MFC r346073:
urtw(4), otus(4), iwi(4): allow to set non-default MAC address via ifconfig(8)

Was tested with Netgear WG111 v3 (RTL8187B, urtw(4)), STA mode.

MFC r343474:
Remove 2GHz channel list copies from wireless drivers.

Wrap ieee80211_add_channel_list_2ghz into another function
which supplies default (1-14) channel list to it and drop
its copies from drivers.

MFC r342185:
iwi(4): do not leak node reference when IWI_FLAG_ASSOCIATED flag is set.

MFC r331797:

Use an accessor function to access ifr_data.

This fixes 32-bit compat (no ioctl command defintions are required
as struct ifreq is the same size).

Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14900

Revert r330897:

This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.

Revert with prejudice.

This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.

Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.

Requested by: gjb (re)

Partial merge of the SPDX changes

These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.

No objections from: pfg

MFC r320743:

Fix drivers that assume ticks starts at zero. These drivers all have logic
similar to "if (ticks > localvar+interval) {localvar=ticks; ...}" where
localvar is initialized to zero. Ticks is initialized to a negative value
since r278230, and that leads to these if statements never being true.

MFC r313906:
iwi, ral, zyd: fix possible use-after-free.

MFC r313694:
iwi: add 12-14 2GHz channels into channel list.

Return full channel list via iwi_getradiocaps() method
(ieee80211_init_channels() was replaced with iwi_getradiocaps()
to be consistent with other drivers).

PR: 216923
Submitted and tested by: ds@ukrhub.net (original patch)

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

net80211 + drivers: hide size of 'bands' array behind a macro.

Auto-replace 'howmany(IEEE80211_MODE_MAX, 8)' with 'IEEE80211_MODE_BYTES'.
No functional changes.

net80211 drivers: fix ieee80211_init_channels() usage

Fix out-of-bounds read (all) / write (11n capable) for drivers
that are using ieee80211_init_channels() to initialize channel list.

Tested with:
* RTL8188EU, STA mode.
* RTL8188CUS, STA mode.
* WUSB54GC, HOSTAP mode.

Approved by: adrian (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D4818

net80211: WME callback cleanup in various drivers

Since r288350, ic_wme_task() is called via ieee80211_runtask(),
so, any additional deferring from the driver side is not needed.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D4072

net80211 & wireless drivers: remove duplicate defines (noop)

* IEEE80211_DIR_DSTODS(wh) -> IEEE80211_IS_DSTODS(wh).
* N(a) -> nitems(a).
* Remove LE_READ_2(p)/LE_READ_4(p) definitions (and include ieee80211_input.h instead).
* <drvname>_TXOP_TO_US(txop) -> IEEE80211_TXOP_TO_US(txop).
* Put IEEE80211_RV(v) into ieee80211_proto.h and remove local RV(v) definitions.

Submitted by: Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision: https://reviews.freebsd.org/D3705

Replay r286410. Change KPI of how device drivers that provide wireless
connectivity interact with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
driver about any changes: number of wlan(4) interfaces, number of them
in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
driver experiences errors and can not attribute them to any specific
interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to pluknet@, Oliver Hartmann,
Olivier Cochard, gjb@, mmoll@, op@ and lev@, who also participated in
testing.

Reviewed by: adrian
Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Revert the wifi ifnet changes until things are more baked and tested.

* 286410
* 286413
* 286416

The initial commit broke a variety of debug and features that aren't
in the GENERIC kernels but are enabled in other platforms.

Change KPI of how device drivers that provide wireless connectivity interact
with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
driver about any changes: number of wlan(4) interfaces, number of them
in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
driver experiences errors and can not attribute them to any specific
interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to Olivier Cochard, gjb@, mmoll@,
op@ and lev@, who also participated in testing. Details here:

https://wiki.freebsd.org/projects/ifnet/net80211

Still, drivers: ndis, wtap, mwl, ipw, bwn, wi, upgt, uath were not
tested. Changes to mwl, ipw, bwn, wi, upgt are trivial and chances
of problems are low. The wtap wasn't compilable even before this change.
But the ndis driver is complex, and it is likely to be broken with this
commit. Help with testing and debugging it is appreciated.

Differential Revision: D2655, D2740
Sponsored by: Nginx, Inc.
Sponsored by: Netflix

Make the last revision compilable.

Remove extra argument from iwi_wme_setparams(), a softc has 1 to 1
accordance with ieee80211com.

The argument passed to the iwi_update_wme() is softc, not ieee80211com.

This fatal mismatch appeared to be absolutely harmless, since both structs
have pointer to struct ifnet as their first member, and they both point to
the same ifnet. And the first member is the only one used from the argument.

Set ic_softc in all 802.11 drivers. Not required right now, but will be
used quite soon.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Make net80211 drivers supply their device name to the net80211 layer, so
that the latter doesn't need to go through struct ifnet to get their name.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Mechanically convert to if_inc_counter().

Fix sizeof modifier for sizeof() in printf

Add support to export the contents of the notification updates from the firmware.

Right now the NIC isn't actually exporting useful data. I'm not quite sure
why this is. :(

Rename definition of IEEE80211_FC1_WEP to IEEE80211_FC1_PROTECTED.

The origin of WEP comes from IEEE Std 802.11-1997 where it defines
whether the frame body of MAC frame has been encrypted using WEP
algorithm or not.
IEEE Std. 802.11-2007 changes WEP to Protected Frame, indicates
whether the frame is protected by a cryptographic encapsulation
algorithm.

Reviewed by: adrian, rpaulo

- Probe with BUS_PROBE_DEFAULT instead of 0.
- Nuke code setting PCI_POWERSTATE_D0; pci(4) already does that for type 0
devices.
- Use PCIR_BAR instead of a homegrown macro.
- There's no need to keep track of resource IDs.
- Quiesce the interrupt before actually detaching.
- Use DEVMETHOD_END.
- Use NULL instead of 0 for pointers.

MFC after: 1 week

The bssid can change from underneath us, so take a reference before
we fiddle with it.

The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags in sys/dev.

Use suspend/resume methods provided by net80211. This ensures that the
appropriate state handling takes place, not doing so results in the
device doing nothing until manual intervention.

Reviewed by: iwasaki
Tested by: iwasaki (iwi)
MFC after: 4 weeks

Fix wrong asresp frame parsing in iwi_checkforqos().

After 8.0-RELEASE, iwi(4) doesn't send any data frames in infrastructure
mode.

Bacause of the condition `while (frm < efrm)', IEEE80211_VERIFY_LENGTH()
was checking item length beyond the ieee80211_frame region, and returned
from iwi_checkforqos() without setting flags, capinfo and associd.

In infrastructure mode associd is required, so this problem causes
discarding mbuf in ieee80211_start().

PR: kern/165819
Tested/Reviewed/Supported by: bschmidt and adrian
MFC after: 1 week

Fix some net80211 enum nits:
- ic_vap_create() uses an ieee80211_opmode argument
- ieee80211_rate2media() takes an ieee80211_phymode argument
- ieee80211_plcp2rate() takes an ieee80211_phytype argument
- cast to enum ieee80211_protmode and ieee80211_roamingmode to silence
compiler warnings

Submitted by: arundel@

Add module version to iwi/ipw/wpi and iwn.

The version is used to check if a module is already preset, not setting
it results in:

can't re-use a leaf (ipw)!
module_register: module pci/ipw already exists!
Module pci/ipw failed to register: 17

while trying to load the module due to an entry in loader.conf. With this
commit we get the expected:

module ipw already present!

Reported by: Dru Lavigne, bz
Tested by: bz
MFC after: 1 week

sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.

Commit the rest of the devices.

The firmware does pad notifications to an even number of bytes (at least
the association notification), the included information though always
contains an elem block with an odd number of bytes. We handle the last
byte as if it might contain a whole elem block, this of course is not
true as one byte is not enough to hold a block, we therefore discard the
complete frame. The solution here is to subtract one from the actual
notification length, this is also what the Linux driver does. With this
change the frames ends exactly where the last elem block ends.

This commit also reverts r214160 which is no longer required and now even
wrong.

MFC after: 1 week

The firmware always sets bit 14 and 15, to get the real associd we need
to clear those bits.

MFC after: 1 week

Instead of calling return when reaching the end of the assoc notification
break the loop instead. We want to run the code after the while loop
to set an associd and capinfo. If we don't do this net80211 will drop
frames because it assumes the node has not yet been associated.

MFC after: 1 week

Fix monitor mode which is implemented by doing a firmware scan. This
is a port of stable/6, seems like the code got lost during the
background scan changes in r170530.

Pointed out by: danfe
MFC after: 2 weeks

Add new tunable 'net.link.ifqmaxlen' to set default send interface
queue length. The default value for this parameter is 50, which is
quite low for many of today's uses and the only way to modify this
parameter right now is to edit if_var.h file. Also add read-only
sysctl with the same name, so that it's possible to retrieve the
current value.

MFC after: 1 month

For ic_opmode switch cases, provide a default label with a printf saying
this opmode is not supported.

Approved by: re (kib)

o remove bpf tap call missed in r192468
o correct rssi taken from rx descriptor; need dbm

Overhaul monitor mode handling:
o replace DLT_IEEE802_11 support in net80211 with DLT_IEEE802_11_RADIO
and remove explicit bpf support from wireless drivers; drivers now
use ieee80211_radiotap_attach to setup shared data structures that
hold the radiotap header for each packet tx/rx
o remove rx timestamp from the rx path; it was used only by the tdma support
for debugging and was mostly useless due to it being 32-bits and mostly
unavailable
o track DLT_IEEE80211_RADIO bpf attachments and maintain per-vap and
per-com state when there are active taps
o track the number of monitor mode vaps
o use bpf tap and monitor mode vap state to decide when to collect radiotap
state and dispatch frames; drivers no longer explicitly directly check
bpf state or use bpf calls to tap frames
o handle radiotap state updates on channel change in net80211; drivers
should not do this (unless they bypass net80211 which is almost always
a mistake)
o update various drivers to be more consistent/correct in handling radiotap
o update ral to include TSF in radiotap'd frames
o add promisc mode callback to wi

Reviewed by: cbzimmer, rpaulo, thompsa

Abort any scan on a fatal firmware. ic_scan_curchan is overridden to perform
the scan in firmware and this relies on the firmware to wake up the scan task
on completion.

push wme parameter setting to the taskq thread; the update callback from
net80211 can happen from the ithread and submitting the fw cmd requires
a sleepable context

Drain the tasks before the interface stop call in case a restart was queued.

Create a taskqueue for each wireless interface which provides a serialised
sleepable context for net80211 driver callbacks. This removes the need for USB
and firmware based drivers to roll their own code to defer the chip programming
for state changes, scan requests, channel changes and mcast/promisc updates.
When a driver callback completes the hardware state is now guaranteed to have
been updated and is in sync with net80211 layer.

This nukes around 1300 lines of code from the wireless device drivers making
them more readable and less race prone.

The net80211 layer has been updated as follows
- all state/channel changes are serialised on the taskqueue.
- ieee80211_new_state() always queues and can now be called from any context
- scanning runs from a single taskq function and executes to completion. driver
callbacks are synchronous so the channel, phy mode and rx filters are
guaranteed to be set in hardware before probe request frames are
transmitted.

Help and contributions from Sam Leffler.

Reviewed by: sam

Hoist 802.11 encapsulation up into net80211:
o call ieee80211_encap in ieee80211_start so frames passed down to drivers
are already encapsulated
o remove ieee80211_encap calls in drivers
o fixup wi so it recreates the 802.3 head it requires from the 802.11
header contents
o move fast-frame aggregation from ath to net80211 (conditional on
IEEE80211_SUPPORT_SUPERG):
- aggregation is now done in ieee80211_start; it is enabled when the
packets/sec exceeds ieee80211_ffppsmin (net.wlan.ffppsmin) and frames
are held on a staging queue according to ieee80211_ffagemax
(net.wlan.ffagemax) to wait for a frame to combine with
- drivers must call back to age/flush the staging queue (ath does this
on tx done, at swba, and on rx according to the state of the tx queues
and/or the contents of the staging queue)
- remove fast-frame-related data structures from ath
- add ieee80211_ff_node_init and ieee80211_ff_node_cleanup to handle
per-node fast-frames state (we reuse 11n tx ampdu state)
o change ieee80211_encap calling convention to include an explicit vap
so frames coming through a WDS vap are recognized w/o setting M_WDS

With these changes any device able to tx/rx 3Kbyte+ frames can use fast-frames.

Reviewed by: thompsa, rpaulo, avatar, imp, sephe

Eliminate ic_myaddr so changing the mac address of a device works correctly:
o remove ic_myaddr from ieee80211com
o change ieee80211_ifattach to take the mac address of the physical device
and use that to setup the lladdr.
o replace all references to ic_myaddr in drivers by IF_LLADDR
o related cleanups (e.g. kill dead code)

PR: kern/133178
Reviewed by: thompsa, rpaulo

Change the calling convention for ic_node_alloc to deal with
some longstanding issues:
o pass the vap since it's now the "coin of the realm" and required
to do things like set initial tx parameters in private node
state for use prior to association
o pass the mac address as cards that maintain outboard station
tables require this to create an entry (e.g. in ibss mode)
o remove the node table reference, we only have one node table
and it's unlikely this will change so this is not needed to
find the com structure

Minor cleanup of vap create work:
o add IEEE80211_C_STA capability to indicate sta mode is supported
(was previously assumed) and mark drivers as capable
o add ieee80211_opcap array to map an opmode to the equivalent capability bit
o move IEEE80211_C_OPMODE definition to where capabilities are defined so it's
clear it should be kept in sync (on future additions)
o check device capabilities in clone create before trying to create a vap;
this makes driver checks unneeded
o make error codes return on failed clone request unique
o temporarily add console printfs on clone request failures to aid in
debugging; these will move under DIAGNOSTIC or similar before release

Unify all the wifi *_ioctl routines
- Limit grabbing the lock to SIOCSIFFLAGS.
- Move ieee80211_start_all() to SIOCSIFFLAGS.
- Remove SIOCSIFMEDIA as it is not useful.
- Limit ether_ioctl to only SIOCGIFADDR. SIOCSIFADDR and SIOCSIFMTU have no
affect as there is no input/output path in the vap parent. The vap code
will handle the reinit of the mac address changes.
- Split off ndis_ioctl_80211 as it was getting too different to wired devices.

This fixes a copyout while locked and a lock recursion.

Reviewed by: sam

Multi-bss (aka vap) support for 802.11 devices.

Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral). Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by: Hobnob and Marvell
Reviewed by: many
Obtained from: Atheros (some bits)

Plug two potential (root-only, local) information leaks. buf is not
initialized before use and returned integrally instead of up to size.

Submitted by: Ilja van Sprundel <ilja -at- netric.org>
Reviewed by: secteam
MFC after: 1 day

Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0 so that we can eventually MFC the
new kthread_xxx() calls.

Add missing bits that made bg scanning lame:
o update ic_lastdata to reflect time of last outbound frame
o outbound traffic must preempt/cancel bg scanning to avoid delays

This stuff was somehow missed in the initial import.

Reviewed by: thompsa, avatar, sephe (earlier version)
Approved by: re (blanket wireless)

Remove the lock assert from iwi_newstate, this function does not need the lock
to be held and this will falsely trigger if called from net80211.

Reported by: Munehiro (haro) Matsuda
Reviewed by: sam
Approved by: re (kensmith)

The config.use_protection option can not be used in 802.11b mode and causes a
firmware reset. Also zero out struct iwi_rateset although its not strictly
necessary.

Reported by: Maxim Konovalov
Reviewed by: sam
Approved by: re (bmah)

MFp4 (missed in net80211 megaupdate)
- Use a seperate taskqueue+thread for reset tasks since iwi_ops will
block.
- Return from iwi_ops if the interface has been downed
- The firmware will fail if we are already associated
- Add myself to the copyright

Update 802.11 wireless support:
o major overhaul of the way channels are handled: channels are now
fully enumerated and uniquely identify the operating characteristics;
these changes are visible to user applications which require changes
o make scanning support independent of the state machine to enable
background scanning and roaming
o move scanning support into loadable modules based on the operating
mode to enable different policies and reduce the memory footprint
on systems w/ constrained resources
o add background scanning in station mode (no support for adhoc/ibss
mode yet)
o significantly speedup sta mode scanning with a variety of techniques
o add roaming support when background scanning is supported; for now
we use a simple algorithm to trigger a roam: we threshold the rssi
and tx rate, if either drops too low we try to roam to a new ap
o add tx fragmentation support
o add first cut at 802.11n support: this code works with forthcoming
drivers but is incomplete; it's included now to establish a baseline
for other drivers to be developed and for user applications
o adjust max_linkhdr et. al. to reflect 802.11 requirements; this eliminates
prepending mbufs for traffic generated locally
o add support for Atheros protocol extensions; mainly the fast frames
encapsulation (note this can be used with any card that can tx+rx
large frames correctly)
o add sta support for ap's that beacon both WPA1+2 support
o change all data types from bsd-style to posix-style
o propagate noise floor data from drivers to net80211 and on to user apps
o correct various issues in the sta mode state machine related to handling
authentication and association failures
o enable the addition of sta mode power save support for drivers that need
net80211 support (not in this commit)
o remove old WI compatibility ioctls (wicontrol is officially dead)
o change the data structures returned for get sta info and get scan
results so future additions will not break user apps
o fixed tx rate is now maintained internally as an ieee rate and not an
index into the rate set; this needs to be extended to deal with
multi-mode operation
o add extended channel specifications to radiotap to enable 11n sniffing

Drivers:
o ath: add support for bg scanning, tx fragmentation, fast frames,
dynamic turbo (lightly tested), 11n (sniffing only and needs
new hal)
o awi: compile tested only
o ndis: lightly tested
o ipw: lightly tested
o iwi: add support for bg scanning (well tested but may have some
rough edges)
o ral, ural, rum: add suppoort for bg scanning, calibrate rssi data
o wi: lightly tested

This work is based on contributions by Atheros, kmacy, sephe, thompsa,
mlaier, kevlo, and others. Much of the scanning work was supported by
Atheros. The 11n work was supported by Marvell.

Fix an off-by-one error in iwi_init_fw_dma(). It didn't reuse the existing
DMA memory for a firmware load if it was the exact size needed, thus in the
common case the driver was constantly free'ing and reallocating the DMA
buffer and it would eventually begin to fail. With this fix, iwi0 reuses
the same buffer the entire time and no longer fails to load the firmware
after the machine has been up for a while.

MFC after: 1 week

allow net80211 to fillin rate sets

MFC after: 2 weeks

change ic_modecaps to a bit vector and use setbit, et. al.

o break newbus api: add a new argument of type driver_filter_t to
bus_setup_intr()

o add an int return code to all fast handlers

o retire INTR_FAST/IH_FAST

For more info: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=465712+0+current/freebsd-current

Reviewed by: many
Approved by: re@

Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,
and make it print under debug.iwi control same as other debugging stuff.

Remove the device_printf() in iwi_ioctl() and replace with this:

/*
* wait until pending iwi_cmd() are completed, to avoid races
* that could cause problems.
*/
while (sc->flags & IWI_FLAG_BUSY)
msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz);

This at least prevents what has become an almost systematic failure for my
system, presumably due to a previous iwi_cmd() not complete yet by the
time iwi_ioctl() is called.

It has been pointed to my attention that the real problem could be
calling ieee80211_ioctl() with the lock held. If that is true,
there might still be a possibility for a race condition e.g. an
interrupt coming while the ioctl is sleeping.
Need to investigate further on what changes are required to release
the lock before calling ieee80211_ioctl

Address a few issues with the iwi driver, namely:

+ do not release the dma-ble region used for downloading firmware.
This should fix the problems that some people were seeing, due to
memory becoming too fragmented which prevented subsequent allocations
of a suitable contiguous region of memory;

+ document the firmware format and usage in if_iwivar.h

+ use a loop to allocate the four tx rings, instead of replicating
the body of the loop.

+ add debugging code IWI_LOCK_ASSERT() to detect missing locks.
These only do a printf, and should go away once we figure out why
the driver sometimes freezes the system due to a (yet unidentified)
race condition.

+ add a device_printf() in iwi_ioctl() in certain conditions
(see comment in the code). This helps preventing the race condition
mentioned above, and makes the system survive. This printf will
also go away once fixing this bug is completed.

+ change iwi_getfw() to return 0 on success, 1 on error, consistently
with other functions.

+ fix the argument of a sizeof() in iwi_get_firmware()

+ use le32toh() to access little-endian fields

+ simplify error handling in iwi_load_firmware() and iwi_init_locked()

The bugs fixed by this commit (the freezing one especially) are serious
enough to call for a quick MFC

MFC after: 3 days

Cleanup and document the implementation of firmware(9) based on
a version that i posted earlier on the -current mailing list,
and subsequent feedback received.

The core of the change is just in sys/firmware.h and kern/subr_firmware.c,
while other files are just adaptation of the clients to the ABI change
(const-ification of some parameters and hiding of internal info,
so this is fully compatible at the binary level).

In detail:
- reduce the amount of information exported to clients in struct firmware,
and constify the pointer;

- internally, document and simplify the implementation of the various
functions, and make sure error conditions are dealt with properly.

The diffs are large, but the code is really straightforward now (i hope).

Note also that there is a subtle issue with the implementation of
firmware_register(): currently, as in the previous version, we just
store a reference to the 'imagename' argument, but we should rather
copy it because there is no guarantee that this is a static string.
I realised this while testing this code, but i prefer to fix it in
a later commit -- there is no regression with respect to the past.

Note, too, that the version in RELENG_6 has various bugs including
missing locks around the module release calls, mishandling of modules
loaded by /boot/loader, and so on, so an MFC is absolutely necessary
there. I was just postponing it until this cleanup to avoid doing
things twice.

MFC after: 1 week

Use bus_get_dma_tag() so iwi(4) works on platforms requiring it.

Approved by: cognet

Add header files <sys/lock.h> and <sys/mutex.h> for mtx_init() and friends.

Approved by: cognet

Drop the iwi softc lock when calling back into net80211 on rx. This fixes a
LOR with direct dispatch in the netisr.

Reported and tested by: Munehiro Matsuda
Submitted by: jhb
LOR id: 194

Fix some edge cases in detach (including attach failures):
- Only call iwi_stop() if we got far enough along in iwi_attach() to
alloc an ifnet.
- Release the firmware after stopping the interface and detaching the
ifnet.

MFC after: 1 month
Reviewed by: sam

net80211 seems to give us more rates than specified via ic_sup_rates under
yet to be investigated circumstances. If that happens truncate to the number
of rates that the firmware supports.

Found by: Jeremie Le Hen
Obtained from: OpenBSD (w/ changes)
MFC after: 3 days

Remind firmware of the ESSID to use in a directed scan. This fixes scanning
for hidden APs when we are not comming from iwi_config.

Reported by: Andrew N. Below
MFC after: 3 days

set default beacon miss threshold to 10 beacons

Submitted by: Henrik Brix Andersen <henrik@brixandersen.dk>
MFC after: 2 weeks

add missed calls to bpf_peers_present

Fix the following bpf(4) race condition which can result in a panic:

(1) bpf peer attaches to interface netif0
(2) Packet is received by netif0
(3) ifp->if_bpf pointer is checked and handed off to bpf
(4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
initialized to NULL.
(5) ifp->if_bpf is dereferenced by bpf machinery
(6) Kaboom

This race condition likely explains the various different kernel panics
reported around sending SIGINT to tcpdump or dhclient processes. But really
this race can result in kernel panics anywhere you have frequent bpf attach
and detach operations with high packet per second load.

Summary of changes:

- Remove the bpf interface's "driverp" member
- When we attach bpf interfaces, we now set the ifp->if_bpf member to the
bpf interface structure. Once this is done, ifp->if_bpf should never be
NULL. [1]
- Introduce bpf_peers_present function, an inline operation which will do
a lockless read bpf peer list associated with the interface. It should
be noted that the bpf code will pickup the bpf_interface lock before adding
or removing bpf peers. This should serialize the access to the bpf descriptor
list, removing the race.
- Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
can use it. This also removes the struct bpf_if; hack that was there.
- Adjust all consumers of the raw if_bpf structure to use bpf_peers_present

Now what happens is:

(1) Packet is received by netif0
(2) Check to see if bpf descriptor list is empty
(3) Pickup the bpf interface lock
(4) Hand packet off to process

From the attach/detach side:

(1) Pickup the bpf interface lock
(2) Add/remove from bpf descriptor list

Now that we are storing the bpf interface structure with the ifnet, there is
is no need to walk the bpf interface list to locate the correct bpf interface.
We now simply look up the interface, and initialize the pointer. This has a
nice side effect of changing a bpf interface attach operation from O(N) (where
N is the number of bpf interfaces), to O(1).

[1] From now on, we can no longer check ifp->if_bpf to tell us whether or
not we have any bpf peers that might be interested in receiving packets.

In collaboration with: sam@
MFC after: 1 month

Since DELAY() was moved, most <machine/clock.h> #includes have been
unnecessary.

MFp4: reworked iwi-driver

Changelog towards if_iwi.c 1.26 (some changes have been committed separately
in the mean time):

- add led support
- add firmware loading on demand
- auto-restart firmware when it crashes
- serialize operations sent to the firmware to reduce firmware crashes
- add power save operation support
- remove incorrect specification of tx power control capability
- add radio on/off switch support

- improve net80211 state machine operation
- recognize and handle beacon miss
- handle authentication and association failures better
- add shared key authentication
- fix ibss mode (many changes)
- fix wme (many changes)
- correct radiotap support (many changes)
- correct bus dma setup of s/g
- correct various locking issues
- fix monitor mode
- fix scanning (many changes)
- recover from wedged scan requests
- respect active channel list
- eliminate cases where interface was marked down on error
- don't treat parity errors as fatal
- reclaim mgt frames immediately from tx queue
- correct interrupt handling, ack early (from NetBSD)
- fix short/long preamble handling

Committed with RELENG_6 compat #if's, should compile in RELENG_6. Requires
net/iwi-firmware-kmod to function.

Much work done by: sam
Tested by: many (freebsd-net), ume, luigi
MFC after: 4 weeks

o don't use '-' characters in firmware names
o call firmware_put() early to release the firmware module
o on firmware panics or watchdog timeouts, schedule a task to reinitialize
the interface (we may sleep in iwi_init())
o discard oversized rx frames

add dependency with firmware module.
pointed out by Martin Wilke.

Fix build.

o acknowledge interrupts early in the interrupt handler
o stop processing interrupts after a firmware fatal error or a radio kill
o clarify the possible values for the 'antenna' sysctl.
o by default, let the firmware do antenna diversity.
the firmware will periodically switch to another antenna to evaluate the
signal quality.

make use of the firmware(9) subsystem.
use intel's firmware version 3.0 layout.

fix the locking.

correct check for whether wpa is enabled

MFC after: 3 days

o Re-enable scatter/gather
o Change MEM_READ_1/MEM_READ_4 into macros (move them to if_iwireg.h)
o Add support for association LED
o Silently discard f/w notifications that are unknown (fixes spurious
"unknown notification 15" in logs with latest firmware)
o Fix scanning of 5GHz channels

Don't use /etc/firmware. /etc is for configuration files only.
Use /boot to store firmware files instead.

Requested by: Daniel O'Connor, Scott Long

Fix compile on 64-bit platforms.

Load firmware images directly from the filesystem (looks into /etc/firmware
directory by default) without requiring the user to load them by hand using
e.g iwicontrol. Get rid of the old ioctl crud.
Updated iwi-firmware port coming soon.

Obtained from: OpenBSD

Fix endianness issues. iwi now works on big endian architectures too.

Obtained from: NetBSD (scw@)
MFC after: 2 weeks

Be more robust when handling Rx interrupts. If we can't allocate and DMA map
a new mbuf, just discard the received frame and reuse the old mbuf.
This should fix kernel panics on high network traffic.

Obtained from: NetBSD (joerg@)
MFC after: 2 weeks

Fixes my previous commit (rev 1.20)

MFC after: 1 day

o Use firmware extended scan command; this one doesn't crash when scanning
the 5GHz band.
o Enable 802.11a channels scanning for 2915ABG adapters.
o Fix a typo (negociated->negotiated).

With hints from NetBSD.

MFC after: 2 days

Use phk's kernel unit number allocator to associate unique ids to neighbors
in an IBSS. Store ids directly into ieee80211_node's instead of managing
our own private association table. Idea and code by Sam Leffler.

Submitted by: sam
MFC after: 5 days

It's safe to wait for command completion in iwi_config().

MFC after: 5 days

Make sure that we call if_free(ifp) after bus_teardown_intr. Since we
could get an interrupt after we free the ifp, and the interrupt
handler depended on the ifp being still alive, this could, in theory,
cause a crash. Eliminate this possibility by moving the if_free to
after the bus_teardown_intr() call.

o Add initial bits for IBSS support.
o Allow association with APs that do not broadcast SSID (with hints from
Nick Hudson and Hajimu Umemoto).
o IFQ_DRV_PREPEND mbuf when h/w ring is full so it can be sent later.
o Increment if_oerrors when appropriate.
o Did some cleanup while I'm here.

MFC after: 1 day

Enhanced WME (802.11e) support.

Add some necessary bits for upcoming 802.11e support:
o management of multiple tx rings (up to 4)
o setting of WME IE in association requests

Some features are still missing though, like the possibility to override
the default cwmin/cwmax/asfn values of each tx queues.

Export adapter's internal statistics sysctl even if IWI_DEBUG is not defined.

MFC after: 1 week

Don't automatically start scanning in if_init() if IEEE80211_ROAMING_MANUAL
flag is set.

MFC after: 1 week

Catch up to ic_curchan changes by making the same change here that was made
in ipw(4) in the earlier ic_curchan mega commit.

Submitted by: Øyvind Kolbu oyvind at kolbu dot ws
Tested by: Stefan Ehmann shoesoft at gmx dot net

Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags. Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags. This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by: pjd, bz
MFC after: 7 days

simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's

MFC after: 3 days

remove driver-private key allocators; use the default one instead
so wpa keys are handled properly

Reviewed by: avatar
Approved by: re (scottl)

reclaim node reference when ieee80211_encap fails

Reviewed by: avatar
Approved by: re (scottl)

reclaim mbuf when ieee80211_crypto_encap fails

Approved by: re (scottl)
Obtained from: netbsd

Fix a read mbuf-after-free error in the iwi driver that was provoked by
the trash allocator being used on mbufs.

Reviewed by: damien
Approved by: re (scottl)

Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
- Struct arpcom is no longer referenced in normal interface code.
Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
To enforce this ac_enaddr has been renamed to _ac_enaddr.
- The second argument to ether_ifattach is now always the mac address
from driver private storage rather than sometimes being ac_enaddr.

Reviewed by: sobomax, sam

o Clear device-specific PCI register 0x41 (Retry Timeout) during attach
and on resume (reported to fix issues with ACPI)
o Add monitor mode support
o Add WPA (802.11i) support (not tested extensively though!)
o Add a device specific sysctl to control the tx antenna (default to
antenna diversity)
o Fix sensitivity setting
o Fix setting of the capinfo field when associating
o Temporarly disable 802.11a channels scanning that was causing firmware
panics with 2915ABG adapters until I find a better fix. This breaks
802.11a support.
o Temporarly switch back to software WEP until I implement hardware
encryption for AES and TKIP too.

Approved by: silby (mentor)

Print a warning once when trying to bring up interface before firmware load.

Initial import of ipw, iwi, ral and ural drivers:

ipw - Intel PRO/Wireless 2100
iwi - Intel PRO/Wireless 2200BG/2225BG/2915ABG
ral - Ralink Technology RT2500
ural - Ralink Technology RT2500USB

Approved by: silby (mentor)