From owner-svn-src-head@freebsd.org  Tue Oct 27 00:57:08 2015
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3043F878F;
 Tue, 27 Oct 2015 00:57:08 +0000 (UTC)
 (envelope-from adrian@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E2DBC1FE0;
 Tue, 27 Oct 2015 00:57:07 +0000 (UTC)
 (envelope-from adrian@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t9R0v66L084253;
 Tue, 27 Oct 2015 00:57:06 GMT (envelope-from adrian@FreeBSD.org)
Received: (from adrian@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t9R0v6Xr084252;
 Tue, 27 Oct 2015 00:57:06 GMT (envelope-from adrian@FreeBSD.org)
Message-Id: <201510270057.t9R0v6Xr084252@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: adrian set sender to
 adrian@FreeBSD.org using -f
From: Adrian Chadd <adrian@FreeBSD.org>
Date: Tue, 27 Oct 2015 00:57:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r290029 - head/sys/dev/otus
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 00:57:08 -0000

Author: adrian
Date: Tue Oct 27 00:57:06 2015
New Revision: 290029
URL: https://svnweb.freebsd.org/changeset/base/290029

Log:
  otus(4) - monitor mode fixes, large-mbuf crash fix
  
  * refactor out the rx filter and operating mode code into a separate
    method.
  * add some comments about what's left with setting the operating mode
    based on what carl9170 does.
  * comment out some init from otus_init_mac() - it's no longer needed as
    it's always init'ed now.
  * add debugging and a missing return around a failure to call m_get2() -
    during monitor mode operation I found RXing of frames > 2k, which
    fails allocation.  I'm sure they're valid (it's configuring 11n RX and
    receiving 11n frames even though the driver doesn't "do" 11n)
    and may be A-MSDU; but allocations fail and we should handle that
    gracefully.
  
  Tested:
  
  * UB82 reference NIC (AR9170 + AR9104 2x2 dual band NIC); STA and
    monitor mode operation.

Modified:
  head/sys/dev/otus/if_otus.c

Modified: head/sys/dev/otus/if_otus.c
==============================================================================
--- head/sys/dev/otus/if_otus.c	Tue Oct 27 00:42:15 2015	(r290028)
+++ head/sys/dev/otus/if_otus.c	Tue Oct 27 00:57:06 2015	(r290029)
@@ -1645,8 +1645,8 @@ otus_sub_rxeof(struct otus_softc *sc, ui
 	}
 	tail = (struct ar_rx_tail *)(plcp + len - sizeof (*tail));
 
-	/* Discard error frames. */
-	if (__predict_false(tail->error != 0)) {
+	/* Discard error frames; don't discard BAD_RA (eg monitor mode); let net80211 do that */
+	if (__predict_false((tail->error & ~AR_RX_ERROR_BAD_RA) != 0)) {
 		OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "error frame 0x%02x\n", tail->error);
 		if (tail->error & AR_RX_ERROR_FCS) {
 			OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "bad FCS\n");
@@ -1671,10 +1671,14 @@ otus_sub_rxeof(struct otus_softc *sc, ui
 
 	wh = (struct ieee80211_frame *)(plcp + AR_PLCP_HDR_LEN);
 
+	/*
+	 * TODO: I see > 2KiB buffers in this path; is it A-MSDU or something?
+	 */
 	m = m_get2(mlen, M_NOWAIT, MT_DATA, M_PKTHDR);
 	if (m == NULL) {
-		device_printf(sc->sc_dev, "%s: failed m_get2()\n", __func__);
+		device_printf(sc->sc_dev, "%s: failed m_get2() (mlen=%d)\n", __func__, mlen);
 		counter_u64_add(ic->ic_ierrors, 1);
+		return;
 	}
 
 	/* Finalize mbuf. */
@@ -2469,8 +2473,8 @@ otus_init_mac(struct otus_softc *sc)
 	otus_write(sc, AR_MAC_REG_BACKOFF_PROTECT, 0x105);
 	otus_write(sc, AR_MAC_REG_AMPDU_FACTOR, 0x10000a);
 	/* Filter any control frames, BAR is bit 24. */
-	otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0x0500ffff);
-	otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
+//	otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0x0500ffff);
+//	otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
 	otus_write(sc, AR_MAC_REG_BASIC_RATE, 0x150f);
 	otus_write(sc, AR_MAC_REG_MANDATORY_RATE, 0x150f);
 	otus_write(sc, AR_MAC_REG_RTS_CTS_RATE, 0x10b01bb);
@@ -3070,6 +3074,57 @@ otus_led_newstate_type3(struct otus_soft
 #endif
 }
 
+/*
+ * TODO:
+ *
+ * + If in monitor mode, set BSSID to all zeros, else the node BSSID.
+ * + Handle STA + monitor (eg tcpdump/promisc/radiotap) as well as
+ *   pure monitor mode.
+ */
+static int
+otus_set_operating_mode(struct otus_softc *sc)
+{
+	struct ieee80211com *ic = &sc->sc_ic;
+	uint32_t rx_ctrl;
+	uint32_t frm_filt;
+	uint32_t cam_mode;
+	uint32_t rx_sniffer;
+
+	OTUS_LOCK_ASSERT(sc);
+
+	/* XXX TODO: too many magic constants */
+	rx_ctrl = 0x1;
+	/* Filter any control frames, BAR is bit 24. */
+	frm_filt = 0x0500ffff;
+	cam_mode = 0x0f000002;	/* XXX STA */
+	rx_sniffer = 0x20000000;
+
+	switch (ic->ic_opmode) {
+	case IEEE80211_M_STA:
+		cam_mode = 0x0f000002;	/* XXX STA */
+		rx_ctrl = 0x1;
+		frm_filt = 0x0500ffff;
+		rx_sniffer = 0x20000000;
+		break;
+	case IEEE80211_M_MONITOR:
+		cam_mode = 0x0f000002;	/* XXX STA */
+		rx_ctrl = 0x1;
+		frm_filt = 0xffffffff;
+		rx_sniffer = 0x20000001;
+		break;
+	default:
+		break;
+	}
+
+	otus_write(sc, AR_MAC_REG_SNIFFER, rx_sniffer);
+	otus_write(sc, AR_MAC_REG_CAM_MODE, cam_mode);
+	otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, frm_filt);
+	otus_write(sc, AR_MAC_REG_RX_CONTROL, cam_mode);
+
+	(void) otus_write_barrier(sc);
+	return (0);
+}
+
 int
 otus_init(struct otus_softc *sc)
 {
@@ -3092,48 +3147,7 @@ otus_init(struct otus_softc *sc)
 	}
 
 	(void) otus_set_macaddr(sc, ic->ic_macaddr);
-
-#if 0
-	switch (ic->ic_opmode) {
-#ifdef notyet
-#ifndef IEEE80211_STA_ONLY
-	case IEEE80211_M_HOSTAP:
-		otus_write(sc, AR_MAC_REG_CAM_MODE, 0x0f0000a1);
-		otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
-		break;
-	case IEEE80211_M_IBSS:
-		otus_write(sc, AR_MAC_REG_CAM_MODE, 0x0f000000);
-		otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
-		break;
-#endif
-#endif
-	case IEEE80211_M_STA:
-		otus_write(sc, AR_MAC_REG_CAM_MODE, 0x0f000002);
-		otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
-		break;
-	default:
-		break;
-	}
-#endif
-
-	switch (ic->ic_opmode) {
-	case IEEE80211_M_STA:
-		otus_write(sc, AR_MAC_REG_CAM_MODE, 0x0f000002);
-		otus_write(sc, AR_MAC_REG_RX_CONTROL, 0x1);
-		/* XXX set frametype filter? */
-		break;
-	case IEEE80211_M_MONITOR:
-		otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0xffffffff);
-		break;
-	default:
-		break;
-	}
-
-	/* XXX ic_opmode? */
-	otus_write(sc, AR_MAC_REG_SNIFFER,
-	    (ic->ic_opmode == IEEE80211_M_MONITOR) ? 0x2000001 : 0x2000000);
-
-	(void)otus_write_barrier(sc);
+	(void) otus_set_operating_mode(sc);
 
 	sc->bb_reset = 1;	/* Force cold reset. */