+ if (locked)
+ continue;
+
+ if (test_bit(JOB_DIE, &ai->jobs)) {
+ up(&ai->sem);
+ break;
+ }
+
+ if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
+ up(&ai->sem);
+ continue;
+ }
+
+ if (test_bit(JOB_XMIT, &ai->jobs))
+ airo_end_xmit(dev);
+ else if (test_bit(JOB_XMIT11, &ai->jobs))
+ airo_end_xmit11(dev);
+ else if (test_bit(JOB_STATS, &ai->jobs))
+ airo_read_stats(dev);
+ else if (test_bit(JOB_WSTATS, &ai->jobs))
+ airo_read_wireless_stats(ai);
+ else if (test_bit(JOB_PROMISC, &ai->jobs))
+ airo_set_promisc(ai);
+ else if (test_bit(JOB_MIC, &ai->jobs))
+ micinit(ai);
+ else if (test_bit(JOB_EVENT, &ai->jobs))
+ airo_send_event(dev);
+ else if (test_bit(JOB_AUTOWEP, &ai->jobs))
+ timer_func(dev);
+ else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
+ airo_process_scan_results(ai);
+ else /* Shouldn't get here, but we make sure to unlock */
+ up(&ai->sem);
+ }
+
+ return 0;
+}
+
+static int header_len(__le16 ctl)
+{
+ u16 fc = le16_to_cpu(ctl);
+ switch (fc & 0xc) {
+ case 4:
+ if ((fc & 0xe0) == 0xc0)
+ return 10; /* one-address control packet */
+ return 16; /* two-address control packet */
+ case 8:
+ if ((fc & 0x300) == 0x300)
+ return 30; /* WDS packet */
+ }
+ return 24;
+}
+
+static void airo_handle_cisco_mic(struct airo_info *ai)
+{
+ if (test_bit(FLAG_MIC_CAPABLE, &ai->flags)) {
+ set_bit(JOB_MIC, &ai->jobs);
+ wake_up_interruptible(&ai->thr_wait);
+ }
+}
+
+/* Airo Status codes */
+#define STAT_NOBEACON 0x8000 /* Loss of sync - missed beacons */
+#define STAT_MAXRETRIES 0x8001 /* Loss of sync - max retries */
+#define STAT_MAXARL 0x8002 /* Loss of sync - average retry level exceeded*/
+#define STAT_FORCELOSS 0x8003 /* Loss of sync - host request */
+#define STAT_TSFSYNC 0x8004 /* Loss of sync - TSF synchronization */
+#define STAT_DEAUTH 0x8100 /* low byte is 802.11 reason code */
+#define STAT_DISASSOC 0x8200 /* low byte is 802.11 reason code */
+#define STAT_ASSOC_FAIL 0x8400 /* low byte is 802.11 reason code */
+#define STAT_AUTH_FAIL 0x0300 /* low byte is 802.11 reason code */
+#define STAT_ASSOC 0x0400 /* Associated */
+#define STAT_REASSOC 0x0600 /* Reassociated? Only on firmware >= 5.30.17 */
+
+static void airo_print_status(const char *devname, u16 status)
+{
+ u8 reason = status & 0xFF;
+
+ switch (status) {
+ case STAT_NOBEACON:
+ airo_print_dbg(devname, "link lost (missed beacons)");
+ break;
+ case STAT_MAXRETRIES:
+ case STAT_MAXARL:
+ airo_print_dbg(devname, "link lost (max retries)");
+ break;
+ case STAT_FORCELOSS:
+ airo_print_dbg(devname, "link lost (local choice)");
+ break;
+ case STAT_TSFSYNC:
+ airo_print_dbg(devname, "link lost (TSF sync lost)");
+ break;
+ case STAT_DEAUTH:
+ airo_print_dbg(devname, "deauthenticated (reason: %d)", reason);
+ break;
+ case STAT_DISASSOC:
+ airo_print_dbg(devname, "disassociated (reason: %d)", reason);
+ break;
+ case STAT_ASSOC_FAIL:
+ airo_print_dbg(devname, "association failed (reason: %d)",
+ reason);
+ break;
+ case STAT_AUTH_FAIL:
+ airo_print_dbg(devname, "authentication failed (reason: %d)",
+ reason);
+ break;
+ default:
+ break;
+ }
+}
+
+static void airo_handle_link(struct airo_info *ai)
+{
+ union iwreq_data wrqu;
+ int scan_forceloss = 0;
+ u16 status;
+
+ /* Get new status and acknowledge the link change */
+ status = le16_to_cpu(IN4500(ai, LINKSTAT));
+ OUT4500(ai, EVACK, EV_LINK);
+
+ if ((status == STAT_FORCELOSS) && (ai->scan_timeout > 0))
+ scan_forceloss = 1;
+
+ airo_print_status(ai->dev->name, status);
+
+ if ((status == STAT_ASSOC) || (status == STAT_REASSOC)) {
+ if (auto_wep)
+ ai->expires = 0;
+ if (ai->list_bss_task)
+ wake_up_process(ai->list_bss_task);
+ set_bit(FLAG_UPDATE_UNI, &ai->flags);
+ set_bit(FLAG_UPDATE_MULTI, &ai->flags);
+
+ if (down_trylock(&ai->sem) != 0) {
+ set_bit(JOB_EVENT, &ai->jobs);
+ wake_up_interruptible(&ai->thr_wait);
+ } else
+ airo_send_event(ai->dev);
+ } else if (!scan_forceloss) {
+ if (auto_wep && !ai->expires) {
+ ai->expires = RUN_AT(3*HZ);
+ wake_up_interruptible(&ai->thr_wait);
+ }
+
+ /* Send event to user space */
+ memset(wrqu.ap_addr.sa_data, '\0', ETH_ALEN);
+ wrqu.ap_addr.sa_family = ARPHRD_ETHER;
+ wireless_send_event(ai->dev, SIOCGIWAP, &wrqu, NULL);
+ }
+}
+
+static void airo_handle_rx(struct airo_info *ai)
+{
+ struct sk_buff *skb = NULL;
+ __le16 fc, v, *buffer, tmpbuf[4];
+ u16 len, hdrlen = 0, gap, fid;
+ struct rx_hdr hdr;
+ int success = 0;
+
+ if (test_bit(FLAG_MPI, &ai->flags)) {
+ if (test_bit(FLAG_802_11, &ai->flags))
+ mpi_receive_802_11(ai);
+ else
+ mpi_receive_802_3(ai);
+ OUT4500(ai, EVACK, EV_RX);
+ return;
+ }
+
+ fid = IN4500(ai, RXFID);
+
+ /* Get the packet length */
+ if (test_bit(FLAG_802_11, &ai->flags)) {
+ bap_setup (ai, fid, 4, BAP0);
+ bap_read (ai, (__le16*)&hdr, sizeof(hdr), BAP0);
+ /* Bad CRC. Ignore packet */
+ if (le16_to_cpu(hdr.status) & 2)
+ hdr.len = 0;
+ if (ai->wifidev == NULL)
+ hdr.len = 0;
+ } else {
+ bap_setup(ai, fid, 0x36, BAP0);
+ bap_read(ai, &hdr.len, 2, BAP0);
+ }
+ len = le16_to_cpu(hdr.len);
+
+ if (len > AIRO_DEF_MTU) {
+ airo_print_err(ai->dev->name, "Bad size %d", len);
+ goto done;
+ }
+ if (len == 0)
+ goto done;
+
+ if (test_bit(FLAG_802_11, &ai->flags)) {
+ bap_read(ai, &fc, sizeof (fc), BAP0);
+ hdrlen = header_len(fc);
+ } else
+ hdrlen = ETH_ALEN * 2;
+
+ skb = dev_alloc_skb(len + hdrlen + 2 + 2);
+ if (!skb) {
+ ai->dev->stats.rx_dropped++;
+ goto done;
+ }
+
+ skb_reserve(skb, 2); /* This way the IP header is aligned */
+ buffer = (__le16 *) skb_put(skb, len + hdrlen);
+ if (test_bit(FLAG_802_11, &ai->flags)) {
+ buffer[0] = fc;
+ bap_read(ai, buffer + 1, hdrlen - 2, BAP0);
+ if (hdrlen == 24)
+ bap_read(ai, tmpbuf, 6, BAP0);
+
+ bap_read(ai, &v, sizeof(v), BAP0);
+ gap = le16_to_cpu(v);
+ if (gap) {
+ if (gap <= 8) {
+ bap_read(ai, tmpbuf, gap, BAP0);
+ } else {
+ airo_print_err(ai->dev->name, "gaplen too "
+ "big. Problems will follow...");
+ }
+ }
+ bap_read(ai, buffer + hdrlen/2, len, BAP0);
+ } else {
+ MICBuffer micbuf;
+
+ bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
+ if (ai->micstats.enabled) {
+ bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
+ if (ntohs(micbuf.typelen) > 0x05DC)
+ bap_setup(ai, fid, 0x44, BAP0);
+ else {
+ if (len <= sizeof (micbuf)) {
+ dev_kfree_skb_irq(skb);
+ goto done;
+ }
+
+ len -= sizeof(micbuf);
+ skb_trim(skb, len + hdrlen);
+ }
+ }
+
+ bap_read(ai, buffer + ETH_ALEN, len, BAP0);
+ if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
+ dev_kfree_skb_irq (skb);
+ else
+ success = 1;
+ }
+
+#ifdef WIRELESS_SPY
+ if (success && (ai->spy_data.spy_number > 0)) {
+ char *sa;
+ struct iw_quality wstats;
+
+ /* Prepare spy data : addr + qual */
+ if (!test_bit(FLAG_802_11, &ai->flags)) {
+ sa = (char *) buffer + 6;
+ bap_setup(ai, fid, 8, BAP0);
+ bap_read(ai, (__le16 *) hdr.rssi, 2, BAP0);
+ } else
+ sa = (char *) buffer + 10;
+ wstats.qual = hdr.rssi[0];
+ if (ai->rssi)
+ wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
+ else
+ wstats.level = (hdr.rssi[1] + 321) / 2;
+ wstats.noise = ai->wstats.qual.noise;
+ wstats.updated = IW_QUAL_LEVEL_UPDATED
+ | IW_QUAL_QUAL_UPDATED
+ | IW_QUAL_DBM;
+ /* Update spy records */
+ wireless_spy_update(ai->dev, sa, &wstats);
+ }
+#endif /* WIRELESS_SPY */
+
+done:
+ OUT4500(ai, EVACK, EV_RX);
+
+ if (success) {
+ if (test_bit(FLAG_802_11, &ai->flags)) {
+ skb_reset_mac_header(skb);
+ skb->pkt_type = PACKET_OTHERHOST;
+ skb->dev = ai->wifidev;
+ skb->protocol = htons(ETH_P_802_2);
+ } else
+ skb->protocol = eth_type_trans(skb, ai->dev);
+ skb->ip_summed = CHECKSUM_NONE;
+
+ netif_rx(skb);
+ }
+}
+
+static void airo_handle_tx(struct airo_info *ai, u16 status)
+{
+ int i, len = 0, index = -1;
+ u16 fid;
+
+ if (test_bit(FLAG_MPI, &ai->flags)) {
+ unsigned long flags;
+
+ if (status & EV_TXEXC)
+ get_tx_error(ai, -1);
+
+ spin_lock_irqsave(&ai->aux_lock, flags);
+ if (!skb_queue_empty(&ai->txq)) {
+ spin_unlock_irqrestore(&ai->aux_lock,flags);
+ mpi_send_packet(ai->dev);
+ } else {
+ clear_bit(FLAG_PENDING_XMIT, &ai->flags);
+ spin_unlock_irqrestore(&ai->aux_lock,flags);
+ netif_wake_queue(ai->dev);
+ }
+ OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
+ return;
+ }
+
+ fid = IN4500(ai, TXCOMPLFID);