n> once this works. */
4023
		return (NULL);
4024

4025
	lhw = ic->ic_softc;
4026
	hw = LHW_TO_HW(lhw);
4027

4028
	len = sizeof(*lvif);
4029
	len += hw->vif_data_size;	/* vif->drv_priv */
4030

4031
	lvif = malloc(len, M_80211_VAP, M_WAITOK | M_ZERO);
4032
	mtx_init(&lvif->mtx, "lvif", NULL, MTX_DEF);
4033
	TASK_INIT(&lvif->sw_scan_task, 0, lkpi_sw_scan_task, lvif);
4034
	INIT_LIST_HEAD(&lvif->lsta_list);
4035
	lvif->lvif_bss = NULL;
4036
	refcount_init(&lvif->nt_unlocked, 0);
4037
	lvif->lvif_bss_synched = false;
4038
	vap = LVIF_TO_VAP(lvif);
4039

4040
	vif = LVIF_TO_VIF(lvif);
4041
	memcpy(vif->addr, mac, IEEE80211_ADDR_LEN);
4042
	vif->p2p = false;
4043
	vif->probe_req_reg = false;
4044
	vif->type = lkpi_opmode_to_vif_type(opmode);
4045
	lvif->wdev.iftype = vif->type;
4046
	/* Need to fill in other fields as well. */
4047
	IMPROVE();
4048

4049
	/* XXX-BZ hardcoded for now! */
4050
#if 1
4051
	RCU_INIT_POINTER(vif->bss_conf.chanctx_conf, NULL);
4052
	vif->bss_conf.vif = vif;
4053
	/* vap->iv_myaddr is not set until net80211::vap_setup or vap_attach. */
4054
	IEEE80211_ADDR_COPY(vif->bss_conf.addr, mac);
4055
	lvif->lvif_ifllevent = EVENTHANDLER_REGISTER(iflladdr_event,
4056
	    lkpi_vif_iflladdr, vif, EVENTHANDLER_PRI_ANY);
4057
	vif->bss_conf.link_id = 0;	/* Non-MLO operation. */
4058
	vif->bss_conf.chanreq.oper.width = NL80211_CHAN_WIDTH_20_NOHT;
4059
	vif->bss_conf.use_short_preamble = false;	/* vap->iv_flags IEEE80211_F_SHPREAMBLE */
4060
	vif->bss_conf.use_short_slot = false;		/* vap->iv_flags IEEE80211_F_SHSLOT */
4061
	vif->bss_conf.qos = false;
4062
	vif->bss_conf.use_cts_prot = false;		/* vap->iv_protmode */
4063
	vif->bss_conf.ht_operation_mode = IEEE80211_HT_OP_MODE_PROTECTION_NONE;
4064
	vif->cfg.aid = 0;
4065
	vif->cfg.assoc = false;
4066
	vif->cfg.idle = true;
4067
	vif->cfg.ps = false;
4068
	IMPROVE("Check other fields and then figure out whats is left elsewhere of them");
4069
	/*
4070
	 * We need to initialize it to something as the bss_info_changed call
4071
	 * will try to copy from it in iwlwifi and NULL is a panic.
4072
	 * We will set the proper one in scan_to_auth() before being assoc.
4073
	 */
4074
	vif->bss_conf.bssid = ieee80211broadcastaddr;
4075
#endif
4076
#if 0
4077
	vif->bss_conf.dtim_period = 0; /* IEEE80211_DTIM_DEFAULT ; must stay 0. */
4078
	IEEE80211_ADDR_COPY(vif->bss_conf.bssid, bssid);
4079
	vif->bss_conf.beacon_int = ic->ic_bintval;
4080
	/* iwlwifi bug. */
4081
	if (vif->bss_conf.beacon_int < 16)
4082
		vif->bss_conf.beacon_int = 16;
4083
#endif
4084

4085
	/* Link Config */
4086
	vif->link_conf[0] = &vif->bss_conf;
4087
	for (i = 0; i < nitems(vif->link_conf); i++) {
4088
		IMPROVE("more than 1 link one day");
4089
	}
4090

4091
	/* Setup queue defaults; driver may override in (*add_interface). */
4092
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
4093
		if (ieee80211_hw_check(hw, QUEUE_CONTROL))
4094
			vif->hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
4095
		else if (hw->queues >= IEEE80211_NUM_ACS)
4096
			vif->hw_queue[i] = i;
4097
		else
4098
			vif->hw_queue[i] = 0;
4099

4100
		/* Initialize the queue to running. Stopped? */
4101
		lvif->hw_queue_stopped[i] = false;
4102
	}
4103
	vif->cab_queue = IEEE80211_INVAL_HW_QUEUE;
4104

4105
	IMPROVE();
4106

4107
	wiphy_lock(hw->wiphy);
4108
	error = lkpi_80211_mo_start(hw);
4109
	if (error != 0) {
4110
		wiphy_unlock(hw->wiphy);
4111
		ic_printf(ic, "%s: failed to start hw: %d\n", __func__, error);
4112
		mtx_destroy(&lvif->mtx);
4113
		free(lvif, M_80211_VAP);
4114
		return (NULL);
4115
	}
4116

4117
	error = lkpi_80211_mo_add_interface(hw, vif);
4118
	if (error != 0) {
4119
		IMPROVE();	/* XXX-BZ mo_stop()? */
4120
		wiphy_unlock(hw->wiphy);
4121
		ic_printf(ic, "%s: failed to add interface: %d\n", __func__, error);
4122
		mtx_destroy(&lvif->mtx);
4123
		free(lvif, M_80211_VAP);
4124
		return (NULL);
4125
	}
4126
	wiphy_unlock(hw->wiphy);
4127

4128
	LKPI_80211_LHW_LVIF_LOCK(lhw);
4129
	TAILQ_INSERT_TAIL(&lhw->lvif_head, lvif, lvif_entry);
4130
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4131

4132
	/* Set bss_info. */
4133
	changed = 0;
4134
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
4135

4136
	/* Configure tx queues (conf_tx), default WME & send BSS_CHANGED_QOS. */
4137
	IMPROVE("Hardcoded values; to fix see 802.11-2016, 9.4.2.29 EDCA Parameter Set element");
4138
	wiphy_lock(hw->wiphy);
4139
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4140

4141
		bzero(&txqp, sizeof(txqp));
4142
		txqp.cw_min = 15;
4143
		txqp.cw_max = 1023;
4144
		txqp.txop = 0;
4145
		txqp.aifs = 2;
4146
		error = lkpi_80211_mo_conf_tx(hw, vif, /* link_id */0, ac, &txqp);
4147
		if (error != 0)
4148
			ic_printf(ic, "%s: conf_tx ac %u failed %d\n",
4149
			    __func__, ac, error);
4150
	}
4151
	wiphy_unlock(hw->wiphy);
4152
	changed = BSS_CHANGED_QOS;
4153
	lkpi_80211_mo_bss_info_changed(hw, vif, &vif->bss_conf, changed);
4154

4155
	/* Force MC init. */
4156
	lkpi_update_mcast_filter(ic);
4157

4158
	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid);
4159

4160
	/* Now we have a valid vap->iv_ifp.  Any checksum offloading goes below. */
4161

4162
	IMPROVE();
4163

4164
	/* Override with LinuxKPI method so we can drive mac80211/cfg80211. */
4165
	lvif->iv_newstate = vap->iv_newstate;
4166
	vap->iv_newstate = lkpi_iv_newstate;
4167
	lvif->iv_update_bss = vap->iv_update_bss;
4168
	vap->iv_update_bss = lkpi_iv_update_bss;
4169
	lvif->iv_recv_mgmt = vap->iv_recv_mgmt;
4170
	vap->iv_recv_mgmt = lkpi_iv_sta_recv_mgmt;
4171

4172
#ifdef LKPI_80211_HW_CRYPTO
4173
	/* Key management. */
4174
	if (lkpi_hwcrypto && lhw->ops->set_key != NULL) {
4175
		vap->iv_key_set = lkpi_iv_key_set;
4176
		vap->iv_key_delete = lkpi_iv_key_delete;
4177
		vap->iv_key_update_begin = lkpi_iv_key_update_begin;
4178
		vap->iv_key_update_end = lkpi_iv_key_update_end;
4179
	}
4180
#endif
4181

4182
#ifdef LKPI_80211_HT
4183
	/* Stay with the iv_ampdu_rxmax,limit / iv_ampdu_density defaults until later. */
4184
#endif
4185

4186
	ieee80211_ratectl_init(vap);
4187

4188
	/* Complete setup. */
4189
	ieee80211_vap_attach(vap, ieee80211_media_change,
4190
	    ieee80211_media_status, mac);
4191

4192
#ifdef LKPI_80211_HT
4193
	/*
4194
	 * Modern chipset/fw/drv will do A-MPDU in drv/fw and fail
4195
	 * to do so if they cannot do the crypto too.
4196
	 */
4197
	if (!lkpi_hwcrypto && IEEE80211_CONF_AMPDU_OFFLOAD(ic))
4198
		vap->iv_flags_ht &= ~IEEE80211_FHT_AMPDU_RX;
4199
#endif
4200

4201
	if (hw->max_listen_interval == 0)
4202
		hw->max_listen_interval = 7 * (ic->ic_lintval / ic->ic_bintval);
4203
	hw->conf.listen_interval = hw->max_listen_interval;
4204
	ic->ic_set_channel(ic);
4205

4206
	/* XXX-BZ do we need to be able to update these? */
4207
	hw->wiphy->frag_threshold = vap->iv_fragthreshold;
4208
	lkpi_80211_mo_set_frag_threshold(hw, vap->iv_fragthreshold);
4209
	hw->wiphy->rts_threshold = vap->iv_rtsthreshold;
4210
	lkpi_80211_mo_set_rts_threshold(hw, vap->iv_rtsthreshold);
4211
	/* any others? */
4212

4213
	/* Add per-VIF/VAP sysctls. */
4214
	sysctl_ctx_init(&lvif->sysctl_ctx);
4215

4216
	node = SYSCTL_ADD_NODE(&lvif->sysctl_ctx,
4217
	    SYSCTL_CHILDREN(&sysctl___compat_linuxkpi_80211),
4218
	    OID_AUTO, if_name(vap->iv_ifp),
4219
	    CTLFLAG_RD | CTLFLAG_SKIP | CTLFLAG_MPSAFE, NULL, "VIF Information");
4220

4221
	SYSCTL_ADD_PROC(&lvif->sysctl_ctx,
4222
	    SYSCTL_CHILDREN(node), OID_AUTO, "dump_stas",
4223
	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, lvif, 0,
4224
	    lkpi_80211_dump_stas, "A", "Dump sta statistics of this vif");
4225
	SYSCTL_ADD_PROC(&lvif->sysctl_ctx,
4226
	    SYSCTL_CHILDREN(node), OID_AUTO, "dump_stas_queues",
4227
	    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_SKIP, lvif, 0,
4228
	    lkpi_80211_dump_sta_queues, "A",
4229
	    "Dump queue statistics for any sta of this vif");
4230

4231
	IMPROVE();
4232

4233
	return (vap);
4234
}
4235

4236
void
4237
linuxkpi_ieee80211_unregister_hw(struct ieee80211_hw *hw)
4238
{
4239

4240
	wiphy_unregister(hw->wiphy);
4241
	linuxkpi_ieee80211_ifdetach(hw);
4242

4243
	IMPROVE();
4244
}
4245

4246
void
4247
linuxkpi_ieee80211_restart_hw(struct ieee80211_hw *hw)
4248
{
4249

4250
	TODO();
4251
}
4252

4253
static void
4254
lkpi_ic_vap_delete(struct ieee80211vap *vap)
4255
{
4256
	struct ieee80211com *ic;
4257
	struct lkpi_hw *lhw;
4258
	struct ieee80211_hw *hw;
4259
	struct lkpi_vif *lvif;
4260
	struct ieee80211_vif *vif;
4261

4262
	lvif = VAP_TO_LVIF(vap);
4263
	vif = LVIF_TO_VIF(lvif);
4264
	ic = vap->iv_ic;
4265
	lhw = ic->ic_softc;
4266
	hw = LHW_TO_HW(lhw);
4267

4268
	EVENTHANDLER_DEREGISTER(iflladdr_event, lvif->lvif_ifllevent);
4269

4270
	/* Clear up per-VIF/VAP sysctls. */
4271
	sysctl_ctx_free(&lvif->sysctl_ctx);
4272

4273
	ieee80211_draintask(ic, &lvif->sw_scan_task);
4274

4275
	LKPI_80211_LHW_LVIF_LOCK(lhw);
4276
	TAILQ_REMOVE(&lhw->lvif_head, lvif, lvif_entry);
4277
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
4278

4279
	ieee80211_ratectl_deinit(vap);
4280
	ieee80211_vap_detach(vap);
4281

4282
	IMPROVE("clear up other bits in this state");
4283

4284
	lkpi_80211_mo_remove_interface(hw, vif);
4285

4286
	/* Single VAP, so we can do this here. */
4287
	lkpi_80211_mo_stop(hw, false);			/* XXX SUSPEND */
4288

4289
	mtx_destroy(&lvif->mtx);
4290
	free(lvif, M_80211_VAP);
4291
}
4292

4293
static void
4294
lkpi_ic_update_mcast(struct ieee80211com *ic)
4295
{
4296
	struct ieee80211vap *vap;
4297
	struct lkpi_hw *lhw;
4298

4299
	lhw = ic->ic_softc;
4300

4301
	LKPI_80211_LHW_MC_LOCK(lhw);
4302
	/* Cleanup anything on the current list. */
4303
	lkpi_cleanup_mcast_list_locked(lhw);
4304

4305
	/* Build up the new list (or allmulti). */
4306
	if (ic->ic_allmulti == 0) {
4307
		TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
4308
			if_foreach_llmaddr(vap->iv_ifp,
4309
			    lkpi_ic_update_mcast_copy, &lhw->mc_list);
4310
		lhw->mc_all_multi = false;
4311
	} else {
4312
		lhw->mc_all_multi = true;
4313
	}
4314
	LKPI_80211_LHW_MC_UNLOCK(lhw);
4315

4316
	lkpi_update_mcast_filter(ic);
4317
	TRACEOK();
4318
}
4319

4320
static void
4321
lkpi_ic_update_promisc(struct ieee80211com *ic)
4322
{
4323

4324
	UNIMPLEMENTED;
4325
}
4326

4327
static void
4328
lkpi_ic_update_chw(struct ieee80211com *ic)
4329
{
4330

4331
	UNIMPLEMENTED;
4332
}
4333

4334
/* Start / stop device. */
4335
static void
4336
lkpi_ic_parent(struct ieee80211com *ic)
4337
{
4338
	struct lkpi_hw *lhw;
4339
	struct ieee80211_hw *hw;
4340
#ifdef HW_START_STOP
4341
	int error;
4342
#endif
4343
	bool start_all;
4344

4345
	IMPROVE();
4346

4347
	lhw = ic->ic_softc;
4348
	hw = LHW_TO_HW(lhw);
4349
	start_all = false;
4350

4351
	/* IEEE80211_UNLOCK(ic); */
4352
	wiphy_lock(hw->wiphy);
4353
	if (ic->ic_nrunning > 0) {
4354
#ifdef HW_START_STOP
4355
		error = lkpi_80211_mo_start(hw);
4356
		if (error == 0)
4357
#endif
4358
			start_all = true;
4359
	} else {
4360
#ifdef HW_START_STOP
4361
		lkpi_80211_mo_stop(hw, false);		/* XXX SUSPEND */
4362
#endif
4363
	}
4364
	wiphy_unlock(hw->wiphy);
4365
	/* IEEE80211_LOCK(ic); */
4366

4367
	if (start_all)
4368
		ieee80211_start_all(ic);
4369
}
4370

4371
bool
4372
linuxkpi_ieee80211_is_ie_id_in_ie_buf(const u8 ie, const u8 *ie_ids,
4373
    size_t ie_ids_len)
4374
{
4375
	int i;
4376

4377
	for (i = 0; i < ie_ids_len; i++) {
4378
		if (ie == *ie_ids)
4379
			return (true);
4380
	}
4381

4382
	return (false);
4383
}
4384

4385
/* Return true if skipped; false if error. */
4386
bool
4387
linuxkpi_ieee80211_ie_advance(size_t *xp, const u8 *ies, size_t ies_len)
4388
{
4389
	size_t x;
4390
	uint8_t l;
4391

4392
	x = *xp;
4393

4394
	KASSERT(x < ies_len, ("%s: x %zu ies_len %zu ies %p\n",
4395
	    __func__, x, ies_len, ies));
4396
	l = ies[x + 1];
4397
	x += 2 + l;
4398

4399
	if (x > ies_len)
4400
		return (false);
4401

4402
	*xp = x;
4403
	return (true);
4404
}
4405

4406
static uint8_t *
4407
lkpi_scan_ies_add(uint8_t *p, struct ieee80211_scan_ies *scan_ies,
4408
    uint32_t band_mask, struct ieee80211vap *vap, struct ieee80211_hw *hw)
4409
{
4410
	struct ieee80211_supported_band *supband;
4411
	struct linuxkpi_ieee80211_channel *channels;
4412
	struct ieee80211com *ic;
4413
	const struct ieee80211_channel *chan;
4414
	const struct ieee80211_rateset *rs;
4415
	uint8_t *pb;
4416
	int band, i;
4417

4418
	ic = vap->iv_ic;
4419
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
4420
		if ((band_mask & (1 << band)) == 0)
4421
			continue;
4422

4423
		supband = hw->wiphy->bands[band];
4424
		/*
4425
		 * This should not happen;
4426
		 * band_mask is a bitmask of valid bands to scan on.
4427
		 */
4428
		if (supband == NULL || supband->n_channels == 0)
4429
			continue;
4430

4431
		/* Find a first channel to get the mode and rates from. */
4432
		channels = supband->channels;
4433
		chan = NULL;
4434
		for (i = 0; i < supband->n_channels; i++) {
4435
			uint32_t flags;
4436

4437
			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
4438
				continue;
4439

4440
			flags = 0;
4441
			switch (band) {
4442
			case NL80211_BAND_2GHZ:
4443
				flags |= IEEE80211_CHAN_G;
4444
				break;
4445
			case NL80211_BAND_5GHZ:
4446
				flags |= IEEE80211_CHAN_A;
4447
				break;
4448
			default:
4449
				panic("%s:%d: unupported band %d\n",
4450
				    __func__, __LINE__, band);
4451
			}
4452

4453
			chan = ieee80211_find_channel(ic,
4454
			    channels[i].center_freq, flags);
4455
			if (chan != NULL)
4456
				break;
4457
		}
4458

4459
		/* This really should not happen. */
4460
		if (chan == NULL)
4461
			continue;
4462

4463
		pb = p;
4464
		rs = ieee80211_get_suprates(ic, chan);	/* calls chan2mode */
4465
		p = ieee80211_add_rates(p, rs);
4466
		p = ieee80211_add_xrates(p, rs);
4467

4468
#if defined(LKPI_80211_HT)
4469
		if ((vap->iv_flags_ht & IEEE80211_FHT_HT) != 0) {
4470
			struct ieee80211_channel *c;
4471

4472
			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4473
			    vap->iv_flags_ht);
4474
			p = ieee80211_add_htcap_ch(p, vap, c);
4475
		}
4476
#endif
4477
#if defined(LKPI_80211_VHT)
4478
		if (band == NL80211_BAND_5GHZ &&
4479
		    (vap->iv_vht_flags & IEEE80211_FVHT_VHT) != 0) {
4480
			struct ieee80211_channel *c;
4481

4482
			c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan,
4483
			    vap->iv_flags_ht);
4484
			c = ieee80211_vht_adjust_channel(ic, c,
4485
			    vap->iv_vht_flags);
4486
			p = ieee80211_add_vhtcap_ch(p, vap, c);
4487
		}
4488
#endif
4489

4490
		scan_ies->ies[band] = pb;
4491
		scan_ies->len[band] = p - pb;
4492
	}
4493

4494
	/* Add common_ies */
4495
	pb = p;
4496
	if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4497
	    vap->iv_wpa_ie != NULL) {
4498
		memcpy(p, vap->iv_wpa_ie, 2 + vap->iv_wpa_ie[1]);
4499
		p += 2 + vap->iv_wpa_ie[1];
4500
	}
4501
	if (vap->iv_appie_probereq != NULL) {
4502
		memcpy(p, vap->iv_appie_probereq->ie_data,
4503
		    vap->iv_appie_probereq->ie_len);
4504
		p += vap->iv_appie_probereq->ie_len;
4505
	}
4506
	scan_ies->common_ies = pb;
4507
	scan_ies->common_ie_len = p - pb;
4508

4509
	return (p);
4510
}
4511

4512
static void
4513
lkpi_enable_hw_scan(struct lkpi_hw *lhw)
4514
{
4515

4516
	if (lhw->ops->hw_scan) {
4517
		/*
4518
		 * Advertise full-offload scanning.
4519
		 *
4520
		 * Not limiting to SINGLE_SCAN_ON_ALL_BANDS here as otherwise
4521
		 * we essentially disable hw_scan for all drivers not setting
4522
		 * the flag.
4523
		 */
4524
		lhw->ic->ic_flags_ext |= IEEE80211_FEXT_SCAN_OFFLOAD;
4525
		lhw->scan_flags |= LKPI_LHW_SCAN_HW;
4526
	}
4527
}
4528

4529
#ifndef LKPI_80211_USE_SCANLIST
4530
static const uint32_t chan_pri[] = {
4531
	5180, 5500, 5745,
4532
	5260, 5580, 5660, 5825,
4533
	5220, 5300, 5540, 5620, 5700, 5785, 5865,
4534
	2437, 2412, 2422, 2462, 2472, 2432, 2452
4535
};
4536

4537
static int
4538
lkpi_scan_chan_list_idx(const struct linuxkpi_ieee80211_channel *lc)
4539
{
4540
	int i;
4541

4542
	for (i = 0; i < nitems(chan_pri); i++) {
4543
		if (lc->center_freq == chan_pri[i])
4544
			return (i);
4545
	}
4546

4547
	return (-1);
4548
}
4549

4550
static int
4551
lkpi_scan_chan_list_comp(const  struct linuxkpi_ieee80211_channel *lc1,
4552
    const  struct linuxkpi_ieee80211_channel *lc2)
4553
{
4554
	int idx1, idx2;
4555

4556
	/* Find index in list. */
4557
	idx1 = lkpi_scan_chan_list_idx(lc1);
4558
	idx2 = lkpi_scan_chan_list_idx(lc2);
4559

4560
	if (idx1 == -1 && idx2 != -1)
4561
		return (1);
4562
	if (idx1 != -1 && idx2 == -1)
4563
		return (-1);
4564

4565
	/* Neither on the list, use center_freq. */
4566
	if (idx1 == -1 && idx2 == -1)
4567
		return (lc1->center_freq - lc2->center_freq);
4568

4569
	/* Whichever is first in the list. */
4570
	return (idx1 - idx2);
4571
}
4572

4573
static void
4574
lkpi_scan_chan_list_resort(struct linuxkpi_ieee80211_channel **cpp, size_t nchan)
4575
{
4576
	struct linuxkpi_ieee80211_channel *lc, *nc;
4577
	size_t i, j;
4578
	int rc;
4579

4580
	for (i = (nchan - 1); i > 0; i--) {
4581
		for (j = i; j > 0 ; j--) {
4582
			lc = *(cpp + j);
4583
			nc = *(cpp + j - 1);
4584
			rc = lkpi_scan_chan_list_comp(lc, nc);
4585
			if (rc < 0) {
4586
				*(cpp + j) = nc;
4587
				*(cpp + j - 1) = lc;
4588
			}
4589
		}
4590
	}
4591
}
4592

4593
static bool
4594
lkpi_scan_chan(struct linuxkpi_ieee80211_channel *c,
4595
    struct ieee80211com *ic, bool log)
4596
{
4597

4598
	if ((c->flags & IEEE80211_CHAN_DISABLED) != 0) {
4599
		if (log)
4600
			TRACE_SCAN(ic, "Skipping disabled chan "
4601
			    "on band %s [%#x/%u/%#x]",
4602
			    lkpi_nl80211_band_name(c->band), c->hw_value,
4603
			    c->center_freq, c->flags);
4604
		return (false);
4605
	}
4606
	if (isclr(ic->ic_chan_active, ieee80211_mhz2ieee(c->center_freq,
4607
	    lkpi_nl80211_band_to_net80211_band(c->band)))) {
4608
		if (log)
4609
			TRACE_SCAN(ic, "Skipping !active chan "
4610
			    "on band %s [%#x/%u/%#x]",
4611
			    lkpi_nl80211_band_name(c->band), c->hw_value,
4612
			    c->center_freq, c->flags);
4613
		return (false);
4614
	}
4615
	return (true);
4616
}
4617
#endif
4618

4619
static void
4620
lkpi_ic_scan_start(struct ieee80211com *ic)
4621
{
4622
	struct lkpi_hw *lhw;
4623
	struct ieee80211_hw *hw;
4624
	struct lkpi_vif *lvif;
4625
	struct ieee80211_vif *vif;
4626
	struct ieee80211_scan_state *ss;
4627
	struct ieee80211vap *vap;
4628
	int error;
4629
	bool is_hw_scan;
4630

4631
	lhw = ic->ic_softc;
4632
	ss = ic->ic_scan;
4633
	vap = ss->ss_vap;
4634
	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4635

4636
	LKPI_80211_LHW_SCAN_LOCK(lhw);
4637
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4638
		/* A scan is still running. */
4639
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4640
		TRACE_SCAN(ic, "Trying to start new scan while still running; "
4641
		    "cancelling new net80211 scan; scan_flags %b",
4642
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4643
		ieee80211_cancel_scan(vap);
4644
		return;
4645
	}
4646
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
4647
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4648

4649
#if 0
4650
	if (vap->iv_state != IEEE80211_S_SCAN) {
4651
		TODO("We need to be able to scan if not in S_SCAN");
4652
		TRACE_SCAN(ic, "scan_flags %b iv_state %d",
4653
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, vap->iv_state);
4654
		ieee80211_cancel_scan(vap);
4655
		return;
4656
	}
4657
#endif
4658

4659
	hw = LHW_TO_HW(lhw);
4660
	if (!is_hw_scan) {
4661
		/* If hw_scan is cleared clear FEXT_SCAN_OFFLOAD too. */
4662
		vap->iv_flags_ext &= ~IEEE80211_FEXT_SCAN_OFFLOAD;
4663

4664
		lvif = VAP_TO_LVIF(vap);
4665
		vif = LVIF_TO_VIF(lvif);
4666

4667
		if (vap->iv_state == IEEE80211_S_SCAN)
4668
			lkpi_hw_conf_idle(hw, false);
4669

4670
		LKPI_80211_LHW_SCAN_LOCK(lhw);
4671
		lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4672
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4673

4674
		lkpi_update_mcast_filter(ic);
4675

4676
		TRACE_SCAN(vap->iv_ic, "Starting SW_SCAN: scan_flags %b",
4677
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4678
		lkpi_80211_mo_sw_scan_start(hw, vif, vif->addr);
4679
		/* net80211::scan_start() handled PS for us. */
4680
		IMPROVE();
4681
		/* XXX Also means it is too late to flush queues?
4682
		 * need to check iv_sta_ps or overload? */
4683
		/* XXX want to adjust ss end time/ maxdwell? */
4684

4685
	} else {
4686
		struct ieee80211_scan_request *hw_req;
4687
		struct linuxkpi_ieee80211_channel *lc, **cpp;
4688
		struct cfg80211_ssid *ssids;
4689
		struct cfg80211_scan_6ghz_params *s6gp;
4690
		size_t chan_len, nchan, ssids_len, s6ghzlen;
4691
		int band, i, ssid_count, common_ie_len;
4692
#ifndef LKPI_80211_USE_SCANLIST
4693
		int n;
4694
#endif
4695
		uint32_t band_mask;
4696
		uint8_t *ie, *ieend;
4697
		bool running;
4698

4699
		ssid_count = min(ss->ss_nssid, hw->wiphy->max_scan_ssids);
4700
		ssids_len = ssid_count * sizeof(*ssids);
4701
		s6ghzlen = 0 * (sizeof(*s6gp));			/* XXX-BZ */
4702

4703
		band_mask = 0;
4704
		nchan = 0;
4705
		if (ieee80211_hw_check(hw, SINGLE_SCAN_ON_ALL_BANDS)) {
4706
#ifdef LKPI_80211_USE_SCANLIST
4707
		/* Avoid net80211 scan lists until it has proper scan offload support. */
4708
			for (i = ss->ss_next; i < ss->ss_last; i++) {
4709
				nchan++;
4710
				band = lkpi_net80211_chan_to_nl80211_band(
4711
				    ss->ss_chans[ss->ss_next + i]);
4712
				band_mask |= (1 << band);
4713
			}
4714
#else
4715
			/* Instead we scan for all channels all the time. */
4716
			for (band = 0; band < NUM_NL80211_BANDS; band++) {
4717
				switch (band) {
4718
				case NL80211_BAND_2GHZ:
4719
				case NL80211_BAND_5GHZ:
4720
					break;
4721
				default:
4722
					continue;
4723
				}
4724
				if (hw->wiphy->bands[band] != NULL) {
4725
					struct linuxkpi_ieee80211_channel *channels;
4726
					int n;
4727

4728
					band_mask |= (1 << band);
4729

4730
					channels = hw->wiphy->bands[band]->channels;
4731
					n = hw->wiphy->bands[band]->n_channels;
4732
					for (i = 0; i < n; i++) {
4733
						if (lkpi_scan_chan(&channels[i], ic, true))
4734
							nchan++;
4735
					}
4736
				}
4737
			}
4738
#endif
4739
		} else {
4740
			IMPROVE("individual band scans not yet supported, only scanning first band");
4741
			/* In theory net80211 should drive this. */
4742
			/* Probably we need to add local logic for now;
4743
			 * need to deal with scan_complete
4744
			 * and cancel_scan and keep local state.
4745
			 * Also cut the nchan down above.
4746
			 */
4747
			/* XXX-BZ ath10k does not set this but still does it? &$%^ */
4748
		}
4749

4750
		chan_len = nchan * (sizeof(lc) + sizeof(*lc));
4751

4752
		common_ie_len = 0;
4753
		if ((vap->iv_flags & IEEE80211_F_WPA1) != 0 &&
4754
		    vap->iv_wpa_ie != NULL)
4755
			common_ie_len += vap->iv_wpa_ie[1];
4756
		if (vap->iv_appie_probereq != NULL)
4757
			common_ie_len += vap->iv_appie_probereq->ie_len;
4758

4759
		/* We would love to check this at an earlier stage... */
4760
		if (common_ie_len >  hw->wiphy->max_scan_ie_len) {
4761
			ic_printf(ic, "WARNING: %s: common_ie_len %d > "
4762
			    "wiphy->max_scan_ie_len %d\n", __func__,
4763
			    common_ie_len, hw->wiphy->max_scan_ie_len);
4764
		}
4765

4766
		hw_req = malloc(sizeof(*hw_req) + ssids_len +
4767
		    s6ghzlen + chan_len + lhw->supbands * lhw->scan_ie_len +
4768
		    common_ie_len, M_LKPI80211, M_WAITOK | M_ZERO);
4769

4770
		hw_req->req.flags = 0;			/* XXX ??? */
4771
		/* hw_req->req.wdev */
4772
		hw_req->req.wiphy = hw->wiphy;
4773
		hw_req->req.no_cck = false;		/* XXX */
4774

4775
		/*
4776
		 * In general setting duration[_mandatory] seems to pessimise
4777
		 * default scanning behaviour.  We only use it for BGSCANnig
4778
		 * to keep the dwell times small.
4779
		 * Setting duration_mandatory makes this the maximum dwell
4780
		 * time (otherwise may be shorter).  Duration is in TU.
4781
		 */
4782
		if ((ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN) != 0) {
4783
			unsigned long dwell;
4784

4785
			if ((ic->ic_caps & IEEE80211_C_BGSCAN) == 0 ||
4786
			    (vap->iv_flags & IEEE80211_F_BGSCAN) == 0)
4787
				ic_printf(ic, "BGSCAN despite off: %b, %b, %b\n",
4788
				    ic->ic_flags_ext, IEEE80211_FEXT_BITS,
4789
				    vap->iv_flags, IEEE80211_F_BITS,
4790
				    ic->ic_caps, IEEE80211_C_BITS);
4791

4792
			dwell = ss->ss_mindwell;
4793
			if (dwell == 0)
4794
				dwell = msecs_to_ticks(20);
4795

4796
			hw_req->req.duration_mandatory = true;
4797
			hw_req->req.duration = TICKS_2_USEC(dwell) / 1024;
4798
		}
4799

4800
#ifdef __notyet__
4801
		hw_req->req.flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
4802
		memcpy(hw_req->req.mac_addr, xxx, IEEE80211_ADDR_LEN);
4803
		memset(hw_req->req.mac_addr_mask, 0xxx, IEEE80211_ADDR_LEN);
4804
#endif
4805
		eth_broadcast_addr(hw_req->req.bssid);
4806

4807
		hw_req->req.n_channels = nchan;
4808
		cpp = (struct linuxkpi_ieee80211_channel **)(hw_req + 1);
4809
		lc = (struct linuxkpi_ieee80211_channel *)(cpp + nchan);
4810
#ifdef LKPI_80211_USE_SCANLIST
4811
		for (i = 0; i < nchan; i++) {
4812
			*(cpp + i) =
4813
			    (struct linuxkpi_ieee80211_channel *)(lc + i);
4814
		}
4815
		/* Avoid net80211 scan lists until it has proper scan offload support. */
4816
		for (i = 0; i < nchan; i++) {
4817
			struct ieee80211_channel *c;
4818

4819
			c = ss->ss_chans[ss->ss_next + i];
4820
			lc->center_freq = c->ic_freq;	/* XXX */
4821
			/* lc->flags */
4822
			lc->band = lkpi_net80211_chan_to_nl80211_band(c);
4823
			lc->max_power = c->ic_maxpower;
4824
			/* lc-> ... */
4825
			lc++;
4826
		}
4827
#else
4828
		/* Add bands in reverse order for scanning. */
4829
		n = 0;
4830
		for (band = NUM_NL80211_BANDS - 1; band >= 0; band--) {
4831
			struct ieee80211_supported_band *supband;
4832
			struct linuxkpi_ieee80211_channel *channels;
4833

4834
			/* Band disabled for scanning? */
4835
			if ((band_mask & (1 << band)) == 0)
4836
				continue;
4837

4838
			/* Nothing to scan in band? */
4839
			supband = hw->wiphy->bands[band];
4840
			if (supband == NULL || supband->n_channels == 0)
4841
				continue;
4842

4843
			channels = supband->channels;
4844
			for (i = 0; i < supband->n_channels; i++) {
4845
				if (lkpi_scan_chan(&channels[i], ic, false))
4846
					*(cpp + n++) = &channels[i];
4847
			}
4848
		}
4849
		if (lkpi_order_scanlist)
4850
			lkpi_scan_chan_list_resort(cpp, nchan);
4851

4852
		if ((linuxkpi_debug_80211 & D80211_SCAN) != 0) {
4853
			printf("%s:%d: %s SCAN Channel List (nchan=%zu): ",
4854
			    __func__, __LINE__, ic->ic_name, nchan);
4855
			for (i = 0; i < nchan; i++) {
4856
				struct linuxkpi_ieee80211_channel *xc;
4857

4858
				xc = *(cpp + i);
4859
				printf(" %d(%d)",
4860
				    ieee80211_mhz2ieee(xc->center_freq,
4861
				        lkpi_nl80211_band_to_net80211_band(
4862
					xc->band)),
4863
				    xc->center_freq);
4864
			}
4865
			printf("\n");
4866
		}
4867
#endif
4868

4869
		hw_req->req.n_ssids = ssid_count;
4870
		if (hw_req->req.n_ssids > 0) {
4871
			ssids = (struct cfg80211_ssid *)lc;
4872
			hw_req->req.ssids = ssids;
4873
			for (i = 0; i < ssid_count; i++) {
4874
				ssids->ssid_len = ss->ss_ssid[i].len;
4875
				memcpy(ssids->ssid, ss->ss_ssid[i].ssid,
4876
				    ss->ss_ssid[i].len);
4877
				ssids++;
4878
			}
4879
			s6gp = (struct cfg80211_scan_6ghz_params *)ssids;
4880
		} else {
4881
			s6gp = (struct cfg80211_scan_6ghz_params *)lc;
4882
		}
4883

4884
		/* 6GHz one day. */
4885
		hw_req->req.n_6ghz_params = 0;
4886
		hw_req->req.scan_6ghz_params = NULL;
4887
		hw_req->req.scan_6ghz = false;	/* Weird boolean; not what you think. */
4888
		/* s6gp->... */
4889

4890
		ie = ieend = (uint8_t *)s6gp;
4891
		/* Copy per-band IEs, copy common IEs */
4892
		ieend = lkpi_scan_ies_add(ie, &hw_req->ies, band_mask, vap, hw);
4893
		hw_req->req.ie = ie;
4894
		hw_req->req.ie_len = ieend - ie;
4895
		hw_req->req.scan_start = jiffies;
4896

4897
		lvif = VAP_TO_LVIF(vap);
4898
		vif = LVIF_TO_VIF(lvif);
4899

4900
		LKPI_80211_LHW_SCAN_LOCK(lhw);
4901
		/* Re-check under lock. */
4902
		running = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
4903
		if (!running) {
4904
			KASSERT(lhw->hw_req == NULL, ("%s: ic %p lhw %p hw_req %p "
4905
			    "!= NULL\n", __func__, ic, lhw, lhw->hw_req));
4906

4907
			lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING;
4908
			lhw->hw_req = hw_req;
4909
		}
4910
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4911
		if (running) {
4912
			free(hw_req, M_LKPI80211);
4913
			TRACE_SCAN(ic, "Trying to start new scan while still "
4914
			    "running (2); cancelling new net80211 scan; "
4915
			    "scan_flags %b",
4916
			    lhw->scan_flags, LKPI_LHW_SCAN_BITS);
4917
			ieee80211_cancel_scan(vap);
4918
			return;
4919
		}
4920

4921
		lkpi_update_mcast_filter(ic);
4922
		TRACE_SCAN(ic, "Starting HW_SCAN: scan_flags %b, "
4923
		    "ie_len %d, n_ssids %d, n_chan %d, common_ie_len %d [%d, %d]",
4924
		    lhw->scan_flags, LKPI_LHW_SCAN_BITS, hw_req->req.ie_len,
4925
		    hw_req->req.n_ssids, hw_req->req.n_channels,
4926
		    hw_req->ies.common_ie_len,
4927
		    hw_req->ies.len[NL80211_BAND_2GHZ],
4928
		    hw_req->ies.len[NL80211_BAND_5GHZ]);
4929

4930
		error = lkpi_80211_mo_hw_scan(hw, vif, hw_req);
4931
		if (error != 0) {
4932
			bool scan_done;
4933
			int e;
4934

4935
			TRACE_SCAN(ic, "hw_scan failed; scan_flags %b, error %d",
4936
			    lhw->scan_flags, LKPI_LHW_SCAN_BITS, error);
4937
			ieee80211_cancel_scan(vap);
4938

4939
			/*
4940
			 * ieee80211_scan_completed must be called in either
4941
			 * case of error or none.  So let the free happen there
4942
			 * and only there.
4943
			 * That would be fine in theory but in practice drivers
4944
			 * behave differently:
4945
			 * ath10k does not return hw_scan until after scan_complete
4946
			 *        and can then still return an error.
4947
			 * rtw88 can return 1 or -EBUSY without scan_complete
4948
			 * iwlwifi can return various errors before scan starts
4949
			 * ...
4950
			 * So we cannot rely on that behaviour and have to check
4951
			 * and balance between both code paths.
4952
			 */
4953
			e = 0;
4954
			scan_done = true;
4955
			LKPI_80211_LHW_SCAN_LOCK(lhw);
4956
			if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0) {
4957

4958
				free(lhw->hw_req, M_LKPI80211);
4959
				lhw->hw_req = NULL;
4960
				/*
4961
				 * The ieee80211_cancel_scan() above runs in a
4962
				 * taskq and it may take ages for the previous
4963
				 * scan to clear;  starting a new one right away
4964
				 * we run into the problem that the old one is
4965
				 * still active.
4966
				 */
4967
				e = msleep(lhw, &lhw->scan_mtx, 0, "lhwscanstop", hz);
4968
				scan_done = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0;
4969

4970
				/*
4971
				 * Now we can clear running if no one else did.
4972
				 */
4973
				lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
4974
			}
4975
			LKPI_80211_LHW_SCAN_UNLOCK(lhw);
4976
			lkpi_update_mcast_filter(ic);
4977
			if (!scan_done) {
4978
				ic_printf(ic, "ERROR: %s: timeout/error to wait "
4979
				    "for ieee80211_cancel_scan: %d\n", __func__, e);
4980
				return;
4981
			}
4982

4983
			/*
4984
			 * XXX-SIGH magic number.
4985
			 * rtw88 has a magic "return 1" if offloading scan is
4986
			 * not possible.  Fall back to sw scan in that case.
4987
			 */
4988
			if (error == 1) {
4989
				/*
4990
				 * We need to put this into some defered context
4991
				 * the net80211 scan may not be done yet
4992
				 * (ic_flags & IEEE80211_F_SCAN) and we cannot
4993
				 * wait here; if we do scan_curchan_task always
4994
				 * runs after our timeout to finalize the scan.
4995
				 */
4996
				ieee80211_runtask(ic, &lvif->sw_scan_task);
4997
				return;
4998
			}
4999

5000
			ic_printf(ic, "ERROR: %s: hw_scan returned %d\n",
5001
			    __func__, error);
5002
		}
5003
	}
5004
}
5005

5006
static void
5007
lkpi_sw_scan_task(void *arg, int pending __unused)
5008
{
5009
	struct lkpi_hw *lhw;
5010
	struct lkpi_vif *lvif;
5011
	struct ieee80211vap *vap;
5012
	struct ieee80211_scan_state *ss;
5013

5014
	lvif = arg;
5015
	vap = LVIF_TO_VAP(lvif);
5016
	lhw = vap->iv_ic->ic_softc;
5017
	ss = vap->iv_ic->ic_scan;
5018

5019
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5020
	/*
5021
	 * We will re-enable this at scan_end calling lkpi_enable_hw_scan().
5022
	 * IEEE80211_FEXT_SCAN_OFFLOAD will be cleared by lkpi_ic_scan_start.
5023
	 */
5024
	lhw->scan_flags &= ~LKPI_LHW_SCAN_HW;
5025
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5026

5027
	TRACE_SCAN(vap->iv_ic, "Triggering SW_SCAN: pending %d, scan_flags %b",
5028
	    pending, lhw->scan_flags, LKPI_LHW_SCAN_BITS);
5029

5030
	/*
5031
	 * This will call ic_scan_start() and we will get into the right path
5032
	 * unless other scans started in between.
5033
	 */
5034
	ieee80211_start_scan(vap,
5035
	    IEEE80211_SCAN_ONCE,
5036
	    msecs_to_ticks(10000), /* 10000 ms (=~ 50 chan * 200 ms) */
5037
	    ss->ss_mindwell ? ss->ss_mindwell : msecs_to_ticks(20),
5038
	    ss->ss_maxdwell ? ss->ss_maxdwell : msecs_to_ticks(200),
5039
	    vap->iv_des_nssid, vap->iv_des_ssid);
5040
}
5041

5042
static void
5043
lkpi_ic_scan_end(struct ieee80211com *ic)
5044
{
5045
	struct lkpi_hw *lhw;
5046
	bool is_hw_scan;
5047

5048
	lhw = ic->ic_softc;
5049
	TRACE_SCAN(ic, "scan_flags %b", lhw->scan_flags, LKPI_LHW_SCAN_BITS);
5050

5051
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5052
	if ((lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) == 0) {
5053
		LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5054
		return;
5055
	}
5056
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5057
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5058

5059
	if (!is_hw_scan) {
5060
		struct ieee80211_scan_state *ss;
5061
		struct ieee80211vap *vap;
5062
		struct ieee80211_hw *hw;
5063
		struct lkpi_vif *lvif;
5064
		struct ieee80211_vif *vif;
5065

5066
		ss = ic->ic_scan;
5067
		vap = ss->ss_vap;
5068
		hw = LHW_TO_HW(lhw);
5069
		lvif = VAP_TO_LVIF(vap);
5070
		vif = LVIF_TO_VIF(lvif);
5071

5072
		lkpi_80211_mo_sw_scan_complete(hw, vif);
5073

5074
		/* Send PS to stop buffering if n80211 does not for us? */
5075

5076
		if (vap->iv_state == IEEE80211_S_SCAN)
5077
			lkpi_hw_conf_idle(hw, true);
5078
	}
5079

5080
	/*
5081
	 * In case we disabled the hw_scan in lkpi_ic_scan_start() and
5082
	 * switched to swscan, re-enable hw_scan if available.
5083
	 */
5084
	lkpi_enable_hw_scan(lhw);
5085

5086
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5087
	wakeup(lhw);
5088
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5089
}
5090

5091
static void
5092
lkpi_ic_scan_curchan(struct ieee80211_scan_state *ss,
5093
    unsigned long maxdwell)
5094
{
5095
	struct lkpi_hw *lhw;
5096
	bool is_hw_scan;
5097

5098
	lhw = ss->ss_ic->ic_softc;
5099
	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d maxdwell %lu",
5100
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5101
	    ss->ss_ic->ic_curchan->ic_ieee, maxdwell);
5102

5103
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5104
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5105
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5106
	if (!is_hw_scan)
5107
		lhw->ic_scan_curchan(ss, maxdwell);
5108
}
5109

5110
static void
5111
lkpi_ic_scan_mindwell(struct ieee80211_scan_state *ss)
5112
{
5113
	struct lkpi_hw *lhw;
5114
	bool is_hw_scan;
5115

5116
	lhw = ss->ss_ic->ic_softc;
5117
	TRACE_SCAN(ss->ss_ic, "scan_flags %b chan %d mindwell %lu",
5118
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
5119
	    ss->ss_ic->ic_curchan->ic_ieee, ss->ss_mindwell);
5120

5121
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5122
	is_hw_scan = (lhw->scan_flags & LKPI_LHW_SCAN_HW) != 0;
5123
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5124
	if (!is_hw_scan)
5125
		lhw->ic_scan_mindwell(ss);
5126
}
5127

5128
static void
5129
lkpi_ic_set_channel(struct ieee80211com *ic)
5130
{
5131
	struct lkpi_hw *lhw;
5132
	struct ieee80211_hw *hw;
5133
	struct ieee80211_channel *c;
5134
	struct linuxkpi_ieee80211_channel *chan;
5135
	int error;
5136
	bool hw_scan_running;
5137

5138
	lhw = ic->ic_softc;
5139

5140
	/* If we do not support (*config)() save us the work. */
5141
	if (lhw->ops->config == NULL)
5142
		return;
5143

5144
	/* If we have a hw_scan running do not switch channels. */
5145
	LKPI_80211_LHW_SCAN_LOCK(lhw);
5146
	hw_scan_running =
5147
	    (lhw->scan_flags & (LKPI_LHW_SCAN_RUNNING|LKPI_LHW_SCAN_HW)) ==
5148
		(LKPI_LHW_SCAN_RUNNING|LKPI_LHW_SCAN_HW);
5149
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
5150
	if (hw_scan_running)
5151
		return;
5152

5153
	c = ic->ic_curchan;
5154
	if (c == NULL || c == IEEE80211_CHAN_ANYC) {
5155
		ic_printf(ic, "%s: c %p ops->config %p\n", __func__,
5156
		    c, lhw->ops->config);
5157
		return;
5158
	}
5159

5160
	chan = lkpi_find_lkpi80211_chan(lhw, c);
5161
	if (chan == NULL) {
5162
		ic_printf(ic, "%s: c %p chan %p\n", __func__,
5163
		    c, chan);
5164
		return;
5165
	}
5166

5167
	/* XXX max power for scanning? */
5168
	IMPROVE();
5169

5170
	hw = LHW_TO_HW(lhw);
5171
	cfg80211_chandef_create(&hw->conf.chandef, chan,
5172
#ifdef LKPI_80211_HT
5173
	    (ic->ic_flags_ht & IEEE80211_FHT_HT) ? NL80211_CHAN_HT20 :
5174
#endif
5175
	    NL80211_CHAN_NO_HT);
5176

5177
	error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_CHANNEL);
5178
	if (error != 0 && error != EOPNOTSUPP) {
5179
		ic_printf(ic, "ERROR: %s: config %#0x returned %d\n",
5180
		    __func__, IEEE80211_CONF_CHANGE_CHANNEL, error);
5181
		/* XXX should we unroll to the previous chandef? */
5182
		IMPROVE();
5183
	} else {
5184
		/* Update radiotap channels as well. */
5185
		lhw->rtap_tx.wt_chan_freq = htole16(c->ic_freq);
5186
		lhw->rtap_tx.wt_chan_flags = htole16(c->ic_flags);
5187
		lhw->rtap_rx.wr_chan_freq = htole16(c->ic_freq);
5188
		lhw->rtap_rx.wr_chan_flags = htole16(c->ic_flags);
5189
	}
5190

5191
	/* Currently PS is hard coded off! Not sure it belongs here. */
5192
	IMPROVE();
5193
	if (ieee80211_hw_check(hw, SUPPORTS_PS) &&
5194
	    (hw->conf.flags & IEEE80211_CONF_PS) != 0) {
5195
		hw->conf.flags &= ~IEEE80211_CONF_PS;
5196
		error = lkpi_80211_mo_config(hw, IEEE80211_CONF_CHANGE_PS);
5197
		if (error != 0 && error != EOPNOTSUPP)
5198
			ic_printf(ic, "ERROR: %s: config %#0x returned "
5199
			    "%d\n", __func__, IEEE80211_CONF_CHANGE_PS,
5200
			    error);
5201
	}
5202
}
5203

5204
static struct ieee80211_node *
5205
lkpi_ic_node_alloc(struct ieee80211vap *vap,
5206
    const uint8_t mac[IEEE80211_ADDR_LEN])
5207
{
5208
	struct ieee80211com *ic;
5209
	struct lkpi_hw *lhw;
5210
	struct ieee80211_node *ni;
5211
	struct ieee80211_hw *hw;
5212
	struct lkpi_sta *lsta;
5213

5214
	ic = vap->iv_ic;
5215
	lhw = ic->ic_softc;
5216

5217
	/* We keep allocations de-coupled so we can deal with the two worlds. */
5218
	if (lhw->ic_node_alloc == NULL)
5219
		return (NULL);
5220

5221
	ni = lhw->ic_node_alloc(vap, mac);
5222
	if (ni == NULL)
5223
		return (NULL);
5224

5225
	hw = LHW_TO_HW(lhw);
5226
	lsta = lkpi_lsta_alloc(vap, mac, hw, ni);
5227
	if (lsta == NULL) {
5228
		if (lhw->ic_node_free != NULL)
5229
			lhw->ic_node_free(ni);
5230
		return (NULL);
5231
	}
5232

5233
	return (ni);
5234
}
5235

5236
static int
5237
lkpi_ic_node_init(struct ieee80211_node *ni)
5238
{
5239
	struct ieee80211com *ic;
5240
	struct lkpi_hw *lhw;
5241
	int error;
5242

5243
	ic = ni->ni_ic;
5244
	lhw = ic->ic_softc;
5245

5246
	if (lhw->ic_node_init != NULL) {
5247
		error = lhw->ic_node_init(ni);
5248
		if (error != 0)
5249
			return (error);
5250
	}
5251

5252
	/* XXX-BZ Sync other state over. */
5253
	IMPROVE();
5254

5255
	return (0);
5256
}
5257

5258
static void
5259
lkpi_ic_node_cleanup(struct ieee80211_node *ni)
5260
{
5261
	struct ieee80211com *ic;
5262
	struct lkpi_hw *lhw;
5263

5264
	ic = ni->ni_ic;
5265
	lhw = ic->ic_softc;
5266

5267
	/* XXX-BZ remove from driver, ... */
5268
	IMPROVE();
5269

5270
	if (lhw->ic_node_cleanup != NULL)
5271
		lhw->ic_node_cleanup(ni);
5272
}
5273

5274
static void
5275
lkpi_ic_node_free(struct ieee80211_node *ni)
5276
{
5277
	struct ieee80211com *ic;
5278
	struct lkpi_hw *lhw;
5279
	struct lkpi_sta *lsta;
5280

5281
	ic = ni->ni_ic;
5282
	lhw = ic->ic_softc;
5283
	lsta = ni->ni_drv_data;
5284

5285
	/* KASSERT lsta is not NULL here. Print ni/ni__refcnt. */
5286

5287
	/*
5288
	 * Pass in the original ni just in case of error we could check that
5289
	 * it is the same as lsta->ni.
5290
	 */
5291
	lkpi_lsta_free(lsta, ni);
5292

5293
	if (lhw->ic_node_free != NULL)
5294
		lhw->ic_node_free(ni);
5295
}
5296

5297
/*
5298
 * lkpi_xmit() called from both the (*ic_raw_xmit) as well as the (*ic_transmit)
5299
 * call path.
5300
 * Unfortunately they have slightly different invariants.  See
5301
 * ieee80211_raw_output() and ieee80211_parent_xmitpkt().
5302
 * Both take care of the ni reference in case of error, and otherwise during
5303
 * the callback after transmit.
5304
 * The difference is that in case of error (*ic_raw_xmit) needs us to release
5305
 * the mbuf, while (*ic_transmit) will free the mbuf itself.
5306
 */
5307
static int
5308
lkpi_xmit(struct ieee80211_node *ni, struct mbuf *m,
5309
    const struct ieee80211_bpf_params *params __unused,
5310
    bool freem)
5311
{
5312
	struct lkpi_sta *lsta;
5313
	int error;
5314

5315
	lsta = ni->ni_drv_data;
5316
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5317
#if 0
5318
	if (!lsta->added_to_drv || !lsta->txq_ready) {
5319
#else
5320
	/*
5321
	 * Backout this part of 886653492945f which breaks rtw88 or
5322
	 * in general drivers without (*sta_state)() but only the
5323
	 * legacy fallback to (*sta_add)().
5324
	 */
5325
	if (!lsta->txq_ready) {
5326
#endif
5327
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5328
		if (freem)
5329
			m_free(m);
5330
		return (ENETDOWN);
5331
	}
5332

5333
	/* Queue the packet and enqueue the task to handle it. */
5334
	error = mbufq_enqueue(&lsta->txq, m);
5335
	if (error != 0) {
5336
		LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5337
		if (freem)
5338
			m_free(m);
5339
#ifdef LINUXKPI_DEBUG_80211
5340
		if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5341
			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
5342
			    __func__, error);
5343
#endif
5344
		return (ENETDOWN);
5345
	}
5346
	taskqueue_enqueue(taskqueue_thread, &lsta->txq_task);
5347
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5348

5349
#ifdef LINUXKPI_DEBUG_80211
5350
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5351
		printf("%s:%d lsta %p ni %p %6D mbuf_qlen %d\n",
5352
		    __func__, __LINE__, lsta, ni, ni->ni_macaddr, ":",
5353
		    mbufq_len(&lsta->txq));
5354
#endif
5355

5356
	return (0);
5357
}
5358

5359
static int
5360
lkpi_ic_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
5361
        const struct ieee80211_bpf_params *params __unused)
5362
{
5363
	return (lkpi_xmit(ni, m, NULL, true));
5364
}
5365

5366
#ifdef LKPI_80211_HW_CRYPTO
5367
/*
5368
 * This is a bit of a hack given we know we are operating on a
5369
 * single frame and we know that hardware will deal with it.
5370
 * But otherwise the enmic bit and the encrypt bit need to be
5371
 * decoupled.
5372
 */
5373
static int
5374
lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
5375
    struct ieee80211_key_conf *kc, struct sk_buff *skb)
5376
{
5377
	struct ieee80211_hdr *hdr;
5378
	uint32_t hlen, hdrlen;
5379
	uint8_t *p;
5380

5381
	/*
5382
	 * TKIP only happens on data.
5383
	 */
5384
	hdr = (void *)skb->data;
5385
	if (!ieee80211_is_data_present(hdr->frame_control))
5386
		return (0);
5387

5388
	/*
5389
	 * "enmic" (though we do not do that).
5390
	 */
5391
	/* any conditions to not apply this? */
5392
	if (skb_tailroom(skb) < k->wk_cipher->ic_miclen)
5393
		return (ENOBUFS);
5394

5395
	p = skb_put(skb, k->wk_cipher->ic_miclen);
5396
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) != 0)
5397
		goto encrypt;
5398

5399
	/*
5400
	 * (*enmic) which we hopefully do not have to do with hw accel.
5401
	 * That means if we make it here we have a problem.
5402
	 */
5403
	TODO("(*enmic)");
5404
	return (ENXIO);
5405

5406
encrypt:
5407
	/*
5408
	 * "encrypt" (though we do not do that).
5409
	 */
5410
	/*
5411
	 * Check if we have anything to do as requested by driver
5412
	 * or if we are done?
5413
	 */
5414
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5415
	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0)
5416
			return (0);
5417

5418
	hlen = k->wk_cipher->ic_header;
5419
	if (skb_headroom(skb) < hlen)
5420
		return (ENOBUFS);
5421

5422
	hdr = (void *)skb->data;
5423
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5424
	p = skb_push(skb, hlen);
5425
	memmove(p, p + hlen, hdrlen);
5426

5427
	/* If driver request space only we are done. */
5428
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5429
		return (0);
5430

5431
	p += hdrlen;
5432
	k->wk_cipher->ic_setiv(k, p);
5433

5434
	/* If we make it hear we do sw encryption. */
5435
	TODO("sw encrypt");
5436
	return (ENXIO);
5437
}
5438

5439
static int
5440
lkpi_hw_crypto_prepare_ccmp(struct ieee80211_key *k,
5441
    struct ieee80211_key_conf *kc, struct sk_buff *skb)
5442
{
5443
	struct ieee80211_hdr *hdr;
5444
	uint32_t hlen, hdrlen;
5445
	uint8_t *p;
5446

5447
	hdr = (void *)skb->data;
5448

5449
	/*
5450
	 * Check if we have anythig to do as requested by driver
5451
	 * or if we are done?
5452
	 */
5453
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
5454
	    (kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV) == 0 &&
5455
	    /* MFP */
5456
	    !((kc->flags & IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) != 0 &&
5457
		ieee80211_is_mgmt(hdr->frame_control)))
5458
			return (0);
5459

5460
	hlen = k->wk_cipher->ic_header;
5461
	if (skb_headroom(skb) < hlen)
5462
		return (ENOBUFS);
5463

5464
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
5465
	p = skb_push(skb, hlen);
5466
	memmove(p, p + hlen, hdrlen);
5467

5468
	/* If driver request space only we are done. */
5469
	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
5470
		return (0);
5471

5472
	p += hdrlen;
5473
	k->wk_cipher->ic_setiv(k, p);
5474

5475
	return (0);
5476
}
5477

5478
static int
5479
lkpi_hw_crypto_prepare(struct lkpi_sta *lsta, struct ieee80211_key *k,
5480
    struct sk_buff *skb)
5481
{
5482
	struct ieee80211_tx_info *info;
5483
	struct ieee80211_key_conf *kc;
5484

5485
	KASSERT(lsta != NULL, ("%s: lsta is NULL", __func__));
5486
	KASSERT(k != NULL, ("%s: key is NULL", __func__));
5487
	KASSERT(skb != NULL, ("%s: skb is NULL", __func__));
5488

5489
	kc = lsta->kc[k->wk_keyix];
5490

5491
	info = IEEE80211_SKB_CB(skb);
5492
	info->control.hw_key = kc;
5493

5494
	/* MUST NOT happen. KASSERT? */
5495
	if (kc == NULL) {
5496
		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p skb %p, "
5497
		    "kc is NULL on hw crypto offload\n", __func__, lsta, k, skb);
5498
		return (ENXIO);
5499
	}
5500

5501
	switch (kc->cipher) {
5502
	case WLAN_CIPHER_SUITE_TKIP:
5503
		return (lkpi_hw_crypto_prepare_tkip(k, kc, skb));
5504
	case WLAN_CIPHER_SUITE_CCMP:
5505
		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5506
	case WLAN_CIPHER_SUITE_GCMP:
5507
		return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
5508
	case WLAN_CIPHER_SUITE_WEP40:
5509
	case WLAN_CIPHER_SUITE_WEP104:
5510
	case WLAN_CIPHER_SUITE_CCMP_256:
5511
	case WLAN_CIPHER_SUITE_GCMP_256:
5512
	case WLAN_CIPHER_SUITE_AES_CMAC:
5513
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
5514
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
5515
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
5516
	default:
5517
		ic_printf(lsta->ni->ni_ic, "%s: lsta %p k %p kc %p skb %p, "
5518
		    "unsupported cipher suite %u (%s)\n", __func__, lsta, k, kc,
5519
		    skb, kc->cipher, lkpi_cipher_suite_to_name(kc->cipher));
5520
		return (EOPNOTSUPP);
5521
	}
5522
}
5523

5524
static uint8_t
5525
lkpi_hw_crypto_tailroom(struct lkpi_sta *lsta, struct ieee80211_key *k)
5526
{
5527
	struct ieee80211_key_conf *kc;
5528

5529
	kc = lsta->kc[k->wk_keyix];
5530
	if (kc == NULL)
5531
		return (0);
5532

5533
	IMPROVE("which other flags need tailroom?");
5534
	if (kc->flags & (IEEE80211_KEY_FLAG_PUT_MIC_SPACE))
5535
		return (32);	/* Large enough to hold everything and pow2. */
5536

5537
	return (0);
5538
}
5539
#endif
5540

5541
static void
5542
lkpi_80211_txq_tx_one(struct lkpi_sta *lsta, struct mbuf *m)
5543
{
5544
	struct ieee80211_node *ni;
5545
	struct ieee80211_frame *wh;
5546
	struct ieee80211_key *k;
5547
	struct sk_buff *skb;
5548
	struct ieee80211com *ic;
5549
	struct lkpi_hw *lhw;
5550
	struct ieee80211_hw *hw;
5551
	struct lkpi_vif *lvif;
5552
	struct ieee80211_vif *vif;
5553
	struct ieee80211_channel *c;
5554
	struct ieee80211_tx_control control;
5555
	struct ieee80211_tx_info *info;
5556
	struct ieee80211_sta *sta;
5557
	struct ieee80211_hdr *hdr;
5558
	struct lkpi_txq *ltxq;
5559
	void *buf;
5560
	ieee80211_keyix keyix;
5561
	uint8_t ac, tid, tailroom;
5562

5563
	M_ASSERTPKTHDR(m);
5564
#ifdef LINUXKPI_DEBUG_80211
5565
	if (linuxkpi_debug_80211 & D80211_TRACE_TX_DUMP)
5566
		hexdump(mtod(m, const void *), m->m_len, "RAW TX (plain) ", 0);
5567
#endif
5568

5569
	ni = lsta->ni;
5570
	ieee80211_output_seqno_assign(ni, -1, m);
5571

5572
	k = NULL;
5573
	keyix = IEEE80211_KEYIX_NONE;
5574
	wh = mtod(m, struct ieee80211_frame *);
5575
	if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
5576

5577
#ifdef LKPI_80211_HW_CRYPTO
5578
		if (lkpi_hwcrypto) {
5579
			k = ieee80211_crypto_get_txkey(ni, m);
5580
			if (k != NULL && lsta->kc[k->wk_keyix] != NULL)
5581
				keyix = k->wk_keyix;
5582
		}
5583
#endif
5584

5585
		/* Encrypt the frame if need be. */
5586
		if (keyix == IEEE80211_KEYIX_NONE) {
5587
			/* Retrieve key for TX && do software encryption. */
5588
			k = ieee80211_crypto_encap(ni, m);
5589
			if (k == NULL) {
5590
				ieee80211_free_node(ni);
5591
				m_freem(m);
5592
				return;
5593
			}
5594
		}
5595
	}
5596

5597
	ic = ni->ni_ic;
5598
	lhw = ic->ic_softc;
5599
	hw = LHW_TO_HW(lhw);
5600
	c = ni->ni_chan;
5601

5602
	if (ieee80211_radiotap_active_vap(ni->ni_vap)) {
5603
		struct lkpi_radiotap_tx_hdr *rtap;
5604

5605
		rtap = &lhw->rtap_tx;
5606
		rtap->wt_flags = 0;
5607
		if (k != NULL)
5608
			rtap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
5609
		if (m->m_flags & M_FRAG)
5610
			rtap->wt_flags |= IEEE80211_RADIOTAP_F_FRAG;
5611
		IMPROVE();
5612
		rtap->wt_rate = 0;
5613
		if (c != NULL && c != IEEE80211_CHAN_ANYC) {
5614
			rtap->wt_chan_freq = htole16(c->ic_freq);
5615
			rtap->wt_chan_flags = htole16(c->ic_flags);
5616
		}
5617

5618
		ieee80211_radiotap_tx(ni->ni_vap, m);
5619
	}
5620

5621
#ifdef LKPI_80211_HW_CRYPTO
5622
	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE)
5623
		tailroom = lkpi_hw_crypto_tailroom(lsta, k);
5624
	else
5625
#endif
5626
		tailroom = 0;
5627

5628
	/*
5629
	 * net80211 should handle hw->extra_tx_headroom.
5630
	 * Though for as long as we are copying we don't mind.
5631
	 * XXX-BZ rtw88 asks for too much headroom for ipv6+tcp:
5632
	 * https://lists.freebsd.org/archives/freebsd-transport/2022-February/000012.html
5633
	 */
5634
	skb = dev_alloc_skb(hw->extra_tx_headroom + tailroom + m->m_pkthdr.len);
5635
	if (skb == NULL) {
5636
		static uint8_t skb_alloc_failures = 0;
5637

5638
		if (skb_alloc_failures++ == 0) {
5639
			int tid;
5640

5641
			sta = LSTA_TO_STA(lsta);
5642
			ic_printf(ic, "ERROR %s: skb alloc failed %d + %d, lsta %p sta %p ni %p\n",
5643
			    __func__, hw->extra_tx_headroom, m->m_pkthdr.len, lsta, sta, ni);
5644
			for (tid = 0; tid < nitems(sta->txq); tid++) {
5645
				if (sta->txq[tid] == NULL)
5646
					continue;
5647
				ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
5648
				ic_printf(ic, "  tid %d ltxq %p seen_dequeue %d stopped %d skb_queue_len %u\n",
5649
				    tid, ltxq, ltxq->seen_dequeue, ltxq->stopped, skb_queue_len(&ltxq->skbq));
5650
			}
5651
		}
5652
		ieee80211_free_node(ni);
5653
		m_freem(m);
5654
		return;
5655
	}
5656
	skb_reserve(skb, hw->extra_tx_headroom);
5657

5658
	/* XXX-BZ we need a SKB version understanding mbuf. */
5659
	/* Save the mbuf for ieee80211_tx_complete(). */
5660
	skb->m_free_func = lkpi_ieee80211_free_skb_mbuf;
5661
	skb->m = m;
5662
#if 0
5663
	skb_put_data(skb, m->m_data, m->m_pkthdr.len);
5664
#else
5665
	buf = skb_put(skb, m->m_pkthdr.len);
5666
	m_copydata(m, 0, m->m_pkthdr.len, buf);
5667
#endif
5668
	/* Save the ni. */
5669
	m->m_pkthdr.PH_loc.ptr = ni;
5670

5671
	lvif = VAP_TO_LVIF(ni->ni_vap);
5672
	vif = LVIF_TO_VIF(lvif);
5673

5674
	hdr = (void *)skb->data;
5675
	tid = linuxkpi_ieee80211_get_tid(hdr, true);
5676
	if (tid == IEEE80211_NONQOS_TID) { /* == IEEE80211_NUM_TIDS */
5677
		if (!ieee80211_is_data(hdr->frame_control)) {
5678
			/* MGMT and CTRL frames go on TID 7/VO. */
5679
			skb->priority = 7;
5680
			ac = IEEE80211_AC_VO;
5681
		} else {
5682
			/* Other non-QOS traffic goes to BE. */
5683
			/* Contrary to net80211 we MUST NOT promote M_EAPOL. */
5684
			skb->priority = 0;
5685
			ac = IEEE80211_AC_BE;
5686
		}
5687
	} else {
5688
		skb->priority = tid & IEEE80211_QOS_CTL_TID_MASK;
5689
		ac = ieee80211e_up_to_ac[tid & 7];
5690
	}
5691
	skb_set_queue_mapping(skb, ac);
5692

5693
	info = IEEE80211_SKB_CB(skb);
5694
	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
5695
	/* Slight delay; probably only happens on scanning so fine? */
5696
	if (c == NULL || c == IEEE80211_CHAN_ANYC)
5697
		c = ic->ic_curchan;
5698
	info->band = lkpi_net80211_chan_to_nl80211_band(c);
5699
	info->hw_queue = vif->hw_queue[ac];
5700
	if ((m->m_flags & M_EAPOL) != 0) {
5701
		info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
5702
		info->flags |= IEEE80211_TX_CTL_USE_MINRATE;	/* mt76 */
5703
	}
5704
	info->control.vif = vif;
5705
	/* XXX-BZ info->control.rates */
5706
#ifdef __notyet__
5707
#ifdef LKPI_80211_HT
5708
	info->control.rts_cts_rate_idx=
5709
	info->control.use_rts= /* RTS */
5710
	info->control.use_cts_prot= /* RTS/CTS*/
5711
#endif
5712
#endif
5713

5714
	sta = LSTA_TO_STA(lsta);
5715
#ifdef LKPI_80211_HW_CRYPTO
5716
	if (lkpi_hwcrypto && keyix != IEEE80211_KEYIX_NONE) {
5717
		int error;
5718

5719
		error = lkpi_hw_crypto_prepare(lsta, k, skb);
5720
		if (error != 0) {
5721
			/*
5722
			 * We only have to free the skb which will free the
5723
			 * mbuf and release the reference on the ni.
5724
			 */
5725
			dev_kfree_skb(skb);
5726
			return;
5727
		}
5728
		/* Reset header as data might have moved. */
5729
		hdr = (void *)skb->data;
5730
	}
5731
#endif
5732

5733
	IMPROVE();
5734

5735
	ltxq = NULL;
5736
	if (!ieee80211_is_data_present(hdr->frame_control)) {
5737
		if (vif->type == NL80211_IFTYPE_STATION &&
5738
		    lsta->added_to_drv &&
5739
		    sta->txq[IEEE80211_NUM_TIDS] != NULL)
5740
			ltxq = TXQ_TO_LTXQ(sta->txq[IEEE80211_NUM_TIDS]);
5741
	} else if (lsta->added_to_drv &&
5742
	    sta->txq[skb->priority] != NULL) {
5743
		ltxq = TXQ_TO_LTXQ(sta->txq[skb->priority]);
5744
	}
5745
	if (ltxq == NULL)
5746
		goto ops_tx;
5747

5748
	KASSERT(ltxq != NULL, ("%s: lsta %p sta %p m %p skb %p "
5749
	    "ltxq %p != NULL\n", __func__, lsta, sta, m, skb, ltxq));
5750

5751
	LKPI_80211_LTXQ_LOCK(ltxq);
5752
	skb_queue_tail(&ltxq->skbq, skb);
5753
	ltxq->frms_enqueued++;
5754
#ifdef LINUXKPI_DEBUG_80211
5755
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5756
		printf("%s:%d mo_wake_tx_queue :: %d %lu lsta %p sta %p "
5757
		    "ni %p %6D skb %p lxtq %p { qlen %u, ac %d tid %u } "
5758
		    "WAKE_TX_Q ac %d prio %u qmap %u\n",
5759
		    __func__, __LINE__,
5760
		    curthread->td_tid, jiffies,
5761
		    lsta, sta, ni, ni->ni_macaddr, ":", skb, ltxq,
5762
		    skb_queue_len(&ltxq->skbq), ltxq->txq.ac,
5763
		    ltxq->txq.tid, ac, skb->priority, skb->qmap);
5764
#endif
5765
	LKPI_80211_LTXQ_UNLOCK(ltxq);
5766
	wiphy_lock(hw->wiphy);
5767
	lkpi_80211_mo_wake_tx_queue(hw, &ltxq->txq, true);
5768
	wiphy_unlock(hw->wiphy);
5769
	return;
5770

5771
ops_tx:
5772
#ifdef LINUXKPI_DEBUG_80211
5773
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5774
		printf("%s:%d mo_tx :: lsta %p sta %p ni %p %6D skb %p "
5775
		    "TX ac %d prio %u qmap %u\n",
5776
		    __func__, __LINE__, lsta, sta, ni, ni->ni_macaddr, ":",
5777
		    skb, ac, skb->priority, skb->qmap);
5778
#endif
5779
	memset(&control, 0, sizeof(control));
5780
	control.sta = sta;
5781
	wiphy_lock(hw->wiphy);
5782
	lkpi_80211_mo_tx(hw, &control, skb);
5783
	lsta->frms_tx++;
5784
	wiphy_unlock(hw->wiphy);
5785
}
5786

5787
static void
5788
lkpi_80211_txq_task(void *ctx, int pending)
5789
{
5790
	struct lkpi_sta *lsta;
5791
	struct mbufq mq;
5792
	struct mbuf *m;
5793
	bool shall_tx;
5794

5795
	lsta = ctx;
5796

5797
#ifdef LINUXKPI_DEBUG_80211
5798
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
5799
		printf("%s:%d lsta %p ni %p %6D pending %d mbuf_qlen %d\n",
5800
		    __func__, __LINE__, lsta, lsta->ni, lsta->ni->ni_macaddr, ":",
5801
		    pending, mbufq_len(&lsta->txq));
5802
#endif
5803

5804
	mbufq_init(&mq, IFQ_MAXLEN);
5805

5806
	LKPI_80211_LSTA_TXQ_LOCK(lsta);
5807
	/*
5808
	 * Do not re-check lsta->txq_ready here; we may have a pending
5809
	 * disassoc/deauth frame still.  On the contrary if txq_ready is
5810
	 * false we do not have a valid sta anymore in the firmware so no
5811
	 * point to try to TX.
5812
	 * We also use txq_ready as a semaphore and will drain the txq manually
5813
	 * if needed on our way towards SCAN/INIT in the state machine.
5814
	 */
5815
#if 0
5816
	shall_tx = lsta->added_to_drv && lsta->txq_ready;
5817
#else
5818
	/*
5819
	 * Backout this part of 886653492945f which breaks rtw88 or
5820
	 * in general drivers without (*sta_state)() but only the
5821
	 * legacy fallback to (*sta_add)().
5822
	 */
5823
	shall_tx = lsta->txq_ready;
5824
#endif
5825
	if (__predict_true(shall_tx))
5826
		mbufq_concat(&mq, &lsta->txq);
5827
	/*
5828
	 * else a state change will push the packets out manually or
5829
	 * lkpi_lsta_free() will drain the lsta->txq and free the mbufs.
5830
	 */
5831
	LKPI_80211_LSTA_TXQ_UNLOCK(lsta);
5832

5833
	m = mbufq_dequeue(&mq);
5834
	while (m != NULL) {
5835
		lkpi_80211_txq_tx_one(lsta, m);
5836
		m = mbufq_dequeue(&mq);
5837
	}
5838
}
5839

5840
static int
5841
lkpi_ic_transmit(struct ieee80211com *ic, struct mbuf *m)
5842
{
5843

5844
	/* XXX TODO */
5845
	IMPROVE();
5846

5847
	/* Quick and dirty cheating hack. */
5848
	struct ieee80211_node *ni;
5849

5850
	ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
5851
	return (lkpi_xmit(ni, m, NULL, false));
5852
}
5853

5854
#ifdef LKPI_80211_HT
5855
static int
5856
lkpi_ic_recv_action(struct ieee80211_node *ni, const struct ieee80211_frame *wh,
5857
    const uint8_t *frm, const uint8_t *efrm)
5858
{
5859
	struct ieee80211com *ic;
5860
	struct lkpi_hw *lhw;
5861

5862
	ic = ni->ni_ic;
5863
	lhw = ic->ic_softc;
5864

5865
	IMPROVE_HT("recv_action called; nothing to do in lkpi; make debugging");
5866

5867
	return (lhw->ic_recv_action(ni, wh, frm, efrm));
5868
}
5869

5870
static int
5871
lkpi_ic_send_action(struct ieee80211_node *ni, int category, int action, void *sa)
5872
{
5873
	struct ieee80211com *ic;
5874
	struct lkpi_hw *lhw;
5875

5876
	ic = ni->ni_ic;
5877
	lhw = ic->ic_softc;
5878

5879
	IMPROVE_HT("send_action called; nothing to do in lkpi; make debugging");
5880

5881
	return (lhw->ic_send_action(ni, category, action, sa));
5882
}
5883

5884

5885
static int
5886
lkpi_ic_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
5887
{
5888
	struct ieee80211com *ic;
5889
	struct lkpi_hw *lhw;
5890

5891
	ic = ni->ni_ic;
5892
	lhw = ic->ic_softc;
5893

5894
	IMPROVE_HT("ieee80211_ampdu_enable called; nothing to do in lkpi for now; make debugging");
5895

5896
	return (lhw->ic_ampdu_enable(ni, tap));
5897
}
5898

5899
/*
5900
 * (*ic_addba_request)() is called by ieee80211_ampdu_request() before
5901
 * calling send_action(CAT_BA, BA_ADDBA_REQUEST).
5902
 *
5903
 * NB: returns 0 on ERROR!
5904
 */
5905
static int
5906
lkpi_ic_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5907
    int dialogtoken, int baparamset, int batimeout)
5908
{
5909
	struct ieee80211com *ic;
5910
	struct lkpi_hw *lhw;
5911
	struct ieee80211_hw *hw;
5912
	struct ieee80211vap *vap;
5913
	struct lkpi_vif *lvif;
5914
	struct ieee80211_vif *vif;
5915
	struct lkpi_sta *lsta;
5916
	struct ieee80211_sta *sta;
5917
	struct ieee80211_ampdu_params params = { };
5918
	int error;
5919

5920
	ic = ni->ni_ic;
5921
	lhw = ic->ic_softc;
5922
	hw = LHW_TO_HW(lhw);
5923
	vap = ni->ni_vap;
5924
	lvif = VAP_TO_LVIF(vap);
5925
	vif = LVIF_TO_VIF(lvif);
5926
	lsta = ni->ni_drv_data;
5927
	sta = LSTA_TO_STA(lsta);
5928

5929
	if (!lsta->added_to_drv) {
5930
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
5931
		    __func__, lsta, ni, sta);
5932
		return (0);
5933
	}
5934

5935
	params.sta = sta;
5936
	params.action = IEEE80211_AMPDU_TX_START;
5937
	/* Keep 0 here! */
5938
	params.buf_size = 0;
5939
	params.timeout = 0;
5940
	params.ssn = tap->txa_start & (IEEE80211_SEQ_RANGE-1);
5941
	params.tid = tap->txa_tid;
5942
	params.amsdu = false;
5943

5944
	IEEE80211_UNLOCK(ic);
5945
	wiphy_lock(hw->wiphy);
5946
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
5947
	wiphy_unlock(hw->wiphy);
5948
	IEEE80211_LOCK(ic);
5949
	if (error != 0) {
5950
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
5951
		    __func__, error, ni, tap);
5952
		return (0);
5953
	}
5954

5955
	return (lhw->ic_addba_request(ni, tap, dialogtoken, baparamset, batimeout));
5956
}
5957

5958
/*
5959
 * (*ic_addba_response)() is called from ht_recv_action_ba_addba_response()
5960
 * and calls the default ieee80211_addba_response() which always returns 1.
5961
 *
5962
 * NB: No error checking in net80211!
5963
 * Staying with 0 is an error.
5964
 */
5965
static int
5966
lkpi_ic_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
5967
    int status, int baparamset, int batimeout)
5968
{
5969
	struct ieee80211com *ic;
5970
	struct lkpi_hw *lhw;
5971
	struct ieee80211_hw *hw;
5972
	struct ieee80211vap *vap;
5973
	struct lkpi_vif *lvif;
5974
	struct ieee80211_vif *vif;
5975
	struct lkpi_sta *lsta;
5976
	struct ieee80211_sta *sta;
5977
	struct ieee80211_ampdu_params params = { };
5978
	int error;
5979

5980
	ic = ni->ni_ic;
5981
	lhw = ic->ic_softc;
5982
	hw = LHW_TO_HW(lhw);
5983
	vap = ni->ni_vap;
5984
	lvif = VAP_TO_LVIF(vap);
5985
	vif = LVIF_TO_VIF(lvif);
5986
	lsta = ni->ni_drv_data;
5987
	sta = LSTA_TO_STA(lsta);
5988

5989
	if (!lsta->added_to_drv) {
5990
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
5991
		    __func__, lsta, ni, sta);
5992
		return (0);
5993
	}
5994

5995
	if (status == IEEE80211_STATUS_SUCCESS) {
5996
		params.sta = sta;
5997
		params.action = IEEE80211_AMPDU_TX_OPERATIONAL;
5998
		params.buf_size = tap->txa_wnd;
5999
		params.timeout = 0;
6000
		params.ssn = 0;
6001
		params.tid = tap->txa_tid;
6002
		if ((tap->txa_flags & IEEE80211_AGGR_AMSDU) != 0)
6003
			params.amsdu = true;
6004
		else
6005
			params.amsdu = false;
6006
	} else {
6007
		/* We need to free the allocated resources. */
6008
		params.sta = sta;
6009
		switch (status) {
6010
			/* params.action = FLUSH, FLUSH_CONT */
6011
		default:
6012
			params.action = IEEE80211_AMPDU_TX_STOP_CONT;
6013
			break;
6014
		}
6015
		params.buf_size = 0;
6016
		params.timeout = 0;
6017
		params.ssn = 0;
6018
		params.tid = tap->txa_tid;
6019
		params.amsdu = false;
6020
	}
6021

6022
	IEEE80211_UNLOCK(ic);
6023
	wiphy_lock(hw->wiphy);
6024
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6025
	wiphy_unlock(hw->wiphy);
6026
	IEEE80211_LOCK(ic);
6027
	if (error != 0) {
6028
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
6029
		    __func__, error, ni, tap);
6030
		return (0);
6031
	}
6032

6033
	IMPROVE_HT("who unleashes the TXQ? and when?, do we need to ni->ni_txseqs[tid] = tap->txa_start & 0xfff;");
6034

6035
	return (lhw->ic_addba_response(ni, tap, status, baparamset, batimeout));
6036
}
6037

6038
/*
6039
 * (*ic_addba_stop)() is called from ampdu_tx_stop(), ht_recv_action_ba_delba(),
6040
 * and ieee80211_ampdu_stop() and calls the default ieee80211_addba_stop().
6041
 */
6042
static void
6043
lkpi_ic_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6044
{
6045
	struct ieee80211com *ic;
6046
	struct lkpi_hw *lhw;
6047
	struct ieee80211_hw *hw;
6048
	struct ieee80211vap *vap;
6049
	struct lkpi_vif *lvif;
6050
	struct ieee80211_vif *vif;
6051
	struct lkpi_sta *lsta;
6052
	struct ieee80211_sta *sta;
6053
	struct ieee80211_ampdu_params params = { };
6054
	int error;
6055

6056
	ic = ni->ni_ic;
6057
	lhw = ic->ic_softc;
6058
	hw = LHW_TO_HW(lhw);
6059
	vap = ni->ni_vap;
6060
	lvif = VAP_TO_LVIF(vap);
6061
	vif = LVIF_TO_VIF(lvif);
6062
	lsta = ni->ni_drv_data;
6063
	sta = LSTA_TO_STA(lsta);
6064

6065
	if (!lsta->added_to_drv) {
6066
		ic_printf(ic, "%s: lsta %p ni %p, sta %p not added to firmware\n",
6067
		    __func__, lsta, ni, sta);
6068
		goto n80211;
6069
	}
6070

6071
	/* We need to free the allocated resources. */
6072
	params.sta = sta;
6073
	IMPROVE("net80211 does not provide a reason to us");
6074
	params.action = IEEE80211_AMPDU_TX_STOP_CONT; /* params.action = FLUSH, FLUSH_CONT */
6075
	params.buf_size = 0;
6076
	params.timeout = 0;
6077
	params.ssn = 0;
6078
	params.tid = tap->txa_tid;
6079
	params.amsdu = false;
6080

6081
	IEEE80211_UNLOCK(ic);
6082
	wiphy_lock(hw->wiphy);
6083
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6084
	wiphy_unlock(hw->wiphy);
6085
	IEEE80211_LOCK(ic);
6086
	if (error != 0) {
6087
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p tap %p\n",
6088
		    __func__, error, ni, tap);
6089
		goto n80211;
6090
	}
6091

6092
	IMPROVE_HT("anyting else?");
6093

6094
n80211:
6095
	lhw->ic_addba_stop(ni, tap);
6096
}
6097

6098
static void
6099
lkpi_ic_addba_response_timeout(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6100
{
6101
	struct ieee80211com *ic;
6102
	struct lkpi_hw *lhw;
6103

6104
	ic = ni->ni_ic;
6105
	lhw = ic->ic_softc;
6106

6107
	IMPROVE_HT();
6108

6109
	lhw->ic_addba_response_timeout(ni, tap);
6110
}
6111

6112
static void
6113
lkpi_ic_bar_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap,
6114
    int status)
6115
{
6116
	struct ieee80211com *ic;
6117
	struct lkpi_hw *lhw;
6118

6119
	ic = ni->ni_ic;
6120
	lhw = ic->ic_softc;
6121

6122
	IMPROVE_HT();
6123

6124
	lhw->ic_bar_response(ni, tap, status);
6125
}
6126

6127
static int
6128
lkpi_ic_ampdu_rx_start(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap,
6129
    int baparamset, int batimeout, int baseqctl)
6130
{
6131
	struct ieee80211com *ic;
6132
	struct lkpi_hw *lhw;
6133
	struct ieee80211_hw *hw;
6134
	struct ieee80211vap *vap;
6135
	struct lkpi_vif *lvif;
6136
	struct ieee80211_vif *vif;
6137
	struct lkpi_sta *lsta;
6138
	struct ieee80211_sta *sta;
6139
	struct ieee80211_ampdu_params params = { };
6140
	int error;
6141

6142
	ic = ni->ni_ic;
6143
	lhw = ic->ic_softc;
6144
	hw = LHW_TO_HW(lhw);
6145
	vap = ni->ni_vap;
6146
	lvif = VAP_TO_LVIF(vap);
6147
	vif = LVIF_TO_VIF(lvif);
6148
	lsta = ni->ni_drv_data;
6149
	sta = LSTA_TO_STA(lsta);
6150

6151
	IEEE80211_UNLOCK_ASSERT(ic);
6152

6153
	if (!lsta->added_to_drv) {
6154
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6155
		    __func__, lsta, ni, vap, sta);
6156
		return (-ENXIO);
6157
	}
6158

6159
	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6160
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6161
		    __func__, lsta, ni, vap, sta, lsta->state);
6162
		return (-ENXIO);
6163
	}
6164

6165
	params.sta = sta;
6166
	params.action = IEEE80211_AMPDU_RX_START;
6167
	params.buf_size = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_BUFSIZ);
6168
	if (params.buf_size == 0)
6169
		params.buf_size = IEEE80211_MAX_AMPDU_BUF_HT;
6170
	else
6171
		params.buf_size = min(params.buf_size, IEEE80211_MAX_AMPDU_BUF_HT);
6172
	if (hw->max_rx_aggregation_subframes > 0 &&
6173
	    params.buf_size > hw->max_rx_aggregation_subframes)
6174
		params.buf_size = hw->max_rx_aggregation_subframes;
6175
	params.timeout = le16toh(batimeout);
6176
	params.ssn = _IEEE80211_MASKSHIFT(le16toh(baseqctl), IEEE80211_BASEQ_START);
6177
	params.tid = _IEEE80211_MASKSHIFT(le16toh(baparamset), IEEE80211_BAPS_TID);
6178

6179
	/* Based on net80211::ampdu_rx_start(). */
6180
	if ((vap->iv_htcaps & IEEE80211_HTC_RX_AMSDU_AMPDU) &&
6181
	    (_IEEE80211_MASKSHIFT(baparamset, IEEE80211_BAPS_AMSDU)))
6182
		params.amsdu = true;
6183
	else
6184
		params.amsdu = false;
6185

6186
	wiphy_lock(hw->wiphy);
6187
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6188
	wiphy_unlock(hw->wiphy);
6189
	if (error != 0) {
6190
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6191
		    __func__, error, ni, rap);
6192
		return (error);
6193
	}
6194

6195
	if (!ieee80211_hw_check(hw, SUPPORTS_REORDERING_BUFFER)) {
6196
		IMPROVE("%s: TODO: SUPPORTS_REORDERING_BUFFER not set; check net80211\n", __func__);
6197
	}
6198

6199
	IMPROVE_HT("net80211 is missing the error check on return and assumes success");
6200

6201
	error = lhw->ic_ampdu_rx_start(ni, rap, baparamset, batimeout, baseqctl);
6202
	return (error);
6203
}
6204

6205
static void
6206
lkpi_ic_ampdu_rx_stop(struct ieee80211_node *ni, struct ieee80211_rx_ampdu *rap)
6207
{
6208
	struct ieee80211com *ic;
6209
	struct lkpi_hw *lhw;
6210
	struct ieee80211_hw *hw;
6211
	struct ieee80211vap *vap;
6212
	struct lkpi_vif *lvif;
6213
	struct ieee80211_vif *vif;
6214
	struct lkpi_sta *lsta;
6215
	struct ieee80211_sta *sta;
6216
	struct ieee80211_ampdu_params params = { };
6217
	int error;
6218
	uint8_t tid;
6219
	bool ic_locked;
6220

6221
	ic = ni->ni_ic;
6222
	lhw = ic->ic_softc;
6223

6224
	/*
6225
	 * We should not (cannot) call into mac80211 ops with AMPDU_RX_STOP if
6226
	 * we did not START.  Some drivers pass it down to firmware which will
6227
	 * simply barf and net80211 calls ieee80211_ht_node_cleanup() from
6228
	 * ieee80211_ht_node_init() amongst others which will iterate over all
6229
	 * tid and call ic_ampdu_rx_stop() unconditionally.
6230
	 * XXX net80211 should probably be more "gentle" in these cases and
6231
	 * track some state itself.
6232
	 */
6233
	if ((rap->rxa_flags & IEEE80211_AGGR_RUNNING) == 0)
6234
		goto net80211_only;
6235

6236
	hw = LHW_TO_HW(lhw);
6237
	vap = ni->ni_vap;
6238
	lvif = VAP_TO_LVIF(vap);
6239
	vif = LVIF_TO_VIF(lvif);
6240
	lsta = ni->ni_drv_data;
6241
	if (lsta == NULL) {
6242
		ic_printf(ic, "%s: lsta %p ni %p vap %p, lsta is NULL\n",
6243
		    __func__, lsta, ni, vap);
6244
		goto net80211_only;
6245
	}
6246
	sta = LSTA_TO_STA(lsta);
6247

6248
	if (!lsta->added_to_drv) {
6249
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p not added to firmware\n",
6250
		    __func__, lsta, ni, vap, sta);
6251
		goto net80211_only;
6252
	}
6253

6254
	if (lsta->state != IEEE80211_STA_AUTHORIZED) {
6255
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p state %d not AUTHORIZED\n",
6256
		    __func__, lsta, ni, vap, sta, lsta->state);
6257
		goto net80211_only;
6258
	}
6259

6260
	IMPROVE_HT("This really should be passed from ht_recv_action_ba_delba.");
6261
	for (tid = 0; tid < WME_NUM_TID; tid++) {
6262
		if (&ni->ni_rx_ampdu[tid] == rap)
6263
			break;
6264
	}
6265
	if (tid == WME_NUM_TID) {
6266
		ic_printf(ic, "%s: lsta %p ni %p vap %p, sta %p TID not found\n",
6267
		    __func__, lsta, ni, vap, sta);
6268
		goto net80211_only;
6269
	}
6270

6271
	params.sta = sta;
6272
	params.action = IEEE80211_AMPDU_RX_STOP;
6273
	params.buf_size = 0;
6274
	params.timeout = 0;
6275
	params.ssn = 0;
6276
	params.tid = tid;
6277
	params.amsdu = false;
6278

6279
	ic_locked = IEEE80211_IS_LOCKED(ic);
6280
	if (ic_locked)
6281
		IEEE80211_UNLOCK(ic);
6282
	wiphy_lock(hw->wiphy);
6283
	error = lkpi_80211_mo_ampdu_action(hw, vif, &params);
6284
	wiphy_unlock(hw->wiphy);
6285
	if (ic_locked)
6286
		IEEE80211_LOCK(ic);
6287
	if (error != 0)
6288
		ic_printf(ic, "%s: mo_ampdu_action returned %d. ni %p rap %p\n",
6289
		    __func__, error, ni, rap);
6290

6291
net80211_only:
6292
	lhw->ic_ampdu_rx_stop(ni, rap);
6293
}
6294
#endif
6295

6296
static void
6297
lkpi_ic_getradiocaps_ht(struct ieee80211com *ic, struct ieee80211_hw *hw,
6298
    uint8_t *bands, int *chan_flags, enum nl80211_band band)
6299
{
6300
#ifdef LKPI_80211_HT
6301
	struct ieee80211_sta_ht_cap *ht_cap;
6302

6303
	ht_cap = &hw->wiphy->bands[band]->ht_cap;
6304
	if (!ht_cap->ht_supported)
6305
		return;
6306

6307
	switch (band) {
6308
	case NL80211_BAND_2GHZ:
6309
		setbit(bands, IEEE80211_MODE_11NG);
6310
		break;
6311
	case NL80211_BAND_5GHZ:
6312
		setbit(bands, IEEE80211_MODE_11NA);
6313
		break;
6314
	default:
6315
		IMPROVE("Unsupported band %d", band);
6316
		return;
6317
	}
6318

6319
	ic->ic_htcaps = IEEE80211_HTC_HT;	/* HT operation */
6320

6321
	/*
6322
	 * Rather than manually checking each flag and
6323
	 * translating IEEE80211_HT_CAP_ to IEEE80211_HTCAP_,
6324
	 * simply copy the 16bits.
6325
	 */
6326
	ic->ic_htcaps |= ht_cap->cap;
6327

6328
	/* Then deal with the other flags. */
6329
	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6330
		ic->ic_htcaps |= IEEE80211_HTC_AMPDU;
6331
#ifdef __notyet__
6332
	if (ieee80211_hw_check(hw, TX_AMSDU))
6333
		ic->ic_htcaps |= IEEE80211_HTC_AMSDU;
6334
	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6335
		ic->ic_htcaps |= (IEEE80211_HTC_RX_AMSDU_AMPDU |
6336
		    IEEE80211_HTC_TX_AMSDU_AMPDU);
6337
#endif
6338

6339
	IMPROVE("PS, ampdu_*, ht_cap.mcs.tx_params, ...");
6340

6341
	/* Only add HT40 channels if supported. */
6342
	if ((ic->ic_htcaps & IEEE80211_HTCAP_CHWIDTH40) != 0 &&
6343
	    chan_flags != NULL)
6344
		*chan_flags |= NET80211_CBW_FLAG_HT40;
6345
#endif
6346
}
6347

6348
static void
6349
lkpi_ic_getradiocaps(struct ieee80211com *ic, int maxchan,
6350
    int *n, struct ieee80211_channel *c)
6351
{
6352
	struct lkpi_hw *lhw;
6353
	struct ieee80211_hw *hw;
6354
	struct linuxkpi_ieee80211_channel *channels;
6355
	uint8_t bands[IEEE80211_MODE_BYTES];
6356
	int chan_flags, error, i, nchans;
6357

6358
	/* Channels */
6359
	lhw = ic->ic_softc;
6360
	hw = LHW_TO_HW(lhw);
6361

6362
	/* NL80211_BAND_2GHZ */
6363
	nchans = 0;
6364
	if (hw->wiphy->bands[NL80211_BAND_2GHZ] != NULL)
6365
		nchans = hw->wiphy->bands[NL80211_BAND_2GHZ]->n_channels;
6366
	if (nchans > 0) {
6367
		memset(bands, 0, sizeof(bands));
6368
		chan_flags = 0;
6369
		setbit(bands, IEEE80211_MODE_11B);
6370
		/* XXX-BZ unclear how to check for 11g. */
6371

6372
		IMPROVE("the bitrates may have flags?");
6373
		setbit(bands, IEEE80211_MODE_11G);
6374

6375
		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6376
		    NL80211_BAND_2GHZ);
6377

6378
		channels = hw->wiphy->bands[NL80211_BAND_2GHZ]->channels;
6379
		for (i = 0; i < nchans && *n < maxchan; i++) {
6380
			uint32_t nflags = 0;
6381
			int cflags = chan_flags;
6382

6383
			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6384
				ic_printf(ic, "%s: Skipping disabled chan "
6385
				    "[%u/%u/%#x]\n", __func__,
6386
				    channels[i].hw_value,
6387
				    channels[i].center_freq, channels[i].flags);
6388
				continue;
6389
			}
6390
			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6391
				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6392
			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6393
				nflags |= IEEE80211_CHAN_DFS;
6394
			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6395
				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6396
			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6397
				cflags &= ~NET80211_CBW_FLAG_VHT80;
6398
			/* XXX how to map the remaining enum ieee80211_channel_flags? */
6399
			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6400
				cflags &= ~NET80211_CBW_FLAG_HT40;
6401

6402
			error = ieee80211_add_channel_cbw(c, maxchan, n,
6403
			    ieee80211_mhz2ieee(channels[i].center_freq,
6404
				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6405
			    channels[i].center_freq, channels[i].max_power,
6406
			    nflags, bands, cflags);
6407
			/* net80211::ENOBUFS: *n >= maxchans */
6408
			if (error != 0 && error != ENOBUFS)
6409
				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6410
				    "returned error %d\n",
6411
				    __func__, channels[i].hw_value,
6412
				    channels[i].center_freq, channels[i].flags,
6413
				    nflags, chan_flags, cflags, error);
6414
			if (error != 0)
6415
				break;
6416
		}
6417
	}
6418

6419
	/* NL80211_BAND_5GHZ */
6420
	nchans = 0;
6421
	if (hw->wiphy->bands[NL80211_BAND_5GHZ] != NULL)
6422
		nchans = hw->wiphy->bands[NL80211_BAND_5GHZ]->n_channels;
6423
	if (nchans > 0) {
6424
		memset(bands, 0, sizeof(bands));
6425
		chan_flags = 0;
6426
		setbit(bands, IEEE80211_MODE_11A);
6427

6428
		lkpi_ic_getradiocaps_ht(ic, hw, bands, &chan_flags,
6429
		    NL80211_BAND_5GHZ);
6430

6431
#ifdef LKPI_80211_VHT
6432
		if (hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_supported) {
6433

6434
			ic->ic_flags_ext |= IEEE80211_FEXT_VHT;
6435
			ic->ic_vht_cap.vht_cap_info =
6436
			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.cap;
6437
			ic->ic_vht_cap.supp_mcs =
6438
			    hw->wiphy->bands[NL80211_BAND_5GHZ]->vht_cap.vht_mcs;
6439

6440
			setbit(bands, IEEE80211_MODE_VHT_5GHZ);
6441
			chan_flags |= NET80211_CBW_FLAG_VHT80;
6442
			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160MHZ(
6443
			    ic->ic_vht_cap.vht_cap_info))
6444
				chan_flags |= NET80211_CBW_FLAG_VHT160;
6445
			if (IEEE80211_VHTCAP_SUPP_CHAN_WIDTH_IS_160_80P80MHZ(
6446
			    ic->ic_vht_cap.vht_cap_info))
6447
				chan_flags |= NET80211_CBW_FLAG_VHT80P80;
6448
		}
6449
#endif
6450

6451
		channels = hw->wiphy->bands[NL80211_BAND_5GHZ]->channels;
6452
		for (i = 0; i < nchans && *n < maxchan; i++) {
6453
			uint32_t nflags = 0;
6454
			int cflags = chan_flags;
6455

6456
			if (channels[i].flags & IEEE80211_CHAN_DISABLED) {
6457
				ic_printf(ic, "%s: Skipping disabled chan "
6458
				    "[%u/%u/%#x]\n", __func__,
6459
				    channels[i].hw_value,
6460
				    channels[i].center_freq, channels[i].flags);
6461
				continue;
6462
			}
6463
			if (channels[i].flags & IEEE80211_CHAN_NO_IR)
6464
				nflags |= (IEEE80211_CHAN_NOADHOC|IEEE80211_CHAN_PASSIVE);
6465
			if (channels[i].flags & IEEE80211_CHAN_RADAR)
6466
				nflags |= IEEE80211_CHAN_DFS;
6467
			if (channels[i].flags & IEEE80211_CHAN_NO_160MHZ)
6468
				cflags &= ~(NET80211_CBW_FLAG_VHT160|NET80211_CBW_FLAG_VHT80P80);
6469
			if (channels[i].flags & IEEE80211_CHAN_NO_80MHZ)
6470
				cflags &= ~NET80211_CBW_FLAG_VHT80;
6471
			/* XXX hwo to map the remaining enum ieee80211_channel_flags? */
6472
			if (channels[i].flags & IEEE80211_CHAN_NO_HT40)
6473
				cflags &= ~NET80211_CBW_FLAG_HT40;
6474

6475
			error = ieee80211_add_channel_cbw(c, maxchan, n,
6476
			    ieee80211_mhz2ieee(channels[i].center_freq,
6477
				lkpi_nl80211_band_to_net80211_band(channels[i].band)),
6478
			    channels[i].center_freq, channels[i].max_power,
6479
			    nflags, bands, cflags);
6480
			/* net80211::ENOBUFS: *n >= maxchans */
6481
			if (error != 0 && error != ENOBUFS)
6482
				ic_printf(ic, "%s: Adding chan %u/%u/%#x/%#x/%#x/%#x "
6483
				    "returned error %d\n",
6484
				    __func__, channels[i].hw_value,
6485
				    channels[i].center_freq, channels[i].flags,
6486
				    nflags, chan_flags, cflags, error);
6487
			if (error != 0)
6488
				break;
6489
		}
6490
	}
6491
}
6492

6493
static void *
6494
lkpi_ieee80211_ifalloc(void)
6495
{
6496
	struct ieee80211com *ic;
6497

6498
	ic = malloc(sizeof(*ic), M_LKPI80211, M_WAITOK | M_ZERO);
6499

6500
	/* Setting these happens later when we have device information. */
6501
	ic->ic_softc = NULL;
6502
	ic->ic_name = "linuxkpi";
6503

6504
	return (ic);
6505
}
6506

6507
struct ieee80211_hw *
6508
linuxkpi_ieee80211_alloc_hw(size_t priv_len, const struct ieee80211_ops *ops)
6509
{
6510
	struct ieee80211_hw *hw;
6511
	struct lkpi_hw *lhw;
6512
	struct wiphy *wiphy;
6513
	int ac;
6514

6515
	/* Get us and the driver data also allocated. */
6516
	wiphy = wiphy_new(&linuxkpi_mac80211cfgops, sizeof(*lhw) + priv_len);
6517
	if (wiphy == NULL)
6518
		return (NULL);
6519

6520
	lhw = wiphy_priv(wiphy);
6521
	lhw->ops = ops;
6522

6523
	LKPI_80211_LHW_SCAN_LOCK_INIT(lhw);
6524
	LKPI_80211_LHW_TXQ_LOCK_INIT(lhw);
6525
	spin_lock_init(&lhw->txq_lock);
6526
	sx_init_flags(&lhw->lvif_sx, "lhw-lvif", SX_RECURSE | SX_DUPOK);
6527
	LKPI_80211_LHW_MC_LOCK_INIT(lhw);
6528
	TAILQ_INIT(&lhw->lvif_head);
6529
	__hw_addr_init(&lhw->mc_list);
6530
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
6531
		spin_lock_init(&lhw->txq_scheduled_lock[ac]);
6532
		lhw->txq_generation[ac] = 1;
6533
		TAILQ_INIT(&lhw->txq_scheduled[ac]);
6534
	}
6535

6536
	/* Chanctx_conf */
6537
	INIT_LIST_HEAD(&lhw->lchanctx_list);
6538

6539
	/* Deferred RX path. */
6540
	LKPI_80211_LHW_RXQ_LOCK_INIT(lhw);
6541
	TASK_INIT(&lhw->rxq_task, 0, lkpi_80211_lhw_rxq_task, lhw);
6542
	mbufq_init(&lhw->rxq, 32 * NAPI_POLL_WEIGHT);
6543
	lhw->rxq_stopped = false;
6544

6545
	/*
6546
	 * XXX-BZ TODO make sure there is a "_null" function to all ops
6547
	 * not initialized.
6548
	 */
6549
	hw = LHW_TO_HW(lhw);
6550
	hw->wiphy = wiphy;
6551
	hw->conf.flags |= IEEE80211_CONF_IDLE;
6552
	hw->priv = (void *)(lhw + 1);
6553

6554
	/* BSD Specific. */
6555
	lhw->ic = lkpi_ieee80211_ifalloc();
6556

6557
	IMPROVE();
6558

6559
	return (hw);
6560
}
6561

6562
void
6563
linuxkpi_ieee80211_iffree(struct ieee80211_hw *hw)
6564
{
6565
	struct lkpi_hw *lhw;
6566
	struct mbuf *m;
6567
	int ac;
6568

6569
	lhw = HW_TO_LHW(hw);
6570
	free(lhw->ic, M_LKPI80211);
6571
	lhw->ic = NULL;
6572

6573
	/*
6574
	 * Drain the deferred RX path.
6575
	 */
6576
	LKPI_80211_LHW_RXQ_LOCK(lhw);
6577
	lhw->rxq_stopped = true;
6578
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
6579

6580
	/* Drain taskq, won't be restarted due to rxq_stopped being set. */
6581
	while (taskqueue_cancel(taskqueue_thread, &lhw->rxq_task, NULL) != 0)
6582
		taskqueue_drain(taskqueue_thread, &lhw->rxq_task);
6583

6584
	/* Flush mbufq (make sure to release ni refs!). */
6585
	m = mbufq_dequeue(&lhw->rxq);
6586
	while (m != NULL) {
6587
#ifdef LKPI_80211_USE_MTAG
6588
		struct m_tag *mtag;
6589

6590
		mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
6591
		if (mtag != NULL) {
6592
			struct lkpi_80211_tag_rxni *rxni;
6593

6594
			rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
6595
			ieee80211_free_node(rxni->ni);
6596
		}
6597
#else
6598
		if (m->m_pkthdr.PH_loc.ptr != NULL) {
6599
			struct ieee80211_node *ni;
6600

6601
			ni = m->m_pkthdr.PH_loc.ptr;
6602
			ieee80211_free_node(ni);
6603
		}
6604
#endif
6605
		m_freem(m);
6606
		m = mbufq_dequeue(&lhw->rxq);
6607
	}
6608
	KASSERT(mbufq_empty(&lhw->rxq), ("%s: lhw %p has rxq len %d != 0\n",
6609
	    __func__, lhw, mbufq_len(&lhw->rxq)));
6610
	LKPI_80211_LHW_RXQ_LOCK_DESTROY(lhw);
6611

6612
	/* Chanctx_conf. */
6613
	if (!list_empty_careful(&lhw->lchanctx_list)) {
6614
		struct lkpi_chanctx *lchanctx, *next;
6615
		struct ieee80211_chanctx_conf *chanctx_conf;
6616

6617
		list_for_each_entry_safe(lchanctx, next, &lhw->lchanctx_list, entry) {
6618
			if (lchanctx->added_to_drv) {
6619
				/* In reality we should panic? */
6620
				chanctx_conf = &lchanctx->chanctx_conf;
6621
				lkpi_80211_mo_remove_chanctx(hw, chanctx_conf);
6622
			}
6623
			list_del(&lchanctx->entry);
6624
			free(lchanctx, M_LKPI80211);
6625
		}
6626
	}
6627

6628
	LKPI_80211_LHW_MC_LOCK(lhw);
6629
	lkpi_cleanup_mcast_list_locked(lhw);
6630
	LKPI_80211_LHW_MC_UNLOCK(lhw);
6631

6632
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6633
		spin_lock_destroy(&lhw->txq_scheduled_lock[ac]);
6634

6635
	/* Cleanup more of lhw here or in wiphy_free()? */
6636
	spin_lock_destroy(&lhw->txq_lock);
6637
	LKPI_80211_LHW_TXQ_LOCK_DESTROY(lhw);
6638
	LKPI_80211_LHW_SCAN_LOCK_DESTROY(lhw);
6639
	sx_destroy(&lhw->lvif_sx);
6640
	LKPI_80211_LHW_MC_LOCK_DESTROY(lhw)
6641
	IMPROVE();
6642
}
6643

6644
void
6645
linuxkpi_set_ieee80211_dev(struct ieee80211_hw *hw)
6646
{
6647
	struct lkpi_hw *lhw;
6648
	struct ieee80211com *ic;
6649
	struct device *dev;
6650

6651
	lhw = HW_TO_LHW(hw);
6652
	ic = lhw->ic;
6653

6654
	/* Save the backpointer from net80211 to LinuxKPI. */
6655
	ic->ic_softc = lhw;
6656

6657
	/*
6658
	 * Set a proper name before ieee80211_ifattach() if dev is set.
6659
	 * ath1xk also unset the dev so we need to check.
6660
	 */
6661
	dev = wiphy_dev(hw->wiphy);
6662
	if (dev != NULL) {
6663
		ic->ic_name = dev_name(dev);
6664
	} else {
6665
		TODO("adjust arguments to still have the old dev or go through "
6666
		    "the hoops of getting the bsddev from hw and detach; "
6667
		    "or do in XXX; check ath1kx drivers");
6668
	}
6669

6670
	/* XXX-BZ do we also need to set wiphy name? */
6671
}
6672

6673
struct ieee80211_hw *
6674
linuxkpi_wiphy_to_ieee80211_hw(struct wiphy *wiphy)
6675
{
6676
	struct lkpi_hw *lhw;
6677

6678
	lhw = wiphy_priv(wiphy);
6679
	return (LHW_TO_HW(lhw));
6680
}
6681

6682
static void
6683
lkpi_radiotap_attach(struct lkpi_hw *lhw)
6684
{
6685
	struct ieee80211com *ic;
6686

6687
	ic = lhw->ic;
6688
	ieee80211_radiotap_attach(ic,
6689
	    &lhw->rtap_tx.wt_ihdr, sizeof(lhw->rtap_tx),
6690
	    LKPI_RTAP_TX_FLAGS_PRESENT,
6691
	    &lhw->rtap_rx.wr_ihdr, sizeof(lhw->rtap_rx),
6692
	    LKPI_RTAP_RX_FLAGS_PRESENT);
6693
}
6694

6695
int
6696
linuxkpi_ieee80211_ifattach(struct ieee80211_hw *hw)
6697
{
6698
	struct ieee80211com *ic;
6699
	struct lkpi_hw *lhw;
6700
	int band, i;
6701

6702
	lhw = HW_TO_LHW(hw);
6703
	ic = lhw->ic;
6704

6705
	/* We do it this late as wiphy->dev should be set for the name. */
6706
	lhw->workq = alloc_ordered_workqueue(wiphy_name(hw->wiphy), 0);
6707
	if (lhw->workq == NULL)
6708
		return (-EAGAIN);
6709

6710
	/* XXX-BZ figure this out how they count his... */
6711
	if (!is_zero_ether_addr(hw->wiphy->perm_addr)) {
6712
		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6713
		    hw->wiphy->perm_addr);
6714
	} else if (hw->wiphy->n_addresses > 0) {
6715
		/* We take the first one. */
6716
		IEEE80211_ADDR_COPY(ic->ic_macaddr,
6717
		    hw->wiphy->addresses[0].addr);
6718
	} else {
6719
		ic_printf(ic, "%s: warning, no hardware address!\n", __func__);
6720
	}
6721

6722
#ifdef __not_yet__
6723
	/* See comment in lkpi_80211_txq_tx_one(). */
6724
	ic->ic_headroom = hw->extra_tx_headroom;
6725
#endif
6726

6727
	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
6728
	ic->ic_opmode = IEEE80211_M_STA;
6729

6730
	/* Set device capabilities. */
6731
	/* XXX-BZ we need to get these from linux80211/drivers and convert. */
6732
	ic->ic_caps =
6733
	    IEEE80211_C_STA |
6734
	    IEEE80211_C_MONITOR |
6735
	    IEEE80211_C_WPA |		/* WPA/RSN */
6736
#ifdef LKPI_80211_WME
6737
	    IEEE80211_C_WME |
6738
#endif
6739
#if 0
6740
	    IEEE80211_C_PMGT |
6741
#endif
6742
	    IEEE80211_C_SHSLOT |	/* short slot time supported */
6743
	    IEEE80211_C_SHPREAMBLE	/* short preamble supported */
6744
	    ;
6745

6746
#ifdef LKPI_80211_BGSCAN
6747
	if (lhw->ops->hw_scan)
6748
		ic->ic_caps |= IEEE80211_C_BGSCAN;
6749
#endif
6750

6751
	lkpi_enable_hw_scan(lhw);
6752

6753
	/* Does HW support Fragmentation offload? */
6754
	if (ieee80211_hw_check(hw, SUPPORTS_TX_FRAG))
6755
		ic->ic_flags_ext |= IEEE80211_FEXT_FRAG_OFFLOAD;
6756

6757
	/* Does HW support full AMPDU[-TX] offload? */
6758
	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION))
6759
		ic->ic_flags_ext |= IEEE80211_FEXT_AMPDU_OFFLOAD;
6760
#ifdef __notyet__
6761
	if (ieee80211_hw_check(hw, TX_AMSDU))
6762
	if (ieee80211_hw_check(hw, SUPPORTS_AMSDU_IN_AMPDU))
6763
#endif
6764

6765
	/*
6766
	 * The wiphy variables report bitmasks of avail antennas.
6767
	 * (*get_antenna) get the current bitmask sets which can be
6768
	 * altered by (*set_antenna) for some drivers.
6769
	 * XXX-BZ will the count alone do us much good long-term in net80211?
6770
	 */
6771
	if (hw->wiphy->available_antennas_rx ||
6772
	    hw->wiphy->available_antennas_tx) {
6773
		uint32_t rxs, txs;
6774

6775
		if (lkpi_80211_mo_get_antenna(hw, &txs, &rxs) == 0) {
6776
			ic->ic_rxstream = bitcount32(rxs);
6777
			ic->ic_txstream = bitcount32(txs);
6778
		}
6779
	}
6780

6781
	ic->ic_cryptocaps = 0;
6782
#ifdef LKPI_80211_HW_CRYPTO
6783
	if (lkpi_hwcrypto && hw->wiphy->n_cipher_suites > 0) {
6784
		uint32_t hwciphers;
6785

6786
		hwciphers = 0;
6787
		for (i = 0; i < hw->wiphy->n_cipher_suites; i++) {
6788
			uint32_t cs;
6789

6790
			cs = lkpi_l80211_to_net80211_cyphers(
6791
			    ic, hw->wiphy->cipher_suites[i]);
6792
			if (cs == IEEE80211_CRYPTO_TKIP) {
6793
				/*
6794
				 * We do set this here.  We will only find out
6795
				 * when doing a SET_KEY operation depending on
6796
				 * what the driver returns.
6797
				 * net80211::ieee80211_crypto_newkey()
6798
				 * checks this so we will have to do flags
6799
				 * surgery later.
6800
				 */
6801
				cs |= IEEE80211_CRYPTO_TKIPMIC;
6802
			}
6803
			hwciphers |= cs;
6804
		}
6805
		/*
6806
		 * (20250415) nothing anywhere in the path checks we actually
6807
		 * support all these in net80211.
6808
		 * net80211 supports _256 variants but the ioctl does not.
6809
		 */
6810
		IMPROVE("as net80211 grows more support, enable them");
6811
		hwciphers &= (IEEE80211_CRYPTO_WEP |
6812
		    IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_TKIPMIC |
6813
		    IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_AES_GCM_128);
6814
		/*
6815
		 * We only support CCMP here, so further filter.
6816
		 * Also permit TKIP if turned on.
6817
		 */
6818
		hwciphers &= (IEEE80211_CRYPTO_AES_CCM |
6819
		    IEEE80211_CRYPTO_AES_GCM_128 |
6820
		    (lkpi_hwcrypto_tkip ? (IEEE80211_CRYPTO_TKIP |
6821
		    IEEE80211_CRYPTO_TKIPMIC) : 0));
6822
		ieee80211_set_hardware_ciphers(ic, hwciphers);
6823
	}
6824
#endif
6825

6826
	lkpi_ic_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
6827
	    ic->ic_channels);
6828

6829
	ieee80211_ifattach(ic);
6830

6831
	ic->ic_update_mcast = lkpi_ic_update_mcast;
6832
	ic->ic_update_promisc = lkpi_ic_update_promisc;
6833
	ic->ic_update_chw = lkpi_ic_update_chw;
6834
	ic->ic_parent = lkpi_ic_parent;
6835
	ic->ic_scan_start = lkpi_ic_scan_start;
6836
	ic->ic_scan_end = lkpi_ic_scan_end;
6837
	ic->ic_set_channel = lkpi_ic_set_channel;
6838
	ic->ic_transmit = lkpi_ic_transmit;
6839
	ic->ic_raw_xmit = lkpi_ic_raw_xmit;
6840
	ic->ic_vap_create = lkpi_ic_vap_create;
6841
	ic->ic_vap_delete = lkpi_ic_vap_delete;
6842
	ic->ic_getradiocaps = lkpi_ic_getradiocaps;
6843
	ic->ic_wme.wme_update = lkpi_ic_wme_update;
6844

6845
	lhw->ic_scan_curchan = ic->ic_scan_curchan;
6846
	ic->ic_scan_curchan = lkpi_ic_scan_curchan;
6847
	lhw->ic_scan_mindwell = ic->ic_scan_mindwell;
6848
	ic->ic_scan_mindwell = lkpi_ic_scan_mindwell;
6849

6850
	lhw->ic_node_alloc = ic->ic_node_alloc;
6851
	ic->ic_node_alloc = lkpi_ic_node_alloc;
6852
	lhw->ic_node_init = ic->ic_node_init;
6853
	ic->ic_node_init = lkpi_ic_node_init;
6854
	lhw->ic_node_cleanup = ic->ic_node_cleanup;
6855
	ic->ic_node_cleanup = lkpi_ic_node_cleanup;
6856
	lhw->ic_node_free = ic->ic_node_free;
6857
	ic->ic_node_free = lkpi_ic_node_free;
6858

6859
#ifdef LKPI_80211_HT
6860
	/*
6861
	 * Only attach if the driver/firmware supports (*ampdu_action)().
6862
	 * Otherwise it is in the hands of net80211.
6863
	 */
6864
	if (lhw->ops->ampdu_action != NULL) {
6865
		lhw->ic_recv_action = ic->ic_recv_action;
6866
		ic->ic_recv_action = lkpi_ic_recv_action;
6867
		lhw->ic_send_action = ic->ic_send_action;
6868
		ic->ic_send_action = lkpi_ic_send_action;
6869

6870
		lhw->ic_ampdu_enable = ic->ic_ampdu_enable;
6871
		ic->ic_ampdu_enable = lkpi_ic_ampdu_enable;
6872

6873
		lhw->ic_addba_request = ic->ic_addba_request;
6874
		ic->ic_addba_request = lkpi_ic_addba_request;
6875
		lhw->ic_addba_response = ic->ic_addba_response;
6876
		ic->ic_addba_response = lkpi_ic_addba_response;
6877
		lhw->ic_addba_stop = ic->ic_addba_stop;
6878
		ic->ic_addba_stop = lkpi_ic_addba_stop;
6879
		lhw->ic_addba_response_timeout = ic->ic_addba_response_timeout;
6880
		ic->ic_addba_response_timeout = lkpi_ic_addba_response_timeout;
6881

6882
		lhw->ic_bar_response = ic->ic_bar_response;
6883
		ic->ic_bar_response = lkpi_ic_bar_response;
6884

6885
		lhw->ic_ampdu_rx_start = ic->ic_ampdu_rx_start;
6886
		ic->ic_ampdu_rx_start = lkpi_ic_ampdu_rx_start;
6887
		lhw->ic_ampdu_rx_stop = ic->ic_ampdu_rx_stop;
6888
		ic->ic_ampdu_rx_stop = lkpi_ic_ampdu_rx_stop;
6889
	}
6890
#endif
6891

6892
	lkpi_radiotap_attach(lhw);
6893

6894
	/*
6895
	 * Assign the first possible channel for now;  seems Realtek drivers
6896
	 * expect one.
6897
	 * Also remember the amount of bands we support and the most rates
6898
	 * in any band so we can scale [(ext) sup rates] IE(s) accordingly.
6899
	 */
6900
	lhw->supbands = lhw->max_rates = 0;
6901
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
6902
		struct ieee80211_supported_band *supband;
6903
		struct linuxkpi_ieee80211_channel *channels;
6904

6905
		supband = hw->wiphy->bands[band];
6906
		if (supband == NULL || supband->n_channels == 0)
6907
			continue;
6908

6909
		lhw->supbands++;
6910
		lhw->max_rates = max(lhw->max_rates, supband->n_bitrates);
6911

6912
		/* If we have a channel, we need to keep counting supbands. */
6913
		if (hw->conf.chandef.chan != NULL)
6914
			continue;
6915

6916
		channels = supband->channels;
6917
		for (i = 0; i < supband->n_channels; i++) {
6918

6919
			if (channels[i].flags & IEEE80211_CHAN_DISABLED)
6920
				continue;
6921

6922
			cfg80211_chandef_create(&hw->conf.chandef, &channels[i],
6923
#ifdef LKPI_80211_HT
6924
			    (ic->ic_flags_ht & IEEE80211_FHT_HT) ? NL80211_CHAN_HT20 :
6925
#endif
6926
			    NL80211_CHAN_NO_HT);
6927
			break;
6928
		}
6929
	}
6930

6931
	IMPROVE("see net80211::ieee80211_chan_init vs. wiphy->bands[].bitrates possibly in lkpi_ic_getradiocaps?");
6932

6933
	/* Make sure we do not support more than net80211 is willing to take. */
6934
	if (lhw->max_rates > IEEE80211_RATE_MAXSIZE) {
6935
		ic_printf(ic, "%s: limiting max_rates %d to %d!\n", __func__,
6936
		    lhw->max_rates, IEEE80211_RATE_MAXSIZE);
6937
		lhw->max_rates = IEEE80211_RATE_MAXSIZE;
6938
	}
6939

6940
	/*
6941
	 * The maximum supported bitrates on any band + size for
6942
	 * DSSS Parameter Set give our per-band IE size.
6943
	 * SSID is the responsibility of the driver and goes on the side.
6944
	 * The user specified bits coming from the vap go into the
6945
	 * "common ies" fields.
6946
	 */
6947
	lhw->scan_ie_len = 2 + IEEE80211_RATE_SIZE;
6948
	if (lhw->max_rates > IEEE80211_RATE_SIZE)
6949
		lhw->scan_ie_len += 2 + (lhw->max_rates - IEEE80211_RATE_SIZE);
6950

6951
	if (hw->wiphy->features & NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) {
6952
		/*
6953
		 * net80211 does not seem to support the DSSS Parameter Set but
6954
		 * some of the drivers insert it so calculate the extra fixed
6955
		 * space in.
6956
		 */
6957
		lhw->scan_ie_len += 2 + 1;
6958
	}
6959

6960
#if defined(LKPI_80211_HT)
6961
	if ((ic->ic_htcaps & IEEE80211_HTC_HT) != 0)
6962
		lhw->scan_ie_len += sizeof(struct ieee80211_ie_htcap);
6963
#endif
6964
#if defined(LKPI_80211_VHT)
6965
	if (IEEE80211_CONF_VHT(ic))
6966
		lhw->scan_ie_len += 2 + sizeof(struct ieee80211_vht_cap);
6967
#endif
6968

6969
	/* Reduce the max_scan_ie_len "left" by the amount we consume already. */
6970
	if (hw->wiphy->max_scan_ie_len > 0) {
6971
		if (lhw->scan_ie_len > hw->wiphy->max_scan_ie_len)
6972
			goto err;
6973
		hw->wiphy->max_scan_ie_len -= lhw->scan_ie_len;
6974
	}
6975

6976
	if (bootverbose) {
6977
		if (hw->netdev_features != 0)
6978
			ic_printf(ic, "netdev_features %b\n",
6979
			    hw->netdev_features, NETIF_F_BITS);
6980
		ieee80211_announce(ic);
6981
	}
6982

6983
	return (0);
6984
err:
6985
	IMPROVE("TODO FIXME CLEANUP");
6986
	return (-EAGAIN);
6987
}
6988

6989
void
6990
linuxkpi_ieee80211_ifdetach(struct ieee80211_hw *hw)
6991
{
6992
	struct lkpi_hw *lhw;
6993
	struct ieee80211com *ic;
6994

6995
	lhw = HW_TO_LHW(hw);
6996
	ic = lhw->ic;
6997
	ieee80211_ifdetach(ic);
6998
}
6999

7000
void
7001
linuxkpi_ieee80211_iterate_interfaces(struct ieee80211_hw *hw,
7002
    enum ieee80211_iface_iter flags,
7003
    void(*iterfunc)(void *, uint8_t *, struct ieee80211_vif *),
7004
    void *arg)
7005
{
7006
	struct lkpi_hw *lhw;
7007
	struct lkpi_vif *lvif;
7008
	struct ieee80211_vif *vif;
7009
	bool active, atomic, nin_drv;
7010

7011
	lhw = HW_TO_LHW(hw);
7012

7013
	if (flags & ~(IEEE80211_IFACE_ITER_NORMAL|
7014
	    IEEE80211_IFACE_ITER_RESUME_ALL|
7015
	    IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER|
7016
	    IEEE80211_IFACE_ITER_ACTIVE|IEEE80211_IFACE_ITER__ATOMIC|
7017
	    IEEE80211_IFACE_ITER__MTX)) {
7018
		ic_printf(lhw->ic, "XXX TODO %s flags(%#x) not yet supported.\n",
7019
		    __func__, flags);
7020
	}
7021

7022
	if ((flags & IEEE80211_IFACE_ITER__MTX) != 0)
7023
		lockdep_assert_wiphy(hw->wiphy);
7024

7025
	active = (flags & IEEE80211_IFACE_ITER_ACTIVE) != 0;
7026
	atomic = (flags & IEEE80211_IFACE_ITER__ATOMIC) != 0;
7027
	nin_drv = (flags & IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) != 0;
7028

7029
	if (atomic) {
7030
		IMPROVE("LKPI_80211_LHW_LVIF_LOCK atomic assume to be rcu?");
7031
		LKPI_80211_LHW_LVIF_LOCK(lhw);
7032
	}
7033
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
7034
		struct ieee80211vap *vap;
7035

7036
		vif = LVIF_TO_VIF(lvif);
7037

7038
		/*
7039
		 * If we want "active" interfaces, we need to distinguish on
7040
		 * whether the driver knows about them or not to be able to
7041
		 * handle the "resume" case correctly.  Skip the ones the
7042
		 * driver does not know about.
7043
		 */
7044
		if (active && !lvif->added_to_drv &&
7045
		    (flags & IEEE80211_IFACE_ITER_RESUME_ALL) != 0)
7046
			continue;
7047

7048
		/*
7049
		 * If we shall skip interfaces not added to the driver do so
7050
		 * if we haven't yet.
7051
		 */
7052
		if (nin_drv && !lvif->added_to_drv)
7053
			continue;
7054

7055
		/*
7056
		 * Run the iterator function if we are either not asking
7057
		 * asking for active only or if the VAP is "running".
7058
		 */
7059
		/* XXX-BZ probably should have state in the lvif as well. */
7060
		vap = LVIF_TO_VAP(lvif);
7061
		if (!active || (vap->iv_state != IEEE80211_S_INIT))
7062
			iterfunc(arg, vif->addr, vif);
7063
	}
7064
	if (atomic)
7065
		LKPI_80211_LHW_LVIF_UNLOCK(lhw);
7066
}
7067

7068
static void
7069
lkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
7070
    ieee80211_keyix keyix, struct lkpi_sta *lsta,
7071
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
7072
	struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
7073
    void *arg)
7074
{
7075
	if (!lsta->added_to_drv)
7076
		return;
7077

7078
	if (lsta->kc[keyix] == NULL)
7079
		return;
7080

7081
	iterfunc(hw, vif, LSTA_TO_STA(lsta), lsta->kc[keyix], arg);
7082
}
7083

7084
void
7085
linuxkpi_ieee80211_iterate_keys(struct ieee80211_hw *hw,
7086
    struct ieee80211_vif *vif,
7087
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_vif *,
7088
        struct ieee80211_sta *, struct ieee80211_key_conf *, void *),
7089
    void *arg, bool rcu)
7090
{
7091
	struct lkpi_sta *lsta;
7092
	struct lkpi_vif *lvif;
7093

7094
	lvif = VIF_TO_LVIF(vif);
7095

7096
	if (rcu) {
7097
		rcu_read_lock_held();		/* XXX-BZ is this correct? */
7098

7099
		if (vif == NULL) {
7100
			TODO();
7101
		} else {
7102
			list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7103
				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
7104
				    keyix++)
7105
					lkpi_ieee80211_iterate_keys(hw, vif,
7106
					    keyix, lsta, iterfunc, arg);
7107
			}
7108
		}
7109
	} else {
7110
		TODO("Used by suspend/resume; order of keys as installed to "
7111
		"firmware is important; we'll need to rewrite some code for that");
7112
		lockdep_assert_wiphy(hw->wiphy);
7113

7114
		if (vif == NULL) {
7115
			TODO();
7116
		} else {
7117
			list_for_each_entry(lsta, &lvif->lsta_list, lsta_list) {
7118
				for (ieee80211_keyix keyix = 0; keyix < nitems(lsta->kc);
7119
				    keyix++)
7120
					lkpi_ieee80211_iterate_keys(hw, vif,
7121
					    keyix, lsta, iterfunc, arg);
7122
			}
7123
		}
7124
	}
7125
}
7126

7127
void
7128
linuxkpi_ieee80211_iterate_chan_contexts(struct ieee80211_hw *hw,
7129
    void(*iterfunc)(struct ieee80211_hw *, struct ieee80211_chanctx_conf *,
7130
	void *),
7131
    void *arg)
7132
{
7133
	struct lkpi_hw *lhw;
7134
	struct lkpi_chanctx *lchanctx;
7135

7136
	KASSERT(hw != NULL && iterfunc != NULL,
7137
	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7138

7139
	lhw = HW_TO_LHW(hw);
7140

7141
	rcu_read_lock();
7142
	list_for_each_entry_rcu(lchanctx, &lhw->lchanctx_list, entry) {
7143
		if (!lchanctx->added_to_drv)
7144
			continue;
7145
		iterfunc(hw, &lchanctx->chanctx_conf, arg);
7146
	}
7147
	rcu_read_unlock();
7148
}
7149

7150
void
7151
linuxkpi_ieee80211_iterate_stations_atomic(struct ieee80211_hw *hw,
7152
   void (*iterfunc)(void *, struct ieee80211_sta *), void *arg)
7153
{
7154
	struct lkpi_hw *lhw;
7155
	struct lkpi_vif *lvif;
7156
	struct lkpi_sta *lsta;
7157
	struct ieee80211_sta *sta;
7158

7159
	KASSERT(hw != NULL && iterfunc != NULL,
7160
	    ("%s: hw %p iterfunc %p arg %p\n", __func__, hw, iterfunc, arg));
7161

7162
	lhw = HW_TO_LHW(hw);
7163

7164
	LKPI_80211_LHW_LVIF_LOCK(lhw);
7165
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
7166

7167
		rcu_read_lock();
7168
		list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
7169
			if (!lsta->added_to_drv)
7170
				continue;
7171
			sta = LSTA_TO_STA(lsta);
7172
			iterfunc(arg, sta);
7173
		}
7174
		rcu_read_unlock();
7175
	}
7176
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
7177
}
7178

7179
struct linuxkpi_ieee80211_regdomain *
7180
lkpi_get_linuxkpi_ieee80211_regdomain(size_t n)
7181
{
7182
	struct linuxkpi_ieee80211_regdomain *regd;
7183

7184
	regd = kzalloc(sizeof(*regd) + n * sizeof(struct ieee80211_reg_rule),
7185
	    GFP_KERNEL);
7186
	return (regd);
7187
}
7188

7189
int
7190
linuxkpi_regulatory_set_wiphy_regd_sync(struct wiphy *wiphy,
7191
    struct linuxkpi_ieee80211_regdomain *regd)
7192
{
7193
	struct lkpi_hw *lhw;
7194
	struct ieee80211com *ic;
7195
	struct ieee80211_regdomain *rd;
7196

7197
	lhw = wiphy_priv(wiphy);
7198
	ic = lhw->ic;
7199

7200
	rd = &ic->ic_regdomain;
7201
	if (rd->isocc[0] == '\0') {
7202
		rd->isocc[0] = regd->alpha2[0];
7203
		rd->isocc[1] = regd->alpha2[1];
7204
	}
7205

7206
	TODO();
7207
	/* XXX-BZ finish the rest. */
7208

7209
	return (0);
7210
}
7211

7212
void
7213
linuxkpi_ieee80211_scan_completed(struct ieee80211_hw *hw,
7214
    struct cfg80211_scan_info *info)
7215
{
7216
	struct lkpi_hw *lhw;
7217
	struct ieee80211com *ic;
7218
	struct ieee80211_scan_state *ss;
7219

7220
	lhw = wiphy_priv(hw->wiphy);
7221
	ic = lhw->ic;
7222
	ss = ic->ic_scan;
7223

7224
	TRACE_SCAN(ic, "scan_flags %b info { %ju, %6D, aborted %d }",
7225
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7226
	    (uintmax_t)info->scan_start_tsf, info->tsf_bssid, ":",
7227
	    info->aborted);
7228

7229
	ieee80211_scan_done(ss->ss_vap);
7230

7231
	LKPI_80211_LHW_SCAN_LOCK(lhw);
7232
	free(lhw->hw_req, M_LKPI80211);
7233
	lhw->hw_req = NULL;
7234
	lhw->scan_flags &= ~LKPI_LHW_SCAN_RUNNING;
7235
	/* The wakeup(lhw) will be called from lkpi_ic_scan_end(). */
7236
	/* wakeup(lhw); */
7237
	LKPI_80211_LHW_SCAN_UNLOCK(lhw);
7238

7239
	return;
7240
}
7241

7242
static void
7243
lkpi_80211_lhw_rxq_rx_one(struct lkpi_hw *lhw, struct mbuf *m)
7244
{
7245
	struct ieee80211_node *ni;
7246
#ifdef LKPI_80211_USE_MTAG
7247
	struct m_tag *mtag;
7248
#endif
7249
	int ok;
7250

7251
	ni = NULL;
7252
#ifdef LKPI_80211_USE_MTAG
7253
        mtag = m_tag_locate(m, MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI, NULL);
7254
	if (mtag != NULL) {
7255
		struct lkpi_80211_tag_rxni *rxni;
7256

7257
		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
7258
		ni = rxni->ni;
7259
	}
7260
#else
7261
	if (m->m_pkthdr.PH_loc.ptr != NULL) {
7262
		ni = m->m_pkthdr.PH_loc.ptr;
7263
		m->m_pkthdr.PH_loc.ptr = NULL;
7264
	}
7265
#endif
7266

7267
	if (ni != NULL) {
7268
		ok = ieee80211_input_mimo(ni, m);
7269
		ieee80211_free_node(ni);		/* Release the reference. */
7270
		if (ok < 0)
7271
			m_freem(m);
7272
	} else {
7273
		ok = ieee80211_input_mimo_all(lhw->ic, m);
7274
		/* mbuf got consumed. */
7275
	}
7276

7277
#ifdef LINUXKPI_DEBUG_80211
7278
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7279
		printf("TRACE-RX: %s: handled frame type %#0x\n", __func__, ok);
7280
#endif
7281
}
7282

7283
static void
7284
lkpi_80211_lhw_rxq_task(void *ctx, int pending)
7285
{
7286
	struct lkpi_hw *lhw;
7287
	struct mbufq mq;
7288
	struct mbuf *m;
7289

7290
	lhw = ctx;
7291

7292
#ifdef LINUXKPI_DEBUG_80211
7293
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7294
		printf("TRACE-RX: %s: lhw %p pending %d mbuf_qlen %d\n",
7295
		    __func__, lhw, pending, mbufq_len(&lhw->rxq));
7296
#endif
7297

7298
	mbufq_init(&mq, IFQ_MAXLEN);
7299

7300
	LKPI_80211_LHW_RXQ_LOCK(lhw);
7301
	mbufq_concat(&mq, &lhw->rxq);
7302
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7303

7304
	m = mbufq_dequeue(&mq);
7305
	while (m != NULL) {
7306
		lkpi_80211_lhw_rxq_rx_one(lhw, m);
7307
		m = mbufq_dequeue(&mq);
7308
	}
7309
}
7310

7311
static void
7312
lkpi_convert_rx_status(struct ieee80211_hw *hw, struct lkpi_sta *lsta,
7313
    struct ieee80211_rx_status *rx_status,
7314
    struct ieee80211_rx_stats *rx_stats,
7315
    uint8_t *rssip)
7316
{
7317
	struct ieee80211_supported_band *supband;
7318
	struct rate_info rxrate;
7319
	int i;
7320
	uint8_t rssi;
7321

7322
	memset(&rxrate, 0, sizeof(rxrate));
7323
	memset(rx_stats, 0, sizeof(*rx_stats));
7324
	rx_stats->r_flags = IEEE80211_R_NF | IEEE80211_R_RSSI;
7325
	/* XXX-BZ correct hardcoded noise floor, survey data? */
7326
	rx_stats->c_nf = -96;
7327
	if (ieee80211_hw_check(hw, SIGNAL_DBM) &&
7328
	    !(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7329
		rssi = rx_status->signal;
7330
	else
7331
		rssi = rx_stats->c_nf;
7332
	/*
7333
	 * net80211 signal strength data are in .5 dBm units relative to
7334
	 * the current noise floor (see comment in ieee80211_node.h).
7335
	 */
7336
	rssi -= rx_stats->c_nf;
7337
	if (rssip != NULL)
7338
		*rssip = rssi;
7339
	rx_stats->c_rssi = rssi * 2;
7340
	rx_stats->r_flags |= IEEE80211_R_BAND;
7341
	rx_stats->c_band =
7342
	    lkpi_nl80211_band_to_net80211_band(rx_status->band);
7343
	rx_stats->r_flags |= IEEE80211_R_FREQ | IEEE80211_R_IEEE;
7344
	rx_stats->c_freq = rx_status->freq;
7345
	rx_stats->c_ieee = ieee80211_mhz2ieee(rx_stats->c_freq, rx_stats->c_band);
7346

7347
	rx_stats->c_rx_tsf = rx_status->mactime;
7348

7349
	/* XXX RX_FLAG_MACTIME_IS_RTAP_TS64 ? */
7350
	if ((rx_status->flag & RX_FLAG_MACTIME) ==
7351
	    (RX_FLAG_MACTIME_START|RX_FLAG_MACTIME_END)) {
7352
		rx_stats->r_flags |= IEEE80211_R_TSF64;
7353
		/* XXX RX_FLAG_MACTIME_PLCP_START ? */
7354
		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_START)
7355
			rx_stats->r_flags |= IEEE80211_R_TSF_START;
7356
		if ((rx_status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_END)
7357
			rx_stats->r_flags |= IEEE80211_R_TSF_END;
7358
		/* XXX-BZ if TSF_END will net80211 do the unwind of time? */
7359
	}
7360

7361
	if (rx_status->chains != 0) {
7362
		int cc;
7363
		int8_t crssi;
7364

7365
		rx_stats->c_chain = rx_status->chains;
7366
		rx_stats->r_flags |= IEEE80211_R_C_CHAIN;
7367

7368
		cc = 0;
7369
		for (i = 0; i < nitems(rx_status->chain_signal); i++) {
7370
			if (!(rx_status->chains & BIT(i)))
7371
				continue;
7372
			crssi = rx_status->chain_signal[i];
7373
			crssi -= rx_stats->c_nf;
7374
			rx_stats->c_rssi_ctl[i] = crssi * 2;
7375
			rx_stats->c_rssi_ext[i] = crssi * 2;	/* XXX _ext ??? ATH thing? */
7376
			/* We currently only have the global noise floor value. */
7377
			rx_stats->c_nf_ctl[i] = rx_stats->c_nf;
7378
			rx_stats->c_nf_ext[i] = rx_stats->c_nf;
7379
			cc++;
7380
		}
7381
		if (cc > 0)
7382
			 rx_stats->r_flags |= (IEEE80211_R_C_NF | IEEE80211_R_C_RSSI);
7383
	}
7384

7385
	/* XXX-NET80211 We are not going to populate c_phytype! */
7386

7387
	switch (rx_status->encoding) {
7388
	case RX_ENC_LEGACY:
7389
	{
7390
		uint32_t legacy = 0;
7391

7392
		supband = hw->wiphy->bands[rx_status->band];
7393
		if (supband != NULL)
7394
			legacy = supband->bitrates[rx_status->rate_idx].bitrate;
7395
		rx_stats->c_rate = legacy;
7396
		rxrate.legacy = legacy;
7397
		/* Is there a LinuxKPI way of reporting IEEE80211_RX_F_CCK / _OFDM? */
7398
		break;
7399
	}
7400
	case RX_ENC_HT:
7401
		rx_stats->c_pktflags |= IEEE80211_RX_F_HT;
7402
		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7403
		rxrate.flags |= RATE_INFO_FLAGS_MCS;
7404
		rxrate.mcs = rx_status->rate_idx;
7405
		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7406
			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7407
			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7408
		}
7409
		break;
7410
	case RX_ENC_VHT:
7411
		rx_stats->c_pktflags |= IEEE80211_RX_F_VHT;
7412
		rx_stats->c_rate = rx_status->rate_idx;		/* mcs */
7413
		rx_stats->c_vhtnss = rx_status->nss;
7414
		rxrate.flags |= RATE_INFO_FLAGS_VHT_MCS;
7415
		rxrate.mcs = rx_status->rate_idx;
7416
		rxrate.nss = rx_status->nss;
7417
		if ((rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI) != 0) {
7418
			rx_stats->c_pktflags |= IEEE80211_RX_F_SHORTGI;
7419
			rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
7420
		}
7421
		break;
7422
	case RX_ENC_HE:
7423
		rxrate.flags |= RATE_INFO_FLAGS_HE_MCS;
7424
		rxrate.mcs = rx_status->rate_idx;
7425
		rxrate.nss = rx_status->nss;
7426
		/* XXX TODO */
7427
		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7428
		break;
7429
	case RX_ENC_EHT:
7430
		rxrate.flags |= RATE_INFO_FLAGS_EHT_MCS;
7431
		rxrate.mcs = rx_status->rate_idx;
7432
		rxrate.nss = rx_status->nss;
7433
		/* XXX TODO */
7434
		TODO("net80211 has not matching encoding for %u", rx_status->encoding);
7435
		break;
7436
	}
7437

7438
	rxrate.bw = rx_status->bw;
7439
	switch (rx_status->bw) {
7440
	case RATE_INFO_BW_20:
7441
		rx_stats->c_width = IEEE80211_RX_FW_20MHZ;
7442
		break;
7443
	case RATE_INFO_BW_40:
7444
		rx_stats->c_width = IEEE80211_RX_FW_40MHZ;
7445
		break;
7446
	case RATE_INFO_BW_80:
7447
		rx_stats->c_width = IEEE80211_RX_FW_80MHZ;
7448
		break;
7449
	case RATE_INFO_BW_160:
7450
		rx_stats->c_width = IEEE80211_RX_FW_160MHZ;
7451
		break;
7452
	case RATE_INFO_BW_320:
7453
	case RATE_INFO_BW_HE_RU:
7454
	case RATE_INFO_BW_EHT_RU:
7455
	case RATE_INFO_BW_5:
7456
	case RATE_INFO_BW_10:
7457
		TODO("net80211 has not matching bandwidth for %u", rx_status->bw);
7458
		break;
7459
	}
7460

7461
	if ((rx_status->enc_flags & RX_ENC_FLAG_LDPC) != 0)
7462
		rx_stats->c_pktflags |= IEEE80211_RX_F_LDPC;
7463
	if ((rx_status->enc_flags & RX_ENC_FLAG_STBC_MASK) != 0)
7464
		 rx_stats->c_pktflags |= IEEE80211_RX_F_STBC;
7465

7466
	/*
7467
	 * We only need these for LKPI_80211_HW_CRYPTO in theory but in
7468
	 * case the hardware does something we do not expect always leave
7469
	 * these enabled.  Leaving this commant as documentation for the || 1.
7470
	 */
7471
#if defined(LKPI_80211_HW_CRYPTO) || 1
7472
	if (rx_status->flag & RX_FLAG_DECRYPTED) {
7473
		rx_stats->c_pktflags |= IEEE80211_RX_F_DECRYPTED;
7474
		/* Only valid if decrypted is set. */
7475
		if (rx_status->flag & RX_FLAG_PN_VALIDATED)
7476
			rx_stats->c_pktflags |= IEEE80211_RX_F_PN_VALIDATED;
7477
	}
7478
	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
7479
		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
7480
	if (rx_status->flag & RX_FLAG_ICV_STRIPPED)
7481
		rx_stats->c_pktflags |= IEEE80211_RX_F_ICV_STRIP;
7482
	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
7483
		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
7484
	if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
7485
		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
7486
	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
7487
		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
7488
	if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7489
		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
7490
#endif
7491

7492
	/* Fill in some sinfo bits to fill gaps not reported byt the driver. */
7493
	if (lsta != NULL) {
7494
		memcpy(&lsta->sinfo.rxrate, &rxrate, sizeof(rxrate));
7495
		lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
7496

7497
		if (rx_status->chains != 0) {
7498
			lsta->sinfo.chains = rx_status->chains;
7499
			memcpy(lsta->sinfo.chain_signal, rx_status->chain_signal,
7500
			    sizeof(lsta->sinfo.chain_signal));
7501
			lsta->sinfo.filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
7502
		}
7503
	}
7504
}
7505

7506
#ifdef LINUXKPI_DEBUG_80211
7507
static void
7508
lkpi_rx_log_beacon(struct mbuf *m, struct lkpi_hw *lhw,
7509
    struct ieee80211_rx_status *rx_status)
7510
{
7511
	struct ieee80211_mgmt *f;
7512
	uint8_t *e;
7513
	char ssid[IEEE80211_NWID_LEN * 4 + 1];
7514

7515
	memset(ssid, '\0', sizeof(ssid));
7516

7517
	f = mtod(m, struct ieee80211_mgmt *);
7518
	e = f->u.beacon.variable;
7519
	/*
7520
	 * Usually SSID is right after the fixed part and for debugging we will
7521
	 * be fine should we miss it if it is not.
7522
	 */
7523
	while ((e - (uint8_t *)f) < m->m_len) {
7524
		if (*e == IEEE80211_ELEMID_SSID)
7525
			break;
7526
		e += (2 + *(e + 1));
7527
	}
7528
	if (*e == IEEE80211_ELEMID_SSID) {
7529
		int i, len;
7530
		char *p;
7531

7532
		p = ssid;
7533
		len = m->m_len - ((e + 2) - (uint8_t *)f);
7534
		if (len > *(e + 1))
7535
			len = *(e + 1);
7536
		e += 2;
7537
		for (i = 0; i < len; i++) {
7538
			/* Printable character? */
7539
			if (*e >= 0x20 && *e < 0x7f) {
7540
				*p++ = *e++;
7541
			} else {
7542
				snprintf(p, 5, "%#04x", *e++);
7543
				p += 4;
7544
			}
7545
		}
7546
		*p = '\0';
7547
	}
7548

7549
	/* We print skb, skb->data, m as we are seeing 'ghost beacons'. */
7550
	TRACE_SCAN_BEACON(lhw->ic, "Beacon: scan_flags %b, band %s freq %u chan %-4d "
7551
	    "len %d { %#06x %#06x %6D %6D %6D %#06x %ju %u %#06x SSID '%s' }",
7552
	    lhw->scan_flags, LKPI_LHW_SCAN_BITS,
7553
	    lkpi_nl80211_band_name(rx_status->band), rx_status->freq,
7554
	    linuxkpi_ieee80211_frequency_to_channel(rx_status->freq, 0),
7555
	    m->m_pkthdr.len, f->frame_control, f->duration_id,
7556
	    f->da, ":", f->sa, ":", f->bssid, ":", f->seq_ctrl,
7557
	    (uintmax_t)le64_to_cpu(f->u.beacon.timestamp),
7558
	    le16_to_cpu(f->u.beacon.beacon_int),
7559
	    le16_to_cpu(f->u.beacon.capab_info), ssid);
7560
}
7561
#endif
7562

7563
/* For %list see comment towards the end of the function. */
7564
void
7565
linuxkpi_ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
7566
    struct ieee80211_sta *sta, struct napi_struct *napi __unused,
7567
    struct list_head *list __unused)
7568
{
7569
	struct lkpi_hw *lhw;
7570
	struct ieee80211com *ic;
7571
	struct mbuf *m;
7572
	struct skb_shared_info *shinfo;
7573
	struct ieee80211_rx_status *rx_status;
7574
	struct ieee80211_rx_stats rx_stats;
7575
	struct ieee80211_node *ni;
7576
	struct ieee80211vap *vap;
7577
	struct ieee80211_hdr *hdr;
7578
	struct lkpi_sta *lsta;
7579
	int i, offset, ok, error;
7580
	uint8_t rssi;
7581
	bool is_beacon;
7582

7583
	lhw = HW_TO_LHW(hw);
7584
	ic = lhw->ic;
7585

7586
	if (skb->len < 2) {
7587
		/* Need 80211 stats here. */
7588
		counter_u64_add(ic->ic_ierrors, 1);
7589
		IMPROVE();
7590
		goto err;
7591
	}
7592

7593
	/*
7594
	 * For now do the data copy; we can later improve things. Might even
7595
	 * have an mbuf backing the skb data then?
7596
	 */
7597
	m = m_get3(skb->len, M_NOWAIT, MT_DATA, M_PKTHDR);
7598
	if (m == NULL) {
7599
		counter_u64_add(ic->ic_ierrors, 1);
7600
		goto err;
7601
	}
7602
	m_copyback(m, 0, skb->tail - skb->data, skb->data);
7603

7604
	shinfo = skb_shinfo(skb);
7605
	offset = m->m_len;
7606
	for (i = 0; i < shinfo->nr_frags; i++) {
7607
		m_copyback(m, offset, shinfo->frags[i].size,
7608
		    (uint8_t *)linux_page_address(shinfo->frags[i].page) +
7609
		    shinfo->frags[i].offset);
7610
		offset += shinfo->frags[i].size;
7611
	}
7612

7613
	rx_status = IEEE80211_SKB_RXCB(skb);
7614

7615
	hdr = (void *)skb->data;
7616
	is_beacon = ieee80211_is_beacon(hdr->frame_control);
7617

7618
#ifdef LINUXKPI_DEBUG_80211
7619
	/*
7620
	 * We use the mbuf here as otherwise the variable part might
7621
	 * be in skb frags.
7622
	 */
7623
	if (is_beacon && ((linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0))
7624
		lkpi_rx_log_beacon(m, lhw, rx_status);
7625

7626
	if (is_beacon && (linuxkpi_debug_80211 & D80211_TRACE_RX_BEACONS) == 0 &&
7627
	   (linuxkpi_debug_80211 & D80211_SCAN_BEACON) == 0)
7628
		goto no_trace_beacons;
7629

7630
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7631
		printf("TRACE-RX: %s: skb %p l/d/t-len (%u/%u/%u) "
7632
		    "h %p d %p t %p e %p sh %p (%u) m %p plen %u len %u%s\n",
7633
		    __func__, skb, skb->len, skb->data_len,
7634
		    skb->truesize, skb->head, skb->data, skb->tail, skb->end,
7635
		    shinfo, shinfo->nr_frags,
7636
		    m, m->m_pkthdr.len, m->m_len, is_beacon ? " beacon" : "");
7637

7638
	if (linuxkpi_debug_80211 & D80211_TRACE_RX_DUMP)
7639
		hexdump(mtod(m, const void *), m->m_len, "RX (raw) ", 0);
7640

7641
	/* Implement a dump_rxcb() !!! */
7642
	if ((linuxkpi_debug_80211 & D80211_TRACE_RX) != 0 ||
7643
	    (linuxkpi_debug_80211 & D80211_SCAN_BEACON) != 0)
7644
		printf("TRACE-RX: %s: RXCB: %ju %ju %u, %b, %u, %#0x, %#0x, "
7645
		    "%u band %u, %u { %d %d %d %d }, %d, %#x %#x %#x %#x %u %u %u\n",
7646
			__func__,
7647
			(uintmax_t)rx_status->boottime_ns,
7648
			(uintmax_t)rx_status->mactime,
7649
			rx_status->device_timestamp,
7650
			rx_status->flag, IEEE80211_RX_STATUS_FLAGS_BITS,
7651
			rx_status->freq,
7652
			rx_status->bw,
7653
			rx_status->encoding,
7654
			rx_status->ampdu_reference,
7655
			rx_status->band,
7656
			rx_status->chains,
7657
			rx_status->chain_signal[0],
7658
			rx_status->chain_signal[1],
7659
			rx_status->chain_signal[2],
7660
			rx_status->chain_signal[3],
7661
			rx_status->signal,
7662
			rx_status->enc_flags,
7663
			rx_status->he_dcm,
7664
			rx_status->he_gi,
7665
			rx_status->he_ru,
7666
			rx_status->zero_length_psdu_type,
7667
			rx_status->nss,
7668
			rx_status->rate_idx);
7669
no_trace_beacons:
7670
#endif
7671

7672
	lsta = NULL;
7673
	if (sta != NULL) {
7674
		lsta = STA_TO_LSTA(sta);
7675
		ni = ieee80211_ref_node(lsta->ni);
7676
	} else {
7677
		struct ieee80211_frame_min *wh;
7678

7679
		wh = mtod(m, struct ieee80211_frame_min *);
7680
		ni = ieee80211_find_rxnode(ic, wh);
7681
		if (ni != NULL)
7682
			lsta = ni->ni_drv_data;
7683
	}
7684

7685
	rssi = 0;
7686
	lkpi_convert_rx_status(hw, lsta, rx_status, &rx_stats, &rssi);
7687

7688
	ok = ieee80211_add_rx_params(m, &rx_stats);
7689
	if (ok == 0) {
7690
		m_freem(m);
7691
		counter_u64_add(ic->ic_ierrors, 1);
7692
		goto err;
7693
	}
7694

7695
	if (ni != NULL)
7696
		vap = ni->ni_vap;
7697
	else
7698
		/*
7699
		 * XXX-BZ can we improve this by looking at the frame hdr
7700
		 * or other meta-data passed up?
7701
		 */
7702
		vap = TAILQ_FIRST(&ic->ic_vaps);
7703

7704
#ifdef LINUXKPI_DEBUG_80211
7705
	if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7706
		printf("TRACE-RX: %s: sta %p lsta %p state %d ni %p vap %p%s\n",
7707
		    __func__, sta, lsta, (lsta != NULL) ? lsta->state : -1,
7708
		    ni, vap, is_beacon ? " beacon" : "");
7709
#endif
7710

7711
	if (ni != NULL && vap != NULL && is_beacon &&
7712
	    rx_status->device_timestamp > 0 &&
7713
	    m->m_pkthdr.len >= sizeof(struct ieee80211_frame)) {
7714
		struct lkpi_vif *lvif;
7715
		struct ieee80211_vif *vif;
7716
		struct ieee80211_frame *wh;
7717

7718
		wh = mtod(m, struct ieee80211_frame *);
7719
		if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid))
7720
			goto skip_device_ts;
7721

7722
		lvif = VAP_TO_LVIF(vap);
7723
		vif = LVIF_TO_VIF(lvif);
7724

7725
		IMPROVE("TIMING_BEACON_ONLY?");
7726
		/* mac80211 specific (not net80211) so keep it here. */
7727
		vif->bss_conf.sync_device_ts = rx_status->device_timestamp;
7728
		/*
7729
		 * net80211 should take care of the other information (sync_tsf,
7730
		 * sync_dtim_count) as otherwise we need to parse the beacon.
7731
		 */
7732
skip_device_ts:
7733
		;
7734
	}
7735

7736
	if (vap != NULL && vap->iv_state > IEEE80211_S_INIT &&
7737
	    ieee80211_radiotap_active_vap(vap)) {
7738
		struct lkpi_radiotap_rx_hdr *rtap;
7739

7740
		rtap = &lhw->rtap_rx;
7741
		rtap->wr_tsft = rx_status->device_timestamp;
7742
		rtap->wr_flags = 0;
7743
		if (rx_status->enc_flags & RX_ENC_FLAG_SHORTPRE)
7744
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
7745
		if (rx_status->enc_flags & RX_ENC_FLAG_SHORT_GI)
7746
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTGI;
7747
#if 0	/* .. or it does not given we strip it below. */
7748
		if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7749
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_FCS;
7750
#endif
7751
		if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
7752
			rtap->wr_flags |= IEEE80211_RADIOTAP_F_BADFCS;
7753
		rtap->wr_rate = 0;
7754
		IMPROVE();
7755
		/* XXX TODO status->encoding / rate_index / bw */
7756
		rtap->wr_chan_freq = htole16(rx_stats.c_freq);
7757
		if (ic->ic_curchan->ic_ieee == rx_stats.c_ieee)
7758
			rtap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
7759
		rtap->wr_dbm_antsignal = rssi;
7760
		rtap->wr_dbm_antnoise = rx_stats.c_nf;
7761
	}
7762

7763
	if (ieee80211_hw_check(hw, RX_INCLUDES_FCS))
7764
		m_adj(m, -IEEE80211_CRC_LEN);
7765

7766
#if 0
7767
	if (list != NULL) {
7768
		/*
7769
		* Normally this would be queued up and delivered by
7770
		* netif_receive_skb_list(), napi_gro_receive(), or the like.
7771
		* See mt76::mac80211.c as only current possible consumer.
7772
		*/
7773
		IMPROVE("we simply pass the packet to net80211 to deal with.");
7774
	}
7775
#endif
7776

7777
	/* Attach meta-information to the mbuf for the deferred RX path. */
7778
	if (ni != NULL) {
7779
#ifdef LKPI_80211_USE_MTAG
7780
		struct m_tag *mtag;
7781
		struct lkpi_80211_tag_rxni *rxni;
7782

7783
		mtag = m_tag_alloc(MTAG_ABI_LKPI80211, LKPI80211_TAG_RXNI,
7784
		    sizeof(*rxni), IEEE80211_M_NOWAIT);
7785
		if (mtag == NULL) {
7786
			m_freem(m);
7787
			counter_u64_add(ic->ic_ierrors, 1);
7788
			goto err;
7789
		}
7790
		rxni = (struct lkpi_80211_tag_rxni *)(mtag + 1);
7791
		rxni->ni = ni;		/* We hold a reference. */
7792
		m_tag_prepend(m, mtag);
7793
#else
7794
		m->m_pkthdr.PH_loc.ptr = ni;	/* We hold a reference. */
7795
#endif
7796
	}
7797

7798
	LKPI_80211_LHW_RXQ_LOCK(lhw);
7799
	if (lhw->rxq_stopped) {
7800
		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7801
		m_freem(m);
7802
		counter_u64_add(ic->ic_ierrors, 1);
7803
		goto err;
7804
	}
7805

7806
	error = mbufq_enqueue(&lhw->rxq, m);
7807
	if (error != 0) {
7808
		LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7809
		m_freem(m);
7810
		counter_u64_add(ic->ic_ierrors, 1);
7811
#ifdef LINUXKPI_DEBUG_80211
7812
		if (linuxkpi_debug_80211 & D80211_TRACE_RX)
7813
			ic_printf(ni->ni_ic, "%s: mbufq_enqueue failed: %d\n",
7814
			    __func__, error);
7815
#endif
7816
		goto err;
7817
	}
7818
	taskqueue_enqueue(taskqueue_thread, &lhw->rxq_task);
7819
	LKPI_80211_LHW_RXQ_UNLOCK(lhw);
7820

7821
	IMPROVE();
7822

7823
err:
7824
	/* The skb is ours so we can free it :-) */
7825
	kfree_skb(skb);
7826
}
7827

7828
uint8_t
7829
linuxkpi_ieee80211_get_tid(struct ieee80211_hdr *hdr, bool nonqos_ok)
7830
{
7831
	const struct ieee80211_frame *wh;
7832
	uint8_t tid;
7833

7834
	/* Linux seems to assume this is a QOS-Data-Frame */
7835
	KASSERT(nonqos_ok || ieee80211_is_data_qos(hdr->frame_control),
7836
	   ("%s: hdr %p fc %#06x not qos_data\n", __func__, hdr,
7837
	   hdr->frame_control));
7838

7839
	wh = (const struct ieee80211_frame *)hdr;
7840
	tid = ieee80211_gettid(wh);
7841
	KASSERT(nonqos_ok || tid == (tid & IEEE80211_QOS_TID), ("%s: tid %u "
7842
	   "not expected (%u?)\n", __func__, tid, IEEE80211_NONQOS_TID));
7843

7844
	return (tid);
7845
}
7846

7847
/* -------------------------------------------------------------------------- */
7848

7849
static void
7850
lkpi_wiphy_work(struct work_struct *work)
7851
{
7852
	struct lkpi_wiphy *lwiphy;
7853
	struct wiphy *wiphy;
7854
	struct wiphy_work *wk;
7855

7856
	lwiphy = container_of(work, struct lkpi_wiphy, wwk);
7857
	wiphy = LWIPHY_TO_WIPHY(lwiphy);
7858

7859
	wiphy_lock(wiphy);
7860

7861
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7862
	wk = list_first_entry_or_null(&lwiphy->wwk_list, struct wiphy_work, entry);
7863
	/* If there is nothing we do nothing. */
7864
	if (wk == NULL) {
7865
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7866
		wiphy_unlock(wiphy);
7867
		return;
7868
	}
7869
	list_del_init(&wk->entry);
7870

7871
	/* More work to do? */
7872
	if (!list_empty(&lwiphy->wwk_list))
7873
		schedule_work(work);
7874
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7875

7876
	/* Finally call the (*wiphy_work_fn)() function. */
7877
	wk->fn(wiphy, wk);
7878

7879
	wiphy_unlock(wiphy);
7880
}
7881

7882
void
7883
linuxkpi_wiphy_work_queue(struct wiphy *wiphy, struct wiphy_work *wwk)
7884
{
7885
	struct lkpi_wiphy *lwiphy;
7886

7887
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7888

7889
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7890
	/* Do not double-queue. */
7891
	if (list_empty(&wwk->entry))
7892
		list_add_tail(&wwk->entry, &lwiphy->wwk_list);
7893
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7894

7895
	/*
7896
	 * See how ieee80211_queue_work() work continues in Linux or if things
7897
	 * migrate here over time?
7898
	 * Use a system queue from linux/workqueue.h for now.
7899
	 */
7900
	queue_work(system_wq, &lwiphy->wwk);
7901
}
7902

7903
void
7904
linuxkpi_wiphy_work_cancel(struct wiphy *wiphy, struct wiphy_work *wwk)
7905
{
7906
	struct lkpi_wiphy *lwiphy;
7907

7908
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7909

7910
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7911
	/* Only cancel if queued. */
7912
	if (!list_empty(&wwk->entry))
7913
		list_del_init(&wwk->entry);
7914
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7915
}
7916

7917
void
7918
linuxkpi_wiphy_work_flush(struct wiphy *wiphy, struct wiphy_work *wwk)
7919
{
7920
	struct lkpi_wiphy *lwiphy;
7921
	struct wiphy_work *wk;
7922

7923
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
7924
	LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7925
	/* If wwk is unset, flush everything; called when wiphy is shut down. */
7926
	if (wwk != NULL && list_empty(&wwk->entry)) {
7927
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7928
		return;
7929
	}
7930

7931
	while (!list_empty(&lwiphy->wwk_list)) {
7932

7933
		wk = list_first_entry(&lwiphy->wwk_list, struct wiphy_work,
7934
		    entry);
7935
		list_del_init(&wk->entry);
7936
		LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7937
		wk->fn(wiphy, wk);
7938
		LKPI_80211_LWIPHY_WORK_LOCK(lwiphy);
7939
		if (wk == wwk)
7940
			break;
7941
	}
7942
	LKPI_80211_LWIPHY_WORK_UNLOCK(lwiphy);
7943
}
7944

7945
void
7946
lkpi_wiphy_delayed_work_timer(struct timer_list *tl)
7947
{
7948
	struct wiphy_delayed_work *wdwk;
7949

7950
	wdwk = timer_container_of(wdwk, tl, timer);
7951
	wiphy_work_queue(wdwk->wiphy, &wdwk->work);
7952
}
7953

7954
void
7955
linuxkpi_wiphy_delayed_work_queue(struct wiphy *wiphy,
7956
    struct wiphy_delayed_work *wdwk, unsigned long delay)
7957
{
7958
	if (delay == 0) {
7959
		/* Run right away. */
7960
		del_timer(&wdwk->timer);
7961
		wiphy_work_queue(wiphy, &wdwk->work);
7962
	} else {
7963
		wdwk->wiphy = wiphy;
7964
		mod_timer(&wdwk->timer, jiffies + delay);
7965
	}
7966
}
7967

7968
void
7969
linuxkpi_wiphy_delayed_work_cancel(struct wiphy *wiphy,
7970
    struct wiphy_delayed_work *wdwk)
7971
{
7972
	del_timer_sync(&wdwk->timer);
7973
	wiphy_work_cancel(wiphy, &wdwk->work);
7974
}
7975

7976
void
7977
linuxkpi_wiphy_delayed_work_flush(struct wiphy *wiphy,
7978
    struct wiphy_delayed_work *wdwk)
7979
{
7980
	lockdep_assert_held(&wiphy->mtx);
7981

7982
	del_timer_sync(&wdwk->timer);
7983
	wiphy_work_flush(wiphy, &wdwk->work);
7984
}
7985

7986
/* -------------------------------------------------------------------------- */
7987

7988
struct wiphy *
7989
linuxkpi_wiphy_new(const struct cfg80211_ops *ops, size_t priv_len)
7990
{
7991
	struct lkpi_wiphy *lwiphy;
7992
	struct wiphy *wiphy;
7993

7994
	lwiphy = kzalloc(sizeof(*lwiphy) + priv_len, GFP_KERNEL);
7995
	if (lwiphy == NULL)
7996
		return (NULL);
7997
	lwiphy->ops = ops;
7998

7999
	LKPI_80211_LWIPHY_WORK_LOCK_INIT(lwiphy);
8000
	INIT_LIST_HEAD(&lwiphy->wwk_list);
8001
	INIT_WORK(&lwiphy->wwk, lkpi_wiphy_work);
8002

8003
	wiphy = LWIPHY_TO_WIPHY(lwiphy);
8004

8005
	mutex_init(&wiphy->mtx);
8006
	TODO();
8007

8008
	return (wiphy);
8009
}
8010

8011
void
8012
linuxkpi_wiphy_free(struct wiphy *wiphy)
8013
{
8014
	struct lkpi_wiphy *lwiphy;
8015

8016
	if (wiphy == NULL)
8017
		return;
8018

8019
	linuxkpi_wiphy_work_flush(wiphy, NULL);
8020
	mutex_destroy(&wiphy->mtx);
8021

8022
	lwiphy = WIPHY_TO_LWIPHY(wiphy);
8023
	LKPI_80211_LWIPHY_WORK_LOCK_DESTROY(lwiphy);
8024

8025
	kfree(lwiphy);
8026
}
8027

8028
static void
8029
lkpi_wiphy_band_annotate(struct wiphy *wiphy)
8030
{
8031
	int band;
8032

8033
	for (band = 0; band < NUM_NL80211_BANDS; band++) {
8034
		struct ieee80211_supported_band *supband;
8035
		int i;
8036

8037
		supband = wiphy->bands[band];
8038
		if (supband == NULL)
8039
			continue;
8040

8041
		switch (band) {
8042
		case NL80211_BAND_2GHZ:
8043
		case NL80211_BAND_5GHZ:
8044
			break;
8045
		default:
8046
#ifdef LINUXKPI_DEBUG_80211
8047
			IMPROVE("band %d(%s) not yet supported",
8048
			    band, lkpi_nl80211_band_name(band));
8049
			/* For bands added here, also check lkpi_lsta_alloc(). */
8050
#endif
8051
			continue;
8052
		}
8053

8054
		for (i = 0; i < supband->n_bitrates; i++) {
8055
			switch (band) {
8056
			case NL80211_BAND_2GHZ:
8057
				switch (supband->bitrates[i].bitrate) {
8058
				case 110:
8059
				case 55:
8060
				case 20:
8061
				case 10:
8062
					supband->bitrates[i].flags |=
8063
					    IEEE80211_RATE_MANDATORY_B;
8064
					/* FALLTHROUGH */
8065
				/* 11g only */
8066
				case 240:
8067
				case 120:
8068
				case 60:
8069
					supband->bitrates[i].flags |=
8070
					    IEEE80211_RATE_MANDATORY_G;
8071
					break;
8072
				}
8073
				break;
8074
			case NL80211_BAND_5GHZ:
8075
				switch (supband->bitrates[i].bitrate) {
8076
				case 240:
8077
				case 120:
8078
				case 60:
8079
					supband->bitrates[i].flags |=
8080
					    IEEE80211_RATE_MANDATORY_A;
8081
					break;
8082
				}
8083
				break;
8084
			}
8085
		}
8086
	}
8087
}
8088

8089
int
8090
linuxkpi_80211_wiphy_register(struct wiphy *wiphy)
8091
{
8092
	TODO("Lots of checks and initialization");
8093

8094
	lkpi_wiphy_band_annotate(wiphy);
8095

8096
	return (0);
8097
}
8098

8099
static uint32_t
8100
lkpi_cfg80211_calculate_bitrate_ht(struct rate_info *rate)
8101
{
8102
	TODO("cfg80211_calculate_bitrate_ht");
8103
	return (rate->legacy);
8104
}
8105

8106
static uint32_t
8107
lkpi_cfg80211_calculate_bitrate_vht(struct rate_info *rate)
8108
{
8109
	TODO("cfg80211_calculate_bitrate_vht");
8110
	return (rate->legacy);
8111
}
8112

8113
uint32_t
8114
linuxkpi_cfg80211_calculate_bitrate(struct rate_info *rate)
8115
{
8116

8117
	/* Beware: order! */
8118
	if (rate->flags & RATE_INFO_FLAGS_MCS)
8119
		return (lkpi_cfg80211_calculate_bitrate_ht(rate));
8120

8121
	if (rate->flags & RATE_INFO_FLAGS_VHT_MCS)
8122
		return (lkpi_cfg80211_calculate_bitrate_vht(rate));
8123

8124
	IMPROVE("HE/EHT/...");
8125

8126
	return (rate->legacy);
8127
}
8128

8129
uint32_t
8130
linuxkpi_ieee80211_channel_to_frequency(uint32_t channel,
8131
    enum nl80211_band band)
8132
{
8133

8134
	switch (band) {
8135
	case NL80211_BAND_2GHZ:
8136
		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_2GHZ));
8137
		break;
8138
	case NL80211_BAND_5GHZ:
8139
		return (ieee80211_ieee2mhz(channel, IEEE80211_CHAN_5GHZ));
8140
		break;
8141
	default:
8142
		/* XXX abort, retry, error, panic? */
8143
		break;
8144
	}
8145

8146
	return (0);
8147
}
8148

8149
uint32_t
8150
linuxkpi_ieee80211_frequency_to_channel(uint32_t freq, uint32_t flags __unused)
8151
{
8152

8153
	return (ieee80211_mhz2ieee(freq, 0));
8154
}
8155

8156
#if 0
8157
static struct lkpi_sta *
8158
lkpi_find_lsta_by_ni(struct lkpi_vif *lvif, struct ieee80211_node *ni)
8159
{
8160
	struct lkpi_sta *lsta, *temp;
8161

8162
	rcu_read_lock();
8163
	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8164
		if (lsta->ni == ni) {
8165
			rcu_read_unlock();
8166
			return (lsta);
8167
		}
8168
	}
8169
	rcu_read_unlock();
8170

8171
	return (NULL);
8172
}
8173
#endif
8174

8175
struct ieee80211_sta *
8176
linuxkpi_ieee80211_find_sta(struct ieee80211_vif *vif, const u8 *peer)
8177
{
8178
	struct lkpi_vif *lvif;
8179
	struct lkpi_sta *lsta;
8180
	struct ieee80211_sta *sta;
8181

8182
	lvif = VIF_TO_LVIF(vif);
8183

8184
	rcu_read_lock();
8185
	list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8186
		sta = LSTA_TO_STA(lsta);
8187
		if (IEEE80211_ADDR_EQ(sta->addr, peer)) {
8188
			rcu_read_unlock();
8189
			return (sta);
8190
		}
8191
	}
8192
	rcu_read_unlock();
8193
	return (NULL);
8194
}
8195

8196
struct ieee80211_sta *
8197
linuxkpi_ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
8198
    const uint8_t *addr, const uint8_t *ourvifaddr)
8199
{
8200
	struct lkpi_hw *lhw;
8201
	struct lkpi_vif *lvif;
8202
	struct lkpi_sta *lsta;
8203
	struct ieee80211_vif *vif;
8204
	struct ieee80211_sta *sta;
8205

8206
	lhw = wiphy_priv(hw->wiphy);
8207
	sta = NULL;
8208

8209
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8210
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8211

8212
		/* XXX-BZ check our address from the vif. */
8213

8214
		vif = LVIF_TO_VIF(lvif);
8215
		if (ourvifaddr != NULL &&
8216
		    !IEEE80211_ADDR_EQ(vif->addr, ourvifaddr))
8217
			continue;
8218
		sta = linuxkpi_ieee80211_find_sta(vif, addr);
8219
		if (sta != NULL)
8220
			break;
8221
	}
8222
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8223

8224
	if (sta != NULL) {
8225
		lsta = STA_TO_LSTA(sta);
8226
		if (!lsta->added_to_drv)
8227
			return (NULL);
8228
	}
8229

8230
	return (sta);
8231
}
8232

8233
struct sk_buff *
8234
linuxkpi_ieee80211_tx_dequeue(struct ieee80211_hw *hw,
8235
    struct ieee80211_txq *txq)
8236
{
8237
	struct lkpi_txq *ltxq;
8238
	struct lkpi_vif *lvif;
8239
	struct sk_buff *skb;
8240

8241
	IMPROVE("wiphy_lock? or assert?");
8242
	skb = NULL;
8243
	ltxq = TXQ_TO_LTXQ(txq);
8244
	ltxq->seen_dequeue = true;
8245

8246
	if (ltxq->stopped)
8247
		goto stopped;
8248

8249
	lvif = VIF_TO_LVIF(ltxq->txq.vif);
8250
	if (lvif->hw_queue_stopped[ltxq->txq.ac]) {
8251
		ltxq->stopped = true;
8252
		goto stopped;
8253
	}
8254

8255
	IMPROVE("hw(TX_FRAG_LIST)");
8256

8257
	LKPI_80211_LTXQ_LOCK(ltxq);
8258
	skb = skb_dequeue(&ltxq->skbq);
8259
	if (skb != NULL)
8260
		ltxq->frms_dequeued++;
8261
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8262

8263
stopped:
8264
	return (skb);
8265
}
8266

8267
void
8268
linuxkpi_ieee80211_txq_get_depth(struct ieee80211_txq *txq,
8269
    unsigned long *frame_cnt, unsigned long *byte_cnt)
8270
{
8271
	struct lkpi_txq *ltxq;
8272
	struct sk_buff *skb;
8273
	unsigned long fc, bc;
8274

8275
	ltxq = TXQ_TO_LTXQ(txq);
8276

8277
	fc = bc = 0;
8278
	LKPI_80211_LTXQ_LOCK(ltxq);
8279
	skb_queue_walk(&ltxq->skbq, skb) {
8280
		fc++;
8281
		bc += skb->len;
8282
	}
8283
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8284
	if (frame_cnt)
8285
		*frame_cnt = fc;
8286
	if (byte_cnt)
8287
		*byte_cnt = bc;
8288

8289
	/* Validate that this is doing the correct thing. */
8290
	/* Should we keep track on en/dequeue? */
8291
	IMPROVE();
8292
}
8293

8294
/*
8295
 * We are called from ieee80211_free_txskb() or ieee80211_tx_status().
8296
 * The latter tries to derive the success status from the info flags
8297
 * passed back from the driver.  rawx_mit() saves the ni on the m and the
8298
 * m on the skb for us to be able to give feedback to net80211.
8299
 */
8300
static void
8301
_lkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8302
    int status)
8303
{
8304
	struct ieee80211_node *ni;
8305
	struct mbuf *m;
8306

8307
	if (skb == NULL)
8308
		return;
8309

8310
	m = skb->m;
8311
	skb->m = NULL;
8312

8313
	if (m != NULL) {
8314
		ni = m->m_pkthdr.PH_loc.ptr;
8315
		/* Status: 0 is ok, != 0 is error. */
8316
		ieee80211_tx_complete(ni, m, status);
8317
		/* ni & mbuf were consumed. */
8318
	}
8319
}
8320

8321
void
8322
linuxkpi_ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb,
8323
    int status)
8324
{
8325

8326
	_lkpi_ieee80211_free_txskb(hw, skb, status);
8327
	kfree_skb(skb);
8328
}
8329

8330
void
8331
linuxkpi_ieee80211_tx_status_ext(struct ieee80211_hw *hw,
8332
    struct ieee80211_tx_status *txstat)
8333
{
8334
	struct sk_buff *skb;
8335
	struct ieee80211_tx_info *info, _info = { };
8336
	struct ieee80211_ratectl_tx_status txs;
8337
	struct ieee80211_node *ni;
8338
	int status;
8339

8340
	skb = txstat->skb;
8341
	if (skb != NULL && skb->m != NULL) {
8342
		struct mbuf *m;
8343

8344
		m = skb->m;
8345
		ni = m->m_pkthdr.PH_loc.ptr;
8346
		memset(&txs, 0, sizeof(txs));
8347
	} else {
8348
		ni = NULL;
8349
	}
8350

8351
	/*
8352
	 * If we have no info information on tx, set info to an all-zero struct
8353
	 * to make the code (and debug output) simpler.
8354
	 */
8355
	info = txstat->info;
8356
	if (info == NULL)
8357
		info = &_info;
8358
	if (info->flags & IEEE80211_TX_STAT_ACK) {
8359
		status = 0;	/* No error. */
8360
		txs.status = IEEE80211_RATECTL_TX_SUCCESS;
8361
	} else {
8362
		status = 1;
8363
		txs.status = IEEE80211_RATECTL_TX_FAIL_UNSPECIFIED;
8364
	}
8365

8366
	if (ni != NULL) {
8367
		txs.pktlen = skb->len;
8368
		txs.flags |= IEEE80211_RATECTL_STATUS_PKTLEN;
8369
		if (info->status.rates[0].count > 1) {
8370
			txs.long_retries = info->status.rates[0].count - 1;	/* 1 + retries in drivers. */
8371
			txs.flags |= IEEE80211_RATECTL_STATUS_LONG_RETRY;
8372
		}
8373
#if 0		/* Unused in net80211 currently. */
8374
		/* XXX-BZ convert check .flags for MCS/VHT/.. */
8375
		txs.final_rate = info->status.rates[0].idx;
8376
		txs.flags |= IEEE80211_RATECTL_STATUS_FINAL_RATE;
8377
#endif
8378
		if (info->status.flags & IEEE80211_TX_STATUS_ACK_SIGNAL_VALID) {
8379
			txs.rssi = info->status.ack_signal;		/* XXX-BZ CONVERT? */
8380
			txs.flags |= IEEE80211_RATECTL_STATUS_RSSI;
8381
		}
8382

8383
		IMPROVE("only update rate if needed but that requires us to get a proper rate from mo_sta_statistics");
8384
		ieee80211_ratectl_tx_complete(ni, &txs);
8385
		ieee80211_ratectl_rate(ni->ni_vap->iv_bss, NULL, 0);
8386

8387
#ifdef LINUXKPI_DEBUG_80211
8388
		if (linuxkpi_debug_80211 & D80211_TRACE_TX) {
8389
			printf("TX-RATE: %s: long_retries %d\n", __func__,
8390
			    txs.long_retries);
8391
		}
8392
#endif
8393
	}
8394

8395
#ifdef LINUXKPI_DEBUG_80211
8396
	if (linuxkpi_debug_80211 & D80211_TRACE_TX)
8397
		printf("TX-STATUS: %s: hw %p skb %p status %d : flags %#x "
8398
		    "band %u hw_queue %u tx_time_est %d : "
8399
		    "rates [ %u %u %#x, %u %u %#x, %u %u %#x, %u %u %#x ] "
8400
		    "ack_signal %u ampdu_ack_len %u ampdu_len %u antenna %u "
8401
		    "tx_time %u flags %#x "
8402
		    "status_driver_data [ %p %p ]\n",
8403
		    __func__, hw, skb, status, info->flags,
8404
		    info->band, info->hw_queue, info->tx_time_est,
8405
		    info->status.rates[0].idx, info->status.rates[0].count,
8406
		    info->status.rates[0].flags,
8407
		    info->status.rates[1].idx, info->status.rates[1].count,
8408
		    info->status.rates[1].flags,
8409
		    info->status.rates[2].idx, info->status.rates[2].count,
8410
		    info->status.rates[2].flags,
8411
		    info->status.rates[3].idx, info->status.rates[3].count,
8412
		    info->status.rates[3].flags,
8413
		    info->status.ack_signal, info->status.ampdu_ack_len,
8414
		    info->status.ampdu_len, info->status.antenna,
8415
		    info->status.tx_time, info->status.flags,
8416
		    info->status.status_driver_data[0],
8417
		    info->status.status_driver_data[1]);
8418
#endif
8419

8420
	if (txstat->free_list) {
8421
		_lkpi_ieee80211_free_txskb(hw, skb, status);
8422
		if (skb != NULL)
8423
			list_add_tail(&skb->list, txstat->free_list);
8424
	} else {
8425
		linuxkpi_ieee80211_free_txskb(hw, skb, status);
8426
	}
8427
}
8428

8429
void
8430
linuxkpi_ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
8431
{
8432
	struct ieee80211_tx_status status;
8433

8434
	memset(&status, 0, sizeof(status));
8435
	status.info = IEEE80211_SKB_CB(skb);
8436
	status.skb = skb;
8437
	/* sta, n_rates, rates, free_list? */
8438

8439
	ieee80211_tx_status_ext(hw, &status);
8440
}
8441

8442
/*
8443
 * This is an internal bandaid for the moment for the way we glue
8444
 * skbs and mbufs together for TX.  Once we have skbs backed by
8445
 * mbufs this should go away.
8446
 * This is a public function but kept on the private KPI (lkpi_)
8447
 * and is not exposed by a header file.
8448
 */
8449
static void
8450
lkpi_ieee80211_free_skb_mbuf(void *p)
8451
{
8452
	struct ieee80211_node *ni;
8453
	struct mbuf *m;
8454

8455
	if (p == NULL)
8456
		return;
8457

8458
	m = (struct mbuf *)p;
8459
	M_ASSERTPKTHDR(m);
8460

8461
	ni = m->m_pkthdr.PH_loc.ptr;
8462
	m->m_pkthdr.PH_loc.ptr = NULL;
8463
	if (ni != NULL)
8464
		ieee80211_free_node(ni);
8465
	m_freem(m);
8466
}
8467

8468
void
8469
linuxkpi_ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
8470
    struct delayed_work *w, int delay)
8471
{
8472
	struct lkpi_hw *lhw;
8473

8474
	/* Need to make sure hw is in a stable (non-suspended) state. */
8475
	IMPROVE();
8476

8477
	lhw = HW_TO_LHW(hw);
8478
	queue_delayed_work(lhw->workq, w, delay);
8479
}
8480

8481
void
8482
linuxkpi_ieee80211_queue_work(struct ieee80211_hw *hw,
8483
    struct work_struct *w)
8484
{
8485
	struct lkpi_hw *lhw;
8486

8487
	/* Need to make sure hw is in a stable (non-suspended) state. */
8488
	IMPROVE();
8489

8490
	lhw = HW_TO_LHW(hw);
8491
	queue_work(lhw->workq, w);
8492
}
8493

8494
struct sk_buff *
8495
linuxkpi_ieee80211_probereq_get(struct ieee80211_hw *hw, const uint8_t *addr,
8496
    const uint8_t *ssid, size_t ssid_len, size_t tailroom)
8497
{
8498
	struct sk_buff *skb;
8499
	struct ieee80211_frame *wh;
8500
	uint8_t *p;
8501
	size_t len;
8502

8503
	len = sizeof(*wh);
8504
	len += 2 + ssid_len;
8505

8506
	skb = dev_alloc_skb(hw->extra_tx_headroom + len + tailroom);
8507
	if (skb == NULL)
8508
		return (NULL);
8509

8510
	skb_reserve(skb, hw->extra_tx_headroom);
8511

8512
	wh = skb_put_zero(skb, sizeof(*wh));
8513
	wh->i_fc[0] = IEEE80211_FC0_VERSION_0;
8514
	wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PROBE_REQ | IEEE80211_FC0_TYPE_MGT;
8515
	IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr);
8516
	IEEE80211_ADDR_COPY(wh->i_addr2, addr);
8517
	IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr);
8518

8519
	p = skb_put(skb, 2 + ssid_len);
8520
	*p++ = IEEE80211_ELEMID_SSID;
8521
	*p++ = ssid_len;
8522
	if (ssid_len > 0)
8523
		memcpy(p, ssid, ssid_len);
8524

8525
	return (skb);
8526
}
8527

8528
struct sk_buff *
8529
linuxkpi_ieee80211_pspoll_get(struct ieee80211_hw *hw,
8530
    struct ieee80211_vif *vif)
8531
{
8532
	struct lkpi_vif *lvif;
8533
	struct ieee80211vap *vap;
8534
	struct sk_buff *skb;
8535
	struct ieee80211_frame_pspoll *psp;
8536
	uint16_t v;
8537

8538
	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*psp));
8539
	if (skb == NULL)
8540
		return (NULL);
8541

8542
	skb_reserve(skb, hw->extra_tx_headroom);
8543

8544
	lvif = VIF_TO_LVIF(vif);
8545
	vap = LVIF_TO_VAP(lvif);
8546

8547
	psp = skb_put_zero(skb, sizeof(*psp));
8548
	psp->i_fc[0] = IEEE80211_FC0_VERSION_0;
8549
	psp->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PS_POLL | IEEE80211_FC0_TYPE_CTL;
8550
	v = htole16(vif->cfg.aid | 1<<15 | 1<<16);
8551
	memcpy(&psp->i_aid, &v, sizeof(v));
8552
	IEEE80211_ADDR_COPY(psp->i_bssid, vap->iv_bss->ni_macaddr);
8553
	IEEE80211_ADDR_COPY(psp->i_ta, vif->addr);
8554

8555
	return (skb);
8556
}
8557

8558
struct sk_buff *
8559
linuxkpi_ieee80211_nullfunc_get(struct ieee80211_hw *hw,
8560
    struct ieee80211_vif *vif, int linkid, bool qos)
8561
{
8562
	struct lkpi_vif *lvif;
8563
	struct ieee80211vap *vap;
8564
	struct sk_buff *skb;
8565
	struct ieee80211_frame *nullf;
8566

8567
	IMPROVE("linkid");
8568

8569
	skb = dev_alloc_skb(hw->extra_tx_headroom + sizeof(*nullf));
8570
	if (skb == NULL)
8571
		return (NULL);
8572

8573
	skb_reserve(skb, hw->extra_tx_headroom);
8574

8575
	lvif = VIF_TO_LVIF(vif);
8576
	vap = LVIF_TO_VAP(lvif);
8577

8578
	nullf = skb_put_zero(skb, sizeof(*nullf));
8579
	nullf->i_fc[0] = IEEE80211_FC0_VERSION_0;
8580
	nullf->i_fc[0] |= IEEE80211_FC0_SUBTYPE_NODATA | IEEE80211_FC0_TYPE_DATA;
8581
	nullf->i_fc[1] = IEEE80211_FC1_DIR_TODS;
8582

8583
	IEEE80211_ADDR_COPY(nullf->i_addr1, vap->iv_bss->ni_bssid);
8584
	IEEE80211_ADDR_COPY(nullf->i_addr2, vif->addr);
8585
	IEEE80211_ADDR_COPY(nullf->i_addr3, vap->iv_bss->ni_macaddr);
8586

8587
	return (skb);
8588
}
8589

8590
struct wireless_dev *
8591
linuxkpi_ieee80211_vif_to_wdev(struct ieee80211_vif *vif)
8592
{
8593
	struct lkpi_vif *lvif;
8594

8595
	lvif = VIF_TO_LVIF(vif);
8596
	return (&lvif->wdev);
8597
}
8598

8599
void
8600
linuxkpi_ieee80211_connection_loss(struct ieee80211_vif *vif)
8601
{
8602
	struct lkpi_vif *lvif;
8603
	struct ieee80211vap *vap;
8604
	enum ieee80211_state nstate;
8605
	int arg;
8606

8607
	lvif = VIF_TO_LVIF(vif);
8608
	vap = LVIF_TO_VAP(lvif);
8609

8610
	/*
8611
	 * Go to init; otherwise we need to elaborately check state and
8612
	 * handle accordingly, e.g., if in RUN we could call iv_bmiss.
8613
	 * Let the statemachine handle all neccessary changes.
8614
	 */
8615
	nstate = IEEE80211_S_INIT;
8616
	arg = 0;	/* Not a valid reason. */
8617

8618
	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8619
	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8620
	    ieee80211_state_name[vap->iv_state],
8621
	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8622
	    vif->bss_conf.dtim_period);
8623
	ieee80211_new_state(vap, nstate, arg);
8624
}
8625

8626
void
8627
linuxkpi_ieee80211_beacon_loss(struct ieee80211_vif *vif)
8628
{
8629
	struct lkpi_vif *lvif;
8630
	struct ieee80211vap *vap;
8631

8632
	lvif = VIF_TO_LVIF(vif);
8633
	vap = LVIF_TO_VAP(lvif);
8634

8635
	ic_printf(vap->iv_ic, "%s: vif %p vap %p state %s (synched %d, assoc %d "
8636
	    "beacons %d dtim_period %d)\n", __func__, vif, vap,
8637
	    ieee80211_state_name[vap->iv_state],
8638
	    lvif->lvif_bss_synched, vif->cfg.assoc, lvif->beacons,
8639
	    vif->bss_conf.dtim_period);
8640
	ieee80211_beacon_miss(vap->iv_ic);
8641
}
8642

8643
/* -------------------------------------------------------------------------- */
8644

8645
void
8646
linuxkpi_ieee80211_stop_queue(struct ieee80211_hw *hw, int qnum)
8647
{
8648
	struct lkpi_hw *lhw;
8649
	struct lkpi_vif *lvif;
8650
	struct ieee80211_vif *vif;
8651
	int ac_count, ac;
8652

8653
	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
8654
	    __func__, qnum, hw->queues, hw));
8655

8656
	lhw = wiphy_priv(hw->wiphy);
8657

8658
	/* See lkpi_ic_vap_create(). */
8659
	if (hw->queues >= IEEE80211_NUM_ACS)
8660
		ac_count = IEEE80211_NUM_ACS;
8661
	else
8662
		ac_count = 1;
8663

8664
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8665
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8666

8667
		vif = LVIF_TO_VIF(lvif);
8668
		for (ac = 0; ac < ac_count; ac++) {
8669
			IMPROVE_TXQ("LOCKING");
8670
			if (qnum == vif->hw_queue[ac]) {
8671
#ifdef LINUXKPI_DEBUG_80211
8672
				/*
8673
				 * For now log this to better understand
8674
				 * how this is supposed to work.
8675
				 */
8676
				if (lvif->hw_queue_stopped[ac] &&
8677
				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8678
					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8679
					    "lvif %p vif %p ac %d qnum %d already "
8680
					    "stopped\n", __func__, __LINE__,
8681
					    lhw, hw, lvif, vif, ac, qnum);
8682
#endif
8683
				lvif->hw_queue_stopped[ac] = true;
8684
			}
8685
		}
8686
	}
8687
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8688
}
8689

8690
void
8691
linuxkpi_ieee80211_stop_queues(struct ieee80211_hw *hw)
8692
{
8693
	int i;
8694

8695
	IMPROVE_TXQ("Locking; do we need further info?");
8696
	for (i = 0; i < hw->queues; i++)
8697
		linuxkpi_ieee80211_stop_queue(hw, i);
8698
}
8699

8700

8701
static void
8702
lkpi_ieee80211_wake_queues(struct ieee80211_hw *hw, int hwq)
8703
{
8704
	struct lkpi_hw *lhw;
8705
	struct lkpi_vif *lvif;
8706
	struct lkpi_sta *lsta;
8707
	int ac_count, ac, tid;
8708

8709
	/* See lkpi_ic_vap_create(). */
8710
	if (hw->queues >= IEEE80211_NUM_ACS)
8711
		ac_count = IEEE80211_NUM_ACS;
8712
	else
8713
		ac_count = 1;
8714

8715
	lhw = wiphy_priv(hw->wiphy);
8716

8717
	IMPROVE_TXQ("Locking");
8718
	LKPI_80211_LHW_LVIF_LOCK(lhw);
8719
	TAILQ_FOREACH(lvif, &lhw->lvif_head, lvif_entry) {
8720
		struct ieee80211_vif *vif;
8721

8722
		vif = LVIF_TO_VIF(lvif);
8723
		for (ac = 0; ac < ac_count; ac++) {
8724

8725
			if (hwq == vif->hw_queue[ac]) {
8726

8727
				/* XXX-BZ what about software scan? */
8728

8729
#ifdef LINUXKPI_DEBUG_80211
8730
				/*
8731
				 * For now log this to better understand
8732
				 * how this is supposed to work.
8733
				 */
8734
				if (!lvif->hw_queue_stopped[ac] &&
8735
				    (linuxkpi_debug_80211 & D80211_IMPROVE_TXQ) != 0)
8736
					ic_printf(lhw->ic, "%s:%d: lhw %p hw %p "
8737
					    "lvif %p vif %p ac %d hw_q not stopped\n",
8738
					    __func__, __LINE__,
8739
					    lhw, hw, lvif, vif, ac);
8740
#endif
8741
				lvif->hw_queue_stopped[ac] = false;
8742

8743
				rcu_read_lock();
8744
				list_for_each_entry_rcu(lsta, &lvif->lsta_list, lsta_list) {
8745
					struct ieee80211_sta *sta;
8746

8747
					sta = LSTA_TO_STA(lsta);
8748
					for (tid = 0; tid < nitems(sta->txq); tid++) {
8749
						struct lkpi_txq *ltxq;
8750

8751
						if (sta->txq[tid] == NULL)
8752
							continue;
8753

8754
						if (sta->txq[tid]->ac != ac)
8755
							continue;
8756

8757
						ltxq = TXQ_TO_LTXQ(sta->txq[tid]);
8758
						if (!ltxq->stopped)
8759
							continue;
8760

8761
						ltxq->stopped = false;
8762

8763
						if (!skb_queue_empty(&ltxq->skbq))
8764
							lkpi_80211_mo_wake_tx_queue(hw, sta->txq[tid], false);
8765
					}
8766
				}
8767
				rcu_read_unlock();
8768
			}
8769
		}
8770
	}
8771
	LKPI_80211_LHW_LVIF_UNLOCK(lhw);
8772
}
8773

8774
static void
8775
lkpi_ieee80211_wake_queues_locked(struct ieee80211_hw *hw)
8776
{
8777
	int i;
8778

8779
	IMPROVE_TXQ("Is this all/enough here?");
8780
	for (i = 0; i < hw->queues; i++)
8781
		lkpi_ieee80211_wake_queues(hw, i);
8782
}
8783

8784
void
8785
linuxkpi_ieee80211_wake_queues(struct ieee80211_hw *hw)
8786
{
8787
	struct lkpi_hw *lhw;
8788
	unsigned long flags;
8789

8790
	lhw = HW_TO_LHW(hw);
8791

8792
	spin_lock_irqsave(&lhw->txq_lock, flags);
8793
	lkpi_ieee80211_wake_queues_locked(hw);
8794
	spin_unlock_irqrestore(&lhw->txq_lock, flags);
8795
}
8796

8797
void
8798
linuxkpi_ieee80211_wake_queue(struct ieee80211_hw *hw, int qnum)
8799
{
8800
	struct lkpi_hw *lhw;
8801
	unsigned long flags;
8802

8803
	KASSERT(qnum < hw->queues, ("%s: qnum %d >= hw->queues %d, hw %p\n",
8804
	    __func__, qnum, hw->queues, hw));
8805

8806
	lhw = HW_TO_LHW(hw);
8807

8808
	spin_lock_irqsave(&lhw->txq_lock, flags);
8809
	lkpi_ieee80211_wake_queues(hw, qnum);
8810
	spin_unlock_irqrestore(&lhw->txq_lock, flags);
8811
}
8812

8813
/* -------------------------------------------------------------------------- */
8814

8815
/* This is just hardware queues. */
8816
/*
8817
 * Being called from the driver thus use _bh() locking.
8818
 */
8819
void
8820
linuxkpi_ieee80211_txq_schedule_start(struct ieee80211_hw *hw, uint8_t ac)
8821
{
8822
	struct lkpi_hw *lhw;
8823

8824
	lhw = HW_TO_LHW(hw);
8825

8826
	if (ac >= IEEE80211_NUM_ACS) {
8827
		ic_printf(lhw->ic, "%s: ac %u out of bounds.\n", __func__, ac);
8828
		return;
8829
	}
8830

8831
	spin_lock_bh(&lhw->txq_scheduled_lock[ac]);
8832
	IMPROVE("check AIRTIME_FAIRNESS");
8833
	if (++lhw->txq_generation[ac] == 0)
8834
		lhw->txq_generation[ac]++;
8835
	spin_unlock_bh(&lhw->txq_scheduled_lock[ac]);
8836
}
8837

8838
struct ieee80211_txq *
8839
linuxkpi_ieee80211_next_txq(struct ieee80211_hw *hw, uint8_t ac)
8840
{
8841
	struct lkpi_hw *lhw;
8842
	struct ieee80211_txq *txq;
8843
	struct lkpi_txq *ltxq;
8844

8845
	lhw = HW_TO_LHW(hw);
8846
	txq = NULL;
8847

8848
	if (ac >= IEEE80211_NUM_ACS) {
8849
		ic_printf(lhw->ic, "%s: ac %u out of bounds.\n", __func__, ac);
8850
		return (NULL);
8851
	}
8852

8853
	spin_lock_bh(&lhw->txq_scheduled_lock[ac]);
8854

8855
	/* Check that we are scheduled. */
8856
	if (lhw->txq_generation[ac] == 0)
8857
		goto out;
8858

8859
	ltxq = TAILQ_FIRST(&lhw->txq_scheduled[ac]);
8860
	if (ltxq == NULL)
8861
		goto out;
8862
	if (ltxq->txq_generation == lhw->txq_generation[ac])
8863
		goto out;
8864

8865
	IMPROVE("check AIRTIME_FAIRNESS");
8866

8867
	TAILQ_REMOVE(&lhw->txq_scheduled[ac], ltxq, txq_entry);
8868
	ltxq->txq_generation = lhw->txq_generation[ac];
8869
	txq = &ltxq->txq;
8870
	TAILQ_ELEM_INIT(ltxq, txq_entry);
8871

8872
out:
8873
	spin_unlock_bh(&lhw->txq_scheduled_lock[ac]);
8874

8875
	return (txq);
8876
}
8877

8878
void linuxkpi_ieee80211_schedule_txq(struct ieee80211_hw *hw,
8879
    struct ieee80211_txq *txq, bool withoutpkts)
8880
{
8881
	struct lkpi_hw *lhw;
8882
	struct lkpi_txq *ltxq;
8883
	bool ltxq_empty;
8884

8885
	ltxq = TXQ_TO_LTXQ(txq);
8886

8887
	/* Only schedule if work to do or asked to anyway. */
8888
	LKPI_80211_LTXQ_LOCK(ltxq);
8889
	ltxq_empty = skb_queue_empty(&ltxq->skbq);
8890
	LKPI_80211_LTXQ_UNLOCK(ltxq);
8891
	if (!withoutpkts && ltxq_empty)
8892
		goto out;
8893

8894
	lhw = HW_TO_LHW(hw);
8895
	spin_lock_bh(&lhw->txq_scheduled_lock[txq->ac]);
8896
	/*
8897
	 * Make sure we do not double-schedule. We do this by checking tqe_prev,
8898
	 * the previous entry in our tailq. tqe_prev is always valid if this entry
8899
	 * is queued, tqe_next may be NULL if this is the only element in the list.
8900
	 */
8901
	if (ltxq->txq_entry.tqe_prev != NULL)
8902
		goto unlock;
8903

8904
	TAILQ_INSERT_TAIL(&lhw->txq_scheduled[txq->ac], ltxq, txq_entry);
8905
unlock:
8906
	spin_unlock_bh(&lhw->txq_scheduled_lock[txq->ac]);
8907

8908
out:
8909
	return;
8910
}
8911

8912
/* -------------------------------------------------------------------------- */
8913

8914
void
8915
linuxkpi_ieee80211_handle_wake_tx_queue(struct ieee80211_hw *hw,
8916
    struct ieee80211_txq *txq)
8917
{
8918
	struct lkpi_hw *lhw;
8919

8920
	lhw = HW_TO_LHW(hw);
8921

8922
	LKPI_80211_LHW_TXQ_LOCK(lhw);
8923
	ieee80211_txq_schedule_start(hw, txq->ac);
8924
	do {
8925
		struct lkpi_txq *ltxq;
8926
		struct ieee80211_txq *ntxq;
8927
		struct ieee80211_tx_control control;
8928
		struct sk_buff *skb;
8929

8930
		ntxq = ieee80211_next_txq(hw, txq->ac);
8931
		if (ntxq == NULL)
8932
			break;
8933
		ltxq = TXQ_TO_LTXQ(ntxq);
8934

8935
		memset(&control, 0, sizeof(control));
8936
		control.sta = ntxq->sta;
8937
		do {
8938
			skb = linuxkpi_ieee80211_tx_dequeue(hw, ntxq);
8939
			if (skb == NULL)
8940
				break;
8941
			ltxq->frms_tx++;
8942
			lkpi_80211_mo_tx(hw, &control, skb);
8943
		} while(1);
8944

8945
		ieee80211_return_txq(hw, ntxq, false);
8946
	} while (1);
8947
	ieee80211_txq_schedule_end(hw, txq->ac);
8948
	LKPI_80211_LHW_TXQ_UNLOCK(lhw);
8949
}
8950

8951
/* -------------------------------------------------------------------------- */
8952

8953
struct lkpi_cfg80211_bss {
8954
	u_int refcnt;
8955
	struct cfg80211_bss bss;
8956
};
8957

8958
struct lkpi_cfg80211_get_bss_iter_lookup {
8959
	struct wiphy *wiphy;
8960
	struct linuxkpi_ieee80211_channel *chan;
8961
	const uint8_t *bssid;
8962
	const uint8_t *ssid;
8963
	size_t ssid_len;
8964
	enum ieee80211_bss_type bss_type;
8965
	enum ieee80211_privacy privacy;
8966

8967
	/*
8968
	 * Something to store a copy of the result as the net80211 scan cache
8969
	 * is not refoucnted so a scan entry might go away any time.
8970
	 */
8971
	bool match;
8972
	struct cfg80211_bss *bss;
8973
};
8974

8975
static void
8976
lkpi_cfg80211_get_bss_iterf(void *arg, const struct ieee80211_scan_entry *se)
8977
{
8978
	struct lkpi_cfg80211_get_bss_iter_lookup *lookup;
8979
	size_t ielen;
8980

8981
	lookup = arg;
8982

8983
	/* Do not try to find another match. */
8984
	if (lookup->match)
8985
		return;
8986

8987
	/* Nothing to store result. */
8988
	if (lookup->bss == NULL)
8989
		return;
8990

8991
	if (lookup->privacy != IEEE80211_PRIVACY_ANY) {
8992
		/* if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) */
8993
		/* We have no idea what to compare to as the drivers only request ANY */
8994
		return;
8995
	}
8996

8997
	if (lookup->bss_type != IEEE80211_BSS_TYPE_ANY) {
8998
		/* if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS)) */
8999
		/* We have no idea what to compare to as the drivers only request ANY */
9000
		return;
9001
	}
9002

9003
	if (lookup->chan != NULL) {
9004
		struct linuxkpi_ieee80211_channel *chan;
9005

9006
		chan = linuxkpi_ieee80211_get_channel(lookup->wiphy,
9007
		    se->se_chan->ic_freq);
9008
		if (chan == NULL || chan != lookup->chan)
9009
			return;
9010
	}
9011

9012
	if (lookup->bssid && !IEEE80211_ADDR_EQ(lookup->bssid, se->se_bssid))
9013
		return;
9014

9015
	if (lookup->ssid) {
9016
		if (lookup->ssid_len != se->se_ssid[1] ||
9017
		    se->se_ssid[1] == 0)
9018
			return;
9019
		if (memcmp(lookup->ssid, se->se_ssid+2, lookup->ssid_len) != 0)
9020
			return;
9021
	}
9022

9023
	ielen = se->se_ies.len;
9024

9025
	lookup->bss->ies = malloc(sizeof(*lookup->bss->ies) + ielen,
9026
	    M_LKPI80211, M_NOWAIT | M_ZERO);
9027
	if (lookup->bss->ies == NULL)
9028
		return;
9029

9030
	lookup->bss->ies->data = (uint8_t *)lookup->bss->ies + sizeof(*lookup->bss->ies);
9031
	lookup->bss->ies->len = ielen;
9032
	if (ielen)
9033
		memcpy(lookup->bss->ies->data, se->se_ies.data, ielen);
9034

9035
	lookup->match = true;
9036
}
9037

9038
struct cfg80211_bss *
9039
linuxkpi_cfg80211_get_bss(struct wiphy *wiphy, struct linuxkpi_ieee80211_channel *chan,
9040
    const uint8_t *bssid, const uint8_t *ssid, size_t ssid_len,
9041
    enum ieee80211_bss_type bss_type, enum ieee80211_privacy privacy)
9042
{
9043
	struct lkpi_cfg80211_bss *lbss;
9044
	struct lkpi_cfg80211_get_bss_iter_lookup lookup;
9045
	struct lkpi_hw *lhw;
9046
	struct ieee80211vap *vap;
9047

9048
	lhw = wiphy_priv(wiphy);
9049

9050
	/* Let's hope we can alloc. */
9051
	lbss = malloc(sizeof(*lbss), M_LKPI80211, M_NOWAIT | M_ZERO);
9052
	if (lbss == NULL) {
9053
		ic_printf(lhw->ic, "%s: alloc failed.\n", __func__);
9054
		return (NULL);
9055
	}
9056

9057
	lookup.wiphy = wiphy;
9058
	lookup.chan = chan;
9059
	lookup.bssid = bssid;
9060
	lookup.ssid = ssid;
9061
	lookup.ssid_len = ssid_len;
9062
	lookup.bss_type = bss_type;
9063
	lookup.privacy = privacy;
9064
	lookup.match = false;
9065
	lookup.bss = &lbss->bss;
9066

9067
	IMPROVE("Iterate over all VAPs comparing perm_addr and addresses?");
9068
	vap = TAILQ_FIRST(&lhw->ic->ic_vaps);
9069
	ieee80211_scan_iterate(vap, lkpi_cfg80211_get_bss_iterf, &lookup);
9070
	if (!lookup.match) {
9071
		free(lbss, M_LKPI80211);
9072
		return (NULL);
9073
	}
9074

9075
	refcount_init(&lbss->refcnt, 1);
9076
	return (&lbss->bss);
9077
}
9078

9079
void
9080
linuxkpi_cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *bss)
9081
{
9082
	struct lkpi_cfg80211_bss *lbss;
9083

9084
	lbss = container_of(bss, struct lkpi_cfg80211_bss, bss);
9085

9086
	/* Free everything again on refcount ... */
9087
	if (refcount_release(&lbss->refcnt)) {
9088
		free(lbss->bss.ies, M_LKPI80211);
9089
		free(lbss, M_LKPI80211);
9090
	}
9091
}
9092

9093
void
9094
linuxkpi_cfg80211_bss_flush(struct wiphy *wiphy)
9095
{
9096
	struct lkpi_hw *lhw;
9097
	struct ieee80211com *ic;
9098
	struct ieee80211vap *vap;
9099

9100
	lhw = wiphy_priv(wiphy);
9101
	ic = lhw->ic;
9102

9103
	/*
9104
	 * If we haven't called ieee80211_ifattach() yet
9105
	 * or there is no VAP, there are no scans to flush.
9106
	 */
9107
	if (ic == NULL ||
9108
	    (lhw->sc_flags & LKPI_MAC80211_DRV_STARTED) == 0)
9109
		return;
9110

9111
	/* Should only happen on the current one? Not seen it late enough. */
9112
	IEEE80211_LOCK(ic);
9113
	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
9114
		ieee80211_scan_flush(vap);
9115
	IEEE80211_UNLOCK(ic);
9116
}
9117

9118
/* -------------------------------------------------------------------------- */
9119

9120
/*
9121
 * hw->conf get initialized/set in various places for us:
9122
 * - linuxkpi_ieee80211_alloc_hw(): flags
9123
 * - linuxkpi_ieee80211_ifattach(): chandef
9124
 * - lkpi_ic_vap_create(): listen_interval
9125
 * - lkpi_ic_set_channel(): chandef, flags
9126
 */
9127

9128
int lkpi_80211_update_chandef(struct ieee80211_hw *hw,
9129
    struct ieee80211_chanctx_conf *new)
9130
{
9131
	struct cfg80211_chan_def *cd;
9132
	uint32_t changed;
9133
	int error;
9134

9135
	changed = 0;
9136
	if (new == NULL || new->def.chan == NULL)
9137
		cd = NULL;
9138
	else
9139
		cd = &new->def;
9140

9141
	if (cd && cd->chan != hw->conf.chandef.chan) {
9142
		/* Copy; the chan pointer is fine and will stay valid. */
9143
		hw->conf.chandef = *cd;
9144
		changed |= IEEE80211_CONF_CHANGE_CHANNEL;
9145
	}
9146
	IMPROVE("IEEE80211_CONF_CHANGE_PS, IEEE80211_CONF_CHANGE_POWER");
9147

9148
	if (changed == 0)
9149
		return (0);
9150

9151
	error = lkpi_80211_mo_config(hw, changed);
9152
	return (error);
9153
}
9154

9155
/* -------------------------------------------------------------------------- */
9156

9157
MODULE_VERSION(linuxkpi_wlan, 1);
9158
MODULE_DEPEND(linuxkpi_wlan, linuxkpi, 1, 1, 1);
9159
MODULE_DEPEND(linuxkpi_wlan, wlan, 1, 1, 1);
9160

9161