1/*	$OpenBSD: pgtreg.h,v 1.7 2006/10/11 12:10:19 claudio Exp $  */
2
3/*
4 * Copyright (c) 2006 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2006 Marcus Glocker <mglocker@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20/*
21 * Copyright (c) 2004 Fujitsu Laboratories of America, Inc.
22 * Copyright (c) 2004 Brian Fundakowski Feldman
23 * All rights reserved.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the above copyright
29 *    notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 *    notice, this list of conditions and the following disclaimer in the
32 *    documentation and/or other materials provided with the distribution.
33 *
34 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
35 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
38 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 * SUCH DAMAGE.
45 */
46
47#ifndef __PGTREG_H__
48#define __PGTREG_H__
49
50/* Sizes, delays, etc. */
51#define	PGT_TX_LIST_CNT			32
52#define	PGT_RX_LIST_CNT			8
53#define	PGT_FRAG_SIZE			1536	/* overkill for mgmt frames */
54#define	PGT_DIRECT_MEMORY_OFFSET	0x1000
55#define	PGT_DIRECT_MEMORY_SIZE		0x1000
56#define	PGT_FIRMWARE_INTERNAL_OFFSET	0x20000
57#define	PGT_WRITEIO_DELAY		10
58#define	PGT_RESET_DELAY			50000
59
60/* Registers */
61#define PGT_REG_DEV_INT			0x0000	/* device interrupt */
62#define	PGT_DEV_INT_RESET		0x00000001
63#define	PGT_DEV_INT_UPDATE		0x00000002
64#define	PGT_DEV_INT_WAKEUP		0x00000008
65#define	PGT_DEV_INT_SLEEP		0x00000010
66#define	PGT_REG_INT_STAT		0x0010	/* interrupt status */
67#define	PGT_INT_STAT_UPDATE		0x00000002
68#define	PGT_INT_STAT_INIT		0x00000004
69#define	PGT_INT_STAT_WAKEUP		0x00000008
70#define	PGT_INT_STAT_SLEEP		0x00000010
71#define	PGT_INT_STAT_UNKNOWN0		0x00004000
72#define	PGT_INT_STAT_UNKNOWN1		0x80000000
73#define	PGT_INT_STAT_SOURCES		0x8000401e
74#define	PGT_REG_INT_ACK			0x0014	/* interrupt acknowledgement */
75#define	PGT_REG_INT_EN			0x0018	/* interrupt enable */
76#define	PGT_REG_CTRL_BLK_BASE		0x0020	/* control block address */
77#define	PGT_REG_GEN_PURP_COM		0x0024
78#define	PGT_REG_DIR_MEM_BASE		0x0030
79#define	PGT_REG_CTRL_STAT		0x0078
80#define	PGT_CTRL_STAT_SLEEPMODE		0x00000200
81#define	PGT_CTRL_STAT_CLOCKRUN		0x00800000
82#define	PGT_CTRL_STAT_RESET		0x10000000
83#define	PGT_CTRL_STAT_RAMBOOT		0x20000000
84#define	PGT_CTRL_STAT_STARTHALTED	0x40000000
85#define	PGT_CTRL_STAT_HOST_OVERRIDE	0x80000000
86
87/*
88 * The control block consists of a set of queues for low- and high-priority
89 * data, and management, transmission and reception queues.  There is a
90 * set of indices that gives the index (modulo queue size) of the current
91 * progress in each.  Nearly all configuration is done from the management
92 * queue interface.  Almost every structure is little-endian.
93 */
94enum pgt_queue {
95	PGT_QUEUE_DATA_LOW_RX =		0,
96	PGT_QUEUE_DATA_LOW_TX =		1,
97	PGT_QUEUE_DATA_HIGH_RX =	2,
98	PGT_QUEUE_DATA_HIGH_TX =	3,
99	PGT_QUEUE_MGMT_RX =		4,
100	PGT_QUEUE_MGMT_TX =		5
101};
102
103#define	PGT_QUEUE_COUNT			6
104#define	PGT_QUEUE_DATA_RX_SIZE		8
105#define	PGT_QUEUE_DATA_TX_SIZE		32
106#define	PGT_QUEUE_MGMT_SIZE		4
107#define	PGT_QUEUE_FULL_THRESHOLD	8
108
109struct pgt_frag {
110	uint32_t pf_addr;		/* physical host address */
111	uint16_t pf_size;
112	uint16_t pf_flags;
113#define	PF_FLAG_MF	0x0001		/* more frags (frame continues) */
114};
115
116struct pgt_control_block {
117	uint32_t	pcb_driver_curfrag[PGT_QUEUE_COUNT];
118	uint32_t	pcb_device_curfrag[PGT_QUEUE_COUNT];
119	struct pgt_frag	pcb_data_low_rx[PGT_QUEUE_DATA_RX_SIZE];
120	struct pgt_frag	pcb_data_low_tx[PGT_QUEUE_DATA_TX_SIZE];
121	struct pgt_frag	pcb_data_high_rx[PGT_QUEUE_DATA_RX_SIZE];
122	struct pgt_frag	pcb_data_high_tx[PGT_QUEUE_DATA_TX_SIZE];
123	struct pgt_frag	pcb_mgmt_rx[PGT_QUEUE_MGMT_SIZE];
124	struct pgt_frag	pcb_mgmt_tx[PGT_QUEUE_MGMT_SIZE];
125	uint32_t	pcb_padding;
126};
127
128/*
129 * Unlike the rest of the structures, this is big-endian by default.
130 * The Linux driver defines a PIMFOR_ETHERTYPE as 0x8828 (why?)
131 */
132enum pgt_mgmt_operation {
133	PMF_OP_GET =		0,
134	PMF_OP_SET =		1,
135	PMF_OP_RESPONSE =	2,
136	PMF_OP_ERROR =		3,
137	PMF_OP_TRAP =		4
138	/* may be more */
139};
140
141struct pgt_mgmt_frame {
142	uint8_t		pmf_version;
143#define	PMF_VER		0x01
144	uint8_t		pmf_operation;
145	uint32_t	pmf_oid;
146	uint8_t		pmf_device;
147#define PMF_DEV		0x00
148	uint8_t		pmf_flags;
149#define	PMF_FLAG_APP	0x01		/* application origin (?) */
150#define	PMF_FLAG_LE	0x02		/* little-endian */
151#define	PMF_FLAG_VALID	(PMF_FLAG_APP | PMF_FLAG_LE)
152	uint32_t	pmf_size;
153	/* 		data[];			*/
154} __packed;
155
156struct pgt_rx_header {
157	uint16_t		pra_unknown0;	/* always 0x0000 */
158	uint16_t		pra_length;	/* always 0x1400 */
159	uint32_t		pra_clock;	/* 1MHz timestamp */
160	uint8_t			pra_flags;
161#define	PRA_FLAG_BAD		0x01
162	uint8_t			pra_unknown1;
163	uint8_t			pra_rate;
164	uint8_t			pra_unknown2;
165	uint16_t		pra_frequency;
166	uint16_t		pra_unknown3;
167	uint8_t			pra_rssi;
168	uint8_t			pra_pad[3];
169} __packed;
170
171struct pgt_rx_annex {
172	uint8_t 		pra_ether_dhost[ETHER_ADDR_LEN];
173	uint8_t			pra_ether_shost[ETHER_ADDR_LEN];
174	struct pgt_rx_header	pra_header;
175	uint16_t		pra_ether_type;
176} __packed;
177
178/*
179 * OIDs used to communicate management information.
180 */
181enum pgt_oid {
182	PGT_OID_MAC_ADDRESS =				0x00000000,
183	/* uint8_t ether[6]; */
184	PGT_OID_LINK_STATE = 				0x00000001,
185	/* uint32_t rate; (500kbps units) */
186	PGT_OID_BSS_TYPE =				0x10000000,
187	/* uint32_t network; */
188#define	PGT_BSS_TYPE_NONE			0
189#define	PGT_BSS_TYPE_STA			1
190#define	PGT_BSS_TYPE_IBSS			2
191#define	PGT_BSS_TYPE_ANY			3
192	PGT_OID_BSSID =					0x10000001,
193	/* uint8_t bssid[6]; */
194	PGT_OID_SSID =					0x10000002,
195	/* struct pgt_obj_ssid; */
196	PGT_OID_COUNTRY =				0x10000005,
197	/* uint32_t country; guessing until I see some foreign hardware... */
198#define	PGT_COUNTRY_USA				0
199	PGT_OID_SSID_OVERRIDE =				0x10000006,
200	/* struct pgt_obj_ssid; */
201	PGT_OID_AUTH_MODE =				0x12000000,
202	/* uint32_t auth; */
203#define	PGT_AUTH_MODE_NONE			0
204#define	PGT_AUTH_MODE_OPEN			1
205#define	PGT_AUTH_MODE_SHARED			2
206#define	PGT_AUTH_MODE_BOTH			3
207	PGT_OID_PRIVACY_INVOKED =			0x12000001,
208	/* uint32_t privacy; */
209	PGT_OID_EXCLUDE_UNENCRYPTED =			0x12000002,
210	/* uint32_t exunencrypted; */
211	PGT_OID_DEFAULT_KEYNUM =			0x12000003,
212	/* uint32_t defkey; */
213	PGT_OID_DEFAULT_KEY0 =				0x12000004,
214	/* struct pgt_obj_key; */
215	PGT_OID_DEFAULT_KEY1 =				0x12000005,
216	/* struct pgt_obj_key; */
217	PGT_OID_DEFAULT_KEY2 =				0x12000006,
218	/* struct pgt_obj_key; */
219	PGT_OID_DEFAULT_KEY3 =				0x12000007,
220	/* struct pgt_obj_key; */
221	PGT_OID_STA_KEY =				0x12000008,
222	PGT_OID_PSM =					0x14000000,
223	/* uint32_t powersave; */
224	PGT_OID_EAPAUTHSTA =				0x150007de,
225	/* uint8_t sta[6]; */
226	PGT_OID_EAPUNAUTHSTA =				0x150007df,
227	/* uint8_t sta[6]; */
228	PGT_OID_DOT1X =					0x150007e0,
229	/* uint32_t dot1x; */
230#define	PGT_DOT1X_AUTH_NONE			0
231#define	PGT_DOT1X_AUTH_ENABLED			1
232#define	PGT_DOT1X_KEYTX_ENABLED			2
233	PGT_OID_SLOT_TIME =				0x17000000,
234	/* uint32_t slottime; */
235	PGT_OID_CHANNEL =				0x17000007,
236	/* uint32_t channel; */
237	PGT_OID_PREAMBLE_MODE =				0x17000009,
238	/* uint32_t preamble; */
239#define	PGT_OID_PREAMBLE_MODE_LONG		0
240#define	PGT_OID_PREAMBLE_MODE_SHORT		1
241#define	PGT_OID_PREAMBLE_MODE_DYNAMIC		2
242	PGT_OID_RATES =	 				0x1700000a,
243	/* uint8_t rates[]; nul terminated */
244	PGT_OID_RSSI_VECTOR =				0x1700000d,
245	PGT_OID_OUTPUT_POWER_TABLE =			0x1700000e,
246	PGT_OID_OUTPUT_POWER =				0x1700000f,
247	PGT_OID_SUPPORTED_RATES =	 		0x17000010,
248	/* uint8_t rates[]; nul terminated */
249	PGT_OID_NOISE_FLOOR =	 			0x17000013,
250	/* uint32_t noise; */
251	PGT_OID_SLOT_MODE =				0x17000017,
252	/* uint32_t slot; */
253#define	PGT_OID_SLOT_MODE_LONG			0
254#define	PGT_OID_SLOT_MODE_SHORT			1
255#define	PGT_OID_SLOT_MODE_DYNAMIC		2
256	PGT_OID_EXTENDED_RATES =			0x17000020,
257	/* uint8_t rates[]; nul terminated */
258	PGT_OID_FREQUENCY =				0x17000011,
259	/* uint32_t frequency; */
260	PGT_OID_SUPPORTED_FREQUENCIES = 		0x17000012,
261	/* struct pgt_obj_freq; */
262	PGT_OID_PROFILE =				0x17000019,
263	/* uint32_t profile; */
264#define	PGT_PROFILE_B_ONLY			0
265#define	PGT_PROFILE_MIXED_G_WIFI		1
266#define	PGT_PROFILE_MIXED_LONG			2
267#define	PGT_PROFILE_G_ONLY			3
268#define	PGT_PROFILE_TEST			4
269#define	PGT_PROFILE_B_WIFI			5
270#define	PGT_PROFILE_A_ONLY			6
271#define	PGT_PROFILE_MIXED_SHORT			7
272	PGT_OID_DEAUTHENTICATE =			0x18000000,
273	/* struct pgt_obj_mlme; */
274	PGT_OID_AUTHENTICATE =				0x18000001,
275	/* struct pgt_obj_mlme; */
276	PGT_OID_DISASSOCIATE =				0x18000002,
277	/* struct pgt_obj_mlme; */
278	PGT_OID_ASSOCIATE =				0x18000003,
279	/* struct pgt_obj_mlme; */
280	PGT_OID_SCAN =					0x18000004,
281	PGT_OID_BEACON =				0x18000005,
282	/* struct pgt_obj_mlmeex; */
283	PGT_OID_PROBE =					0x18000006,
284	/* struct pgt_obj_mlmeex; */
285	PGT_OID_DEAUTHENTICATEEX =			0x18000007,
286	/* struct pgt_obj_mlmeex; */
287	PGT_OID_AUTHENTICATEEX =			0x18000008,
288	/* struct pgt_obj_mlmeex; */
289	PGT_OID_DISASSOCIATEEX =			0x18000009,
290	/* struct pgt_obj_mlmeex; */
291	PGT_OID_ASSOCIATEEX =				0x1800000a,
292	/* struct pgt_obj_mlmeex; */
293	PGT_OID_REASSOCIATE =				0x1800000b,
294	/* struct pgt_obj_mlmeex; */
295	PGT_OID_REASSOCIATEEX =				0x1800000c,
296	/* struct pgt_obj_mlmeex; */
297	PGT_OID_MLME_AUTO_LEVEL =			0x19000001,
298	/* uint32_t mlme; */
299#define	PGT_MLME_AUTO_LEVEL_AUTO		0
300#define	PGT_MLME_AUTO_LEVEL_INTERMEDIATE	1
301#define	PGT_MLME_AUTO_LEVEL_EXTENDED		2
302	/* struct pgt_obj_buffer;*/
303	PGT_OID_PSM_BUFFER =				0x19000004,
304	/* struct pgt_obj_buffer;*/
305#define	PGT_PSM_BUFFER_FRAME_COUNT		64
306	PGT_OID_MAX_FRAME_BURST =			0x1b000008,
307	/* uint32_t max_usec_grouped; */
308	PGT_OID_BSS_FIND =				0x1c000042,
309	/* struct pgt_obj_bss; */
310	PGT_OID_BSS_LIST =				0x1c000043,
311	/* struct pgt_obj_bsslist; */
312	/* Initial settings. */
313	PGT_OID_MODE =					0xff020003,
314	/* uint32_t mode; */
315#define	PGT_MODE_PROMISCUOUS			0
316#define	PGT_MODE_CLIENT				1
317#define	PGT_MODE_AP				2
318#define	PGT_MODE_SNIFFER			3
319	PGT_OID_CONFIG =				0xff020008,
320	/* uint32_t flags; */
321#define	PGT_CONFIG_MANUAL_RUN			0x00000001
322#define	PGT_CONFIG_FRAME_TRAP			0x00000002
323#define	PGT_CONFIG_RX_ANNEX			0x00000004
324#define	PGT_CONFIG_TX_ANNEX			0x00000008
325#define	PGT_CONFIG_WDS				0x00000010
326	PGT_OID_PHY =					0xff02000d,
327#define	PGT_OID_PHY_2400MHZ			0x00000001
328#define	PGT_OID_PHY_5000MHZ			0x00000002
329#define	PGT_OID_PHY_FAA				0x80000000
330};
331
332/*
333 * Structures used to communicate via the OIDs.
334 */
335struct pgt_obj_ssid {
336	uint8_t			pos_length;
337	char			pos_ssid[33];
338} __packed;
339
340struct pgt_obj_key {
341	uint8_t			pok_type;
342#define	PGT_OBJ_KEY_TYPE_WEP	0
343#define	PGT_OBJ_KEY_TYPE_TKIP	1
344	uint8_t			pok_length;
345	uint8_t			pok_key[32];
346} __packed;
347
348/*
349 * Each mlme received includes the current 802.11 state.
350 */
351#define	PGT_MLME_STATE_NONE	0
352#define	PGT_MLME_STATE_AUTHING	1
353#define	PGT_MLME_STATE_AUTH	2
354#define	PGT_MLME_STATE_ASSOCING	3
355
356#define	PGT_MLME_STATE_ASSOC	5
357#define	PGT_MLME_STATE_IBSS	6
358#define	PGT_MLME_STATE_WDS	7
359
360struct pgt_obj_mlme {
361	uint8_t			pom_address[6];
362	uint16_t		pom_id;		/* 802.11 association number */
363	uint16_t		pom_state;
364	uint16_t		pom_code;	/* 802.11 reason code */
365} __packed;
366
367struct pgt_obj_mlmeex {
368	uint8_t			pom_address[6];
369	uint16_t		pom_id;
370	uint16_t		pom_state;
371	uint16_t		pom_code;
372	uint16_t		pom_size;
373	uint8_t			pom_data[0];
374} __packed;
375
376struct pgt_obj_buffer {
377	uint32_t		pob_size;
378	uint32_t		pob_addr;
379} __packed;
380
381struct pgt_obj_bss {
382	uint8_t			pob_address[6];
383	uint16_t		pob_padding0;
384	uint8_t			pob_state;
385	uint8_t			pob_reserved;
386	uint16_t		pob_age;
387	uint8_t			pob_quality;
388	uint8_t			pob_rssi;
389	struct pgt_obj_ssid	pob_ssid;
390	uint16_t		pob_channel;
391	uint8_t			pob_beacon_period;
392	uint8_t			pob_dtim_period;
393	uint16_t		pob_capinfo;
394	uint16_t		pob_rates;
395	uint16_t		pob_basic_rates;
396	uint16_t		pob_padding1;
397} __packed;
398
399struct pgt_obj_bsslist {
400	uint32_t		pob_count;
401	struct pgt_obj_bss	pob_bsslist[0];
402#define	PGT_OBJ_BSSLIST_NBSS	24
403} __packed;
404
405struct pgt_obj_frequencies {
406	uint16_t		pof_count;
407	uint16_t		pof_freqlist_mhz[0];
408} __packed;
409
410#endif
411