usr/src/uts/common/io/atu/atu.c

root/usr/src/uts/common/io/atu/atu.c
/*
 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * Copyright (c) 2003, 2004
 *      Daan Vreeken <Danovitsch@Vitsch.net>.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Daan Vreeken.
 * 4. Neither the name of the author nor the names of any co-contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY Daan Vreeken AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL Daan Vreeken OR THE VOICES IN HIS HEAD
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * Atmel AT76c503 / AT76c503a / AT76c505 / AT76c505a  USB WLAN driver
 *
 * Originally written by Daan Vreeken <Danovitsch @ Vitsch . net>
 *  http://vitsch.net/bsd/atuwi
 *
 * Contributed to by :
 *  Chris Whitehouse, Alistair Phillips, Peter Pilka, Martijn van Buul,
 *  Suihong Liang, Arjan van Leeuwen, Stuart Walsh
 *
 * Ported to OpenBSD by Theo de Raadt and David Gwynne.
 */

#include <sys/strsubr.h>
#include <sys/strsun.h>
#include <sys/mac_provider.h>
#include <sys/mac_wifi.h>
#include <sys/net80211.h>
#define USBDRV_MAJOR_VER        2
#define USBDRV_MINOR_VER        0
#include <sys/usb/usba.h>
#include <sys/usb/usba/usba_types.h>

#include "fw/atmel_rfmd.hex"
#include "fw/atmel_rfmd2958.hex"
#include "fw/atmel_rfmd2958-smc.hex"
#include "fw/atmel_intersil.hex"
#include "fw/atmel_at76c505_rfmd.hex"
#include "fw/atmel_at76c503_rfmd_acc.hex"
#include "fw/atmel_at76c503_i3863.hex"
#include "atu.h"

static void *atu_soft_state_p;
static mac_callbacks_t  atu_m_callbacks;
static const struct ieee80211_rateset atu_rateset = {4, {2, 4, 11, 22}};

static int
atu_usb_request(struct atu_softc *sc, uint8_t type,
    uint8_t request, uint16_t value, uint16_t index, uint16_t length,
    uint8_t *data)
{
        usb_ctrl_setup_t        req;
        usb_cb_flags_t          cf;
        usb_cr_t                cr;
        mblk_t                  *mp = NULL;
        int                     uret = USB_SUCCESS;

        bzero(&req, sizeof (req));
        req.bmRequestType = type;
        req.bRequest = request;
        req.wValue = value;
        req.wIndex = index;
        req.wLength = length;
        req.attrs = USB_ATTRS_NONE;

        if (type & USB_DEV_REQ_DEV_TO_HOST) {
                req.attrs = USB_ATTRS_AUTOCLEARING;
                uret = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph,
                    &req, &mp, &cr, &cf, 0);
                if (mp == NULL)
                        return (EIO);

                if (uret == USB_SUCCESS)
                        bcopy(mp->b_rptr, data, length);
        } else {
                if ((mp = allocb(length, BPRI_HI)) == NULL)
                        return (ENOMEM);

                bcopy(data, mp->b_wptr, length);
                mp->b_wptr += length;
                uret = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph,
                    &req, &mp, &cr, &cf, 0);
        }

        if (mp)
                freemsg(mp);

        return (uret == USB_SUCCESS ? 0 : EIO);
}

static int
atu_get_mib(struct atu_softc *sc, uint8_t type, uint8_t size,
    uint8_t index, uint8_t *buf)
{
        return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x033,
            type << 8, index, size, buf);
}

static int
atu_get_cmd_status(struct atu_softc *sc, uint8_t cmd, uint8_t *status)
{
        /*
         * all other drivers (including Windoze) request 40 bytes of status
         * and get a short-xfer of just 6 bytes. we can save 34 bytes of
         * buffer if we just request those 6 bytes in the first place :)
         */
        return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x22, cmd,
            0x0000, 6, status);
}

static uint8_t
atu_get_dfu_state(struct atu_softc *sc)
{
        uint8_t state;

        if (atu_usb_request(sc, DFU_GETSTATE, 0, 0, 1, &state))
                return (DFUState_DFUError);
        return (state);
}

static int
atu_get_opmode(struct atu_softc *sc, uint8_t *mode)
{
        return atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0001,
            0x0000, 1, mode);
}

static int
atu_get_config(struct atu_softc *sc)
{
        struct ieee80211com     *ic = &sc->sc_ic;
        struct atu_rfmd_conf    rfmd_conf;
        struct atu_intersil_conf intersil_conf;
        int                     err;

        switch (sc->sc_radio) {
        case RadioRFMD:
        case RadioRFMD2958:
        case RadioRFMD2958_SMC:
        case AT76C503_RFMD_ACC:
        case AT76C505_RFMD:
                err = atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0a02,
                    0x0000, sizeof (rfmd_conf), (uint8_t *)&rfmd_conf);
                if (err) {
                        cmn_err(CE_WARN, "%s: get RFMD config failed\n",
                            sc->sc_name);
                        return (err);
                }
                bcopy(rfmd_conf.MACAddr, ic->ic_macaddr, IEEE80211_ADDR_LEN);
                break;

        case RadioIntersil:
        case AT76C503_i3863:
                err = atu_usb_request(sc, ATU_VENDOR_IF_IN, 0x33, 0x0902,
                    0x0000, sizeof (intersil_conf), (uint8_t *)&intersil_conf);
                if (err) {
                        cmn_err(CE_WARN, "%s: get Intersil config failed\n",
                            sc->sc_name);
                        return (err);
                }
                bcopy(intersil_conf.MACAddr, ic->ic_macaddr,
                    IEEE80211_ADDR_LEN);
                break;
        }

        return (0);
}

static int
atu_wait_completion(struct atu_softc *sc, uint8_t cmd, uint8_t *status)
{
        uint8_t statusreq[6];
        int     idle_count = 0, err;

        while ((err = atu_get_cmd_status(sc, cmd, statusreq)) == 0) {

                if ((statusreq[5] != STATUS_IN_PROGRESS) &&
                    (statusreq[5] != STATUS_IDLE)) {
                        if (status != NULL)
                                *status = statusreq[5];
                        return (0);
                } else if (idle_count++ > 60) {
                        cmn_err(CE_WARN, "%s: command (0x%02x) timeout\n",
                            sc->sc_name, cmd);
                        return (ETIME);
                }

                drv_usecwait(10 * 1000);
        }

        return (err);
}

static int
atu_send_command(struct atu_softc *sc, uint8_t *command, int size)
{
        return atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0000,
            0x0000, size, command);
}

static int
atu_send_mib(struct atu_softc *sc, uint8_t type, uint8_t size,
    uint8_t index, void *data)
{
        struct atu_cmd_set_mib  request;
        int err;

        bzero(&request, sizeof (request));
        request.AtCmd = CMD_SET_MIB;
        request.AtSize = size + 4;
        request.MIBType = type;
        request.MIBSize = size;
        request.MIBIndex = index;
        request.MIBReserved = 0;

        /*
         * For 1 and 2 byte requests we assume a direct value,
         * everything bigger than 2 bytes we assume a pointer to the data
         */
        switch (size) {
        case 0:
                break;
        case 1:
                request.data[0] = (long)data & 0x000000ff;
                break;
        case 2:
                request.data[0] = (long)data & 0x000000ff;
                request.data[1] = (long)data >> 8;
                break;
        default:
                bcopy(data, request.data, size);
                break;
        }

        err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0000,
            0x0000, size+8, (uint8_t *)&request);
        if (err)
                return (err);

        return (atu_wait_completion(sc, CMD_SET_MIB, NULL));
}

static int
atu_switch_radio(struct atu_softc *sc, boolean_t on)
{
        struct atu_cmd  radio;
        boolean_t       ostate;
        int             err;

        /* Intersil doesn't seem to support radio switch */
        if (sc->sc_radio == RadioIntersil)
                return (0);

        ostate = ATU_RADIO_ON(sc) ? B_TRUE : B_FALSE;
        if (on != ostate) {
                bzero(&radio, sizeof (radio));
                radio.Cmd = on ? CMD_RADIO_ON : CMD_RADIO_OFF;

                err = atu_send_command(sc, (uint8_t *)&radio,
                    sizeof (radio));
                if (err)
                        return (err);

                err = atu_wait_completion(sc, radio.Cmd, NULL);
                if (err)
                        return (err);

                if (on)
                        sc->sc_flags |= ATU_FLAG_RADIO_ON;
                else
                        sc->sc_flags &= ~ATU_FLAG_RADIO_ON;
        }

        return (0);
}

static int
atu_config(struct atu_softc *sc)
{
        struct ieee80211com             *ic = &sc->sc_ic;
        struct ieee80211_key            *k;
        struct atu_cmd_card_config      cmd;
        uint8_t                         rates[4] = {0x82, 0x84, 0x8B, 0x96};
        int                             err, i;

        err = atu_send_mib(sc, MIB_MAC_ADDR_STA, ic->ic_macaddr);
        if (err) {
                cmn_err(CE_WARN, "%s: setting MAC address failed\n",
                    sc->sc_name);
                return (err);
        }

        bzero(&cmd, sizeof (cmd));
        cmd.Cmd = CMD_STARTUP;
        cmd.Reserved = 0;
        cmd.Size = sizeof (cmd) - 4;
        cmd.Channel = ATU_DEF_CHAN;
        cmd.ShortRetryLimit = 7;
        cmd.RTS_Threshold = 2347;
        cmd.FragThreshold = 2346;
        cmd.PromiscuousMode = 1;
        cmd.AutoRateFallback = 1;
        bcopy(rates, cmd.BasicRateSet, 4);

        if (ic->ic_flags & IEEE80211_F_PRIVACY) {
                k = ic->ic_nw_keys + ic->ic_def_txkey;
                switch (k->wk_keylen) {
                case 5:
                        cmd.EncryptionType = ATU_ENC_WEP40;
                        break;
                case 13:
                        cmd.EncryptionType = ATU_ENC_WEP104;
                        break;
                default:
                        cmn_err(CE_WARN, "%s: key invalid (%d bytes)\n",
                            sc->sc_name, k->wk_keylen);
                        goto nowep;
                }
                cmd.PrivacyInvoked = 1;
                cmd.ExcludeUnencrypted = 1;
                cmd.WEP_DefaultKeyID = ic->ic_def_txkey;
                for (i = 0; i < IEEE80211_WEP_NKID; i++) {
                        k = ic->ic_nw_keys + i;
                        if (k->wk_keylen == 0)
                                continue;
                        bcopy(k->wk_key, cmd.WEP_DefaultKey + i, k->wk_keylen);
                }
        } else {
nowep:
                cmd.EncryptionType = ATU_ENC_NONE;
        }

        bcopy(ic->ic_des_essid, cmd.SSID, ic->ic_des_esslen);
        cmd.SSID_Len = ic->ic_des_esslen;
        cmd.BeaconPeriod = 100;

        err = atu_send_command(sc, (uint8_t *)&cmd, sizeof (cmd));
        if (err)
                return (err);
        err = atu_wait_completion(sc, CMD_STARTUP, NULL);
        if (err)
                return (err);

        err = atu_switch_radio(sc, B_TRUE);
        if (err)
                return (err);

        err = atu_send_mib(sc, MIB_MAC_MGMT_POWER_MODE,
            (void *)ATU_POWER_ACTIVE);
        if (err)
                return (err);

        return (0);
}

static int
atu_start_scan(struct atu_softc *sc)
{
        struct ieee80211com     *ic = &sc->sc_ic;
        struct atu_cmd_do_scan  scan;
        int                     err;

        if (!ATU_RUNNING(sc))
                return (EIO);

        bzero(&scan, sizeof (scan));
        scan.Cmd = CMD_START_SCAN;
        scan.Reserved = 0;
        scan.Size = sizeof (scan) - 4;
        (void) memset(scan.BSSID, 0xff, sizeof (scan.BSSID));
        bcopy(ic->ic_des_essid, scan.SSID, ic->ic_des_esslen);
        scan.SSID_Len = ic->ic_des_esslen;
        scan.ScanType = ATU_SCAN_ACTIVE;
        scan.Channel = ieee80211_chan2ieee(ic, ic->ic_curchan);
        scan.ProbeDelay = 0;
        scan.MinChannelTime = 20;
        scan.MaxChannelTime = 40;
        scan.InternationalScan = 0;

        err = atu_send_command(sc, (uint8_t *)&scan, sizeof (scan));
        if (err) {
                cmn_err(CE_WARN, "%s: SCAN command failed\n",
                    sc->sc_name);
                return (err);
        }

        err = atu_wait_completion(sc, CMD_START_SCAN, NULL);
        if (err) {
                cmn_err(CE_WARN, "%s: SCAN completion failed\n",
                    sc->sc_name);
                return (err);
        }

        return (0);
}

static int
atu_join(struct atu_softc *sc, struct ieee80211_node *node)
{
        struct atu_cmd_join     join;
        uint8_t                 status;
        int                     err;

        bzero(&join, sizeof (join));
        join.Cmd = CMD_JOIN;
        join.Reserved = 0x00;
        join.Size = sizeof (join) - 4;
        bcopy(node->in_bssid, join.bssid, IEEE80211_ADDR_LEN);
        bcopy(node->in_essid, join.essid, node->in_esslen);
        join.essid_size = node->in_esslen;

        if (node->in_capinfo & IEEE80211_CAPINFO_IBSS)
                join.bss_type = ATU_MODE_IBSS;
        else
                join.bss_type = ATU_MODE_STA;

        join.channel = ieee80211_chan2ieee(&sc->sc_ic, node->in_chan);
        join.timeout = ATU_JOIN_TIMEOUT;
        join.reserved = 0x00;

        err = atu_send_command(sc, (uint8_t *)&join, sizeof (join));
        if (err) {
                cmn_err(CE_WARN, "%s: JOIN command failed\n",
                    sc->sc_name);
                return (err);
        }
        err = atu_wait_completion(sc, CMD_JOIN, &status);
        if (err)
                return (err);

        if (status != STATUS_COMPLETE) {
                cmn_err(CE_WARN, "%s: incorrect JOIN state (0x%02x)\n",
                    sc->sc_name, status);
                return (EIO);
        }

        return (0);
}

static int
atu_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
{
        struct atu_softc        *sc = (struct atu_softc *)ic;
        enum ieee80211_state    ostate = ic->ic_state;
        int                     err = 0;

        ATU_LOCK(sc);

        if (sc->sc_scan_timer != 0) {
                ATU_UNLOCK(sc);
                (void) untimeout(sc->sc_scan_timer);
                ATU_LOCK(sc);
                sc->sc_scan_timer = 0;
        }
        ostate = ic->ic_state;

        switch (nstate) {
        case IEEE80211_S_SCAN:
                switch (ostate) {
                        case IEEE80211_S_SCAN:
                        case IEEE80211_S_AUTH:
                        case IEEE80211_S_ASSOC:
                        case IEEE80211_S_RUN:
                                ATU_UNLOCK(sc);
                                sc->sc_newstate(ic, nstate, arg);
                                ATU_LOCK(sc);
                                if ((err = atu_start_scan(sc)) != 0) {
                                        ATU_UNLOCK(sc);
                                        ieee80211_cancel_scan(ic);
                                        return (err);
                                }
                                sc->sc_scan_timer = timeout(
                                    (void (*) (void*))ieee80211_next_scan,
                                    (void *)&sc->sc_ic, 0);

                                ATU_UNLOCK(sc);
                                return (err);
                        default:
                                break;
                }
                break;

        case IEEE80211_S_AUTH:
                switch (ostate) {
                case IEEE80211_S_INIT:
                case IEEE80211_S_SCAN:
                        err = atu_join(sc, ic->ic_bss);
                        if (err) {
                                ATU_UNLOCK(sc);
                                return (err);
                        }
                        break;
                default:
                        break;
                }
        default:
                break;
        }

        ATU_UNLOCK(sc);
        err = sc->sc_newstate(ic, nstate, arg);

        return (err);
}

static int
atu_open_pipes(struct atu_softc *sc)
{
        usb_ep_data_t           *ep;
        usb_pipe_policy_t       policy = {0};
        int                     uret;

        ep = usb_lookup_ep_data(sc->sc_dip, sc->sc_udev, 0, 0, 0,
            USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
        policy.pp_max_async_reqs = ATU_TX_LIST_CNT;

        uret = usb_pipe_open(sc->sc_dip, &ep->ep_descr, &policy,
            USB_FLAGS_SLEEP, &sc->sc_tx_pipe);
        if (uret != USB_SUCCESS)
                goto fail;

        ep = usb_lookup_ep_data(sc->sc_dip, sc->sc_udev, 0, 0, 0,
            USB_EP_ATTR_BULK, USB_EP_DIR_IN);
        policy.pp_max_async_reqs = ATU_RX_LIST_CNT + 32;

        uret = usb_pipe_open(sc->sc_dip, &ep->ep_descr, &policy,
            USB_FLAGS_SLEEP, &sc->sc_rx_pipe);
        if (uret != USB_SUCCESS)
                goto fail;

        return (0);
fail:
        if (sc->sc_rx_pipe != NULL) {
                usb_pipe_close(sc->sc_dip, sc->sc_rx_pipe,
                    USB_FLAGS_SLEEP, NULL, 0);
                sc->sc_rx_pipe = NULL;
        }

        if (sc->sc_tx_pipe != NULL) {
                usb_pipe_close(sc->sc_dip, sc->sc_tx_pipe,
                    USB_FLAGS_SLEEP, NULL, 0);
                sc->sc_tx_pipe = NULL;
        }

        return (EIO);
}

static void
atu_close_pipes(struct atu_softc *sc)
{
        usb_flags_t flags = USB_FLAGS_SLEEP;

        if (sc->sc_rx_pipe != NULL) {
                usb_pipe_reset(sc->sc_dip, sc->sc_rx_pipe, flags, NULL, 0);
                usb_pipe_close(sc->sc_dip, sc->sc_rx_pipe, flags, NULL, 0);
                sc->sc_rx_pipe = NULL;
        }

        if (sc->sc_tx_pipe != NULL) {
                usb_pipe_reset(sc->sc_dip, sc->sc_tx_pipe, flags, NULL, 0);
                usb_pipe_close(sc->sc_dip, sc->sc_tx_pipe, flags, NULL, 0);
                sc->sc_tx_pipe = NULL;
        }
}

static int atu_rx_trigger(struct atu_softc *sc);

/*ARGSUSED*/
static void
atu_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
{
        struct atu_softc *sc = (struct atu_softc *)req->bulk_client_private;
        struct ieee80211com     *ic = &sc->sc_ic;
        struct ieee80211_node   *ni;
        struct atu_rx_hdr       *h;
        struct ieee80211_frame  *wh;
        mblk_t                  *mp = req->bulk_data;
        int                     len, pktlen;

        req->bulk_data = NULL;
        if (req->bulk_completion_reason != USB_CR_OK) {
                sc->sc_rx_err++;
                goto fail;
        }

        len = msgdsize(mp);
        if (len < ATU_RX_HDRLEN + ATU_MIN_FRAMELEN) {
                cmn_err(CE_CONT, "%s: fragment (%d bytes)\n",
                    sc->sc_name, len);
                sc->sc_rx_err++;
                goto fail;
        }

        h = (struct atu_rx_hdr *)mp->b_rptr;
        pktlen = h->length - 4;
        if (pktlen + ATU_RX_HDRLEN + 4 != len) {
                cmn_err(CE_CONT, "%s: jumbo (%d bytes -> %d bytes)\n",
                    sc->sc_name, len, pktlen);
                sc->sc_rx_err++;
                goto fail;
        }

        mp->b_rptr += ATU_RX_HDRLEN;
        mp->b_wptr = mp->b_rptr + pktlen;
        wh = (struct ieee80211_frame *)mp->b_rptr;

        if (wh->i_fc[1] & IEEE80211_FC1_WEP)
                wh->i_fc[1] &= ~IEEE80211_FC1_WEP;

        ni = ieee80211_find_rxnode(ic, wh);
        (void) ieee80211_input(ic, mp, ni, h->rssi, h->rx_time);
        ieee80211_free_node(ni);
done:
        usb_free_bulk_req(req);

        mutex_enter(&sc->sc_rxlock);
        sc->rx_queued--;
        mutex_exit(&sc->sc_rxlock);

        if (ATU_RUNNING(sc))
                (void) atu_rx_trigger(sc);
        return;
fail:
        freemsg(mp);
        goto done;
}

/*ARGSUSED*/
static void
atu_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
{
        struct atu_softc *sc = (struct atu_softc *)req->bulk_client_private;
        struct ieee80211com     *ic = &sc->sc_ic;

        if (req->bulk_completion_reason != USB_CR_OK)
                ic->ic_stats.is_tx_failed++;
        usb_free_bulk_req(req);

        mutex_enter(&sc->sc_txlock);
        sc->tx_queued--;

        if (sc->sc_need_sched) {
                sc->sc_need_sched = 0;
                mac_tx_update(ic->ic_mach);
        }

        mutex_exit(&sc->sc_txlock);
}

static int
atu_rx_trigger(struct atu_softc *sc)
{
        usb_bulk_req_t *req;
        int uret;

        req = usb_alloc_bulk_req(sc->sc_dip, ATU_RX_BUFSZ, USB_FLAGS_SLEEP);
        if (req == NULL)
                return (ENOMEM);

        req->bulk_len           = ATU_RX_BUFSZ;
        req->bulk_client_private = (usb_opaque_t)sc;
        req->bulk_timeout       = 0;
        req->bulk_attributes = USB_ATTRS_SHORT_XFER_OK | USB_ATTRS_AUTOCLEARING;
        req->bulk_cb            = atu_rxeof;
        req->bulk_exc_cb        = atu_rxeof;
        req->bulk_completion_reason = 0;
        req->bulk_cb_flags      = 0;

        uret = usb_pipe_bulk_xfer(sc->sc_rx_pipe, req, 0);
        if (uret != USB_SUCCESS) {
                usb_free_bulk_req(req);
                return (EIO);
        }

        mutex_enter(&sc->sc_rxlock);
        sc->rx_queued++;
        mutex_exit(&sc->sc_rxlock);

        return (0);
}

static int
atu_tx_trigger(struct atu_softc *sc, mblk_t *mp)
{
        usb_bulk_req_t *req;
        int uret;

        req = usb_alloc_bulk_req(sc->sc_dip, 0, USB_FLAGS_SLEEP);
        if (req == NULL)
                return (EIO);

        req->bulk_len           = msgdsize(mp);
        req->bulk_data          = mp;
        req->bulk_client_private = (usb_opaque_t)sc;
        req->bulk_timeout       = 10;
        req->bulk_attributes    = USB_ATTRS_AUTOCLEARING;
        req->bulk_cb            = atu_txeof;
        req->bulk_exc_cb        = atu_txeof;
        req->bulk_completion_reason = 0;
        req->bulk_cb_flags      = 0;

        uret = usb_pipe_bulk_xfer(sc->sc_tx_pipe, req, 0);
        if (uret != USB_SUCCESS) {
                req->bulk_data = NULL;
                usb_free_bulk_req(req);
                return (EIO);
        }

        mutex_enter(&sc->sc_txlock);
        sc->tx_queued++;
        mutex_exit(&sc->sc_txlock);

        return (0);
}

static int
atu_init_rx_queue(struct atu_softc *sc)
{
        int err, i;

        mutex_enter(&sc->sc_rxlock);
        sc->rx_queued = 0;
        mutex_exit(&sc->sc_rxlock);

        for (i = 0; i < ATU_RX_LIST_CNT; i++) {
                err = atu_rx_trigger(sc);
                if (err)
                        return (err);
        }

        return (0);
}

static void
atu_init_tx_queue(struct atu_softc *sc)
{
        mutex_enter(&sc->sc_txlock);
        sc->tx_queued = 0;
        mutex_exit(&sc->sc_txlock);
}

static int
atu_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
{
        struct atu_softc        *sc = (struct atu_softc *)ic;
        struct ieee80211_node   *ni = NULL;
        struct atu_tx_hdr       *desc;
        struct ieee80211_frame  *wh;
        mblk_t                  *m;
        int pktlen = msgdsize(mp), err = 0;

        mutex_enter(&sc->sc_txlock);
        if (sc->tx_queued > ATU_TX_LIST_CNT) {
                sc->sc_tx_nobuf++;
                mutex_exit(&sc->sc_txlock);
                err = ENOMEM;
                goto fail;
        }
        mutex_exit(&sc->sc_txlock);

        m = allocb(ATU_TX_BUFSZ, BPRI_MED);
        if (m == NULL) {
                sc->sc_tx_nobuf++;
                err = ENOMEM;
                goto fail;
        }
        /* reserve tx header space */
        m->b_rptr += ATU_TX_HDRLEN;
        m->b_wptr += ATU_TX_HDRLEN;

        /* copy and (implicitly) free old data */
        mcopymsg(mp, m->b_wptr);
        m->b_wptr += pktlen;
        wh = (struct ieee80211_frame *)m->b_rptr;

        ni = ieee80211_find_txnode(ic, wh->i_addr1);
        if (ni == NULL) {
                ic->ic_stats.is_tx_failed++;
                freemsg(m);
                err = ENXIO;
                goto fail;
        }

        if (type == IEEE80211_FC0_TYPE_DATA)
                (void) ieee80211_encap(ic, m, ni);

        /* full WEP in device, prune WEP fields (IV, KID) */
        if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
                (void) memmove(m->b_rptr + IEEE80211_WEP_IVLEN
                    + IEEE80211_WEP_KIDLEN, m->b_rptr,
                    sizeof (struct ieee80211_frame));
                m->b_rptr += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
        }
        pktlen = msgdsize(m);
        m->b_rptr -= ATU_TX_HDRLEN;

        /* setup tx header */
        desc = (struct atu_tx_hdr *)m->b_rptr;
        bzero(desc, ATU_TX_HDRLEN);
        desc->length = (uint16_t)pktlen;
        desc->tx_rate = ATU_DEF_TX_RATE;

        err = atu_tx_trigger(sc, m);
        if (!err) {
                ic->ic_stats.is_tx_frags++;
                ic->ic_stats.is_tx_bytes += pktlen;
        } else {
                ic->ic_stats.is_tx_failed++;
                freemsg(m);
        }
fail:
        if (ni != NULL)
                ieee80211_free_node(ni);

        return (err);
}

static int
atu_stop(struct atu_softc *sc)
{
        sc->sc_flags &= ~ATU_FLAG_RUNNING;
        atu_close_pipes(sc);

        return (atu_switch_radio(sc, B_FALSE));
}

static int
atu_init(struct atu_softc *sc)
{
        int err;

        err = atu_stop(sc);
        if (err)
                return (err);

        err = atu_open_pipes(sc);
        if (err)
                goto fail;

        err = atu_config(sc);
        if (err) {
                cmn_err(CE_WARN, "%s: startup config failed\n",
                    sc->sc_name);
                goto fail;
        }

        atu_init_tx_queue(sc);

        err = atu_init_rx_queue(sc);
        if (err) {
                cmn_err(CE_WARN, "%s: rx queue init failed\n", sc->sc_name);
                goto fail;
        }

        sc->sc_flags |= ATU_FLAG_RUNNING;

        return (0);
fail:
        (void) atu_stop(sc);
        return (err);
}

static void
atu_watchdog(void *arg)
{
        struct atu_softc *sc = arg;
        struct ieee80211com *ic = &sc->sc_ic;

        ieee80211_stop_watchdog(ic);

        ATU_LOCK(sc);
        if (!ATU_RUNNING(sc)) {
                ATU_UNLOCK(sc);
                return;
        }

        ATU_UNLOCK(sc);
        switch (ic->ic_state) {
                case IEEE80211_S_AUTH:
                case IEEE80211_S_ASSOC:
                        if (ic->ic_bss->in_fails > 0)
                                ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
                        else
                                ieee80211_watchdog(ic);
                        break;
        }
}

static int
atu_dfu_stage1(void *arg)
{
        struct atu_softc *sc = arg;
        uint8_t state, *ptr = NULL, status[6];
        int block_size, bytes_left = 0, block = 0, err, i, count = 0;

        /*
         * Uploading firmware is done with the DFU (Device Firmware Upgrade)
         * interface. See "Universal Serial Bus - Device Class Specification
         * for Device Firmware Upgrade" pdf for details of the protocol.
         * Maybe this could be moved to a separate 'firmware driver' once more
         * device drivers need it... For now we'll just do it here.
         *
         * Just for your information, the Atmel's DFU descriptor looks like
         * this:
         *
         * 07           size
         * 21           type
         * 01           capabilities : only firmware download, *need* reset
         *                after download
         * 13 05        detach timeout : max 1299ms between DFU_DETACH and
         *                reset
         * 00 04        max bytes of firmware per transaction : 1024
         */
        for (i = 0; i < sizeof (atu_fw_table) / sizeof (atu_fw_table[0]); i++)
                if (sc->sc_radio == atu_fw_table[i].atur_type) {
                        ptr = atu_fw_table[i].atur_int;
                        bytes_left = atu_fw_table[i].atur_int_size;
                }

        state = atu_get_dfu_state(sc);
        while (block >= 0 && state > 0) {
                switch (state) {
                case DFUState_DnLoadSync:
                        /* get DFU status */
                        err = atu_usb_request(sc, DFU_GETSTATUS, 0, 0, 6,
                            status);
                        if (err) {
                                cmn_err(CE_WARN, "%s: DFU get status failed\n",
                                    sc->sc_name);
                                return (err);
                        }
                        /* success means state => DnLoadIdle */
                        state = DFUState_DnLoadIdle;
                        continue;

                case DFUState_DFUIdle:
                case DFUState_DnLoadIdle:
                        if (bytes_left >= DFU_MaxBlockSize)
                                block_size = DFU_MaxBlockSize;
                        else
                                block_size = bytes_left;

                        err = atu_usb_request(sc, DFU_DNLOAD, block++, 0,
                            block_size, ptr);
                        if (err) {
                                cmn_err(CE_WARN, "%s: DFU download failed\n",
                                    sc->sc_name);
                                return (err);
                        }

                        ptr += block_size;
                        bytes_left -= block_size;
                        if (block_size == 0)
                                block = -1;
                        break;

                case DFUState_DFUError:
                        cmn_err(CE_WARN, "%s: DFU state error\n", sc->sc_name);
                        return (EIO);

                default:
                        drv_usecwait(10*1000);
                        if (++count > 100) {
                                cmn_err(CE_WARN, "%s: DFU timeout\n",
                                    sc->sc_name);
                                return (ETIME);
                        }
                        break;
                }

                state = atu_get_dfu_state(sc);
        }
        if (state != DFUState_ManifestSync)
                cmn_err(CE_WARN, "%s: DFU state (%d) != ManifestSync\n",
                    sc->sc_name, state);

        err = atu_usb_request(sc, DFU_GETSTATUS, 0, 0, 6, status);
        if (err) {
                cmn_err(CE_WARN, "%s: DFU get status failed\n",
                    sc->sc_name);
                return (err);
        }

        err = atu_usb_request(sc, DFU_REMAP, 0, 0, 0, NULL);
        if (err && !(sc->sc_quirk & ATU_QUIRK_NO_REMAP)) {
                cmn_err(CE_WARN, "%s: DFU remap failed\n", sc->sc_name);
                return (err);
        }

        /*
         * after a lot of trying and measuring I found out the device needs
         * about 56 miliseconds after sending the remap command before
         * it's ready to communicate again. So we'll wait just a little bit
         * longer than that to be sure...
         */
        drv_usecwait((56+100)*1000);

        return (0);
}

static int
atu_dfu_stage2(void *arg)
{
        struct atu_softc *sc = arg;
        uint8_t *ptr = NULL;
        int block_size, bytes_left = 0, block = 0, err, i;

        for (i = 0; i < sizeof (atu_fw_table) / sizeof (atu_fw_table[0]); i++)
                if (sc->sc_radio == atu_fw_table[i].atur_type) {
                        ptr = atu_fw_table[i].atur_ext;
                        bytes_left = atu_fw_table[i].atur_ext_size;
                }

        while (bytes_left) {
                if (bytes_left > 1024)
                        block_size = 1024;
                else
                        block_size = bytes_left;

                err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e,
                    0x0802, block, block_size, ptr);
                if (err) {
                        cmn_err(CE_WARN, "%s: stage2 firmware load failed\n",
                            sc->sc_name);
                        return (err);
                }

                ptr += block_size;
                block++;
                bytes_left -= block_size;
        }

        err = atu_usb_request(sc, ATU_VENDOR_DEV_OUT, 0x0e, 0x0802,
            block, 0, NULL);
        if (err) {
                cmn_err(CE_WARN, "%s: zero-length block load failed\n",
                    sc->sc_name);
                return (err);
        }

        /*
         * The SMC2662w V.4 seems to require some time to do its thing with
         * the stage2 firmware... 20 ms isn't enough, but 21 ms works 100
         * times out of 100 tries. We'll wait a bit longer just to be sure
         */
        if (sc->sc_quirk & ATU_QUIRK_FW_DELAY)
                drv_usecwait((21 + 100) * 1000);

        return (0);
}

static int
atu_load_microcode(struct atu_softc *sc, boolean_t attach)
{
        usb_dev_reset_lvl_t     reset;
        uint8_t                 mode, chan;
        int                     err;

        reset = attach ? USB_RESET_LVL_REATTACH : USB_RESET_LVL_DEFAULT;

        err = atu_get_opmode(sc, &mode);
        if (!err) {
                if (mode == ATU_DEV_READY)
                        return (0);
                /*
                 * Opmode of SMC2662 V.4 does not change after stage2
                 * firmware download. If succeeded reading the channel
                 * number, stage2 firmware is already running.
                 */
                if (sc->sc_radio != RadioIntersil &&
                    atu_get_mib(sc, MIB_PHY_CHANNEL, &chan) == 0)
                        return (0);

                if (mode == ATU_DEV_STAGE2)
stage2:
                        return (atu_dfu_stage2(sc));
        }

        err = atu_dfu_stage1(sc);
        if (err)
                return (err);

        if (usb_reset_device(sc->sc_dip, reset) != USB_SUCCESS)
                return (EIO);

        if (attach)
                return (EAGAIN);
        else
                goto stage2;
}

static int
atu_disconnect(dev_info_t *dip)
{
        struct atu_softc *sc;
        struct ieee80211com *ic;

        sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip));
        ic = &sc->sc_ic;

        ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
        ieee80211_stop_watchdog(ic);

        ATU_LOCK(sc);
        if (sc->sc_scan_timer != 0) {
                ATU_UNLOCK(sc);
                (void) untimeout(sc->sc_scan_timer);
                ATU_LOCK(sc);
                sc->sc_scan_timer = 0;
        }

        sc->sc_flags &= ~(ATU_FLAG_RUNNING | ATU_FLAG_RADIO_ON);
        atu_close_pipes(sc);

        ATU_UNLOCK(sc);
        return (0);
}

static int
atu_reconnect(dev_info_t *dip)
{
        struct atu_softc *sc;
        int err;

        sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip));
        if (usb_check_same_device(sc->sc_dip, NULL, USB_LOG_L2, -1,
            USB_CHK_BASIC, NULL) != USB_SUCCESS)
                return (DDI_FAILURE);

        ATU_LOCK(sc);
        err = atu_load_microcode(sc, B_FALSE);
        if (!err)
                err = atu_init(sc);

        ATU_UNLOCK(sc);
        return (err ? DDI_FAILURE : DDI_SUCCESS);
}

static int
atu_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
{
        struct atu_softc        *sc;
        struct ieee80211com     *ic;
        mac_register_t          *macp;
        wifi_data_t             wd = {0};
        int                     instance, i, err;

        switch (cmd) {
        case DDI_ATTACH:
                break;
        case DDI_RESUME:
                sc = ddi_get_soft_state(atu_soft_state_p,
                    ddi_get_instance(dip));
                if (usb_check_same_device(sc->sc_dip, NULL, USB_LOG_L2, -1,
                    USB_CHK_BASIC, NULL) != USB_SUCCESS)
                        return (DDI_SUCCESS);

                if (atu_load_microcode(sc, B_FALSE) == 0)
                        (void) atu_init(sc);

                return (DDI_SUCCESS);
        default:
                return (DDI_FAILURE);
        }

        instance = ddi_get_instance(dip);
        if (ddi_soft_state_zalloc(atu_soft_state_p, instance) != DDI_SUCCESS)
                return (DDI_FAILURE);

        sc = ddi_get_soft_state(atu_soft_state_p, instance);
        ic = &sc->sc_ic;
        sc->sc_dip = dip;

        (void) snprintf(sc->sc_name, sizeof (sc->sc_name), "%s%d",
            "atu", instance);

        err = usb_client_attach(dip, USBDRV_VERSION, 0);
        if (err != USB_SUCCESS)
                goto fail1;

        err = usb_get_dev_data(dip, &sc->sc_udev, USB_PARSE_LVL_ALL, 0);
        if (err != USB_SUCCESS) {
                sc->sc_udev = NULL;
                goto fail2;
        }

        for (i = 0; i < sizeof (atu_dev_table)/sizeof (atu_dev_table[0]); i++) {
                struct atu_dev_type *t = &atu_dev_table[i];
                if (sc->sc_udev->dev_descr->idVendor == t->atu_vid &&
                    sc->sc_udev->dev_descr->idProduct == t->atu_pid) {
                        sc->sc_radio = t->atu_radio;
                        sc->sc_quirk = t->atu_quirk;
                }
        }

        err = atu_load_microcode(sc, B_TRUE);
        if (err == EAGAIN) {
                sc->sc_flags |= ATU_FLAG_REATTACH;      /* reattaching */
                return (DDI_SUCCESS);
        } else if (err) {
                goto fail2;
        }
        sc->sc_flags &= ~ATU_FLAG_REATTACH;

        /* read device config & MAC address */
        err = atu_get_config(sc);
        if (err) {
                cmn_err(CE_WARN, "%s: read device config failed\n",
                    sc->sc_name);
                goto fail2;
        }

        mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
        mutex_init(&sc->sc_txlock, NULL, MUTEX_DRIVER, NULL);
        mutex_init(&sc->sc_rxlock, NULL, MUTEX_DRIVER, NULL);

        ic->ic_phytype = IEEE80211_T_DS;
        ic->ic_opmode = IEEE80211_M_STA;
        ic->ic_caps = IEEE80211_C_SHPREAMBLE | IEEE80211_C_WEP;
        ic->ic_sup_rates[IEEE80211_MODE_11B] = atu_rateset;
        ic->ic_maxrssi = atu_fw_table[sc->sc_radio].max_rssi;
        ic->ic_state = IEEE80211_S_INIT;
        for (i = 1; i <= 14; i++) {
                ic->ic_sup_channels[i].ich_freq =
                    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
                ic->ic_sup_channels[i].ich_flags =
                    IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ |
                    IEEE80211_CHAN_PASSIVE;
        }
        ic->ic_xmit = atu_send;
        ieee80211_attach(ic);

        sc->sc_newstate = ic->ic_newstate;
        ic->ic_newstate = atu_newstate;
        ic->ic_watchdog = atu_watchdog;
        ieee80211_media_init(ic);

        ic->ic_def_txkey = 0;
        wd.wd_opmode = ic->ic_opmode;
        wd.wd_secalloc = WIFI_SEC_NONE;
        IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);

        macp = mac_alloc(MAC_VERSION);
        if (macp == NULL)
                goto fail3;

        macp->m_type_ident      = MAC_PLUGIN_IDENT_WIFI;
        macp->m_driver          = sc;
        macp->m_dip             = dip;
        macp->m_src_addr        = ic->ic_macaddr;
        macp->m_callbacks       = &atu_m_callbacks;
        macp->m_min_sdu         = 0;
        macp->m_max_sdu         = IEEE80211_MTU;
        macp->m_pdata           = &wd;
        macp->m_pdata_size      = sizeof (wd);

        err = mac_register(macp, &ic->ic_mach);
        mac_free(macp);
        if (err)
                goto fail3;

        err = usb_register_hotplug_cbs(sc->sc_dip, atu_disconnect,
            atu_reconnect);
        if (err != USB_SUCCESS)
                goto fail4;

        err = ddi_create_minor_node(dip, sc->sc_name, S_IFCHR,
            instance + 1, DDI_NT_NET_WIFI, 0);
        if (err != DDI_SUCCESS)
                cmn_err(CE_WARN, "%s: minor node creation failed\n",
                    sc->sc_name);

        mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
        return (DDI_SUCCESS);

fail4:
        (void) mac_unregister(ic->ic_mach);
fail3:
        mutex_destroy(&sc->sc_genlock);
        mutex_destroy(&sc->sc_rxlock);
        mutex_destroy(&sc->sc_txlock);
fail2:
        usb_client_detach(sc->sc_dip, sc->sc_udev);
fail1:
        ddi_soft_state_free(atu_soft_state_p, instance);

        return (DDI_FAILURE);
}

static int
atu_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
{
        struct atu_softc *sc;
        int err;

        sc = ddi_get_soft_state(atu_soft_state_p, ddi_get_instance(dip));

        switch (cmd) {
        case DDI_DETACH:
                break;
        case DDI_SUSPEND:
                ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1);
                ieee80211_stop_watchdog(&sc->sc_ic);

                ATU_LOCK(sc);
                if (sc->sc_scan_timer != 0) {
                        ATU_UNLOCK(sc);
                        (void) untimeout(sc->sc_scan_timer);
                        ATU_LOCK(sc);
                        sc->sc_scan_timer = 0;
                }
                (void) atu_stop(sc);

                ATU_UNLOCK(sc);
                return (DDI_SUCCESS);
        default:
                return (DDI_FAILURE);
        }

        if (!ATU_REATTACH(sc)) {
                err = mac_disable(sc->sc_ic.ic_mach);
                if (err)
                        return (DDI_FAILURE);

                (void) atu_stop(sc);

                usb_unregister_hotplug_cbs(dip);
                (void) mac_unregister(sc->sc_ic.ic_mach);
                ieee80211_detach(&sc->sc_ic);

                mutex_destroy(&sc->sc_genlock);
                mutex_destroy(&sc->sc_txlock);
                mutex_destroy(&sc->sc_rxlock);

                ddi_remove_minor_node(dip, NULL);
        }

        usb_client_detach(dip, sc->sc_udev);
        ddi_soft_state_free(atu_soft_state_p, ddi_get_instance(dip));

        return (DDI_SUCCESS);
}

DDI_DEFINE_STREAM_OPS(atu_dev_ops, nulldev, nulldev, atu_attach,
    atu_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);

static struct modldrv atu_modldrv = {
        &mod_driverops,
        "atu driver v1.1",
        &atu_dev_ops
};

static struct modlinkage modlinkage = {
        MODREV_1,
        (void *)&atu_modldrv,
        NULL
};

int
_info(struct modinfo *modinfop)
{
        return (mod_info(&modlinkage, modinfop));
}

int
_init(void)
{
        int status;

        status = ddi_soft_state_init(&atu_soft_state_p,
            sizeof (struct atu_softc), 1);
        if (status != 0)
                return (status);

        mac_init_ops(&atu_dev_ops, "atu");
        status = mod_install(&modlinkage);
        if (status != 0) {
                mac_fini_ops(&atu_dev_ops);
                ddi_soft_state_fini(&atu_soft_state_p);
        }
        return (status);
}

int
_fini(void)
{
        int status;

        status = mod_remove(&modlinkage);
        if (status == 0) {
                mac_fini_ops(&atu_dev_ops);
                ddi_soft_state_fini(&atu_soft_state_p);
        }
        return (status);
}

static int
atu_m_start(void *arg)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        int err;

        ATU_LOCK(sc);
        err = atu_init(sc);

        ATU_UNLOCK(sc);
        return (err);
}

static void
atu_m_stop(void *arg)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;

        ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
        ieee80211_stop_watchdog(ic);

        ATU_LOCK(sc);
        if (sc->sc_scan_timer != 0) {
                ATU_UNLOCK(sc);
                (void) untimeout(sc->sc_scan_timer);
                ATU_LOCK(sc);
                sc->sc_scan_timer = 0;
        }
        (void) atu_stop(sc);

        ATU_UNLOCK(sc);
}

/*ARGSUSED*/
static int
atu_m_unicst(void *arg, const uint8_t *macaddr)
{
        return (ENOTSUP);
}

/*ARGSUSED*/
static int
atu_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
{
        return (ENOTSUP);
}

/*ARGSUSED*/
static int
atu_m_promisc(void *arg, boolean_t on)
{
        return (0);
}

static int
atu_m_setprop(void *arg, const char *name, mac_prop_id_t id, uint_t len,
    const void *buf)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;
        int err;

        err = ieee80211_setprop(ic, name, id, len, buf);
        if (err != ENETRESET)
                return (err);
        if (ic->ic_des_esslen == 0)
                return (0);

        ATU_LOCK(sc);
        if (ATU_RUNNING(sc)) {
                if (sc->sc_scan_timer != 0) {
                        ATU_UNLOCK(sc);
                        (void) untimeout(sc->sc_scan_timer);
                        ATU_LOCK(sc);
                        sc->sc_scan_timer = 0;
                }
                err = atu_init(sc);

                ATU_UNLOCK(sc);
                if (err)
                        return (err);
                ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
                ATU_LOCK(sc);
        }

        ATU_UNLOCK(sc);
        return (0);
}

static int
atu_m_getprop(void *arg, const char *name, mac_prop_id_t id,
    uint_t length, void *buf)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;

        return (ieee80211_getprop(ic, name, id, length, buf));
}

static void
atu_m_propinfo(void *arg, const char *name, mac_prop_id_t id,
    mac_prop_info_handle_t mph)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;

        ieee80211_propinfo(ic, name, id, mph);
}

static void
atu_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;
        int err;

        err = ieee80211_ioctl(ic, wq, mp);
        if (err != ENETRESET || ic->ic_des_esslen == 0)
                return;

        ATU_LOCK(sc);
        if (ATU_RUNNING(sc)) {
                if (sc->sc_scan_timer != 0) {
                        ATU_UNLOCK(sc);
                        (void) untimeout(sc->sc_scan_timer);
                        ATU_LOCK(sc);
                        sc->sc_scan_timer = 0;
                }
                err = atu_init(sc);

                ATU_UNLOCK(sc);
                if (err)
                        return;
                ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
                ATU_LOCK(sc);
        }

        ATU_UNLOCK(sc);
}

static mblk_t *
atu_m_tx(void *arg, mblk_t *mp)
{
        struct atu_softc *sc = (struct atu_softc *)arg;
        struct ieee80211com *ic = &sc->sc_ic;
        mblk_t *next;

        if (ic->ic_state != IEEE80211_S_RUN) {
                freemsgchain(mp);
                return (NULL);
        }

        while (mp != NULL) {
                next = mp->b_next;
                mp->b_next = NULL;
                if (atu_send(ic, mp, IEEE80211_FC0_TYPE_DATA) == ENOMEM) {
                        mutex_enter(&sc->sc_txlock);
                        sc->sc_need_sched = 1;
                        mutex_exit(&sc->sc_txlock);

                        mp->b_next = next;
                        return (mp);
                }
                mp = next;
        }

        return (mp);
}

static int
atu_m_stat(void *arg, uint_t stat, uint64_t *val)
{
        struct atu_softc        *sc  = (struct atu_softc *)arg;
        ieee80211com_t          *ic = &sc->sc_ic;
        ieee80211_node_t        *in;

        ATU_LOCK(sc);
        switch (stat) {
        case MAC_STAT_IFSPEED:
                in = ic->ic_bss;
                *val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
                    IEEE80211_RATE(in->in_txrate) :
                    ic->ic_fixed_rate) / 2 * 1000000;
                break;
        case MAC_STAT_NOXMTBUF:
                *val = sc->sc_tx_nobuf;
                break;
        case MAC_STAT_NORCVBUF:
                *val = sc->sc_rx_nobuf;
                break;
        case MAC_STAT_IERRORS:
                *val = sc->sc_rx_err;
                break;
        case MAC_STAT_RBYTES:
                *val = ic->ic_stats.is_rx_bytes;
                break;
        case MAC_STAT_IPACKETS:
                *val = ic->ic_stats.is_rx_frags;
                break;
        case MAC_STAT_OBYTES:
                *val = ic->ic_stats.is_tx_bytes;
                break;
        case MAC_STAT_OPACKETS:
                *val = ic->ic_stats.is_tx_frags;
                break;
        case MAC_STAT_OERRORS:
                *val = ic->ic_stats.is_tx_failed;
                break;
        case WIFI_STAT_TX_FRAGS:
        case WIFI_STAT_MCAST_TX:
        case WIFI_STAT_TX_FAILED:
        case WIFI_STAT_TX_RETRANS:
        case WIFI_STAT_TX_RERETRANS:
        case WIFI_STAT_RTS_SUCCESS:
        case WIFI_STAT_RTS_FAILURE:
        case WIFI_STAT_ACK_FAILURE:
        case WIFI_STAT_RX_FRAGS:
        case WIFI_STAT_MCAST_RX:
        case WIFI_STAT_FCS_ERRORS:
        case WIFI_STAT_WEP_ERRORS:
        case WIFI_STAT_RX_DUPS:
                ATU_UNLOCK(sc);
                return (ieee80211_stat(ic, stat, val));
        default:
                ATU_UNLOCK(sc);
                return (ENOTSUP);
        }

        ATU_UNLOCK(sc);
        return (0);
}

static mac_callbacks_t atu_m_callbacks = {
        MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
        atu_m_stat,
        atu_m_start,
        atu_m_stop,
        atu_m_promisc,
        atu_m_multicst,
        atu_m_unicst,
        atu_m_tx,
        NULL,
        atu_m_ioctl,
        NULL,
        NULL,
        NULL,
        atu_m_setprop,
        atu_m_getprop,
        atu_m_propinfo
};
Illumos
