/usr/src/sys/dev/usb/if

Bug Summary

File:	dev/usb/if_umb.c
Warning:	line 997, column 14 The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name if_umb.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -target-feature +retpoline-external-thunk -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/legacy-dpm -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu13 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/inc -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc/pmfw_if -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D SUSPEND -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/scan/2024-01-11-110808-61670-1 -x c /usr/src/sys/dev/usb/if_umb.c
1/*	$OpenBSD: if_umb.c,v 1.56 2023/10/24 09:13:22 jmatthew Exp $ */

3/*
* Copyright (c) 2016 genua mbH
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

20/*
* Mobile Broadband Interface Model specification:
* https://www.usb.org/sites/default/files/MBIM10Errata1_073013.zip
* Compliance testing guide
* https://www.usb.org/sites/default/files/MBIM-Compliance-1.0.pdf
*/

27#include "bpfilter.h"
28#include "kstat.h"

30#include <sys/param.h>
31#include <sys/mbuf.h>
32#include <sys/socket.h>
33#include <sys/systm.h>
34#include <sys/syslog.h>
35#include <sys/kstat.h>

37#if NBPFILTER1 > 0
38#include <net/bpf.h>
39#endif
40#include <net/if.h>
41#include <net/if_var.h>
42#include <net/if_types.h>
43#include <net/route.h>

45#include <netinet/in.h>
46#include <netinet/in_var.h>
47#include <netinet/ip.h>

49#ifdef INET61
50#include <netinet/ip6.h>
51#include <netinet6/in6_var.h>
52#include <netinet6/ip6_var.h>
53#include <netinet6/in6_ifattach.h>
54#include <netinet6/nd6.h>
55#endif

57#include <machine/bus.h>

59#include <dev/usb/usb.h>
60#include <dev/usb/usbdi.h>
61#include <dev/usb/usbdivar.h>
62#include <dev/usb/usbdi_util.h>
63#include <dev/usb/usbdevs.h>
64#include <dev/usb/usbcdc.h>

66#include <dev/usb/mbim.h>
67#include <dev/usb/if_umb.h>

69#ifdef UMB_DEBUG
70#define DPRINTF(x...)do { } while (0)							\
do { if (umb_debug) log(LOG_DEBUG7, x); } while (0)

73#define DPRINTFN(n, x...)do { } while (0)						\
do { if (umb_debug >= (n)) log(LOG_DEBUG7, x); } while (0)

76#define DDUMPN(n, b, l)do { } while (0)							\
do {							\
	if (umb_debug >= (n))				\
		umb_dump((b), (l));			\
} while (0)

82int	 umb_debug = 0;
83char	*umb_uuid2str(uint8_t [MBIM_UUID_LEN16]);
84void	 umb_dump(void *, int);

86#else
87#define DPRINTF(x...)do { } while (0)		do { } while (0)
88#define DPRINTFN(n, x...)do { } while (0)	do { } while (0)
89#define DDUMPN(n, b, l)do { } while (0)		do { } while (0)
90#endif

92#define DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname)		(((struct umb_softc *)(sc))->sc_dev.dv_xname)

94/*
* State change timeout
*/
97#define UMB_STATE_CHANGE_TIMEOUT30	30

99/*
* State change flags
*/
102#define UMB_NS_DONT_DROP0x0001	0x0001	/* do not drop below current state */
103#define UMB_NS_DONT_RAISE0x0002	0x0002	/* do not raise below current state */

105/*
* Diagnostic macros
*/
108const struct umb_valdescr umb_regstates[] = MBIM_REGSTATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "not registered" }, { 2, "searching"
 }, { 3, "home network" }, { 4, "roaming network" }, { 5, "partner network"
 }, { 6, "access denied" }, { 0, ((void *)0) } };
109const struct umb_valdescr umb_dataclasses[] = MBIM_DATACLASS_DESCRIPTIONS{ { 0x00000000, "none" }, { 0x00000001, "GPRS" }, { 0x00000002
, "EDGE" }, { 0x00000004, "UMTS" }, { 0x00000008, "HSDPA" }, {
 0x00000010, "HSUPA" }, { 0x00000008|0x00000010, "HSPA" }, { 0x00000020
, "LTE" }, { 0x00010000, "CDMA2000" }, { 0x00020000, "CDMA2000"
 }, { 0x00040000, "CDMA2000" }, { 0x00080000, "CDMA2000" }, {
 0x00100000, "CDMA2000" }, { 0x00200000, "CDMA2000" }, { 0x00400000
, "CDMA2000" }, { 0x80000000, "custom" }, { 0, ((void *)0) } };
110const struct umb_valdescr umb_simstate[] = MBIM_SIMSTATE_DESCRIPTIONS{ { 0, "not initialized" }, { 1, "initialized" }, { 2, "not inserted"
 }, { 3, "bad type" }, { 4, "failed" }, { 5, "not activated" }
, { 6, "locked" }, { 0, ((void *)0) } };
111const struct umb_valdescr umb_messages[] = MBIM_MESSAGES_DESCRIPTIONS{ { (1U), "MBIM_OPEN_MSG" }, { (2U), "MBIM_CLOSE_MSG" }, { (3U
), "MBIM_COMMAND_MSG" }, { (4U), "MBIM_HOST_ERROR_MSG" }, { (
0x80000001U), "MBIM_OPEN_DONE" }, { (0x80000002U), "MBIM_CLOSE_DONE"
 }, { (0x80000003U), "MBIM_COMMAND_DONE" }, { (0x80000004U), "MBIM_FUNCTION_ERROR_MSG"
 }, { (0x80000007U), "MBIM_INDICATE_STATUS_MSG" }, { 0, ((void
 *)0) } };
112const struct umb_valdescr umb_status[] = MBIM_STATUS_DESCRIPTIONS{ { 0, "SUCCESS" }, { 1, "BUSY" }, { 2, "FAILURE" }, { 3, "SIM_NOT_INSERTED"
 }, { 4, "BAD_SIM" }, { 5, "PIN_REQUIRED" }, { 6, "PIN_DISABLED"
 }, { 7, "NOT_REGISTERED" }, { 8, "PROVIDERS_NOT_FOUND" }, { 9
, "NO_DEVICE_SUPPORT" }, { 10, "PROVIDER_NOT_VISIBLE" }, { 11
, "DATA_CLASS_NOT_AVAILABLE" }, { 12, "PACKET_SERVICE_DETACHED"
 }, { 13, "MAX_ACTIVATED_CONTEXTS" }, { 14, "NOT_INITIALIZED"
 }, { 15, "VOICE_CALL_IN_PROGRESS" }, { 16, "CONTEXT_NOT_ACTIVATED"
 }, { 17, "SERVICE_NOT_ACTIVATED" }, { 18, "INVALID_ACCESS_STRING"
 }, { 19, "INVALID_USER_NAME_PWD" }, { 20, "RADIO_POWER_OFF" }
, { 21, "INVALID_PARAMETERS" }, { 22, "READ_FAILURE" }, { 23,
 "WRITE_FAILURE" }, { 25, "NO_PHONEBOOK" }, { 26, "PARAMETER_TOO_LONG"
 }, { 27, "STK_BUSY" }, { 28, "OPERATION_NOT_ALLOWED" }, { 29
, "MEMORY_FAILURE" }, { 30, "INVALID_MEMORY_INDEX" }, { 31, "MEMORY_FULL"
 }, { 32, "FILTER_NOT_SUPPORTED" }, { 33, "DSS_INSTANCE_LIMIT"
 }, { 34, "INVALID_DEVICE_SERVICE_OPERATION" }, { 35, "AUTH_INCORRECT_AUTN"
 }, { 36, "AUTH_SYNC_FAILURE" }, { 37, "AUTH_AMF_NOT_SET" }, {
 38, "CONTEXT_NOT_SUPPORTED" }, { 100, "SMS_UNKNOWN_SMSC_ADDRESS"
 }, { 101, "SMS_NETWORK_TIMEOUT" }, { 102, "SMS_LANG_NOT_SUPPORTED"
 }, { 103, "SMS_ENCODING_NOT_SUPPORTED" }, { 104, "SMS_FORMAT_NOT_SUPPORTED"
 }, { 0, ((void *)0) } };
113const struct umb_valdescr umb_cids[] = MBIM_CID_DESCRIPTIONS{ { (1), "MBIM_CID_DEVICE_CAPS" }, { (2), "MBIM_CID_SUBSCRIBER_READY_STATUS"
 }, { (3), "MBIM_CID_RADIO_STATE" }, { (4), "MBIM_CID_PIN" },
 { (5), "MBIM_CID_PIN_LIST" }, { (6), "MBIM_CID_HOME_PROVIDER"
 }, { (7), "MBIM_CID_PREFERRED_PROVIDERS" }, { (8), "MBIM_CID_VISIBLE_PROVIDERS"
 }, { (9), "MBIM_CID_REGISTER_STATE" }, { (10), "MBIM_CID_PACKET_SERVICE"
 }, { (11), "MBIM_CID_SIGNAL_STATE" }, { (12), "MBIM_CID_CONNECT"
 }, { (13), "MBIM_CID_PROVISIONED_CONTEXTS" }, { (14), "MBIM_CID_SERVICE_ACTIVATION"
 }, { (15), "MBIM_CID_IP_CONFIGURATION" }, { (16), "MBIM_CID_DEVICE_SERVICES"
 }, { (19), "MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST" }, { (20
), "MBIM_CID_PACKET_STATISTICS" }, { (21), "MBIM_CID_NETWORK_IDLE_HINT"
 }, { (22), "MBIM_CID_EMERGENCY_MODE" }, { (23), "MBIM_CID_IP_PACKET_FILTERS"
 }, { (24), "MBIM_CID_MULTICARRIER_PROVIDERS" }, { 0, ((void *
)0) } };
114const struct umb_valdescr umb_pktstate[] = MBIM_PKTSRV_STATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "attaching" }, { 2, "attached" }, { 3
, "detaching" }, { 4, "detached" }, { 0, ((void *)0) } };
115const struct umb_valdescr umb_actstate[] = MBIM_ACTIVATION_STATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "activated" }, { 2, "activating" }, {
 3, "deactivated" }, { 4, "deactivating" }, { 0, ((void *)0) }
 };
116const struct umb_valdescr umb_error[] = MBIM_ERROR_DESCRIPTIONS{ { 1, "TIMEOUT_FRAGMENT" }, { 2, "FRAGMENT_OUT_OF_SEQUENCE" }
, { 3, "LENGTH_MISMATCH" }, { 4, "DUPLICATED_TID" }, { 5, "NOT_OPENED"
 }, { 6, "UNKNOWN" }, { 7, "CANCEL" }, { 8, "MAX_TRANSFER" },
 { 0, ((void *)0) } };
117const struct umb_valdescr umb_pintype[] = MBIM_PINTYPE_DESCRIPTIONS{ { 0, "none" }, { 1, "custom" }, { 2, "PIN1" }, { 3, "PIN2" }
, { 4, "device PIN" }, { 5, "device 1st PIN" }, { 6, "network PIN"
 }, { 7, "network subset PIN" }, { 8, "provider PIN" }, { 9, "corporate PIN"
 }, { 10, "subsidy lock" }, { 11, "PUK" }, { 12, "PUK2" }, { 13
, "device 1st PUK" }, { 14, "network PUK" }, { 15, "network subset PUK"
 }, { 16, "provider PUK" }, { 17, "corporate PUK" }, { 0, ((void
 *)0) } };
118const struct umb_valdescr umb_istate[] = UMB_INTERNAL_STATE_DESCRIPTIONS{ { UMB_S_DOWN, "down" }, { UMB_S_OPEN, "open" }, { UMB_S_CID
, "CID allocated" }, { UMB_S_RADIO, "radio on" }, { UMB_S_SIMREADY
, "SIM is ready" }, { UMB_S_ATTACHED, "attached" }, { UMB_S_CONNECTED
, "connected" }, { UMB_S_UP, "up" }, { 0, ((void *)0) } };

120#define umb_regstate(c)umb_val2descr(umb_regstates, (c))		umb_val2descr(umb_regstates, (c))
121#define umb_dataclass(c)umb_val2descr(umb_dataclasses, (c))	umb_val2descr(umb_dataclasses, (c))
122#define umb_simstate(s)umb_val2descr(umb_simstate, (s))		umb_val2descr(umb_simstate, (s))
123#define umb_request2str(m)umb_val2descr(umb_messages, (m))	umb_val2descr(umb_messages, (m))
124#define umb_status2str(s)umb_val2descr(umb_status, (s))	umb_val2descr(umb_status, (s))
125#define umb_cid2str(c)umb_val2descr(umb_cids, (c))		umb_val2descr(umb_cids, (c))
126#define umb_packet_state(s)umb_val2descr(umb_pktstate, (s))	umb_val2descr(umb_pktstate, (s))
127#define umb_activation(s)umb_val2descr(umb_actstate, (s))	umb_val2descr(umb_actstate, (s))
128#define umb_error2str(e)umb_val2descr(umb_error, (e))	umb_val2descr(umb_error, (e))
129#define umb_pin_type(t)umb_val2descr(umb_pintype, (t))		umb_val2descr(umb_pintype, (t))
130#define umb_istate(s)umb_val2descr(umb_istate, (s))		umb_val2descr(umb_istate, (s))

132int		 umb_match(struct device *, void *, void *);
133void		 umb_attach(struct device *, struct device *, void *);
134int		 umb_detach(struct device *, int);
135void		 umb_ncm_setup(struct umb_softc *);
136void		 umb_ncm_setup_format(struct umb_softc *);
137int		 umb_alloc_xfers(struct umb_softc *);
138void		 umb_free_xfers(struct umb_softc *);
139int		 umb_alloc_bulkpipes(struct umb_softc *);
140void		 umb_close_bulkpipes(struct umb_softc *);
141int		 umb_ioctl(struct ifnet *, u_long, caddr_t);
142int		 umb_output(struct ifnet *, struct mbuf *, struct sockaddr *,
    struct rtentry *);
144void		 umb_start(struct ifnet *);
145void		 umb_rtrequest(struct ifnet *, int, struct rtentry *);
146void		 umb_watchdog(struct ifnet *);
147void		 umb_statechg_timeout(void *);

149void		 umb_newstate(struct umb_softc *, enum umb_state, int);
150void		 umb_state_task(void *);
151void		 umb_up(struct umb_softc *);
152void		 umb_down(struct umb_softc *, int);

154void		 umb_get_response_task(void *);

156void		 umb_decode_response(struct umb_softc *, void *, int);
157void		 umb_handle_indicate_status_msg(struct umb_softc *, void *,
    int);
159void		 umb_handle_opendone_msg(struct umb_softc *, void *, int);
160void		 umb_handle_closedone_msg(struct umb_softc *, void *, int);
161int		 umb_decode_register_state(struct umb_softc *, void *, int);
162int		 umb_decode_devices_caps(struct umb_softc *, void *, int);
163int		 umb_decode_subscriber_status(struct umb_softc *, void *, int);
164int		 umb_decode_radio_state(struct umb_softc *, void *, int);
165int		 umb_decode_pin(struct umb_softc *, void *, int);
166int		 umb_decode_packet_service(struct umb_softc *, void *, int);
167int		 umb_decode_signal_state(struct umb_softc *, void *, int);
168int		 umb_decode_connect_info(struct umb_softc *, void *, int);
169void		 umb_clear_addr(struct umb_softc *);
170int		 umb_add_inet_config(struct umb_softc *, struct in_addr, u_int,
    struct in_addr);
172int		 umb_add_inet6_config(struct umb_softc *, struct in6_addr *,
    u_int, struct in6_addr *);
174void		 umb_send_inet_proposal(struct umb_softc *, int);
175int		 umb_decode_ip_configuration(struct umb_softc *, void *, int);
176void		 umb_rx(struct umb_softc *);
177void		 umb_rxeof(struct usbd_xfer *, void *, usbd_status);
178int		 umb_encap(struct umb_softc *, int);
179void		 umb_txeof(struct usbd_xfer *, void *, usbd_status);
180void		 umb_decap(struct umb_softc *, struct usbd_xfer *);

182usbd_status	 umb_send_encap_command(struct umb_softc *, void *, int);
183int		 umb_get_encap_response(struct umb_softc *, void *, int *);
184void		 umb_ctrl_msg(struct umb_softc *, uint32_t, void *, int);

186void		 umb_open(struct umb_softc *);
187void		 umb_close(struct umb_softc *);

189int		 umb_setpin(struct umb_softc *, int, int, void *, int, void *,
    int);
191void		 umb_setdataclass(struct umb_softc *);
192void		 umb_radio(struct umb_softc *, int);
193void		 umb_allocate_cid(struct umb_softc *);
194void		 umb_send_fcc_auth(struct umb_softc *);
195void		 umb_packet_service(struct umb_softc *, int);
196void		 umb_connect(struct umb_softc *);
197void		 umb_disconnect(struct umb_softc *);
198void		 umb_send_connect(struct umb_softc *, int);

200void		 umb_qry_ipconfig(struct umb_softc *);
201void		 umb_cmd(struct umb_softc *, int, int, void *, int);
202void		 umb_cmd1(struct umb_softc *, int, int, void *, int, uint8_t *);
203void		 umb_command_done(struct umb_softc *, void *, int);
204void		 umb_decode_cid(struct umb_softc *, uint32_t, void *, int);
205void		 umb_decode_qmi(struct umb_softc *, uint8_t *, int);

207void		 umb_intr(struct usbd_xfer *, void *, usbd_status);

209#if NKSTAT1 > 0
210void		 umb_kstat_attach(struct umb_softc *);
211void		 umb_kstat_detach(struct umb_softc *);

213struct umb_kstat_signal {
struct kstat_kv		rssi;
struct kstat_kv		error_rate;
struct kstat_kv		reports;
217};
218#endif

220int		 umb_xfer_tout = USBD_DEFAULT_TIMEOUT5000;

222uint8_t		 umb_uuid_basic_connect[] = MBIM_UUID_BASIC_CONNECT{ 0xa2, 0x89, 0xcc, 0x33, 0xbc, 0xbb, 0x8b, 0x4f, 0xb6, 0xb0,
 0x13, 0x3e, 0xc2, 0xaa, 0xe6, 0xdf };
223uint8_t		 umb_uuid_context_internet[] = MBIM_UUID_CONTEXT_INTERNET{ 0x7e, 0x5e, 0x2a, 0x7e, 0x4e, 0x6f, 0x72, 0x72, 0x73, 0x6b,
 0x65, 0x6e, 0x7e, 0x5e, 0x2a, 0x7e };
224uint8_t		 umb_uuid_qmi_mbim[] = MBIM_UUID_QMI_MBIM{ 0xd1, 0xa3, 0x0b, 0xc2, 0xf9, 0x7a, 0x6e, 0x43, 0xbf, 0x65,
 0xc7, 0xe2, 0x4f, 0xb0, 0xf0, 0xd3 };
225uint32_t	 umb_session_id = 0;

227struct cfdriver umb_cd = {
NULL((void *)0), "umb", DV_IFNET
229};

231const struct cfattach umb_ca = {
sizeof (struct umb_softc),
umb_match,
umb_attach,
umb_detach,
NULL((void *)0),
237};

239int umb_delay = 4000;

241struct umb_quirk {
struct usb_devno	 dev;
u_int32_t		 umb_flags;
int			 umb_confno;
int			 umb_match;
246};
247const struct umb_quirk umb_quirks[] = {
{ { USB_VENDOR_DELL0x413c, USB_PRODUCT_DELL_DW5821E0x81d7 },
 0,
 2,
 UMATCH_VENDOR_PRODUCT13
},

{ { USB_VENDOR_HUAWEI0x12d1, USB_PRODUCT_HUAWEI_ME906S0x15c1 },
 UMBFLG_NDP_AT_END0x0004,
 3,
 UMATCH_VENDOR_PRODUCT13
},

{ { USB_VENDOR_SIERRA0x1199, USB_PRODUCT_SIERRA_EM74550x9079 },
 UMBFLG_FCC_AUTH_REQUIRED0x0001,
 0,
 0
},

{ { USB_VENDOR_SIMCOM0x1e0e, USB_PRODUCT_SIMCOM_SIM76000x9003 },
 0,
 1,
 UMATCH_VENDOR_PRODUCT13
},
271};

273#define umb_lookup(vid, pid)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (vid), (pid)))		\
((const struct umb_quirk *)usb_lookup(umb_quirks, vid, pid)usbd_match_device((const struct usb_devno *)(umb_quirks), sizeof
 (umb_quirks) / sizeof ((umb_quirks)[0]), sizeof ((umb_quirks
)[0]), (vid), (pid)))

276uint8_t umb_qmi_alloc_cid[] = {
0x01,
0x0f, 0x00,		/* len */
0x00,			/* QMUX flags */
0x00,			/* service "ctl" */
0x00,			/* CID */
0x00,			/* QMI flags */
0x01,			/* transaction */
0x22, 0x00,		/* msg "Allocate CID" */
0x04, 0x00,		/* TLV len */
0x01, 0x01, 0x00, 0x02	/* TLV */
287};

289uint8_t umb_qmi_fcc_auth[] = {
0x01,
0x0c, 0x00,		/* len */
0x00,			/* QMUX flags */
0x02,			/* service "dms" */
294#define UMB_QMI_CID_OFFS5	5
0x00,			/* CID (filled in later) */
0x00,			/* QMI flags */
0x01, 0x00,		/* transaction */
0x5f, 0x55,		/* msg "Send FCC Authentication" */
0x00, 0x00		/* TLV len */
300};

302int
303umb_match(struct device *parent, void *match, void *aux)
304{
struct usb_attach_arg *uaa = aux;
const struct umb_quirk *quirk;
usb_interface_descriptor_t *id;

quirk = umb_lookup(uaa->vendor, uaa->product)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (uaa->vendor), (uaa->product
)));
if (quirk != NULL((void *)0) && quirk->umb_match)
return (quirk->umb_match);
if (!uaa->iface)
return UMATCH_NONE0;
if ((id = usbd_get_interface_descriptor(uaa->iface)) == NULL((void *)0))
return UMATCH_NONE0;

/*
* If this function implements NCM, check if alternate setting
* 1 implements MBIM.
*/
if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_NETWORK_CONTROL_MODEL13)
id = usbd_find_idesc(uaa->device->cdesc, uaa->iface->index, 1);
if (id == NULL((void *)0))
return UMATCH_NONE0;

if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL14 &&
   id->bInterfaceProtocol == 0)
return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO5;

return UMATCH_NONE0;
335}

337void
338umb_attach(struct device *parent, struct device *self, void *aux)
339{
struct umb_softc *sc = (struct umb_softc *)self;
struct usb_attach_arg *uaa = aux;
const struct umb_quirk *quirk;
usbd_status status;
struct usbd_desc_iter iter;
const usb_descriptor_t *desc;
int	 v;
struct usb_cdc_union_descriptor *ud;
struct mbim_descriptor *md;
int	 i;
int	 ctrl_ep;
usb_interface_descriptor_t *id;
usb_config_descriptor_t	*cd;
usb_endpoint_descriptor_t *ed;
usb_interface_assoc_descriptor_t *ad;
int	 current_ifaceno = -1;
int	 data_ifaceno = -1;
int	 altnum;
int	 s;
struct ifnet *ifp;

sc->sc_udev = uaa->device;
sc->sc_ctrl_ifaceno = uaa->ifaceno;
ml_init(&sc->sc_tx_ml);

quirk = umb_lookup(uaa->vendor, uaa->product)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (uaa->vendor), (uaa->product
)));
if (quirk != NULL((void *)0) && quirk->umb_flags) {
DPRINTF("%s: setting flags 0x%x from quirk\n", DEVNAM(sc),do { } while (0)
                  quirk->umb_flags)do { } while (0);
sc->sc_flags |= quirk->umb_flags;
}

/*
* Normally, MBIM devices are detected by their interface class and
* subclass. But for some models that have multiple configurations, it
* is better to match by vendor and product id so that we can select
* the desired configuration ourselves, e.g. to override a class-based
* match to another driver.
*/
if (uaa->configno < 0) {
if (quirk == NULL((void *)0)) {
	printf("%s: unknown configuration for vid/pid match\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	goto fail;
}
uaa->configno = quirk->umb_confno;
DPRINTF("%s: switching to config #%d\n", DEVNAM(sc),do { } while (0)
    uaa->configno)do { } while (0);
status = usbd_set_config_no(sc->sc_udev, uaa->configno, 1);
if (status) {
	printf("%s: failed to switch to config #%d: %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), uaa->configno, usbd_errstr(status));
	goto fail;
}
usbd_delay_ms(sc->sc_udev, 200);

/*
 * Need to do some manual setup that usbd_probe_and_attach()
 * would do for us otherwise.
 */
uaa->nifaces = uaa->device->cdesc->bNumInterfaces;
for (i = 0; i < uaa->nifaces; i++) {
	if (usbd_iface_claimed(sc->sc_udev, i))
		continue;
	id = usbd_get_interface_descriptor(&uaa->device->ifaces[i]);
	if (id != NULL((void *)0) && id->bInterfaceClass == UICLASS_CDC0x02 &&
	    id->bInterfaceSubClass ==
	    UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL14) {
		uaa->iface = &uaa->device->ifaces[i];
		uaa->ifaceno = uaa->iface->idesc->bInterfaceNumber;
		sc->sc_ctrl_ifaceno = uaa->ifaceno;
		break;
	}
}
}

/*
* Some MBIM hardware does not provide the mandatory CDC Union
* Descriptor, so we also look at matching Interface
* Association Descriptors to find out the MBIM Data Interface
* number.
*/
sc->sc_ver_maj = sc->sc_ver_min = -1;
sc->sc_maxpktlen = MBIM_MAXSEGSZ_MINVAL(2 * 1024);
usbd_desc_iter_init(sc->sc_udev, &iter);
while ((desc = usbd_desc_iter_next(&iter))) {
if (desc->bDescriptorType == UDESC_IFACE_ASSOC0x0B) {
	ad = (usb_interface_assoc_descriptor_t *)desc;
	if (ad->bFirstInterface == uaa->ifaceno &&
	    ad->bInterfaceCount > 1)
		data_ifaceno = uaa->ifaceno + 1;
	continue;
}
if (desc->bDescriptorType == UDESC_INTERFACE0x04) {
	id = (usb_interface_descriptor_t *)desc;
	current_ifaceno = id->bInterfaceNumber;
	continue;
}
if (current_ifaceno != uaa->ifaceno)
	continue;
if (desc->bDescriptorType != UDESC_CS_INTERFACE0x24)
	continue;
switch (desc->bDescriptorSubtype) {
case UDESCSUB_CDC_UNION6:
	ud = (struct usb_cdc_union_descriptor *)desc;
	data_ifaceno = ud->bSlaveInterface[0];
	break;
case UDESCSUB_MBIM27:
	md = (struct mbim_descriptor *)desc;
	v = UGETW(md->bcdMBIMVersion)(*(u_int16_t *)(md->bcdMBIMVersion));
	sc->sc_ver_maj = MBIM_VER_MAJOR(v)(((v) >> 8) & 0x0f);
	sc->sc_ver_min = MBIM_VER_MINOR(v)((v) & 0x0f);
	sc->sc_ctrl_len = UGETW(md->wMaxControlMessage)(*(u_int16_t *)(md->wMaxControlMessage));
	/* Never trust a USB device! Could try to exploit us */
	if (sc->sc_ctrl_len < MBIM_CTRLMSG_MINLEN64 ||
	    sc->sc_ctrl_len > MBIM_CTRLMSG_MAXLEN(4 * 1204)) {
		DPRINTF("%s: control message len %d out of "do { } while (0)
		    "bounds [%d .. %d]\n", DEVNAM(sc),do { } while (0)
		    sc->sc_ctrl_len, MBIM_CTRLMSG_MINLEN,do { } while (0)
		    MBIM_CTRLMSG_MAXLEN)do { } while (0);
		/* cont. anyway */
	}
	sc->sc_maxpktlen = UGETW(md->wMaxSegmentSize)(*(u_int16_t *)(md->wMaxSegmentSize));
	DPRINTFN(2, "%s: ctrl_len=%d, maxpktlen=%d, cap=0x%x\n",do { } while (0)
	    DEVNAM(sc), sc->sc_ctrl_len, sc->sc_maxpktlen,do { } while (0)
	    md->bmNetworkCapabilities)do { } while (0);
	break;
default:
	break;
}
}
if (sc->sc_ver_maj < 0) {
printf("%s: missing MBIM descriptor\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001)
sc->sc_cid = -1;

for (i = 0; i < uaa->nifaces; i++) {
if (usbd_iface_claimed(sc->sc_udev, i))
	continue;
id = usbd_get_interface_descriptor(&sc->sc_udev->ifaces[i]);
if (id != NULL((void *)0) && id->bInterfaceNumber == data_ifaceno) {
	sc->sc_data_iface = &sc->sc_udev->ifaces[i];
	usbd_claim_iface(sc->sc_udev, i);
}
}
if (sc->sc_data_iface == NULL((void *)0)) {
printf("%s: no data interface found\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

/*
* If this is a combined NCM/MBIM function, switch to
* alternate setting one to enable MBIM.
*/
id = usbd_get_interface_descriptor(uaa->iface);
if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_NETWORK_CONTROL_MODEL13)
usbd_set_interface(uaa->iface, 1);

id = usbd_get_interface_descriptor(uaa->iface);
ctrl_ep = -1;
for (i = 0; i < id->bNumEndpoints && ctrl_ep == -1; i++) {
ed = usbd_interface2endpoint_descriptor(uaa->iface, i);
if (ed == NULL((void *)0))
	break;
if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_INTERRUPT0x03 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_IN0x80)
	ctrl_ep = ed->bEndpointAddress;
}
if (ctrl_ep == -1) {
printf("%s: missing interrupt endpoint\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

/*
* For the MBIM Data Interface, select the appropriate
* alternate setting by looking for a matching descriptor that
* has two endpoints.
*/
cd = usbd_get_config_descriptor(sc->sc_udev);
altnum = usbd_get_no_alts(cd, data_ifaceno);
for (i = 0; i < altnum; i++) {
id = usbd_find_idesc(cd, sc->sc_data_iface->index, i);
if (id == NULL((void *)0))
	continue;
if (id->bInterfaceClass == UICLASS_CDC_DATA0x0a &&
    id->bInterfaceSubClass == UISUBCLASS_DATA0 &&
    id->bInterfaceProtocol == UIPROTO_DATA_MBIM0x02 &&
    id->bNumEndpoints == 2)
	break;
}
if (i == altnum || id == NULL((void *)0)) {
printf("%s: missing alt setting for interface #%d\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), data_ifaceno);
goto fail;
}
status = usbd_set_interface(sc->sc_data_iface, i);
if (status) {
printf("%s: select alt setting %d for interface #%d "
    "failed: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), i, data_ifaceno,
    usbd_errstr(status));
goto fail;
}

id = usbd_get_interface_descriptor(sc->sc_data_iface);
sc->sc_rx_ep = sc->sc_tx_ep = -1;
for (i = 0; i < id->bNumEndpoints; i++) {
if ((ed = usbd_interface2endpoint_descriptor(sc->sc_data_iface,
    i)) == NULL((void *)0))
	break;
if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_BULK0x02 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_IN0x80)
	sc->sc_rx_ep = ed->bEndpointAddress;
else if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_BULK0x02 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_OUT0x00)
	sc->sc_tx_ep = ed->bEndpointAddress;
}
if (sc->sc_rx_ep == -1 || sc->sc_tx_ep == -1) {
printf("%s: missing bulk endpoints\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

DPRINTFN(2, "%s: ctrl-ifno#%d: ep-ctrl=%d, data-ifno#%d: ep-rx=%d, "do { } while (0)
   "ep-tx=%d\n", DEVNAM(sc), sc->sc_ctrl_ifaceno,do { } while (0)
   UE_GET_ADDR(ctrl_ep), data_ifaceno,do { } while (0)
   UE_GET_ADDR(sc->sc_rx_ep), UE_GET_ADDR(sc->sc_tx_ep))do { } while (0);

usb_init_task(&sc->sc_umb_task, umb_state_task, sc,((&sc->sc_umb_task)->fun = (umb_state_task), (&
sc->sc_umb_task)->arg = (sc), (&sc->sc_umb_task)
->type = (0), (&sc->sc_umb_task)->state = 0x0)
   USB_TASK_TYPE_GENERIC)((&sc->sc_umb_task)->fun = (umb_state_task), (&
sc->sc_umb_task)->arg = (sc), (&sc->sc_umb_task)
->type = (0), (&sc->sc_umb_task)->state = 0x0);
usb_init_task(&sc->sc_get_response_task, umb_get_response_task, sc,((&sc->sc_get_response_task)->fun = (umb_get_response_task
), (&sc->sc_get_response_task)->arg = (sc), (&sc
->sc_get_response_task)->type = (0), (&sc->sc_get_response_task
)->state = 0x0)
   USB_TASK_TYPE_GENERIC)((&sc->sc_get_response_task)->fun = (umb_get_response_task
), (&sc->sc_get_response_task)->arg = (sc), (&sc
->sc_get_response_task)->type = (0), (&sc->sc_get_response_task
)->state = 0x0);
timeout_set(&sc->sc_statechg_timer, umb_statechg_timeout, sc);

if (usbd_open_pipe_intr(uaa->iface, ctrl_ep, USBD_SHORT_XFER_OK0x04,
   &sc->sc_ctrl_pipe, sc, &sc->sc_intr_msg, sizeof (sc->sc_intr_msg),
   umb_intr, USBD_DEFAULT_INTERVAL(-1))) {
printf("%s: failed to open control pipe\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
sc->sc_resp_buf = malloc(sc->sc_ctrl_len, M_USBDEV102, M_NOWAIT0x0002);
if (sc->sc_resp_buf == NULL((void *)0)) {
printf("%s: allocation of resp buffer failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
sc->sc_ctrl_msg = malloc(sc->sc_ctrl_len, M_USBDEV102, M_NOWAIT0x0002);
if (sc->sc_ctrl_msg == NULL((void *)0)) {
printf("%s: allocation of ctrl msg buffer failed\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

sc->sc_info.regstate = MBIM_REGSTATE_UNKNOWN0;
sc->sc_info.pin_attempts_left = UMB_VALUE_UNKNOWN-999;
sc->sc_info.rssi = UMB_VALUE_UNKNOWN-999;
sc->sc_info.ber = UMB_VALUE_UNKNOWN-999;

/* Default to 16 bit NTB format. */
sc->sc_ncm_format = NCM_FORMAT_NTB160x00;
umb_ncm_setup(sc);
umb_ncm_setup_format(sc);
if (sc->sc_ncm_supported_formats == 0)
goto fail;
DPRINTFN(2, "%s: rx/tx size %d/%d\n", DEVNAM(sc),do { } while (0)
   sc->sc_rx_bufsz, sc->sc_tx_bufsz)do { } while (0);

s = splnet()splraise(0x4);
ifp = GET_IFP(sc)(&(sc)->sc_if);
ifp->if_flags = IFF_SIMPLEX0x800 | IFF_MULTICAST0x8000 | IFF_POINTOPOINT0x10;
ifp->if_ioctl = umb_ioctl;
ifp->if_start = umb_start;
ifp->if_rtrequest = umb_rtrequest;

ifp->if_watchdog = umb_watchdog;
strlcpy(ifp->if_xname, DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), IFNAMSIZ16);
ifp->if_link_stateif_data.ifi_link_state = LINK_STATE_DOWN2;

ifp->if_typeif_data.ifi_type = IFT_MBIM0xfa;
ifp->if_priority = IF_WWAN_DEFAULT_PRIORITY6;
ifp->if_addrlenif_data.ifi_addrlen = 0;
ifp->if_hdrlenif_data.ifi_hdrlen = sizeof (struct ncm_header16) +
   sizeof (struct ncm_pointer16);
ifp->if_mtuif_data.ifi_mtu = 1500;		/* use a common default */
ifp->if_hardmtu = sc->sc_maxpktlen;
ifp->if_bpf_mtap = p2p_bpf_mtap;
ifp->if_input = p2p_input;
ifp->if_output = umb_output;
if_attach(ifp);
if_alloc_sadl(ifp);
ifp->if_softc = sc;
632#if NBPFILTER1 > 0
bpfattach(&ifp->if_bpf, ifp, DLT_LOOP12, sizeof(uint32_t));
634#endif

636#if NKSTAT1 > 0
umb_kstat_attach(sc);
638#endif

/*
* Open the device now so that we are able to query device information.
* XXX maybe close when done?
*/
umb_open(sc);
splx(s)spllower(s);

DPRINTF("%s: vers %d.%d\n", DEVNAM(sc), sc->sc_ver_maj, sc->sc_ver_min)do { } while (0);
return;

650fail:
usbd_deactivate(sc->sc_udev);
return;
653}

655int
656umb_detach(struct device *self, int flags)
657{
struct umb_softc *sc = (struct umb_softc *)self;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;

s = splnet()splraise(0x4);
if (ifp->if_flags & IFF_RUNNING0x40)
umb_down(sc, 1);
umb_close(sc);

667#if NKSTAT1 > 0
umb_kstat_detach(sc);
669#endif

usb_rem_wait_task(sc->sc_udev, &sc->sc_get_response_task);
if (timeout_initialized(&sc->sc_statechg_timer)((&sc->sc_statechg_timer)->to_flags & 0x04))
timeout_del(&sc->sc_statechg_timer);
sc->sc_nresp = 0;
usb_rem_wait_task(sc->sc_udev, &sc->sc_umb_task);
if (sc->sc_ctrl_pipe) {
usbd_close_pipe(sc->sc_ctrl_pipe);
sc->sc_ctrl_pipe = NULL((void *)0);
}
if (sc->sc_ctrl_msg) {
free(sc->sc_ctrl_msg, M_USBDEV102, sc->sc_ctrl_len);
sc->sc_ctrl_msg = NULL((void *)0);
}
if (sc->sc_resp_buf) {
free(sc->sc_resp_buf, M_USBDEV102, sc->sc_ctrl_len);
sc->sc_resp_buf = NULL((void *)0);
}
if (ifp->if_softc != NULL((void *)0)) {
if_detach(ifp);
}

splx(s)spllower(s);
return 0;
694}

696void
697umb_ncm_setup(struct umb_softc *sc)
698{
usb_device_request_t req;
struct ncm_ntb_parameters np;

/* Query NTB transfer sizes */
req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = NCM_GET_NTB_PARAMETERS0x80;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, sizeof (np))(*(u_int16_t *)(req.wLength) = (sizeof (np)));
if (usbd_do_request(sc->sc_udev, &req, &np) == USBD_NORMAL_COMPLETION &&
   UGETW(np.wLength)(*(u_int16_t *)(np.wLength)) == sizeof (np)) {
sc->sc_rx_bufsz = UGETDW(np.dwNtbInMaxSize)(*(u_int32_t *)(np.dwNtbInMaxSize));
sc->sc_tx_bufsz = UGETDW(np.dwNtbOutMaxSize)(*(u_int32_t *)(np.dwNtbOutMaxSize));
sc->sc_maxdgram = UGETW(np.wNtbOutMaxDatagrams)(*(u_int16_t *)(np.wNtbOutMaxDatagrams));
sc->sc_align = UGETW(np.wNdpOutAlignment)(*(u_int16_t *)(np.wNdpOutAlignment));
sc->sc_ndp_div = UGETW(np.wNdpOutDivisor)(*(u_int16_t *)(np.wNdpOutDivisor));
sc->sc_ndp_remainder = UGETW(np.wNdpOutPayloadRemainder)(*(u_int16_t *)(np.wNdpOutPayloadRemainder));
/* Validate values */
if (!powerof2(sc->sc_align)((((sc->sc_align)-1)&(sc->sc_align))==0) || sc->sc_align == 0 ||
    sc->sc_align >= sc->sc_tx_bufsz)
	sc->sc_align = sizeof (uint32_t);
if (!powerof2(sc->sc_ndp_div)((((sc->sc_ndp_div)-1)&(sc->sc_ndp_div))==0) || sc->sc_ndp_div == 0 ||
    sc->sc_ndp_div >= sc->sc_tx_bufsz)
	sc->sc_ndp_div = sizeof (uint32_t);
if (sc->sc_ndp_remainder >= sc->sc_ndp_div)
	sc->sc_ndp_remainder = 0;
DPRINTF("%s: NCM align=%d div=%d rem=%d\n", DEVNAM(sc),do { } while (0)
    sc->sc_align, sc->sc_ndp_div, sc->sc_ndp_remainder)do { } while (0);
sc->sc_ncm_supported_formats = UGETW(np.bmNtbFormatsSupported)(*(u_int16_t *)(np.bmNtbFormatsSupported));
} else {
sc->sc_rx_bufsz = sc->sc_tx_bufsz = 8 * 1024;
sc->sc_maxdgram = 0;
sc->sc_align = sc->sc_ndp_div = sizeof (uint32_t);
sc->sc_ndp_remainder = 0;
DPRINTF("%s: align=default div=default rem=default\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
sc->sc_ncm_supported_formats = NCM_FORMAT_NTB16_MASK(1U << 0x00);
}
737}

739void
740umb_ncm_setup_format(struct umb_softc *sc)
741{
usb_device_request_t req;
uWord wFmt;
uint16_t fmt;

assertwaitok();
if (sc->sc_ncm_supported_formats == 0)
goto fail;

/* NCM_GET_NTB_FORMAT is not allowed for 16-bit only devices. */
if (sc->sc_ncm_supported_formats == NCM_FORMAT_NTB16_MASK(1U << 0x00)) {
DPRINTF("%s: Only NTB16 format supported.\n", DEVNAM(sc))do { } while (0);
sc->sc_ncm_format = NCM_FORMAT_NTB160x00;
return;
}

/* Query NTB FORMAT (16 vs. 32 bit) */
req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = NCM_GET_NTB_FORMAT0x83;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, sizeof (wFmt))(*(u_int16_t *)(req.wLength) = (sizeof (wFmt)));
if (usbd_do_request(sc->sc_udev, &req, wFmt) != USBD_NORMAL_COMPLETION)
goto fail;
fmt = UGETW(wFmt)(*(u_int16_t *)(wFmt));
if ((sc->sc_ncm_supported_formats & (1UL << fmt)) == 0)
goto fail;
if (fmt != NCM_FORMAT_NTB160x00 && fmt != NCM_FORMAT_NTB320x01)
goto fail;
sc->sc_ncm_format = fmt;

DPRINTF("%s: Using NCM format %d, supported=0x%x\n",do { } while (0)
   DEVNAM(sc), sc->sc_ncm_format, sc->sc_ncm_supported_formats)do { } while (0);
return;

776fail:
DPRINTF("%s: Cannot setup NCM format\n", DEVNAM(sc))do { } while (0);
sc->sc_ncm_supported_formats = 0;
779}

781int
782umb_alloc_xfers(struct umb_softc *sc)
783{
if (!sc->sc_rx_xfer) {
if ((sc->sc_rx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL((void *)0))
	sc->sc_rx_buf = usbd_alloc_buffer(sc->sc_rx_xfer,
	    sc->sc_rx_bufsz);
}
if (!sc->sc_tx_xfer) {
if ((sc->sc_tx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL((void *)0))
	sc->sc_tx_buf = usbd_alloc_buffer(sc->sc_tx_xfer,
	    sc->sc_tx_bufsz);
}
return (sc->sc_rx_buf && sc->sc_tx_buf) ? 1 : 0;
795}

797void
798umb_free_xfers(struct umb_softc *sc)
799{
if (sc->sc_rx_xfer) {
/* implicit usbd_free_buffer() */
usbd_free_xfer(sc->sc_rx_xfer);
sc->sc_rx_xfer = NULL((void *)0);
sc->sc_rx_buf = NULL((void *)0);
}
if (sc->sc_tx_xfer) {
usbd_free_xfer(sc->sc_tx_xfer);
sc->sc_tx_xfer = NULL((void *)0);
sc->sc_tx_buf = NULL((void *)0);
}
ml_purge(&sc->sc_tx_ml);
812}

814int
815umb_alloc_bulkpipes(struct umb_softc *sc)
816{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (!(ifp->if_flags & IFF_RUNNING0x40)) {
if (usbd_open_pipe(sc->sc_data_iface, sc->sc_rx_ep,
    USBD_EXCLUSIVE_USE0x01, &sc->sc_rx_pipe))
	return 0;
if (usbd_open_pipe(sc->sc_data_iface, sc->sc_tx_ep,
    USBD_EXCLUSIVE_USE0x01, &sc->sc_tx_pipe))
	return 0;

ifp->if_flags |= IFF_RUNNING0x40;
ifq_clr_oactive(&ifp->if_snd);
umb_rx(sc);
}
return 1;
832}

834void
835umb_close_bulkpipes(struct umb_softc *sc)
836{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

ifp->if_flags &= ~IFF_RUNNING0x40;
ifq_clr_oactive(&ifp->if_snd);
ifp->if_timer = 0;
if (sc->sc_rx_pipe) {
usbd_close_pipe(sc->sc_rx_pipe);
sc->sc_rx_pipe = NULL((void *)0);
}
if (sc->sc_tx_pipe) {
usbd_close_pipe(sc->sc_tx_pipe);
sc->sc_tx_pipe = NULL((void *)0);
}
850}

852int
853umb_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
854{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;
struct umb_softc *sc = ifp->if_softc;
struct ifreq *ifr = (struct ifreq *)data;
int	 s, error = 0;
struct umb_parameter mp;

if (usbd_is_dying(sc->sc_udev))
return ENXIO6;

s = splnet()splraise(0x4);
switch (cmd) {
case SIOCSIFFLAGS((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((16))):
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
break;
case SIOCGUMBINFO(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((190))):
error = copyout(&sc->sc_info, ifr->ifr_dataifr_ifru.ifru_data,
    sizeof (sc->sc_info));
break;
case SIOCSUMBPARAM((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((191))):
if ((error = suser(p)) != 0)
	break;
if ((error = copyin(ifr->ifr_dataifr_ifru.ifru_data, &mp, sizeof (mp))) != 0)
	break;

if ((error = umb_setpin(sc, mp.op, mp.is_puk, mp.pin, mp.pinlen,
    mp.newpin, mp.newpinlen)) != 0)
	break;

if (mp.apnlen < 0 || mp.apnlen > sizeof (sc->sc_info.apn)) {
	error = EINVAL22;
	break;
}
sc->sc_roamingsc_info.enable_roaming = mp.roaming ? 1 : 0;
memset(sc->sc_info.apn, 0, sizeof (sc->sc_info.apn))__builtin_memset((sc->sc_info.apn), (0), (sizeof (sc->sc_info
.apn)));
memcpy(sc->sc_info.apn, mp.apn, mp.apnlen)__builtin_memcpy((sc->sc_info.apn), (mp.apn), (mp.apnlen));
sc->sc_info.apnlen = mp.apnlen;
sc->sc_info.preferredclasses = mp.preferredclasses;
umb_setdataclass(sc);
break;
case SIOCGUMBPARAM(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((192))):
memset(&mp, 0, sizeof (mp))__builtin_memset((&mp), (0), (sizeof (mp)));
memcpy(mp.apn, sc->sc_info.apn, sc->sc_info.apnlen)__builtin_memcpy((mp.apn), (sc->sc_info.apn), (sc->sc_info
.apnlen));
mp.apnlen = sc->sc_info.apnlen;
mp.roaming = sc->sc_roamingsc_info.enable_roaming;
mp.preferredclasses = sc->sc_info.preferredclasses;
error = copyout(&mp, ifr->ifr_dataifr_ifru.ifru_data, sizeof (mp));
break;
case SIOCSIFMTU((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((127))):
/* Does this include the NCM headers and tail? */
if (ifr->ifr_mtuifr_ifru.ifru_metric > ifp->if_hardmtu) {
	error = EINVAL22;
	break;
}
ifp->if_mtuif_data.ifi_mtu = ifr->ifr_mtuifr_ifru.ifru_metric;
break;
case SIOCSIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((12))):
case SIOCAIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifaliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))):
case SIOCSIFDSTADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((14))):
case SIOCADDMULTI((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((49))):
case SIOCDELMULTI((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((50))):
break;
default:
error = ENOTTY25;
break;
}
splx(s)spllower(s);
return error;
922}

924int
925umb_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
  struct rtentry *rtp)
927{
if ((ifp->if_flags & (IFF_UP0x1|IFF_RUNNING0x40)) != (IFF_UP0x1|IFF_RUNNING0x40)) {
m_freem(m);
return ENETDOWN50;
}
m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family = dst->sa_family;
return if_enqueue(ifp, m);
934}

936static inline int
937umb_align(size_t bufsz, int offs, int alignment, int remainder)
938{
size_t	 m = alignment - 1;
int	 align;

align = (((size_t)offs + m) & ~m) - alignment + remainder;
if (align < offs)
align += alignment;
if (align > bufsz)
align = bufsz;
return align - offs;
948}

950static inline int
951umb_padding(void *buf, size_t bufsz, int offs, int alignment, int remainder)
952{
int	 nb;

nb = umb_align(bufsz, offs, alignment, remainder);
if (nb > 0)
memset(buf + offs, 0, nb)__builtin_memset((buf + offs), (0), (nb));
return nb;
959}

961void
962umb_start(struct ifnet *ifp)
963{
struct umb_softc *sc = ifp->if_softc;
struct mbuf *m = NULL((void *)0);
int	 ndgram = 0;
int	 offs, len, mlen;
int	 maxoverhead;
6
←
'maxoverhead' declared without an initial value→

if (usbd_is_dying(sc->sc_udev) ||
7
←
Assuming the condition is false→
   !(ifp->if_flags & IFF_RUNNING0x40) ||
8
←
Assuming the condition is false→
   ifq_is_oactive(&ifp->if_snd))
return;

KASSERT(ml_empty(&sc->sc_tx_ml))((((&sc->sc_tx_ml)->ml_len == 0)) ? (void)0 : __assert
("diagnostic ", "/usr/src/sys/dev/usb/if_umb.c", 975, "ml_empty(&sc->sc_tx_ml)"
));
9
←
Taking false branch→
10
←
Assuming field 'ml_len' is equal to 0→
11
←
'?' condition is true→

switch (sc->sc_ncm_format) {
12
←
'Default' branch taken. Execution continues on line 997→
case NCM_FORMAT_NTB160x00:
offs = sizeof (struct ncm_header16);
offs += umb_align(sc->sc_tx_bufsz, offs, sc->sc_align, 0);
offs += sizeof (struct ncm_pointer16);
maxoverhead = sizeof (struct ncm_pointer16_dgram);
break;
case NCM_FORMAT_NTB320x01:
offs = sizeof (struct ncm_header32);
offs += umb_align(sc->sc_tx_bufsz, offs, sc->sc_align, 0);
offs += sizeof (struct ncm_pointer32);
maxoverhead = sizeof (struct ncm_pointer32_dgram);
break;
}

/*
* Overhead for per packet alignment plus packet pointer. Note
* that 'struct ncm_pointer{16,32}' already includes space for
* the terminating zero pointer.
*/
maxoverhead += sc->sc_ndp_div - 1;
13
←
The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage

len = 0;
while (1) {
m = ifq_deq_begin(&ifp->if_snd);
if (m == NULL((void *)0))
	break;

/*
 * Check if mbuf plus required NCM pointer still fits into
 * xfer buffers. Assume maximal padding.
 */
mlen = maxoverhead +  m->m_pkthdrM_dat.MH.MH_pkthdr.len;
if ((sc->sc_maxdgram != 0 && ndgram >= sc->sc_maxdgram) ||
    (offs + len + mlen > sc->sc_tx_bufsz)) {
	ifq_deq_rollback(&ifp->if_snd, m);
	break;
}
ifq_deq_commit(&ifp->if_snd, m);

ndgram++;
len += mlen;
ml_enqueue(&sc->sc_tx_ml, m);

1021#if NBPFILTER1 > 0
if (ifp->if_bpf)
	bpf_mtap_af(ifp->if_bpf, m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family, m,
	    BPF_DIRECTION_OUT(1 << 1));
1025#endif
}
if (ml_empty(&sc->sc_tx_ml)((&sc->sc_tx_ml)->ml_len == 0))
return;
if (umb_encap(sc, ndgram)) {
ifq_set_oactive(&ifp->if_snd);
ifp->if_timer = (2 * umb_xfer_tout) / 1000;
}
1033}

1035void
1036umb_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
1037{
struct umb_softc *sc = ifp->if_softc;

if (req == RTM_PROPOSAL0x13) {
KERNEL_LOCK()_kernel_lock();
umb_send_inet_proposal(sc, AF_INET2);
1043#ifdef INET61
umb_send_inet_proposal(sc, AF_INET624);
1045#endif
KERNEL_UNLOCK()_kernel_unlock();
return;
}

p2p_rtrequest(ifp, req, rt);
1051}


1054void
1055umb_watchdog(struct ifnet *ifp)
1056{
struct umb_softc *sc = ifp->if_softc;

if (usbd_is_dying(sc->sc_udev))
return;

ifp->if_oerrorsif_data.ifi_oerrors++;
printf("%s: watchdog timeout\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
usbd_abort_pipe(sc->sc_tx_pipe);
return;
1066}

1068void
1069umb_statechg_timeout(void *arg)
1070{
struct umb_softc *sc = arg;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (sc->sc_info.regstate != MBIM_REGSTATE_ROAMING4 || sc->sc_roamingsc_info.enable_roaming)
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: state change timeout\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
1079}

1081void
1082umb_newstate(struct umb_softc *sc, enum umb_state newstate, int flags)
1083{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (newstate == sc->sc_statesc_info.state)
return;
if (((flags & UMB_NS_DONT_DROP0x0001) && newstate < sc->sc_statesc_info.state) ||
   ((flags & UMB_NS_DONT_RAISE0x0002) && newstate > sc->sc_statesc_info.state))
return;
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: state going %s from '%s' to '%s'\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), newstate > sc->sc_statesc_info.state ? "up" : "down",
    umb_istate(sc->sc_state)umb_val2descr(umb_istate, (sc->sc_info.state)), umb_istate(newstate)umb_val2descr(umb_istate, (newstate)));
sc->sc_statesc_info.state = newstate;
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
1097}

1099void
1100umb_state_task(void *arg)
1101{
struct umb_softc *sc = arg;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
int	 state;

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 && !sc->sc_roamingsc_info.enable_roaming) {
/*
 * Query the registration state until we're with the home
 * network again.
 */
umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_QRY0, NULL((void *)0), 0);
return;
}

s = splnet()splraise(0x4);
if (ifp->if_flags & IFF_UP0x1)
umb_up(sc);
else
umb_down(sc, 0);

state = sc->sc_statesc_info.state == UMB_S_UP ? LINK_STATE_UP4 : LINK_STATE_DOWN2;
if (ifp->if_link_stateif_data.ifi_link_state != state) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: link state changed from %s to %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    LINK_STATE_IS_UP(ifp->if_link_state)((ifp->if_data.ifi_link_state) >= 4 || (ifp->if_data
.ifi_link_state) == 0)
	    ? "up" : "down",
	    LINK_STATE_IS_UP(state)((state) >= 4 || (state) == 0) ? "up" : "down");
ifp->if_link_stateif_data.ifi_link_state = state;
if_link_state_change(ifp);
}
splx(s)spllower(s);
1134}

1136void
1137umb_up(struct umb_softc *sc)
1138{
splassert(IPL_NET)do { if (splassert_ctl > 0) { splassert_check(0x4, __func__
); } } while (0);

switch (sc->sc_statesc_info.state) {
case UMB_S_DOWN:
DPRINTF("%s: init: opening ...\n", DEVNAM(sc))do { } while (0);
umb_open(sc);
break;
case UMB_S_OPEN:
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001) {
	if (sc->sc_cid == -1) {
		DPRINTF("%s: init: allocating CID ...\n",do { } while (0)
		    DEVNAM(sc))do { } while (0);
		umb_allocate_cid(sc);
		break;
	} else
		umb_newstate(sc, UMB_S_CID, UMB_NS_DONT_DROP0x0001);
} else {
	DPRINTF("%s: init: turning radio on ...\n", DEVNAM(sc))do { } while (0);
	umb_radio(sc, 1);
	break;
}
/*FALLTHROUGH*/
case UMB_S_CID:
DPRINTF("%s: init: sending FCC auth ...\n", DEVNAM(sc))do { } while (0);
umb_send_fcc_auth(sc);
break;
case UMB_S_RADIO:
DPRINTF("%s: init: checking SIM state ...\n", DEVNAM(sc))do { } while (0);
umb_cmd(sc, MBIM_CID_SUBSCRIBER_READY_STATUS2, MBIM_CMDOP_QRY0,
    NULL((void *)0), 0);
break;
case UMB_S_SIMREADY:
DPRINTF("%s: init: attaching ...\n", DEVNAM(sc))do { } while (0);
umb_packet_service(sc, 1);
break;
case UMB_S_ATTACHED:
sc->sc_tx_seq = 0;
if (!umb_alloc_xfers(sc)) {
	umb_free_xfers(sc);
	printf("%s: allocation of xfers failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	break;
}
DPRINTF("%s: init: connecting ...\n", DEVNAM(sc))do { } while (0);
umb_connect(sc);
break;
case UMB_S_CONNECTED:
DPRINTF("%s: init: getting IP config ...\n", DEVNAM(sc))do { } while (0);
umb_qry_ipconfig(sc);
break;
case UMB_S_UP:
DPRINTF("%s: init: reached state UP\n", DEVNAM(sc))do { } while (0);
if (!umb_alloc_bulkpipes(sc)) {
	printf("%s: opening bulk pipes failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	umb_down(sc, 1);
}
break;
}
if (sc->sc_statesc_info.state < UMB_S_UP)
timeout_add_sec(&sc->sc_statechg_timer,
    UMB_STATE_CHANGE_TIMEOUT30);
else
timeout_del(&sc->sc_statechg_timer);
return;
1202}

1204void
1205umb_down(struct umb_softc *sc, int force)
1206{
splassert(IPL_NET)do { if (splassert_ctl > 0) { splassert_check(0x4, __func__
); } } while (0);

umb_close_bulkpipes(sc);
if (sc->sc_statesc_info.state < UMB_S_CONNECTED)
umb_free_xfers(sc);

switch (sc->sc_statesc_info.state) {
case UMB_S_UP:
umb_clear_addr(sc);
/*FALLTHROUGH*/
case UMB_S_CONNECTED:
DPRINTF("%s: stop: disconnecting ...\n", DEVNAM(sc))do { } while (0);
umb_disconnect(sc);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_ATTACHED:
DPRINTF("%s: stop: detaching ...\n", DEVNAM(sc))do { } while (0);
umb_packet_service(sc, 0);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_SIMREADY:
case UMB_S_RADIO:
DPRINTF("%s: stop: turning radio off ...\n", DEVNAM(sc))do { } while (0);
umb_radio(sc, 0);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_CID:
case UMB_S_OPEN:
case UMB_S_DOWN:
/* Do not close the device */
DPRINTF("%s: stop: reached state DOWN\n", DEVNAM(sc))do { } while (0);
break;
}
if (force)
sc->sc_statesc_info.state = UMB_S_OPEN;

if (sc->sc_statesc_info.state > UMB_S_OPEN)
timeout_add_sec(&sc->sc_statechg_timer,
    UMB_STATE_CHANGE_TIMEOUT30);
else
timeout_del(&sc->sc_statechg_timer);
1251}

1253void
1254umb_get_response_task(void *arg)
1255{
struct umb_softc *sc = arg;
int	 len;
int	 s;

/*
* Function is required to send on RESPONSE_AVAILABLE notification for
* each encapsulated response that is to be processed by the host.
* But of course, we can receive multiple notifications before the
* response task is run.
*/
s = splusb()splraise(0x2);
while (sc->sc_nresp > 0) {
--sc->sc_nresp;
len = sc->sc_ctrl_len;
if (umb_get_encap_response(sc, sc->sc_resp_buf, &len))
	umb_decode_response(sc, sc->sc_resp_buf, len);
}
splx(s)spllower(s);
1274}

1276void
1277umb_decode_response(struct umb_softc *sc, void *response, int len)
1278{
struct mbim_msghdr *hdr = response;
struct mbim_fragmented_msg_hdr *fraghdr;
uint32_t type;
uint32_t tid;

DPRINTFN(3, "%s: got response: len %d\n", DEVNAM(sc), len)do { } while (0);
DDUMPN(4, response, len)do { } while (0);

if (len < sizeof (*hdr) || letoh32(hdr->len)((__uint32_t)(hdr->len)) != len) {
/*
 * We should probably cancel a transaction, but since the
 * message is too short, we cannot decode the transaction
 * id (tid) and hence don't know, whom to cancel. Must wait
 * for the timeout.
 */
DPRINTF("%s: received short response (len %d)\n",do { } while (0)
    DEVNAM(sc), len)do { } while (0);
return;
}

/*
* XXX FIXME: if message is fragmented, store it until last frag
*	is received and then re-assemble all fragments.
*/
type = letoh32(hdr->type)((__uint32_t)(hdr->type));
tid = letoh32(hdr->tid)((__uint32_t)(hdr->tid));
switch (type) {
case MBIM_INDICATE_STATUS_MSG0x80000007U:
case MBIM_COMMAND_DONE0x80000003U:
fraghdr = response;
if (letoh32(fraghdr->frag.nfrag)((__uint32_t)(fraghdr->frag.nfrag)) != 1) {
	DPRINTF("%s: discarding fragmented messages\n",do { } while (0)
	    DEVNAM(sc))do { } while (0);
	return;
}
break;
default:
break;
}

DPRINTF("%s: <- rcv %s (tid %u)\n", DEVNAM(sc), umb_request2str(type),do { } while (0)
   tid)do { } while (0);
switch (type) {
case MBIM_FUNCTION_ERROR_MSG0x80000004U:
case MBIM_HOST_ERROR_MSG4U:
{
struct mbim_f2h_hosterr *e;
int	 err;

if (len >= sizeof (*e)) {
	e = response;
	err = letoh32(e->err)((__uint32_t)(e->err));

	DPRINTF("%s: %s message, error %s (tid %u)\n",do { } while (0)
	    DEVNAM(sc), umb_request2str(type),do { } while (0)
	    umb_error2str(err), tid)do { } while (0);
	if (err == MBIM_ERROR_NOT_OPENED5)
		umb_newstate(sc, UMB_S_DOWN, 0);
}
break;
}
case MBIM_INDICATE_STATUS_MSG0x80000007U:
umb_handle_indicate_status_msg(sc, response, len);
break;
case MBIM_OPEN_DONE0x80000001U:
umb_handle_opendone_msg(sc, response, len);
break;
case MBIM_CLOSE_DONE0x80000002U:
umb_handle_closedone_msg(sc, response, len);
break;
case MBIM_COMMAND_DONE0x80000003U:
umb_command_done(sc, response, len);
break;
default:
DPRINTF("%s: discard message %s\n", DEVNAM(sc),do { } while (0)
    umb_request2str(type))do { } while (0);
break;
}
1357}

1359void
1360umb_handle_indicate_status_msg(struct umb_softc *sc, void *data, int len)
1361{
struct mbim_f2h_indicate_status *m = data;
uint32_t infolen;
uint32_t cid;

if (len < sizeof (*m)) {
DPRINTF("%s: discard short %s message\n", DEVNAM(sc),do { } while (0)
    umb_request2str(letoh32(m->hdr.type)))do { } while (0);
return;
}
if (memcmp(m->devid, umb_uuid_basic_connect, sizeof (m->devid))__builtin_memcmp((m->devid), (umb_uuid_basic_connect), (sizeof
 (m->devid)))) {
DPRINTF("%s: discard %s message for other UUID '%s'\n",do { } while (0)
    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),do { } while (0)
    umb_uuid2str(m->devid))do { } while (0);
return;
}
infolen = letoh32(m->infolen)((__uint32_t)(m->infolen));
if (len < sizeof (*m) + infolen) {
DPRINTF("%s: discard truncated %s message (want %d, got %d)\n",do { } while (0)
    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),do { } while (0)
    (int)sizeof (*m) + infolen, len)do { } while (0);
return;
}

cid = letoh32(m->cid)((__uint32_t)(m->cid));
DPRINTF("%s: indicate %s status\n", DEVNAM(sc), umb_cid2str(cid))do { } while (0);
umb_decode_cid(sc, cid, m->info, infolen);
1388}

1390void
1391umb_handle_opendone_msg(struct umb_softc *sc, void *data, int len)
1392{
struct mbim_f2h_openclosedone *resp = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t status;

status = letoh32(resp->status)((__uint32_t)(resp->status));
if (status == MBIM_STATUS_SUCCESS0) {
if (sc->sc_maxsessions == 0) {
	umb_cmd(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_QRY0, NULL((void *)0),
	    0);
	umb_cmd(sc, MBIM_CID_PIN4, MBIM_CMDOP_QRY0, NULL((void *)0), 0);
	umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_QRY0,
	    NULL((void *)0), 0);
}
umb_newstate(sc, UMB_S_OPEN, UMB_NS_DONT_DROP0x0001);
} else if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_ERR3, "%s: open error: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
    umb_status2str(status)umb_val2descr(umb_status, (status)));
return;
1411}

1413void
1414umb_handle_closedone_msg(struct umb_softc *sc, void *data, int len)
1415{
struct mbim_f2h_openclosedone *resp = data;
uint32_t status;

status = letoh32(resp->status)((__uint32_t)(resp->status));
if (status == MBIM_STATUS_SUCCESS0)
umb_newstate(sc, UMB_S_DOWN, 0);
else
DPRINTF("%s: close error: %s\n", DEVNAM(sc),do { } while (0)
    umb_status2str(status))do { } while (0);
return;
1426}

1428static inline void
1429umb_getinfobuf(void *in, int inlen, uint32_t offs, uint32_t sz,
  void *out, size_t outlen)
1431{
offs = letoh32(offs)((__uint32_t)(offs));
sz = letoh32(sz)((__uint32_t)(sz));
if (inlen >= offs + sz) {
memset(out, 0, outlen)__builtin_memset((out), (0), (outlen));
memcpy(out, in + offs, MIN(sz, outlen))__builtin_memcpy((out), (in + offs), ((((sz)<(outlen))?(sz
):(outlen))));
}
1438}

1440static inline int
1441umb_addstr(void *buf, size_t bufsz, int *offs, void *str, int slen,
  uint32_t *offsmember, uint32_t *sizemember)
1443{
if (*offs + slen > bufsz)
return 0;

*sizemember = htole32((uint32_t)slen)((__uint32_t)((uint32_t)slen));
if (slen && str) {
*offsmember = htole32((uint32_t)*offs)((__uint32_t)((uint32_t)*offs));
memcpy(buf + *offs, str, slen)__builtin_memcpy((buf + *offs), (str), (slen));
*offs += slen;
*offs += umb_padding(buf, bufsz, *offs, sizeof (uint32_t), 0);
} else
*offsmember = htole32(0)((__uint32_t)(0));
return 1;
1456}

1458int
1459umb_decode_register_state(struct umb_softc *sc, void *data, int len)
1460{
struct mbim_cid_registration_state_info *rs = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*rs))
return 0;
sc->sc_info.nwerror = letoh32(rs->nwerror)((__uint32_t)(rs->nwerror));
sc->sc_info.regstate = letoh32(rs->regstate)((__uint32_t)(rs->regstate));
sc->sc_info.regmode = letoh32(rs->regmode)((__uint32_t)(rs->regmode));
sc->sc_info.cellclass = letoh32(rs->curcellclass)((__uint32_t)(rs->curcellclass));

umb_getinfobuf(data, len, rs->provname_offs, rs->provname_size,
   sc->sc_info.provider, sizeof (sc->sc_info.provider));
umb_getinfobuf(data, len, rs->provid_offs, rs->provid_size,
   sc->sc_info.providerid, sizeof (sc->sc_info.providerid));
umb_getinfobuf(data, len, rs->roamingtxt_offs, rs->roamingtxt_size,
   sc->sc_info.roamingtxt, sizeof (sc->sc_info.roamingtxt));

DPRINTFN(2, "%s: %s, availclass 0x%x, class 0x%x, regmode %d\n",do { } while (0)
   DEVNAM(sc), umb_regstate(sc->sc_info.regstate),do { } while (0)
   letoh32(rs->availclasses), sc->sc_info.cellclass,do { } while (0)
   sc->sc_info.regmode)do { } while (0);

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 &&
   !sc->sc_roamingsc_info.enable_roaming &&
   sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED1) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6,
	    "%s: disconnecting from roaming network\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_disconnect(sc);
}
return 1;
1493}

1495int
1496umb_decode_devices_caps(struct umb_softc *sc, void *data, int len)
1497{
struct mbim_cid_device_caps *dc = data;

if (len < sizeof (*dc))
return 0;
sc->sc_maxsessions = letoh32(dc->max_sessions)((__uint32_t)(dc->max_sessions));
sc->sc_info.supportedclasses = letoh32(dc->dataclass)((__uint32_t)(dc->dataclass));
umb_getinfobuf(data, len, dc->devid_offs, dc->devid_size,
   sc->sc_info.devid, sizeof (sc->sc_info.devid));
umb_getinfobuf(data, len, dc->fwinfo_offs, dc->fwinfo_size,
   sc->sc_info.fwinfo, sizeof (sc->sc_info.fwinfo));
umb_getinfobuf(data, len, dc->hwinfo_offs, dc->hwinfo_size,
   sc->sc_info.hwinfo, sizeof (sc->sc_info.hwinfo));
DPRINTFN(2, "%s: max sessions %d, supported classes 0x%x\n",do { } while (0)
   DEVNAM(sc), sc->sc_maxsessions, sc->sc_info.supportedclasses)do { } while (0);
return 1;
1513}

1515int
1516umb_decode_subscriber_status(struct umb_softc *sc, void *data, int len)
1517{
struct mbim_cid_subscriber_ready_info *si = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	npn;

if (len < sizeof (*si))
return 0;
sc->sc_info.sim_state = letoh32(si->ready)((__uint32_t)(si->ready));

umb_getinfobuf(data, len, si->sid_offs, si->sid_size,
   sc->sc_info.sid, sizeof (sc->sc_info.sid));
umb_getinfobuf(data, len, si->icc_offs, si->icc_size,
   sc->sc_info.iccid, sizeof (sc->sc_info.iccid));

npn = letoh32(si->no_pn)((__uint32_t)(si->no_pn));
if (npn > 0)
umb_getinfobuf(data, len, si->pn[0].offs, si->pn[0].size,
    sc->sc_info.pn, sizeof (sc->sc_info.pn));
else
memset(sc->sc_info.pn, 0, sizeof (sc->sc_info.pn))__builtin_memset((sc->sc_info.pn), (0), (sizeof (sc->sc_info
.pn)));

if (sc->sc_info.sim_state == MBIM_SIMSTATE_LOCKED6)
sc->sc_info.pin_state = UMB_PUK_REQUIRED2;
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_INFO6, "%s: SIM %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
    umb_simstate(sc->sc_info.sim_state)umb_val2descr(umb_simstate, (sc->sc_info.sim_state)));
if (sc->sc_info.sim_state == MBIM_SIMSTATE_INITIALIZED1)
umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_DROP0x0001);
return 1;
1546}

1548int
1549umb_decode_radio_state(struct umb_softc *sc, void *data, int len)
1550{
struct mbim_cid_radio_state_info *rs = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*rs))
return 0;

sc->sc_info.hw_radio_on =
   (letoh32(rs->hw_state)((__uint32_t)(rs->hw_state)) == MBIM_RADIO_STATE_ON1) ? 1 : 0;
sc->sc_info.sw_radio_on =
   (letoh32(rs->sw_state)((__uint32_t)(rs->sw_state)) == MBIM_RADIO_STATE_ON1) ? 1 : 0;
if (!sc->sc_info.hw_radio_on) {
printf("%s: radio is disabled by hardware switch\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
/*
 * XXX do we need a time to poll the state of the rfkill switch
 *	or will the device send an unsolicited notification
 *	in case the state changes?
 */
umb_newstate(sc, UMB_S_OPEN, 0);
} else if (!sc->sc_info.sw_radio_on) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: radio is off\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_newstate(sc, UMB_S_OPEN, 0);
} else
umb_newstate(sc, UMB_S_RADIO, UMB_NS_DONT_DROP0x0001);
return 1;
1577}

1579int
1580umb_decode_pin(struct umb_softc *sc, void *data, int len)
1581{
struct mbim_cid_pin_info *pi = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t	attempts_left;

if (len < sizeof (*pi))
return 0;

attempts_left = letoh32(pi->remaining_attempts)((__uint32_t)(pi->remaining_attempts));
if (attempts_left != 0xffffffff)
sc->sc_info.pin_attempts_left = attempts_left;

switch (letoh32(pi->state)((__uint32_t)(pi->state))) {
case MBIM_PIN_STATE_UNLOCKED0:
sc->sc_info.pin_state = UMB_PIN_UNLOCKED1;
break;
case MBIM_PIN_STATE_LOCKED1:
switch (letoh32(pi->type)((__uint32_t)(pi->type))) {
case MBIM_PIN_TYPE_PIN12:
	sc->sc_info.pin_state = UMB_PIN_REQUIRED0;
	break;
case MBIM_PIN_TYPE_PUK111:
	sc->sc_info.pin_state = UMB_PUK_REQUIRED2;
	break;
case MBIM_PIN_TYPE_PIN23:
case MBIM_PIN_TYPE_PUK212:
	/* Assume that PIN1 was accepted */
	sc->sc_info.pin_state = UMB_PIN_UNLOCKED1;
	break;
}
break;
}
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_INFO6, "%s: %s state %s (%d attempts left)\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), umb_pin_type(letoh32(pi->type))umb_val2descr(umb_pintype, (((__uint32_t)(pi->type)))),
    (letoh32(pi->state)((__uint32_t)(pi->state)) == MBIM_PIN_STATE_UNLOCKED0) ?
	"unlocked" : "locked",
    letoh32(pi->remaining_attempts)((__uint32_t)(pi->remaining_attempts)));

/*
* In case the PIN was set after IFF_UP, retrigger the state machine
*/
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
return 1;
1625}

1627int
1628umb_decode_packet_service(struct umb_softc *sc, void *data, int len)
1629{
struct mbim_cid_packet_service_info *psi = data;
int	 state, highestclass;
uint64_t up_speed, down_speed;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*psi))
return 0;

sc->sc_info.nwerror = letoh32(psi->nwerror)((__uint32_t)(psi->nwerror));
state = letoh32(psi->state)((__uint32_t)(psi->state));
highestclass = letoh32(psi->highest_dataclass)((__uint32_t)(psi->highest_dataclass));
up_speed = letoh64(psi->uplink_speed)((__uint64_t)(psi->uplink_speed));
down_speed = letoh64(psi->downlink_speed)((__uint64_t)(psi->downlink_speed));
if (sc->sc_info.packetstate  != state ||
   sc->sc_info.uplink_speed != up_speed ||
   sc->sc_info.downlink_speed != down_speed) {
if (ifp->if_flags & IFF_DEBUG0x4) {
	log(LOG_INFO6, "%s: packet service ", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	if (sc->sc_info.packetstate  != state)
		addlog("changed from %s to ",
		    umb_packet_state(sc->sc_info.packetstate)umb_val2descr(umb_pktstate, (sc->sc_info.packetstate)));
	addlog("%s, class %s, speed: %llu up / %llu down\n",
	    umb_packet_state(state)umb_val2descr(umb_pktstate, (state)), 
	    umb_dataclass(highestclass)umb_val2descr(umb_dataclasses, (highestclass)), up_speed, down_speed);
}
}
sc->sc_info.packetstate = state;
sc->sc_info.highestclass = highestclass;
sc->sc_info.uplink_speed = up_speed;
sc->sc_info.downlink_speed = down_speed;

if (sc->sc_info.regmode == MBIM_REGMODE_AUTOMATIC1) {
/*
 * For devices using automatic registration mode, just proceed,
 * once registration has completed.
 */
if (ifp->if_flags & IFF_UP0x1) {
	switch (sc->sc_info.regstate) {
	case MBIM_REGSTATE_HOME3:
	case MBIM_REGSTATE_ROAMING4:
	case MBIM_REGSTATE_PARTNER5:
		umb_newstate(sc, UMB_S_ATTACHED,
		    UMB_NS_DONT_DROP0x0001);
		break;
	default:
		break;
	}
} else
	umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE0x0002);
} else switch (sc->sc_info.packetstate) {
case MBIM_PKTSERVICE_STATE_ATTACHED2:
umb_newstate(sc, UMB_S_ATTACHED, UMB_NS_DONT_DROP0x0001);
break;
case MBIM_PKTSERVICE_STATE_DETACHED4:
umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE0x0002);
break;
}
return 1;
1688}

1690int
1691umb_decode_signal_state(struct umb_softc *sc, void *data, int len)
1692{
struct mbim_cid_signal_state *ss = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 rssi;
1696#if NKSTAT1 > 0
struct kstat *ks;
1698#endif

if (len < sizeof (*ss))
return 0;

if (letoh32(ss->rssi)((__uint32_t)(ss->rssi)) == 99)
rssi = UMB_VALUE_UNKNOWN-999;
else {
rssi = -113 + 2 * letoh32(ss->rssi)((__uint32_t)(ss->rssi));
if ((ifp->if_flags & IFF_DEBUG0x4) && sc->sc_info.rssi != rssi &&
    sc->sc_statesc_info.state >= UMB_S_CONNECTED)
	log(LOG_INFO6, "%s: rssi %d dBm\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), rssi);
}
sc->sc_info.rssi = rssi;
sc->sc_info.ber = letoh32(ss->err_rate)((__uint32_t)(ss->err_rate));
if (sc->sc_info.ber == 99)
sc->sc_info.ber = UMB_VALUE_UNKNOWN-999;

1716#if NKSTAT1 > 0
ks = sc->sc_kstat_signal;
if (ks != NULL((void *)0)) {
struct umb_kstat_signal *uks = ks->ks_data;

rw_enter_write(&sc->sc_kstat_lock);
kstat_kv_u64(&uks->reports)(&uks->reports)->kv_v.v_u64++;

if (sc->sc_info.rssi == UMB_VALUE_UNKNOWN-999)
	uks->rssi.kv_type = KSTAT_KV_T_NULL;
else {
	uks->rssi.kv_type = KSTAT_KV_T_INT32;
	kstat_kv_s32(&uks->rssi)(&uks->rssi)->kv_v.v_s32 = sc->sc_info.rssi;
}

if (sc->sc_info.ber == UMB_VALUE_UNKNOWN-999)
	uks->error_rate.kv_type = KSTAT_KV_T_NULL;
else {
	uks->error_rate.kv_type = KSTAT_KV_T_INT32;
	kstat_kv_s32(&uks->error_rate)(&uks->error_rate)->kv_v.v_s32 = sc->sc_info.ber;
}

ks->ks_interval.tv_sec = letoh32(ss->ss_intvl)((__uint32_t)(ss->ss_intvl));
getnanouptime(&ks->ks_updated);
rw_exit_write(&sc->sc_kstat_lock);
}
1742#endif

return 1;
1745}

1747int
1748umb_decode_connect_info(struct umb_softc *sc, void *data, int len)
1749{
struct mbim_cid_connect_info *ci = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 act;

if (len < sizeof (*ci))
return 0;

if (letoh32(ci->sessionid)((__uint32_t)(ci->sessionid)) != umb_session_id) {
DPRINTF("%s: discard connection info for session %u\n",do { } while (0)
    DEVNAM(sc), letoh32(ci->sessionid))do { } while (0);
return 1;
}
if (memcmp(ci->context, umb_uuid_context_internet,__builtin_memcmp((ci->context), (umb_uuid_context_internet
), (sizeof (ci->context)))
   sizeof (ci->context))__builtin_memcmp((ci->context), (umb_uuid_context_internet
), (sizeof (ci->context)))) {
DPRINTF("%s: discard connection info for other context\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
return 1;
}
act = letoh32(ci->activation)((__uint32_t)(ci->activation));
if (sc->sc_info.activation != act) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: connection %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    umb_activation(act)umb_val2descr(umb_actstate, (act)));

sc->sc_info.activation = act;
sc->sc_info.nwerror = letoh32(ci->nwerror)((__uint32_t)(ci->nwerror));

if (sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED1)
	umb_newstate(sc, UMB_S_CONNECTED, UMB_NS_DONT_DROP0x0001);
else if (sc->sc_info.activation ==
    MBIM_ACTIVATION_STATE_DEACTIVATED3)
	umb_newstate(sc, UMB_S_ATTACHED, 0);
/* else: other states are purely transitional */
}
return 1;
1785}

1787void
1788umb_clear_addr(struct umb_softc *sc)
1789{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
memset(sc->sc_info.ipv6dns, 0, sizeof (sc->sc_info.ipv6dns))__builtin_memset((sc->sc_info.ipv6dns), (0), (sizeof (sc->
sc_info.ipv6dns)));
umb_send_inet_proposal(sc, AF_INET2);
1795#ifdef INET61
umb_send_inet_proposal(sc, AF_INET624);
1797#endif
NET_LOCK()do { rw_enter_write(&netlock); } while (0);
in_ifdetach(ifp);
1800#ifdef INET61
in6_ifdetach(ifp);
1802#endif
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
1804}

1806int
1807umb_add_inet_config(struct umb_softc *sc, struct in_addr ip, u_int prefixlen,
  struct in_addr gw)
1809{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct in_aliasreq ifra;
struct sockaddr_in *sin, default_sin;
struct rt_addrinfo info;
struct rtentry *rt;
int	 rv;

memset(&ifra, 0, sizeof (ifra))__builtin_memset((&ifra), (0), (sizeof (ifra)));
rv = in_ioctl(SIOCDIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((25))), (caddr_t)&ifra, ifp, 1);
if (rv != 0 && rv != EADDRNOTAVAIL49) {
printf("%s: unable to delete IPv4 address, error %d\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
return rv;
}

memset(&ifra, 0, sizeof (ifra))__builtin_memset((&ifra), (0), (sizeof (ifra)));
sin = &ifra.ifra_addrifra_ifrau.ifrau_addr;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
sin->sin_addr = ip;

sin = &ifra.ifra_dstaddr;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
sin->sin_addr = gw;

sin = &ifra.ifra_mask;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
in_len2mask(&sin->sin_addr, prefixlen);

rv = in_ioctl(SIOCAIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifaliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))), (caddr_t)&ifra, ifp, 1);
if (rv != 0) {
printf("%s: unable to set IPv4 address, error %d\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
return rv;
}

memset(&default_sin, 0, sizeof(default_sin))__builtin_memset((&default_sin), (0), (sizeof(default_sin
)));
default_sin.sin_family = AF_INET2;
default_sin.sin_len = sizeof (default_sin);

memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));
NET_LOCK()do { rw_enter_write(&netlock); } while (0);
info.rti_flags = RTF_GATEWAY0x2 /* maybe | RTF_STATIC */;
info.rti_ifa = ifa_ifwithaddr(sintosa(&ifra.ifra_addrifra_ifrau.ifrau_addr),
   ifp->if_rdomainif_data.ifi_rdomain);
info.rti_info[RTAX_DST0] = sintosa(&default_sin);
info.rti_info[RTAX_NETMASK2] = sintosa(&default_sin);
info.rti_info[RTAX_GATEWAY1] = sintosa(&ifra.ifra_dstaddr);

rv = rtrequest(RTM_ADD0x1, &info, 0, &rt, ifp->if_rdomainif_data.ifi_rdomain);
if (rv) {
printf("%s: unable to set IPv4 default route, "
    "error %d\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
rtm_miss(RTM_MISS0x7, &info, 0, RTP_NONE0, 0, rv,
    ifp->if_rdomainif_data.ifi_rdomain);
} else {
/* Inform listeners of the new route */
rtm_send(rt, RTM_ADD0x1, rv, ifp->if_rdomainif_data.ifi_rdomain);
rtfree(rt);
}
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);

if (ifp->if_flags & IFF_DEBUG0x4) {
char str[3][INET_ADDRSTRLEN16];
log(LOG_INFO6, "%s: IPv4 addr %s, mask %s, gateway %s\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
),
    sockaddr_ntop(sintosa(&ifra.ifra_addrifra_ifrau.ifrau_addr), str[0],
    sizeof(str[0])),
    sockaddr_ntop(sintosa(&ifra.ifra_mask), str[1],
    sizeof(str[1])),
    sockaddr_ntop(sintosa(&ifra.ifra_dstaddr), str[2],
    sizeof(str[2])));
}
return 0;
1886}

1888#ifdef INET61
1889int
1890umb_add_inet6_config(struct umb_softc *sc, struct in6_addr *ip, u_int prefixlen,
  struct in6_addr *gw)
1892{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct in6_aliasreq ifra;
struct sockaddr_in6 *sin6, default_sin6;
struct rt_addrinfo info;
struct rtentry *rt;
int	 rv;

memset(&ifra, 0, sizeof (ifra))__builtin_memset((&ifra), (0), (sizeof (ifra)));
sin6 = &ifra.ifra_addrifra_ifrau.ifrau_addr;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
memcpy(&sin6->sin6_addr, ip, sizeof (sin6->sin6_addr))__builtin_memcpy((&sin6->sin6_addr), (ip), (sizeof (sin6
->sin6_addr)));

sin6 = &ifra.ifra_dstaddr;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
memcpy(&sin6->sin6_addr, gw, sizeof (sin6->sin6_addr))__builtin_memcpy((&sin6->sin6_addr), (gw), (sizeof (sin6
->sin6_addr)));

/* XXX: in6_update_ifa() accepts only 128 bits for P2P interfaces. */
prefixlen = 128;

sin6 = &ifra.ifra_prefixmask;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
in6_prefixlen2mask(&sin6->sin6_addr, prefixlen);

ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME0xffffffff;
ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME0xffffffff;

rv = in6_ioctl(SIOCAIFADDR_IN6((unsigned long)0x80000000 | ((sizeof(struct in6_aliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))), (caddr_t)&ifra, ifp, 1);
if (rv != 0) {
printf("%s: unable to set IPv6 address, error %d\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
return rv;
}

memset(&default_sin6, 0, sizeof(default_sin6))__builtin_memset((&default_sin6), (0), (sizeof(default_sin6
)));
default_sin6.sin6_family = AF_INET624;
default_sin6.sin6_len = sizeof (default_sin6);

memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));
NET_LOCK()do { rw_enter_write(&netlock); } while (0);
info.rti_flags = RTF_GATEWAY0x2 /* maybe | RTF_STATIC */;
info.rti_ifa = ifa_ifwithaddr(sin6tosa(&ifra.ifra_addrifra_ifrau.ifrau_addr),
   ifp->if_rdomainif_data.ifi_rdomain);
info.rti_info[RTAX_DST0] = sin6tosa(&default_sin6);
info.rti_info[RTAX_NETMASK2] = sin6tosa(&default_sin6);
info.rti_info[RTAX_GATEWAY1] = sin6tosa(&ifra.ifra_dstaddr);

rv = rtrequest(RTM_ADD0x1, &info, 0, &rt, ifp->if_rdomainif_data.ifi_rdomain);
if (rv) {
printf("%s: unable to set IPv6 default route, "
    "error %d\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
rtm_miss(RTM_MISS0x7, &info, 0, RTP_NONE0, 0, rv,
    ifp->if_rdomainif_data.ifi_rdomain);
} else {
/* Inform listeners of the new route */
rtm_send(rt, RTM_ADD0x1, rv, ifp->if_rdomainif_data.ifi_rdomain);
rtfree(rt);
}
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);

if (ifp->if_flags & IFF_DEBUG0x4) {
char str[3][INET6_ADDRSTRLEN46];
log(LOG_INFO6, "%s: IPv6 addr %s, mask %s, gateway %s\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
),
    sockaddr_ntop(sin6tosa(&ifra.ifra_addrifra_ifrau.ifrau_addr), str[0],
    sizeof(str[0])),
    sockaddr_ntop(sin6tosa(&ifra.ifra_prefixmask), str[1],
    sizeof(str[1])),
    sockaddr_ntop(sin6tosa(&ifra.ifra_dstaddr), str[2],
    sizeof(str[2])));
}
return 0;
1967}
1968#endif

1970void
1971umb_send_inet_proposal(struct umb_softc *sc, int af)
1972{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct sockaddr_rtdns rtdns;
struct rt_addrinfo info;
int i, flag = 0;
size_t sz = 0;

memset(&rtdns, 0, sizeof(rtdns))__builtin_memset((&rtdns), (0), (sizeof(rtdns)));
memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));

for (i = 0; i < UMB_MAX_DNSSRV2; i++) {
if (af == AF_INET2) {
	sz = sizeof (sc->sc_info.ipv4dns[i]);
	if (sc->sc_info.ipv4dns[i].s_addr == INADDR_ANY((u_int32_t) (__uint32_t)(__builtin_constant_p((u_int32_t)(0x00000000
)) ? (__uint32_t)(((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff) << 24 | ((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff00) << 8 | ((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff0000) >> 8 | ((__uint32_t)((u_int32_t)(0x00000000)
) & 0xff000000) >> 24) : __swap32md((u_int32_t)(0x00000000
)))))
		break;
	memcpy(rtdns.sr_dns + i * sz, &sc->sc_info.ipv4dns[i],__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv4dns[i]), (sz))
	    sz)__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv4dns[i]), (sz));
	flag = RTF_UP0x1;
1990#ifdef INET61
} else if (af == AF_INET624) {
	sz = sizeof (sc->sc_info.ipv6dns[i]);
	if (IN6_ARE_ADDR_EQUAL(&sc->sc_info.ipv6dns[i],(__builtin_memcmp((&(&sc->sc_info.ipv6dns[i])->
__u6_addr.__u6_addr8[0]), (&(&in6addr_any)->__u6_addr
.__u6_addr8[0]), (sizeof(struct in6_addr))) == 0)
	    &in6addr_any)(__builtin_memcmp((&(&sc->sc_info.ipv6dns[i])->
__u6_addr.__u6_addr8[0]), (&(&in6addr_any)->__u6_addr
.__u6_addr8[0]), (sizeof(struct in6_addr))) == 0))
		break;
	memcpy(rtdns.sr_dns + i * sz, &sc->sc_info.ipv6dns[i],__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv6dns[i]), (sz))
	    sz)__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv6dns[i]), (sz));
	flag = RTF_UP0x1;
1999#endif
}
}
rtdns.sr_family = af;
rtdns.sr_len = 2 + i * sz;
info.rti_info[RTAX_DNS12] = srtdnstosa(&rtdns);

rtm_proposal(ifp, &info, flag, RTP_PROPOSAL_UMB60);
2007}

2009int
2010umb_decode_ip_configuration(struct umb_softc *sc, void *data, int len)
2011{
struct mbim_cid_ip_configuration_info *ic = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
uint32_t avail_v4;
uint32_t val;
int	 n, i;
int	 off;
struct mbim_cid_ipv4_element ipv4elem;
struct in_addr addr, gw;
int	 state = -1;
int	 rv;
int	 hasmtu = 0;
2024#ifdef INET61
uint32_t avail_v6;
struct mbim_cid_ipv6_element ipv6elem;
struct in6_addr addr6, gw6;
2028#endif

if (len < sizeof (*ic))
return 0;
if (letoh32(ic->sessionid)((__uint32_t)(ic->sessionid)) != umb_session_id) {
DPRINTF("%s: ignore IP configuration for session id %d\n",do { } while (0)
    DEVNAM(sc), letoh32(ic->sessionid))do { } while (0);
return 0;
}
s = splnet()splraise(0x4);

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
memset(sc->sc_info.ipv6dns, 0, sizeof (sc->sc_info.ipv6dns))__builtin_memset((sc->sc_info.ipv6dns), (0), (sizeof (sc->
sc_info.ipv6dns)));

/*
* IPv4 configuration
*/
avail_v4 = letoh32(ic->ipv4_available)((__uint32_t)(ic->ipv4_available));
if ((avail_v4 & (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) ==
   (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) {
n = letoh32(ic->ipv4_naddr)((__uint32_t)(ic->ipv4_naddr));
off = letoh32(ic->ipv4_addroffs)((__uint32_t)(ic->ipv4_addroffs));

if (n == 0 || off + sizeof (ipv4elem) > len)
	goto tryv6;
if (n != 1 && ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: more than one IPv4 addr: %d\n",
	    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), n);

/* Only pick the first one */
memcpy(&ipv4elem, data + off, sizeof (ipv4elem))__builtin_memcpy((&ipv4elem), (data + off), (sizeof (ipv4elem
)));
ipv4elem.prefixlen = letoh32(ipv4elem.prefixlen)((__uint32_t)(ipv4elem.prefixlen));
addr.s_addr = ipv4elem.addr;

off = letoh32(ic->ipv4_gwoffs)((__uint32_t)(ic->ipv4_gwoffs));
if (off + sizeof (gw) > len)
	goto done;
memcpy(&gw, data + off, sizeof(gw))__builtin_memcpy((&gw), (data + off), (sizeof(gw)));

rv = umb_add_inet_config(sc, addr, ipv4elem.prefixlen, gw);
if (rv == 0) 
	state = UMB_S_UP;

}

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
if (avail_v4 & MBIM_IPCONF_HAS_DNSINFO0x0004) {
n = letoh32(ic->ipv4_ndnssrv)((__uint32_t)(ic->ipv4_ndnssrv));
off = letoh32(ic->ipv4_dnssrvoffs)((__uint32_t)(ic->ipv4_dnssrvoffs));
i = 0;
while (n-- > 0) {
	if (off + sizeof (addr) > len)
		break;
	memcpy(&addr, data + off, sizeof(addr))__builtin_memcpy((&addr), (data + off), (sizeof(addr)));
	if (i < UMB_MAX_DNSSRV2)
		sc->sc_info.ipv4dns[i++] = addr;
	off += sizeof(addr);
	if (ifp->if_flags & IFF_DEBUG0x4) {
		char str[INET_ADDRSTRLEN16];
		log(LOG_INFO6, "%s: IPv4 nameserver %s\n",
		    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), inet_ntop(AF_INET2,
		    &addr, str, sizeof(str)));
	}
}
umb_send_inet_proposal(sc, AF_INET2);
}
if ((avail_v4 & MBIM_IPCONF_HAS_MTUINFO0x0008)) {
val = letoh32(ic->ipv4_mtu)((__uint32_t)(ic->ipv4_mtu));
if (ifp->if_hardmtu != val && val <= sc->sc_maxpktlen) {
	hasmtu = 1;
	ifp->if_hardmtu = val;
	if (ifp->if_mtuif_data.ifi_mtu > val)
		ifp->if_mtuif_data.ifi_mtu = val;
}
}

2104tryv6:;
2105#ifdef INET61
/*
* IPv6 configuration
*/
avail_v6 = letoh32(ic->ipv6_available)((__uint32_t)(ic->ipv6_available));
if (avail_v6 == 0) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: ISP or WWAN module offers no IPv6 "
	    "support\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
));
goto done;
}

if ((avail_v6 & (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) ==
   (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) {
n = letoh32(ic->ipv6_naddr)((__uint32_t)(ic->ipv6_naddr));
off = letoh32(ic->ipv6_addroffs)((__uint32_t)(ic->ipv6_addroffs));

if (n == 0 || off + sizeof (ipv6elem) > len)
	goto done;
if (n != 1 && ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: more than one IPv6 addr: %d\n",
	    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), n);

/* Only pick the first one */
memcpy(&ipv6elem, data + off, sizeof (ipv6elem))__builtin_memcpy((&ipv6elem), (data + off), (sizeof (ipv6elem
)));
memcpy(&addr6, ipv6elem.addr, sizeof (addr6))__builtin_memcpy((&addr6), (ipv6elem.addr), (sizeof (addr6
)));

off = letoh32(ic->ipv6_gwoffs)((__uint32_t)(ic->ipv6_gwoffs));
if (off + sizeof (gw6) > len)
	goto done;
memcpy(&gw6, data + off, sizeof (gw6))__builtin_memcpy((&gw6), (data + off), (sizeof (gw6)));

rv = umb_add_inet6_config(sc, &addr6, ipv6elem.prefixlen, &gw6);
if (rv == 0)
	state = UMB_S_UP;
}

if (avail_v6 & MBIM_IPCONF_HAS_DNSINFO0x0004) {
n = letoh32(ic->ipv6_ndnssrv)((__uint32_t)(ic->ipv6_ndnssrv));
off = letoh32(ic->ipv6_dnssrvoffs)((__uint32_t)(ic->ipv6_dnssrvoffs));
i = 0;
while (n-- > 0) {
	if (off + sizeof (addr6) > len)
		break;
	memcpy(&addr6, data + off, sizeof(addr6))__builtin_memcpy((&addr6), (data + off), (sizeof(addr6)));
	if (i < UMB_MAX_DNSSRV2)
		sc->sc_info.ipv6dns[i++] = addr6;
	off += sizeof(addr6);
	if (ifp->if_flags & IFF_DEBUG0x4) {
		char str[INET6_ADDRSTRLEN46];
		log(LOG_INFO6, "%s: IPv6 nameserver %s\n",
		    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), inet_ntop(AF_INET624,
		    &addr6, str, sizeof(str)));
	}
}
umb_send_inet_proposal(sc, AF_INET624);
}

if ((avail_v6 & MBIM_IPCONF_HAS_MTUINFO0x0008)) {
val = letoh32(ic->ipv6_mtu)((__uint32_t)(ic->ipv6_mtu));
if (ifp->if_hardmtu != val && val <= sc->sc_maxpktlen) {
	hasmtu = 1;
	ifp->if_hardmtu = val;
	if (ifp->if_mtuif_data.ifi_mtu > val)
		ifp->if_mtuif_data.ifi_mtu = val;
}
}
2172#endif

2174done:
if (hasmtu && (ifp->if_flags & IFF_DEBUG0x4))
log(LOG_INFO6, "%s: MTU %d\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), ifp->if_hardmtu);

if (state != -1)
umb_newstate(sc, state, 0);

splx(s)spllower(s);
return 1;
2183}

2185void
2186umb_rx(struct umb_softc *sc)
2187{
usbd_setup_xfer(sc->sc_rx_xfer, sc->sc_rx_pipe, sc, sc->sc_rx_buf,
   sc->sc_rx_bufsz, USBD_SHORT_XFER_OK0x04 | USBD_NO_COPY0x01,
   USBD_NO_TIMEOUT0, umb_rxeof);
usbd_transfer(sc->sc_rx_xfer);
2192}

2194void
2195umb_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2196{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (usbd_is_dying(sc->sc_udev) || !(ifp->if_flags & IFF_RUNNING0x40))
return;

if (status != USBD_NORMAL_COMPLETION) {
if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
	return;
DPRINTF("%s: rx error: %s\n", DEVNAM(sc), usbd_errstr(status))do { } while (0);
if (status == USBD_STALLED)
	usbd_clear_endpoint_stall_async(sc->sc_rx_pipe);
if (++sc->sc_rx_nerr > 100) {
	log(LOG_ERR3, "%s: too many rx errors, disabling\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	usbd_deactivate(sc->sc_udev);
}
} else {
sc->sc_rx_nerr = 0;
umb_decap(sc, xfer);
}

umb_rx(sc);
return;
2221}

2223int
2224umb_encap(struct umb_softc *sc, int ndgram)
2225{
struct ncm_header16 *hdr16 = NULL((void *)0);
struct ncm_header32 *hdr32 = NULL((void *)0);
struct ncm_pointer16 *ptr16 = NULL((void *)0);
struct ncm_pointer32 *ptr32 = NULL((void *)0);
struct ncm_pointer16_dgram *dgram16 = NULL((void *)0);
struct ncm_pointer32_dgram *dgram32 = NULL((void *)0);
int	 offs = 0, plen = 0;
int	 dgoffs = 0, poffs;
struct mbuf *m;
usbd_status  err;

/* All size constraints have been validated by the caller! */

/* NCM Header */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
hdr16 = sc->sc_tx_buf;
USETDW(hdr16->dwSignature, NCM_HDR16_SIG)(*(u_int32_t *)(hdr16->dwSignature) = (0x484d434e));
USETW(hdr16->wHeaderLength, sizeof (*hdr16))(*(u_int16_t *)(hdr16->wHeaderLength) = (sizeof (*hdr16)));
USETW(hdr16->wSequence, sc->sc_tx_seq)(*(u_int16_t *)(hdr16->wSequence) = (sc->sc_tx_seq));
USETW(hdr16->wBlockLength, 0)(*(u_int16_t *)(hdr16->wBlockLength) = (0));
offs = sizeof (*hdr16);
break;
case NCM_FORMAT_NTB320x01:
hdr32 = sc->sc_tx_buf;
USETDW(hdr32->dwSignature, NCM_HDR32_SIG)(*(u_int32_t *)(hdr32->dwSignature) = (0x686d636e));
USETW(hdr32->wHeaderLength, sizeof (*hdr32))(*(u_int16_t *)(hdr32->wHeaderLength) = (sizeof (*hdr32)));
USETW(hdr32->wSequence, sc->sc_tx_seq)(*(u_int16_t *)(hdr32->wSequence) = (sc->sc_tx_seq));
USETDW(hdr32->dwBlockLength, 0)(*(u_int32_t *)(hdr32->dwBlockLength) = (0));
offs = sizeof (*hdr32);
break;
}
offs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz, offs,
   sc->sc_align, 0);

if (sc->sc_flags & UMBFLG_NDP_AT_END0x0004) {
dgoffs = offs;

/*
 * Calculate space needed for datagrams.
 *
 * XXX cannot use ml_len(&sc->sc_tx_ml), since it ignores
 *	the padding requirements.
 */
poffs = dgoffs;
MBUF_LIST_FOREACH(&sc->sc_tx_ml, m)for ((m) = ((&sc->sc_tx_ml)->ml_head); (m) != ((void
 *)0); (m) = ((m)->m_hdr.mh_nextpkt)) {
	poffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz,
	    poffs, sc->sc_ndp_div, sc->sc_ndp_remainder);
	poffs += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
}
poffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz,
    poffs, sc->sc_ndp_div, sc->sc_ndp_remainder);
} else
poffs = offs;

/* NCM Pointer */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
USETW(hdr16->wNdpIndex, poffs)(*(u_int16_t *)(hdr16->wNdpIndex) = (poffs));
ptr16 = (struct ncm_pointer16 *)(sc->sc_tx_buf + poffs);
plen = sizeof(*ptr16) + ndgram * sizeof(*dgram16);
USETDW(ptr16->dwSignature, MBIM_NCM_NTH16_SIG(umb_session_id))(*(u_int32_t *)(ptr16->dwSignature) = (((((umb_session_id)
 & 0xff) << 24) | 0x00535049)));
USETW(ptr16->wLength, plen)(*(u_int16_t *)(ptr16->wLength) = (plen));
USETW(ptr16->wNextNdpIndex, 0)(*(u_int16_t *)(ptr16->wNextNdpIndex) = (0));
dgram16 = ptr16->dgram;
break;
case NCM_FORMAT_NTB320x01:
USETDW(hdr32->dwNdpIndex, poffs)(*(u_int32_t *)(hdr32->dwNdpIndex) = (poffs));
ptr32 = (struct ncm_pointer32 *)(sc->sc_tx_buf + poffs);
plen = sizeof(*ptr32) + ndgram * sizeof(*dgram32);
USETDW(ptr32->dwSignature, MBIM_NCM_NTH32_SIG(umb_session_id))(*(u_int32_t *)(ptr32->dwSignature) = (((((umb_session_id)
 & 0xff) << 24) | 0x00737069)));
USETW(ptr32->wLength, plen)(*(u_int16_t *)(ptr32->wLength) = (plen));
USETW(ptr32->wReserved6, 0)(*(u_int16_t *)(ptr32->wReserved6) = (0));
USETDW(ptr32->dwNextNdpIndex, 0)(*(u_int32_t *)(ptr32->dwNextNdpIndex) = (0));
USETDW(ptr32->dwReserved12, 0)(*(u_int32_t *)(ptr32->dwReserved12) = (0));
dgram32 = ptr32->dgram;
break;
}

if (!(sc->sc_flags & UMBFLG_NDP_AT_END0x0004))
dgoffs = offs + plen;

/* Encap mbufs to NCM dgrams */
sc->sc_tx_seq++;
while ((m = ml_dequeue(&sc->sc_tx_ml)) != NULL((void *)0)) {
dgoffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz, dgoffs,
    sc->sc_ndp_div, sc->sc_ndp_remainder);
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
	USETW(dgram16->wDatagramIndex, dgoffs)(*(u_int16_t *)(dgram16->wDatagramIndex) = (dgoffs));
	USETW(dgram16->wDatagramLen, m->m_pkthdr.len)(*(u_int16_t *)(dgram16->wDatagramLen) = (m->M_dat.MH.MH_pkthdr
.len));
	dgram16++;
	break;
case NCM_FORMAT_NTB320x01:
	USETDW(dgram32->dwDatagramIndex, dgoffs)(*(u_int32_t *)(dgram32->dwDatagramIndex) = (dgoffs));
	USETDW(dgram32->dwDatagramLen, m->m_pkthdr.len)(*(u_int32_t *)(dgram32->dwDatagramLen) = (m->M_dat.MH.
MH_pkthdr.len));
	dgram32++;
	break;
}
m_copydata(m, 0, m->m_pkthdrM_dat.MH.MH_pkthdr.len, sc->sc_tx_buf + dgoffs);
dgoffs += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
m_freem(m);
}

if (sc->sc_flags & UMBFLG_NDP_AT_END0x0004)
offs = poffs + plen;
else
offs = dgoffs;

/* Terminating pointer and datagram size */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
USETW(dgram16->wDatagramIndex, 0)(*(u_int16_t *)(dgram16->wDatagramIndex) = (0));
USETW(dgram16->wDatagramLen, 0)(*(u_int16_t *)(dgram16->wDatagramLen) = (0));
USETW(hdr16->wBlockLength, offs)(*(u_int16_t *)(hdr16->wBlockLength) = (offs));
KASSERT(dgram16 - ptr16->dgram == ndgram)((dgram16 - ptr16->dgram == ndgram) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2341, "dgram16 - ptr16->dgram == ndgram"
));
break;
case NCM_FORMAT_NTB320x01:
USETDW(dgram32->dwDatagramIndex, 0)(*(u_int32_t *)(dgram32->dwDatagramIndex) = (0));
USETDW(dgram32->dwDatagramLen, 0)(*(u_int32_t *)(dgram32->dwDatagramLen) = (0));
USETDW(hdr32->dwBlockLength, offs)(*(u_int32_t *)(hdr32->dwBlockLength) = (offs));
KASSERT(dgram32 - ptr32->dgram == ndgram)((dgram32 - ptr32->dgram == ndgram) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2347, "dgram32 - ptr32->dgram == ndgram"
));
break;
}

DPRINTFN(3, "%s: encap %d bytes\n", DEVNAM(sc), offs)do { } while (0);
DDUMPN(5, sc->sc_tx_buf, offs)do { } while (0);
KASSERT(offs <= sc->sc_tx_bufsz)((offs <= sc->sc_tx_bufsz) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2353, "offs <= sc->sc_tx_bufsz"
));

usbd_setup_xfer(sc->sc_tx_xfer, sc->sc_tx_pipe, sc, sc->sc_tx_buf, offs,
   USBD_FORCE_SHORT_XFER0x08 | USBD_NO_COPY0x01, umb_xfer_tout, umb_txeof);
err = usbd_transfer(sc->sc_tx_xfer);
if (err != USBD_IN_PROGRESS) {
DPRINTF("%s: start tx error: %s\n", DEVNAM(sc),do { } while (0)
    usbd_errstr(err))do { } while (0);
ml_purge(&sc->sc_tx_ml);
return 0;
}
return 1;
2365}

2367void
2368umb_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2369{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;

s = splnet()splraise(0x4);
ml_purge(&sc->sc_tx_ml);
ifq_clr_oactive(&ifp->if_snd);
ifp->if_timer = 0;

if (status != USBD_NORMAL_COMPLETION) {
1
Assuming 'status' is equal to USBD_NORMAL_COMPLETION→
2
←
Taking false branch→
if (status != USBD_NOT_STARTED && status != USBD_CANCELLED) {
	ifp->if_oerrorsif_data.ifi_oerrors++;
	DPRINTF("%s: tx error: %s\n", DEVNAM(sc),do { } while (0)
	    usbd_errstr(status))do { } while (0);
	if (status == USBD_STALLED)
		usbd_clear_endpoint_stall_async(sc->sc_tx_pipe);
}
}
if (ifq_empty(&ifp->if_snd)(({ typeof((&ifp->if_snd)->ifq_len) __tmp = *(volatile
 typeof((&ifp->if_snd)->ifq_len) *)&((&ifp->
if_snd)->ifq_len); membar_datadep_consumer(); __tmp; }) ==
 0) == 0)
3
←
Assuming the condition is false→
4
←
Taking true branch→
umb_start(ifp);
5
←
Calling 'umb_start'→

splx(s)spllower(s);
2392}

2394void
2395umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer)
2396{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
void	*buf;
uint32_t len;
char	*dp;
struct ncm_header16 *hdr16;
struct ncm_header32 *hdr32;
struct ncm_pointer16 *ptr16;
struct ncm_pointer16_dgram *dgram16;
struct ncm_pointer32_dgram *dgram32;
uint32_t hsig, psig;
int	 blen;
int	 ptrlen, ptroff, dgentryoff;
uint32_t doff, dlen;
struct mbuf_list ml = MBUF_LIST_INITIALIZER(){ ((void *)0), ((void *)0), 0 };
struct mbuf *m;

usbd_get_xfer_status(xfer, NULL((void *)0), &buf, &len, NULL((void *)0));
DPRINTFN(4, "%s: recv %d bytes\n", DEVNAM(sc), len)do { } while (0);
DDUMPN(5, buf, len)do { } while (0);
s = splnet()splraise(0x4);
if (len < sizeof (*hdr16))
goto toosmall;

hdr16 = (struct ncm_header16 *)buf;
hsig = UGETDW(hdr16->dwSignature)(*(u_int32_t *)(hdr16->dwSignature));

switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
blen = UGETW(hdr16->wBlockLength)(*(u_int16_t *)(hdr16->wBlockLength));
ptroff = UGETW(hdr16->wNdpIndex)(*(u_int16_t *)(hdr16->wNdpIndex));
if (UGETW(hdr16->wHeaderLength)(*(u_int16_t *)(hdr16->wHeaderLength)) != sizeof (*hdr16)) {
	DPRINTF("%s: bad header len %d for NTH16 (exp %zu)\n",do { } while (0)
	    DEVNAM(sc), UGETW(hdr16->wHeaderLength),do { } while (0)
	    sizeof (*hdr16))do { } while (0);
	goto fail;
}
break;
case NCM_HDR32_SIG0x686d636e:
if (len < sizeof (*hdr32))
	goto toosmall;
hdr32 = (struct ncm_header32 *)hdr16;
blen = UGETDW(hdr32->dwBlockLength)(*(u_int32_t *)(hdr32->dwBlockLength));
ptroff = UGETDW(hdr32->dwNdpIndex)(*(u_int32_t *)(hdr32->dwNdpIndex));
if (UGETW(hdr32->wHeaderLength)(*(u_int16_t *)(hdr32->wHeaderLength)) != sizeof (*hdr32)) {
	DPRINTF("%s: bad header len %d for NTH32 (exp %zu)\n",do { } while (0)
	    DEVNAM(sc), UGETW(hdr32->wHeaderLength),do { } while (0)
	    sizeof (*hdr32))do { } while (0);
	goto fail;
}
break;
default:
DPRINTF("%s: unsupported NCM header signature (0x%08x)\n",do { } while (0)
    DEVNAM(sc), hsig)do { } while (0);
goto fail;
}
if (blen != 0 && len < blen) {
DPRINTF("%s: bad NTB len (%d) for %d bytes of data\n",do { } while (0)
    DEVNAM(sc), blen, len)do { } while (0);
goto fail;
}

ptr16 = (struct ncm_pointer16 *)(buf + ptroff);
psig = UGETDW(ptr16->dwSignature)(*(u_int32_t *)(ptr16->dwSignature));
ptrlen = UGETW(ptr16->wLength)(*(u_int16_t *)(ptr16->wLength));
if (len < ptrlen + ptroff)
goto toosmall;
if (!MBIM_NCM_NTH16_ISISG(psig)(((psig) & 0x00ffffff) == 0x00535049) && !MBIM_NCM_NTH32_ISISG(psig)(((psig) & 0x00ffffff) == 0x00737069)) {
DPRINTF("%s: unsupported NCM pointer signature (0x%08x)\n",do { } while (0)
    DEVNAM(sc), psig)do { } while (0);
goto fail;
}

switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
dgentryoff = offsetof(struct ncm_pointer16, dgram)__builtin_offsetof(struct ncm_pointer16, dgram);
break;
case NCM_HDR32_SIG0x686d636e:
dgentryoff = offsetof(struct ncm_pointer32, dgram)__builtin_offsetof(struct ncm_pointer32, dgram);
break;
default:
goto fail;
}

while (dgentryoff < ptrlen) {
switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
	if (ptroff + dgentryoff < sizeof (*dgram16))
		goto done;
	dgram16 = (struct ncm_pointer16_dgram *)
	    (buf + ptroff + dgentryoff);
	dgentryoff += sizeof (*dgram16);
	dlen = UGETW(dgram16->wDatagramLen)(*(u_int16_t *)(dgram16->wDatagramLen));
	doff = UGETW(dgram16->wDatagramIndex)(*(u_int16_t *)(dgram16->wDatagramIndex));
	break;
case NCM_HDR32_SIG0x686d636e:
	if (ptroff + dgentryoff < sizeof (*dgram32))
		goto done;
	dgram32 = (struct ncm_pointer32_dgram *)
	    (buf + ptroff + dgentryoff);
	dgentryoff += sizeof (*dgram32);
	dlen = UGETDW(dgram32->dwDatagramLen)(*(u_int32_t *)(dgram32->dwDatagramLen));
	doff = UGETDW(dgram32->dwDatagramIndex)(*(u_int32_t *)(dgram32->dwDatagramIndex));
	break;
default:
	ifp->if_ierrorsif_data.ifi_ierrors++;
	goto done;
}

/* Terminating zero entry */
if (dlen == 0 || doff == 0)
	break;
if (len < dlen + doff) {
	/* Skip giant datagram but continue processing */
	DPRINTF("%s: datagram too large (%d @ off %d)\n",do { } while (0)
	    DEVNAM(sc), dlen, doff)do { } while (0);
	continue;
}

dp = buf + doff;
DPRINTFN(3, "%s: decap %d bytes\n", DEVNAM(sc), dlen)do { } while (0);
m = m_devget(dp, dlen, sizeof(uint32_t));
if (m == NULL((void *)0)) {
	ifp->if_iqdropsif_data.ifi_iqdrops++;
	continue;
}
switch (*dp & 0xf0) {
case 4 << 4:
	m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family = AF_INET2;
	break;
case 6 << 4:
	m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family = AF_INET624;
	break;
}
ml_enqueue(&ml, m);
}
2533done:
if_input(ifp, &ml);
splx(s)spllower(s);
return;
2537toosmall:
DPRINTF("%s: packet too small (%d)\n", DEVNAM(sc), len)do { } while (0);
2539fail:
ifp->if_ierrorsif_data.ifi_ierrors++;
splx(s)spllower(s);
2542}

2544usbd_status
2545umb_send_encap_command(struct umb_softc *sc, void *data, int len)
2546{
struct usbd_xfer *xfer;
usb_device_request_t req;
char *buf;

if (len > sc->sc_ctrl_len)
return USBD_INVAL;

if ((xfer = usbd_alloc_xfer(sc->sc_udev)) == NULL((void *)0))
return USBD_NOMEM;
if ((buf = usbd_alloc_buffer(xfer, len)) == NULL((void *)0)) {
usbd_free_xfer(xfer);
return USBD_NOMEM;
}
memcpy(buf, data, len)__builtin_memcpy((buf), (data), (len));

/* XXX FIXME: if (total len > sc->sc_ctrl_len) => must fragment */
req.bmRequestType = UT_WRITE_CLASS_INTERFACE(0x00 | 0x20 | 0x01);
req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND0x00;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, len)(*(u_int16_t *)(req.wLength) = (len));
DELAY(umb_delay)(*delay_func)(umb_delay);
return usbd_request_async(xfer, &req, NULL((void *)0), NULL((void *)0));
2570}

2572int
2573umb_get_encap_response(struct umb_softc *sc, void *buf, int *len)
2574{
usb_device_request_t req;
usbd_status err;

req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE0x01;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, *len)(*(u_int16_t *)(req.wLength) = (*len));
/* XXX FIXME: re-assemble fragments */

DELAY(umb_delay)(*delay_func)(umb_delay);
err = usbd_do_request_flags(sc->sc_udev, &req, buf, USBD_SHORT_XFER_OK0x04,
   len, umb_xfer_tout);
if (err == USBD_NORMAL_COMPLETION)
return 1;
DPRINTF("%s: ctrl recv: %s\n", DEVNAM(sc), usbd_errstr(err))do { } while (0);
return 0;
2592}

2594void
2595umb_ctrl_msg(struct umb_softc *sc, uint32_t req, void *data, int len)
2596{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t tid;
struct mbim_msghdr *hdr = data;
usbd_status err;
int	 s;

assertwaitok();
if (usbd_is_dying(sc->sc_udev))
return;
if (len < sizeof (*hdr))
return;
tid = ++sc->sc_tid;

hdr->type = htole32(req)((__uint32_t)(req));
hdr->len = htole32(len)((__uint32_t)(len));
hdr->tid = htole32(tid)((__uint32_t)(tid));

2614#ifdef UMB_DEBUG
if (umb_debug) {
const char *op, *str;
if (req == MBIM_COMMAND_MSG3U) {
	struct mbim_h2f_cmd *c = data;
	if (letoh32(c->op)((__uint32_t)(c->op)) == MBIM_CMDOP_SET1)
		op = "set";
	else
		op = "qry";
	str = umb_cid2str(letoh32(c->cid))umb_val2descr(umb_cids, (((__uint32_t)(c->cid))));
} else {
	op = "snd";
	str = umb_request2str(req)umb_val2descr(umb_messages, (req));
}
DPRINTF("%s: -> %s %s (tid %u)\n", DEVNAM(sc), op, str, tid)do { } while (0);
}
2630#endif
s = splusb()splraise(0x2);
err = umb_send_encap_command(sc, data, len);
splx(s)spllower(s);
if (err != USBD_NORMAL_COMPLETION) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: send %s msg (tid %u) failed: %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), umb_request2str(req)umb_val2descr(umb_messages, (req)), tid,
	    usbd_errstr(err));

/* will affect other transactions, too */
usbd_abort_pipe(sc->sc_udev->default_pipe);
} else {
DPRINTFN(2, "%s: sent %s (tid %u)\n", DEVNAM(sc),do { } while (0)
    umb_request2str(req), tid)do { } while (0);
DDUMPN(3, data, len)do { } while (0);
}
return;
2648}

2650void
2651umb_open(struct umb_softc *sc)
2652{
struct mbim_h2f_openmsg msg;

memset(&msg, 0, sizeof (msg))__builtin_memset((&msg), (0), (sizeof (msg)));
msg.maxlen = htole32(sc->sc_ctrl_len)((__uint32_t)(sc->sc_ctrl_len));
umb_ctrl_msg(sc, MBIM_OPEN_MSG1U, &msg, sizeof (msg));
return;
2659}

2661void
2662umb_close(struct umb_softc *sc)
2663{
struct mbim_h2f_closemsg msg;

memset(&msg, 0, sizeof (msg))__builtin_memset((&msg), (0), (sizeof (msg)));
umb_ctrl_msg(sc, MBIM_CLOSE_MSG2U, &msg, sizeof (msg));
2668}

2670int
2671umb_setpin(struct umb_softc *sc, int op, int is_puk, void *pin, int pinlen,
  void *newpin, int newpinlen)
2673{
struct mbim_cid_pin cp;
int	 off;

if (pinlen == 0)
return 0;
if (pinlen < 0 || pinlen > MBIM_PIN_MAXLEN32 ||
   newpinlen < 0 || newpinlen > MBIM_PIN_MAXLEN32 ||
   op < 0 || op > MBIM_PIN_OP_CHANGE3 ||
   (is_puk && op != MBIM_PIN_OP_ENTER0))
return EINVAL22;

memset(&cp, 0, sizeof (cp))__builtin_memset((&cp), (0), (sizeof (cp)));
cp.type = htole32(is_puk ? MBIM_PIN_TYPE_PUK1 : MBIM_PIN_TYPE_PIN1)((__uint32_t)(is_puk ? 11 : 2));

off = offsetof(struct mbim_cid_pin, data)__builtin_offsetof(struct mbim_cid_pin, data);
if (!umb_addstr(&cp, sizeof (cp), &off, pin, pinlen,
   &cp.pin_offs, &cp.pin_size))
return EINVAL22;

cp.op  = htole32(op)((__uint32_t)(op));
if (newpinlen) {
if (!umb_addstr(&cp, sizeof (cp), &off, newpin, newpinlen,
    &cp.newpin_offs, &cp.newpin_size))
	return EINVAL22;
} else {
if ((op == MBIM_PIN_OP_CHANGE3) || is_puk)
	return EINVAL22;
if (!umb_addstr(&cp, sizeof (cp), &off, NULL((void *)0), 0,
    &cp.newpin_offs, &cp.newpin_size))
	return EINVAL22;
}
umb_cmd(sc, MBIM_CID_PIN4, MBIM_CMDOP_SET1, &cp, off);
return 0;
2707}

2709void
2710umb_setdataclass(struct umb_softc *sc)
2711{
struct mbim_cid_registration_state rs;
uint32_t	 classes;

if (sc->sc_info.supportedclasses == MBIM_DATACLASS_NONE0x00000000)
return;

memset(&rs, 0, sizeof (rs))__builtin_memset((&rs), (0), (sizeof (rs)));
rs.regaction = htole32(MBIM_REGACTION_AUTOMATIC)((__uint32_t)(0));
classes = sc->sc_info.supportedclasses;
if (sc->sc_info.preferredclasses != MBIM_DATACLASS_NONE0x00000000)
classes &= sc->sc_info.preferredclasses;
rs.data_class = htole32(classes)((__uint32_t)(classes));
umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_SET1, &rs, sizeof (rs));
2725}

2727void
2728umb_radio(struct umb_softc *sc, int on)
2729{
struct mbim_cid_radio_state s;

DPRINTF("%s: set radio %s\n", DEVNAM(sc), on ? "on" : "off")do { } while (0);
memset(&s, 0, sizeof (s))__builtin_memset((&s), (0), (sizeof (s)));
s.state = htole32(on ? MBIM_RADIO_STATE_ON : MBIM_RADIO_STATE_OFF)((__uint32_t)(on ? 1 : 0));
umb_cmd(sc, MBIM_CID_RADIO_STATE3, MBIM_CMDOP_SET1, &s, sizeof (s));
2736}

2738void
2739umb_allocate_cid(struct umb_softc *sc)
2740{
umb_cmd1(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_SET1,
   umb_qmi_alloc_cid, sizeof (umb_qmi_alloc_cid), umb_uuid_qmi_mbim);
2743}

2745void
2746umb_send_fcc_auth(struct umb_softc *sc)
2747{
uint8_t	 fccauth[sizeof (umb_qmi_fcc_auth)];

if (sc->sc_cid == -1) {
DPRINTF("%s: missing CID, cannot send FCC auth\n", DEVNAM(sc))do { } while (0);
umb_allocate_cid(sc);
return;
}
memcpy(fccauth, umb_qmi_fcc_auth, sizeof (fccauth))__builtin_memcpy((fccauth), (umb_qmi_fcc_auth), (sizeof (fccauth
)));
fccauth[UMB_QMI_CID_OFFS5] = sc->sc_cid;
umb_cmd1(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_SET1,
   fccauth, sizeof (fccauth), umb_uuid_qmi_mbim);
2759}

2761void
2762umb_packet_service(struct umb_softc *sc, int attach)
2763{
struct mbim_cid_packet_service	s;

DPRINTF("%s: %s packet service\n", DEVNAM(sc),do { } while (0)
   attach ? "attach" : "detach")do { } while (0);
memset(&s, 0, sizeof (s))__builtin_memset((&s), (0), (sizeof (s)));
s.action = htole32(attach ?((__uint32_t)(attach ? 0 : 1))
   MBIM_PKTSERVICE_ACTION_ATTACH : MBIM_PKTSERVICE_ACTION_DETACH)((__uint32_t)(attach ? 0 : 1));
umb_cmd(sc, MBIM_CID_PACKET_SERVICE10, MBIM_CMDOP_SET1, &s, sizeof (s));
2772}

2774void
2775umb_connect(struct umb_softc *sc)
2776{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 && !sc->sc_roamingsc_info.enable_roaming) {
log(LOG_INFO6, "%s: connection disabled in roaming network\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
return;
}
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: connecting ...\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_send_connect(sc, MBIM_CONNECT_ACTIVATE1);
2787}

2789void
2790umb_disconnect(struct umb_softc *sc)
2791{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: disconnecting ...\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_send_connect(sc, MBIM_CONNECT_DEACTIVATE0);
2797}

2799void
2800umb_send_connect(struct umb_softc *sc, int command)
2801{
struct mbim_cid_connect *c;
int	 off;

/* Too large or the stack */
c = malloc(sizeof (*c), M_USBDEV102, M_WAIT0x0001|M_ZERO0x0008);
c->sessionid = htole32(umb_session_id)((__uint32_t)(umb_session_id));
c->command = htole32(command)((__uint32_t)(command));
off = offsetof(struct mbim_cid_connect, data)__builtin_offsetof(struct mbim_cid_connect, data);
if (!umb_addstr(c, sizeof (*c), &off, sc->sc_info.apn,
   sc->sc_info.apnlen, &c->access_offs, &c->access_size))
goto done;
/* XXX FIXME: support user name and passphrase */
c->user_offs = htole32(0)((__uint32_t)(0));
c->user_size = htole32(0)((__uint32_t)(0));
c->passwd_offs = htole32(0)((__uint32_t)(0));
c->passwd_size = htole32(0)((__uint32_t)(0));
c->authprot = htole32(MBIM_AUTHPROT_NONE)((__uint32_t)(0));
c->compression = htole32(MBIM_COMPRESSION_NONE)((__uint32_t)(0));
c->iptype = htole32(MBIM_CONTEXT_IPTYPE_IPV4)((__uint32_t)(1));
2821#ifdef INET61
/* XXX FIXME: support IPv6-only mode, too */
if ((sc->sc_flags & UMBFLG_NO_INET60x0002) == 0 &&
   in6ifa_ifpforlinklocal(GET_IFP(sc)(&(sc)->sc_if), 0) != NULL((void *)0))
c->iptype = htole32(MBIM_CONTEXT_IPTYPE_IPV4V6)((__uint32_t)(3));
2826#endif
memcpy(c->context, umb_uuid_context_internet, sizeof (c->context))__builtin_memcpy((c->context), (umb_uuid_context_internet)
, (sizeof (c->context)));
umb_cmd(sc, MBIM_CID_CONNECT12, MBIM_CMDOP_SET1, c, off);
2829done:
free(c, M_USBDEV102, sizeof (*c));
return;
2832}

2834void
2835umb_qry_ipconfig(struct umb_softc *sc)
2836{
struct mbim_cid_ip_configuration_info ipc;

memset(&ipc, 0, sizeof (ipc))__builtin_memset((&ipc), (0), (sizeof (ipc)));
ipc.sessionid = htole32(umb_session_id)((__uint32_t)(umb_session_id));
umb_cmd(sc, MBIM_CID_IP_CONFIGURATION15, MBIM_CMDOP_QRY0,
   &ipc, sizeof (ipc));
2843}

2845void
2846umb_cmd(struct umb_softc *sc, int cid, int op, void *data, int len)
2847{
umb_cmd1(sc, cid, op, data, len, umb_uuid_basic_connect);
2849}

2851void
2852umb_cmd1(struct umb_softc *sc, int cid, int op, void *data, int len,
  uint8_t *uuid)
2854{
struct mbim_h2f_cmd *cmd;
int	totlen;

/* XXX FIXME support sending fragments */
if (sizeof (*cmd) + len > sc->sc_ctrl_len) {
DPRINTF("%s: set %s msg too long: cannot send\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid))do { } while (0);
return;
}
cmd = sc->sc_ctrl_msg;
memset(cmd, 0, sizeof (*cmd))__builtin_memset((cmd), (0), (sizeof (*cmd)));
cmd->frag.nfrag = htole32(1)((__uint32_t)(1));
memcpy(cmd->devid, uuid, sizeof (cmd->devid))__builtin_memcpy((cmd->devid), (uuid), (sizeof (cmd->devid
)));
cmd->cid = htole32(cid)((__uint32_t)(cid));
cmd->op = htole32(op)((__uint32_t)(op));
cmd->infolen = htole32(len)((__uint32_t)(len));
totlen = sizeof (*cmd);
if (len > 0) {
memcpy(cmd + 1, data, len)__builtin_memcpy((cmd + 1), (data), (len));
totlen += len;
}
umb_ctrl_msg(sc, MBIM_COMMAND_MSG3U, cmd, totlen);
2877}

2879void
2880umb_command_done(struct umb_softc *sc, void *data, int len)
2881{
struct mbim_f2h_cmddone *cmd = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t status;
uint32_t cid;
uint32_t infolen;
int	 qmimsg = 0;

if (len < sizeof (*cmd)) {
DPRINTF("%s: discard short %s message\n", DEVNAM(sc),do { } while (0)
    umb_request2str(letoh32(cmd->hdr.type)))do { } while (0);
return;
}
cid = letoh32(cmd->cid)((__uint32_t)(cmd->cid));
if (memcmp(cmd->devid, umb_uuid_basic_connect, sizeof (cmd->devid))__builtin_memcmp((cmd->devid), (umb_uuid_basic_connect), (
sizeof (cmd->devid)))) {
if (memcmp(cmd->devid, umb_uuid_qmi_mbim,__builtin_memcmp((cmd->devid), (umb_uuid_qmi_mbim), (sizeof
 (cmd->devid)))
    sizeof (cmd->devid))__builtin_memcmp((cmd->devid), (umb_uuid_qmi_mbim), (sizeof
 (cmd->devid)))) {
	DPRINTF("%s: discard %s message for other UUID '%s'\n",do { } while (0)
	    DEVNAM(sc), umb_request2str(letoh32(cmd->hdr.type)),do { } while (0)
	    umb_uuid2str(cmd->devid))do { } while (0);
	return;
} else
	qmimsg = 1;
}

status = letoh32(cmd->status)((__uint32_t)(cmd->status));
switch (status) {
case MBIM_STATUS_SUCCESS0:
break;
2910#ifdef INET61
case MBIM_STATUS_NO_DEVICE_SUPPORT9:
if ((cid == MBIM_CID_CONNECT12) &&
    (sc->sc_flags & UMBFLG_NO_INET60x0002) == 0) {
	sc->sc_flags |= UMBFLG_NO_INET60x0002;
	if (ifp->if_flags & IFF_DEBUG0x4)
		log(LOG_ERR3,
		    "%s: device does not support IPv6\n",
		    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
}
/* Re-trigger the connect, this time IPv4 only */
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
return;
2923#endif
case MBIM_STATUS_NOT_INITIALIZED14:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: SIM not initialized (PIN missing)\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
return;
case MBIM_STATUS_PIN_REQUIRED5:
sc->sc_info.pin_state = UMB_PIN_REQUIRED0;
/*FALLTHROUGH*/
default:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: set/qry %s failed: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    umb_cid2str(cid)umb_val2descr(umb_cids, (cid)), umb_status2str(status)umb_val2descr(umb_status, (status)));
return;
}

infolen = letoh32(cmd->infolen)((__uint32_t)(cmd->infolen));
if (len < sizeof (*cmd) + infolen) {
DPRINTF("%s: discard truncated %s message (want %d, got %d)\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid),do { } while (0)
    (int)sizeof (*cmd) + infolen, len)do { } while (0);
return;
}
if (qmimsg) {
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001)
	umb_decode_qmi(sc, cmd->info, infolen);
} else {
DPRINTFN(2, "%s: set/qry %s done\n", DEVNAM(sc),do { } while (0)
    umb_cid2str(cid))do { } while (0);
umb_decode_cid(sc, cid, cmd->info, infolen);
}
2954}

2956void
2957umb_decode_cid(struct umb_softc *sc, uint32_t cid, void *data, int len)
2958{
int	 ok = 1;

switch (cid) {
case MBIM_CID_DEVICE_CAPS1:
ok = umb_decode_devices_caps(sc, data, len);
break;
case MBIM_CID_SUBSCRIBER_READY_STATUS2:
ok = umb_decode_subscriber_status(sc, data, len);
break;
case MBIM_CID_RADIO_STATE3:
ok = umb_decode_radio_state(sc, data, len);
break;
case MBIM_CID_PIN4:
ok = umb_decode_pin(sc, data, len);
break;
case MBIM_CID_REGISTER_STATE9:
ok = umb_decode_register_state(sc, data, len);
break;
case MBIM_CID_PACKET_SERVICE10:
ok = umb_decode_packet_service(sc, data, len);
break;
case MBIM_CID_SIGNAL_STATE11:
ok = umb_decode_signal_state(sc, data, len);
break;
case MBIM_CID_CONNECT12:
ok = umb_decode_connect_info(sc, data, len);
break;
case MBIM_CID_IP_CONFIGURATION15:
ok = umb_decode_ip_configuration(sc, data, len);
break;
default:
/*
 * Note: the above list is incomplete and only contains
 *	mandatory CIDs from the BASIC_CONNECT set.
 *	So alternate values are not unusual.
 */
DPRINTFN(4, "%s: ignore %s\n", DEVNAM(sc), umb_cid2str(cid))do { } while (0);
break;
}
if (!ok)
DPRINTF("%s: discard %s with bad info length %d\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid), len)do { } while (0);
return;
3002}

3004void
3005umb_decode_qmi(struct umb_softc *sc, uint8_t *data, int len)
3006{
uint8_t	srv;
uint16_t msg, tlvlen;
uint32_t val;

3011#define UMB_QMI_QMUXLEN6		6
if (len < UMB_QMI_QMUXLEN6)
goto tooshort;

srv = data[4];
data += UMB_QMI_QMUXLEN6;
len -= UMB_QMI_QMUXLEN6;

3019#define UMB_GET16(p)((uint16_t)*p | (uint16_t)*(p + 1) << 8)	((uint16_t)*p | (uint16_t)*(p + 1) << 8)
3020#define UMB_GET32(p)((uint32_t)*p | (uint32_t)*(p + 1) << 8 | (uint32_t)*(p
 + 2) << 16 |(uint32_t)*(p + 3) << 24)	((uint32_t)*p | (uint32_t)*(p + 1) << 8 | \
	    (uint32_t)*(p + 2) << 16 |(uint32_t)*(p + 3) << 24)
switch (srv) {
case 0:	/* ctl */
3024#define UMB_QMI_CTLLEN6		6
if (len < UMB_QMI_CTLLEN6)
	goto tooshort;
msg = UMB_GET16(&data[2])((uint16_t)*&data[2] | (uint16_t)*(&data[2] + 1) <<
 8);
tlvlen = UMB_GET16(&data[4])((uint16_t)*&data[4] | (uint16_t)*(&data[4] + 1) <<
 8);
data += UMB_QMI_CTLLEN6;
len -= UMB_QMI_CTLLEN6;
break;
case 2:	/* dms  */
3033#define UMB_QMI_DMSLEN7		7
if (len < UMB_QMI_DMSLEN7)
	goto tooshort;
msg = UMB_GET16(&data[3])((uint16_t)*&data[3] | (uint16_t)*(&data[3] + 1) <<
 8);
tlvlen = UMB_GET16(&data[5])((uint16_t)*&data[5] | (uint16_t)*(&data[5] + 1) <<
 8);
data += UMB_QMI_DMSLEN7;
len -= UMB_QMI_DMSLEN7;
break;
default:
DPRINTF("%s: discard QMI message for unknown service type %d\n",do { } while (0)
    DEVNAM(sc), srv)do { } while (0);
return;
}

if (len < tlvlen)
goto tooshort;

3050#define UMB_QMI_TLVLEN3		3
while (len > 0) {
if (len < UMB_QMI_TLVLEN3)
	goto tooshort;
tlvlen = UMB_GET16(&data[1])((uint16_t)*&data[1] | (uint16_t)*(&data[1] + 1) <<
 8);
if (len < UMB_QMI_TLVLEN3 + tlvlen)
	goto tooshort;
switch (data[0]) {
case 1:	/* allocation info */
	if (msg == 0x0022) {	/* Allocate CID */
		if (tlvlen != 2 || data[3] != 2) /* dms */
			break;
		sc->sc_cid = data[4];
		DPRINTF("%s: QMI CID %d allocated\n",do { } while (0)
		    DEVNAM(sc), sc->sc_cid)do { } while (0);
		umb_newstate(sc, UMB_S_CID, UMB_NS_DONT_DROP0x0001);
	}
	break;
case 2:	/* response */
	if (tlvlen != sizeof (val))
		break;
	val = UMB_GET32(&data[3])((uint32_t)*&data[3] | (uint32_t)*(&data[3] + 1) <<
| (uint32_t)*(&data[3] + 2) << 16 |(uint32_t)*(&
data[3] + 3) << 24);
	switch (msg) {
	case 0x0022:	/* Allocate CID */
		if (val != 0) {
			log(LOG_ERR3, "%s: allocation of QMI CID"
			    " failed, error 0x%x\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
			    val);
			/* XXX how to proceed? */
			return;
		}
		break;
	case 0x555f:	/* Send FCC Authentication */
		if (val == 0)
			DPRINTF("%s: send FCC "do { } while (0)
			    "Authentication succeeded\n",do { } while (0)
			    DEVNAM(sc))do { } while (0);
		else if (val == 0x001a0001)
			DPRINTF("%s: FCC Authentication "do { } while (0)
			    "not required\n", DEVNAM(sc))do { } while (0);
		else
			log(LOG_INFO6, "%s: send FCC "
			    "Authentication failed, "
			    "error 0x%x\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), val);

		/* FCC Auth is needed only once after power-on*/
		sc->sc_flags &= ~UMBFLG_FCC_AUTH_REQUIRED0x0001;

		/* Try to proceed anyway */
		DPRINTF("%s: init: turning radio on ...\n",do { } while (0)
		    DEVNAM(sc))do { } while (0);
		umb_radio(sc, 1);
		break;
	default:
		break;
	}
	break;
default:
	break;
}
data += UMB_QMI_TLVLEN3 + tlvlen;
len -= UMB_QMI_TLVLEN3 + tlvlen;
}
return;

3115tooshort:
DPRINTF("%s: discard short QMI message\n", DEVNAM(sc))do { } while (0);
return;
3118}

3120void
3121umb_intr(struct usbd_xfer *xfer, void *priv, usbd_status status)
3122{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 total_len;

if (status != USBD_NORMAL_COMPLETION) {
DPRINTF("%s: notification error: %s\n", DEVNAM(sc),do { } while (0)
    usbd_errstr(status))do { } while (0);
if (status == USBD_STALLED)
	usbd_clear_endpoint_stall_async(sc->sc_ctrl_pipe);
return;
}
usbd_get_xfer_status(xfer, NULL((void *)0), NULL((void *)0), &total_len, NULL((void *)0));
if (total_len < UCDC_NOTIFICATION_LENGTH8) {
DPRINTF("%s: short notification (%d<%d)\n", DEVNAM(sc),do { } while (0)
    total_len, UCDC_NOTIFICATION_LENGTH)do { } while (0);
    return;
}
if (sc->sc_intr_msg.bmRequestType != UCDC_NOTIFICATION0xa1) {
DPRINTF("%s: unexpected notification (type=0x%02x)\n",do { } while (0)
    DEVNAM(sc), sc->sc_intr_msg.bmRequestType)do { } while (0);
return;
}

switch (sc->sc_intr_msg.bNotification) {
case UCDC_N_NETWORK_CONNECTION0x00:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: network %sconnected\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    UGETW(sc->sc_intr_msg.wValue)(*(u_int16_t *)(sc->sc_intr_msg.wValue)) ? "" : "dis");
break;
case UCDC_N_RESPONSE_AVAILABLE0x01:
DPRINTFN(2, "%s: umb_intr: response available\n", DEVNAM(sc))do { } while (0);
++sc->sc_nresp;
usb_add_task(sc->sc_udev, &sc->sc_get_response_task);
break;
case UCDC_N_CONNECTION_SPEED_CHANGE0x2a:
DPRINTFN(2, "%s: umb_intr: connection speed changed\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
break;
default:
DPRINTF("%s: unexpected notification (0x%02x)\n",do { } while (0)
    DEVNAM(sc), sc->sc_intr_msg.bNotification)do { } while (0);
break;
}
3166}

3168/*
* Diagnostic routines
*/
3171#ifdef UMB_DEBUG
3172char *
3173umb_uuid2str(uint8_t uuid[MBIM_UUID_LEN16])
3174{
static char uuidstr[2 * MBIM_UUID_LEN16 + 5];

3177#define UUID_BFMT	"%02X"
3178#define UUID_SEP	"-"
snprintf(uuidstr, sizeof (uuidstr),
   UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT,
   uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5],
   uuid[6], uuid[7], uuid[8], uuid[9], uuid[10], uuid[11],
   uuid[12], uuid[13], uuid[14], uuid[15]);
return uuidstr;
3189}

3191void
3192umb_dump(void *buf, int len)
3193{
int	 i = 0;
uint8_t	*c = buf;

if (len == 0)
return;
while (i < len) {
if ((i % 16) == 0) {
	if (i > 0)
		addlog("\n");
	log(LOG_DEBUG7, "%4d:  ", i);
}
addlog(" %02x", *c);
c++;
i++;
}
addlog("\n");
3210}
3211#endif /* UMB_DEBUG */

3213#if NKSTAT1 > 0

3215void
3216umb_kstat_attach(struct umb_softc *sc)
3217{
struct kstat *ks;
struct umb_kstat_signal *uks;

rw_init(&sc->sc_kstat_lock, "umbkstat")_rw_init_flags(&sc->sc_kstat_lock, "umbkstat", 0, ((void
 *)0));

ks = kstat_create(DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), 0, "mbim-signal", 0, KSTAT_T_KV1, 0);
if (ks == NULL((void *)0))
return;

uks = malloc(sizeof(*uks), M_DEVBUF2, M_WAITOK0x0001|M_ZERO0x0008);
kstat_kv_init(&uks->rssi, "rssi", KSTAT_KV_T_NULL);
kstat_kv_init(&uks->error_rate, "error rate", KSTAT_KV_T_NULL);
kstat_kv_init(&uks->reports, "reports", KSTAT_KV_T_COUNTER64);

kstat_set_rlock(ks, &sc->sc_kstat_lock);
ks->ks_data = uks;
ks->ks_datalen = sizeof(*uks);
ks->ks_read = kstat_read_nop;

ks->ks_softc = sc;
sc->sc_kstat_signal = ks;
kstat_install(ks);
3240}

3242void
3243umb_kstat_detach(struct umb_softc *sc)
3244{
struct kstat *ks = sc->sc_kstat_signal;
struct umb_kstat_signal *uks;

if (ks == NULL((void *)0))
return;

kstat_remove(ks);
sc->sc_kstat_signal = NULL((void *)0);

uks = ks->ks_data;
free(uks, M_DEVBUF2, sizeof(*uks));

kstat_destroy(ks);
3258}
3259#endif /* NKSTAT > 0 */