with empty body loops, put final semicolon on a new line for readability
ok bluhm@ jca@

Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

Use memset() to initialize struct ieee80211_rxinfo properly.

Sven Wolf noticed that scans on ral(4) are buggy ever since I added a new
field to this struct. Turns out a lot of drivers were initializing fields
one-by-one, leaving any newly added fields uninitialized by default.

Affected drivers may report wrong channel numbers for received beacons.
The net80211 stack will discard such beacons, assuming they were received
on the wrong channel due to signal leakage. Scanning is broken as result.

ok miod@

branches: 1.131.2;
Constify struct cfattach.

spelling
feedback and ok tb@ jmc@ ok ratchov@

Since ipw(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.

In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.

Problem reported and fix tested by Riccardo Mottola.

In ipw(4), ensure that net80211 is in ASSOC state while we are expecting
an assoc response from the AP during the association sequence. Otherwise
net80211 would ignore the auth response, resulting in a state mismatch
between firmware and net80211. A symptom of this was that WPA didn't work.

Problem reported and fix tested by Ricardo Mottola

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

remove the "copy function" argument to bpf_mtap_hdr.

it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.

ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.

don't hand roll bpf_mtap_hdr functionality, just use bpf_mtap_hdr.

the radiotap code prepends a big struct to the packets, and wires
them up with the packet by putting an mbuf on the stack and using
that as the head of an mbuf chain. bpf_mtap_hdr does the chain head
thing for us, so shrink this code by calling the bpf function.

there's some other drivers that do this too, so if anyone wants a
free commit they should go looking in the other wireless drivers
and do the same change.

ok claudio@

Make wireless drivers call if_input() only once per interrupt.

This reduces drops caused by the ifq pressure drop mechanism and hence
increases throughput. Such drops are visible with e.g. 'netstat -dnI iwm0'.

Not all affected drivers have been tested yet but these changes are largely
mechanical and should be safe. As usual, please report any regressions.

With help from dlg@ and mpi@

Problem found by robert@
Tested by robert, jmc, Tracey Emer, Matthias Schmidt, florian, Bj��rn Ketelaars
ok mpi@

ipw, iwi, iwm, iwn, wpi(4): tsleep -> tsleep_nsec(9); ok stsp@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Do not clear IFF_UP, even in the error path, clearing IFF_RUNNING
is enough.

This flag should only be set by the stack, drivers shouldn't mess
with it.

Discussed with dlg@ and mikeb@, ok mikeb@, stsp@

move counting if_opackets next to counting if_obytes in if_enqueue.

this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.

ok mpi@ deraadt@

redo rwlock conversion now that i've compiled it on i386

Backout previous commit; does not compile.

convert busy flag and tsleep to rwlock as in iwm

G/C IFQ_SET_READY().

replace IFF_OACTIVE manipulation with mpsafe operations.

there are two things shared between the network stack and drivers
in the send path: the send queue and the IFF_OACTIVE flag. the send
queue is now protected by a mutex. this diff makes the oactive
functionality mpsafe too.

IFF_OACTIVE is part of if_flags. there are two problems with that.
firstly, if_flags is a short and we dont have any MI atomic operations
to manipulate a short. secondly, while we could make the IFF_OACTIVE
operates mpsafe, all changes to other flags would have to be made
safe at the same time, otherwise a read-modify-write cycle on their
updates could clobber the oactive change.

instead, this moves the oactive mark into struct ifqueue and provides
an API for changing it. there's ifq_set_oactive, ifq_clr_oactive,
and ifq_is_oactive. these are modelled on ifsq_set_oactive,
ifsq_clr_oactive, and ifsq_is_oactive in dragonflybsd.

this diff includes changes to all the drivers manipulating IFF_OACTIVE
to now use the ifsq_{set,clr_is}_oactive API too.

ok kettenis@ mpi@ jmatthew@ deraadt@

No need to include <net/if_arp.h>

This header is only needed because <netinet/if_ether.h> declares a
structure that needs it. But it turns out that <net/if.h> already
includes it as workaround.

A proper solution would be to stop declarting "struct ether_arp"
there. But no driver should need this header.

The only network driver needing <net/if_types.h> is upl(4) for IFT_OTHER.

shuffle struct ifqueue so in flight mbufs are protected by a mutex.

the code is refactored so the IFQ macros call newly implemented ifq
functions. the ifq code is split so each discipline (priq and hfsc
in our case) is an opaque set of operations that the common ifq
code can call. the common code does the locking, accounting (ifq_len
manipulation), and freeing of the mbuf if the disciplines enqueue
function rejects it. theyre kind of like bufqs in the block layer
with their fifo and nscan disciplines.

the new api also supports atomic switching of disciplines at runtime.
the hfsc setup in pf_ioctl.c has been tweaked to build a complete
hfsc_if structure which it attaches to the send queue in a single
operation, rather than attaching to the interface up front and
building up a list of queues.

the send queue is now mutexed, which raises the expectation that
packets can be enqueued or purged on one cpu while another cpu is
dequeueing them in a driver for transmission. a lot of drivers use
IFQ_POLL to peek at an mbuf and attempt to fit it on the ring before
committing to it with a later IFQ_DEQUEUE operation. if the mbuf
gets freed in between the POLL and DEQUEUE operations, fireworks
will ensue.

to avoid this, the ifq api introduces ifq_deq_begin, ifq_deq_rollback,
and ifq_deq_commit. ifq_deq_begin allows a driver to take the ifq
mutex and get a reference to the mbuf they wish to try and tx. if
there's space, they can ifq_deq_commit it to remove the mbuf and
release the mutex. if there's no space, ifq_deq_rollback simply
releases the mutex. this api was developed to make updating the
drivers using IFQ_POLL easy, instead of having to do significant
semantic changes to avoid POLL that we cannot test on all the
hardware.

the common code has been tested pretty hard, and all the driver
modifications are straightforward except for de(4). if that breaks
it can be dealt with later.

ok mpi@ jmatthew@

arp_ifinit() is no longer needed.

sizes for free(), mostly related to firmwares.
ok dlg

Use m_defrag(9) instead of rolling our own inlined version.

ok mikeb@

Wireless drivers call if_input() via ieee80211_input() which set `rcvif'
on every received mbuf, so there's no need to initialize this pointer in
the drivers.

Tested by and ok phessler@

i forgot to fix ipw when i removed the second task argument.

poke from deraadt@

unifdef INET

Use <sys/endian.h> instead of <machine/endian.h>

ok dlg@ mpi@ bcook@ millert@ miod@

Fix tree breakage due to unused variable after last commit.

Change scan and auth+assoc workq entries to taskq entries.

Identical diff originally and independently developed by blambert@.

Fewer <netinet/in_systm.h>

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

fix a theoretical double free.

ok tedu@

Add a DVACT_WAKEUP op to the *_activate() API. This is called after the
kernel resumes normal (non-cold, able to run processes, etc) operation.
Previously we were relying on specific DVACT_RESUME op's in drivers
creating callback/threads themselves, but that has become too common,
indicating the need for a built-in mechanism.
ok dlg kettenis, tested by a sufficient amount of people

replace workqs with tasks for handling resume. state handling is
still in workqs.

from kimberley manning

Most network drivers include netinet/in_var.h, but apparently they
don't have to. Just remove these include lines.
Compiled on amd64 i386 sparc64; OK henning@ mikeb@

Do not use NULL in integer comparisons. No functional change.
ok matthew@ tedu@, also eyeballed by at least krw@ oga@ kettenis@ jsg@

Reset ic_scan_lock in {ipw,iwi}_stop similarly to {wpi,iwn}_stop.

From Jeremy Chase.

remove the powerhook code. All architectures now use the ca_activate tree
traversal code to suspend/resume
ok oga kettenis blambert

Move the guts of the powerhook function into the activate function and make
it stop calling the powerhook function; then make the powerhook function
call activate. This basically inverts the whole goop.
ok kettenis

remove the unused if_init callback in struct ifnet
ok deraadt@ henning@ claudio@

homogeneous style.

no binary change.

Instead of returning EBUSY when the busy flag is set in the ioctl, sleep
until whoever has it is done with it.

This is kept as flag/sleep condvars instead of a rwlock because later we
may want to quiesce the handler before suspend to make sure nothing is
sleeping on a chip that is about to be whacked (doing so will change the
proc so rwlocks won't work).

ok damien@

Bring the suspend/resume code of all the Intel wireless drivers in line with
iwn(4) again.

ok deraadt@

Make legacy xxpower() functions call xxstop() on suspend, and simplify their
resume paths. For new-style suspend/resume, add a ca_activate function where
it is missing, and use a workq to resume because these drivers like to sleep.
ok damien

remove proc.h include from uvm_map.h. This has far reaching effects, as
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt

make various strings ("can't map mem space" and similar) more consistent
between instances, saving space in the kernel. feedback from many (some
incorporated, some left for future work).

ok deraadt, kettenis, "why not" miod.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

I swapped MGETHDR arguments in my m_defrag removal commit.

Undo m_defrag().

m_defrag() does not work. It seems to assume that if the length of
the mbuf passed as parameter is less than MHLEN, then it is an mbuf
header and not a cluster (or something like that.)
It thus fails miserably in the bcopy path.
I don't have the time to investigate further into this.

Thanks to Okan Demirmen for reporting the issue on a ral(4) RT2560.
The RT2560 chipset does not support TX scatter and thus m_defrag()
was called much more often than in other drivers using m_defrag()
where it was less noticeable.

use shiny new m_defrag() and nitems() instead of rolling our own.

redefine ic_send_mgmt() as a no-op instead of calling IF_PURGE in
{ipw,iwi}_start which is wrong (node reference is not released).
from pgt(4).

indent IF_PURGE. pointed out by brad@

no binary changes.

#undef IPW_DEBUG
fix a comment while i'm here.

pointed out by brad@

i've lost the IF_PURGE() bits in the process...
use license.template while i'm here.

WPA support for ipw(4).
Did a lot of cleanup while I was there.

the firmware is responsible for sending management frames, but
since we pass received management frames to net80211, net80211
may send replies (like deauth/disassoc), so we just call
IF_PURGE(&ic->ic_mgtq) in {ipw,iwi}_start just to be on the
safe side of things (so we don't leak mbufs).

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

instead of passing rx tstamp and rssi to the ieee80211_input function,
pass a pointer to an ieee80211_rxinfo structure containing those two
fields plus an extra flags field that indicates whether the frame was
decrypted by hardware or not.
required for a future fix.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

Do not leak memory claimed by firmware on "ifconfig down".

ok deraadt@

update the physical address of the RX buffer after bus_dmamap_load()
in the case where the old buffer is remapped.

use new malloc M_ZERO flag to shrink kernel.
remove <malloc.h> from files where malloc is not used.

unify firmware load failure messages; ok mglocker

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

M_DUP_PKTHDR() cleanup. On static mbufs M_DUP_PKTHDR() will leak mbuf tags.
See similar commit to dev/usb/if_rum.c for more info. With this commit
all drivers have been switched away from the incorrect M_DUP_PKTHDR() usage.
OK mglocker@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

remove detach() function. this is not hotplug and this is dead code.

don't use IF_PREPEND() on altq's.
use IFQ_POLL()/IFQ_DEQUEUE() logic instead as described in altq(4).

tweak dma sync ops

get rid of shared auth mode.
the ioctl is not supported by ifconfig and it has never worked anyway.

remove unused prototypes.
don't check for fatal errors on IPW_INTR_FW_INIT_DONE interrupts as it has
already been check beforehand.
cosmetic while i'm here.

set of unrelated cosmetic tweaks.

clear the IFF_UP interface flag before shutting down the interface.

ok damien@

sync handling of fatal firmware errors w/ wpi(4)

allow bpf(4) to ignore packets based on their direction (inbound or
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@

prettify + u_int{8,16,32}_t -> uint{8,16,32}_t

fix reading of EEPROM content on big endian arches.

Remove redundant calls to bpfdetach.
ok brad@

When defragmenting a mbuf chain before transmitting it, don't allocate a mbuf
cluster if the payload fits in the header.

From NetBSD (scw@)

Be more robust when handling Rx interrupts. If we can't allocate and DMA map
a new mbuf, just discard the received frame and reuse the old mbuf.

From NetBSD (joerg@)

do not set PCI_COMMAND_MASTER_ENABLE explicitly as it's already set in pcisubmatch(); kettenis@ testing; brad@ ok

Use ic->ic_ibss_chan instead of ic->ic_bss->ni_chan when filling a
ipw_tx_radiotap_header struct. This fixes a panic I got when using
tcpdump -nvi ipw0 -y ieee802_11_radio.
OK reyk@ damien@

clear IFF_RUNNING & IFF_OACTIVE in foo_stop() before de-allocating resources.

don't disassociate on SIOCSIFADDR if the interface is already up and running.

fix ids. ok jsg@ deraadt@

do packet accounting (opackets/oerrors/ierrors).

support for ipv6.

retrieve scan results from net80211 instead of reading NIC internal memory.
this fixes a bug with multiple AP's.

ipwcontrol and iwicontrol removal.

fix setting of the MAC address.

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

fix a critical bug that made the kernel crash under heavy upstream traffic
load. pointed out by jcs@

Use $OpenBSD$ instead of $Id$. ok damien@

add powerhooks
OK claudio@ kevlo@ deraadt@

fix mbuf defragmentation

add mbuf linearization code when the number of fragments exceeds what is
supported by the hardware

fix printf's in ipw_dma_alloc()

add IEEE80211_C_SHPREAMBLE capability flag and reorder interrupt handlers

update net80211 AP list after scanning

mostly cosmetic changes

Clean Tx/Rx rings allocation and management.

wait longer for master initialization

don't leave run state on background scan

clear register 0x41, not 0x43 (endianness)

forgot to remove a call to free() in my previous commit.

use the filesystem based firmware loader; deraadt ok

Call ipw_stop() at the beginning of ipw_init(): this fixes a memory leak
when ipw_init() is called on ENETRESET.
Call ipw_stop() when the radio transmitter is turned off.

ok claudio@

Return 1 instead of 0 in ipw_intr() if the interrupt is handled by us.
Ignore invalid 0xffffffff interrupts.

ok claudio@

IFM_IEEE80211_ADHOC -> IFM_IEEE80211_IBSS in ipw_media_status().

ok claudio@ aaron@

Calling ipwcontrol -k without downloading the firmware first lead to a
panic. Fix the ipw_free_firmware() function itself instead of fixing the
callers.

ok claudio@

Fix calls to bus_dmamap_create().

factor out the dma memory allocation, mapping, freeing and unmapping
functionality and call them only on attach and detach. these were
being called in interrupt context and were causing a panic on device
timeout.

ok damien@

the URL in if_iwi is no longer valid.

ok damien@

print our ether address when attaching like other drivers
ok damien@

Minor consistency tweaks (imported from iwi).
Wait longer for microcode initialization to complete.

Check that we are associated before sending anything. Call ipw_stop()
from ipw_watchdog().

Handle fatal errors from firmware (imported from iwi).

Read MAC address from EEPROM in ipw_attach(). The address is now known
before the firmware has been sent. Imported from iwi.

Cache firmware into kernel memory instead of sending it directly. The
firmware is now sent only when the interface is turned up.
This paves the way for proper suspend/resume support.

Change firmware initialization sequence to be more consistent with iwi.
Remove ipw_zero_mem_4() and add ipw_stop_master().

Add ipw_media_status() to report the current Tx rate properly.
This was imported from iwi.

Configure the adapter properly to avoid Tx retries from interfering with
CPU C3 state (imported from iwi).

Add authmode support (imported from iwi).

Import ipw_get_table() and ipw_get_radio() functions from iwi.

Remove unuseful initialization of ic->ic_bss->ni_chan in ipw_init().

Change the way supported rates set is initialized (to be consistent with
iwi).

Reduce timeout from two seconds to one second for command ack and from five
seconds to one second for firmware notification.

Remove static for all non-inline functions.

Mostly cosmetic changes to be consistent with iwi:
- update web url
- sed s/ *$//
- get if_ipwreg.h and if_ipwvar.h from dev/pci
- remove unused function MEM_READ_2()
- inline -> __inline
- 11.b -> .11b
- addition of comments
- sort registers by their addresses

support for Intel 2100/2200BG/2915ABG wireless devices written by
damien.bergamini@free.fr. This gets imported even though there is no
firmware in the tree. This is a ridiculous situation: everything is
free, everything works, except Intel will not let us put a little
dinky firmware flat file into OpenBSD. So OpenBSD is ready for Intel
whenever they are.

Are you a consumer? Do you want to see this changed -- contact
jketreno@linux.intel.com and tell him how you feel about this. He is
likely someone who cannot do anything about it, though. If anyone can
work up or down the chain around his department and get me contact
information for various people, I will compile and later publish such
a list. Go do it people -- this is how things will change. Get me
email addresses and phone numbers.

Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

Use memset() to initialize struct ieee80211_rxinfo properly.

Sven Wolf noticed that scans on ral(4) are buggy ever since I added a new
field to this struct. Turns out a lot of drivers were initializing fields
one-by-one, leaving any newly added fields uninitialized by default.

Affected drivers may report wrong channel numbers for received beacons.
The net80211 stack will discard such beacons, assuming they were received
on the wrong channel due to signal leakage. Scanning is broken as result.

ok miod@

branches: 1.131.2;
Constify struct cfattach.

spelling
feedback and ok tb@ jmc@ ok ratchov@

Since ipw(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.

In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.

Problem reported and fix tested by Riccardo Mottola.

In ipw(4), ensure that net80211 is in ASSOC state while we are expecting
an assoc response from the AP during the association sequence. Otherwise
net80211 would ignore the auth response, resulting in a state mismatch
between firmware and net80211. A symptom of this was that WPA didn't work.

Problem reported and fix tested by Ricardo Mottola

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

remove the "copy function" argument to bpf_mtap_hdr.

it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.

ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.

don't hand roll bpf_mtap_hdr functionality, just use bpf_mtap_hdr.

the radiotap code prepends a big struct to the packets, and wires
them up with the packet by putting an mbuf on the stack and using
that as the head of an mbuf chain. bpf_mtap_hdr does the chain head
thing for us, so shrink this code by calling the bpf function.

there's some other drivers that do this too, so if anyone wants a
free commit they should go looking in the other wireless drivers
and do the same change.

ok claudio@

Make wireless drivers call if_input() only once per interrupt.

This reduces drops caused by the ifq pressure drop mechanism and hence
increases throughput. Such drops are visible with e.g. 'netstat -dnI iwm0'.

Not all affected drivers have been tested yet but these changes are largely
mechanical and should be safe. As usual, please report any regressions.

With help from dlg@ and mpi@

Problem found by robert@
Tested by robert, jmc, Tracey Emer, Matthias Schmidt, florian, Bj��rn Ketelaars
ok mpi@

ipw, iwi, iwm, iwn, wpi(4): tsleep -> tsleep_nsec(9); ok stsp@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Do not clear IFF_UP, even in the error path, clearing IFF_RUNNING
is enough.

This flag should only be set by the stack, drivers shouldn't mess
with it.

Discussed with dlg@ and mikeb@, ok mikeb@, stsp@

move counting if_opackets next to counting if_obytes in if_enqueue.

this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.

ok mpi@ deraadt@

redo rwlock conversion now that i've compiled it on i386

Backout previous commit; does not compile.

convert busy flag and tsleep to rwlock as in iwm

G/C IFQ_SET_READY().

replace IFF_OACTIVE manipulation with mpsafe operations.

there are two things shared between the network stack and drivers
in the send path: the send queue and the IFF_OACTIVE flag. the send
queue is now protected by a mutex. this diff makes the oactive
functionality mpsafe too.

IFF_OACTIVE is part of if_flags. there are two problems with that.
firstly, if_flags is a short and we dont have any MI atomic operations
to manipulate a short. secondly, while we could make the IFF_OACTIVE
operates mpsafe, all changes to other flags would have to be made
safe at the same time, otherwise a read-modify-write cycle on their
updates could clobber the oactive change.

instead, this moves the oactive mark into struct ifqueue and provides
an API for changing it. there's ifq_set_oactive, ifq_clr_oactive,
and ifq_is_oactive. these are modelled on ifsq_set_oactive,
ifsq_clr_oactive, and ifsq_is_oactive in dragonflybsd.

this diff includes changes to all the drivers manipulating IFF_OACTIVE
to now use the ifsq_{set,clr_is}_oactive API too.

ok kettenis@ mpi@ jmatthew@ deraadt@

No need to include <net/if_arp.h>

This header is only needed because <netinet/if_ether.h> declares a
structure that needs it. But it turns out that <net/if.h> already
includes it as workaround.

A proper solution would be to stop declarting "struct ether_arp"
there. But no driver should need this header.

The only network driver needing <net/if_types.h> is upl(4) for IFT_OTHER.

shuffle struct ifqueue so in flight mbufs are protected by a mutex.

the code is refactored so the IFQ macros call newly implemented ifq
functions. the ifq code is split so each discipline (priq and hfsc
in our case) is an opaque set of operations that the common ifq
code can call. the common code does the locking, accounting (ifq_len
manipulation), and freeing of the mbuf if the disciplines enqueue
function rejects it. theyre kind of like bufqs in the block layer
with their fifo and nscan disciplines.

the new api also supports atomic switching of disciplines at runtime.
the hfsc setup in pf_ioctl.c has been tweaked to build a complete
hfsc_if structure which it attaches to the send queue in a single
operation, rather than attaching to the interface up front and
building up a list of queues.

the send queue is now mutexed, which raises the expectation that
packets can be enqueued or purged on one cpu while another cpu is
dequeueing them in a driver for transmission. a lot of drivers use
IFQ_POLL to peek at an mbuf and attempt to fit it on the ring before
committing to it with a later IFQ_DEQUEUE operation. if the mbuf
gets freed in between the POLL and DEQUEUE operations, fireworks
will ensue.

to avoid this, the ifq api introduces ifq_deq_begin, ifq_deq_rollback,
and ifq_deq_commit. ifq_deq_begin allows a driver to take the ifq
mutex and get a reference to the mbuf they wish to try and tx. if
there's space, they can ifq_deq_commit it to remove the mbuf and
release the mutex. if there's no space, ifq_deq_rollback simply
releases the mutex. this api was developed to make updating the
drivers using IFQ_POLL easy, instead of having to do significant
semantic changes to avoid POLL that we cannot test on all the
hardware.

the common code has been tested pretty hard, and all the driver
modifications are straightforward except for de(4). if that breaks
it can be dealt with later.

ok mpi@ jmatthew@

arp_ifinit() is no longer needed.

sizes for free(), mostly related to firmwares.
ok dlg

Use m_defrag(9) instead of rolling our own inlined version.

ok mikeb@

Wireless drivers call if_input() via ieee80211_input() which set `rcvif'
on every received mbuf, so there's no need to initialize this pointer in
the drivers.

Tested by and ok phessler@

i forgot to fix ipw when i removed the second task argument.

poke from deraadt@

unifdef INET

Use <sys/endian.h> instead of <machine/endian.h>

ok dlg@ mpi@ bcook@ millert@ miod@

Fix tree breakage due to unused variable after last commit.

Change scan and auth+assoc workq entries to taskq entries.

Identical diff originally and independently developed by blambert@.

Fewer <netinet/in_systm.h>

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

fix a theoretical double free.

ok tedu@

Add a DVACT_WAKEUP op to the *_activate() API. This is called after the
kernel resumes normal (non-cold, able to run processes, etc) operation.
Previously we were relying on specific DVACT_RESUME op's in drivers
creating callback/threads themselves, but that has become too common,
indicating the need for a built-in mechanism.
ok dlg kettenis, tested by a sufficient amount of people

replace workqs with tasks for handling resume. state handling is
still in workqs.

from kimberley manning

Most network drivers include netinet/in_var.h, but apparently they
don't have to. Just remove these include lines.
Compiled on amd64 i386 sparc64; OK henning@ mikeb@

Do not use NULL in integer comparisons. No functional change.
ok matthew@ tedu@, also eyeballed by at least krw@ oga@ kettenis@ jsg@

Reset ic_scan_lock in {ipw,iwi}_stop similarly to {wpi,iwn}_stop.

From Jeremy Chase.

remove the powerhook code. All architectures now use the ca_activate tree
traversal code to suspend/resume
ok oga kettenis blambert

Move the guts of the powerhook function into the activate function and make
it stop calling the powerhook function; then make the powerhook function
call activate. This basically inverts the whole goop.
ok kettenis

remove the unused if_init callback in struct ifnet
ok deraadt@ henning@ claudio@

homogeneous style.

no binary change.

Instead of returning EBUSY when the busy flag is set in the ioctl, sleep
until whoever has it is done with it.

This is kept as flag/sleep condvars instead of a rwlock because later we
may want to quiesce the handler before suspend to make sure nothing is
sleeping on a chip that is about to be whacked (doing so will change the
proc so rwlocks won't work).

ok damien@

Bring the suspend/resume code of all the Intel wireless drivers in line with
iwn(4) again.

ok deraadt@

Make legacy xxpower() functions call xxstop() on suspend, and simplify their
resume paths. For new-style suspend/resume, add a ca_activate function where
it is missing, and use a workq to resume because these drivers like to sleep.
ok damien

remove proc.h include from uvm_map.h. This has far reaching effects, as
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt

make various strings ("can't map mem space" and similar) more consistent
between instances, saving space in the kernel. feedback from many (some
incorporated, some left for future work).

ok deraadt, kettenis, "why not" miod.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

I swapped MGETHDR arguments in my m_defrag removal commit.

Undo m_defrag().

m_defrag() does not work. It seems to assume that if the length of
the mbuf passed as parameter is less than MHLEN, then it is an mbuf
header and not a cluster (or something like that.)
It thus fails miserably in the bcopy path.
I don't have the time to investigate further into this.

Thanks to Okan Demirmen for reporting the issue on a ral(4) RT2560.
The RT2560 chipset does not support TX scatter and thus m_defrag()
was called much more often than in other drivers using m_defrag()
where it was less noticeable.

use shiny new m_defrag() and nitems() instead of rolling our own.

redefine ic_send_mgmt() as a no-op instead of calling IF_PURGE in
{ipw,iwi}_start which is wrong (node reference is not released).
from pgt(4).

indent IF_PURGE. pointed out by brad@

no binary changes.

#undef IPW_DEBUG
fix a comment while i'm here.

pointed out by brad@

i've lost the IF_PURGE() bits in the process...
use license.template while i'm here.

WPA support for ipw(4).
Did a lot of cleanup while I was there.

the firmware is responsible for sending management frames, but
since we pass received management frames to net80211, net80211
may send replies (like deauth/disassoc), so we just call
IF_PURGE(&ic->ic_mgtq) in {ipw,iwi}_start just to be on the
safe side of things (so we don't leak mbufs).

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

instead of passing rx tstamp and rssi to the ieee80211_input function,
pass a pointer to an ieee80211_rxinfo structure containing those two
fields plus an extra flags field that indicates whether the frame was
decrypted by hardware or not.
required for a future fix.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

Do not leak memory claimed by firmware on "ifconfig down".

ok deraadt@

update the physical address of the RX buffer after bus_dmamap_load()
in the case where the old buffer is remapped.

use new malloc M_ZERO flag to shrink kernel.
remove <malloc.h> from files where malloc is not used.

unify firmware load failure messages; ok mglocker

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

M_DUP_PKTHDR() cleanup. On static mbufs M_DUP_PKTHDR() will leak mbuf tags.
See similar commit to dev/usb/if_rum.c for more info. With this commit
all drivers have been switched away from the incorrect M_DUP_PKTHDR() usage.
OK mglocker@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

remove detach() function. this is not hotplug and this is dead code.

don't use IF_PREPEND() on altq's.
use IFQ_POLL()/IFQ_DEQUEUE() logic instead as described in altq(4).

tweak dma sync ops

get rid of shared auth mode.
the ioctl is not supported by ifconfig and it has never worked anyway.

remove unused prototypes.
don't check for fatal errors on IPW_INTR_FW_INIT_DONE interrupts as it has
already been check beforehand.
cosmetic while i'm here.

set of unrelated cosmetic tweaks.

clear the IFF_UP interface flag before shutting down the interface.

ok damien@

sync handling of fatal firmware errors w/ wpi(4)

allow bpf(4) to ignore packets based on their direction (inbound or
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@

prettify + u_int{8,16,32}_t -> uint{8,16,32}_t

fix reading of EEPROM content on big endian arches.

Remove redundant calls to bpfdetach.
ok brad@

When defragmenting a mbuf chain before transmitting it, don't allocate a mbuf
cluster if the payload fits in the header.

From NetBSD (scw@)

Be more robust when handling Rx interrupts. If we can't allocate and DMA map
a new mbuf, just discard the received frame and reuse the old mbuf.

From NetBSD (joerg@)

do not set PCI_COMMAND_MASTER_ENABLE explicitly as it's already set in pcisubmatch(); kettenis@ testing; brad@ ok

Use ic->ic_ibss_chan instead of ic->ic_bss->ni_chan when filling a
ipw_tx_radiotap_header struct. This fixes a panic I got when using
tcpdump -nvi ipw0 -y ieee802_11_radio.
OK reyk@ damien@

clear IFF_RUNNING & IFF_OACTIVE in foo_stop() before de-allocating resources.

don't disassociate on SIOCSIFADDR if the interface is already up and running.

fix ids. ok jsg@ deraadt@

do packet accounting (opackets/oerrors/ierrors).

support for ipv6.

retrieve scan results from net80211 instead of reading NIC internal memory.
this fixes a bug with multiple AP's.

ipwcontrol and iwicontrol removal.

fix setting of the MAC address.

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

fix a critical bug that made the kernel crash under heavy upstream traffic
load. pointed out by jcs@

Use $OpenBSD$ instead of $Id$. ok damien@

add powerhooks
OK claudio@ kevlo@ deraadt@

fix mbuf defragmentation

add mbuf linearization code when the number of fragments exceeds what is
supported by the hardware

fix printf's in ipw_dma_alloc()

add IEEE80211_C_SHPREAMBLE capability flag and reorder interrupt handlers

update net80211 AP list after scanning

mostly cosmetic changes

Clean Tx/Rx rings allocation and management.

wait longer for master initialization

don't leave run state on background scan

clear register 0x41, not 0x43 (endianness)

forgot to remove a call to free() in my previous commit.

use the filesystem based firmware loader; deraadt ok

Call ipw_stop() at the beginning of ipw_init(): this fixes a memory leak
when ipw_init() is called on ENETRESET.
Call ipw_stop() when the radio transmitter is turned off.

ok claudio@

Return 1 instead of 0 in ipw_intr() if the interrupt is handled by us.
Ignore invalid 0xffffffff interrupts.

ok claudio@

IFM_IEEE80211_ADHOC -> IFM_IEEE80211_IBSS in ipw_media_status().

ok claudio@ aaron@

Calling ipwcontrol -k without downloading the firmware first lead to a
panic. Fix the ipw_free_firmware() function itself instead of fixing the
callers.

ok claudio@

Fix calls to bus_dmamap_create().

factor out the dma memory allocation, mapping, freeing and unmapping
functionality and call them only on attach and detach. these were
being called in interrupt context and were causing a panic on device
timeout.

ok damien@

the URL in if_iwi is no longer valid.

ok damien@

print our ether address when attaching like other drivers
ok damien@

Minor consistency tweaks (imported from iwi).
Wait longer for microcode initialization to complete.

Check that we are associated before sending anything. Call ipw_stop()
from ipw_watchdog().

Handle fatal errors from firmware (imported from iwi).

Read MAC address from EEPROM in ipw_attach(). The address is now known
before the firmware has been sent. Imported from iwi.

Cache firmware into kernel memory instead of sending it directly. The
firmware is now sent only when the interface is turned up.
This paves the way for proper suspend/resume support.

Change firmware initialization sequence to be more consistent with iwi.
Remove ipw_zero_mem_4() and add ipw_stop_master().

Add ipw_media_status() to report the current Tx rate properly.
This was imported from iwi.

Configure the adapter properly to avoid Tx retries from interfering with
CPU C3 state (imported from iwi).

Add authmode support (imported from iwi).

Import ipw_get_table() and ipw_get_radio() functions from iwi.

Remove unuseful initialization of ic->ic_bss->ni_chan in ipw_init().

Change the way supported rates set is initialized (to be consistent with
iwi).

Reduce timeout from two seconds to one second for command ack and from five
seconds to one second for firmware notification.

Remove static for all non-inline functions.

Mostly cosmetic changes to be consistent with iwi:
- update web url
- sed s/ *$//
- get if_ipwreg.h and if_ipwvar.h from dev/pci
- remove unused function MEM_READ_2()
- inline -> __inline
- 11.b -> .11b
- addition of comments
- sort registers by their addresses

support for Intel 2100/2200BG/2915ABG wireless devices written by
damien.bergamini@free.fr. This gets imported even though there is no
firmware in the tree. This is a ridiculous situation: everything is
free, everything works, except Intel will not let us put a little
dinky firmware flat file into OpenBSD. So OpenBSD is ready for Intel
whenever they are.

Are you a consumer? Do you want to see this changed -- contact
jketreno@linux.intel.com and tell him how you feel about this. He is
likely someone who cannot do anything about it, though. If anyone can
work up or down the chain around his department and get me contact
information for various people, I will compile and later publish such
a list. Go do it people -- this is how things will change. Get me
email addresses and phone numbers.

Use memset() to initialize struct ieee80211_rxinfo properly.

Sven Wolf noticed that scans on ral(4) are buggy ever since I added a new
field to this struct. Turns out a lot of drivers were initializing fields
one-by-one, leaving any newly added fields uninitialized by default.

Affected drivers may report wrong channel numbers for received beacons.
The net80211 stack will discard such beacons, assuming they were received
on the wrong channel due to signal leakage. Scanning is broken as result.

ok miod@

branches: 1.131.2;
Constify struct cfattach.

spelling
feedback and ok tb@ jmc@ ok ratchov@

Since ipw(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.

In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.

Problem reported and fix tested by Riccardo Mottola.

In ipw(4), ensure that net80211 is in ASSOC state while we are expecting
an assoc response from the AP during the association sequence. Otherwise
net80211 would ignore the auth response, resulting in a state mismatch
between firmware and net80211. A symptom of this was that WPA didn't work.

Problem reported and fix tested by Ricardo Mottola

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

remove the "copy function" argument to bpf_mtap_hdr.

it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.

ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.

don't hand roll bpf_mtap_hdr functionality, just use bpf_mtap_hdr.

the radiotap code prepends a big struct to the packets, and wires
them up with the packet by putting an mbuf on the stack and using
that as the head of an mbuf chain. bpf_mtap_hdr does the chain head
thing for us, so shrink this code by calling the bpf function.

there's some other drivers that do this too, so if anyone wants a
free commit they should go looking in the other wireless drivers
and do the same change.

ok claudio@

Make wireless drivers call if_input() only once per interrupt.

This reduces drops caused by the ifq pressure drop mechanism and hence
increases throughput. Such drops are visible with e.g. 'netstat -dnI iwm0'.

Not all affected drivers have been tested yet but these changes are largely
mechanical and should be safe. As usual, please report any regressions.

With help from dlg@ and mpi@

Problem found by robert@
Tested by robert, jmc, Tracey Emer, Matthias Schmidt, florian, Bj��rn Ketelaars
ok mpi@

ipw, iwi, iwm, iwn, wpi(4): tsleep -> tsleep_nsec(9); ok stsp@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Do not clear IFF_UP, even in the error path, clearing IFF_RUNNING
is enough.

This flag should only be set by the stack, drivers shouldn't mess
with it.

Discussed with dlg@ and mikeb@, ok mikeb@, stsp@

move counting if_opackets next to counting if_obytes in if_enqueue.

this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.

ok mpi@ deraadt@

redo rwlock conversion now that i've compiled it on i386

Backout previous commit; does not compile.

convert busy flag and tsleep to rwlock as in iwm

G/C IFQ_SET_READY().

replace IFF_OACTIVE manipulation with mpsafe operations.

there are two things shared between the network stack and drivers
in the send path: the send queue and the IFF_OACTIVE flag. the send
queue is now protected by a mutex. this diff makes the oactive
functionality mpsafe too.

IFF_OACTIVE is part of if_flags. there are two problems with that.
firstly, if_flags is a short and we dont have any MI atomic operations
to manipulate a short. secondly, while we could make the IFF_OACTIVE
operates mpsafe, all changes to other flags would have to be made
safe at the same time, otherwise a read-modify-write cycle on their
updates could clobber the oactive change.

instead, this moves the oactive mark into struct ifqueue and provides
an API for changing it. there's ifq_set_oactive, ifq_clr_oactive,
and ifq_is_oactive. these are modelled on ifsq_set_oactive,
ifsq_clr_oactive, and ifsq_is_oactive in dragonflybsd.

this diff includes changes to all the drivers manipulating IFF_OACTIVE
to now use the ifsq_{set,clr_is}_oactive API too.

ok kettenis@ mpi@ jmatthew@ deraadt@

No need to include <net/if_arp.h>

This header is only needed because <netinet/if_ether.h> declares a
structure that needs it. But it turns out that <net/if.h> already
includes it as workaround.

A proper solution would be to stop declarting "struct ether_arp"
there. But no driver should need this header.

The only network driver needing <net/if_types.h> is upl(4) for IFT_OTHER.

shuffle struct ifqueue so in flight mbufs are protected by a mutex.

the code is refactored so the IFQ macros call newly implemented ifq
functions. the ifq code is split so each discipline (priq and hfsc
in our case) is an opaque set of operations that the common ifq
code can call. the common code does the locking, accounting (ifq_len
manipulation), and freeing of the mbuf if the disciplines enqueue
function rejects it. theyre kind of like bufqs in the block layer
with their fifo and nscan disciplines.

the new api also supports atomic switching of disciplines at runtime.
the hfsc setup in pf_ioctl.c has been tweaked to build a complete
hfsc_if structure which it attaches to the send queue in a single
operation, rather than attaching to the interface up front and
building up a list of queues.

the send queue is now mutexed, which raises the expectation that
packets can be enqueued or purged on one cpu while another cpu is
dequeueing them in a driver for transmission. a lot of drivers use
IFQ_POLL to peek at an mbuf and attempt to fit it on the ring before
committing to it with a later IFQ_DEQUEUE operation. if the mbuf
gets freed in between the POLL and DEQUEUE operations, fireworks
will ensue.

to avoid this, the ifq api introduces ifq_deq_begin, ifq_deq_rollback,
and ifq_deq_commit. ifq_deq_begin allows a driver to take the ifq
mutex and get a reference to the mbuf they wish to try and tx. if
there's space, they can ifq_deq_commit it to remove the mbuf and
release the mutex. if there's no space, ifq_deq_rollback simply
releases the mutex. this api was developed to make updating the
drivers using IFQ_POLL easy, instead of having to do significant
semantic changes to avoid POLL that we cannot test on all the
hardware.

the common code has been tested pretty hard, and all the driver
modifications are straightforward except for de(4). if that breaks
it can be dealt with later.

ok mpi@ jmatthew@

arp_ifinit() is no longer needed.

sizes for free(), mostly related to firmwares.
ok dlg

Use m_defrag(9) instead of rolling our own inlined version.

ok mikeb@

Wireless drivers call if_input() via ieee80211_input() which set `rcvif'
on every received mbuf, so there's no need to initialize this pointer in
the drivers.

Tested by and ok phessler@

i forgot to fix ipw when i removed the second task argument.

poke from deraadt@

unifdef INET

Use <sys/endian.h> instead of <machine/endian.h>

ok dlg@ mpi@ bcook@ millert@ miod@

Fix tree breakage due to unused variable after last commit.

Change scan and auth+assoc workq entries to taskq entries.

Identical diff originally and independently developed by blambert@.

Fewer <netinet/in_systm.h>

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

fix a theoretical double free.

ok tedu@

Add a DVACT_WAKEUP op to the *_activate() API. This is called after the
kernel resumes normal (non-cold, able to run processes, etc) operation.
Previously we were relying on specific DVACT_RESUME op's in drivers
creating callback/threads themselves, but that has become too common,
indicating the need for a built-in mechanism.
ok dlg kettenis, tested by a sufficient amount of people

replace workqs with tasks for handling resume. state handling is
still in workqs.

from kimberley manning

Most network drivers include netinet/in_var.h, but apparently they
don't have to. Just remove these include lines.
Compiled on amd64 i386 sparc64; OK henning@ mikeb@

Do not use NULL in integer comparisons. No functional change.
ok matthew@ tedu@, also eyeballed by at least krw@ oga@ kettenis@ jsg@

Reset ic_scan_lock in {ipw,iwi}_stop similarly to {wpi,iwn}_stop.

From Jeremy Chase.

remove the powerhook code. All architectures now use the ca_activate tree
traversal code to suspend/resume
ok oga kettenis blambert

Move the guts of the powerhook function into the activate function and make
it stop calling the powerhook function; then make the powerhook function
call activate. This basically inverts the whole goop.
ok kettenis

remove the unused if_init callback in struct ifnet
ok deraadt@ henning@ claudio@

homogeneous style.

no binary change.

Instead of returning EBUSY when the busy flag is set in the ioctl, sleep
until whoever has it is done with it.

This is kept as flag/sleep condvars instead of a rwlock because later we
may want to quiesce the handler before suspend to make sure nothing is
sleeping on a chip that is about to be whacked (doing so will change the
proc so rwlocks won't work).

ok damien@

Bring the suspend/resume code of all the Intel wireless drivers in line with
iwn(4) again.

ok deraadt@

Make legacy xxpower() functions call xxstop() on suspend, and simplify their
resume paths. For new-style suspend/resume, add a ca_activate function where
it is missing, and use a workq to resume because these drivers like to sleep.
ok damien

remove proc.h include from uvm_map.h. This has far reaching effects, as
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt

make various strings ("can't map mem space" and similar) more consistent
between instances, saving space in the kernel. feedback from many (some
incorporated, some left for future work).

ok deraadt, kettenis, "why not" miod.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

I swapped MGETHDR arguments in my m_defrag removal commit.

Undo m_defrag().

m_defrag() does not work. It seems to assume that if the length of
the mbuf passed as parameter is less than MHLEN, then it is an mbuf
header and not a cluster (or something like that.)
It thus fails miserably in the bcopy path.
I don't have the time to investigate further into this.

Thanks to Okan Demirmen for reporting the issue on a ral(4) RT2560.
The RT2560 chipset does not support TX scatter and thus m_defrag()
was called much more often than in other drivers using m_defrag()
where it was less noticeable.

use shiny new m_defrag() and nitems() instead of rolling our own.

redefine ic_send_mgmt() as a no-op instead of calling IF_PURGE in
{ipw,iwi}_start which is wrong (node reference is not released).
from pgt(4).

indent IF_PURGE. pointed out by brad@

no binary changes.

#undef IPW_DEBUG
fix a comment while i'm here.

pointed out by brad@

i've lost the IF_PURGE() bits in the process...
use license.template while i'm here.

WPA support for ipw(4).
Did a lot of cleanup while I was there.

the firmware is responsible for sending management frames, but
since we pass received management frames to net80211, net80211
may send replies (like deauth/disassoc), so we just call
IF_PURGE(&ic->ic_mgtq) in {ipw,iwi}_start just to be on the
safe side of things (so we don't leak mbufs).

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

instead of passing rx tstamp and rssi to the ieee80211_input function,
pass a pointer to an ieee80211_rxinfo structure containing those two
fields plus an extra flags field that indicates whether the frame was
decrypted by hardware or not.
required for a future fix.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

Do not leak memory claimed by firmware on "ifconfig down".

ok deraadt@

update the physical address of the RX buffer after bus_dmamap_load()
in the case where the old buffer is remapped.

use new malloc M_ZERO flag to shrink kernel.
remove <malloc.h> from files where malloc is not used.

unify firmware load failure messages; ok mglocker

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

M_DUP_PKTHDR() cleanup. On static mbufs M_DUP_PKTHDR() will leak mbuf tags.
See similar commit to dev/usb/if_rum.c for more info. With this commit
all drivers have been switched away from the incorrect M_DUP_PKTHDR() usage.
OK mglocker@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

remove detach() function. this is not hotplug and this is dead code.

don't use IF_PREPEND() on altq's.
use IFQ_POLL()/IFQ_DEQUEUE() logic instead as described in altq(4).

tweak dma sync ops

get rid of shared auth mode.
the ioctl is not supported by ifconfig and it has never worked anyway.

remove unused prototypes.
don't check for fatal errors on IPW_INTR_FW_INIT_DONE interrupts as it has
already been check beforehand.
cosmetic while i'm here.

set of unrelated cosmetic tweaks.

clear the IFF_UP interface flag before shutting down the interface.

ok damien@

sync handling of fatal firmware errors w/ wpi(4)

allow bpf(4) to ignore packets based on their direction (inbound or
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@

prettify + u_int{8,16,32}_t -> uint{8,16,32}_t

fix reading of EEPROM content on big endian arches.

Remove redundant calls to bpfdetach.
ok brad@

When defragmenting a mbuf chain before transmitting it, don't allocate a mbuf
cluster if the payload fits in the header.

From NetBSD (scw@)

Be more robust when handling Rx interrupts. If we can't allocate and DMA map
a new mbuf, just discard the received frame and reuse the old mbuf.

From NetBSD (joerg@)

do not set PCI_COMMAND_MASTER_ENABLE explicitly as it's already set in pcisubmatch(); kettenis@ testing; brad@ ok

Use ic->ic_ibss_chan instead of ic->ic_bss->ni_chan when filling a
ipw_tx_radiotap_header struct. This fixes a panic I got when using
tcpdump -nvi ipw0 -y ieee802_11_radio.
OK reyk@ damien@

clear IFF_RUNNING & IFF_OACTIVE in foo_stop() before de-allocating resources.

don't disassociate on SIOCSIFADDR if the interface is already up and running.

fix ids. ok jsg@ deraadt@

do packet accounting (opackets/oerrors/ierrors).

support for ipv6.

retrieve scan results from net80211 instead of reading NIC internal memory.
this fixes a bug with multiple AP's.

ipwcontrol and iwicontrol removal.

fix setting of the MAC address.

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

fix a critical bug that made the kernel crash under heavy upstream traffic
load. pointed out by jcs@

Use $OpenBSD$ instead of $Id$. ok damien@

add powerhooks
OK claudio@ kevlo@ deraadt@

fix mbuf defragmentation

add mbuf linearization code when the number of fragments exceeds what is
supported by the hardware

fix printf's in ipw_dma_alloc()

add IEEE80211_C_SHPREAMBLE capability flag and reorder interrupt handlers

update net80211 AP list after scanning

mostly cosmetic changes

Clean Tx/Rx rings allocation and management.

wait longer for master initialization

don't leave run state on background scan

clear register 0x41, not 0x43 (endianness)

forgot to remove a call to free() in my previous commit.

use the filesystem based firmware loader; deraadt ok

Call ipw_stop() at the beginning of ipw_init(): this fixes a memory leak
when ipw_init() is called on ENETRESET.
Call ipw_stop() when the radio transmitter is turned off.

ok claudio@

Return 1 instead of 0 in ipw_intr() if the interrupt is handled by us.
Ignore invalid 0xffffffff interrupts.

ok claudio@

IFM_IEEE80211_ADHOC -> IFM_IEEE80211_IBSS in ipw_media_status().

ok claudio@ aaron@

Calling ipwcontrol -k without downloading the firmware first lead to a
panic. Fix the ipw_free_firmware() function itself instead of fixing the
callers.

ok claudio@

Fix calls to bus_dmamap_create().

factor out the dma memory allocation, mapping, freeing and unmapping
functionality and call them only on attach and detach. these were
being called in interrupt context and were causing a panic on device
timeout.

ok damien@

the URL in if_iwi is no longer valid.

ok damien@

print our ether address when attaching like other drivers
ok damien@

Minor consistency tweaks (imported from iwi).
Wait longer for microcode initialization to complete.

Check that we are associated before sending anything. Call ipw_stop()
from ipw_watchdog().

Handle fatal errors from firmware (imported from iwi).

Read MAC address from EEPROM in ipw_attach(). The address is now known
before the firmware has been sent. Imported from iwi.

Cache firmware into kernel memory instead of sending it directly. The
firmware is now sent only when the interface is turned up.
This paves the way for proper suspend/resume support.

Change firmware initialization sequence to be more consistent with iwi.
Remove ipw_zero_mem_4() and add ipw_stop_master().

Add ipw_media_status() to report the current Tx rate properly.
This was imported from iwi.

Configure the adapter properly to avoid Tx retries from interfering with
CPU C3 state (imported from iwi).

Add authmode support (imported from iwi).

Import ipw_get_table() and ipw_get_radio() functions from iwi.

Remove unuseful initialization of ic->ic_bss->ni_chan in ipw_init().

Change the way supported rates set is initialized (to be consistent with
iwi).

Reduce timeout from two seconds to one second for command ack and from five
seconds to one second for firmware notification.

Remove static for all non-inline functions.

Mostly cosmetic changes to be consistent with iwi:
- update web url
- sed s/ *$//
- get if_ipwreg.h and if_ipwvar.h from dev/pci
- remove unused function MEM_READ_2()
- inline -> __inline
- 11.b -> .11b
- addition of comments
- sort registers by their addresses

support for Intel 2100/2200BG/2915ABG wireless devices written by
damien.bergamini@free.fr. This gets imported even though there is no
firmware in the tree. This is a ridiculous situation: everything is
free, everything works, except Intel will not let us put a little
dinky firmware flat file into OpenBSD. So OpenBSD is ready for Intel
whenever they are.

Are you a consumer? Do you want to see this changed -- contact
jketreno@linux.intel.com and tell him how you feel about this. He is
likely someone who cannot do anything about it, though. If anyone can
work up or down the chain around his department and get me contact
information for various people, I will compile and later publish such
a list. Go do it people -- this is how things will change. Get me
email addresses and phone numbers.

Constify struct cfattach.

spelling
feedback and ok tb@ jmc@ ok ratchov@

Since ipw(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.

In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.

Problem reported and fix tested by Riccardo Mottola.

In ipw(4), ensure that net80211 is in ASSOC state while we are expecting
an assoc response from the AP during the association sequence. Otherwise
net80211 would ignore the auth response, resulting in a state mismatch
between firmware and net80211. A symptom of this was that WPA didn't work.

Problem reported and fix tested by Ricardo Mottola

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

remove the "copy function" argument to bpf_mtap_hdr.

it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.

ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.

don't hand roll bpf_mtap_hdr functionality, just use bpf_mtap_hdr.

the radiotap code prepends a big struct to the packets, and wires
them up with the packet by putting an mbuf on the stack and using
that as the head of an mbuf chain. bpf_mtap_hdr does the chain head
thing for us, so shrink this code by calling the bpf function.

there's some other drivers that do this too, so if anyone wants a
free commit they should go looking in the other wireless drivers
and do the same change.

ok claudio@

Make wireless drivers call if_input() only once per interrupt.

This reduces drops caused by the ifq pressure drop mechanism and hence
increases throughput. Such drops are visible with e.g. 'netstat -dnI iwm0'.

Not all affected drivers have been tested yet but these changes are largely
mechanical and should be safe. As usual, please report any regressions.

With help from dlg@ and mpi@

Problem found by robert@
Tested by robert, jmc, Tracey Emer, Matthias Schmidt, florian, Bj��rn Ketelaars
ok mpi@

ipw, iwi, iwm, iwn, wpi(4): tsleep -> tsleep_nsec(9); ok stsp@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Do not clear IFF_UP, even in the error path, clearing IFF_RUNNING
is enough.

This flag should only be set by the stack, drivers shouldn't mess
with it.

Discussed with dlg@ and mikeb@, ok mikeb@, stsp@

move counting if_opackets next to counting if_obytes in if_enqueue.

this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.

ok mpi@ deraadt@

redo rwlock conversion now that i've compiled it on i386

Backout previous commit; does not compile.

convert busy flag and tsleep to rwlock as in iwm

G/C IFQ_SET_READY().

replace IFF_OACTIVE manipulation with mpsafe operations.

there are two things shared between the network stack and drivers
in the send path: the send queue and the IFF_OACTIVE flag. the send
queue is now protected by a mutex. this diff makes the oactive
functionality mpsafe too.

IFF_OACTIVE is part of if_flags. there are two problems with that.
firstly, if_flags is a short and we dont have any MI atomic operations
to manipulate a short. secondly, while we could make the IFF_OACTIVE
operates mpsafe, all changes to other flags would have to be made
safe at the same time, otherwise a read-modify-write cycle on their
updates could clobber the oactive change.

instead, this moves the oactive mark into struct ifqueue and provides
an API for changing it. there's ifq_set_oactive, ifq_clr_oactive,
and ifq_is_oactive. these are modelled on ifsq_set_oactive,
ifsq_clr_oactive, and ifsq_is_oactive in dragonflybsd.

this diff includes changes to all the drivers manipulating IFF_OACTIVE
to now use the ifsq_{set,clr_is}_oactive API too.

ok kettenis@ mpi@ jmatthew@ deraadt@