1 /*
2 
3   Broadcom B43 wireless driver
4 
5   Transmission (TX/RX) related functions.
6 
7   Copyright (C) 2005 Martin Langer <martin-langer@gmx.de>
8   Copyright (C) 2005 Stefano Brivio <stefano.brivio@polimi.it>
9   Copyright (C) 2005, 2006 Michael Buesch <m@bues.ch>
10   Copyright (C) 2005 Danny van Dyk <kugelfang@gentoo.org>
11   Copyright (C) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
12 
13   This program is free software; you can redistribute it and/or modify
14   it under the terms of the GNU General Public License as published by
15   the Free Software Foundation; either version 2 of the License, or
16   (at your option) any later version.
17 
18   This program is distributed in the hope that it will be useful,
19   but WITHOUT ANY WARRANTY; without even the implied warranty of
20   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21   GNU General Public License for more details.
22 
23   You should have received a copy of the GNU General Public License
24   along with this program; see the file COPYING.  If not, write to
25   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
26   Boston, MA 02110-1301, USA.
27 
28 */
29 
30 #include "xmit.h"
31 #include "phy_common.h"
32 #include "dma.h"
33 #include "pio.h"
34 
35 static const struct b43_tx_legacy_rate_phy_ctl_entry b43_tx_legacy_rate_phy_ctl[] = {
36 	{ B43_CCK_RATE_1MB,	0x0,			0x0 },
37 	{ B43_CCK_RATE_2MB,	0x0,			0x1 },
38 	{ B43_CCK_RATE_5MB,	0x0,			0x2 },
39 	{ B43_CCK_RATE_11MB,	0x0,			0x3 },
40 	{ B43_OFDM_RATE_6MB,	B43_TXH_PHY1_CRATE_1_2,	B43_TXH_PHY1_MODUL_BPSK },
41 	{ B43_OFDM_RATE_9MB,	B43_TXH_PHY1_CRATE_3_4,	B43_TXH_PHY1_MODUL_BPSK },
42 	{ B43_OFDM_RATE_12MB,	B43_TXH_PHY1_CRATE_1_2,	B43_TXH_PHY1_MODUL_QPSK },
43 	{ B43_OFDM_RATE_18MB,	B43_TXH_PHY1_CRATE_3_4,	B43_TXH_PHY1_MODUL_QPSK },
44 	{ B43_OFDM_RATE_24MB,	B43_TXH_PHY1_CRATE_1_2,	B43_TXH_PHY1_MODUL_QAM16 },
45 	{ B43_OFDM_RATE_36MB,	B43_TXH_PHY1_CRATE_3_4,	B43_TXH_PHY1_MODUL_QAM16 },
46 	{ B43_OFDM_RATE_48MB,	B43_TXH_PHY1_CRATE_2_3,	B43_TXH_PHY1_MODUL_QAM64 },
47 	{ B43_OFDM_RATE_54MB,	B43_TXH_PHY1_CRATE_3_4,	B43_TXH_PHY1_MODUL_QAM64 },
48 };
49 
50 static const struct b43_tx_legacy_rate_phy_ctl_entry *
51 b43_tx_legacy_rate_phy_ctl_ent(u8 bitrate)
52 {
53 	const struct b43_tx_legacy_rate_phy_ctl_entry *e;
54 	unsigned int i;
55 
56 	for (i = 0; i < ARRAY_SIZE(b43_tx_legacy_rate_phy_ctl); i++) {
57 		e = &(b43_tx_legacy_rate_phy_ctl[i]);
58 		if (e->bitrate == bitrate)
59 			return e;
60 	}
61 
62 	B43_WARN_ON(1);
63 	return NULL;
64 }
65 
66 /* Extract the bitrate index out of a CCK PLCP header. */
67 static int b43_plcp_get_bitrate_idx_cck(struct b43_plcp_hdr6 *plcp)
68 {
69 	switch (plcp->raw[0]) {
70 	case 0x0A:
71 		return 0;
72 	case 0x14:
73 		return 1;
74 	case 0x37:
75 		return 2;
76 	case 0x6E:
77 		return 3;
78 	}
79 	return -1;
80 }
81 
82 /* Extract the bitrate index out of an OFDM PLCP header. */
83 static int b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool ghz5)
84 {
85 	/* For 2 GHz band first OFDM rate is at index 4, see main.c */
86 	int base = ghz5 ? 0 : 4;
87 
88 	switch (plcp->raw[0] & 0xF) {
89 	case 0xB:
90 		return base + 0;
91 	case 0xF:
92 		return base + 1;
93 	case 0xA:
94 		return base + 2;
95 	case 0xE:
96 		return base + 3;
97 	case 0x9:
98 		return base + 4;
99 	case 0xD:
100 		return base + 5;
101 	case 0x8:
102 		return base + 6;
103 	case 0xC:
104 		return base + 7;
105 	}
106 	return -1;
107 }
108 
109 u8 b43_plcp_get_ratecode_cck(const u8 bitrate)
110 {
111 	switch (bitrate) {
112 	case B43_CCK_RATE_1MB:
113 		return 0x0A;
114 	case B43_CCK_RATE_2MB:
115 		return 0x14;
116 	case B43_CCK_RATE_5MB:
117 		return 0x37;
118 	case B43_CCK_RATE_11MB:
119 		return 0x6E;
120 	}
121 	B43_WARN_ON(1);
122 	return 0;
123 }
124 
125 u8 b43_plcp_get_ratecode_ofdm(const u8 bitrate)
126 {
127 	switch (bitrate) {
128 	case B43_OFDM_RATE_6MB:
129 		return 0xB;
130 	case B43_OFDM_RATE_9MB:
131 		return 0xF;
132 	case B43_OFDM_RATE_12MB:
133 		return 0xA;
134 	case B43_OFDM_RATE_18MB:
135 		return 0xE;
136 	case B43_OFDM_RATE_24MB:
137 		return 0x9;
138 	case B43_OFDM_RATE_36MB:
139 		return 0xD;
140 	case B43_OFDM_RATE_48MB:
141 		return 0x8;
142 	case B43_OFDM_RATE_54MB:
143 		return 0xC;
144 	}
145 	B43_WARN_ON(1);
146 	return 0;
147 }
148 
149 void b43_generate_plcp_hdr(struct b43_plcp_hdr4 *plcp,
150 			   const u16 octets, const u8 bitrate)
151 {
152 	__u8 *raw = plcp->raw;
153 
154 	if (b43_is_ofdm_rate(bitrate)) {
155 		u32 d;
156 
157 		d = b43_plcp_get_ratecode_ofdm(bitrate);
158 		B43_WARN_ON(octets & 0xF000);
159 		d |= (octets << 5);
160 		plcp->data = cpu_to_le32(d);
161 	} else {
162 		u32 plen;
163 
164 		plen = octets * 16 / bitrate;
165 		if ((octets * 16 % bitrate) > 0) {
166 			plen++;
167 			if ((bitrate == B43_CCK_RATE_11MB)
168 			    && ((octets * 8 % 11) < 4)) {
169 				raw[1] = 0x84;
170 			} else
171 				raw[1] = 0x04;
172 		} else
173 			raw[1] = 0x04;
174 		plcp->data |= cpu_to_le32(plen << 16);
175 		raw[0] = b43_plcp_get_ratecode_cck(bitrate);
176 	}
177 }
178 
179 /* TODO: verify if needed for SSLPN or LCN  */
180 static u16 b43_generate_tx_phy_ctl1(struct b43_wldev *dev, u8 bitrate)
181 {
182 	const struct b43_phy *phy = &dev->phy;
183 	const struct b43_tx_legacy_rate_phy_ctl_entry *e;
184 	u16 control = 0;
185 	u16 bw;
186 
187 	if (phy->type == B43_PHYTYPE_LP)
188 		bw = B43_TXH_PHY1_BW_20;
189 	else /* FIXME */
190 		bw = B43_TXH_PHY1_BW_20;
191 
192 	if (0) { /* FIXME: MIMO */
193 	} else if (b43_is_cck_rate(bitrate) && phy->type != B43_PHYTYPE_LP) {
194 		control = bw;
195 	} else {
196 		control = bw;
197 		e = b43_tx_legacy_rate_phy_ctl_ent(bitrate);
198 		if (e) {
199 			control |= e->coding_rate;
200 			control |= e->modulation;
201 		}
202 		control |= B43_TXH_PHY1_MODE_SISO;
203 	}
204 
205 	return control;
206 }
207 
208 static u8 b43_calc_fallback_rate(u8 bitrate)
209 {
210 	switch (bitrate) {
211 	case B43_CCK_RATE_1MB:
212 		return B43_CCK_RATE_1MB;
213 	case B43_CCK_RATE_2MB:
214 		return B43_CCK_RATE_1MB;
215 	case B43_CCK_RATE_5MB:
216 		return B43_CCK_RATE_2MB;
217 	case B43_CCK_RATE_11MB:
218 		return B43_CCK_RATE_5MB;
219 	case B43_OFDM_RATE_6MB:
220 		return B43_CCK_RATE_5MB;
221 	case B43_OFDM_RATE_9MB:
222 		return B43_OFDM_RATE_6MB;
223 	case B43_OFDM_RATE_12MB:
224 		return B43_OFDM_RATE_9MB;
225 	case B43_OFDM_RATE_18MB:
226 		return B43_OFDM_RATE_12MB;
227 	case B43_OFDM_RATE_24MB:
228 		return B43_OFDM_RATE_18MB;
229 	case B43_OFDM_RATE_36MB:
230 		return B43_OFDM_RATE_24MB;
231 	case B43_OFDM_RATE_48MB:
232 		return B43_OFDM_RATE_36MB;
233 	case B43_OFDM_RATE_54MB:
234 		return B43_OFDM_RATE_48MB;
235 	}
236 	B43_WARN_ON(1);
237 	return 0;
238 }
239 
240 /* Generate a TX data header. */
241 int b43_generate_txhdr(struct b43_wldev *dev,
242 		       u8 *_txhdr,
243 		       struct sk_buff *skb_frag,
244 		       struct ieee80211_tx_info *info,
245 		       u16 cookie)
246 {
247 	const unsigned char *fragment_data = skb_frag->data;
248 	unsigned int fragment_len = skb_frag->len;
249 	struct b43_txhdr *txhdr = (struct b43_txhdr *)_txhdr;
250 	const struct b43_phy *phy = &dev->phy;
251 	const struct ieee80211_hdr *wlhdr =
252 	    (const struct ieee80211_hdr *)fragment_data;
253 	int use_encryption = !!info->control.hw_key;
254 	__le16 fctl = wlhdr->frame_control;
255 	struct ieee80211_rate *fbrate;
256 	u8 rate, rate_fb;
257 	int rate_ofdm, rate_fb_ofdm;
258 	unsigned int plcp_fragment_len;
259 	u32 mac_ctl = 0;
260 	u16 phy_ctl = 0;
261 	bool fill_phy_ctl1 = (phy->type == B43_PHYTYPE_LP ||
262 			      phy->type == B43_PHYTYPE_N ||
263 			      phy->type == B43_PHYTYPE_HT);
264 	u8 extra_ft = 0;
265 	struct ieee80211_rate *txrate;
266 	struct ieee80211_tx_rate *rates;
267 
268 	memset(txhdr, 0, sizeof(*txhdr));
269 
270 	txrate = ieee80211_get_tx_rate(dev->wl->hw, info);
271 	rate = txrate ? txrate->hw_value : B43_CCK_RATE_1MB;
272 	rate_ofdm = b43_is_ofdm_rate(rate);
273 	fbrate = ieee80211_get_alt_retry_rate(dev->wl->hw, info, 0) ? : txrate;
274 	rate_fb = fbrate->hw_value;
275 	rate_fb_ofdm = b43_is_ofdm_rate(rate_fb);
276 
277 	if (rate_ofdm)
278 		txhdr->phy_rate = b43_plcp_get_ratecode_ofdm(rate);
279 	else
280 		txhdr->phy_rate = b43_plcp_get_ratecode_cck(rate);
281 	txhdr->mac_frame_ctl = wlhdr->frame_control;
282 	memcpy(txhdr->tx_receiver, wlhdr->addr1, ETH_ALEN);
283 
284 	/* Calculate duration for fallback rate */
285 	if ((rate_fb == rate) ||
286 	    (wlhdr->duration_id & cpu_to_le16(0x8000)) ||
287 	    (wlhdr->duration_id == cpu_to_le16(0))) {
288 		/* If the fallback rate equals the normal rate or the
289 		 * dur_id field contains an AID, CFP magic or 0,
290 		 * use the original dur_id field. */
291 		txhdr->dur_fb = wlhdr->duration_id;
292 	} else {
293 		txhdr->dur_fb = ieee80211_generic_frame_duration(
294 			dev->wl->hw, info->control.vif, info->band,
295 			fragment_len, fbrate);
296 	}
297 
298 	plcp_fragment_len = fragment_len + FCS_LEN;
299 	if (use_encryption) {
300 		u8 key_idx = info->control.hw_key->hw_key_idx;
301 		struct b43_key *key;
302 		int wlhdr_len;
303 		size_t iv_len;
304 
305 		B43_WARN_ON(key_idx >= ARRAY_SIZE(dev->key));
306 		key = &(dev->key[key_idx]);
307 
308 		if (unlikely(!key->keyconf)) {
309 			/* This key is invalid. This might only happen
310 			 * in a short timeframe after machine resume before
311 			 * we were able to reconfigure keys.
312 			 * Drop this packet completely. Do not transmit it
313 			 * unencrypted to avoid leaking information. */
314 			return -ENOKEY;
315 		}
316 
317 		/* Hardware appends ICV. */
318 		plcp_fragment_len += info->control.hw_key->icv_len;
319 
320 		key_idx = b43_kidx_to_fw(dev, key_idx);
321 		mac_ctl |= (key_idx << B43_TXH_MAC_KEYIDX_SHIFT) &
322 			   B43_TXH_MAC_KEYIDX;
323 		mac_ctl |= (key->algorithm << B43_TXH_MAC_KEYALG_SHIFT) &
324 			   B43_TXH_MAC_KEYALG;
325 		wlhdr_len = ieee80211_hdrlen(fctl);
326 		if (key->algorithm == B43_SEC_ALGO_TKIP) {
327 			u16 phase1key[5];
328 			int i;
329 			/* we give the phase1key and iv16 here, the key is stored in
330 			 * shm. With that the hardware can do phase 2 and encryption.
331 			 */
332 			ieee80211_get_tkip_p1k(info->control.hw_key, skb_frag, phase1key);
333 			/* phase1key is in host endian. Copy to little-endian txhdr->iv. */
334 			for (i = 0; i < 5; i++) {
335 				txhdr->iv[i * 2 + 0] = phase1key[i];
336 				txhdr->iv[i * 2 + 1] = phase1key[i] >> 8;
337 			}
338 			/* iv16 */
339 			memcpy(txhdr->iv + 10, ((u8 *) wlhdr) + wlhdr_len, 3);
340 		} else {
341 			iv_len = min_t(size_t, info->control.hw_key->iv_len,
342 				     ARRAY_SIZE(txhdr->iv));
343 			memcpy(txhdr->iv, ((u8 *) wlhdr) + wlhdr_len, iv_len);
344 		}
345 	}
346 	switch (dev->fw.hdr_format) {
347 	case B43_FW_HDR_598:
348 		b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_598.plcp),
349 				      plcp_fragment_len, rate);
350 		break;
351 	case B43_FW_HDR_351:
352 		b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_351.plcp),
353 				      plcp_fragment_len, rate);
354 		break;
355 	case B43_FW_HDR_410:
356 		b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->format_410.plcp),
357 				      plcp_fragment_len, rate);
358 		break;
359 	}
360 	b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)(&txhdr->plcp_fb),
361 			      plcp_fragment_len, rate_fb);
362 
363 	/* Extra Frame Types */
364 	if (rate_fb_ofdm)
365 		extra_ft |= B43_TXH_EFT_FB_OFDM;
366 	else
367 		extra_ft |= B43_TXH_EFT_FB_CCK;
368 
369 	/* Set channel radio code. Note that the micrcode ORs 0x100 to
370 	 * this value before comparing it to the value in SHM, if this
371 	 * is a 5Ghz packet.
372 	 */
373 	txhdr->chan_radio_code = phy->channel;
374 
375 	/* PHY TX Control word */
376 	if (rate_ofdm)
377 		phy_ctl |= B43_TXH_PHY_ENC_OFDM;
378 	else
379 		phy_ctl |= B43_TXH_PHY_ENC_CCK;
380 	if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
381 		phy_ctl |= B43_TXH_PHY_SHORTPRMBL;
382 
383 	switch (b43_ieee80211_antenna_sanitize(dev, 0)) {
384 	case 0: /* Default */
385 		phy_ctl |= B43_TXH_PHY_ANT01AUTO;
386 		break;
387 	case 1: /* Antenna 0 */
388 		phy_ctl |= B43_TXH_PHY_ANT0;
389 		break;
390 	case 2: /* Antenna 1 */
391 		phy_ctl |= B43_TXH_PHY_ANT1;
392 		break;
393 	case 3: /* Antenna 2 */
394 		phy_ctl |= B43_TXH_PHY_ANT2;
395 		break;
396 	case 4: /* Antenna 3 */
397 		phy_ctl |= B43_TXH_PHY_ANT3;
398 		break;
399 	default:
400 		B43_WARN_ON(1);
401 	}
402 
403 	rates = info->control.rates;
404 	/* MAC control */
405 	if (!(info->flags & IEEE80211_TX_CTL_NO_ACK))
406 		mac_ctl |= B43_TXH_MAC_ACK;
407 	/* use hardware sequence counter as the non-TID counter */
408 	if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)
409 		mac_ctl |= B43_TXH_MAC_HWSEQ;
410 	if (info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT)
411 		mac_ctl |= B43_TXH_MAC_STMSDU;
412 	if (!phy->gmode)
413 		mac_ctl |= B43_TXH_MAC_5GHZ;
414 
415 	/* Overwrite rates[0].count to make the retry calculation
416 	 * in the tx status easier. need the actual retry limit to
417 	 * detect whether the fallback rate was used.
418 	 */
419 	if ((rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
420 	    (rates[0].count <= dev->wl->hw->conf.long_frame_max_tx_count)) {
421 		rates[0].count = dev->wl->hw->conf.long_frame_max_tx_count;
422 		mac_ctl |= B43_TXH_MAC_LONGFRAME;
423 	} else {
424 		rates[0].count = dev->wl->hw->conf.short_frame_max_tx_count;
425 	}
426 
427 	/* Generate the RTS or CTS-to-self frame */
428 	if ((rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
429 	    (rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)) {
430 		unsigned int len;
431 		struct ieee80211_hdr *uninitialized_var(hdr);
432 		int rts_rate, rts_rate_fb;
433 		int rts_rate_ofdm, rts_rate_fb_ofdm;
434 		struct b43_plcp_hdr6 *uninitialized_var(plcp);
435 		struct ieee80211_rate *rts_cts_rate;
436 
437 		rts_cts_rate = ieee80211_get_rts_cts_rate(dev->wl->hw, info);
438 
439 		rts_rate = rts_cts_rate ? rts_cts_rate->hw_value : B43_CCK_RATE_1MB;
440 		rts_rate_ofdm = b43_is_ofdm_rate(rts_rate);
441 		rts_rate_fb = b43_calc_fallback_rate(rts_rate);
442 		rts_rate_fb_ofdm = b43_is_ofdm_rate(rts_rate_fb);
443 
444 		if (rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
445 			struct ieee80211_cts *uninitialized_var(cts);
446 
447 			switch (dev->fw.hdr_format) {
448 			case B43_FW_HDR_598:
449 				cts = (struct ieee80211_cts *)
450 					(txhdr->format_598.rts_frame);
451 				break;
452 			case B43_FW_HDR_351:
453 				cts = (struct ieee80211_cts *)
454 					(txhdr->format_351.rts_frame);
455 				break;
456 			case B43_FW_HDR_410:
457 				cts = (struct ieee80211_cts *)
458 					(txhdr->format_410.rts_frame);
459 				break;
460 			}
461 			ieee80211_ctstoself_get(dev->wl->hw, info->control.vif,
462 						fragment_data, fragment_len,
463 						info, cts);
464 			mac_ctl |= B43_TXH_MAC_SENDCTS;
465 			len = sizeof(struct ieee80211_cts);
466 		} else {
467 			struct ieee80211_rts *uninitialized_var(rts);
468 
469 			switch (dev->fw.hdr_format) {
470 			case B43_FW_HDR_598:
471 				rts = (struct ieee80211_rts *)
472 					(txhdr->format_598.rts_frame);
473 				break;
474 			case B43_FW_HDR_351:
475 				rts = (struct ieee80211_rts *)
476 					(txhdr->format_351.rts_frame);
477 				break;
478 			case B43_FW_HDR_410:
479 				rts = (struct ieee80211_rts *)
480 					(txhdr->format_410.rts_frame);
481 				break;
482 			}
483 			ieee80211_rts_get(dev->wl->hw, info->control.vif,
484 					  fragment_data, fragment_len,
485 					  info, rts);
486 			mac_ctl |= B43_TXH_MAC_SENDRTS;
487 			len = sizeof(struct ieee80211_rts);
488 		}
489 		len += FCS_LEN;
490 
491 		/* Generate the PLCP headers for the RTS/CTS frame */
492 		switch (dev->fw.hdr_format) {
493 		case B43_FW_HDR_598:
494 			plcp = &txhdr->format_598.rts_plcp;
495 			break;
496 		case B43_FW_HDR_351:
497 			plcp = &txhdr->format_351.rts_plcp;
498 			break;
499 		case B43_FW_HDR_410:
500 			plcp = &txhdr->format_410.rts_plcp;
501 			break;
502 		}
503 		b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)plcp,
504 				      len, rts_rate);
505 		plcp = &txhdr->rts_plcp_fb;
506 		b43_generate_plcp_hdr((struct b43_plcp_hdr4 *)plcp,
507 				      len, rts_rate_fb);
508 
509 		switch (dev->fw.hdr_format) {
510 		case B43_FW_HDR_598:
511 			hdr = (struct ieee80211_hdr *)
512 				(&txhdr->format_598.rts_frame);
513 			break;
514 		case B43_FW_HDR_351:
515 			hdr = (struct ieee80211_hdr *)
516 				(&txhdr->format_351.rts_frame);
517 			break;
518 		case B43_FW_HDR_410:
519 			hdr = (struct ieee80211_hdr *)
520 				(&txhdr->format_410.rts_frame);
521 			break;
522 		}
523 		txhdr->rts_dur_fb = hdr->duration_id;
524 
525 		if (rts_rate_ofdm) {
526 			extra_ft |= B43_TXH_EFT_RTS_OFDM;
527 			txhdr->phy_rate_rts =
528 			    b43_plcp_get_ratecode_ofdm(rts_rate);
529 		} else {
530 			extra_ft |= B43_TXH_EFT_RTS_CCK;
531 			txhdr->phy_rate_rts =
532 			    b43_plcp_get_ratecode_cck(rts_rate);
533 		}
534 		if (rts_rate_fb_ofdm)
535 			extra_ft |= B43_TXH_EFT_RTSFB_OFDM;
536 		else
537 			extra_ft |= B43_TXH_EFT_RTSFB_CCK;
538 
539 		if (rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS &&
540 		    fill_phy_ctl1) {
541 			txhdr->phy_ctl1_rts = cpu_to_le16(
542 				b43_generate_tx_phy_ctl1(dev, rts_rate));
543 			txhdr->phy_ctl1_rts_fb = cpu_to_le16(
544 				b43_generate_tx_phy_ctl1(dev, rts_rate_fb));
545 		}
546 	}
547 
548 	/* Magic cookie */
549 	switch (dev->fw.hdr_format) {
550 	case B43_FW_HDR_598:
551 		txhdr->format_598.cookie = cpu_to_le16(cookie);
552 		break;
553 	case B43_FW_HDR_351:
554 		txhdr->format_351.cookie = cpu_to_le16(cookie);
555 		break;
556 	case B43_FW_HDR_410:
557 		txhdr->format_410.cookie = cpu_to_le16(cookie);
558 		break;
559 	}
560 
561 	if (fill_phy_ctl1) {
562 		txhdr->phy_ctl1 =
563 			cpu_to_le16(b43_generate_tx_phy_ctl1(dev, rate));
564 		txhdr->phy_ctl1_fb =
565 			cpu_to_le16(b43_generate_tx_phy_ctl1(dev, rate_fb));
566 	}
567 
568 	/* Apply the bitfields */
569 	txhdr->mac_ctl = cpu_to_le32(mac_ctl);
570 	txhdr->phy_ctl = cpu_to_le16(phy_ctl);
571 	txhdr->extra_ft = extra_ft;
572 
573 	return 0;
574 }
575 
576 static s8 b43_rssi_postprocess(struct b43_wldev *dev,
577 			       u8 in_rssi, int ofdm,
578 			       int adjust_2053, int adjust_2050)
579 {
580 	struct b43_phy *phy = &dev->phy;
581 	struct b43_phy_g *gphy = phy->g;
582 	s32 tmp;
583 
584 	switch (phy->radio_ver) {
585 	case 0x2050:
586 		if (ofdm) {
587 			tmp = in_rssi;
588 			if (tmp > 127)
589 				tmp -= 256;
590 			tmp *= 73;
591 			tmp /= 64;
592 			if (adjust_2050)
593 				tmp += 25;
594 			else
595 				tmp -= 3;
596 		} else {
597 			if (dev->dev->bus_sprom->
598 			    boardflags_lo & B43_BFL_RSSI) {
599 				if (in_rssi > 63)
600 					in_rssi = 63;
601 				B43_WARN_ON(phy->type != B43_PHYTYPE_G);
602 				tmp = gphy->nrssi_lt[in_rssi];
603 				tmp = 31 - tmp;
604 				tmp *= -131;
605 				tmp /= 128;
606 				tmp -= 57;
607 			} else {
608 				tmp = in_rssi;
609 				tmp = 31 - tmp;
610 				tmp *= -149;
611 				tmp /= 128;
612 				tmp -= 68;
613 			}
614 			if (phy->type == B43_PHYTYPE_G && adjust_2050)
615 				tmp += 25;
616 		}
617 		break;
618 	case 0x2060:
619 		if (in_rssi > 127)
620 			tmp = in_rssi - 256;
621 		else
622 			tmp = in_rssi;
623 		break;
624 	default:
625 		tmp = in_rssi;
626 		tmp -= 11;
627 		tmp *= 103;
628 		tmp /= 64;
629 		if (adjust_2053)
630 			tmp -= 109;
631 		else
632 			tmp -= 83;
633 	}
634 
635 	return (s8) tmp;
636 }
637 
638 //TODO
639 #if 0
640 static s8 b43_rssinoise_postprocess(struct b43_wldev *dev, u8 in_rssi)
641 {
642 	struct b43_phy *phy = &dev->phy;
643 	s8 ret;
644 
645 	if (phy->type == B43_PHYTYPE_A) {
646 		//TODO: Incomplete specs.
647 		ret = 0;
648 	} else
649 		ret = b43_rssi_postprocess(dev, in_rssi, 0, 1, 1);
650 
651 	return ret;
652 }
653 #endif
654 
655 void b43_rx(struct b43_wldev *dev, struct sk_buff *skb, const void *_rxhdr)
656 {
657 	struct ieee80211_rx_status status;
658 	struct b43_plcp_hdr6 *plcp;
659 	struct ieee80211_hdr *wlhdr;
660 	const struct b43_rxhdr_fw4 *rxhdr = _rxhdr;
661 	__le16 fctl;
662 	u16 phystat0, phystat3;
663 	u16 uninitialized_var(chanstat), uninitialized_var(mactime);
664 	u32 uninitialized_var(macstat);
665 	u16 chanid;
666 	u16 phytype;
667 	int padding, rate_idx;
668 
669 	memset(&status, 0, sizeof(status));
670 
671 	/* Get metadata about the frame from the header. */
672 	phystat0 = le16_to_cpu(rxhdr->phy_status0);
673 	phystat3 = le16_to_cpu(rxhdr->phy_status3);
674 	switch (dev->fw.hdr_format) {
675 	case B43_FW_HDR_598:
676 		macstat = le32_to_cpu(rxhdr->format_598.mac_status);
677 		mactime = le16_to_cpu(rxhdr->format_598.mac_time);
678 		chanstat = le16_to_cpu(rxhdr->format_598.channel);
679 		break;
680 	case B43_FW_HDR_410:
681 	case B43_FW_HDR_351:
682 		macstat = le32_to_cpu(rxhdr->format_351.mac_status);
683 		mactime = le16_to_cpu(rxhdr->format_351.mac_time);
684 		chanstat = le16_to_cpu(rxhdr->format_351.channel);
685 		break;
686 	}
687 	phytype = chanstat & B43_RX_CHAN_PHYTYPE;
688 
689 	if (unlikely(macstat & B43_RX_MAC_FCSERR)) {
690 		dev->wl->ieee_stats.dot11FCSErrorCount++;
691 		status.flag |= RX_FLAG_FAILED_FCS_CRC;
692 	}
693 	if (unlikely(phystat0 & (B43_RX_PHYST0_PLCPHCF | B43_RX_PHYST0_PLCPFV)))
694 		status.flag |= RX_FLAG_FAILED_PLCP_CRC;
695 	if (phystat0 & B43_RX_PHYST0_SHORTPRMBL)
696 		status.flag |= RX_FLAG_SHORTPRE;
697 	if (macstat & B43_RX_MAC_DECERR) {
698 		/* Decryption with the given key failed.
699 		 * Drop the packet. We also won't be able to decrypt it with
700 		 * the key in software. */
701 		goto drop;
702 	}
703 
704 	/* Skip PLCP and padding */
705 	padding = (macstat & B43_RX_MAC_PADDING) ? 2 : 0;
706 	if (unlikely(skb->len < (sizeof(struct b43_plcp_hdr6) + padding))) {
707 		b43dbg(dev->wl, "RX: Packet size underrun (1)\n");
708 		goto drop;
709 	}
710 	plcp = (struct b43_plcp_hdr6 *)(skb->data + padding);
711 	skb_pull(skb, sizeof(struct b43_plcp_hdr6) + padding);
712 	/* The skb contains the Wireless Header + payload data now */
713 	if (unlikely(skb->len < (2 + 2 + 6 /*minimum hdr */  + FCS_LEN))) {
714 		b43dbg(dev->wl, "RX: Packet size underrun (2)\n");
715 		goto drop;
716 	}
717 	wlhdr = (struct ieee80211_hdr *)(skb->data);
718 	fctl = wlhdr->frame_control;
719 
720 	if (macstat & B43_RX_MAC_DEC) {
721 		unsigned int keyidx;
722 		int wlhdr_len;
723 
724 		keyidx = ((macstat & B43_RX_MAC_KEYIDX)
725 			  >> B43_RX_MAC_KEYIDX_SHIFT);
726 		/* We must adjust the key index here. We want the "physical"
727 		 * key index, but the ucode passed it slightly different.
728 		 */
729 		keyidx = b43_kidx_to_raw(dev, keyidx);
730 		B43_WARN_ON(keyidx >= ARRAY_SIZE(dev->key));
731 
732 		if (dev->key[keyidx].algorithm != B43_SEC_ALGO_NONE) {
733 			wlhdr_len = ieee80211_hdrlen(fctl);
734 			if (unlikely(skb->len < (wlhdr_len + 3))) {
735 				b43dbg(dev->wl,
736 				       "RX: Packet size underrun (3)\n");
737 				goto drop;
738 			}
739 			status.flag |= RX_FLAG_DECRYPTED;
740 		}
741 	}
742 
743 	/* Link quality statistics */
744 	switch (chanstat & B43_RX_CHAN_PHYTYPE) {
745 	case B43_PHYTYPE_HT:
746 		/* TODO: is max the right choice? */
747 		status.signal = max_t(__s8,
748 			max(rxhdr->phy_ht_power0, rxhdr->phy_ht_power1),
749 			rxhdr->phy_ht_power2);
750 		break;
751 	case B43_PHYTYPE_N:
752 		/* Broadcom has code for min and avg, but always uses max */
753 		if (rxhdr->power0 == 16 || rxhdr->power0 == 32)
754 			status.signal = max(rxhdr->power1, rxhdr->power2);
755 		else
756 			status.signal = max(rxhdr->power0, rxhdr->power1);
757 		break;
758 	case B43_PHYTYPE_A:
759 	case B43_PHYTYPE_B:
760 	case B43_PHYTYPE_G:
761 	case B43_PHYTYPE_LP:
762 		status.signal = b43_rssi_postprocess(dev, rxhdr->jssi,
763 						  (phystat0 & B43_RX_PHYST0_OFDM),
764 						  (phystat0 & B43_RX_PHYST0_GAINCTL),
765 						  (phystat3 & B43_RX_PHYST3_TRSTATE));
766 		break;
767 	}
768 
769 	if (phystat0 & B43_RX_PHYST0_OFDM)
770 		rate_idx = b43_plcp_get_bitrate_idx_ofdm(plcp,
771 					!!(chanstat & B43_RX_CHAN_5GHZ));
772 	else
773 		rate_idx = b43_plcp_get_bitrate_idx_cck(plcp);
774 	if (unlikely(rate_idx == -1)) {
775 		/* PLCP seems to be corrupted.
776 		 * Drop the frame, if we are not interested in corrupted frames. */
777 		if (!(dev->wl->filter_flags & FIF_PLCPFAIL))
778 			goto drop;
779 	}
780 	status.rate_idx = rate_idx;
781 	status.antenna = !!(phystat0 & B43_RX_PHYST0_ANT);
782 
783 	/*
784 	 * All frames on monitor interfaces and beacons always need a full
785 	 * 64-bit timestamp. Monitor interfaces need it for diagnostic
786 	 * purposes and beacons for IBSS merging.
787 	 * This code assumes we get to process the packet within 16 bits
788 	 * of timestamp, i.e. about 65 milliseconds after the PHY received
789 	 * the first symbol.
790 	 */
791 	if (ieee80211_is_beacon(fctl) || dev->wl->radiotap_enabled) {
792 		u16 low_mactime_now;
793 
794 		b43_tsf_read(dev, &status.mactime);
795 		low_mactime_now = status.mactime;
796 		status.mactime = status.mactime & ~0xFFFFULL;
797 		status.mactime += mactime;
798 		if (low_mactime_now <= mactime)
799 			status.mactime -= 0x10000;
800 		status.flag |= RX_FLAG_MACTIME_START;
801 	}
802 
803 	chanid = (chanstat & B43_RX_CHAN_ID) >> B43_RX_CHAN_ID_SHIFT;
804 	switch (chanstat & B43_RX_CHAN_PHYTYPE) {
805 	case B43_PHYTYPE_A:
806 		status.band = IEEE80211_BAND_5GHZ;
807 		B43_WARN_ON(1);
808 		/* FIXME: We don't really know which value the "chanid" contains.
809 		 *        So the following assignment might be wrong. */
810 		status.freq =
811 			ieee80211_channel_to_frequency(chanid, status.band);
812 		break;
813 	case B43_PHYTYPE_G:
814 		status.band = IEEE80211_BAND_2GHZ;
815 		/* Somewhere between 478.104 and 508.1084 firmware for G-PHY
816 		 * has been modified to be compatible with N-PHY and others.
817 		 */
818 		if (dev->fw.rev >= 508)
819 			status.freq = ieee80211_channel_to_frequency(chanid, status.band);
820 		else
821 			status.freq = chanid + 2400;
822 		break;
823 	case B43_PHYTYPE_N:
824 	case B43_PHYTYPE_LP:
825 	case B43_PHYTYPE_HT:
826 		/* chanid is the SHM channel cookie. Which is the plain
827 		 * channel number in b43. */
828 		if (chanstat & B43_RX_CHAN_5GHZ)
829 			status.band = IEEE80211_BAND_5GHZ;
830 		else
831 			status.band = IEEE80211_BAND_2GHZ;
832 		status.freq =
833 			ieee80211_channel_to_frequency(chanid, status.band);
834 		break;
835 	default:
836 		B43_WARN_ON(1);
837 		goto drop;
838 	}
839 
840 	memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
841 	ieee80211_rx_ni(dev->wl->hw, skb);
842 
843 #if B43_DEBUG
844 	dev->rx_count++;
845 #endif
846 	return;
847 drop:
848 	dev_kfree_skb_any(skb);
849 }
850 
851 void b43_handle_txstatus(struct b43_wldev *dev,
852 			 const struct b43_txstatus *status)
853 {
854 	b43_debugfs_log_txstat(dev, status);
855 
856 	if (status->intermediate)
857 		return;
858 	if (status->for_ampdu)
859 		return;
860 	if (!status->acked)
861 		dev->wl->ieee_stats.dot11ACKFailureCount++;
862 	if (status->rts_count) {
863 		if (status->rts_count == 0xF)	//FIXME
864 			dev->wl->ieee_stats.dot11RTSFailureCount++;
865 		else
866 			dev->wl->ieee_stats.dot11RTSSuccessCount++;
867 	}
868 
869 	if (b43_using_pio_transfers(dev))
870 		b43_pio_handle_txstatus(dev, status);
871 	else
872 		b43_dma_handle_txstatus(dev, status);
873 
874 	b43_phy_txpower_check(dev, 0);
875 }
876 
877 /* Fill out the mac80211 TXstatus report based on the b43-specific
878  * txstatus report data. This returns a boolean whether the frame was
879  * successfully transmitted. */
880 bool b43_fill_txstatus_report(struct b43_wldev *dev,
881 			      struct ieee80211_tx_info *report,
882 			      const struct b43_txstatus *status)
883 {
884 	bool frame_success = true;
885 	int retry_limit;
886 
887 	/* preserve the confiured retry limit before clearing the status
888 	 * The xmit function has overwritten the rc's value with the actual
889 	 * retry limit done by the hardware */
890 	retry_limit = report->status.rates[0].count;
891 	ieee80211_tx_info_clear_status(report);
892 
893 	if (status->acked) {
894 		/* The frame was ACKed. */
895 		report->flags |= IEEE80211_TX_STAT_ACK;
896 	} else {
897 		/* The frame was not ACKed... */
898 		if (!(report->flags & IEEE80211_TX_CTL_NO_ACK)) {
899 			/* ...but we expected an ACK. */
900 			frame_success = false;
901 		}
902 	}
903 	if (status->frame_count == 0) {
904 		/* The frame was not transmitted at all. */
905 		report->status.rates[0].count = 0;
906 	} else if (status->rts_count > dev->wl->hw->conf.short_frame_max_tx_count) {
907 		/*
908 		 * If the short retries (RTS, not data frame) have exceeded
909 		 * the limit, the hw will not have tried the selected rate,
910 		 * but will have used the fallback rate instead.
911 		 * Don't let the rate control count attempts for the selected
912 		 * rate in this case, otherwise the statistics will be off.
913 		 */
914 		report->status.rates[0].count = 0;
915 		report->status.rates[1].count = status->frame_count;
916 	} else {
917 		if (status->frame_count > retry_limit) {
918 			report->status.rates[0].count = retry_limit;
919 			report->status.rates[1].count = status->frame_count -
920 					retry_limit;
921 
922 		} else {
923 			report->status.rates[0].count = status->frame_count;
924 			report->status.rates[1].idx = -1;
925 		}
926 	}
927 
928 	return frame_success;
929 }
930 
931 /* Stop any TX operation on the device (suspend the hardware queues) */
932 void b43_tx_suspend(struct b43_wldev *dev)
933 {
934 	if (b43_using_pio_transfers(dev))
935 		b43_pio_tx_suspend(dev);
936 	else
937 		b43_dma_tx_suspend(dev);
938 }
939 
940 /* Resume any TX operation on the device (resume the hardware queues) */
941 void b43_tx_resume(struct b43_wldev *dev)
942 {
943 	if (b43_using_pio_transfers(dev))
944 		b43_pio_tx_resume(dev);
945 	else
946 		b43_dma_tx_resume(dev);
947 }
948