1 /******************************************************************************
2  *
3  * This file is provided under a dual BSD/GPLv2 license.  When using or
4  * redistributing this file, you may do so under either license.
5  *
6  * GPL LICENSE SUMMARY
7  *
8  * Copyright(c) 2005 - 2011 Intel Corporation. All rights reserved.
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of version 2 of the GNU General Public License as
12  * published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
22  * USA
23  *
24  * The full GNU General Public License is included in this distribution
25  * in the file called LICENSE.GPL.
26  *
27  * Contact Information:
28  *  Intel Linux Wireless <ilw@linux.intel.com>
29  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
30  *
31  * BSD LICENSE
32  *
33  * Copyright(c) 2005 - 2011 Intel Corporation. All rights reserved.
34  * All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  *
40  *  * Redistributions of source code must retain the above copyright
41  *    notice, this list of conditions and the following disclaimer.
42  *  * Redistributions in binary form must reproduce the above copyright
43  *    notice, this list of conditions and the following disclaimer in
44  *    the documentation and/or other materials provided with the
45  *    distribution.
46  *  * Neither the name Intel Corporation nor the names of its
47  *    contributors may be used to endorse or promote products derived
48  *    from this software without specific prior written permission.
49  *
50  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
51  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
52  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
53  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
54  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
56  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
57  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
58  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
59  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
60  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
61  *
62  *****************************************************************************/
63 
64 #ifndef __il_commands_h__
65 #define __il_commands_h__
66 
67 #include <linux/ieee80211.h>
68 
69 struct il_priv;
70 
71 /* uCode version contains 4 values: Major/Minor/API/Serial */
72 #define IL_UCODE_MAJOR(ver)	(((ver) & 0xFF000000) >> 24)
73 #define IL_UCODE_MINOR(ver)	(((ver) & 0x00FF0000) >> 16)
74 #define IL_UCODE_API(ver)	(((ver) & 0x0000FF00) >> 8)
75 #define IL_UCODE_SERIAL(ver)	((ver) & 0x000000FF)
76 
77 /* Tx rates */
78 #define IL_CCK_RATES	4
79 #define IL_OFDM_RATES	8
80 #define IL_MAX_RATES	(IL_CCK_RATES + IL_OFDM_RATES)
81 
82 enum {
83 	N_ALIVE = 0x1,
84 	N_ERROR = 0x2,
85 
86 	/* RXON and QOS commands */
87 	C_RXON = 0x10,
88 	C_RXON_ASSOC = 0x11,
89 	C_QOS_PARAM = 0x13,
90 	C_RXON_TIMING = 0x14,
91 
92 	/* Multi-Station support */
93 	C_ADD_STA = 0x18,
94 	C_REM_STA = 0x19,
95 
96 	/* Security */
97 	C_WEPKEY = 0x20,
98 
99 	/* RX, TX, LEDs */
100 	N_3945_RX = 0x1b,	/* 3945 only */
101 	C_TX = 0x1c,
102 	C_RATE_SCALE = 0x47,	/* 3945 only */
103 	C_LEDS = 0x48,
104 	C_TX_LINK_QUALITY_CMD = 0x4e,	/* for 4965 */
105 
106 	/* 802.11h related */
107 	C_CHANNEL_SWITCH = 0x72,
108 	N_CHANNEL_SWITCH = 0x73,
109 	C_SPECTRUM_MEASUREMENT = 0x74,
110 	N_SPECTRUM_MEASUREMENT = 0x75,
111 
112 	/* Power Management */
113 	C_POWER_TBL = 0x77,
114 	N_PM_SLEEP = 0x7A,
115 	N_PM_DEBUG_STATS = 0x7B,
116 
117 	/* Scan commands and notifications */
118 	C_SCAN = 0x80,
119 	C_SCAN_ABORT = 0x81,
120 	N_SCAN_START = 0x82,
121 	N_SCAN_RESULTS = 0x83,
122 	N_SCAN_COMPLETE = 0x84,
123 
124 	/* IBSS/AP commands */
125 	N_BEACON = 0x90,
126 	C_TX_BEACON = 0x91,
127 
128 	/* Miscellaneous commands */
129 	C_TX_PWR_TBL = 0x97,
130 
131 	/* Bluetooth device coexistence config command */
132 	C_BT_CONFIG = 0x9b,
133 
134 	/* Statistics */
135 	C_STATS = 0x9c,
136 	N_STATS = 0x9d,
137 
138 	/* RF-KILL commands and notifications */
139 	N_CARD_STATE = 0xa1,
140 
141 	/* Missed beacons notification */
142 	N_MISSED_BEACONS = 0xa2,
143 
144 	C_CT_KILL_CONFIG = 0xa4,
145 	C_SENSITIVITY = 0xa8,
146 	C_PHY_CALIBRATION = 0xb0,
147 	N_RX_PHY = 0xc0,
148 	N_RX_MPDU = 0xc1,
149 	N_RX = 0xc3,
150 	N_COMPRESSED_BA = 0xc5,
151 
152 	IL_CN_MAX = 0xff
153 };
154 
155 /******************************************************************************
156  * (0)
157  * Commonly used structures and definitions:
158  * Command header, rate_n_flags, txpower
159  *
160  *****************************************************************************/
161 
162 /* il_cmd_header flags value */
163 #define IL_CMD_FAILED_MSK 0x40
164 
165 #define SEQ_TO_QUEUE(s)	(((s) >> 8) & 0x1f)
166 #define QUEUE_TO_SEQ(q)	(((q) & 0x1f) << 8)
167 #define SEQ_TO_IDX(s)	((s) & 0xff)
168 #define IDX_TO_SEQ(i)	((i) & 0xff)
169 #define SEQ_HUGE_FRAME	cpu_to_le16(0x4000)
170 #define SEQ_RX_FRAME	cpu_to_le16(0x8000)
171 
172 /**
173  * struct il_cmd_header
174  *
175  * This header format appears in the beginning of each command sent from the
176  * driver, and each response/notification received from uCode.
177  */
178 struct il_cmd_header {
179 	u8 cmd;			/* Command ID:  C_RXON, etc. */
180 	u8 flags;		/* 0:5 reserved, 6 abort, 7 internal */
181 	/*
182 	 * The driver sets up the sequence number to values of its choosing.
183 	 * uCode does not use this value, but passes it back to the driver
184 	 * when sending the response to each driver-originated command, so
185 	 * the driver can match the response to the command.  Since the values
186 	 * don't get used by uCode, the driver may set up an arbitrary format.
187 	 *
188 	 * There is one exception:  uCode sets bit 15 when it originates
189 	 * the response/notification, i.e. when the response/notification
190 	 * is not a direct response to a command sent by the driver.  For
191 	 * example, uCode issues N_3945_RX when it sends a received frame
192 	 * to the driver; it is not a direct response to any driver command.
193 	 *
194 	 * The Linux driver uses the following format:
195 	 *
196 	 *  0:7         tfd idx - position within TX queue
197 	 *  8:12        TX queue id
198 	 *  13          reserved
199 	 *  14          huge - driver sets this to indicate command is in the
200 	 *              'huge' storage at the end of the command buffers
201 	 *  15          unsolicited RX or uCode-originated notification
202 	 */
203 	__le16 sequence;
204 
205 	/* command or response/notification data follows immediately */
206 	u8 data[];
207 } __packed;
208 
209 /**
210  * struct il3945_tx_power
211  *
212  * Used in C_TX_PWR_TBL, C_SCAN, C_CHANNEL_SWITCH
213  *
214  * Each entry contains two values:
215  * 1)  DSP gain (or sometimes called DSP attenuation).  This is a fine-grained
216  *     linear value that multiplies the output of the digital signal processor,
217  *     before being sent to the analog radio.
218  * 2)  Radio gain.  This sets the analog gain of the radio Tx path.
219  *     It is a coarser setting, and behaves in a logarithmic (dB) fashion.
220  *
221  * Driver obtains values from struct il3945_tx_power power_gain_table[][].
222  */
223 struct il3945_tx_power {
224 	u8 tx_gain;		/* gain for analog radio */
225 	u8 dsp_atten;		/* gain for DSP */
226 } __packed;
227 
228 /**
229  * struct il3945_power_per_rate
230  *
231  * Used in C_TX_PWR_TBL, C_CHANNEL_SWITCH
232  */
233 struct il3945_power_per_rate {
234 	u8 rate;		/* plcp */
235 	struct il3945_tx_power tpc;
236 	u8 reserved;
237 } __packed;
238 
239 /**
240  * iwl4965 rate_n_flags bit fields
241  *
242  * rate_n_flags format is used in following iwl4965 commands:
243  *  N_RX (response only)
244  *  N_RX_MPDU (response only)
245  *  C_TX (both command and response)
246  *  C_TX_LINK_QUALITY_CMD
247  *
248  * High-throughput (HT) rate format for bits 7:0 (bit 8 must be "1"):
249  *  2-0:  0)   6 Mbps
250  *        1)  12 Mbps
251  *        2)  18 Mbps
252  *        3)  24 Mbps
253  *        4)  36 Mbps
254  *        5)  48 Mbps
255  *        6)  54 Mbps
256  *        7)  60 Mbps
257  *
258  *  4-3:  0)  Single stream (SISO)
259  *        1)  Dual stream (MIMO)
260  *        2)  Triple stream (MIMO)
261  *
262  *    5:  Value of 0x20 in bits 7:0 indicates 6 Mbps HT40 duplicate data
263  *
264  * Legacy OFDM rate format for bits 7:0 (bit 8 must be "0", bit 9 "0"):
265  *  3-0:  0xD)   6 Mbps
266  *        0xF)   9 Mbps
267  *        0x5)  12 Mbps
268  *        0x7)  18 Mbps
269  *        0x9)  24 Mbps
270  *        0xB)  36 Mbps
271  *        0x1)  48 Mbps
272  *        0x3)  54 Mbps
273  *
274  * Legacy CCK rate format for bits 7:0 (bit 8 must be "0", bit 9 "1"):
275  *  6-0:   10)  1 Mbps
276  *         20)  2 Mbps
277  *         55)  5.5 Mbps
278  *        110)  11 Mbps
279  */
280 #define RATE_MCS_CODE_MSK 0x7
281 #define RATE_MCS_SPATIAL_POS 3
282 #define RATE_MCS_SPATIAL_MSK 0x18
283 #define RATE_MCS_HT_DUP_POS 5
284 #define RATE_MCS_HT_DUP_MSK 0x20
285 
286 /* Bit 8: (1) HT format, (0) legacy format in bits 7:0 */
287 #define RATE_MCS_FLAGS_POS 8
288 #define RATE_MCS_HT_POS 8
289 #define RATE_MCS_HT_MSK 0x100
290 
291 /* Bit 9: (1) CCK, (0) OFDM.  HT (bit 8) must be "0" for this bit to be valid */
292 #define RATE_MCS_CCK_POS 9
293 #define RATE_MCS_CCK_MSK 0x200
294 
295 /* Bit 10: (1) Use Green Field preamble */
296 #define RATE_MCS_GF_POS 10
297 #define RATE_MCS_GF_MSK 0x400
298 
299 /* Bit 11: (1) Use 40Mhz HT40 chnl width, (0) use 20 MHz legacy chnl width */
300 #define RATE_MCS_HT40_POS 11
301 #define RATE_MCS_HT40_MSK 0x800
302 
303 /* Bit 12: (1) Duplicate data on both 20MHz chnls. HT40 (bit 11) must be set. */
304 #define RATE_MCS_DUP_POS 12
305 #define RATE_MCS_DUP_MSK 0x1000
306 
307 /* Bit 13: (1) Short guard interval (0.4 usec), (0) normal GI (0.8 usec) */
308 #define RATE_MCS_SGI_POS 13
309 #define RATE_MCS_SGI_MSK 0x2000
310 
311 /**
312  * rate_n_flags Tx antenna masks
313  * 4965 has 2 transmitters
314  * bit14:16
315  */
316 #define RATE_MCS_ANT_POS	14
317 #define RATE_MCS_ANT_A_MSK	0x04000
318 #define RATE_MCS_ANT_B_MSK	0x08000
319 #define RATE_MCS_ANT_C_MSK	0x10000
320 #define RATE_MCS_ANT_AB_MSK	(RATE_MCS_ANT_A_MSK | RATE_MCS_ANT_B_MSK)
321 #define RATE_MCS_ANT_ABC_MSK	(RATE_MCS_ANT_AB_MSK | RATE_MCS_ANT_C_MSK)
322 #define RATE_ANT_NUM 3
323 
324 #define POWER_TBL_NUM_ENTRIES			33
325 #define POWER_TBL_NUM_HT_OFDM_ENTRIES		32
326 #define POWER_TBL_CCK_ENTRY			32
327 
328 #define IL_PWR_NUM_HT_OFDM_ENTRIES		24
329 #define IL_PWR_CCK_ENTRIES			2
330 
331 /**
332  * union il4965_tx_power_dual_stream
333  *
334  * Host format used for C_TX_PWR_TBL, C_CHANNEL_SWITCH
335  * Use __le32 version (struct tx_power_dual_stream) when building command.
336  *
337  * Driver provides radio gain and DSP attenuation settings to device in pairs,
338  * one value for each transmitter chain.  The first value is for transmitter A,
339  * second for transmitter B.
340  *
341  * For SISO bit rates, both values in a pair should be identical.
342  * For MIMO rates, one value may be different from the other,
343  * in order to balance the Tx output between the two transmitters.
344  *
345  * See more details in doc for TXPOWER in 4965.h.
346  */
347 union il4965_tx_power_dual_stream {
348 	struct {
349 		u8 radio_tx_gain[2];
350 		u8 dsp_predis_atten[2];
351 	} s;
352 	u32 dw;
353 };
354 
355 /**
356  * struct tx_power_dual_stream
357  *
358  * Table entries in C_TX_PWR_TBL, C_CHANNEL_SWITCH
359  *
360  * Same format as il_tx_power_dual_stream, but __le32
361  */
362 struct tx_power_dual_stream {
363 	__le32 dw;
364 } __packed;
365 
366 /**
367  * struct il4965_tx_power_db
368  *
369  * Entire table within C_TX_PWR_TBL, C_CHANNEL_SWITCH
370  */
371 struct il4965_tx_power_db {
372 	struct tx_power_dual_stream power_tbl[POWER_TBL_NUM_ENTRIES];
373 } __packed;
374 
375 /******************************************************************************
376  * (0a)
377  * Alive and Error Commands & Responses:
378  *
379  *****************************************************************************/
380 
381 #define UCODE_VALID_OK	cpu_to_le32(0x1)
382 #define INITIALIZE_SUBTYPE    (9)
383 
384 /*
385  * ("Initialize") N_ALIVE = 0x1 (response only, not a command)
386  *
387  * uCode issues this "initialize alive" notification once the initialization
388  * uCode image has completed its work, and is ready to load the runtime image.
389  * This is the *first* "alive" notification that the driver will receive after
390  * rebooting uCode; the "initialize" alive is indicated by subtype field == 9.
391  *
392  * See comments documenting "BSM" (bootstrap state machine).
393  *
394  * For 4965, this notification contains important calibration data for
395  * calculating txpower settings:
396  *
397  * 1)  Power supply voltage indication.  The voltage sensor outputs higher
398  *     values for lower voltage, and vice verse.
399  *
400  * 2)  Temperature measurement parameters, for each of two channel widths
401  *     (20 MHz and 40 MHz) supported by the radios.  Temperature sensing
402  *     is done via one of the receiver chains, and channel width influences
403  *     the results.
404  *
405  * 3)  Tx gain compensation to balance 4965's 2 Tx chains for MIMO operation,
406  *     for each of 5 frequency ranges.
407  */
408 struct il_init_alive_resp {
409 	u8 ucode_minor;
410 	u8 ucode_major;
411 	__le16 reserved1;
412 	u8 sw_rev[8];
413 	u8 ver_type;
414 	u8 ver_subtype;		/* "9" for initialize alive */
415 	__le16 reserved2;
416 	__le32 log_event_table_ptr;
417 	__le32 error_event_table_ptr;
418 	__le32 timestamp;
419 	__le32 is_valid;
420 
421 	/* calibration values from "initialize" uCode */
422 	__le32 voltage;		/* signed, higher value is lower voltage */
423 	__le32 therm_r1[2];	/* signed, 1st for normal, 2nd for HT40 */
424 	__le32 therm_r2[2];	/* signed */
425 	__le32 therm_r3[2];	/* signed */
426 	__le32 therm_r4[2];	/* signed */
427 	__le32 tx_atten[5][2];	/* signed MIMO gain comp, 5 freq groups,
428 				 * 2 Tx chains */
429 } __packed;
430 
431 /**
432  * N_ALIVE = 0x1 (response only, not a command)
433  *
434  * uCode issues this "alive" notification once the runtime image is ready
435  * to receive commands from the driver.  This is the *second* "alive"
436  * notification that the driver will receive after rebooting uCode;
437  * this "alive" is indicated by subtype field != 9.
438  *
439  * See comments documenting "BSM" (bootstrap state machine).
440  *
441  * This response includes two pointers to structures within the device's
442  * data SRAM (access via HBUS_TARG_MEM_* regs) that are useful for debugging:
443  *
444  * 1)  log_event_table_ptr indicates base of the event log.  This traces
445  *     a 256-entry history of uCode execution within a circular buffer.
446  *     Its header format is:
447  *
448  *	__le32 log_size;     log capacity (in number of entries)
449  *	__le32 type;         (1) timestamp with each entry, (0) no timestamp
450  *	__le32 wraps;        # times uCode has wrapped to top of circular buffer
451  *      __le32 write_idx;  next circular buffer entry that uCode would fill
452  *
453  *     The header is followed by the circular buffer of log entries.  Entries
454  *     with timestamps have the following format:
455  *
456  *	__le32 event_id;     range 0 - 1500
457  *	__le32 timestamp;    low 32 bits of TSF (of network, if associated)
458  *	__le32 data;         event_id-specific data value
459  *
460  *     Entries without timestamps contain only event_id and data.
461  *
462  *
463  * 2)  error_event_table_ptr indicates base of the error log.  This contains
464  *     information about any uCode error that occurs.  For 4965, the format
465  *     of the error log is:
466  *
467  *	__le32 valid;        (nonzero) valid, (0) log is empty
468  *	__le32 error_id;     type of error
469  *	__le32 pc;           program counter
470  *	__le32 blink1;       branch link
471  *	__le32 blink2;       branch link
472  *	__le32 ilink1;       interrupt link
473  *	__le32 ilink2;       interrupt link
474  *	__le32 data1;        error-specific data
475  *	__le32 data2;        error-specific data
476  *	__le32 line;         source code line of error
477  *	__le32 bcon_time;    beacon timer
478  *	__le32 tsf_low;      network timestamp function timer
479  *	__le32 tsf_hi;       network timestamp function timer
480  *	__le32 gp1;          GP1 timer register
481  *	__le32 gp2;          GP2 timer register
482  *	__le32 gp3;          GP3 timer register
483  *	__le32 ucode_ver;    uCode version
484  *	__le32 hw_ver;       HW Silicon version
485  *	__le32 brd_ver;      HW board version
486  *	__le32 log_pc;       log program counter
487  *	__le32 frame_ptr;    frame pointer
488  *	__le32 stack_ptr;    stack pointer
489  *	__le32 hcmd;         last host command
490  *	__le32 isr0;         isr status register LMPM_NIC_ISR0: rxtx_flag
491  *	__le32 isr1;         isr status register LMPM_NIC_ISR1: host_flag
492  *	__le32 isr2;         isr status register LMPM_NIC_ISR2: enc_flag
493  *	__le32 isr3;         isr status register LMPM_NIC_ISR3: time_flag
494  *	__le32 isr4;         isr status register LMPM_NIC_ISR4: wico interrupt
495  *	__le32 isr_pref;     isr status register LMPM_NIC_PREF_STAT
496  *	__le32 wait_event;   wait event() caller address
497  *	__le32 l2p_control;  L2pControlField
498  *	__le32 l2p_duration; L2pDurationField
499  *	__le32 l2p_mhvalid;  L2pMhValidBits
500  *	__le32 l2p_addr_match; L2pAddrMatchStat
501  *	__le32 lmpm_pmg_sel; indicate which clocks are turned on (LMPM_PMG_SEL)
502  *	__le32 u_timestamp;  indicate when the date and time of the compilation
503  *	__le32 reserved;
504  *
505  * The Linux driver can print both logs to the system log when a uCode error
506  * occurs.
507  */
508 struct il_alive_resp {
509 	u8 ucode_minor;
510 	u8 ucode_major;
511 	__le16 reserved1;
512 	u8 sw_rev[8];
513 	u8 ver_type;
514 	u8 ver_subtype;		/* not "9" for runtime alive */
515 	__le16 reserved2;
516 	__le32 log_event_table_ptr;	/* SRAM address for event log */
517 	__le32 error_event_table_ptr;	/* SRAM address for error log */
518 	__le32 timestamp;
519 	__le32 is_valid;
520 } __packed;
521 
522 /*
523  * N_ERROR = 0x2 (response only, not a command)
524  */
525 struct il_error_resp {
526 	__le32 error_type;
527 	u8 cmd_id;
528 	u8 reserved1;
529 	__le16 bad_cmd_seq_num;
530 	__le32 error_info;
531 	__le64 timestamp;
532 } __packed;
533 
534 /******************************************************************************
535  * (1)
536  * RXON Commands & Responses:
537  *
538  *****************************************************************************/
539 
540 /*
541  * Rx config defines & structure
542  */
543 /* rx_config device types  */
544 enum {
545 	RXON_DEV_TYPE_AP = 1,
546 	RXON_DEV_TYPE_ESS = 3,
547 	RXON_DEV_TYPE_IBSS = 4,
548 	RXON_DEV_TYPE_SNIFFER = 6,
549 };
550 
551 #define RXON_RX_CHAIN_DRIVER_FORCE_MSK		cpu_to_le16(0x1 << 0)
552 #define RXON_RX_CHAIN_DRIVER_FORCE_POS		(0)
553 #define RXON_RX_CHAIN_VALID_MSK			cpu_to_le16(0x7 << 1)
554 #define RXON_RX_CHAIN_VALID_POS			(1)
555 #define RXON_RX_CHAIN_FORCE_SEL_MSK		cpu_to_le16(0x7 << 4)
556 #define RXON_RX_CHAIN_FORCE_SEL_POS		(4)
557 #define RXON_RX_CHAIN_FORCE_MIMO_SEL_MSK	cpu_to_le16(0x7 << 7)
558 #define RXON_RX_CHAIN_FORCE_MIMO_SEL_POS	(7)
559 #define RXON_RX_CHAIN_CNT_MSK			cpu_to_le16(0x3 << 10)
560 #define RXON_RX_CHAIN_CNT_POS			(10)
561 #define RXON_RX_CHAIN_MIMO_CNT_MSK		cpu_to_le16(0x3 << 12)
562 #define RXON_RX_CHAIN_MIMO_CNT_POS		(12)
563 #define RXON_RX_CHAIN_MIMO_FORCE_MSK		cpu_to_le16(0x1 << 14)
564 #define RXON_RX_CHAIN_MIMO_FORCE_POS		(14)
565 
566 /* rx_config flags */
567 /* band & modulation selection */
568 #define RXON_FLG_BAND_24G_MSK           cpu_to_le32(1 << 0)
569 #define RXON_FLG_CCK_MSK                cpu_to_le32(1 << 1)
570 /* auto detection enable */
571 #define RXON_FLG_AUTO_DETECT_MSK        cpu_to_le32(1 << 2)
572 /* TGg protection when tx */
573 #define RXON_FLG_TGG_PROTECT_MSK        cpu_to_le32(1 << 3)
574 /* cck short slot & preamble */
575 #define RXON_FLG_SHORT_SLOT_MSK          cpu_to_le32(1 << 4)
576 #define RXON_FLG_SHORT_PREAMBLE_MSK     cpu_to_le32(1 << 5)
577 /* antenna selection */
578 #define RXON_FLG_DIS_DIV_MSK            cpu_to_le32(1 << 7)
579 #define RXON_FLG_ANT_SEL_MSK            cpu_to_le32(0x0f00)
580 #define RXON_FLG_ANT_A_MSK              cpu_to_le32(1 << 8)
581 #define RXON_FLG_ANT_B_MSK              cpu_to_le32(1 << 9)
582 /* radar detection enable */
583 #define RXON_FLG_RADAR_DETECT_MSK       cpu_to_le32(1 << 12)
584 #define RXON_FLG_TGJ_NARROW_BAND_MSK    cpu_to_le32(1 << 13)
585 /* rx response to host with 8-byte TSF
586 * (according to ON_AIR deassertion) */
587 #define RXON_FLG_TSF2HOST_MSK           cpu_to_le32(1 << 15)
588 
589 /* HT flags */
590 #define RXON_FLG_CTRL_CHANNEL_LOC_POS		(22)
591 #define RXON_FLG_CTRL_CHANNEL_LOC_HI_MSK	cpu_to_le32(0x1 << 22)
592 
593 #define RXON_FLG_HT_OPERATING_MODE_POS		(23)
594 
595 #define RXON_FLG_HT_PROT_MSK			cpu_to_le32(0x1 << 23)
596 #define RXON_FLG_HT40_PROT_MSK			cpu_to_le32(0x2 << 23)
597 
598 #define RXON_FLG_CHANNEL_MODE_POS		(25)
599 #define RXON_FLG_CHANNEL_MODE_MSK		cpu_to_le32(0x3 << 25)
600 
601 /* channel mode */
602 enum {
603 	CHANNEL_MODE_LEGACY = 0,
604 	CHANNEL_MODE_PURE_40 = 1,
605 	CHANNEL_MODE_MIXED = 2,
606 	CHANNEL_MODE_RESERVED = 3,
607 };
608 #define RXON_FLG_CHANNEL_MODE_LEGACY			\
609 	cpu_to_le32(CHANNEL_MODE_LEGACY << RXON_FLG_CHANNEL_MODE_POS)
610 #define RXON_FLG_CHANNEL_MODE_PURE_40			\
611 	cpu_to_le32(CHANNEL_MODE_PURE_40 << RXON_FLG_CHANNEL_MODE_POS)
612 #define RXON_FLG_CHANNEL_MODE_MIXED			\
613 	cpu_to_le32(CHANNEL_MODE_MIXED << RXON_FLG_CHANNEL_MODE_POS)
614 
615 /* CTS to self (if spec allows) flag */
616 #define RXON_FLG_SELF_CTS_EN			cpu_to_le32(0x1<<30)
617 
618 /* rx_config filter flags */
619 /* accept all data frames */
620 #define RXON_FILTER_PROMISC_MSK         cpu_to_le32(1 << 0)
621 /* pass control & management to host */
622 #define RXON_FILTER_CTL2HOST_MSK        cpu_to_le32(1 << 1)
623 /* accept multi-cast */
624 #define RXON_FILTER_ACCEPT_GRP_MSK      cpu_to_le32(1 << 2)
625 /* don't decrypt uni-cast frames */
626 #define RXON_FILTER_DIS_DECRYPT_MSK     cpu_to_le32(1 << 3)
627 /* don't decrypt multi-cast frames */
628 #define RXON_FILTER_DIS_GRP_DECRYPT_MSK cpu_to_le32(1 << 4)
629 /* STA is associated */
630 #define RXON_FILTER_ASSOC_MSK           cpu_to_le32(1 << 5)
631 /* transfer to host non bssid beacons in associated state */
632 #define RXON_FILTER_BCON_AWARE_MSK      cpu_to_le32(1 << 6)
633 
634 /**
635  * C_RXON = 0x10 (command, has simple generic response)
636  *
637  * RXON tunes the radio tuner to a service channel, and sets up a number
638  * of parameters that are used primarily for Rx, but also for Tx operations.
639  *
640  * NOTE:  When tuning to a new channel, driver must set the
641  *        RXON_FILTER_ASSOC_MSK to 0.  This will clear station-dependent
642  *        info within the device, including the station tables, tx retry
643  *        rate tables, and txpower tables.  Driver must build a new station
644  *        table and txpower table before transmitting anything on the RXON
645  *        channel.
646  *
647  * NOTE:  All RXONs wipe clean the internal txpower table.  Driver must
648  *        issue a new C_TX_PWR_TBL after each C_RXON (0x10),
649  *        regardless of whether RXON_FILTER_ASSOC_MSK is set.
650  */
651 
652 struct il3945_rxon_cmd {
653 	u8 node_addr[6];
654 	__le16 reserved1;
655 	u8 bssid_addr[6];
656 	__le16 reserved2;
657 	u8 wlap_bssid_addr[6];
658 	__le16 reserved3;
659 	u8 dev_type;
660 	u8 air_propagation;
661 	__le16 reserved4;
662 	u8 ofdm_basic_rates;
663 	u8 cck_basic_rates;
664 	__le16 assoc_id;
665 	__le32 flags;
666 	__le32 filter_flags;
667 	__le16 channel;
668 	__le16 reserved5;
669 } __packed;
670 
671 struct il4965_rxon_cmd {
672 	u8 node_addr[6];
673 	__le16 reserved1;
674 	u8 bssid_addr[6];
675 	__le16 reserved2;
676 	u8 wlap_bssid_addr[6];
677 	__le16 reserved3;
678 	u8 dev_type;
679 	u8 air_propagation;
680 	__le16 rx_chain;
681 	u8 ofdm_basic_rates;
682 	u8 cck_basic_rates;
683 	__le16 assoc_id;
684 	__le32 flags;
685 	__le32 filter_flags;
686 	__le16 channel;
687 	u8 ofdm_ht_single_stream_basic_rates;
688 	u8 ofdm_ht_dual_stream_basic_rates;
689 } __packed;
690 
691 /* Create a common rxon cmd which will be typecast into the 3945 or 4965
692  * specific rxon cmd, depending on where it is called from.
693  */
694 struct il_rxon_cmd {
695 	u8 node_addr[6];
696 	__le16 reserved1;
697 	u8 bssid_addr[6];
698 	__le16 reserved2;
699 	u8 wlap_bssid_addr[6];
700 	__le16 reserved3;
701 	u8 dev_type;
702 	u8 air_propagation;
703 	__le16 rx_chain;
704 	u8 ofdm_basic_rates;
705 	u8 cck_basic_rates;
706 	__le16 assoc_id;
707 	__le32 flags;
708 	__le32 filter_flags;
709 	__le16 channel;
710 	u8 ofdm_ht_single_stream_basic_rates;
711 	u8 ofdm_ht_dual_stream_basic_rates;
712 	u8 reserved4;
713 	u8 reserved5;
714 } __packed;
715 
716 /*
717  * C_RXON_ASSOC = 0x11 (command, has simple generic response)
718  */
719 struct il3945_rxon_assoc_cmd {
720 	__le32 flags;
721 	__le32 filter_flags;
722 	u8 ofdm_basic_rates;
723 	u8 cck_basic_rates;
724 	__le16 reserved;
725 } __packed;
726 
727 struct il4965_rxon_assoc_cmd {
728 	__le32 flags;
729 	__le32 filter_flags;
730 	u8 ofdm_basic_rates;
731 	u8 cck_basic_rates;
732 	u8 ofdm_ht_single_stream_basic_rates;
733 	u8 ofdm_ht_dual_stream_basic_rates;
734 	__le16 rx_chain_select_flags;
735 	__le16 reserved;
736 } __packed;
737 
738 #define IL_CONN_MAX_LISTEN_INTERVAL	10
739 #define IL_MAX_UCODE_BEACON_INTERVAL	4	/* 4096 */
740 #define IL39_MAX_UCODE_BEACON_INTERVAL	1	/* 1024 */
741 
742 /*
743  * C_RXON_TIMING = 0x14 (command, has simple generic response)
744  */
745 struct il_rxon_time_cmd {
746 	__le64 timestamp;
747 	__le16 beacon_interval;
748 	__le16 atim_win;
749 	__le32 beacon_init_val;
750 	__le16 listen_interval;
751 	u8 dtim_period;
752 	u8 delta_cp_bss_tbtts;
753 } __packed;
754 
755 /*
756  * C_CHANNEL_SWITCH = 0x72 (command, has simple generic response)
757  */
758 struct il3945_channel_switch_cmd {
759 	u8 band;
760 	u8 expect_beacon;
761 	__le16 channel;
762 	__le32 rxon_flags;
763 	__le32 rxon_filter_flags;
764 	__le32 switch_time;
765 	struct il3945_power_per_rate power[IL_MAX_RATES];
766 } __packed;
767 
768 struct il4965_channel_switch_cmd {
769 	u8 band;
770 	u8 expect_beacon;
771 	__le16 channel;
772 	__le32 rxon_flags;
773 	__le32 rxon_filter_flags;
774 	__le32 switch_time;
775 	struct il4965_tx_power_db tx_power;
776 } __packed;
777 
778 /*
779  * N_CHANNEL_SWITCH = 0x73 (notification only, not a command)
780  */
781 struct il_csa_notification {
782 	__le16 band;
783 	__le16 channel;
784 	__le32 status;		/* 0 - OK, 1 - fail */
785 } __packed;
786 
787 /******************************************************************************
788  * (2)
789  * Quality-of-Service (QOS) Commands & Responses:
790  *
791  *****************************************************************************/
792 
793 /**
794  * struct il_ac_qos -- QOS timing params for C_QOS_PARAM
795  * One for each of 4 EDCA access categories in struct il_qosparam_cmd
796  *
797  * @cw_min: Contention win, start value in numbers of slots.
798  *          Should be a power-of-2, minus 1.  Device's default is 0x0f.
799  * @cw_max: Contention win, max value in numbers of slots.
800  *          Should be a power-of-2, minus 1.  Device's default is 0x3f.
801  * @aifsn:  Number of slots in Arbitration Interframe Space (before
802  *          performing random backoff timing prior to Tx).  Device default 1.
803  * @edca_txop:  Length of Tx opportunity, in uSecs.  Device default is 0.
804  *
805  * Device will automatically increase contention win by (2*CW) + 1 for each
806  * transmission retry.  Device uses cw_max as a bit mask, ANDed with new CW
807  * value, to cap the CW value.
808  */
809 struct il_ac_qos {
810 	__le16 cw_min;
811 	__le16 cw_max;
812 	u8 aifsn;
813 	u8 reserved1;
814 	__le16 edca_txop;
815 } __packed;
816 
817 /* QoS flags defines */
818 #define QOS_PARAM_FLG_UPDATE_EDCA_MSK	cpu_to_le32(0x01)
819 #define QOS_PARAM_FLG_TGN_MSK		cpu_to_le32(0x02)
820 #define QOS_PARAM_FLG_TXOP_TYPE_MSK	cpu_to_le32(0x10)
821 
822 /* Number of Access Categories (AC) (EDCA), queues 0..3 */
823 #define AC_NUM                4
824 
825 /*
826  * C_QOS_PARAM = 0x13 (command, has simple generic response)
827  *
828  * This command sets up timings for each of the 4 prioritized EDCA Tx FIFOs
829  * 0: Background, 1: Best Effort, 2: Video, 3: Voice.
830  */
831 struct il_qosparam_cmd {
832 	__le32 qos_flags;
833 	struct il_ac_qos ac[AC_NUM];
834 } __packed;
835 
836 /******************************************************************************
837  * (3)
838  * Add/Modify Stations Commands & Responses:
839  *
840  *****************************************************************************/
841 /*
842  * Multi station support
843  */
844 
845 /* Special, dedicated locations within device's station table */
846 #define	IL_AP_ID		0
847 #define	IL_STA_ID		2
848 #define	IL3945_BROADCAST_ID	24
849 #define IL3945_STATION_COUNT	25
850 #define IL4965_BROADCAST_ID	31
851 #define	IL4965_STATION_COUNT	32
852 
853 #define	IL_STATION_COUNT	32	/* MAX(3945,4965) */
854 #define	IL_INVALID_STATION	255
855 
856 #define STA_FLG_TX_RATE_MSK		cpu_to_le32(1 << 2)
857 #define STA_FLG_PWR_SAVE_MSK		cpu_to_le32(1 << 8)
858 #define STA_FLG_RTS_MIMO_PROT_MSK	cpu_to_le32(1 << 17)
859 #define STA_FLG_AGG_MPDU_8US_MSK	cpu_to_le32(1 << 18)
860 #define STA_FLG_MAX_AGG_SIZE_POS	(19)
861 #define STA_FLG_MAX_AGG_SIZE_MSK	cpu_to_le32(3 << 19)
862 #define STA_FLG_HT40_EN_MSK		cpu_to_le32(1 << 21)
863 #define STA_FLG_MIMO_DIS_MSK		cpu_to_le32(1 << 22)
864 #define STA_FLG_AGG_MPDU_DENSITY_POS	(23)
865 #define STA_FLG_AGG_MPDU_DENSITY_MSK	cpu_to_le32(7 << 23)
866 
867 /* Use in mode field.  1: modify existing entry, 0: add new station entry */
868 #define STA_CONTROL_MODIFY_MSK		0x01
869 
870 /* key flags __le16*/
871 #define STA_KEY_FLG_ENCRYPT_MSK	cpu_to_le16(0x0007)
872 #define STA_KEY_FLG_NO_ENC	cpu_to_le16(0x0000)
873 #define STA_KEY_FLG_WEP		cpu_to_le16(0x0001)
874 #define STA_KEY_FLG_CCMP	cpu_to_le16(0x0002)
875 #define STA_KEY_FLG_TKIP	cpu_to_le16(0x0003)
876 
877 #define STA_KEY_FLG_KEYID_POS	8
878 #define STA_KEY_FLG_INVALID	cpu_to_le16(0x0800)
879 /* wep key is either from global key (0) or from station info array (1) */
880 #define STA_KEY_FLG_MAP_KEY_MSK	cpu_to_le16(0x0008)
881 
882 /* wep key in STA: 5-bytes (0) or 13-bytes (1) */
883 #define STA_KEY_FLG_KEY_SIZE_MSK	cpu_to_le16(0x1000)
884 #define STA_KEY_MULTICAST_MSK		cpu_to_le16(0x4000)
885 #define STA_KEY_MAX_NUM		8
886 
887 /* Flags indicate whether to modify vs. don't change various station params */
888 #define	STA_MODIFY_KEY_MASK		0x01
889 #define	STA_MODIFY_TID_DISABLE_TX	0x02
890 #define	STA_MODIFY_TX_RATE_MSK		0x04
891 #define STA_MODIFY_ADDBA_TID_MSK	0x08
892 #define STA_MODIFY_DELBA_TID_MSK	0x10
893 #define STA_MODIFY_SLEEP_TX_COUNT_MSK	0x20
894 
895 /* Receiver address (actually, Rx station's idx into station table),
896  * combined with Traffic ID (QOS priority), in format used by Tx Scheduler */
897 #define BUILD_RAxTID(sta_id, tid)	(((sta_id) << 4) + (tid))
898 
899 struct il4965_keyinfo {
900 	__le16 key_flags;
901 	u8 tkip_rx_tsc_byte2;	/* TSC[2] for key mix ph1 detection */
902 	u8 reserved1;
903 	__le16 tkip_rx_ttak[5];	/* 10-byte unicast TKIP TTAK */
904 	u8 key_offset;
905 	u8 reserved2;
906 	u8 key[16];		/* 16-byte unicast decryption key */
907 } __packed;
908 
909 /**
910  * struct sta_id_modify
911  * @addr[ETH_ALEN]: station's MAC address
912  * @sta_id: idx of station in uCode's station table
913  * @modify_mask: STA_MODIFY_*, 1: modify, 0: don't change
914  *
915  * Driver selects unused table idx when adding new station,
916  * or the idx to a pre-existing station entry when modifying that station.
917  * Some idxes have special purposes (IL_AP_ID, idx 0, is for AP).
918  *
919  * modify_mask flags select which parameters to modify vs. leave alone.
920  */
921 struct sta_id_modify {
922 	u8 addr[ETH_ALEN];
923 	__le16 reserved1;
924 	u8 sta_id;
925 	u8 modify_mask;
926 	__le16 reserved2;
927 } __packed;
928 
929 /*
930  * C_ADD_STA = 0x18 (command)
931  *
932  * The device contains an internal table of per-station information,
933  * with info on security keys, aggregation parameters, and Tx rates for
934  * initial Tx attempt and any retries (4965 devices uses
935  * C_TX_LINK_QUALITY_CMD,
936  * 3945 uses C_RATE_SCALE to set up rate tables).
937  *
938  * C_ADD_STA sets up the table entry for one station, either creating
939  * a new entry, or modifying a pre-existing one.
940  *
941  * NOTE:  RXON command (without "associated" bit set) wipes the station table
942  *        clean.  Moving into RF_KILL state does this also.  Driver must set up
943  *        new station table before transmitting anything on the RXON channel
944  *        (except active scans or active measurements; those commands carry
945  *        their own txpower/rate setup data).
946  *
947  *        When getting started on a new channel, driver must set up the
948  *        IL_BROADCAST_ID entry (last entry in the table).  For a client
949  *        station in a BSS, once an AP is selected, driver sets up the AP STA
950  *        in the IL_AP_ID entry (1st entry in the table).  BROADCAST and AP
951  *        are all that are needed for a BSS client station.  If the device is
952  *        used as AP, or in an IBSS network, driver must set up station table
953  *        entries for all STAs in network, starting with idx IL_STA_ID.
954  */
955 
956 struct il3945_addsta_cmd {
957 	u8 mode;		/* 1: modify existing, 0: add new station */
958 	u8 reserved[3];
959 	struct sta_id_modify sta;
960 	struct il4965_keyinfo key;
961 	__le32 station_flags;	/* STA_FLG_* */
962 	__le32 station_flags_msk;	/* STA_FLG_* */
963 
964 	/* bit field to disable (1) or enable (0) Tx for Traffic ID (TID)
965 	 * corresponding to bit (e.g. bit 5 controls TID 5).
966 	 * Set modify_mask bit STA_MODIFY_TID_DISABLE_TX to use this field. */
967 	__le16 tid_disable_tx;
968 
969 	__le16 rate_n_flags;
970 
971 	/* TID for which to add block-ack support.
972 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
973 	u8 add_immediate_ba_tid;
974 
975 	/* TID for which to remove block-ack support.
976 	 * Set modify_mask bit STA_MODIFY_DELBA_TID_MSK to use this field. */
977 	u8 remove_immediate_ba_tid;
978 
979 	/* Starting Sequence Number for added block-ack support.
980 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
981 	__le16 add_immediate_ba_ssn;
982 } __packed;
983 
984 struct il4965_addsta_cmd {
985 	u8 mode;		/* 1: modify existing, 0: add new station */
986 	u8 reserved[3];
987 	struct sta_id_modify sta;
988 	struct il4965_keyinfo key;
989 	__le32 station_flags;	/* STA_FLG_* */
990 	__le32 station_flags_msk;	/* STA_FLG_* */
991 
992 	/* bit field to disable (1) or enable (0) Tx for Traffic ID (TID)
993 	 * corresponding to bit (e.g. bit 5 controls TID 5).
994 	 * Set modify_mask bit STA_MODIFY_TID_DISABLE_TX to use this field. */
995 	__le16 tid_disable_tx;
996 
997 	__le16 reserved1;
998 
999 	/* TID for which to add block-ack support.
1000 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
1001 	u8 add_immediate_ba_tid;
1002 
1003 	/* TID for which to remove block-ack support.
1004 	 * Set modify_mask bit STA_MODIFY_DELBA_TID_MSK to use this field. */
1005 	u8 remove_immediate_ba_tid;
1006 
1007 	/* Starting Sequence Number for added block-ack support.
1008 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
1009 	__le16 add_immediate_ba_ssn;
1010 
1011 	/*
1012 	 * Number of packets OK to transmit to station even though
1013 	 * it is asleep -- used to synchronise PS-poll and u-APSD
1014 	 * responses while ucode keeps track of STA sleep state.
1015 	 */
1016 	__le16 sleep_tx_count;
1017 
1018 	__le16 reserved2;
1019 } __packed;
1020 
1021 /* Wrapper struct for 3945 and 4965 addsta_cmd structures */
1022 struct il_addsta_cmd {
1023 	u8 mode;		/* 1: modify existing, 0: add new station */
1024 	u8 reserved[3];
1025 	struct sta_id_modify sta;
1026 	struct il4965_keyinfo key;
1027 	__le32 station_flags;	/* STA_FLG_* */
1028 	__le32 station_flags_msk;	/* STA_FLG_* */
1029 
1030 	/* bit field to disable (1) or enable (0) Tx for Traffic ID (TID)
1031 	 * corresponding to bit (e.g. bit 5 controls TID 5).
1032 	 * Set modify_mask bit STA_MODIFY_TID_DISABLE_TX to use this field. */
1033 	__le16 tid_disable_tx;
1034 
1035 	__le16 rate_n_flags;	/* 3945 only */
1036 
1037 	/* TID for which to add block-ack support.
1038 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
1039 	u8 add_immediate_ba_tid;
1040 
1041 	/* TID for which to remove block-ack support.
1042 	 * Set modify_mask bit STA_MODIFY_DELBA_TID_MSK to use this field. */
1043 	u8 remove_immediate_ba_tid;
1044 
1045 	/* Starting Sequence Number for added block-ack support.
1046 	 * Set modify_mask bit STA_MODIFY_ADDBA_TID_MSK to use this field. */
1047 	__le16 add_immediate_ba_ssn;
1048 
1049 	/*
1050 	 * Number of packets OK to transmit to station even though
1051 	 * it is asleep -- used to synchronise PS-poll and u-APSD
1052 	 * responses while ucode keeps track of STA sleep state.
1053 	 */
1054 	__le16 sleep_tx_count;
1055 
1056 	__le16 reserved2;
1057 } __packed;
1058 
1059 #define ADD_STA_SUCCESS_MSK		0x1
1060 #define ADD_STA_NO_ROOM_IN_TBL	0x2
1061 #define ADD_STA_NO_BLOCK_ACK_RESOURCE	0x4
1062 #define ADD_STA_MODIFY_NON_EXIST_STA	0x8
1063 /*
1064  * C_ADD_STA = 0x18 (response)
1065  */
1066 struct il_add_sta_resp {
1067 	u8 status;		/* ADD_STA_* */
1068 } __packed;
1069 
1070 #define REM_STA_SUCCESS_MSK              0x1
1071 /*
1072  *  C_REM_STA = 0x19 (response)
1073  */
1074 struct il_rem_sta_resp {
1075 	u8 status;
1076 } __packed;
1077 
1078 /*
1079  *  C_REM_STA = 0x19 (command)
1080  */
1081 struct il_rem_sta_cmd {
1082 	u8 num_sta;		/* number of removed stations */
1083 	u8 reserved[3];
1084 	u8 addr[ETH_ALEN];	/* MAC addr of the first station */
1085 	u8 reserved2[2];
1086 } __packed;
1087 
1088 #define IL_TX_FIFO_BK_MSK		cpu_to_le32(BIT(0))
1089 #define IL_TX_FIFO_BE_MSK		cpu_to_le32(BIT(1))
1090 #define IL_TX_FIFO_VI_MSK		cpu_to_le32(BIT(2))
1091 #define IL_TX_FIFO_VO_MSK		cpu_to_le32(BIT(3))
1092 #define IL_AGG_TX_QUEUE_MSK		cpu_to_le32(0xffc00)
1093 
1094 #define IL_DROP_SINGLE		0
1095 #define IL_DROP_SELECTED	1
1096 #define IL_DROP_ALL		2
1097 
1098 /*
1099  * REPLY_WEP_KEY = 0x20
1100  */
1101 struct il_wep_key {
1102 	u8 key_idx;
1103 	u8 key_offset;
1104 	u8 reserved1[2];
1105 	u8 key_size;
1106 	u8 reserved2[3];
1107 	u8 key[16];
1108 } __packed;
1109 
1110 struct il_wep_cmd {
1111 	u8 num_keys;
1112 	u8 global_key_type;
1113 	u8 flags;
1114 	u8 reserved;
1115 	struct il_wep_key key[];
1116 } __packed;
1117 
1118 #define WEP_KEY_WEP_TYPE 1
1119 #define WEP_KEYS_MAX 4
1120 #define WEP_INVALID_OFFSET 0xff
1121 #define WEP_KEY_LEN_64 5
1122 #define WEP_KEY_LEN_128 13
1123 
1124 /******************************************************************************
1125  * (4)
1126  * Rx Responses:
1127  *
1128  *****************************************************************************/
1129 
1130 #define RX_RES_STATUS_NO_CRC32_ERROR	cpu_to_le32(1 << 0)
1131 #define RX_RES_STATUS_NO_RXE_OVERFLOW	cpu_to_le32(1 << 1)
1132 
1133 #define RX_RES_PHY_FLAGS_BAND_24_MSK	cpu_to_le16(1 << 0)
1134 #define RX_RES_PHY_FLAGS_MOD_CCK_MSK		cpu_to_le16(1 << 1)
1135 #define RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK	cpu_to_le16(1 << 2)
1136 #define RX_RES_PHY_FLAGS_NARROW_BAND_MSK	cpu_to_le16(1 << 3)
1137 #define RX_RES_PHY_FLAGS_ANTENNA_MSK		0x70
1138 #define RX_RES_PHY_FLAGS_ANTENNA_POS		4
1139 #define RX_RES_PHY_FLAGS_AGG_MSK	cpu_to_le16(1 << 7)
1140 
1141 #define RX_RES_STATUS_SEC_TYPE_MSK	(0x7 << 8)
1142 #define RX_RES_STATUS_SEC_TYPE_NONE	(0x0 << 8)
1143 #define RX_RES_STATUS_SEC_TYPE_WEP	(0x1 << 8)
1144 #define RX_RES_STATUS_SEC_TYPE_CCMP	(0x2 << 8)
1145 #define RX_RES_STATUS_SEC_TYPE_TKIP	(0x3 << 8)
1146 #define	RX_RES_STATUS_SEC_TYPE_ERR	(0x7 << 8)
1147 
1148 #define RX_RES_STATUS_STATION_FOUND	(1<<6)
1149 #define RX_RES_STATUS_NO_STATION_INFO_MISMATCH	(1<<7)
1150 
1151 #define RX_RES_STATUS_DECRYPT_TYPE_MSK	(0x3 << 11)
1152 #define RX_RES_STATUS_NOT_DECRYPT	(0x0 << 11)
1153 #define RX_RES_STATUS_DECRYPT_OK	(0x3 << 11)
1154 #define RX_RES_STATUS_BAD_ICV_MIC	(0x1 << 11)
1155 #define RX_RES_STATUS_BAD_KEY_TTAK	(0x2 << 11)
1156 
1157 #define RX_MPDU_RES_STATUS_ICV_OK	(0x20)
1158 #define RX_MPDU_RES_STATUS_MIC_OK	(0x40)
1159 #define RX_MPDU_RES_STATUS_TTAK_OK	(1 << 7)
1160 #define RX_MPDU_RES_STATUS_DEC_DONE_MSK	(0x800)
1161 
1162 struct il3945_rx_frame_stats {
1163 	u8 phy_count;
1164 	u8 id;
1165 	u8 rssi;
1166 	u8 agc;
1167 	__le16 sig_avg;
1168 	__le16 noise_diff;
1169 	u8 payload[];
1170 } __packed;
1171 
1172 struct il3945_rx_frame_hdr {
1173 	__le16 channel;
1174 	__le16 phy_flags;
1175 	u8 reserved1;
1176 	u8 rate;
1177 	__le16 len;
1178 	u8 payload[];
1179 } __packed;
1180 
1181 struct il3945_rx_frame_end {
1182 	__le32 status;
1183 	__le64 timestamp;
1184 	__le32 beacon_timestamp;
1185 } __packed;
1186 
1187 /*
1188  * N_3945_RX = 0x1b (response only, not a command)
1189  *
1190  * NOTE:  DO NOT dereference from casts to this structure
1191  * It is provided only for calculating minimum data set size.
1192  * The actual offsets of the hdr and end are dynamic based on
1193  * stats.phy_count
1194  */
1195 struct il3945_rx_frame {
1196 	struct il3945_rx_frame_stats stats;
1197 	struct il3945_rx_frame_hdr hdr;
1198 	struct il3945_rx_frame_end end;
1199 } __packed;
1200 
1201 #define IL39_RX_FRAME_SIZE	(4 + sizeof(struct il3945_rx_frame))
1202 
1203 /* Fixed (non-configurable) rx data from phy */
1204 
1205 #define IL49_RX_RES_PHY_CNT 14
1206 #define IL49_RX_PHY_FLAGS_ANTENNAE_OFFSET	(4)
1207 #define IL49_RX_PHY_FLAGS_ANTENNAE_MASK	(0x70)
1208 #define IL49_AGC_DB_MASK			(0x3f80)	/* MASK(7,13) */
1209 #define IL49_AGC_DB_POS			(7)
1210 struct il4965_rx_non_cfg_phy {
1211 	__le16 ant_selection;	/* ant A bit 4, ant B bit 5, ant C bit 6 */
1212 	__le16 agc_info;	/* agc code 0:6, agc dB 7:13, reserved 14:15 */
1213 	u8 rssi_info[6];	/* we use even entries, 0/2/4 for A/B/C rssi */
1214 	u8 pad[];
1215 } __packed;
1216 
1217 /*
1218  * N_RX = 0xc3 (response only, not a command)
1219  * Used only for legacy (non 11n) frames.
1220  */
1221 struct il_rx_phy_res {
1222 	u8 non_cfg_phy_cnt;	/* non configurable DSP phy data byte count */
1223 	u8 cfg_phy_cnt;		/* configurable DSP phy data byte count */
1224 	u8 stat_id;		/* configurable DSP phy data set ID */
1225 	u8 reserved1;
1226 	__le64 timestamp;	/* TSF at on air rise */
1227 	__le32 beacon_time_stamp;	/* beacon at on-air rise */
1228 	__le16 phy_flags;	/* general phy flags: band, modulation, ... */
1229 	__le16 channel;		/* channel number */
1230 	u8 non_cfg_phy_buf[32];	/* for various implementations of non_cfg_phy */
1231 	__le32 rate_n_flags;	/* RATE_MCS_* */
1232 	__le16 byte_count;	/* frame's byte-count */
1233 	__le16 frame_time;	/* frame's time on the air */
1234 } __packed;
1235 
1236 struct il_rx_mpdu_res_start {
1237 	__le16 byte_count;
1238 	__le16 reserved;
1239 } __packed;
1240 
1241 /******************************************************************************
1242  * (5)
1243  * Tx Commands & Responses:
1244  *
1245  * Driver must place each C_TX command into one of the prioritized Tx
1246  * queues in host DRAM, shared between driver and device (see comments for
1247  * SCD registers and Tx/Rx Queues).  When the device's Tx scheduler and uCode
1248  * are preparing to transmit, the device pulls the Tx command over the PCI
1249  * bus via one of the device's Tx DMA channels, to fill an internal FIFO
1250  * from which data will be transmitted.
1251  *
1252  * uCode handles all timing and protocol related to control frames
1253  * (RTS/CTS/ACK), based on flags in the Tx command.  uCode and Tx scheduler
1254  * handle reception of block-acks; uCode updates the host driver via
1255  * N_COMPRESSED_BA.
1256  *
1257  * uCode handles retrying Tx when an ACK is expected but not received.
1258  * This includes trying lower data rates than the one requested in the Tx
1259  * command, as set up by the C_RATE_SCALE (for 3945) or
1260  * C_TX_LINK_QUALITY_CMD (4965).
1261  *
1262  * Driver sets up transmit power for various rates via C_TX_PWR_TBL.
1263  * This command must be executed after every RXON command, before Tx can occur.
1264  *****************************************************************************/
1265 
1266 /* C_TX Tx flags field */
1267 
1268 /*
1269  * 1: Use Request-To-Send protocol before this frame.
1270  * Mutually exclusive vs. TX_CMD_FLG_CTS_MSK.
1271  */
1272 #define TX_CMD_FLG_RTS_MSK cpu_to_le32(1 << 1)
1273 
1274 /*
1275  * 1: Transmit Clear-To-Send to self before this frame.
1276  * Driver should set this for AUTH/DEAUTH/ASSOC-REQ/REASSOC mgmnt frames.
1277  * Mutually exclusive vs. TX_CMD_FLG_RTS_MSK.
1278  */
1279 #define TX_CMD_FLG_CTS_MSK cpu_to_le32(1 << 2)
1280 
1281 /* 1: Expect ACK from receiving station
1282  * 0: Don't expect ACK (MAC header's duration field s/b 0)
1283  * Set this for unicast frames, but not broadcast/multicast. */
1284 #define TX_CMD_FLG_ACK_MSK cpu_to_le32(1 << 3)
1285 
1286 /* For 4965 devices:
1287  * 1: Use rate scale table (see C_TX_LINK_QUALITY_CMD).
1288  *    Tx command's initial_rate_idx indicates first rate to try;
1289  *    uCode walks through table for additional Tx attempts.
1290  * 0: Use Tx rate/MCS from Tx command's rate_n_flags field.
1291  *    This rate will be used for all Tx attempts; it will not be scaled. */
1292 #define TX_CMD_FLG_STA_RATE_MSK cpu_to_le32(1 << 4)
1293 
1294 /* 1: Expect immediate block-ack.
1295  * Set when Txing a block-ack request frame.  Also set TX_CMD_FLG_ACK_MSK. */
1296 #define TX_CMD_FLG_IMM_BA_RSP_MASK  cpu_to_le32(1 << 6)
1297 
1298 /*
1299  * 1: Frame requires full Tx-Op protection.
1300  * Set this if either RTS or CTS Tx Flag gets set.
1301  */
1302 #define TX_CMD_FLG_FULL_TXOP_PROT_MSK cpu_to_le32(1 << 7)
1303 
1304 /* Tx antenna selection field; used only for 3945, reserved (0) for 4965 devices.
1305  * Set field to "0" to allow 3945 uCode to select antenna (normal usage). */
1306 #define TX_CMD_FLG_ANT_SEL_MSK cpu_to_le32(0xf00)
1307 #define TX_CMD_FLG_ANT_A_MSK cpu_to_le32(1 << 8)
1308 #define TX_CMD_FLG_ANT_B_MSK cpu_to_le32(1 << 9)
1309 
1310 /* 1: uCode overrides sequence control field in MAC header.
1311  * 0: Driver provides sequence control field in MAC header.
1312  * Set this for management frames, non-QOS data frames, non-unicast frames,
1313  * and also in Tx command embedded in C_SCAN for active scans. */
1314 #define TX_CMD_FLG_SEQ_CTL_MSK cpu_to_le32(1 << 13)
1315 
1316 /* 1: This frame is non-last MPDU; more fragments are coming.
1317  * 0: Last fragment, or not using fragmentation. */
1318 #define TX_CMD_FLG_MORE_FRAG_MSK cpu_to_le32(1 << 14)
1319 
1320 /* 1: uCode calculates and inserts Timestamp Function (TSF) in outgoing frame.
1321  * 0: No TSF required in outgoing frame.
1322  * Set this for transmitting beacons and probe responses. */
1323 #define TX_CMD_FLG_TSF_MSK cpu_to_le32(1 << 16)
1324 
1325 /* 1: Driver inserted 2 bytes pad after the MAC header, for (required) dword
1326  *    alignment of frame's payload data field.
1327  * 0: No pad
1328  * Set this for MAC headers with 26 or 30 bytes, i.e. those with QOS or ADDR4
1329  * field (but not both).  Driver must align frame data (i.e. data following
1330  * MAC header) to DWORD boundary. */
1331 #define TX_CMD_FLG_MH_PAD_MSK cpu_to_le32(1 << 20)
1332 
1333 /* accelerate aggregation support
1334  * 0 - no CCMP encryption; 1 - CCMP encryption */
1335 #define TX_CMD_FLG_AGG_CCMP_MSK cpu_to_le32(1 << 22)
1336 
1337 /* HCCA-AP - disable duration overwriting. */
1338 #define TX_CMD_FLG_DUR_MSK cpu_to_le32(1 << 25)
1339 
1340 /*
1341  * TX command security control
1342  */
1343 #define TX_CMD_SEC_WEP		0x01
1344 #define TX_CMD_SEC_CCM		0x02
1345 #define TX_CMD_SEC_TKIP		0x03
1346 #define TX_CMD_SEC_MSK		0x03
1347 #define TX_CMD_SEC_SHIFT	6
1348 #define TX_CMD_SEC_KEY128	0x08
1349 
1350 /*
1351  * C_TX = 0x1c (command)
1352  */
1353 
1354 struct il3945_tx_cmd {
1355 	/*
1356 	 * MPDU byte count:
1357 	 * MAC header (24/26/30/32 bytes) + 2 bytes pad if 26/30 header size,
1358 	 * + 8 byte IV for CCM or TKIP (not used for WEP)
1359 	 * + Data payload
1360 	 * + 8-byte MIC (not used for CCM/WEP)
1361 	 * NOTE:  Does not include Tx command bytes, post-MAC pad bytes,
1362 	 *        MIC (CCM) 8 bytes, ICV (WEP/TKIP/CKIP) 4 bytes, CRC 4 bytes.i
1363 	 * Range: 14-2342 bytes.
1364 	 */
1365 	__le16 len;
1366 
1367 	/*
1368 	 * MPDU or MSDU byte count for next frame.
1369 	 * Used for fragmentation and bursting, but not 11n aggregation.
1370 	 * Same as "len", but for next frame.  Set to 0 if not applicable.
1371 	 */
1372 	__le16 next_frame_len;
1373 
1374 	__le32 tx_flags;	/* TX_CMD_FLG_* */
1375 
1376 	u8 rate;
1377 
1378 	/* Index of recipient station in uCode's station table */
1379 	u8 sta_id;
1380 	u8 tid_tspec;
1381 	u8 sec_ctl;
1382 	u8 key[16];
1383 	union {
1384 		u8 byte[8];
1385 		__le16 word[4];
1386 		__le32 dw[2];
1387 	} tkip_mic;
1388 	__le32 next_frame_info;
1389 	union {
1390 		__le32 life_time;
1391 		__le32 attempt;
1392 	} stop_time;
1393 	u8 supp_rates[2];
1394 	u8 rts_retry_limit;	/*byte 50 */
1395 	u8 data_retry_limit;	/*byte 51 */
1396 	union {
1397 		__le16 pm_frame_timeout;
1398 		__le16 attempt_duration;
1399 	} timeout;
1400 
1401 	/*
1402 	 * Duration of EDCA burst Tx Opportunity, in 32-usec units.
1403 	 * Set this if txop time is not specified by HCCA protocol (e.g. by AP).
1404 	 */
1405 	__le16 driver_txop;
1406 
1407 	/*
1408 	 * MAC header goes here, followed by 2 bytes padding if MAC header
1409 	 * length is 26 or 30 bytes, followed by payload data
1410 	 */
1411 	union {
1412 		DECLARE_FLEX_ARRAY(u8, payload);
1413 		DECLARE_FLEX_ARRAY(struct ieee80211_hdr, hdr);
1414 	};
1415 } __packed;
1416 
1417 /*
1418  * C_TX = 0x1c (response)
1419  */
1420 struct il3945_tx_resp {
1421 	u8 failure_rts;
1422 	u8 failure_frame;
1423 	u8 bt_kill_count;
1424 	u8 rate;
1425 	__le32 wireless_media_time;
1426 	__le32 status;		/* TX status */
1427 } __packed;
1428 
1429 /*
1430  * 4965 uCode updates these Tx attempt count values in host DRAM.
1431  * Used for managing Tx retries when expecting block-acks.
1432  * Driver should set these fields to 0.
1433  */
1434 struct il_dram_scratch {
1435 	u8 try_cnt;		/* Tx attempts */
1436 	u8 bt_kill_cnt;		/* Tx attempts blocked by Bluetooth device */
1437 	__le16 reserved;
1438 } __packed;
1439 
1440 struct il_tx_cmd {
1441 	/*
1442 	 * MPDU byte count:
1443 	 * MAC header (24/26/30/32 bytes) + 2 bytes pad if 26/30 header size,
1444 	 * + 8 byte IV for CCM or TKIP (not used for WEP)
1445 	 * + Data payload
1446 	 * + 8-byte MIC (not used for CCM/WEP)
1447 	 * NOTE:  Does not include Tx command bytes, post-MAC pad bytes,
1448 	 *        MIC (CCM) 8 bytes, ICV (WEP/TKIP/CKIP) 4 bytes, CRC 4 bytes.i
1449 	 * Range: 14-2342 bytes.
1450 	 */
1451 	__le16 len;
1452 
1453 	/*
1454 	 * MPDU or MSDU byte count for next frame.
1455 	 * Used for fragmentation and bursting, but not 11n aggregation.
1456 	 * Same as "len", but for next frame.  Set to 0 if not applicable.
1457 	 */
1458 	__le16 next_frame_len;
1459 
1460 	__le32 tx_flags;	/* TX_CMD_FLG_* */
1461 
1462 	/* uCode may modify this field of the Tx command (in host DRAM!).
1463 	 * Driver must also set dram_lsb_ptr and dram_msb_ptr in this cmd. */
1464 	struct il_dram_scratch scratch;
1465 
1466 	/* Rate for *all* Tx attempts, if TX_CMD_FLG_STA_RATE_MSK is cleared. */
1467 	__le32 rate_n_flags;	/* RATE_MCS_* */
1468 
1469 	/* Index of destination station in uCode's station table */
1470 	u8 sta_id;
1471 
1472 	/* Type of security encryption:  CCM or TKIP */
1473 	u8 sec_ctl;		/* TX_CMD_SEC_* */
1474 
1475 	/*
1476 	 * Index into rate table (see C_TX_LINK_QUALITY_CMD) for initial
1477 	 * Tx attempt, if TX_CMD_FLG_STA_RATE_MSK is set.  Normally "0" for
1478 	 * data frames, this field may be used to selectively reduce initial
1479 	 * rate (via non-0 value) for special frames (e.g. management), while
1480 	 * still supporting rate scaling for all frames.
1481 	 */
1482 	u8 initial_rate_idx;
1483 	u8 reserved;
1484 	u8 key[16];
1485 	__le16 next_frame_flags;
1486 	__le16 reserved2;
1487 	union {
1488 		__le32 life_time;
1489 		__le32 attempt;
1490 	} stop_time;
1491 
1492 	/* Host DRAM physical address pointer to "scratch" in this command.
1493 	 * Must be dword aligned.  "0" in dram_lsb_ptr disables usage. */
1494 	__le32 dram_lsb_ptr;
1495 	u8 dram_msb_ptr;
1496 
1497 	u8 rts_retry_limit;	/*byte 50 */
1498 	u8 data_retry_limit;	/*byte 51 */
1499 	u8 tid_tspec;
1500 	union {
1501 		__le16 pm_frame_timeout;
1502 		__le16 attempt_duration;
1503 	} timeout;
1504 
1505 	/*
1506 	 * Duration of EDCA burst Tx Opportunity, in 32-usec units.
1507 	 * Set this if txop time is not specified by HCCA protocol (e.g. by AP).
1508 	 */
1509 	__le16 driver_txop;
1510 
1511 	/*
1512 	 * MAC header goes here, followed by 2 bytes padding if MAC header
1513 	 * length is 26 or 30 bytes, followed by payload data
1514 	 */
1515 	u8 payload[0];
1516 	struct ieee80211_hdr hdr[];
1517 } __packed;
1518 
1519 /* TX command response is sent after *3945* transmission attempts.
1520  *
1521  * NOTES:
1522  *
1523  * TX_STATUS_FAIL_NEXT_FRAG
1524  *
1525  * If the fragment flag in the MAC header for the frame being transmitted
1526  * is set and there is insufficient time to transmit the next frame, the
1527  * TX status will be returned with 'TX_STATUS_FAIL_NEXT_FRAG'.
1528  *
1529  * TX_STATUS_FIFO_UNDERRUN
1530  *
1531  * Indicates the host did not provide bytes to the FIFO fast enough while
1532  * a TX was in progress.
1533  *
1534  * TX_STATUS_FAIL_MGMNT_ABORT
1535  *
1536  * This status is only possible if the ABORT ON MGMT RX parameter was
1537  * set to true with the TX command.
1538  *
1539  * If the MSB of the status parameter is set then an abort sequence is
1540  * required.  This sequence consists of the host activating the TX Abort
1541  * control line, and then waiting for the TX Abort command response.  This
1542  * indicates that a the device is no longer in a transmit state, and that the
1543  * command FIFO has been cleared.  The host must then deactivate the TX Abort
1544  * control line.  Receiving is still allowed in this case.
1545  */
1546 enum {
1547 	TX_3945_STATUS_SUCCESS = 0x01,
1548 	TX_3945_STATUS_DIRECT_DONE = 0x02,
1549 	TX_3945_STATUS_FAIL_SHORT_LIMIT = 0x82,
1550 	TX_3945_STATUS_FAIL_LONG_LIMIT = 0x83,
1551 	TX_3945_STATUS_FAIL_FIFO_UNDERRUN = 0x84,
1552 	TX_3945_STATUS_FAIL_MGMNT_ABORT = 0x85,
1553 	TX_3945_STATUS_FAIL_NEXT_FRAG = 0x86,
1554 	TX_3945_STATUS_FAIL_LIFE_EXPIRE = 0x87,
1555 	TX_3945_STATUS_FAIL_DEST_PS = 0x88,
1556 	TX_3945_STATUS_FAIL_ABORTED = 0x89,
1557 	TX_3945_STATUS_FAIL_BT_RETRY = 0x8a,
1558 	TX_3945_STATUS_FAIL_STA_INVALID = 0x8b,
1559 	TX_3945_STATUS_FAIL_FRAG_DROPPED = 0x8c,
1560 	TX_3945_STATUS_FAIL_TID_DISABLE = 0x8d,
1561 	TX_3945_STATUS_FAIL_FRAME_FLUSHED = 0x8e,
1562 	TX_3945_STATUS_FAIL_INSUFFICIENT_CF_POLL = 0x8f,
1563 	TX_3945_STATUS_FAIL_TX_LOCKED = 0x90,
1564 	TX_3945_STATUS_FAIL_NO_BEACON_ON_RADAR = 0x91,
1565 };
1566 
1567 /*
1568  * TX command response is sent after *4965* transmission attempts.
1569  *
1570  * both postpone and abort status are expected behavior from uCode. there is
1571  * no special operation required from driver; except for RFKILL_FLUSH,
1572  * which required tx flush host command to flush all the tx frames in queues
1573  */
1574 enum {
1575 	TX_STATUS_SUCCESS = 0x01,
1576 	TX_STATUS_DIRECT_DONE = 0x02,
1577 	/* postpone TX */
1578 	TX_STATUS_POSTPONE_DELAY = 0x40,
1579 	TX_STATUS_POSTPONE_FEW_BYTES = 0x41,
1580 	TX_STATUS_POSTPONE_QUIET_PERIOD = 0x43,
1581 	TX_STATUS_POSTPONE_CALC_TTAK = 0x44,
1582 	/* abort TX */
1583 	TX_STATUS_FAIL_INTERNAL_CROSSED_RETRY = 0x81,
1584 	TX_STATUS_FAIL_SHORT_LIMIT = 0x82,
1585 	TX_STATUS_FAIL_LONG_LIMIT = 0x83,
1586 	TX_STATUS_FAIL_FIFO_UNDERRUN = 0x84,
1587 	TX_STATUS_FAIL_DRAIN_FLOW = 0x85,
1588 	TX_STATUS_FAIL_RFKILL_FLUSH = 0x86,
1589 	TX_STATUS_FAIL_LIFE_EXPIRE = 0x87,
1590 	TX_STATUS_FAIL_DEST_PS = 0x88,
1591 	TX_STATUS_FAIL_HOST_ABORTED = 0x89,
1592 	TX_STATUS_FAIL_BT_RETRY = 0x8a,
1593 	TX_STATUS_FAIL_STA_INVALID = 0x8b,
1594 	TX_STATUS_FAIL_FRAG_DROPPED = 0x8c,
1595 	TX_STATUS_FAIL_TID_DISABLE = 0x8d,
1596 	TX_STATUS_FAIL_FIFO_FLUSHED = 0x8e,
1597 	TX_STATUS_FAIL_INSUFFICIENT_CF_POLL = 0x8f,
1598 	TX_STATUS_FAIL_PASSIVE_NO_RX = 0x90,
1599 	TX_STATUS_FAIL_NO_BEACON_ON_RADAR = 0x91,
1600 };
1601 
1602 #define	TX_PACKET_MODE_REGULAR		0x0000
1603 #define	TX_PACKET_MODE_BURST_SEQ	0x0100
1604 #define	TX_PACKET_MODE_BURST_FIRST	0x0200
1605 
1606 enum {
1607 	TX_POWER_PA_NOT_ACTIVE = 0x0,
1608 };
1609 
1610 enum {
1611 	TX_STATUS_MSK = 0x000000ff,	/* bits 0:7 */
1612 	TX_STATUS_DELAY_MSK = 0x00000040,
1613 	TX_STATUS_ABORT_MSK = 0x00000080,
1614 	TX_PACKET_MODE_MSK = 0x0000ff00,	/* bits 8:15 */
1615 	TX_FIFO_NUMBER_MSK = 0x00070000,	/* bits 16:18 */
1616 	TX_RESERVED = 0x00780000,	/* bits 19:22 */
1617 	TX_POWER_PA_DETECT_MSK = 0x7f800000,	/* bits 23:30 */
1618 	TX_ABORT_REQUIRED_MSK = 0x80000000,	/* bits 31:31 */
1619 };
1620 
1621 /* *******************************
1622  * TX aggregation status
1623  ******************************* */
1624 
1625 enum {
1626 	AGG_TX_STATE_TRANSMITTED = 0x00,
1627 	AGG_TX_STATE_UNDERRUN_MSK = 0x01,
1628 	AGG_TX_STATE_FEW_BYTES_MSK = 0x04,
1629 	AGG_TX_STATE_ABORT_MSK = 0x08,
1630 	AGG_TX_STATE_LAST_SENT_TTL_MSK = 0x10,
1631 	AGG_TX_STATE_LAST_SENT_TRY_CNT_MSK = 0x20,
1632 	AGG_TX_STATE_SCD_QUERY_MSK = 0x80,
1633 	AGG_TX_STATE_TEST_BAD_CRC32_MSK = 0x100,
1634 	AGG_TX_STATE_RESPONSE_MSK = 0x1ff,
1635 	AGG_TX_STATE_DUMP_TX_MSK = 0x200,
1636 	AGG_TX_STATE_DELAY_TX_MSK = 0x400
1637 };
1638 
1639 #define AGG_TX_STATUS_MSK	0x00000fff	/* bits 0:11 */
1640 #define AGG_TX_TRY_MSK		0x0000f000	/* bits 12:15 */
1641 
1642 #define AGG_TX_STATE_LAST_SENT_MSK  (AGG_TX_STATE_LAST_SENT_TTL_MSK | \
1643 				     AGG_TX_STATE_LAST_SENT_TRY_CNT_MSK)
1644 
1645 /* # tx attempts for first frame in aggregation */
1646 #define AGG_TX_STATE_TRY_CNT_POS 12
1647 #define AGG_TX_STATE_TRY_CNT_MSK 0xf000
1648 
1649 /* Command ID and sequence number of Tx command for this frame */
1650 #define AGG_TX_STATE_SEQ_NUM_POS 16
1651 #define AGG_TX_STATE_SEQ_NUM_MSK 0xffff0000
1652 
1653 /*
1654  * C_TX = 0x1c (response)
1655  *
1656  * This response may be in one of two slightly different formats, indicated
1657  * by the frame_count field:
1658  *
1659  * 1)  No aggregation (frame_count == 1).  This reports Tx results for
1660  *     a single frame.  Multiple attempts, at various bit rates, may have
1661  *     been made for this frame.
1662  *
1663  * 2)  Aggregation (frame_count > 1).  This reports Tx results for
1664  *     2 or more frames that used block-acknowledge.  All frames were
1665  *     transmitted at same rate.  Rate scaling may have been used if first
1666  *     frame in this new agg block failed in previous agg block(s).
1667  *
1668  *     Note that, for aggregation, ACK (block-ack) status is not delivered here;
1669  *     block-ack has not been received by the time the 4965 device records
1670  *     this status.
1671  *     This status relates to reasons the tx might have been blocked or aborted
1672  *     within the sending station (this 4965 device), rather than whether it was
1673  *     received successfully by the destination station.
1674  */
1675 struct agg_tx_status {
1676 	__le16 status;
1677 	__le16 sequence;
1678 } __packed;
1679 
1680 struct il4965_tx_resp {
1681 	u8 frame_count;		/* 1 no aggregation, >1 aggregation */
1682 	u8 bt_kill_count;	/* # blocked by bluetooth (unused for agg) */
1683 	u8 failure_rts;		/* # failures due to unsuccessful RTS */
1684 	u8 failure_frame;	/* # failures due to no ACK (unused for agg) */
1685 
1686 	/* For non-agg:  Rate at which frame was successful.
1687 	 * For agg:  Rate at which all frames were transmitted. */
1688 	__le32 rate_n_flags;	/* RATE_MCS_*  */
1689 
1690 	/* For non-agg:  RTS + CTS + frame tx attempts time + ACK.
1691 	 * For agg:  RTS + CTS + aggregation tx time + block-ack time. */
1692 	__le16 wireless_media_time;	/* uSecs */
1693 
1694 	__le16 reserved;
1695 	__le32 pa_power1;	/* RF power amplifier measurement (not used) */
1696 	__le32 pa_power2;
1697 
1698 	/*
1699 	 * For non-agg:  frame status TX_STATUS_*
1700 	 * For agg:  status of 1st frame, AGG_TX_STATE_*; other frame status
1701 	 *           fields follow this one, up to frame_count.
1702 	 *           Bit fields:
1703 	 *           11- 0:  AGG_TX_STATE_* status code
1704 	 *           15-12:  Retry count for 1st frame in aggregation (retries
1705 	 *                   occur if tx failed for this frame when it was a
1706 	 *                   member of a previous aggregation block).  If rate
1707 	 *                   scaling is used, retry count indicates the rate
1708 	 *                   table entry used for all frames in the new agg.
1709 	 *           31-16:  Sequence # for this frame's Tx cmd (not SSN!)
1710 	 */
1711 	union {
1712 		__le32 status;
1713 		struct agg_tx_status agg_status[0];	/* for each agg frame */
1714 	} u;
1715 } __packed;
1716 
1717 /*
1718  * N_COMPRESSED_BA = 0xc5 (response only, not a command)
1719  *
1720  * Reports Block-Acknowledge from recipient station
1721  */
1722 struct il_compressed_ba_resp {
1723 	__le32 sta_addr_lo32;
1724 	__le16 sta_addr_hi16;
1725 	__le16 reserved;
1726 
1727 	/* Index of recipient (BA-sending) station in uCode's station table */
1728 	u8 sta_id;
1729 	u8 tid;
1730 	__le16 seq_ctl;
1731 	__le64 bitmap;
1732 	__le16 scd_flow;
1733 	__le16 scd_ssn;
1734 } __packed;
1735 
1736 /*
1737  * C_TX_PWR_TBL = 0x97 (command, has simple generic response)
1738  *
1739  * See details under "TXPOWER" in 4965.h.
1740  */
1741 
1742 struct il3945_txpowertable_cmd {
1743 	u8 band;		/* 0: 5 GHz, 1: 2.4 GHz */
1744 	u8 reserved;
1745 	__le16 channel;
1746 	struct il3945_power_per_rate power[IL_MAX_RATES];
1747 } __packed;
1748 
1749 struct il4965_txpowertable_cmd {
1750 	u8 band;		/* 0: 5 GHz, 1: 2.4 GHz */
1751 	u8 reserved;
1752 	__le16 channel;
1753 	struct il4965_tx_power_db tx_power;
1754 } __packed;
1755 
1756 /**
1757  * struct il3945_rate_scaling_cmd - Rate Scaling Command & Response
1758  *
1759  * C_RATE_SCALE = 0x47 (command, has simple generic response)
1760  *
1761  * NOTE: The table of rates passed to the uCode via the
1762  * RATE_SCALE command sets up the corresponding order of
1763  * rates used for all related commands, including rate
1764  * masks, etc.
1765  *
1766  * For example, if you set 9MB (PLCP 0x0f) as the first
1767  * rate in the rate table, the bit mask for that rate
1768  * when passed through ofdm_basic_rates on the C_RXON
1769  * command would be bit 0 (1 << 0)
1770  */
1771 struct il3945_rate_scaling_info {
1772 	__le16 rate_n_flags;
1773 	u8 try_cnt;
1774 	u8 next_rate_idx;
1775 } __packed;
1776 
1777 struct il3945_rate_scaling_cmd {
1778 	u8 table_id;
1779 	u8 reserved[3];
1780 	struct il3945_rate_scaling_info table[IL_MAX_RATES];
1781 } __packed;
1782 
1783 /*RS_NEW_API: only TLC_RTS remains and moved to bit 0 */
1784 #define  LINK_QUAL_FLAGS_SET_STA_TLC_RTS_MSK	(1 << 0)
1785 
1786 /* # of EDCA prioritized tx fifos */
1787 #define  LINK_QUAL_AC_NUM AC_NUM
1788 
1789 /* # entries in rate scale table to support Tx retries */
1790 #define  LINK_QUAL_MAX_RETRY_NUM 16
1791 
1792 /* Tx antenna selection values */
1793 #define  LINK_QUAL_ANT_A_MSK (1 << 0)
1794 #define  LINK_QUAL_ANT_B_MSK (1 << 1)
1795 #define  LINK_QUAL_ANT_MSK   (LINK_QUAL_ANT_A_MSK|LINK_QUAL_ANT_B_MSK)
1796 
1797 /**
1798  * struct il_link_qual_general_params
1799  *
1800  * Used in C_TX_LINK_QUALITY_CMD
1801  */
1802 struct il_link_qual_general_params {
1803 	u8 flags;
1804 
1805 	/* No entries at or above this (driver chosen) idx contain MIMO */
1806 	u8 mimo_delimiter;
1807 
1808 	/* Best single antenna to use for single stream (legacy, SISO). */
1809 	u8 single_stream_ant_msk;	/* LINK_QUAL_ANT_* */
1810 
1811 	/* Best antennas to use for MIMO (unused for 4965, assumes both). */
1812 	u8 dual_stream_ant_msk;	/* LINK_QUAL_ANT_* */
1813 
1814 	/*
1815 	 * If driver needs to use different initial rates for different
1816 	 * EDCA QOS access categories (as implemented by tx fifos 0-3),
1817 	 * this table will set that up, by indicating the idxes in the
1818 	 * rs_table[LINK_QUAL_MAX_RETRY_NUM] rate table at which to start.
1819 	 * Otherwise, driver should set all entries to 0.
1820 	 *
1821 	 * Entry usage:
1822 	 * 0 = Background, 1 = Best Effort (normal), 2 = Video, 3 = Voice
1823 	 * TX FIFOs above 3 use same value (typically 0) as TX FIFO 3.
1824 	 */
1825 	u8 start_rate_idx[LINK_QUAL_AC_NUM];
1826 } __packed;
1827 
1828 #define LINK_QUAL_AGG_TIME_LIMIT_DEF	(4000)	/* 4 milliseconds */
1829 #define LINK_QUAL_AGG_TIME_LIMIT_MAX	(8000)
1830 #define LINK_QUAL_AGG_TIME_LIMIT_MIN	(100)
1831 
1832 #define LINK_QUAL_AGG_DISABLE_START_DEF	(3)
1833 #define LINK_QUAL_AGG_DISABLE_START_MAX	(255)
1834 #define LINK_QUAL_AGG_DISABLE_START_MIN	(0)
1835 
1836 #define LINK_QUAL_AGG_FRAME_LIMIT_DEF	(31)
1837 #define LINK_QUAL_AGG_FRAME_LIMIT_MAX	(63)
1838 #define LINK_QUAL_AGG_FRAME_LIMIT_MIN	(0)
1839 
1840 /**
1841  * struct il_link_qual_agg_params
1842  *
1843  * Used in C_TX_LINK_QUALITY_CMD
1844  */
1845 struct il_link_qual_agg_params {
1846 
1847 	/*
1848 	 *Maximum number of uSec in aggregation.
1849 	 * default set to 4000 (4 milliseconds) if not configured in .cfg
1850 	 */
1851 	__le16 agg_time_limit;
1852 
1853 	/*
1854 	 * Number of Tx retries allowed for a frame, before that frame will
1855 	 * no longer be considered for the start of an aggregation sequence
1856 	 * (scheduler will then try to tx it as single frame).
1857 	 * Driver should set this to 3.
1858 	 */
1859 	u8 agg_dis_start_th;
1860 
1861 	/*
1862 	 * Maximum number of frames in aggregation.
1863 	 * 0 = no limit (default).  1 = no aggregation.
1864 	 * Other values = max # frames in aggregation.
1865 	 */
1866 	u8 agg_frame_cnt_limit;
1867 
1868 	__le32 reserved;
1869 } __packed;
1870 
1871 /*
1872  * C_TX_LINK_QUALITY_CMD = 0x4e (command, has simple generic response)
1873  *
1874  * For 4965 devices only; 3945 uses C_RATE_SCALE.
1875  *
1876  * Each station in the 4965 device's internal station table has its own table
1877  * of 16
1878  * Tx rates and modulation modes (e.g. legacy/SISO/MIMO) for retrying Tx when
1879  * an ACK is not received.  This command replaces the entire table for
1880  * one station.
1881  *
1882  * NOTE:  Station must already be in 4965 device's station table.
1883  *	  Use C_ADD_STA.
1884  *
1885  * The rate scaling procedures described below work well.  Of course, other
1886  * procedures are possible, and may work better for particular environments.
1887  *
1888  *
1889  * FILLING THE RATE TBL
1890  *
1891  * Given a particular initial rate and mode, as determined by the rate
1892  * scaling algorithm described below, the Linux driver uses the following
1893  * formula to fill the rs_table[LINK_QUAL_MAX_RETRY_NUM] rate table in the
1894  * Link Quality command:
1895  *
1896  *
1897  * 1)  If using High-throughput (HT) (SISO or MIMO) initial rate:
1898  *     a) Use this same initial rate for first 3 entries.
1899  *     b) Find next lower available rate using same mode (SISO or MIMO),
1900  *        use for next 3 entries.  If no lower rate available, switch to
1901  *        legacy mode (no HT40 channel, no MIMO, no short guard interval).
1902  *     c) If using MIMO, set command's mimo_delimiter to number of entries
1903  *        using MIMO (3 or 6).
1904  *     d) After trying 2 HT rates, switch to legacy mode (no HT40 channel,
1905  *        no MIMO, no short guard interval), at the next lower bit rate
1906  *        (e.g. if second HT bit rate was 54, try 48 legacy), and follow
1907  *        legacy procedure for remaining table entries.
1908  *
1909  * 2)  If using legacy initial rate:
1910  *     a) Use the initial rate for only one entry.
1911  *     b) For each following entry, reduce the rate to next lower available
1912  *        rate, until reaching the lowest available rate.
1913  *     c) When reducing rate, also switch antenna selection.
1914  *     d) Once lowest available rate is reached, repeat this rate until
1915  *        rate table is filled (16 entries), switching antenna each entry.
1916  *
1917  *
1918  * ACCUMULATING HISTORY
1919  *
1920  * The rate scaling algorithm for 4965 devices, as implemented in Linux driver,
1921  * uses two sets of frame Tx success history:  One for the current/active
1922  * modulation mode, and one for a speculative/search mode that is being
1923  * attempted. If the speculative mode turns out to be more effective (i.e.
1924  * actual transfer rate is better), then the driver continues to use the
1925  * speculative mode as the new current active mode.
1926  *
1927  * Each history set contains, separately for each possible rate, data for a
1928  * sliding win of the 62 most recent tx attempts at that rate.  The data
1929  * includes a shifting bitmap of success(1)/failure(0), and sums of successful
1930  * and attempted frames, from which the driver can additionally calculate a
1931  * success ratio (success / attempted) and number of failures
1932  * (attempted - success), and control the size of the win (attempted).
1933  * The driver uses the bit map to remove successes from the success sum, as
1934  * the oldest tx attempts fall out of the win.
1935  *
1936  * When the 4965 device makes multiple tx attempts for a given frame, each
1937  * attempt might be at a different rate, and have different modulation
1938  * characteristics (e.g. antenna, fat channel, short guard interval), as set
1939  * up in the rate scaling table in the Link Quality command.  The driver must
1940  * determine which rate table entry was used for each tx attempt, to determine
1941  * which rate-specific history to update, and record only those attempts that
1942  * match the modulation characteristics of the history set.
1943  *
1944  * When using block-ack (aggregation), all frames are transmitted at the same
1945  * rate, since there is no per-attempt acknowledgment from the destination
1946  * station.  The Tx response struct il_tx_resp indicates the Tx rate in
1947  * rate_n_flags field.  After receiving a block-ack, the driver can update
1948  * history for the entire block all at once.
1949  *
1950  *
1951  * FINDING BEST STARTING RATE:
1952  *
1953  * When working with a selected initial modulation mode (see below), the
1954  * driver attempts to find a best initial rate.  The initial rate is the
1955  * first entry in the Link Quality command's rate table.
1956  *
1957  * 1)  Calculate actual throughput (success ratio * expected throughput, see
1958  *     table below) for current initial rate.  Do this only if enough frames
1959  *     have been attempted to make the value meaningful:  at least 6 failed
1960  *     tx attempts, or at least 8 successes.  If not enough, don't try rate
1961  *     scaling yet.
1962  *
1963  * 2)  Find available rates adjacent to current initial rate.  Available means:
1964  *     a)  supported by hardware &&
1965  *     b)  supported by association &&
1966  *     c)  within any constraints selected by user
1967  *
1968  * 3)  Gather measured throughputs for adjacent rates.  These might not have
1969  *     enough history to calculate a throughput.  That's okay, we might try
1970  *     using one of them anyway!
1971  *
1972  * 4)  Try decreasing rate if, for current rate:
1973  *     a)  success ratio is < 15% ||
1974  *     b)  lower adjacent rate has better measured throughput ||
1975  *     c)  higher adjacent rate has worse throughput, and lower is unmeasured
1976  *
1977  *     As a sanity check, if decrease was determined above, leave rate
1978  *     unchanged if:
1979  *     a)  lower rate unavailable
1980  *     b)  success ratio at current rate > 85% (very good)
1981  *     c)  current measured throughput is better than expected throughput
1982  *         of lower rate (under perfect 100% tx conditions, see table below)
1983  *
1984  * 5)  Try increasing rate if, for current rate:
1985  *     a)  success ratio is < 15% ||
1986  *     b)  both adjacent rates' throughputs are unmeasured (try it!) ||
1987  *     b)  higher adjacent rate has better measured throughput ||
1988  *     c)  lower adjacent rate has worse throughput, and higher is unmeasured
1989  *
1990  *     As a sanity check, if increase was determined above, leave rate
1991  *     unchanged if:
1992  *     a)  success ratio at current rate < 70%.  This is not particularly
1993  *         good performance; higher rate is sure to have poorer success.
1994  *
1995  * 6)  Re-evaluate the rate after each tx frame.  If working with block-
1996  *     acknowledge, history and stats may be calculated for the entire
1997  *     block (including prior history that fits within the history wins),
1998  *     before re-evaluation.
1999  *
2000  * FINDING BEST STARTING MODULATION MODE:
2001  *
2002  * After working with a modulation mode for a "while" (and doing rate scaling),
2003  * the driver searches for a new initial mode in an attempt to improve
2004  * throughput.  The "while" is measured by numbers of attempted frames:
2005  *
2006  * For legacy mode, search for new mode after:
2007  *   480 successful frames, or 160 failed frames
2008  * For high-throughput modes (SISO or MIMO), search for new mode after:
2009  *   4500 successful frames, or 400 failed frames
2010  *
2011  * Mode switch possibilities are (3 for each mode):
2012  *
2013  * For legacy:
2014  *   Change antenna, try SISO (if HT association), try MIMO (if HT association)
2015  * For SISO:
2016  *   Change antenna, try MIMO, try shortened guard interval (SGI)
2017  * For MIMO:
2018  *   Try SISO antenna A, SISO antenna B, try shortened guard interval (SGI)
2019  *
2020  * When trying a new mode, use the same bit rate as the old/current mode when
2021  * trying antenna switches and shortened guard interval.  When switching to
2022  * SISO from MIMO or legacy, or to MIMO from SISO or legacy, use a rate
2023  * for which the expected throughput (under perfect conditions) is about the
2024  * same or slightly better than the actual measured throughput delivered by
2025  * the old/current mode.
2026  *
2027  * Actual throughput can be estimated by multiplying the expected throughput
2028  * by the success ratio (successful / attempted tx frames).  Frame size is
2029  * not considered in this calculation; it assumes that frame size will average
2030  * out to be fairly consistent over several samples.  The following are
2031  * metric values for expected throughput assuming 100% success ratio.
2032  * Only G band has support for CCK rates:
2033  *
2034  *           RATE:  1    2    5   11    6   9   12   18   24   36   48   54   60
2035  *
2036  *              G:  7   13   35   58   40  57   72   98  121  154  177  186  186
2037  *              A:  0    0    0    0   40  57   72   98  121  154  177  186  186
2038  *     SISO 20MHz:  0    0    0    0   42  42   76  102  124  159  183  193  202
2039  * SGI SISO 20MHz:  0    0    0    0   46  46   82  110  132  168  192  202  211
2040  *     MIMO 20MHz:  0    0    0    0   74  74  123  155  179  214  236  244  251
2041  * SGI MIMO 20MHz:  0    0    0    0   81  81  131  164  188  222  243  251  257
2042  *     SISO 40MHz:  0    0    0    0   77  77  127  160  184  220  242  250  257
2043  * SGI SISO 40MHz:  0    0    0    0   83  83  135  169  193  229  250  257  264
2044  *     MIMO 40MHz:  0    0    0    0  123 123  182  214  235  264  279  285  289
2045  * SGI MIMO 40MHz:  0    0    0    0  131 131  191  222  242  270  284  289  293
2046  *
2047  * After the new mode has been tried for a short while (minimum of 6 failed
2048  * frames or 8 successful frames), compare success ratio and actual throughput
2049  * estimate of the new mode with the old.  If either is better with the new
2050  * mode, continue to use the new mode.
2051  *
2052  * Continue comparing modes until all 3 possibilities have been tried.
2053  * If moving from legacy to HT, try all 3 possibilities from the new HT
2054  * mode.  After trying all 3, a best mode is found.  Continue to use this mode
2055  * for the longer "while" described above (e.g. 480 successful frames for
2056  * legacy), and then repeat the search process.
2057  *
2058  */
2059 struct il_link_quality_cmd {
2060 
2061 	/* Index of destination/recipient station in uCode's station table */
2062 	u8 sta_id;
2063 	u8 reserved1;
2064 	__le16 control;		/* not used */
2065 	struct il_link_qual_general_params general_params;
2066 	struct il_link_qual_agg_params agg_params;
2067 
2068 	/*
2069 	 * Rate info; when using rate-scaling, Tx command's initial_rate_idx
2070 	 * specifies 1st Tx rate attempted, via idx into this table.
2071 	 * 4965 devices works its way through table when retrying Tx.
2072 	 */
2073 	struct {
2074 		__le32 rate_n_flags;	/* RATE_MCS_*, RATE_* */
2075 	} rs_table[LINK_QUAL_MAX_RETRY_NUM];
2076 	__le32 reserved2;
2077 } __packed;
2078 
2079 /*
2080  * BT configuration enable flags:
2081  *   bit 0 - 1: BT channel announcement enabled
2082  *           0: disable
2083  *   bit 1 - 1: priority of BT device enabled
2084  *           0: disable
2085  */
2086 #define BT_COEX_DISABLE (0x0)
2087 #define BT_ENABLE_CHANNEL_ANNOUNCE BIT(0)
2088 #define BT_ENABLE_PRIORITY	   BIT(1)
2089 
2090 #define BT_COEX_ENABLE  (BT_ENABLE_CHANNEL_ANNOUNCE | BT_ENABLE_PRIORITY)
2091 
2092 #define BT_LEAD_TIME_DEF (0x1E)
2093 
2094 #define BT_MAX_KILL_DEF (0x5)
2095 
2096 /*
2097  * C_BT_CONFIG = 0x9b (command, has simple generic response)
2098  *
2099  * 3945 and 4965 devices support hardware handshake with Bluetooth device on
2100  * same platform.  Bluetooth device alerts wireless device when it will Tx;
2101  * wireless device can delay or kill its own Tx to accommodate.
2102  */
2103 struct il_bt_cmd {
2104 	u8 flags;
2105 	u8 lead_time;
2106 	u8 max_kill;
2107 	u8 reserved;
2108 	__le32 kill_ack_mask;
2109 	__le32 kill_cts_mask;
2110 } __packed;
2111 
2112 /******************************************************************************
2113  * (6)
2114  * Spectrum Management (802.11h) Commands, Responses, Notifications:
2115  *
2116  *****************************************************************************/
2117 
2118 /*
2119  * Spectrum Management
2120  */
2121 #define MEASUREMENT_FILTER_FLAG (RXON_FILTER_PROMISC_MSK         | \
2122 				 RXON_FILTER_CTL2HOST_MSK        | \
2123 				 RXON_FILTER_ACCEPT_GRP_MSK      | \
2124 				 RXON_FILTER_DIS_DECRYPT_MSK     | \
2125 				 RXON_FILTER_DIS_GRP_DECRYPT_MSK | \
2126 				 RXON_FILTER_ASSOC_MSK           | \
2127 				 RXON_FILTER_BCON_AWARE_MSK)
2128 
2129 struct il_measure_channel {
2130 	__le32 duration;	/* measurement duration in extended beacon
2131 				 * format */
2132 	u8 channel;		/* channel to measure */
2133 	u8 type;		/* see enum il_measure_type */
2134 	__le16 reserved;
2135 } __packed;
2136 
2137 /*
2138  * C_SPECTRUM_MEASUREMENT = 0x74 (command)
2139  */
2140 struct il_spectrum_cmd {
2141 	__le16 len;		/* number of bytes starting from token */
2142 	u8 token;		/* token id */
2143 	u8 id;			/* measurement id -- 0 or 1 */
2144 	u8 origin;		/* 0 = TGh, 1 = other, 2 = TGk */
2145 	u8 periodic;		/* 1 = periodic */
2146 	__le16 path_loss_timeout;
2147 	__le32 start_time;	/* start time in extended beacon format */
2148 	__le32 reserved2;
2149 	__le32 flags;		/* rxon flags */
2150 	__le32 filter_flags;	/* rxon filter flags */
2151 	__le16 channel_count;	/* minimum 1, maximum 10 */
2152 	__le16 reserved3;
2153 	struct il_measure_channel channels[10];
2154 } __packed;
2155 
2156 /*
2157  * C_SPECTRUM_MEASUREMENT = 0x74 (response)
2158  */
2159 struct il_spectrum_resp {
2160 	u8 token;
2161 	u8 id;			/* id of the prior command replaced, or 0xff */
2162 	__le16 status;		/* 0 - command will be handled
2163 				 * 1 - cannot handle (conflicts with another
2164 				 *     measurement) */
2165 } __packed;
2166 
2167 enum il_measurement_state {
2168 	IL_MEASUREMENT_START = 0,
2169 	IL_MEASUREMENT_STOP = 1,
2170 };
2171 
2172 enum il_measurement_status {
2173 	IL_MEASUREMENT_OK = 0,
2174 	IL_MEASUREMENT_CONCURRENT = 1,
2175 	IL_MEASUREMENT_CSA_CONFLICT = 2,
2176 	IL_MEASUREMENT_TGH_CONFLICT = 3,
2177 	/* 4-5 reserved */
2178 	IL_MEASUREMENT_STOPPED = 6,
2179 	IL_MEASUREMENT_TIMEOUT = 7,
2180 	IL_MEASUREMENT_PERIODIC_FAILED = 8,
2181 };
2182 
2183 #define NUM_ELEMENTS_IN_HISTOGRAM 8
2184 
2185 struct il_measurement_histogram {
2186 	__le32 ofdm[NUM_ELEMENTS_IN_HISTOGRAM];	/* in 0.8usec counts */
2187 	__le32 cck[NUM_ELEMENTS_IN_HISTOGRAM];	/* in 1usec counts */
2188 } __packed;
2189 
2190 /* clear channel availability counters */
2191 struct il_measurement_cca_counters {
2192 	__le32 ofdm;
2193 	__le32 cck;
2194 } __packed;
2195 
2196 enum il_measure_type {
2197 	IL_MEASURE_BASIC = (1 << 0),
2198 	IL_MEASURE_CHANNEL_LOAD = (1 << 1),
2199 	IL_MEASURE_HISTOGRAM_RPI = (1 << 2),
2200 	IL_MEASURE_HISTOGRAM_NOISE = (1 << 3),
2201 	IL_MEASURE_FRAME = (1 << 4),
2202 	/* bits 5:6 are reserved */
2203 	IL_MEASURE_IDLE = (1 << 7),
2204 };
2205 
2206 /*
2207  * N_SPECTRUM_MEASUREMENT = 0x75 (notification only, not a command)
2208  */
2209 struct il_spectrum_notification {
2210 	u8 id;			/* measurement id -- 0 or 1 */
2211 	u8 token;
2212 	u8 channel_idx;		/* idx in measurement channel list */
2213 	u8 state;		/* 0 - start, 1 - stop */
2214 	__le32 start_time;	/* lower 32-bits of TSF */
2215 	u8 band;		/* 0 - 5.2GHz, 1 - 2.4GHz */
2216 	u8 channel;
2217 	u8 type;		/* see enum il_measurement_type */
2218 	u8 reserved1;
2219 	/* NOTE:  cca_ofdm, cca_cck, basic_type, and histogram are only only
2220 	 * valid if applicable for measurement type requested. */
2221 	__le32 cca_ofdm;	/* cca fraction time in 40Mhz clock periods */
2222 	__le32 cca_cck;		/* cca fraction time in 44Mhz clock periods */
2223 	__le32 cca_time;	/* channel load time in usecs */
2224 	u8 basic_type;		/* 0 - bss, 1 - ofdm preamble, 2 -
2225 				 * unidentified */
2226 	u8 reserved2[3];
2227 	struct il_measurement_histogram histogram;
2228 	__le32 stop_time;	/* lower 32-bits of TSF */
2229 	__le32 status;		/* see il_measurement_status */
2230 } __packed;
2231 
2232 /******************************************************************************
2233  * (7)
2234  * Power Management Commands, Responses, Notifications:
2235  *
2236  *****************************************************************************/
2237 
2238 /**
2239  * struct il_powertable_cmd - Power Table Command
2240  * @flags: See below:
2241  *
2242  * C_POWER_TBL = 0x77 (command, has simple generic response)
2243  *
2244  * PM allow:
2245  *   bit 0 - '0' Driver not allow power management
2246  *           '1' Driver allow PM (use rest of parameters)
2247  *
2248  * uCode send sleep notifications:
2249  *   bit 1 - '0' Don't send sleep notification
2250  *           '1' send sleep notification (SEND_PM_NOTIFICATION)
2251  *
2252  * Sleep over DTIM
2253  *   bit 2 - '0' PM have to walk up every DTIM
2254  *           '1' PM could sleep over DTIM till listen Interval.
2255  *
2256  * PCI power managed
2257  *   bit 3 - '0' (PCI_CFG_LINK_CTRL & 0x1)
2258  *           '1' !(PCI_CFG_LINK_CTRL & 0x1)
2259  *
2260  * Fast PD
2261  *   bit 4 - '1' Put radio to sleep when receiving frame for others
2262  *
2263  * Force sleep Modes
2264  *   bit 31/30- '00' use both mac/xtal sleeps
2265  *              '01' force Mac sleep
2266  *              '10' force xtal sleep
2267  *              '11' Illegal set
2268  *
2269  * NOTE: if sleep_interval[SLEEP_INTRVL_TBL_SIZE-1] > DTIM period then
2270  * ucode assume sleep over DTIM is allowed and we don't need to wake up
2271  * for every DTIM.
2272  */
2273 #define IL_POWER_VEC_SIZE 5
2274 
2275 #define IL_POWER_DRIVER_ALLOW_SLEEP_MSK		cpu_to_le16(BIT(0))
2276 #define IL_POWER_SLEEP_OVER_DTIM_MSK		cpu_to_le16(BIT(2))
2277 #define IL_POWER_PCI_PM_MSK			cpu_to_le16(BIT(3))
2278 
2279 struct il3945_powertable_cmd {
2280 	__le16 flags;
2281 	u8 reserved[2];
2282 	__le32 rx_data_timeout;
2283 	__le32 tx_data_timeout;
2284 	__le32 sleep_interval[IL_POWER_VEC_SIZE];
2285 } __packed;
2286 
2287 struct il_powertable_cmd {
2288 	__le16 flags;
2289 	u8 keep_alive_seconds;	/* 3945 reserved */
2290 	u8 debug_flags;		/* 3945 reserved */
2291 	__le32 rx_data_timeout;
2292 	__le32 tx_data_timeout;
2293 	__le32 sleep_interval[IL_POWER_VEC_SIZE];
2294 	__le32 keep_alive_beacons;
2295 } __packed;
2296 
2297 /*
2298  * N_PM_SLEEP = 0x7A (notification only, not a command)
2299  * all devices identical.
2300  */
2301 struct il_sleep_notification {
2302 	u8 pm_sleep_mode;
2303 	u8 pm_wakeup_src;
2304 	__le16 reserved;
2305 	__le32 sleep_time;
2306 	__le32 tsf_low;
2307 	__le32 bcon_timer;
2308 } __packed;
2309 
2310 /* Sleep states.  all devices identical. */
2311 enum {
2312 	IL_PM_NO_SLEEP = 0,
2313 	IL_PM_SLP_MAC = 1,
2314 	IL_PM_SLP_FULL_MAC_UNASSOCIATE = 2,
2315 	IL_PM_SLP_FULL_MAC_CARD_STATE = 3,
2316 	IL_PM_SLP_PHY = 4,
2317 	IL_PM_SLP_REPENT = 5,
2318 	IL_PM_WAKEUP_BY_TIMER = 6,
2319 	IL_PM_WAKEUP_BY_DRIVER = 7,
2320 	IL_PM_WAKEUP_BY_RFKILL = 8,
2321 	/* 3 reserved */
2322 	IL_PM_NUM_OF_MODES = 12,
2323 };
2324 
2325 /*
2326  * N_CARD_STATE = 0xa1 (notification only, not a command)
2327  */
2328 struct il_card_state_notif {
2329 	__le32 flags;
2330 } __packed;
2331 
2332 #define HW_CARD_DISABLED   0x01
2333 #define SW_CARD_DISABLED   0x02
2334 #define CT_CARD_DISABLED   0x04
2335 #define RXON_CARD_DISABLED 0x10
2336 
2337 struct il_ct_kill_config {
2338 	__le32 reserved;
2339 	__le32 critical_temperature_M;
2340 	__le32 critical_temperature_R;
2341 } __packed;
2342 
2343 /******************************************************************************
2344  * (8)
2345  * Scan Commands, Responses, Notifications:
2346  *
2347  *****************************************************************************/
2348 
2349 #define SCAN_CHANNEL_TYPE_PASSIVE cpu_to_le32(0)
2350 #define SCAN_CHANNEL_TYPE_ACTIVE  cpu_to_le32(1)
2351 
2352 /**
2353  * struct il_scan_channel - entry in C_SCAN channel table
2354  *
2355  * One for each channel in the scan list.
2356  * Each channel can independently select:
2357  * 1)  SSID for directed active scans
2358  * 2)  Txpower setting (for rate specified within Tx command)
2359  * 3)  How long to stay on-channel (behavior may be modified by quiet_time,
2360  *     quiet_plcp_th, good_CRC_th)
2361  *
2362  * To avoid uCode errors, make sure the following are true (see comments
2363  * under struct il_scan_cmd about max_out_time and quiet_time):
2364  * 1)  If using passive_dwell (i.e. passive_dwell != 0):
2365  *     active_dwell <= passive_dwell (< max_out_time if max_out_time != 0)
2366  * 2)  quiet_time <= active_dwell
2367  * 3)  If restricting off-channel time (i.e. max_out_time !=0):
2368  *     passive_dwell < max_out_time
2369  *     active_dwell < max_out_time
2370  */
2371 struct il3945_scan_channel {
2372 	/*
2373 	 * type is defined as:
2374 	 * 0:0 1 = active, 0 = passive
2375 	 * 1:4 SSID direct bit map; if a bit is set, then corresponding
2376 	 *     SSID IE is transmitted in probe request.
2377 	 * 5:7 reserved
2378 	 */
2379 	u8 type;
2380 	u8 channel;		/* band is selected by il3945_scan_cmd "flags" field */
2381 	struct il3945_tx_power tpc;
2382 	__le16 active_dwell;	/* in 1024-uSec TU (time units), typ 5-50 */
2383 	__le16 passive_dwell;	/* in 1024-uSec TU (time units), typ 20-500 */
2384 } __packed;
2385 
2386 /* set number of direct probes u8 type */
2387 #define IL39_SCAN_PROBE_MASK(n) ((BIT(n) | (BIT(n) - BIT(1))))
2388 
2389 struct il_scan_channel {
2390 	/*
2391 	 * type is defined as:
2392 	 * 0:0 1 = active, 0 = passive
2393 	 * 1:20 SSID direct bit map; if a bit is set, then corresponding
2394 	 *     SSID IE is transmitted in probe request.
2395 	 * 21:31 reserved
2396 	 */
2397 	__le32 type;
2398 	__le16 channel;		/* band is selected by il_scan_cmd "flags" field */
2399 	u8 tx_gain;		/* gain for analog radio */
2400 	u8 dsp_atten;		/* gain for DSP */
2401 	__le16 active_dwell;	/* in 1024-uSec TU (time units), typ 5-50 */
2402 	__le16 passive_dwell;	/* in 1024-uSec TU (time units), typ 20-500 */
2403 } __packed;
2404 
2405 /* set number of direct probes __le32 type */
2406 #define IL_SCAN_PROBE_MASK(n)	cpu_to_le32((BIT(n) | (BIT(n) - BIT(1))))
2407 
2408 /**
2409  * struct il_ssid_ie - directed scan network information element
2410  *
2411  * Up to 20 of these may appear in C_SCAN (Note: Only 4 are in
2412  * 3945 SCAN api), selected by "type" bit field in struct il_scan_channel;
2413  * each channel may select different ssids from among the 20 (4) entries.
2414  * SSID IEs get transmitted in reverse order of entry.
2415  */
2416 struct il_ssid_ie {
2417 	u8 id;
2418 	u8 len;
2419 	u8 ssid[32];
2420 } __packed;
2421 
2422 #define PROBE_OPTION_MAX_3945		4
2423 #define PROBE_OPTION_MAX		20
2424 #define TX_CMD_LIFE_TIME_INFINITE	cpu_to_le32(0xFFFFFFFF)
2425 #define IL_GOOD_CRC_TH_DISABLED	0
2426 #define IL_GOOD_CRC_TH_DEFAULT		cpu_to_le16(1)
2427 #define IL_GOOD_CRC_TH_NEVER		cpu_to_le16(0xffff)
2428 #define IL_MAX_SCAN_SIZE 1024
2429 #define IL_MAX_CMD_SIZE 4096
2430 
2431 /*
2432  * C_SCAN = 0x80 (command)
2433  *
2434  * The hardware scan command is very powerful; the driver can set it up to
2435  * maintain (relatively) normal network traffic while doing a scan in the
2436  * background.  The max_out_time and suspend_time control the ratio of how
2437  * long the device stays on an associated network channel ("service channel")
2438  * vs. how long it's away from the service channel, i.e. tuned to other channels
2439  * for scanning.
2440  *
2441  * max_out_time is the max time off-channel (in usec), and suspend_time
2442  * is how long (in "extended beacon" format) that the scan is "suspended"
2443  * after returning to the service channel.  That is, suspend_time is the
2444  * time that we stay on the service channel, doing normal work, between
2445  * scan segments.  The driver may set these parameters differently to support
2446  * scanning when associated vs. not associated, and light vs. heavy traffic
2447  * loads when associated.
2448  *
2449  * After receiving this command, the device's scan engine does the following;
2450  *
2451  * 1)  Sends SCAN_START notification to driver
2452  * 2)  Checks to see if it has time to do scan for one channel
2453  * 3)  Sends NULL packet, with power-save (PS) bit set to 1,
2454  *     to tell AP that we're going off-channel
2455  * 4)  Tunes to first channel in scan list, does active or passive scan
2456  * 5)  Sends SCAN_RESULT notification to driver
2457  * 6)  Checks to see if it has time to do scan on *next* channel in list
2458  * 7)  Repeats 4-6 until it no longer has time to scan the next channel
2459  *     before max_out_time expires
2460  * 8)  Returns to service channel
2461  * 9)  Sends NULL packet with PS=0 to tell AP that we're back
2462  * 10) Stays on service channel until suspend_time expires
2463  * 11) Repeats entire process 2-10 until list is complete
2464  * 12) Sends SCAN_COMPLETE notification
2465  *
2466  * For fast, efficient scans, the scan command also has support for staying on
2467  * a channel for just a short time, if doing active scanning and getting no
2468  * responses to the transmitted probe request.  This time is controlled by
2469  * quiet_time, and the number of received packets below which a channel is
2470  * considered "quiet" is controlled by quiet_plcp_threshold.
2471  *
2472  * For active scanning on channels that have regulatory restrictions against
2473  * blindly transmitting, the scan can listen before transmitting, to make sure
2474  * that there is already legitimate activity on the channel.  If enough
2475  * packets are cleanly received on the channel (controlled by good_CRC_th,
2476  * typical value 1), the scan engine starts transmitting probe requests.
2477  *
2478  * Driver must use separate scan commands for 2.4 vs. 5 GHz bands.
2479  *
2480  * To avoid uCode errors, see timing restrictions described under
2481  * struct il_scan_channel.
2482  */
2483 
2484 struct il3945_scan_cmd {
2485 	__le16 len;
2486 	u8 reserved0;
2487 	u8 channel_count;	/* # channels in channel list */
2488 	__le16 quiet_time;	/* dwell only this # millisecs on quiet channel
2489 				 * (only for active scan) */
2490 	__le16 quiet_plcp_th;	/* quiet chnl is < this # pkts (typ. 1) */
2491 	__le16 good_CRC_th;	/* passive -> active promotion threshold */
2492 	__le16 reserved1;
2493 	__le32 max_out_time;	/* max usec to be away from associated (service)
2494 				 * channel */
2495 	__le32 suspend_time;	/* pause scan this long (in "extended beacon
2496 				 * format") when returning to service channel:
2497 				 * 3945; 31:24 # beacons, 19:0 additional usec,
2498 				 * 4965; 31:22 # beacons, 21:0 additional usec.
2499 				 */
2500 	__le32 flags;		/* RXON_FLG_* */
2501 	__le32 filter_flags;	/* RXON_FILTER_* */
2502 
2503 	/* For active scans (set to all-0s for passive scans).
2504 	 * Does not include payload.  Must specify Tx rate; no rate scaling. */
2505 	struct il3945_tx_cmd tx_cmd;
2506 
2507 	/* For directed active scans (set to all-0s otherwise) */
2508 	struct il_ssid_ie direct_scan[PROBE_OPTION_MAX_3945];
2509 
2510 	/*
2511 	 * Probe request frame, followed by channel list.
2512 	 *
2513 	 * Size of probe request frame is specified by byte count in tx_cmd.
2514 	 * Channel list follows immediately after probe request frame.
2515 	 * Number of channels in list is specified by channel_count.
2516 	 * Each channel in list is of type:
2517 	 *
2518 	 * struct il3945_scan_channel channels[0];
2519 	 *
2520 	 * NOTE:  Only one band of channels can be scanned per pass.  You
2521 	 * must not mix 2.4GHz channels and 5.2GHz channels, and you must wait
2522 	 * for one scan to complete (i.e. receive N_SCAN_COMPLETE)
2523 	 * before requesting another scan.
2524 	 */
2525 	u8 data[];
2526 } __packed;
2527 
2528 struct il_scan_cmd {
2529 	__le16 len;
2530 	u8 reserved0;
2531 	u8 channel_count;	/* # channels in channel list */
2532 	__le16 quiet_time;	/* dwell only this # millisecs on quiet channel
2533 				 * (only for active scan) */
2534 	__le16 quiet_plcp_th;	/* quiet chnl is < this # pkts (typ. 1) */
2535 	__le16 good_CRC_th;	/* passive -> active promotion threshold */
2536 	__le16 rx_chain;	/* RXON_RX_CHAIN_* */
2537 	__le32 max_out_time;	/* max usec to be away from associated (service)
2538 				 * channel */
2539 	__le32 suspend_time;	/* pause scan this long (in "extended beacon
2540 				 * format") when returning to service chnl:
2541 				 * 3945; 31:24 # beacons, 19:0 additional usec,
2542 				 * 4965; 31:22 # beacons, 21:0 additional usec.
2543 				 */
2544 	__le32 flags;		/* RXON_FLG_* */
2545 	__le32 filter_flags;	/* RXON_FILTER_* */
2546 
2547 	/* For active scans (set to all-0s for passive scans).
2548 	 * Does not include payload.  Must specify Tx rate; no rate scaling. */
2549 	struct il_tx_cmd tx_cmd;
2550 
2551 	/* For directed active scans (set to all-0s otherwise) */
2552 	struct il_ssid_ie direct_scan[PROBE_OPTION_MAX];
2553 
2554 	/*
2555 	 * Probe request frame, followed by channel list.
2556 	 *
2557 	 * Size of probe request frame is specified by byte count in tx_cmd.
2558 	 * Channel list follows immediately after probe request frame.
2559 	 * Number of channels in list is specified by channel_count.
2560 	 * Each channel in list is of type:
2561 	 *
2562 	 * struct il_scan_channel channels[0];
2563 	 *
2564 	 * NOTE:  Only one band of channels can be scanned per pass.  You
2565 	 * must not mix 2.4GHz channels and 5.2GHz channels, and you must wait
2566 	 * for one scan to complete (i.e. receive N_SCAN_COMPLETE)
2567 	 * before requesting another scan.
2568 	 */
2569 	u8 data[];
2570 } __packed;
2571 
2572 /* Can abort will notify by complete notification with abort status. */
2573 #define CAN_ABORT_STATUS	cpu_to_le32(0x1)
2574 /* complete notification statuses */
2575 #define ABORT_STATUS            0x2
2576 
2577 /*
2578  * C_SCAN = 0x80 (response)
2579  */
2580 struct il_scanreq_notification {
2581 	__le32 status;		/* 1: okay, 2: cannot fulfill request */
2582 } __packed;
2583 
2584 /*
2585  * N_SCAN_START = 0x82 (notification only, not a command)
2586  */
2587 struct il_scanstart_notification {
2588 	__le32 tsf_low;
2589 	__le32 tsf_high;
2590 	__le32 beacon_timer;
2591 	u8 channel;
2592 	u8 band;
2593 	u8 reserved[2];
2594 	__le32 status;
2595 } __packed;
2596 
2597 #define  SCAN_OWNER_STATUS 0x1
2598 #define  MEASURE_OWNER_STATUS 0x2
2599 
2600 #define IL_PROBE_STATUS_OK		0
2601 #define IL_PROBE_STATUS_TX_FAILED	BIT(0)
2602 /* error statuses combined with TX_FAILED */
2603 #define IL_PROBE_STATUS_FAIL_TTL	BIT(1)
2604 #define IL_PROBE_STATUS_FAIL_BT	BIT(2)
2605 
2606 #define NUMBER_OF_STATS 1	/* first __le32 is good CRC */
2607 /*
2608  * N_SCAN_RESULTS = 0x83 (notification only, not a command)
2609  */
2610 struct il_scanresults_notification {
2611 	u8 channel;
2612 	u8 band;
2613 	u8 probe_status;
2614 	u8 num_probe_not_sent;	/* not enough time to send */
2615 	__le32 tsf_low;
2616 	__le32 tsf_high;
2617 	__le32 stats[NUMBER_OF_STATS];
2618 } __packed;
2619 
2620 /*
2621  * N_SCAN_COMPLETE = 0x84 (notification only, not a command)
2622  */
2623 struct il_scancomplete_notification {
2624 	u8 scanned_channels;
2625 	u8 status;
2626 	u8 last_channel;
2627 	__le32 tsf_low;
2628 	__le32 tsf_high;
2629 } __packed;
2630 
2631 /******************************************************************************
2632  * (9)
2633  * IBSS/AP Commands and Notifications:
2634  *
2635  *****************************************************************************/
2636 
2637 enum il_ibss_manager {
2638 	IL_NOT_IBSS_MANAGER = 0,
2639 	IL_IBSS_MANAGER = 1,
2640 };
2641 
2642 /*
2643  * N_BEACON = 0x90 (notification only, not a command)
2644  */
2645 
2646 struct il3945_beacon_notif {
2647 	struct il3945_tx_resp beacon_notify_hdr;
2648 	__le32 low_tsf;
2649 	__le32 high_tsf;
2650 	__le32 ibss_mgr_status;
2651 } __packed;
2652 
2653 struct il4965_beacon_notif {
2654 	struct il4965_tx_resp beacon_notify_hdr;
2655 	__le32 low_tsf;
2656 	__le32 high_tsf;
2657 	__le32 ibss_mgr_status;
2658 } __packed;
2659 
2660 /*
2661  * C_TX_BEACON= 0x91 (command, has simple generic response)
2662  */
2663 
2664 struct il3945_tx_beacon_cmd {
2665 	struct il3945_tx_cmd tx;
2666 	__le16 tim_idx;
2667 	u8 tim_size;
2668 	u8 reserved1;
2669 	struct ieee80211_hdr frame[];	/* beacon frame */
2670 } __packed;
2671 
2672 struct il_tx_beacon_cmd {
2673 	struct il_tx_cmd tx;
2674 	__le16 tim_idx;
2675 	u8 tim_size;
2676 	u8 reserved1;
2677 	struct ieee80211_hdr frame[];	/* beacon frame */
2678 } __packed;
2679 
2680 /******************************************************************************
2681  * (10)
2682  * Statistics Commands and Notifications:
2683  *
2684  *****************************************************************************/
2685 
2686 #define IL_TEMP_CONVERT 260
2687 
2688 #define SUP_RATE_11A_MAX_NUM_CHANNELS  8
2689 #define SUP_RATE_11B_MAX_NUM_CHANNELS  4
2690 #define SUP_RATE_11G_MAX_NUM_CHANNELS  12
2691 
2692 /* Used for passing to driver number of successes and failures per rate */
2693 struct rate_histogram {
2694 	union {
2695 		__le32 a[SUP_RATE_11A_MAX_NUM_CHANNELS];
2696 		__le32 b[SUP_RATE_11B_MAX_NUM_CHANNELS];
2697 		__le32 g[SUP_RATE_11G_MAX_NUM_CHANNELS];
2698 	} success;
2699 	union {
2700 		__le32 a[SUP_RATE_11A_MAX_NUM_CHANNELS];
2701 		__le32 b[SUP_RATE_11B_MAX_NUM_CHANNELS];
2702 		__le32 g[SUP_RATE_11G_MAX_NUM_CHANNELS];
2703 	} failed;
2704 } __packed;
2705 
2706 /* stats command response */
2707 
2708 struct iwl39_stats_rx_phy {
2709 	__le32 ina_cnt;
2710 	__le32 fina_cnt;
2711 	__le32 plcp_err;
2712 	__le32 crc32_err;
2713 	__le32 overrun_err;
2714 	__le32 early_overrun_err;
2715 	__le32 crc32_good;
2716 	__le32 false_alarm_cnt;
2717 	__le32 fina_sync_err_cnt;
2718 	__le32 sfd_timeout;
2719 	__le32 fina_timeout;
2720 	__le32 unresponded_rts;
2721 	__le32 rxe_frame_limit_overrun;
2722 	__le32 sent_ack_cnt;
2723 	__le32 sent_cts_cnt;
2724 } __packed;
2725 
2726 struct iwl39_stats_rx_non_phy {
2727 	__le32 bogus_cts;	/* CTS received when not expecting CTS */
2728 	__le32 bogus_ack;	/* ACK received when not expecting ACK */
2729 	__le32 non_bssid_frames;	/* number of frames with BSSID that
2730 					 * doesn't belong to the STA BSSID */
2731 	__le32 filtered_frames;	/* count frames that were dumped in the
2732 				 * filtering process */
2733 	__le32 non_channel_beacons;	/* beacons with our bss id but not on
2734 					 * our serving channel */
2735 } __packed;
2736 
2737 struct iwl39_stats_rx {
2738 	struct iwl39_stats_rx_phy ofdm;
2739 	struct iwl39_stats_rx_phy cck;
2740 	struct iwl39_stats_rx_non_phy general;
2741 } __packed;
2742 
2743 struct iwl39_stats_tx {
2744 	__le32 preamble_cnt;
2745 	__le32 rx_detected_cnt;
2746 	__le32 bt_prio_defer_cnt;
2747 	__le32 bt_prio_kill_cnt;
2748 	__le32 few_bytes_cnt;
2749 	__le32 cts_timeout;
2750 	__le32 ack_timeout;
2751 	__le32 expected_ack_cnt;
2752 	__le32 actual_ack_cnt;
2753 } __packed;
2754 
2755 struct stats_dbg {
2756 	__le32 burst_check;
2757 	__le32 burst_count;
2758 	__le32 wait_for_silence_timeout_cnt;
2759 	__le32 reserved[3];
2760 } __packed;
2761 
2762 struct iwl39_stats_div {
2763 	__le32 tx_on_a;
2764 	__le32 tx_on_b;
2765 	__le32 exec_time;
2766 	__le32 probe_time;
2767 } __packed;
2768 
2769 struct iwl39_stats_general {
2770 	__le32 temperature;
2771 	struct stats_dbg dbg;
2772 	__le32 sleep_time;
2773 	__le32 slots_out;
2774 	__le32 slots_idle;
2775 	__le32 ttl_timestamp;
2776 	struct iwl39_stats_div div;
2777 } __packed;
2778 
2779 struct stats_rx_phy {
2780 	__le32 ina_cnt;
2781 	__le32 fina_cnt;
2782 	__le32 plcp_err;
2783 	__le32 crc32_err;
2784 	__le32 overrun_err;
2785 	__le32 early_overrun_err;
2786 	__le32 crc32_good;
2787 	__le32 false_alarm_cnt;
2788 	__le32 fina_sync_err_cnt;
2789 	__le32 sfd_timeout;
2790 	__le32 fina_timeout;
2791 	__le32 unresponded_rts;
2792 	__le32 rxe_frame_limit_overrun;
2793 	__le32 sent_ack_cnt;
2794 	__le32 sent_cts_cnt;
2795 	__le32 sent_ba_rsp_cnt;
2796 	__le32 dsp_self_kill;
2797 	__le32 mh_format_err;
2798 	__le32 re_acq_main_rssi_sum;
2799 	__le32 reserved3;
2800 } __packed;
2801 
2802 struct stats_rx_ht_phy {
2803 	__le32 plcp_err;
2804 	__le32 overrun_err;
2805 	__le32 early_overrun_err;
2806 	__le32 crc32_good;
2807 	__le32 crc32_err;
2808 	__le32 mh_format_err;
2809 	__le32 agg_crc32_good;
2810 	__le32 agg_mpdu_cnt;
2811 	__le32 agg_cnt;
2812 	__le32 unsupport_mcs;
2813 } __packed;
2814 
2815 #define INTERFERENCE_DATA_AVAILABLE      cpu_to_le32(1)
2816 
2817 struct stats_rx_non_phy {
2818 	__le32 bogus_cts;	/* CTS received when not expecting CTS */
2819 	__le32 bogus_ack;	/* ACK received when not expecting ACK */
2820 	__le32 non_bssid_frames;	/* number of frames with BSSID that
2821 					 * doesn't belong to the STA BSSID */
2822 	__le32 filtered_frames;	/* count frames that were dumped in the
2823 				 * filtering process */
2824 	__le32 non_channel_beacons;	/* beacons with our bss id but not on
2825 					 * our serving channel */
2826 	__le32 channel_beacons;	/* beacons with our bss id and in our
2827 				 * serving channel */
2828 	__le32 num_missed_bcon;	/* number of missed beacons */
2829 	__le32 adc_rx_saturation_time;	/* count in 0.8us units the time the
2830 					 * ADC was in saturation */
2831 	__le32 ina_detection_search_time;	/* total time (in 0.8us) searched
2832 						 * for INA */
2833 	__le32 beacon_silence_rssi_a;	/* RSSI silence after beacon frame */
2834 	__le32 beacon_silence_rssi_b;	/* RSSI silence after beacon frame */
2835 	__le32 beacon_silence_rssi_c;	/* RSSI silence after beacon frame */
2836 	__le32 interference_data_flag;	/* flag for interference data
2837 					 * availability. 1 when data is
2838 					 * available. */
2839 	__le32 channel_load;	/* counts RX Enable time in uSec */
2840 	__le32 dsp_false_alarms;	/* DSP false alarm (both OFDM
2841 					 * and CCK) counter */
2842 	__le32 beacon_rssi_a;
2843 	__le32 beacon_rssi_b;
2844 	__le32 beacon_rssi_c;
2845 	__le32 beacon_energy_a;
2846 	__le32 beacon_energy_b;
2847 	__le32 beacon_energy_c;
2848 } __packed;
2849 
2850 struct stats_rx {
2851 	struct stats_rx_phy ofdm;
2852 	struct stats_rx_phy cck;
2853 	struct stats_rx_non_phy general;
2854 	struct stats_rx_ht_phy ofdm_ht;
2855 } __packed;
2856 
2857 /**
2858  * struct stats_tx_power - current tx power
2859  *
2860  * @ant_a: current tx power on chain a in 1/2 dB step
2861  * @ant_b: current tx power on chain b in 1/2 dB step
2862  * @ant_c: current tx power on chain c in 1/2 dB step
2863  */
2864 struct stats_tx_power {
2865 	u8 ant_a;
2866 	u8 ant_b;
2867 	u8 ant_c;
2868 	u8 reserved;
2869 } __packed;
2870 
2871 struct stats_tx_non_phy_agg {
2872 	__le32 ba_timeout;
2873 	__le32 ba_reschedule_frames;
2874 	__le32 scd_query_agg_frame_cnt;
2875 	__le32 scd_query_no_agg;
2876 	__le32 scd_query_agg;
2877 	__le32 scd_query_mismatch;
2878 	__le32 frame_not_ready;
2879 	__le32 underrun;
2880 	__le32 bt_prio_kill;
2881 	__le32 rx_ba_rsp_cnt;
2882 } __packed;
2883 
2884 struct stats_tx {
2885 	__le32 preamble_cnt;
2886 	__le32 rx_detected_cnt;
2887 	__le32 bt_prio_defer_cnt;
2888 	__le32 bt_prio_kill_cnt;
2889 	__le32 few_bytes_cnt;
2890 	__le32 cts_timeout;
2891 	__le32 ack_timeout;
2892 	__le32 expected_ack_cnt;
2893 	__le32 actual_ack_cnt;
2894 	__le32 dump_msdu_cnt;
2895 	__le32 burst_abort_next_frame_mismatch_cnt;
2896 	__le32 burst_abort_missing_next_frame_cnt;
2897 	__le32 cts_timeout_collision;
2898 	__le32 ack_or_ba_timeout_collision;
2899 	struct stats_tx_non_phy_agg agg;
2900 
2901 	__le32 reserved1;
2902 } __packed;
2903 
2904 struct stats_div {
2905 	__le32 tx_on_a;
2906 	__le32 tx_on_b;
2907 	__le32 exec_time;
2908 	__le32 probe_time;
2909 	__le32 reserved1;
2910 	__le32 reserved2;
2911 } __packed;
2912 
2913 struct stats_general_common {
2914 	__le32 temperature;	/* radio temperature */
2915 	struct stats_dbg dbg;
2916 	__le32 sleep_time;
2917 	__le32 slots_out;
2918 	__le32 slots_idle;
2919 	__le32 ttl_timestamp;
2920 	struct stats_div div;
2921 	__le32 rx_enable_counter;
2922 	/*
2923 	 * num_of_sos_states:
2924 	 *  count the number of times we have to re-tune
2925 	 *  in order to get out of bad PHY status
2926 	 */
2927 	__le32 num_of_sos_states;
2928 } __packed;
2929 
2930 struct stats_general {
2931 	struct stats_general_common common;
2932 	__le32 reserved2;
2933 	__le32 reserved3;
2934 } __packed;
2935 
2936 #define UCODE_STATS_CLEAR_MSK		(0x1 << 0)
2937 #define UCODE_STATS_FREQUENCY_MSK		(0x1 << 1)
2938 #define UCODE_STATS_NARROW_BAND_MSK	(0x1 << 2)
2939 
2940 /*
2941  * C_STATS = 0x9c,
2942  * all devices identical.
2943  *
2944  * This command triggers an immediate response containing uCode stats.
2945  * The response is in the same format as N_STATS 0x9d, below.
2946  *
2947  * If the CLEAR_STATS configuration flag is set, uCode will clear its
2948  * internal copy of the stats (counters) after issuing the response.
2949  * This flag does not affect N_STATSs after beacons (see below).
2950  *
2951  * If the DISABLE_NOTIF configuration flag is set, uCode will not issue
2952  * N_STATSs after received beacons (see below).  This flag
2953  * does not affect the response to the C_STATS 0x9c itself.
2954  */
2955 #define IL_STATS_CONF_CLEAR_STATS cpu_to_le32(0x1)	/* see above */
2956 #define IL_STATS_CONF_DISABLE_NOTIF cpu_to_le32(0x2)	/* see above */
2957 struct il_stats_cmd {
2958 	__le32 configuration_flags;	/* IL_STATS_CONF_* */
2959 } __packed;
2960 
2961 /*
2962  * N_STATS = 0x9d (notification only, not a command)
2963  *
2964  * By default, uCode issues this notification after receiving a beacon
2965  * while associated.  To disable this behavior, set DISABLE_NOTIF flag in the
2966  * C_STATS 0x9c, above.
2967  *
2968  * Statistics counters continue to increment beacon after beacon, but are
2969  * cleared when changing channels or when driver issues C_STATS
2970  * 0x9c with CLEAR_STATS bit set (see above).
2971  *
2972  * uCode also issues this notification during scans.  uCode clears stats
2973  * appropriately so that each notification contains stats for only the
2974  * one channel that has just been scanned.
2975  */
2976 #define STATS_REPLY_FLG_BAND_24G_MSK         cpu_to_le32(0x2)
2977 #define STATS_REPLY_FLG_HT40_MODE_MSK        cpu_to_le32(0x8)
2978 
2979 struct il3945_notif_stats {
2980 	__le32 flag;
2981 	struct iwl39_stats_rx rx;
2982 	struct iwl39_stats_tx tx;
2983 	struct iwl39_stats_general general;
2984 } __packed;
2985 
2986 struct il_notif_stats {
2987 	__le32 flag;
2988 	struct stats_rx rx;
2989 	struct stats_tx tx;
2990 	struct stats_general general;
2991 } __packed;
2992 
2993 /*
2994  * N_MISSED_BEACONS = 0xa2 (notification only, not a command)
2995  *
2996  * uCode send N_MISSED_BEACONS to driver when detect beacon missed
2997  * in regardless of how many missed beacons, which mean when driver receive the
2998  * notification, inside the command, it can find all the beacons information
2999  * which include number of total missed beacons, number of consecutive missed
3000  * beacons, number of beacons received and number of beacons expected to
3001  * receive.
3002  *
3003  * If uCode detected consecutive_missed_beacons > 5, it will reset the radio
3004  * in order to bring the radio/PHY back to working state; which has no relation
3005  * to when driver will perform sensitivity calibration.
3006  *
3007  * Driver should set it own missed_beacon_threshold to decide when to perform
3008  * sensitivity calibration based on number of consecutive missed beacons in
3009  * order to improve overall performance, especially in noisy environment.
3010  *
3011  */
3012 
3013 #define IL_MISSED_BEACON_THRESHOLD_MIN	(1)
3014 #define IL_MISSED_BEACON_THRESHOLD_DEF	(5)
3015 #define IL_MISSED_BEACON_THRESHOLD_MAX	IL_MISSED_BEACON_THRESHOLD_DEF
3016 
3017 struct il_missed_beacon_notif {
3018 	__le32 consecutive_missed_beacons;
3019 	__le32 total_missed_becons;
3020 	__le32 num_expected_beacons;
3021 	__le32 num_recvd_beacons;
3022 } __packed;
3023 
3024 /******************************************************************************
3025  * (11)
3026  * Rx Calibration Commands:
3027  *
3028  * With the uCode used for open source drivers, most Tx calibration (except
3029  * for Tx Power) and most Rx calibration is done by uCode during the
3030  * "initialize" phase of uCode boot.  Driver must calibrate only:
3031  *
3032  * 1)  Tx power (depends on temperature), described elsewhere
3033  * 2)  Receiver gain balance (optimize MIMO, and detect disconnected antennas)
3034  * 3)  Receiver sensitivity (to optimize signal detection)
3035  *
3036  *****************************************************************************/
3037 
3038 /**
3039  * C_SENSITIVITY = 0xa8 (command, has simple generic response)
3040  *
3041  * This command sets up the Rx signal detector for a sensitivity level that
3042  * is high enough to lock onto all signals within the associated network,
3043  * but low enough to ignore signals that are below a certain threshold, so as
3044  * not to have too many "false alarms".  False alarms are signals that the
3045  * Rx DSP tries to lock onto, but then discards after determining that they
3046  * are noise.
3047  *
3048  * The optimum number of false alarms is between 5 and 50 per 200 TUs
3049  * (200 * 1024 uSecs, i.e. 204.8 milliseconds) of actual Rx time (i.e.
3050  * time listening, not transmitting).  Driver must adjust sensitivity so that
3051  * the ratio of actual false alarms to actual Rx time falls within this range.
3052  *
3053  * While associated, uCode delivers N_STATSs after each
3054  * received beacon.  These provide information to the driver to analyze the
3055  * sensitivity.  Don't analyze stats that come in from scanning, or any
3056  * other non-associated-network source.  Pertinent stats include:
3057  *
3058  * From "general" stats (struct stats_rx_non_phy):
3059  *
3060  * (beacon_energy_[abc] & 0x0FF00) >> 8 (unsigned, higher value is lower level)
3061  *   Measure of energy of desired signal.  Used for establishing a level
3062  *   below which the device does not detect signals.
3063  *
3064  * (beacon_silence_rssi_[abc] & 0x0FF00) >> 8 (unsigned, units in dB)
3065  *   Measure of background noise in silent period after beacon.
3066  *
3067  * channel_load
3068  *   uSecs of actual Rx time during beacon period (varies according to
3069  *   how much time was spent transmitting).
3070  *
3071  * From "cck" and "ofdm" stats (struct stats_rx_phy), separately:
3072  *
3073  * false_alarm_cnt
3074  *   Signal locks abandoned early (before phy-level header).
3075  *
3076  * plcp_err
3077  *   Signal locks abandoned late (during phy-level header).
3078  *
3079  * NOTE:  Both false_alarm_cnt and plcp_err increment monotonically from
3080  *        beacon to beacon, i.e. each value is an accumulation of all errors
3081  *        before and including the latest beacon.  Values will wrap around to 0
3082  *        after counting up to 2^32 - 1.  Driver must differentiate vs.
3083  *        previous beacon's values to determine # false alarms in the current
3084  *        beacon period.
3085  *
3086  * Total number of false alarms = false_alarms + plcp_errs
3087  *
3088  * For OFDM, adjust the following table entries in struct il_sensitivity_cmd
3089  * (notice that the start points for OFDM are at or close to settings for
3090  * maximum sensitivity):
3091  *
3092  *                                             START  /  MIN  /  MAX
3093  *   HD_AUTO_CORR32_X1_TH_ADD_MIN_IDX          90   /   85  /  120
3094  *   HD_AUTO_CORR32_X1_TH_ADD_MIN_MRC_IDX     170   /  170  /  210
3095  *   HD_AUTO_CORR32_X4_TH_ADD_MIN_IDX         105   /  105  /  140
3096  *   HD_AUTO_CORR32_X4_TH_ADD_MIN_MRC_IDX     220   /  220  /  270
3097  *
3098  *   If actual rate of OFDM false alarms (+ plcp_errors) is too high
3099  *   (greater than 50 for each 204.8 msecs listening), reduce sensitivity
3100  *   by *adding* 1 to all 4 of the table entries above, up to the max for
3101  *   each entry.  Conversely, if false alarm rate is too low (less than 5
3102  *   for each 204.8 msecs listening), *subtract* 1 from each entry to
3103  *   increase sensitivity.
3104  *
3105  * For CCK sensitivity, keep track of the following:
3106  *
3107  *   1).  20-beacon history of maximum background noise, indicated by
3108  *        (beacon_silence_rssi_[abc] & 0x0FF00), units in dB, across the
3109  *        3 receivers.  For any given beacon, the "silence reference" is
3110  *        the maximum of last 60 samples (20 beacons * 3 receivers).
3111  *
3112  *   2).  10-beacon history of strongest signal level, as indicated
3113  *        by (beacon_energy_[abc] & 0x0FF00) >> 8, across the 3 receivers,
3114  *        i.e. the strength of the signal through the best receiver at the
3115  *        moment.  These measurements are "upside down", with lower values
3116  *        for stronger signals, so max energy will be *minimum* value.
3117  *
3118  *        Then for any given beacon, the driver must determine the *weakest*
3119  *        of the strongest signals; this is the minimum level that needs to be
3120  *        successfully detected, when using the best receiver at the moment.
3121  *        "Max cck energy" is the maximum (higher value means lower energy!)
3122  *        of the last 10 minima.  Once this is determined, driver must add
3123  *        a little margin by adding "6" to it.
3124  *
3125  *   3).  Number of consecutive beacon periods with too few false alarms.
3126  *        Reset this to 0 at the first beacon period that falls within the
3127  *        "good" range (5 to 50 false alarms per 204.8 milliseconds rx).
3128  *
3129  * Then, adjust the following CCK table entries in struct il_sensitivity_cmd
3130  * (notice that the start points for CCK are at maximum sensitivity):
3131  *
3132  *                                             START  /  MIN  /  MAX
3133  *   HD_AUTO_CORR40_X4_TH_ADD_MIN_IDX         125   /  125  /  200
3134  *   HD_AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX     200   /  200  /  400
3135  *   HD_MIN_ENERGY_CCK_DET_IDX                100   /    0  /  100
3136  *
3137  *   If actual rate of CCK false alarms (+ plcp_errors) is too high
3138  *   (greater than 50 for each 204.8 msecs listening), method for reducing
3139  *   sensitivity is:
3140  *
3141  *   1)  *Add* 3 to value in HD_AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX,
3142  *       up to max 400.
3143  *
3144  *   2)  If current value in HD_AUTO_CORR40_X4_TH_ADD_MIN_IDX is < 160,
3145  *       sensitivity has been reduced a significant amount; bring it up to
3146  *       a moderate 161.  Otherwise, *add* 3, up to max 200.
3147  *
3148  *   3)  a)  If current value in HD_AUTO_CORR40_X4_TH_ADD_MIN_IDX is > 160,
3149  *       sensitivity has been reduced only a moderate or small amount;
3150  *       *subtract* 2 from value in HD_MIN_ENERGY_CCK_DET_IDX,
3151  *       down to min 0.  Otherwise (if gain has been significantly reduced),
3152  *       don't change the HD_MIN_ENERGY_CCK_DET_IDX value.
3153  *
3154  *       b)  Save a snapshot of the "silence reference".
3155  *
3156  *   If actual rate of CCK false alarms (+ plcp_errors) is too low
3157  *   (less than 5 for each 204.8 msecs listening), method for increasing
3158  *   sensitivity is used only if:
3159  *
3160  *   1a)  Previous beacon did not have too many false alarms
3161  *   1b)  AND difference between previous "silence reference" and current
3162  *        "silence reference" (prev - current) is 2 or more,
3163  *   OR 2)  100 or more consecutive beacon periods have had rate of
3164  *          less than 5 false alarms per 204.8 milliseconds rx time.
3165  *
3166  *   Method for increasing sensitivity:
3167  *
3168  *   1)  *Subtract* 3 from value in HD_AUTO_CORR40_X4_TH_ADD_MIN_IDX,
3169  *       down to min 125.
3170  *
3171  *   2)  *Subtract* 3 from value in HD_AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX,
3172  *       down to min 200.
3173  *
3174  *   3)  *Add* 2 to value in HD_MIN_ENERGY_CCK_DET_IDX, up to max 100.
3175  *
3176  *   If actual rate of CCK false alarms (+ plcp_errors) is within good range
3177  *   (between 5 and 50 for each 204.8 msecs listening):
3178  *
3179  *   1)  Save a snapshot of the silence reference.
3180  *
3181  *   2)  If previous beacon had too many CCK false alarms (+ plcp_errors),
3182  *       give some extra margin to energy threshold by *subtracting* 8
3183  *       from value in HD_MIN_ENERGY_CCK_DET_IDX.
3184  *
3185  *   For all cases (too few, too many, good range), make sure that the CCK
3186  *   detection threshold (energy) is below the energy level for robust
3187  *   detection over the past 10 beacon periods, the "Max cck energy".
3188  *   Lower values mean higher energy; this means making sure that the value
3189  *   in HD_MIN_ENERGY_CCK_DET_IDX is at or *above* "Max cck energy".
3190  *
3191  */
3192 
3193 /*
3194  * Table entries in C_SENSITIVITY (struct il_sensitivity_cmd)
3195  */
3196 #define HD_TBL_SIZE  (11)	/* number of entries */
3197 #define HD_MIN_ENERGY_CCK_DET_IDX                 (0)	/* table idxes */
3198 #define HD_MIN_ENERGY_OFDM_DET_IDX                (1)
3199 #define HD_AUTO_CORR32_X1_TH_ADD_MIN_IDX          (2)
3200 #define HD_AUTO_CORR32_X1_TH_ADD_MIN_MRC_IDX      (3)
3201 #define HD_AUTO_CORR40_X4_TH_ADD_MIN_MRC_IDX      (4)
3202 #define HD_AUTO_CORR32_X4_TH_ADD_MIN_IDX          (5)
3203 #define HD_AUTO_CORR32_X4_TH_ADD_MIN_MRC_IDX      (6)
3204 #define HD_BARKER_CORR_TH_ADD_MIN_IDX             (7)
3205 #define HD_BARKER_CORR_TH_ADD_MIN_MRC_IDX         (8)
3206 #define HD_AUTO_CORR40_X4_TH_ADD_MIN_IDX          (9)
3207 #define HD_OFDM_ENERGY_TH_IN_IDX                  (10)
3208 
3209 /* Control field in struct il_sensitivity_cmd */
3210 #define C_SENSITIVITY_CONTROL_DEFAULT_TBL	cpu_to_le16(0)
3211 #define C_SENSITIVITY_CONTROL_WORK_TBL	cpu_to_le16(1)
3212 
3213 /**
3214  * struct il_sensitivity_cmd
3215  * @control:  (1) updates working table, (0) updates default table
3216  * @table:  energy threshold values, use HD_* as idx into table
3217  *
3218  * Always use "1" in "control" to update uCode's working table and DSP.
3219  */
3220 struct il_sensitivity_cmd {
3221 	__le16 control;		/* always use "1" */
3222 	__le16 table[HD_TBL_SIZE];	/* use HD_* as idx */
3223 } __packed;
3224 
3225 /**
3226  * C_PHY_CALIBRATION = 0xb0 (command, has simple generic response)
3227  *
3228  * This command sets the relative gains of 4965 device's 3 radio receiver chains.
3229  *
3230  * After the first association, driver should accumulate signal and noise
3231  * stats from the N_STATSs that follow the first 20
3232  * beacons from the associated network (don't collect stats that come
3233  * in from scanning, or any other non-network source).
3234  *
3235  * DISCONNECTED ANTENNA:
3236  *
3237  * Driver should determine which antennas are actually connected, by comparing
3238  * average beacon signal levels for the 3 Rx chains.  Accumulate (add) the
3239  * following values over 20 beacons, one accumulator for each of the chains
3240  * a/b/c, from struct stats_rx_non_phy:
3241  *
3242  * beacon_rssi_[abc] & 0x0FF (unsigned, units in dB)
3243  *
3244  * Find the strongest signal from among a/b/c.  Compare the other two to the
3245  * strongest.  If any signal is more than 15 dB (times 20, unless you
3246  * divide the accumulated values by 20) below the strongest, the driver
3247  * considers that antenna to be disconnected, and should not try to use that
3248  * antenna/chain for Rx or Tx.  If both A and B seem to be disconnected,
3249  * driver should declare the stronger one as connected, and attempt to use it
3250  * (A and B are the only 2 Tx chains!).
3251  *
3252  *
3253  * RX BALANCE:
3254  *
3255  * Driver should balance the 3 receivers (but just the ones that are connected
3256  * to antennas, see above) for gain, by comparing the average signal levels
3257  * detected during the silence after each beacon (background noise).
3258  * Accumulate (add) the following values over 20 beacons, one accumulator for
3259  * each of the chains a/b/c, from struct stats_rx_non_phy:
3260  *
3261  * beacon_silence_rssi_[abc] & 0x0FF (unsigned, units in dB)
3262  *
3263  * Find the weakest background noise level from among a/b/c.  This Rx chain
3264  * will be the reference, with 0 gain adjustment.  Attenuate other channels by
3265  * finding noise difference:
3266  *
3267  * (accum_noise[i] - accum_noise[reference]) / 30
3268  *
3269  * The "30" adjusts the dB in the 20 accumulated samples to units of 1.5 dB.
3270  * For use in diff_gain_[abc] fields of struct il_calibration_cmd, the
3271  * driver should limit the difference results to a range of 0-3 (0-4.5 dB),
3272  * and set bit 2 to indicate "reduce gain".  The value for the reference
3273  * (weakest) chain should be "0".
3274  *
3275  * diff_gain_[abc] bit fields:
3276  *   2: (1) reduce gain, (0) increase gain
3277  * 1-0: amount of gain, units of 1.5 dB
3278  */
3279 
3280 /* Phy calibration command for series */
3281 /* The default calibrate table size if not specified by firmware */
3282 #define IL_DEFAULT_STANDARD_PHY_CALIBRATE_TBL_SIZE	18
3283 enum {
3284 	IL_PHY_CALIBRATE_DIFF_GAIN_CMD = 7,
3285 	IL_MAX_STANDARD_PHY_CALIBRATE_TBL_SIZE = 19,
3286 };
3287 
3288 #define IL_MAX_PHY_CALIBRATE_TBL_SIZE		(253)
3289 
3290 struct il_calib_hdr {
3291 	u8 op_code;
3292 	u8 first_group;
3293 	u8 groups_num;
3294 	u8 data_valid;
3295 } __packed;
3296 
3297 /* IL_PHY_CALIBRATE_DIFF_GAIN_CMD (7) */
3298 struct il_calib_diff_gain_cmd {
3299 	struct il_calib_hdr hdr;
3300 	s8 diff_gain_a;		/* see above */
3301 	s8 diff_gain_b;
3302 	s8 diff_gain_c;
3303 	u8 reserved1;
3304 } __packed;
3305 
3306 /******************************************************************************
3307  * (12)
3308  * Miscellaneous Commands:
3309  *
3310  *****************************************************************************/
3311 
3312 /*
3313  * LEDs Command & Response
3314  * C_LEDS = 0x48 (command, has simple generic response)
3315  *
3316  * For each of 3 possible LEDs (Activity/Link/Tech, selected by "id" field),
3317  * this command turns it on or off, or sets up a periodic blinking cycle.
3318  */
3319 struct il_led_cmd {
3320 	__le32 interval;	/* "interval" in uSec */
3321 	u8 id;			/* 1: Activity, 2: Link, 3: Tech */
3322 	u8 off;			/* # intervals off while blinking;
3323 				 * "0", with >0 "on" value, turns LED on */
3324 	u8 on;			/* # intervals on while blinking;
3325 				 * "0", regardless of "off", turns LED off */
3326 	u8 reserved;
3327 } __packed;
3328 
3329 /******************************************************************************
3330  * (13)
3331  * Union of all expected notifications/responses:
3332  *
3333  *****************************************************************************/
3334 
3335 #define IL_RX_FRAME_SIZE_MSK	0x00003fff
3336 
3337 struct il_rx_pkt {
3338 	/*
3339 	 * The first 4 bytes of the RX frame header contain both the RX frame
3340 	 * size and some flags.
3341 	 * Bit fields:
3342 	 * 31:    flag flush RB request
3343 	 * 30:    flag ignore TC (terminal counter) request
3344 	 * 29:    flag fast IRQ request
3345 	 * 28-14: Reserved
3346 	 * 13-00: RX frame size
3347 	 */
3348 	__le32 len_n_flags;
3349 	struct il_cmd_header hdr;
3350 	union {
3351 		struct il3945_rx_frame rx_frame;
3352 		struct il3945_tx_resp tx_resp;
3353 		struct il3945_beacon_notif beacon_status;
3354 
3355 		struct il_alive_resp alive_frame;
3356 		struct il_spectrum_notification spectrum_notif;
3357 		struct il_csa_notification csa_notif;
3358 		struct il_error_resp err_resp;
3359 		struct il_card_state_notif card_state_notif;
3360 		struct il_add_sta_resp add_sta;
3361 		struct il_rem_sta_resp rem_sta;
3362 		struct il_sleep_notification sleep_notif;
3363 		struct il_spectrum_resp spectrum;
3364 		struct il_notif_stats stats;
3365 		struct il_compressed_ba_resp compressed_ba;
3366 		struct il_missed_beacon_notif missed_beacon;
3367 		__le32 status;
3368 		u8 raw[0];
3369 	} u;
3370 } __packed;
3371 
3372 #endif /* __il_commands_h__ */
3373