/usr/src/sys/dev/usb/if

Bug Summary

File:	dev/usb/if_umb.c
Warning:	line 1023, column 14 The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name if_umb.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -D CONFIG_DRM_AMD_DC_DCN3_0 -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /usr/obj/sys/arch/amd64/compile/GENERIC.MP/scan-build/2022-01-12-131800-47421-1 -x c /usr/src/sys/dev/usb/if_umb.c

/usr/src/sys/dev/usb/if_umb.c

→

1/*	$OpenBSD: if_umb.c,v 1.49 2022/01/11 10:34:13 claudio Exp $ */

3/*
* Copyright (c) 2016 genua mbH
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

20/*
* Mobile Broadband Interface Model specification:
* https://www.usb.org/sites/default/files/MBIM10Errata1_073013.zip
* Compliance testing guide
* https://www.usb.org/sites/default/files/MBIM-Compliance-1.0.pdf
*/
26#include "bpfilter.h"

28#include <sys/param.h>
29#include <sys/mbuf.h>
30#include <sys/socket.h>
31#include <sys/systm.h>
32#include <sys/syslog.h>

34#if NBPFILTER1 > 0
35#include <net/bpf.h>
36#endif
37#include <net/if.h>
38#include <net/if_var.h>
39#include <net/if_types.h>
40#include <net/route.h>

42#include <netinet/in.h>
43#include <netinet/in_var.h>
44#include <netinet/ip.h>

46#ifdef INET61
47#include <netinet/ip6.h>
48#include <netinet6/in6_var.h>
49#include <netinet6/ip6_var.h>
50#include <netinet6/in6_ifattach.h>
51#include <netinet6/nd6.h>
52#endif

54#include <machine/bus.h>

56#include <dev/usb/usb.h>
57#include <dev/usb/usbdi.h>
58#include <dev/usb/usbdivar.h>
59#include <dev/usb/usbdi_util.h>
60#include <dev/usb/usbdevs.h>
61#include <dev/usb/usbcdc.h>

63#include <dev/usb/mbim.h>
64#include <dev/usb/if_umb.h>

66#ifdef UMB_DEBUG
67#define DPRINTF(x...)do { } while (0)							\
do { if (umb_debug) log(LOG_DEBUG7, x); } while (0)

70#define DPRINTFN(n, x...)do { } while (0)						\
do { if (umb_debug >= (n)) log(LOG_DEBUG7, x); } while (0)

73#define DDUMPN(n, b, l)do { } while (0)							\
do {							\
	if (umb_debug >= (n))				\
		umb_dump((b), (l));			\
} while (0)

79int	 umb_debug = 0;
80char	*umb_uuid2str(uint8_t [MBIM_UUID_LEN16]);
81void	 umb_dump(void *, int);

83#else
84#define DPRINTF(x...)do { } while (0)		do { } while (0)
85#define DPRINTFN(n, x...)do { } while (0)	do { } while (0)
86#define DDUMPN(n, b, l)do { } while (0)		do { } while (0)
87#endif

89#define DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname)		(((struct umb_softc *)(sc))->sc_dev.dv_xname)

91/*
* State change timeout
*/
94#define UMB_STATE_CHANGE_TIMEOUT30	30

96/*
* State change flags
*/
99#define UMB_NS_DONT_DROP0x0001	0x0001	/* do not drop below current state */
100#define UMB_NS_DONT_RAISE0x0002	0x0002	/* do not raise below current state */

102/*
* Diagnostic macros
*/
105const struct umb_valdescr umb_regstates[] = MBIM_REGSTATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "not registered" }, { 2, "searching"
 }, { 3, "home network" }, { 4, "roaming network" }, { 5, "partner network"
 }, { 6, "access denied" }, { 0, ((void *)0) } };
106const struct umb_valdescr umb_dataclasses[] = MBIM_DATACLASS_DESCRIPTIONS{ { 0x00000000, "none" }, { 0x00000001, "GPRS" }, { 0x00000002
, "EDGE" }, { 0x00000004, "UMTS" }, { 0x00000008, "HSDPA" }, {
 0x00000010, "HSUPA" }, { 0x00000008|0x00000010, "HSPA" }, { 0x00000020
, "LTE" }, { 0x00010000, "CDMA2000" }, { 0x00020000, "CDMA2000"
 }, { 0x00040000, "CDMA2000" }, { 0x00080000, "CDMA2000" }, {
 0x00100000, "CDMA2000" }, { 0x00200000, "CDMA2000" }, { 0x00400000
, "CDMA2000" }, { 0x80000000, "custom" }, { 0, ((void *)0) } };
107const struct umb_valdescr umb_simstate[] = MBIM_SIMSTATE_DESCRIPTIONS{ { 0, "not initialized" }, { 1, "initialized" }, { 2, "not inserted"
 }, { 3, "bad type" }, { 4, "failed" }, { 5, "not activated" }
, { 6, "locked" }, { 0, ((void *)0) } };
108const struct umb_valdescr umb_messages[] = MBIM_MESSAGES_DESCRIPTIONS{ { (1U), "MBIM_OPEN_MSG" }, { (2U), "MBIM_CLOSE_MSG" }, { (3U
), "MBIM_COMMAND_MSG" }, { (4U), "MBIM_HOST_ERROR_MSG" }, { (
0x80000001U), "MBIM_OPEN_DONE" }, { (0x80000002U), "MBIM_CLOSE_DONE"
 }, { (0x80000003U), "MBIM_COMMAND_DONE" }, { (0x80000004U), "MBIM_FUNCTION_ERROR_MSG"
 }, { (0x80000007U), "MBIM_INDICATE_STATUS_MSG" }, { 0, ((void
 *)0) } };
109const struct umb_valdescr umb_status[] = MBIM_STATUS_DESCRIPTIONS{ { 0, "SUCCESS" }, { 1, "BUSY" }, { 2, "FAILURE" }, { 3, "SIM_NOT_INSERTED"
 }, { 4, "BAD_SIM" }, { 5, "PIN_REQUIRED" }, { 6, "PIN_DISABLED"
 }, { 7, "NOT_REGISTERED" }, { 8, "PROVIDERS_NOT_FOUND" }, { 9
, "NO_DEVICE_SUPPORT" }, { 10, "PROVIDER_NOT_VISIBLE" }, { 11
, "DATA_CLASS_NOT_AVAILABLE" }, { 12, "PACKET_SERVICE_DETACHED"
 }, { 13, "MAX_ACTIVATED_CONTEXTS" }, { 14, "NOT_INITIALIZED"
 }, { 15, "VOICE_CALL_IN_PROGRESS" }, { 16, "CONTEXT_NOT_ACTIVATED"
 }, { 17, "SERVICE_NOT_ACTIVATED" }, { 18, "INVALID_ACCESS_STRING"
 }, { 19, "INVALID_USER_NAME_PWD" }, { 20, "RADIO_POWER_OFF" }
, { 21, "INVALID_PARAMETERS" }, { 22, "READ_FAILURE" }, { 23,
 "WRITE_FAILURE" }, { 25, "NO_PHONEBOOK" }, { 26, "PARAMETER_TOO_LONG"
 }, { 27, "STK_BUSY" }, { 28, "OPERATION_NOT_ALLOWED" }, { 29
, "MEMORY_FAILURE" }, { 30, "INVALID_MEMORY_INDEX" }, { 31, "MEMORY_FULL"
 }, { 32, "FILTER_NOT_SUPPORTED" }, { 33, "DSS_INSTANCE_LIMIT"
 }, { 34, "INVALID_DEVICE_SERVICE_OPERATION" }, { 35, "AUTH_INCORRECT_AUTN"
 }, { 36, "AUTH_SYNC_FAILURE" }, { 37, "AUTH_AMF_NOT_SET" }, {
 38, "CONTEXT_NOT_SUPPORTED" }, { 100, "SMS_UNKNOWN_SMSC_ADDRESS"
 }, { 101, "SMS_NETWORK_TIMEOUT" }, { 102, "SMS_LANG_NOT_SUPPORTED"
 }, { 103, "SMS_ENCODING_NOT_SUPPORTED" }, { 104, "SMS_FORMAT_NOT_SUPPORTED"
 }, { 0, ((void *)0) } };
110const struct umb_valdescr umb_cids[] = MBIM_CID_DESCRIPTIONS{ { (1), "MBIM_CID_DEVICE_CAPS" }, { (2), "MBIM_CID_SUBSCRIBER_READY_STATUS"
 }, { (3), "MBIM_CID_RADIO_STATE" }, { (4), "MBIM_CID_PIN" },
 { (5), "MBIM_CID_PIN_LIST" }, { (6), "MBIM_CID_HOME_PROVIDER"
 }, { (7), "MBIM_CID_PREFERRED_PROVIDERS" }, { (8), "MBIM_CID_VISIBLE_PROVIDERS"
 }, { (9), "MBIM_CID_REGISTER_STATE" }, { (10), "MBIM_CID_PACKET_SERVICE"
 }, { (11), "MBIM_CID_SIGNAL_STATE" }, { (12), "MBIM_CID_CONNECT"
 }, { (13), "MBIM_CID_PROVISIONED_CONTEXTS" }, { (14), "MBIM_CID_SERVICE_ACTIVATION"
 }, { (15), "MBIM_CID_IP_CONFIGURATION" }, { (16), "MBIM_CID_DEVICE_SERVICES"
 }, { (19), "MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST" }, { (20
), "MBIM_CID_PACKET_STATISTICS" }, { (21), "MBIM_CID_NETWORK_IDLE_HINT"
 }, { (22), "MBIM_CID_EMERGENCY_MODE" }, { (23), "MBIM_CID_IP_PACKET_FILTERS"
 }, { (24), "MBIM_CID_MULTICARRIER_PROVIDERS" }, { 0, ((void *
)0) } };
111const struct umb_valdescr umb_pktstate[] = MBIM_PKTSRV_STATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "attaching" }, { 2, "attached" }, { 3
, "detaching" }, { 4, "detached" }, { 0, ((void *)0) } };
112const struct umb_valdescr umb_actstate[] = MBIM_ACTIVATION_STATE_DESCRIPTIONS{ { 0, "unknown" }, { 1, "activated" }, { 2, "activating" }, {
 3, "deactivated" }, { 4, "deactivating" }, { 0, ((void *)0) }
 };
113const struct umb_valdescr umb_error[] = MBIM_ERROR_DESCRIPTIONS{ { 1, "TIMEOUT_FRAGMENT" }, { 2, "FRAGMENT_OUT_OF_SEQUENCE" }
, { 3, "LENGTH_MISMATCH" }, { 4, "DUPLICATED_TID" }, { 5, "NOT_OPENED"
 }, { 6, "UNKNOWN" }, { 7, "CANCEL" }, { 8, "MAX_TRANSFER" },
 { 0, ((void *)0) } };
114const struct umb_valdescr umb_pintype[] = MBIM_PINTYPE_DESCRIPTIONS{ { 0, "none" }, { 1, "custom" }, { 2, "PIN1" }, { 3, "PIN2" }
, { 4, "device PIN" }, { 5, "device 1st PIN" }, { 6, "network PIN"
 }, { 7, "network subset PIN" }, { 8, "provider PIN" }, { 9, "corporate PIN"
 }, { 10, "subsidy lock" }, { 11, "PUK" }, { 12, "PUK2" }, { 13
, "device 1st PUK" }, { 14, "network PUK" }, { 15, "network subset PUK"
 }, { 16, "provider PUK" }, { 17, "corporate PUK" }, { 0, ((void
 *)0) } };
115const struct umb_valdescr umb_istate[] = UMB_INTERNAL_STATE_DESCRIPTIONS{ { UMB_S_DOWN, "down" }, { UMB_S_OPEN, "open" }, { UMB_S_CID
, "CID allocated" }, { UMB_S_RADIO, "radio on" }, { UMB_S_SIMREADY
, "SIM is ready" }, { UMB_S_ATTACHED, "attached" }, { UMB_S_CONNECTED
, "connected" }, { UMB_S_UP, "up" }, { 0, ((void *)0) } };

117#define umb_regstate(c)umb_val2descr(umb_regstates, (c))		umb_val2descr(umb_regstates, (c))
118#define umb_dataclass(c)umb_val2descr(umb_dataclasses, (c))	umb_val2descr(umb_dataclasses, (c))
119#define umb_simstate(s)umb_val2descr(umb_simstate, (s))		umb_val2descr(umb_simstate, (s))
120#define umb_request2str(m)umb_val2descr(umb_messages, (m))	umb_val2descr(umb_messages, (m))
121#define umb_status2str(s)umb_val2descr(umb_status, (s))	umb_val2descr(umb_status, (s))
122#define umb_cid2str(c)umb_val2descr(umb_cids, (c))		umb_val2descr(umb_cids, (c))
123#define umb_packet_state(s)umb_val2descr(umb_pktstate, (s))	umb_val2descr(umb_pktstate, (s))
124#define umb_activation(s)umb_val2descr(umb_actstate, (s))	umb_val2descr(umb_actstate, (s))
125#define umb_error2str(e)umb_val2descr(umb_error, (e))	umb_val2descr(umb_error, (e))
126#define umb_pin_type(t)umb_val2descr(umb_pintype, (t))		umb_val2descr(umb_pintype, (t))
127#define umb_istate(s)umb_val2descr(umb_istate, (s))		umb_val2descr(umb_istate, (s))

129int		 umb_match(struct device *, void *, void *);
130void		 umb_attach(struct device *, struct device *, void *);
131int		 umb_detach(struct device *, int);
132void		 umb_ncm_setup(struct umb_softc *);
133void		 umb_ncm_setup_format(struct umb_softc *);
134int		 umb_alloc_xfers(struct umb_softc *);
135void		 umb_free_xfers(struct umb_softc *);
136int		 umb_alloc_bulkpipes(struct umb_softc *);
137void		 umb_close_bulkpipes(struct umb_softc *);
138int		 umb_ioctl(struct ifnet *, u_long, caddr_t);
139int		 umb_output(struct ifnet *, struct mbuf *, struct sockaddr *,
    struct rtentry *);
141void		 umb_input(struct ifnet *, struct mbuf *);
142void		 umb_start(struct ifnet *);
143void		 umb_rtrequest(struct ifnet *, int, struct rtentry *);
144void		 umb_watchdog(struct ifnet *);
145void		 umb_statechg_timeout(void *);

147void		 umb_newstate(struct umb_softc *, enum umb_state, int);
148void		 umb_state_task(void *);
149void		 umb_up(struct umb_softc *);
150void		 umb_down(struct umb_softc *, int);

152void		 umb_get_response_task(void *);

154void		 umb_decode_response(struct umb_softc *, void *, int);
155void		 umb_handle_indicate_status_msg(struct umb_softc *, void *,
    int);
157void		 umb_handle_opendone_msg(struct umb_softc *, void *, int);
158void		 umb_handle_closedone_msg(struct umb_softc *, void *, int);
159int		 umb_decode_register_state(struct umb_softc *, void *, int);
160int		 umb_decode_devices_caps(struct umb_softc *, void *, int);
161int		 umb_decode_subscriber_status(struct umb_softc *, void *, int);
162int		 umb_decode_radio_state(struct umb_softc *, void *, int);
163int		 umb_decode_pin(struct umb_softc *, void *, int);
164int		 umb_decode_packet_service(struct umb_softc *, void *, int);
165int		 umb_decode_signal_state(struct umb_softc *, void *, int);
166int		 umb_decode_connect_info(struct umb_softc *, void *, int);
167void		 umb_clear_addr(struct umb_softc *);
168int		 umb_add_inet_config(struct umb_softc *, struct in_addr, u_int,
    struct in_addr);
170int		 umb_add_inet6_config(struct umb_softc *, struct in6_addr *,
    u_int, struct in6_addr *);
172void		 umb_send_inet_proposal(struct umb_softc *, int);
173int		 umb_decode_ip_configuration(struct umb_softc *, void *, int);
174void		 umb_rx(struct umb_softc *);
175void		 umb_rxeof(struct usbd_xfer *, void *, usbd_status);
176int		 umb_encap(struct umb_softc *, int);
177void		 umb_txeof(struct usbd_xfer *, void *, usbd_status);
178void		 umb_decap(struct umb_softc *, struct usbd_xfer *);

180usbd_status	 umb_send_encap_command(struct umb_softc *, void *, int);
181int		 umb_get_encap_response(struct umb_softc *, void *, int *);
182void		 umb_ctrl_msg(struct umb_softc *, uint32_t, void *, int);

184void		 umb_open(struct umb_softc *);
185void		 umb_close(struct umb_softc *);

187int		 umb_setpin(struct umb_softc *, int, int, void *, int, void *,
    int);
189void		 umb_setdataclass(struct umb_softc *);
190void		 umb_radio(struct umb_softc *, int);
191void		 umb_allocate_cid(struct umb_softc *);
192void		 umb_send_fcc_auth(struct umb_softc *);
193void		 umb_packet_service(struct umb_softc *, int);
194void		 umb_connect(struct umb_softc *);
195void		 umb_disconnect(struct umb_softc *);
196void		 umb_send_connect(struct umb_softc *, int);

198void		 umb_qry_ipconfig(struct umb_softc *);
199void		 umb_cmd(struct umb_softc *, int, int, void *, int);
200void		 umb_cmd1(struct umb_softc *, int, int, void *, int, uint8_t *);
201void		 umb_command_done(struct umb_softc *, void *, int);
202void		 umb_decode_cid(struct umb_softc *, uint32_t, void *, int);
203void		 umb_decode_qmi(struct umb_softc *, uint8_t *, int);

205void		 umb_intr(struct usbd_xfer *, void *, usbd_status);

207int		 umb_xfer_tout = USBD_DEFAULT_TIMEOUT5000;

209uint8_t		 umb_uuid_basic_connect[] = MBIM_UUID_BASIC_CONNECT{ 0xa2, 0x89, 0xcc, 0x33, 0xbc, 0xbb, 0x8b, 0x4f, 0xb6, 0xb0,
 0x13, 0x3e, 0xc2, 0xaa, 0xe6, 0xdf };
210uint8_t		 umb_uuid_context_internet[] = MBIM_UUID_CONTEXT_INTERNET{ 0x7e, 0x5e, 0x2a, 0x7e, 0x4e, 0x6f, 0x72, 0x72, 0x73, 0x6b,
 0x65, 0x6e, 0x7e, 0x5e, 0x2a, 0x7e };
211uint8_t		 umb_uuid_qmi_mbim[] = MBIM_UUID_QMI_MBIM{ 0xd1, 0xa3, 0x0b, 0xc2, 0xf9, 0x7a, 0x6e, 0x43, 0xbf, 0x65,
 0xc7, 0xe2, 0x4f, 0xb0, 0xf0, 0xd3 };
212uint32_t	 umb_session_id = 0;

214struct cfdriver umb_cd = {
NULL((void *)0), "umb", DV_IFNET
216};

218const struct cfattach umb_ca = {
sizeof (struct umb_softc),
umb_match,
umb_attach,
umb_detach,
NULL((void *)0),
224};

226int umb_delay = 4000;

228struct umb_quirk {
struct usb_devno	 dev;
u_int32_t		 umb_flags;
int			 umb_confno;
int			 umb_match;
233};
234const struct umb_quirk umb_quirks[] = {
{ { USB_VENDOR_DELL0x413c, USB_PRODUCT_DELL_DW5821E0x81d7 },
 0,
 2,
 UMATCH_VENDOR_PRODUCT13
},

{ { USB_VENDOR_QUECTEL0x2c7c, USB_PRODUCT_QUECTEL_EC250x0125 },
 0,
 1,
 UMATCH_VENDOR_PRODUCT13
},


{ { USB_VENDOR_HUAWEI0x12d1, USB_PRODUCT_HUAWEI_ME906S0x15c1 },
 UMBFLG_NDP_AT_END0x0004,
 3,
 UMATCH_VENDOR_PRODUCT13
},

{ { USB_VENDOR_SIERRA0x1199, USB_PRODUCT_SIERRA_EM74550x9079 },
 UMBFLG_FCC_AUTH_REQUIRED0x0001,
 0,
 0
},

{ { USB_VENDOR_SIMCOM0x1e0e, USB_PRODUCT_SIMCOM_SIM76000x9003 },
 0,
 1,
 UMATCH_VENDOR_PRODUCT13
},
265};

267#define umb_lookup(vid, pid)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (vid), (pid)))		\
((const struct umb_quirk *)usb_lookup(umb_quirks, vid, pid)usbd_match_device((const struct usb_devno *)(umb_quirks), sizeof
 (umb_quirks) / sizeof ((umb_quirks)[0]), sizeof ((umb_quirks
)[0]), (vid), (pid)))

270uint8_t umb_qmi_alloc_cid[] = {
0x01,
0x0f, 0x00,		/* len */
0x00,			/* QMUX flags */
0x00,			/* service "ctl" */
0x00,			/* CID */
0x00,			/* QMI flags */
0x01,			/* transaction */
0x22, 0x00,		/* msg "Allocate CID" */
0x04, 0x00,		/* TLV len */
0x01, 0x01, 0x00, 0x02	/* TLV */
281};

283uint8_t umb_qmi_fcc_auth[] = {
0x01,
0x0c, 0x00,		/* len */
0x00,			/* QMUX flags */
0x02,			/* service "dms" */
288#define UMB_QMI_CID_OFFS5	5
0x00,			/* CID (filled in later) */
0x00,			/* QMI flags */
0x01, 0x00,		/* transaction */
0x5f, 0x55,		/* msg "Send FCC Authentication" */
0x00, 0x00		/* TLV len */
294};

296int
297umb_match(struct device *parent, void *match, void *aux)
298{
struct usb_attach_arg *uaa = aux;
const struct umb_quirk *quirk;
usb_interface_descriptor_t *id;

quirk = umb_lookup(uaa->vendor, uaa->product)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (uaa->vendor), (uaa->product
)));
if (quirk != NULL((void *)0) && quirk->umb_match)
return (quirk->umb_match);
if (!uaa->iface)
return UMATCH_NONE0;
if ((id = usbd_get_interface_descriptor(uaa->iface)) == NULL((void *)0))
return UMATCH_NONE0;

/*
* If this function implements NCM, check if alternate setting
* 1 implements MBIM.
*/
if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_NETWORK_CONTROL_MODEL13)
id = usbd_find_idesc(uaa->device->cdesc, uaa->iface->index, 1);
if (id == NULL((void *)0))
return UMATCH_NONE0;

if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL14 &&
   id->bInterfaceProtocol == 0)
return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO5;

return UMATCH_NONE0;
329}

331void
332umb_attach(struct device *parent, struct device *self, void *aux)
333{
struct umb_softc *sc = (struct umb_softc *)self;
struct usb_attach_arg *uaa = aux;
const struct umb_quirk *quirk;
usbd_status status;
struct usbd_desc_iter iter;
const usb_descriptor_t *desc;
int	 v;
struct usb_cdc_union_descriptor *ud;
struct mbim_descriptor *md;
int	 i;
int	 ctrl_ep;
usb_interface_descriptor_t *id;
usb_config_descriptor_t	*cd;
usb_endpoint_descriptor_t *ed;
usb_interface_assoc_descriptor_t *ad;
int	 current_ifaceno = -1;
int	 data_ifaceno = -1;
int	 altnum;
int	 s;
struct ifnet *ifp;

sc->sc_udev = uaa->device;
sc->sc_ctrl_ifaceno = uaa->ifaceno;
ml_init(&sc->sc_tx_ml);

quirk = umb_lookup(uaa->vendor, uaa->product)((const struct umb_quirk *)usbd_match_device((const struct usb_devno
 *)(umb_quirks), sizeof (umb_quirks) / sizeof ((umb_quirks)[0
]), sizeof ((umb_quirks)[0]), (uaa->vendor), (uaa->product
)));
if (quirk != NULL((void *)0) && quirk->umb_flags) {
DPRINTF("%s: setting flags 0x%x from quirk\n", DEVNAM(sc),do { } while (0)
                  quirk->umb_flags)do { } while (0);
sc->sc_flags |= quirk->umb_flags;
}

/*
* Normally, MBIM devices are detected by their interface class and
* subclass. But for some models that have multiple configurations, it
* is better to match by vendor and product id so that we can select
* the desired configuration ourselves, e.g. to override a class-based
* match to another driver.
*/
if (uaa->configno < 0) {
if (quirk == NULL((void *)0)) {
	printf("%s: unknown configuration for vid/pid match\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	goto fail;
}
uaa->configno = quirk->umb_confno;
DPRINTF("%s: switching to config #%d\n", DEVNAM(sc),do { } while (0)
    uaa->configno)do { } while (0);
status = usbd_set_config_no(sc->sc_udev, uaa->configno, 1);
if (status) {
	printf("%s: failed to switch to config #%d: %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), uaa->configno, usbd_errstr(status));
	goto fail;
}
usbd_delay_ms(sc->sc_udev, 200);

/*
 * Need to do some manual setup that usbd_probe_and_attach()
 * would do for us otherwise.
 */
uaa->nifaces = uaa->device->cdesc->bNumInterfaces;
for (i = 0; i < uaa->nifaces; i++) {
	if (usbd_iface_claimed(sc->sc_udev, i))
		continue;
	id = usbd_get_interface_descriptor(&uaa->device->ifaces[i]);
	if (id != NULL((void *)0) && id->bInterfaceClass == UICLASS_CDC0x02 &&
	    id->bInterfaceSubClass ==
	    UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL14) {
		uaa->iface = &uaa->device->ifaces[i];
		uaa->ifaceno = uaa->iface->idesc->bInterfaceNumber;
		sc->sc_ctrl_ifaceno = uaa->ifaceno;
		break;
	}
}
}

/*
* Some MBIM hardware does not provide the mandatory CDC Union
* Descriptor, so we also look at matching Interface
* Association Descriptors to find out the MBIM Data Interface
* number.
*/
sc->sc_ver_maj = sc->sc_ver_min = -1;
sc->sc_maxpktlen = MBIM_MAXSEGSZ_MINVAL(2 * 1024);
usbd_desc_iter_init(sc->sc_udev, &iter);
while ((desc = usbd_desc_iter_next(&iter))) {
if (desc->bDescriptorType == UDESC_IFACE_ASSOC0x0B) {
	ad = (usb_interface_assoc_descriptor_t *)desc;
	if (ad->bFirstInterface == uaa->ifaceno &&
	    ad->bInterfaceCount > 1)
		data_ifaceno = uaa->ifaceno + 1;
	continue;
}
if (desc->bDescriptorType == UDESC_INTERFACE0x04) {
	id = (usb_interface_descriptor_t *)desc;
	current_ifaceno = id->bInterfaceNumber;
	continue;
}
if (current_ifaceno != uaa->ifaceno)
	continue;
if (desc->bDescriptorType != UDESC_CS_INTERFACE0x24)
	continue;
switch (desc->bDescriptorSubtype) {
case UDESCSUB_CDC_UNION6:
	ud = (struct usb_cdc_union_descriptor *)desc;
	data_ifaceno = ud->bSlaveInterface[0];
	break;
case UDESCSUB_MBIM27:
	md = (struct mbim_descriptor *)desc;
	v = UGETW(md->bcdMBIMVersion)(*(u_int16_t *)(md->bcdMBIMVersion));
	sc->sc_ver_maj = MBIM_VER_MAJOR(v)(((v) >> 8) & 0x0f);
	sc->sc_ver_min = MBIM_VER_MINOR(v)((v) & 0x0f);
	sc->sc_ctrl_len = UGETW(md->wMaxControlMessage)(*(u_int16_t *)(md->wMaxControlMessage));
	/* Never trust a USB device! Could try to exploit us */
	if (sc->sc_ctrl_len < MBIM_CTRLMSG_MINLEN64 ||
	    sc->sc_ctrl_len > MBIM_CTRLMSG_MAXLEN(4 * 1204)) {
		DPRINTF("%s: control message len %d out of "do { } while (0)
		    "bounds [%d .. %d]\n", DEVNAM(sc),do { } while (0)
		    sc->sc_ctrl_len, MBIM_CTRLMSG_MINLEN,do { } while (0)
		    MBIM_CTRLMSG_MAXLEN)do { } while (0);
		/* cont. anyway */
	}
	sc->sc_maxpktlen = UGETW(md->wMaxSegmentSize)(*(u_int16_t *)(md->wMaxSegmentSize));
	DPRINTFN(2, "%s: ctrl_len=%d, maxpktlen=%d, cap=0x%x\n",do { } while (0)
	    DEVNAM(sc), sc->sc_ctrl_len, sc->sc_maxpktlen,do { } while (0)
	    md->bmNetworkCapabilities)do { } while (0);
	break;
default:
	break;
}
}
if (sc->sc_ver_maj < 0) {
printf("%s: missing MBIM descriptor\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001)
sc->sc_cid = -1;

for (i = 0; i < uaa->nifaces; i++) {
if (usbd_iface_claimed(sc->sc_udev, i))
	continue;
id = usbd_get_interface_descriptor(&sc->sc_udev->ifaces[i]);
if (id != NULL((void *)0) && id->bInterfaceNumber == data_ifaceno) {
	sc->sc_data_iface = &sc->sc_udev->ifaces[i];
	usbd_claim_iface(sc->sc_udev, i);
}
}
if (sc->sc_data_iface == NULL((void *)0)) {
printf("%s: no data interface found\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

/*
* If this is a combined NCM/MBIM function, switch to
* alternate setting one to enable MBIM.
*/
id = usbd_get_interface_descriptor(uaa->iface);
if (id->bInterfaceClass == UICLASS_CDC0x02 &&
   id->bInterfaceSubClass ==
   UISUBCLASS_NETWORK_CONTROL_MODEL13)
usbd_set_interface(uaa->iface, 1);

id = usbd_get_interface_descriptor(uaa->iface);
ctrl_ep = -1;
for (i = 0; i < id->bNumEndpoints && ctrl_ep == -1; i++) {
ed = usbd_interface2endpoint_descriptor(uaa->iface, i);
if (ed == NULL((void *)0))
	break;
if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_INTERRUPT0x03 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_IN0x80)
	ctrl_ep = ed->bEndpointAddress;
}
if (ctrl_ep == -1) {
printf("%s: missing interrupt endpoint\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

/*
* For the MBIM Data Interface, select the appropriate
* alternate setting by looking for a matching descriptor that
* has two endpoints.
*/
cd = usbd_get_config_descriptor(sc->sc_udev);
altnum = usbd_get_no_alts(cd, data_ifaceno);
for (i = 0; i < altnum; i++) {
id = usbd_find_idesc(cd, sc->sc_data_iface->index, i);
if (id == NULL((void *)0))
	continue;
if (id->bInterfaceClass == UICLASS_CDC_DATA0x0a &&
    id->bInterfaceSubClass == UISUBCLASS_DATA0 &&
    id->bInterfaceProtocol == UIPROTO_DATA_MBIM0x02 &&
    id->bNumEndpoints == 2)
	break;
}
if (i == altnum || id == NULL((void *)0)) {
printf("%s: missing alt setting for interface #%d\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), data_ifaceno);
goto fail;
}
status = usbd_set_interface(sc->sc_data_iface, i);
if (status) {
printf("%s: select alt setting %d for interface #%d "
    "failed: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), i, data_ifaceno,
    usbd_errstr(status));
goto fail;
}

id = usbd_get_interface_descriptor(sc->sc_data_iface);
sc->sc_rx_ep = sc->sc_tx_ep = -1;
for (i = 0; i < id->bNumEndpoints; i++) {
if ((ed = usbd_interface2endpoint_descriptor(sc->sc_data_iface,
    i)) == NULL((void *)0))
	break;
if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_BULK0x02 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_IN0x80)
	sc->sc_rx_ep = ed->bEndpointAddress;
else if (UE_GET_XFERTYPE(ed->bmAttributes)((ed->bmAttributes) & 0x03) == UE_BULK0x02 &&
    UE_GET_DIR(ed->bEndpointAddress)((ed->bEndpointAddress) & 0x80) == UE_DIR_OUT0x00)
	sc->sc_tx_ep = ed->bEndpointAddress;
}
if (sc->sc_rx_ep == -1 || sc->sc_tx_ep == -1) {
printf("%s: missing bulk endpoints\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

DPRINTFN(2, "%s: ctrl-ifno#%d: ep-ctrl=%d, data-ifno#%d: ep-rx=%d, "do { } while (0)
   "ep-tx=%d\n", DEVNAM(sc), sc->sc_ctrl_ifaceno,do { } while (0)
   UE_GET_ADDR(ctrl_ep), data_ifaceno,do { } while (0)
   UE_GET_ADDR(sc->sc_rx_ep), UE_GET_ADDR(sc->sc_tx_ep))do { } while (0);

usb_init_task(&sc->sc_umb_task, umb_state_task, sc,((&sc->sc_umb_task)->fun = (umb_state_task), (&
sc->sc_umb_task)->arg = (sc), (&sc->sc_umb_task)
->type = (0), (&sc->sc_umb_task)->state = 0x0)
   USB_TASK_TYPE_GENERIC)((&sc->sc_umb_task)->fun = (umb_state_task), (&
sc->sc_umb_task)->arg = (sc), (&sc->sc_umb_task)
->type = (0), (&sc->sc_umb_task)->state = 0x0);
usb_init_task(&sc->sc_get_response_task, umb_get_response_task, sc,((&sc->sc_get_response_task)->fun = (umb_get_response_task
), (&sc->sc_get_response_task)->arg = (sc), (&sc
->sc_get_response_task)->type = (0), (&sc->sc_get_response_task
)->state = 0x0)
   USB_TASK_TYPE_GENERIC)((&sc->sc_get_response_task)->fun = (umb_get_response_task
), (&sc->sc_get_response_task)->arg = (sc), (&sc
->sc_get_response_task)->type = (0), (&sc->sc_get_response_task
)->state = 0x0);
timeout_set(&sc->sc_statechg_timer, umb_statechg_timeout, sc);

if (usbd_open_pipe_intr(uaa->iface, ctrl_ep, USBD_SHORT_XFER_OK0x04,
   &sc->sc_ctrl_pipe, sc, &sc->sc_intr_msg, sizeof (sc->sc_intr_msg),
   umb_intr, USBD_DEFAULT_INTERVAL(-1))) {
printf("%s: failed to open control pipe\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
sc->sc_resp_buf = malloc(sc->sc_ctrl_len, M_USBDEV102, M_NOWAIT0x0002);
if (sc->sc_resp_buf == NULL((void *)0)) {
printf("%s: allocation of resp buffer failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}
sc->sc_ctrl_msg = malloc(sc->sc_ctrl_len, M_USBDEV102, M_NOWAIT0x0002);
if (sc->sc_ctrl_msg == NULL((void *)0)) {
printf("%s: allocation of ctrl msg buffer failed\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
goto fail;
}

sc->sc_info.regstate = MBIM_REGSTATE_UNKNOWN0;
sc->sc_info.pin_attempts_left = UMB_VALUE_UNKNOWN-999;
sc->sc_info.rssi = UMB_VALUE_UNKNOWN-999;
sc->sc_info.ber = UMB_VALUE_UNKNOWN-999;

/* Default to 16 bit NTB format. */
sc->sc_ncm_format = NCM_FORMAT_NTB160x00;
umb_ncm_setup(sc);
umb_ncm_setup_format(sc);
if (sc->sc_ncm_supported_formats == 0)
goto fail;
DPRINTFN(2, "%s: rx/tx size %d/%d\n", DEVNAM(sc),do { } while (0)
   sc->sc_rx_bufsz, sc->sc_tx_bufsz)do { } while (0);

s = splnet()splraise(0x7);
ifp = GET_IFP(sc)(&(sc)->sc_if);
ifp->if_flags = IFF_SIMPLEX0x800 | IFF_MULTICAST0x8000 | IFF_POINTOPOINT0x10;
ifp->if_ioctl = umb_ioctl;
ifp->if_start = umb_start;
ifp->if_rtrequest = umb_rtrequest;

ifp->if_watchdog = umb_watchdog;
strlcpy(ifp->if_xname, DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), IFNAMSIZ16);
ifp->if_link_stateif_data.ifi_link_state = LINK_STATE_DOWN2;

ifp->if_typeif_data.ifi_type = IFT_MBIM0xfa;
ifp->if_priority = IF_WWAN_DEFAULT_PRIORITY6;
ifp->if_addrlenif_data.ifi_addrlen = 0;
ifp->if_hdrlenif_data.ifi_hdrlen = sizeof (struct ncm_header16) +
   sizeof (struct ncm_pointer16);
ifp->if_mtuif_data.ifi_mtu = 1500;		/* use a common default */
ifp->if_hardmtu = sc->sc_maxpktlen;
ifp->if_input = umb_input;
ifp->if_output = umb_output;
if_attach(ifp);
if_alloc_sadl(ifp);
ifp->if_softc = sc;
625#if NBPFILTER1 > 0
bpfattach(&ifp->if_bpf, ifp, DLT_LOOP12, sizeof(uint32_t));
627#endif
/*
* Open the device now so that we are able to query device information.
* XXX maybe close when done?
*/
umb_open(sc);
splx(s)spllower(s);

DPRINTF("%s: vers %d.%d\n", DEVNAM(sc), sc->sc_ver_maj, sc->sc_ver_min)do { } while (0);
return;

638fail:
usbd_deactivate(sc->sc_udev);
return;
641}

643int
644umb_detach(struct device *self, int flags)
645{
struct umb_softc *sc = (struct umb_softc *)self;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;

s = splnet()splraise(0x7);
if (ifp->if_flags & IFF_RUNNING0x40)
umb_down(sc, 1);
umb_close(sc);

usb_rem_wait_task(sc->sc_udev, &sc->sc_get_response_task);
if (timeout_initialized(&sc->sc_statechg_timer)((&sc->sc_statechg_timer)->to_flags & 0x04))
timeout_del(&sc->sc_statechg_timer);
sc->sc_nresp = 0;
usb_rem_wait_task(sc->sc_udev, &sc->sc_umb_task);
if (sc->sc_ctrl_pipe) {
usbd_close_pipe(sc->sc_ctrl_pipe);
sc->sc_ctrl_pipe = NULL((void *)0);
}
if (sc->sc_ctrl_msg) {
free(sc->sc_ctrl_msg, M_USBDEV102, sc->sc_ctrl_len);
sc->sc_ctrl_msg = NULL((void *)0);
}
if (sc->sc_resp_buf) {
free(sc->sc_resp_buf, M_USBDEV102, sc->sc_ctrl_len);
sc->sc_resp_buf = NULL((void *)0);
}
if (ifp->if_softc != NULL((void *)0)) {
if_detach(ifp);
}

splx(s)spllower(s);
return 0;
678}

680void
681umb_ncm_setup(struct umb_softc *sc)
682{
usb_device_request_t req;
struct ncm_ntb_parameters np;

/* Query NTB transfer sizes */
req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = NCM_GET_NTB_PARAMETERS0x80;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, sizeof (np))(*(u_int16_t *)(req.wLength) = (sizeof (np)));
if (usbd_do_request(sc->sc_udev, &req, &np) == USBD_NORMAL_COMPLETION &&
   UGETW(np.wLength)(*(u_int16_t *)(np.wLength)) == sizeof (np)) {
sc->sc_rx_bufsz = UGETDW(np.dwNtbInMaxSize)(*(u_int32_t *)(np.dwNtbInMaxSize));
sc->sc_tx_bufsz = UGETDW(np.dwNtbOutMaxSize)(*(u_int32_t *)(np.dwNtbOutMaxSize));
sc->sc_maxdgram = UGETW(np.wNtbOutMaxDatagrams)(*(u_int16_t *)(np.wNtbOutMaxDatagrams));
sc->sc_align = UGETW(np.wNdpOutAlignment)(*(u_int16_t *)(np.wNdpOutAlignment));
sc->sc_ndp_div = UGETW(np.wNdpOutDivisor)(*(u_int16_t *)(np.wNdpOutDivisor));
sc->sc_ndp_remainder = UGETW(np.wNdpOutPayloadRemainder)(*(u_int16_t *)(np.wNdpOutPayloadRemainder));
/* Validate values */
if (!powerof2(sc->sc_align)((((sc->sc_align)-1)&(sc->sc_align))==0) || sc->sc_align == 0 ||
    sc->sc_align >= sc->sc_tx_bufsz)
	sc->sc_align = sizeof (uint32_t);
if (!powerof2(sc->sc_ndp_div)((((sc->sc_ndp_div)-1)&(sc->sc_ndp_div))==0) || sc->sc_ndp_div == 0 ||
    sc->sc_ndp_div >= sc->sc_tx_bufsz)
	sc->sc_ndp_div = sizeof (uint32_t);
if (sc->sc_ndp_remainder >= sc->sc_ndp_div)
	sc->sc_ndp_remainder = 0;
DPRINTF("%s: NCM align=%d div=%d rem=%d\n", DEVNAM(sc),do { } while (0)
    sc->sc_align, sc->sc_ndp_div, sc->sc_ndp_remainder)do { } while (0);
sc->sc_ncm_supported_formats = UGETW(np.bmNtbFormatsSupported)(*(u_int16_t *)(np.bmNtbFormatsSupported));
} else {
sc->sc_rx_bufsz = sc->sc_tx_bufsz = 8 * 1024;
sc->sc_maxdgram = 0;
sc->sc_align = sc->sc_ndp_div = sizeof (uint32_t);
sc->sc_ndp_remainder = 0;
DPRINTF("%s: align=default div=default rem=default\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
sc->sc_ncm_supported_formats = NCM_FORMAT_NTB16_MASK(1U << 0x00);
}
721}

723void
724umb_ncm_setup_format(struct umb_softc *sc)
725{
usb_device_request_t req;
uWord wFmt;
uint16_t fmt;

assertwaitok();
if (sc->sc_ncm_supported_formats == 0)
goto fail;

/* NCM_GET_NTB_FORMAT is not allowed for 16-bit only devices. */
if (sc->sc_ncm_supported_formats == NCM_FORMAT_NTB16_MASK(1U << 0x00)) {
DPRINTF("%s: Only NTB16 format supported.\n", DEVNAM(sc))do { } while (0);
sc->sc_ncm_format = NCM_FORMAT_NTB160x00;
return;
}

/* Query NTB FORMAT (16 vs. 32 bit) */
req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = NCM_GET_NTB_FORMAT0x83;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, sizeof (wFmt))(*(u_int16_t *)(req.wLength) = (sizeof (wFmt)));
if (usbd_do_request(sc->sc_udev, &req, wFmt) != USBD_NORMAL_COMPLETION)
goto fail;
fmt = UGETW(wFmt)(*(u_int16_t *)(wFmt));
if ((sc->sc_ncm_supported_formats & (1UL << fmt)) == 0)
goto fail;
if (fmt != NCM_FORMAT_NTB160x00 && fmt != NCM_FORMAT_NTB320x01)
goto fail;
sc->sc_ncm_format = fmt;

DPRINTF("%s: Using NCM format %d, supported=0x%x\n",do { } while (0)
   DEVNAM(sc), sc->sc_ncm_format, sc->sc_ncm_supported_formats)do { } while (0);
return;

760fail:
DPRINTF("%s: Cannot setup NCM format\n", DEVNAM(sc))do { } while (0);
sc->sc_ncm_supported_formats = 0;
763}

765int
766umb_alloc_xfers(struct umb_softc *sc)
767{
if (!sc->sc_rx_xfer) {
if ((sc->sc_rx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL((void *)0))
	sc->sc_rx_buf = usbd_alloc_buffer(sc->sc_rx_xfer,
	    sc->sc_rx_bufsz);
}
if (!sc->sc_tx_xfer) {
if ((sc->sc_tx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL((void *)0))
	sc->sc_tx_buf = usbd_alloc_buffer(sc->sc_tx_xfer,
	    sc->sc_tx_bufsz);
}
return (sc->sc_rx_buf && sc->sc_tx_buf) ? 1 : 0;
779}

781void
782umb_free_xfers(struct umb_softc *sc)
783{
if (sc->sc_rx_xfer) {
/* implicit usbd_free_buffer() */
usbd_free_xfer(sc->sc_rx_xfer);
sc->sc_rx_xfer = NULL((void *)0);
sc->sc_rx_buf = NULL((void *)0);
}
if (sc->sc_tx_xfer) {
usbd_free_xfer(sc->sc_tx_xfer);
sc->sc_tx_xfer = NULL((void *)0);
sc->sc_tx_buf = NULL((void *)0);
}
ml_purge(&sc->sc_tx_ml);
796}

798int
799umb_alloc_bulkpipes(struct umb_softc *sc)
800{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (!(ifp->if_flags & IFF_RUNNING0x40)) {
if (usbd_open_pipe(sc->sc_data_iface, sc->sc_rx_ep,
    USBD_EXCLUSIVE_USE0x01, &sc->sc_rx_pipe))
	return 0;
if (usbd_open_pipe(sc->sc_data_iface, sc->sc_tx_ep,
    USBD_EXCLUSIVE_USE0x01, &sc->sc_tx_pipe))
	return 0;

ifp->if_flags |= IFF_RUNNING0x40;
ifq_clr_oactive(&ifp->if_snd);
umb_rx(sc);
}
return 1;
816}

818void
819umb_close_bulkpipes(struct umb_softc *sc)
820{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

ifp->if_flags &= ~IFF_RUNNING0x40;
ifq_clr_oactive(&ifp->if_snd);
ifp->if_timer = 0;
if (sc->sc_rx_pipe) {
usbd_close_pipe(sc->sc_rx_pipe);
sc->sc_rx_pipe = NULL((void *)0);
}
if (sc->sc_tx_pipe) {
usbd_close_pipe(sc->sc_tx_pipe);
sc->sc_tx_pipe = NULL((void *)0);
}
834}

836int
837umb_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
838{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;
struct umb_softc *sc = ifp->if_softc;
struct ifreq *ifr = (struct ifreq *)data;
int	 s, error = 0;
struct umb_parameter mp;

if (usbd_is_dying(sc->sc_udev))
return ENXIO6;

s = splnet()splraise(0x7);
switch (cmd) {
case SIOCSIFFLAGS((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((16))):
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
break;
case SIOCGUMBINFO(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((190))):
error = copyout(&sc->sc_info, ifr->ifr_dataifr_ifru.ifru_data,
    sizeof (sc->sc_info));
break;
case SIOCSUMBPARAM((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((191))):
if ((error = suser(p)) != 0)
	break;
if ((error = copyin(ifr->ifr_dataifr_ifru.ifru_data, &mp, sizeof (mp))) != 0)
	break;

if ((error = umb_setpin(sc, mp.op, mp.is_puk, mp.pin, mp.pinlen,
    mp.newpin, mp.newpinlen)) != 0)
	break;

if (mp.apnlen < 0 || mp.apnlen > sizeof (sc->sc_info.apn)) {
	error = EINVAL22;
	break;
}
sc->sc_roamingsc_info.enable_roaming = mp.roaming ? 1 : 0;
memset(sc->sc_info.apn, 0, sizeof (sc->sc_info.apn))__builtin_memset((sc->sc_info.apn), (0), (sizeof (sc->sc_info
.apn)));
memcpy(sc->sc_info.apn, mp.apn, mp.apnlen)__builtin_memcpy((sc->sc_info.apn), (mp.apn), (mp.apnlen));
sc->sc_info.apnlen = mp.apnlen;
sc->sc_info.preferredclasses = mp.preferredclasses;
umb_setdataclass(sc);
break;
case SIOCGUMBPARAM(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
 8) | ((192))):
memset(&mp, 0, sizeof (mp))__builtin_memset((&mp), (0), (sizeof (mp)));
memcpy(mp.apn, sc->sc_info.apn, sc->sc_info.apnlen)__builtin_memcpy((mp.apn), (sc->sc_info.apn), (sc->sc_info
.apnlen));
mp.apnlen = sc->sc_info.apnlen;
mp.roaming = sc->sc_roamingsc_info.enable_roaming;
mp.preferredclasses = sc->sc_info.preferredclasses;
error = copyout(&mp, ifr->ifr_dataifr_ifru.ifru_data, sizeof (mp));
break;
case SIOCSIFMTU((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((127))):
/* Does this include the NCM headers and tail? */
if (ifr->ifr_mtuifr_ifru.ifru_metric > ifp->if_hardmtu) {
	error = EINVAL22;
	break;
}
ifp->if_mtuif_data.ifi_mtu = ifr->ifr_mtuifr_ifru.ifru_metric;
break;
case SIOCSIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((12))):
case SIOCAIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifaliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))):
case SIOCSIFDSTADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((14))):
case SIOCADDMULTI((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((49))):
case SIOCDELMULTI((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((50))):
break;
default:
error = ENOTTY25;
break;
}
splx(s)spllower(s);
return error;
906}

908int
909umb_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
  struct rtentry *rtp)
911{
if ((ifp->if_flags & (IFF_UP0x1|IFF_RUNNING0x40)) != (IFF_UP0x1|IFF_RUNNING0x40)) {
m_freem(m);
return ENETDOWN50;
}
m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family = dst->sa_family;
return if_enqueue(ifp, m);
918}

920void
921umb_input(struct ifnet *ifp, struct mbuf *m)
922{
uint32_t af;

if ((ifp->if_flags & IFF_UP0x1) == 0) {
m_freem(m);
return;
}
if (m->m_pkthdrM_dat.MH.MH_pkthdr.len < sizeof (struct ip) + sizeof(af)) {
ifp->if_ierrorsif_data.ifi_ierrors++;
DPRINTFN(4, "%s: dropping short packet (len %d)\n", __func__,do { } while (0)
    m->m_pkthdr.len)do { } while (0);
m_freem(m);
return;
}
m->m_pkthdrM_dat.MH.MH_pkthdr.ph_rtableid = ifp->if_rdomainif_data.ifi_rdomain;

/* pop off DLT_LOOP header, no longer needed */
af = *mtod(m, uint32_t *)((uint32_t *)((m)->m_hdr.mh_data));
m_adj(m, sizeof (af));
af = ntohl(af)(__uint32_t)(__builtin_constant_p(af) ? (__uint32_t)(((__uint32_t
)(af) & 0xff) << 24 | ((__uint32_t)(af) & 0xff00
) << 8 | ((__uint32_t)(af) & 0xff0000) >> 8 |
 ((__uint32_t)(af) & 0xff000000) >> 24) : __swap32md
(af));

ifp->if_ibytesif_data.ifi_ibytes += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
switch (af) {
case AF_INET2:
ipv4_input(ifp, m);
return;
948#ifdef INET61
case AF_INET624:
ipv6_input(ifp, m);
return;
952#endif /* INET6 */
default:
ifp->if_ierrorsif_data.ifi_ierrors++;
DPRINTFN(4, "%s: dropping packet with bad IP version (af %d)\n",do { } while (0)
    __func__, af)do { } while (0);
m_freem(m);
return;
}
960}

962static inline int
963umb_align(size_t bufsz, int offs, int alignment, int remainder)
964{
size_t	 m = alignment - 1;
int	 align;

align = (((size_t)offs + m) & ~m) - alignment + remainder;
if (align < offs)
align += alignment;
if (align > bufsz)
align = bufsz;
return align - offs;
974}

976static inline int
977umb_padding(void *buf, size_t bufsz, int offs, int alignment, int remainder)
978{
int	 nb;

nb = umb_align(bufsz, offs, alignment, remainder);
if (nb > 0)
memset(buf + offs, 0, nb)__builtin_memset((buf + offs), (0), (nb));
return nb;
985}

987void
988umb_start(struct ifnet *ifp)
989{
struct umb_softc *sc = ifp->if_softc;
struct mbuf *m = NULL((void *)0);
int	 ndgram = 0;
int	 offs, len, mlen;
int	 maxoverhead;
6
←
'maxoverhead' declared without an initial value→

if (usbd_is_dying(sc->sc_udev) ||
7
←
Assuming the condition is false→
13
←
Taking false branch→
   !(ifp->if_flags & IFF_RUNNING0x40) ||
8
←
Assuming the condition is false→
   ifq_is_oactive(&ifp->if_snd))
9
←
Calling 'ifq_is_oactive'→
12
←
Returning from 'ifq_is_oactive'→
return;

KASSERT(ml_empty(&sc->sc_tx_ml))((((&sc->sc_tx_ml)->ml_len == 0)) ? (void)0 : __assert
("diagnostic ", "/usr/src/sys/dev/usb/if_umb.c", 1001, "ml_empty(&sc->sc_tx_ml)"
));
14
←
Assuming field 'ml_len' is equal to 0→
15
←
'?' condition is true→

switch (sc->sc_ncm_format) {
16
←
'Default' branch taken. Execution continues on line 1023→
case NCM_FORMAT_NTB160x00:
offs = sizeof (struct ncm_header16);
offs += umb_align(sc->sc_tx_bufsz, offs, sc->sc_align, 0);
offs += sizeof (struct ncm_pointer16);
maxoverhead = sizeof (struct ncm_pointer16_dgram);
break;
case NCM_FORMAT_NTB320x01:
offs = sizeof (struct ncm_header32);
offs += umb_align(sc->sc_tx_bufsz, offs, sc->sc_align, 0);
offs += sizeof (struct ncm_pointer32);
maxoverhead = sizeof (struct ncm_pointer32_dgram);
break;
}

/*
* Overhead for per packet alignment plus packet pointer. Note
* that 'struct ncm_pointer{16,32}' already includes space for
* the terminating zero pointer.
*/
maxoverhead += sc->sc_ndp_div - 1;
17
←
The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage

len = 0;
while (1) {
m = ifq_deq_begin(&ifp->if_snd);
if (m == NULL((void *)0))
	break;

/*
 * Check if mbuf plus required NCM pointer still fits into
 * xfer buffers. Assume maximal padding.
 */
mlen = maxoverhead +  m->m_pkthdrM_dat.MH.MH_pkthdr.len;
if ((sc->sc_maxdgram != 0 && ndgram >= sc->sc_maxdgram) ||
    (offs + len + mlen > sc->sc_tx_bufsz)) {
	ifq_deq_rollback(&ifp->if_snd, m);
	break;
}
ifq_deq_commit(&ifp->if_snd, m);

ndgram++;
len += mlen;
ml_enqueue(&sc->sc_tx_ml, m);

1047#if NBPFILTER1 > 0
if (ifp->if_bpf)
	bpf_mtap_af(ifp->if_bpf, m->m_pkthdrM_dat.MH.MH_pkthdr.ph_family, m,
	    BPF_DIRECTION_OUT(1 << 1));
1051#endif
}
if (ml_empty(&sc->sc_tx_ml)((&sc->sc_tx_ml)->ml_len == 0))
return;
if (umb_encap(sc, ndgram)) {
ifq_set_oactive(&ifp->if_snd);
ifp->if_timer = (2 * umb_xfer_tout) / 1000;
}
1059}

1061void
1062umb_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt)
1063{
struct umb_softc *sc = ifp->if_softc;

if (req == RTM_PROPOSAL0x13) {
KERNEL_LOCK()_kernel_lock();
umb_send_inet_proposal(sc, AF_INET2);
1069#ifdef INET61
umb_send_inet_proposal(sc, AF_INET624);
1071#endif
KERNEL_UNLOCK()_kernel_unlock();
return;
}

p2p_rtrequest(ifp, req, rt);
1077}


1080void
1081umb_watchdog(struct ifnet *ifp)
1082{
struct umb_softc *sc = ifp->if_softc;

if (usbd_is_dying(sc->sc_udev))
return;

ifp->if_oerrorsif_data.ifi_oerrors++;
printf("%s: watchdog timeout\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
usbd_abort_pipe(sc->sc_tx_pipe);
return;
1092}

1094void
1095umb_statechg_timeout(void *arg)
1096{
struct umb_softc *sc = arg;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (sc->sc_info.regstate != MBIM_REGSTATE_ROAMING4 || sc->sc_roamingsc_info.enable_roaming)
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: state change timeout\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
1105}

1107void
1108umb_newstate(struct umb_softc *sc, enum umb_state newstate, int flags)
1109{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (newstate == sc->sc_statesc_info.state)
return;
if (((flags & UMB_NS_DONT_DROP0x0001) && newstate < sc->sc_statesc_info.state) ||
   ((flags & UMB_NS_DONT_RAISE0x0002) && newstate > sc->sc_statesc_info.state))
return;
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: state going %s from '%s' to '%s'\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), newstate > sc->sc_statesc_info.state ? "up" : "down",
    umb_istate(sc->sc_state)umb_val2descr(umb_istate, (sc->sc_info.state)), umb_istate(newstate)umb_val2descr(umb_istate, (newstate)));
sc->sc_statesc_info.state = newstate;
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
1123}

1125void
1126umb_state_task(void *arg)
1127{
struct umb_softc *sc = arg;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
int	 state;

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 && !sc->sc_roamingsc_info.enable_roaming) {
/*
 * Query the registration state until we're with the home
 * network again.
 */
umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_QRY0, NULL((void *)0), 0);
return;
}

s = splnet()splraise(0x7);
if (ifp->if_flags & IFF_UP0x1)
umb_up(sc);
else
umb_down(sc, 0);

state = sc->sc_statesc_info.state == UMB_S_UP ? LINK_STATE_UP4 : LINK_STATE_DOWN2;
if (ifp->if_link_stateif_data.ifi_link_state != state) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: link state changed from %s to %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    LINK_STATE_IS_UP(ifp->if_link_state)((ifp->if_data.ifi_link_state) >= 4 || (ifp->if_data
.ifi_link_state) == 0)
	    ? "up" : "down",
	    LINK_STATE_IS_UP(state)((state) >= 4 || (state) == 0) ? "up" : "down");
ifp->if_link_stateif_data.ifi_link_state = state;
if_link_state_change(ifp);
}
splx(s)spllower(s);
1160}

1162void
1163umb_up(struct umb_softc *sc)
1164{
splassert(IPL_NET)do { if (splassert_ctl > 0) { splassert_check(0x7, __func__
); } } while (0);

switch (sc->sc_statesc_info.state) {
case UMB_S_DOWN:
DPRINTF("%s: init: opening ...\n", DEVNAM(sc))do { } while (0);
umb_open(sc);
break;
case UMB_S_OPEN:
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001) {
	if (sc->sc_cid == -1) {
		DPRINTF("%s: init: allocating CID ...\n",do { } while (0)
		    DEVNAM(sc))do { } while (0);
		umb_allocate_cid(sc);
		break;
	} else
		umb_newstate(sc, UMB_S_CID, UMB_NS_DONT_DROP0x0001);
} else {
	DPRINTF("%s: init: turning radio on ...\n", DEVNAM(sc))do { } while (0);
	umb_radio(sc, 1);
	break;
}
/*FALLTHROUGH*/
case UMB_S_CID:
DPRINTF("%s: init: sending FCC auth ...\n", DEVNAM(sc))do { } while (0);
umb_send_fcc_auth(sc);
break;
case UMB_S_RADIO:
DPRINTF("%s: init: checking SIM state ...\n", DEVNAM(sc))do { } while (0);
umb_cmd(sc, MBIM_CID_SUBSCRIBER_READY_STATUS2, MBIM_CMDOP_QRY0,
    NULL((void *)0), 0);
break;
case UMB_S_SIMREADY:
DPRINTF("%s: init: attaching ...\n", DEVNAM(sc))do { } while (0);
umb_packet_service(sc, 1);
break;
case UMB_S_ATTACHED:
sc->sc_tx_seq = 0;
if (!umb_alloc_xfers(sc)) {
	umb_free_xfers(sc);
	printf("%s: allocation of xfers failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	break;
}
DPRINTF("%s: init: connecting ...\n", DEVNAM(sc))do { } while (0);
umb_connect(sc);
break;
case UMB_S_CONNECTED:
DPRINTF("%s: init: getting IP config ...\n", DEVNAM(sc))do { } while (0);
umb_qry_ipconfig(sc);
break;
case UMB_S_UP:
DPRINTF("%s: init: reached state UP\n", DEVNAM(sc))do { } while (0);
if (!umb_alloc_bulkpipes(sc)) {
	printf("%s: opening bulk pipes failed\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	umb_down(sc, 1);
}
break;
}
if (sc->sc_statesc_info.state < UMB_S_UP)
timeout_add_sec(&sc->sc_statechg_timer,
    UMB_STATE_CHANGE_TIMEOUT30);
else
timeout_del(&sc->sc_statechg_timer);
return;
1228}

1230void
1231umb_down(struct umb_softc *sc, int force)
1232{
splassert(IPL_NET)do { if (splassert_ctl > 0) { splassert_check(0x7, __func__
); } } while (0);

umb_close_bulkpipes(sc);
if (sc->sc_statesc_info.state < UMB_S_CONNECTED)
umb_free_xfers(sc);

switch (sc->sc_statesc_info.state) {
case UMB_S_UP:
umb_clear_addr(sc);
/*FALLTHROUGH*/
case UMB_S_CONNECTED:
DPRINTF("%s: stop: disconnecting ...\n", DEVNAM(sc))do { } while (0);
umb_disconnect(sc);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_ATTACHED:
DPRINTF("%s: stop: detaching ...\n", DEVNAM(sc))do { } while (0);
umb_packet_service(sc, 0);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_SIMREADY:
case UMB_S_RADIO:
DPRINTF("%s: stop: turning radio off ...\n", DEVNAM(sc))do { } while (0);
umb_radio(sc, 0);
if (!force)
	break;
/*FALLTHROUGH*/
case UMB_S_CID:
case UMB_S_OPEN:
case UMB_S_DOWN:
/* Do not close the device */
DPRINTF("%s: stop: reached state DOWN\n", DEVNAM(sc))do { } while (0);
break;
}
if (force)
sc->sc_statesc_info.state = UMB_S_OPEN;

if (sc->sc_statesc_info.state > UMB_S_OPEN)
timeout_add_sec(&sc->sc_statechg_timer,
    UMB_STATE_CHANGE_TIMEOUT30);
else
timeout_del(&sc->sc_statechg_timer);
1277}

1279void
1280umb_get_response_task(void *arg)
1281{
struct umb_softc *sc = arg;
int	 len;
int	 s;

/*
* Function is required to send on RESPONSE_AVAILABLE notification for
* each encapsulated response that is to be processed by the host.
* But of course, we can receive multiple notifications before the
* response task is run.
*/
s = splusb()splraise(0x5);
while (sc->sc_nresp > 0) {
--sc->sc_nresp;
len = sc->sc_ctrl_len;
if (umb_get_encap_response(sc, sc->sc_resp_buf, &len))
	umb_decode_response(sc, sc->sc_resp_buf, len);
}
splx(s)spllower(s);
1300}

1302void
1303umb_decode_response(struct umb_softc *sc, void *response, int len)
1304{
struct mbim_msghdr *hdr = response;
struct mbim_fragmented_msg_hdr *fraghdr;
uint32_t type;
uint32_t tid;

DPRINTFN(3, "%s: got response: len %d\n", DEVNAM(sc), len)do { } while (0);
DDUMPN(4, response, len)do { } while (0);

if (len < sizeof (*hdr) || letoh32(hdr->len)((__uint32_t)(hdr->len)) != len) {
/*
 * We should probably cancel a transaction, but since the
 * message is too short, we cannot decode the transaction
 * id (tid) and hence don't know, whom to cancel. Must wait
 * for the timeout.
 */
DPRINTF("%s: received short response (len %d)\n",do { } while (0)
    DEVNAM(sc), len)do { } while (0);
return;
}

/*
* XXX FIXME: if message is fragmented, store it until last frag
*	is received and then re-assemble all fragments.
*/
type = letoh32(hdr->type)((__uint32_t)(hdr->type));
tid = letoh32(hdr->tid)((__uint32_t)(hdr->tid));
switch (type) {
case MBIM_INDICATE_STATUS_MSG0x80000007U:
case MBIM_COMMAND_DONE0x80000003U:
fraghdr = response;
if (letoh32(fraghdr->frag.nfrag)((__uint32_t)(fraghdr->frag.nfrag)) != 1) {
	DPRINTF("%s: discarding fragmented messages\n",do { } while (0)
	    DEVNAM(sc))do { } while (0);
	return;
}
break;
default:
break;
}

DPRINTF("%s: <- rcv %s (tid %u)\n", DEVNAM(sc), umb_request2str(type),do { } while (0)
   tid)do { } while (0);
switch (type) {
case MBIM_FUNCTION_ERROR_MSG0x80000004U:
case MBIM_HOST_ERROR_MSG4U:
{
struct mbim_f2h_hosterr *e;
int	 err;

if (len >= sizeof (*e)) {
	e = response;
	err = letoh32(e->err)((__uint32_t)(e->err));

	DPRINTF("%s: %s message, error %s (tid %u)\n",do { } while (0)
	    DEVNAM(sc), umb_request2str(type),do { } while (0)
	    umb_error2str(err), tid)do { } while (0);
	if (err == MBIM_ERROR_NOT_OPENED5)
		umb_newstate(sc, UMB_S_DOWN, 0);
}
break;
}
case MBIM_INDICATE_STATUS_MSG0x80000007U:
umb_handle_indicate_status_msg(sc, response, len);
break;
case MBIM_OPEN_DONE0x80000001U:
umb_handle_opendone_msg(sc, response, len);
break;
case MBIM_CLOSE_DONE0x80000002U:
umb_handle_closedone_msg(sc, response, len);
break;
case MBIM_COMMAND_DONE0x80000003U:
umb_command_done(sc, response, len);
break;
default:
DPRINTF("%s: discard message %s\n", DEVNAM(sc),do { } while (0)
    umb_request2str(type))do { } while (0);
break;
}
1383}

1385void
1386umb_handle_indicate_status_msg(struct umb_softc *sc, void *data, int len)
1387{
struct mbim_f2h_indicate_status *m = data;
uint32_t infolen;
uint32_t cid;

if (len < sizeof (*m)) {
DPRINTF("%s: discard short %s message\n", DEVNAM(sc),do { } while (0)
    umb_request2str(letoh32(m->hdr.type)))do { } while (0);
return;
}
if (memcmp(m->devid, umb_uuid_basic_connect, sizeof (m->devid))__builtin_memcmp((m->devid), (umb_uuid_basic_connect), (sizeof
 (m->devid)))) {
DPRINTF("%s: discard %s message for other UUID '%s'\n",do { } while (0)
    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),do { } while (0)
    umb_uuid2str(m->devid))do { } while (0);
return;
}
infolen = letoh32(m->infolen)((__uint32_t)(m->infolen));
if (len < sizeof (*m) + infolen) {
DPRINTF("%s: discard truncated %s message (want %d, got %d)\n",do { } while (0)
    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),do { } while (0)
    (int)sizeof (*m) + infolen, len)do { } while (0);
return;
}

cid = letoh32(m->cid)((__uint32_t)(m->cid));
DPRINTF("%s: indicate %s status\n", DEVNAM(sc), umb_cid2str(cid))do { } while (0);
umb_decode_cid(sc, cid, m->info, infolen);
1414}

1416void
1417umb_handle_opendone_msg(struct umb_softc *sc, void *data, int len)
1418{
struct mbim_f2h_openclosedone *resp = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t status;

status = letoh32(resp->status)((__uint32_t)(resp->status));
if (status == MBIM_STATUS_SUCCESS0) {
if (sc->sc_maxsessions == 0) {
	umb_cmd(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_QRY0, NULL((void *)0),
	    0);
	umb_cmd(sc, MBIM_CID_PIN4, MBIM_CMDOP_QRY0, NULL((void *)0), 0);
	umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_QRY0,
	    NULL((void *)0), 0);
}
umb_newstate(sc, UMB_S_OPEN, UMB_NS_DONT_DROP0x0001);
} else if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_ERR3, "%s: open error: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
    umb_status2str(status)umb_val2descr(umb_status, (status)));
return;
1437}

1439void
1440umb_handle_closedone_msg(struct umb_softc *sc, void *data, int len)
1441{
struct mbim_f2h_openclosedone *resp = data;
uint32_t status;

status = letoh32(resp->status)((__uint32_t)(resp->status));
if (status == MBIM_STATUS_SUCCESS0)
umb_newstate(sc, UMB_S_DOWN, 0);
else
DPRINTF("%s: close error: %s\n", DEVNAM(sc),do { } while (0)
    umb_status2str(status))do { } while (0);
return;
1452}

1454static inline void
1455umb_getinfobuf(void *in, int inlen, uint32_t offs, uint32_t sz,
  void *out, size_t outlen)
1457{
offs = letoh32(offs)((__uint32_t)(offs));
sz = letoh32(sz)((__uint32_t)(sz));
if (inlen >= offs + sz) {
memset(out, 0, outlen)__builtin_memset((out), (0), (outlen));
memcpy(out, in + offs, MIN(sz, outlen))__builtin_memcpy((out), (in + offs), ((((sz)<(outlen))?(sz
):(outlen))));
}
1464}

1466static inline int
1467umb_addstr(void *buf, size_t bufsz, int *offs, void *str, int slen,
  uint32_t *offsmember, uint32_t *sizemember)
1469{
if (*offs + slen > bufsz)
return 0;

*sizemember = htole32((uint32_t)slen)((__uint32_t)((uint32_t)slen));
if (slen && str) {
*offsmember = htole32((uint32_t)*offs)((__uint32_t)((uint32_t)*offs));
memcpy(buf + *offs, str, slen)__builtin_memcpy((buf + *offs), (str), (slen));
*offs += slen;
*offs += umb_padding(buf, bufsz, *offs, sizeof (uint32_t), 0);
} else
*offsmember = htole32(0)((__uint32_t)(0));
return 1;
1482}

1484int
1485umb_decode_register_state(struct umb_softc *sc, void *data, int len)
1486{
struct mbim_cid_registration_state_info *rs = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*rs))
return 0;
sc->sc_info.nwerror = letoh32(rs->nwerror)((__uint32_t)(rs->nwerror));
sc->sc_info.regstate = letoh32(rs->regstate)((__uint32_t)(rs->regstate));
sc->sc_info.regmode = letoh32(rs->regmode)((__uint32_t)(rs->regmode));
sc->sc_info.cellclass = letoh32(rs->curcellclass)((__uint32_t)(rs->curcellclass));

umb_getinfobuf(data, len, rs->provname_offs, rs->provname_size,
   sc->sc_info.provider, sizeof (sc->sc_info.provider));
umb_getinfobuf(data, len, rs->provid_offs, rs->provid_size,
   sc->sc_info.providerid, sizeof (sc->sc_info.providerid));
umb_getinfobuf(data, len, rs->roamingtxt_offs, rs->roamingtxt_size,
   sc->sc_info.roamingtxt, sizeof (sc->sc_info.roamingtxt));

DPRINTFN(2, "%s: %s, availclass 0x%x, class 0x%x, regmode %d\n",do { } while (0)
   DEVNAM(sc), umb_regstate(sc->sc_info.regstate),do { } while (0)
   letoh32(rs->availclasses), sc->sc_info.cellclass,do { } while (0)
   sc->sc_info.regmode)do { } while (0);

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 &&
   !sc->sc_roamingsc_info.enable_roaming &&
   sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED1) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6,
	    "%s: disconnecting from roaming network\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_disconnect(sc);
}
return 1;
1519}

1521int
1522umb_decode_devices_caps(struct umb_softc *sc, void *data, int len)
1523{
struct mbim_cid_device_caps *dc = data;

if (len < sizeof (*dc))
return 0;
sc->sc_maxsessions = letoh32(dc->max_sessions)((__uint32_t)(dc->max_sessions));
sc->sc_info.supportedclasses = letoh32(dc->dataclass)((__uint32_t)(dc->dataclass));
umb_getinfobuf(data, len, dc->devid_offs, dc->devid_size,
   sc->sc_info.devid, sizeof (sc->sc_info.devid));
umb_getinfobuf(data, len, dc->fwinfo_offs, dc->fwinfo_size,
   sc->sc_info.fwinfo, sizeof (sc->sc_info.fwinfo));
umb_getinfobuf(data, len, dc->hwinfo_offs, dc->hwinfo_size,
   sc->sc_info.hwinfo, sizeof (sc->sc_info.hwinfo));
DPRINTFN(2, "%s: max sessions %d, supported classes 0x%x\n",do { } while (0)
   DEVNAM(sc), sc->sc_maxsessions, sc->sc_info.supportedclasses)do { } while (0);
return 1;
1539}

1541int
1542umb_decode_subscriber_status(struct umb_softc *sc, void *data, int len)
1543{
struct mbim_cid_subscriber_ready_info *si = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	npn;

if (len < sizeof (*si))
return 0;
sc->sc_info.sim_state = letoh32(si->ready)((__uint32_t)(si->ready));

umb_getinfobuf(data, len, si->sid_offs, si->sid_size,
   sc->sc_info.sid, sizeof (sc->sc_info.sid));
umb_getinfobuf(data, len, si->icc_offs, si->icc_size,
   sc->sc_info.iccid, sizeof (sc->sc_info.iccid));

npn = letoh32(si->no_pn)((__uint32_t)(si->no_pn));
if (npn > 0)
umb_getinfobuf(data, len, si->pn[0].offs, si->pn[0].size,
    sc->sc_info.pn, sizeof (sc->sc_info.pn));
else
memset(sc->sc_info.pn, 0, sizeof (sc->sc_info.pn))__builtin_memset((sc->sc_info.pn), (0), (sizeof (sc->sc_info
.pn)));

if (sc->sc_info.sim_state == MBIM_SIMSTATE_LOCKED6)
sc->sc_info.pin_state = UMB_PUK_REQUIRED2;
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_INFO6, "%s: SIM %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
    umb_simstate(sc->sc_info.sim_state)umb_val2descr(umb_simstate, (sc->sc_info.sim_state)));
if (sc->sc_info.sim_state == MBIM_SIMSTATE_INITIALIZED1)
umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_DROP0x0001);
return 1;
1572}

1574int
1575umb_decode_radio_state(struct umb_softc *sc, void *data, int len)
1576{
struct mbim_cid_radio_state_info *rs = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*rs))
return 0;

sc->sc_info.hw_radio_on =
   (letoh32(rs->hw_state)((__uint32_t)(rs->hw_state)) == MBIM_RADIO_STATE_ON1) ? 1 : 0;
sc->sc_info.sw_radio_on =
   (letoh32(rs->sw_state)((__uint32_t)(rs->sw_state)) == MBIM_RADIO_STATE_ON1) ? 1 : 0;
if (!sc->sc_info.hw_radio_on) {
printf("%s: radio is disabled by hardware switch\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
/*
 * XXX do we need a time to poll the state of the rfkill switch
 *	or will the device send an unsolicited notification
 *	in case the state changes?
 */
umb_newstate(sc, UMB_S_OPEN, 0);
} else if (!sc->sc_info.sw_radio_on) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: radio is off\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_newstate(sc, UMB_S_OPEN, 0);
} else
umb_newstate(sc, UMB_S_RADIO, UMB_NS_DONT_DROP0x0001);
return 1;
1603}

1605int
1606umb_decode_pin(struct umb_softc *sc, void *data, int len)
1607{
struct mbim_cid_pin_info *pi = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t	attempts_left;

if (len < sizeof (*pi))
return 0;

attempts_left = letoh32(pi->remaining_attempts)((__uint32_t)(pi->remaining_attempts));
if (attempts_left != 0xffffffff)
sc->sc_info.pin_attempts_left = attempts_left;

switch (letoh32(pi->state)((__uint32_t)(pi->state))) {
case MBIM_PIN_STATE_UNLOCKED0:
sc->sc_info.pin_state = UMB_PIN_UNLOCKED1;
break;
case MBIM_PIN_STATE_LOCKED1:
switch (letoh32(pi->type)((__uint32_t)(pi->type))) {
case MBIM_PIN_TYPE_PIN12:
	sc->sc_info.pin_state = UMB_PIN_REQUIRED0;
	break;
case MBIM_PIN_TYPE_PUK111:
	sc->sc_info.pin_state = UMB_PUK_REQUIRED2;
	break;
case MBIM_PIN_TYPE_PIN23:
case MBIM_PIN_TYPE_PUK212:
	/* Assume that PIN1 was accepted */
	sc->sc_info.pin_state = UMB_PIN_UNLOCKED1;
	break;
}
break;
}
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_INFO6, "%s: %s state %s (%d attempts left)\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), umb_pin_type(letoh32(pi->type))umb_val2descr(umb_pintype, (((__uint32_t)(pi->type)))),
    (letoh32(pi->state)((__uint32_t)(pi->state)) == MBIM_PIN_STATE_UNLOCKED0) ?
	"unlocked" : "locked",
    letoh32(pi->remaining_attempts)((__uint32_t)(pi->remaining_attempts)));

/*
* In case the PIN was set after IFF_UP, retrigger the state machine
*/
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
return 1;
1651}

1653int
1654umb_decode_packet_service(struct umb_softc *sc, void *data, int len)
1655{
struct mbim_cid_packet_service_info *psi = data;
int	 state, highestclass;
uint64_t up_speed, down_speed;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (len < sizeof (*psi))
return 0;

sc->sc_info.nwerror = letoh32(psi->nwerror)((__uint32_t)(psi->nwerror));
state = letoh32(psi->state)((__uint32_t)(psi->state));
highestclass = letoh32(psi->highest_dataclass)((__uint32_t)(psi->highest_dataclass));
up_speed = letoh64(psi->uplink_speed)((__uint64_t)(psi->uplink_speed));
down_speed = letoh64(psi->downlink_speed)((__uint64_t)(psi->downlink_speed));
if (sc->sc_info.packetstate  != state ||
   sc->sc_info.uplink_speed != up_speed ||
   sc->sc_info.downlink_speed != down_speed) {
if (ifp->if_flags & IFF_DEBUG0x4) {
	log(LOG_INFO6, "%s: packet service ", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	if (sc->sc_info.packetstate  != state)
		addlog("changed from %s to ",
		    umb_packet_state(sc->sc_info.packetstate)umb_val2descr(umb_pktstate, (sc->sc_info.packetstate)));
	addlog("%s, class %s, speed: %llu up / %llu down\n",
	    umb_packet_state(state)umb_val2descr(umb_pktstate, (state)), 
	    umb_dataclass(highestclass)umb_val2descr(umb_dataclasses, (highestclass)), up_speed, down_speed);
}
}
sc->sc_info.packetstate = state;
sc->sc_info.highestclass = highestclass;
sc->sc_info.uplink_speed = up_speed;
sc->sc_info.downlink_speed = down_speed;

if (sc->sc_info.regmode == MBIM_REGMODE_AUTOMATIC1) {
/*
 * For devices using automatic registration mode, just proceed,
 * once registration has completed.
 */
if (ifp->if_flags & IFF_UP0x1) {
	switch (sc->sc_info.regstate) {
	case MBIM_REGSTATE_HOME3:
	case MBIM_REGSTATE_ROAMING4:
	case MBIM_REGSTATE_PARTNER5:
		umb_newstate(sc, UMB_S_ATTACHED,
		    UMB_NS_DONT_DROP0x0001);
		break;
	default:
		break;
	}
} else
	umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE0x0002);
} else switch (sc->sc_info.packetstate) {
case MBIM_PKTSERVICE_STATE_ATTACHED2:
umb_newstate(sc, UMB_S_ATTACHED, UMB_NS_DONT_DROP0x0001);
break;
case MBIM_PKTSERVICE_STATE_DETACHED4:
umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE0x0002);
break;
}
return 1;
1714}

1716int
1717umb_decode_signal_state(struct umb_softc *sc, void *data, int len)
1718{
struct mbim_cid_signal_state *ss = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 rssi;

if (len < sizeof (*ss))
return 0;

if (letoh32(ss->rssi)((__uint32_t)(ss->rssi)) == 99)
rssi = UMB_VALUE_UNKNOWN-999;
else {
rssi = -113 + 2 * letoh32(ss->rssi)((__uint32_t)(ss->rssi));
if ((ifp->if_flags & IFF_DEBUG0x4) && sc->sc_info.rssi != rssi &&
    sc->sc_statesc_info.state >= UMB_S_CONNECTED)
	log(LOG_INFO6, "%s: rssi %d dBm\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), rssi);
}
sc->sc_info.rssi = rssi;
sc->sc_info.ber = letoh32(ss->err_rate)((__uint32_t)(ss->err_rate));
if (sc->sc_info.ber == -99)
sc->sc_info.ber = UMB_VALUE_UNKNOWN-999;
return 1;
1739}

1741int
1742umb_decode_connect_info(struct umb_softc *sc, void *data, int len)
1743{
struct mbim_cid_connect_info *ci = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 act;

if (len < sizeof (*ci))
return 0;

if (letoh32(ci->sessionid)((__uint32_t)(ci->sessionid)) != umb_session_id) {
DPRINTF("%s: discard connection info for session %u\n",do { } while (0)
    DEVNAM(sc), letoh32(ci->sessionid))do { } while (0);
return 1;
}
if (memcmp(ci->context, umb_uuid_context_internet,__builtin_memcmp((ci->context), (umb_uuid_context_internet
), (sizeof (ci->context)))
   sizeof (ci->context))__builtin_memcmp((ci->context), (umb_uuid_context_internet
), (sizeof (ci->context)))) {
DPRINTF("%s: discard connection info for other context\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
return 1;
}
act = letoh32(ci->activation)((__uint32_t)(ci->activation));
if (sc->sc_info.activation != act) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: connection %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    umb_activation(act)umb_val2descr(umb_actstate, (act)));

sc->sc_info.activation = act;
sc->sc_info.nwerror = letoh32(ci->nwerror)((__uint32_t)(ci->nwerror));

if (sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED1)
	umb_newstate(sc, UMB_S_CONNECTED, UMB_NS_DONT_DROP0x0001);
else if (sc->sc_info.activation ==
    MBIM_ACTIVATION_STATE_DEACTIVATED3)
	umb_newstate(sc, UMB_S_ATTACHED, 0);
/* else: other states are purely transitional */
}
return 1;
1779}

1781void
1782umb_clear_addr(struct umb_softc *sc)
1783{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
memset(sc->sc_info.ipv6dns, 0, sizeof (sc->sc_info.ipv6dns))__builtin_memset((sc->sc_info.ipv6dns), (0), (sizeof (sc->
sc_info.ipv6dns)));
umb_send_inet_proposal(sc, AF_INET2);
1789#ifdef INET61
umb_send_inet_proposal(sc, AF_INET624);
1791#endif
NET_LOCK()do { rw_enter_write(&netlock); } while (0);
in_ifdetach(ifp);
1794#ifdef INET61
in6_ifdetach(ifp);
1796#endif
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
1798}

1800int
1801umb_add_inet_config(struct umb_softc *sc, struct in_addr ip, u_int prefixlen,
  struct in_addr gw)
1803{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct in_aliasreq ifra;
struct sockaddr_in *sin, default_sin;
struct rt_addrinfo info;
struct rtentry *rt;
int	 rv;

memset(&ifra, 0, sizeof (ifra))__builtin_memset((&ifra), (0), (sizeof (ifra)));
sin = &ifra.ifra_addrifra_ifrau.ifrau_addr;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
sin->sin_addr = ip;

sin = &ifra.ifra_dstaddr;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
sin->sin_addr = gw;

sin = &ifra.ifra_mask;
sin->sin_family = AF_INET2;
sin->sin_len = sizeof (*sin);
in_len2mask(&sin->sin_addr, prefixlen);

rv = in_ioctl(SIOCAIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifaliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))), (caddr_t)&ifra, ifp, 1);
if (rv != 0) {
printf("%s: unable to set IPv4 address, error %d\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
return rv;
}

memset(&default_sin, 0, sizeof(default_sin))__builtin_memset((&default_sin), (0), (sizeof(default_sin
)));
default_sin.sin_family = AF_INET2;
default_sin.sin_len = sizeof (default_sin);

memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));
info.rti_flags = RTF_GATEWAY0x2 /* maybe | RTF_STATIC */;
info.rti_ifa = ifa_ifwithaddr(sintosa(&ifra.ifra_addrifra_ifrau.ifrau_addr),
   ifp->if_rdomainif_data.ifi_rdomain);
info.rti_info[RTAX_DST0] = sintosa(&default_sin);
info.rti_info[RTAX_NETMASK2] = sintosa(&default_sin);
info.rti_info[RTAX_GATEWAY1] = sintosa(&ifra.ifra_dstaddr);

NET_LOCK()do { rw_enter_write(&netlock); } while (0);
rv = rtrequest(RTM_ADD0x1, &info, 0, &rt, ifp->if_rdomainif_data.ifi_rdomain);
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
if (rv) {
printf("%s: unable to set IPv4 default route, "
    "error %d\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
rtm_miss(RTM_MISS0x7, &info, 0, RTP_NONE0, 0, rv,
    ifp->if_rdomainif_data.ifi_rdomain);
} else {
/* Inform listeners of the new route */
rtm_send(rt, RTM_ADD0x1, rv, ifp->if_rdomainif_data.ifi_rdomain);
rtfree(rt);
}

if (ifp->if_flags & IFF_DEBUG0x4) {
char str[3][INET_ADDRSTRLEN16];
log(LOG_INFO6, "%s: IPv4 addr %s, mask %s, gateway %s\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
),
    sockaddr_ntop(sintosa(&ifra.ifra_addrifra_ifrau.ifrau_addr), str[0],
    sizeof(str[0])),
    sockaddr_ntop(sintosa(&ifra.ifra_mask), str[1],
    sizeof(str[1])),
    sockaddr_ntop(sintosa(&ifra.ifra_dstaddr), str[2],
    sizeof(str[2])));
}
return 0;
1872}

1874#ifdef INET61
1875int
1876umb_add_inet6_config(struct umb_softc *sc, struct in6_addr *ip, u_int prefixlen,
  struct in6_addr *gw)
1878{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct in6_aliasreq ifra;
struct sockaddr_in6 *sin6, default_sin6;
struct rt_addrinfo info;
struct rtentry *rt;
int	 rv;

memset(&ifra, 0, sizeof (ifra))__builtin_memset((&ifra), (0), (sizeof (ifra)));
sin6 = &ifra.ifra_addrifra_ifrau.ifrau_addr;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
memcpy(&sin6->sin6_addr, ip, sizeof (sin6->sin6_addr))__builtin_memcpy((&sin6->sin6_addr), (ip), (sizeof (sin6
->sin6_addr)));

sin6 = &ifra.ifra_dstaddr;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
memcpy(&sin6->sin6_addr, gw, sizeof (sin6->sin6_addr))__builtin_memcpy((&sin6->sin6_addr), (gw), (sizeof (sin6
->sin6_addr)));

/* XXX: in6_update_ifa() accepts only 128 bits for P2P interfaces. */
prefixlen = 128;

sin6 = &ifra.ifra_prefixmask;
sin6->sin6_family = AF_INET624;
sin6->sin6_len = sizeof (*sin6);
in6_prefixlen2mask(&sin6->sin6_addr, prefixlen);

ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME0xffffffff;
ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME0xffffffff;

rv = in6_ioctl(SIOCAIFADDR_IN6((unsigned long)0x80000000 | ((sizeof(struct in6_aliasreq) &
 0x1fff) << 16) | ((('i')) << 8) | ((26))), (caddr_t)&ifra, ifp, 1);
if (rv != 0) {
printf("%s: unable to set IPv6 address, error %d\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
return rv;
}

memset(&default_sin6, 0, sizeof(default_sin6))__builtin_memset((&default_sin6), (0), (sizeof(default_sin6
)));
default_sin6.sin6_family = AF_INET624;
default_sin6.sin6_len = sizeof (default_sin6);

memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));
info.rti_flags = RTF_GATEWAY0x2 /* maybe | RTF_STATIC */;
info.rti_ifa = ifa_ifwithaddr(sin6tosa(&ifra.ifra_addrifra_ifrau.ifrau_addr),
   ifp->if_rdomainif_data.ifi_rdomain);
info.rti_info[RTAX_DST0] = sin6tosa(&default_sin6);
info.rti_info[RTAX_NETMASK2] = sin6tosa(&default_sin6);
info.rti_info[RTAX_GATEWAY1] = sin6tosa(&ifra.ifra_dstaddr);

NET_LOCK()do { rw_enter_write(&netlock); } while (0);
rv = rtrequest(RTM_ADD0x1, &info, 0, &rt, ifp->if_rdomainif_data.ifi_rdomain);
NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
if (rv) {
printf("%s: unable to set IPv6 default route, "
    "error %d\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), rv);
rtm_miss(RTM_MISS0x7, &info, 0, RTP_NONE0, 0, rv,
    ifp->if_rdomainif_data.ifi_rdomain);
} else {
/* Inform listeners of the new route */
rtm_send(rt, RTM_ADD0x1, rv, ifp->if_rdomainif_data.ifi_rdomain);
rtfree(rt);
}

if (ifp->if_flags & IFF_DEBUG0x4) {
char str[3][INET6_ADDRSTRLEN46];
log(LOG_INFO6, "%s: IPv6 addr %s, mask %s, gateway %s\n",
    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
),
    sockaddr_ntop(sin6tosa(&ifra.ifra_addrifra_ifrau.ifrau_addr), str[0],
    sizeof(str[0])),
    sockaddr_ntop(sin6tosa(&ifra.ifra_prefixmask), str[1],
    sizeof(str[1])),
    sockaddr_ntop(sin6tosa(&ifra.ifra_dstaddr), str[2],
    sizeof(str[2])));
}
return 0;
1953}
1954#endif

1956void
1957umb_send_inet_proposal(struct umb_softc *sc, int af)
1958{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
struct sockaddr_rtdns rtdns;
struct rt_addrinfo info;
int i, flag = 0;
size_t sz = 0;

memset(&rtdns, 0, sizeof(rtdns))__builtin_memset((&rtdns), (0), (sizeof(rtdns)));
memset(&info, 0, sizeof(info))__builtin_memset((&info), (0), (sizeof(info)));

for (i = 0; i < UMB_MAX_DNSSRV2; i++) {
if (af == AF_INET2) {
	sz = sizeof (sc->sc_info.ipv4dns[i]);
	if (sc->sc_info.ipv4dns[i].s_addr == INADDR_ANY((u_int32_t) (__uint32_t)(__builtin_constant_p((u_int32_t)(0x00000000
)) ? (__uint32_t)(((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff) << 24 | ((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff00) << 8 | ((__uint32_t)((u_int32_t)(0x00000000)) &
 0xff0000) >> 8 | ((__uint32_t)((u_int32_t)(0x00000000)
) & 0xff000000) >> 24) : __swap32md((u_int32_t)(0x00000000
)))))
		break;
	memcpy(rtdns.sr_dns + i * sz, &sc->sc_info.ipv4dns[i],__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv4dns[i]), (sz))
	    sz)__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv4dns[i]), (sz));
	flag = RTF_UP0x1;
1976#ifdef INET61
} else if (af == AF_INET624) {
	sz = sizeof (sc->sc_info.ipv6dns[i]);
	if (IN6_ARE_ADDR_EQUAL(&sc->sc_info.ipv6dns[i],(__builtin_memcmp((&(&sc->sc_info.ipv6dns[i])->
__u6_addr.__u6_addr8[0]), (&(&in6addr_any)->__u6_addr
.__u6_addr8[0]), (sizeof(struct in6_addr))) == 0)
	    &in6addr_any)(__builtin_memcmp((&(&sc->sc_info.ipv6dns[i])->
__u6_addr.__u6_addr8[0]), (&(&in6addr_any)->__u6_addr
.__u6_addr8[0]), (sizeof(struct in6_addr))) == 0))
		break;
	memcpy(rtdns.sr_dns + i * sz, &sc->sc_info.ipv6dns[i],__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv6dns[i]), (sz))
	    sz)__builtin_memcpy((rtdns.sr_dns + i * sz), (&sc->sc_info
.ipv6dns[i]), (sz));
	flag = RTF_UP0x1;
1985#endif
}
}
rtdns.sr_family = af;
rtdns.sr_len = 2 + i * sz;
info.rti_info[RTAX_DNS12] = srtdnstosa(&rtdns);

rtm_proposal(ifp, &info, flag, RTP_PROPOSAL_UMB60);
1993}

1995int
1996umb_decode_ip_configuration(struct umb_softc *sc, void *data, int len)
1997{
struct mbim_cid_ip_configuration_info *ic = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
uint32_t avail_v4;
uint32_t val;
int	 n, i;
int	 off;
struct mbim_cid_ipv4_element ipv4elem;
struct in_addr addr, gw;
int	 state = -1;
int	 rv;
int	 hasmtu = 0;
2010#ifdef INET61
uint32_t avail_v6;
struct mbim_cid_ipv6_element ipv6elem;
struct in6_addr addr6, gw6;
2014#endif

if (len < sizeof (*ic))
return 0;
if (letoh32(ic->sessionid)((__uint32_t)(ic->sessionid)) != umb_session_id) {
DPRINTF("%s: ignore IP configuration for session id %d\n",do { } while (0)
    DEVNAM(sc), letoh32(ic->sessionid))do { } while (0);
return 0;
}
s = splnet()splraise(0x7);

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
memset(sc->sc_info.ipv6dns, 0, sizeof (sc->sc_info.ipv6dns))__builtin_memset((sc->sc_info.ipv6dns), (0), (sizeof (sc->
sc_info.ipv6dns)));

/*
* IPv4 configuration
*/
avail_v4 = letoh32(ic->ipv4_available)((__uint32_t)(ic->ipv4_available));
if ((avail_v4 & (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) ==
   (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) {
n = letoh32(ic->ipv4_naddr)((__uint32_t)(ic->ipv4_naddr));
off = letoh32(ic->ipv4_addroffs)((__uint32_t)(ic->ipv4_addroffs));

if (n == 0 || off + sizeof (ipv4elem) > len)
	goto tryv6;
if (n != 1 && ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: more than one IPv4 addr: %d\n",
	    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), n);

/* Only pick the first one */
memcpy(&ipv4elem, data + off, sizeof (ipv4elem))__builtin_memcpy((&ipv4elem), (data + off), (sizeof (ipv4elem
)));
ipv4elem.prefixlen = letoh32(ipv4elem.prefixlen)((__uint32_t)(ipv4elem.prefixlen));
addr.s_addr = ipv4elem.addr;

off = letoh32(ic->ipv4_gwoffs)((__uint32_t)(ic->ipv4_gwoffs));
if (off + sizeof (gw) > len)
	goto done;
memcpy(&gw, data + off, sizeof(gw))__builtin_memcpy((&gw), (data + off), (sizeof(gw)));

rv = umb_add_inet_config(sc, addr, ipv4elem.prefixlen, gw);
if (rv == 0) 
	state = UMB_S_UP;

}

memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns))__builtin_memset((sc->sc_info.ipv4dns), (0), (sizeof (sc->
sc_info.ipv4dns)));
if (avail_v4 & MBIM_IPCONF_HAS_DNSINFO0x0004) {
n = letoh32(ic->ipv4_ndnssrv)((__uint32_t)(ic->ipv4_ndnssrv));
off = letoh32(ic->ipv4_dnssrvoffs)((__uint32_t)(ic->ipv4_dnssrvoffs));
i = 0;
while (n-- > 0) {
	if (off + sizeof (addr) > len)
		break;
	memcpy(&addr, data + off, sizeof(addr))__builtin_memcpy((&addr), (data + off), (sizeof(addr)));
	if (i < UMB_MAX_DNSSRV2)
		sc->sc_info.ipv4dns[i++] = addr;
	off += sizeof(addr);
	if (ifp->if_flags & IFF_DEBUG0x4) {
		char str[INET_ADDRSTRLEN16];
		log(LOG_INFO6, "%s: IPv4 nameserver %s\n",
		    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), inet_ntop(AF_INET2,
		    &addr, str, sizeof(str)));
	}
}
umb_send_inet_proposal(sc, AF_INET2);
}
if ((avail_v4 & MBIM_IPCONF_HAS_MTUINFO0x0008)) {
val = letoh32(ic->ipv4_mtu)((__uint32_t)(ic->ipv4_mtu));
if (ifp->if_hardmtu != val && val <= sc->sc_maxpktlen) {
	hasmtu = 1;
	ifp->if_hardmtu = val;
	if (ifp->if_mtuif_data.ifi_mtu > val)
		ifp->if_mtuif_data.ifi_mtu = val;
}
}

2090tryv6:;
2091#ifdef INET61
/*
* IPv6 configuration
*/
avail_v6 = letoh32(ic->ipv6_available)((__uint32_t)(ic->ipv6_available));
if (avail_v6 == 0) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: ISP or WWAN module offers no IPv6 "
	    "support\n", DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
));
goto done;
}

if ((avail_v6 & (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) ==
   (MBIM_IPCONF_HAS_ADDRINFO0x0001 | MBIM_IPCONF_HAS_GWINFO0x0002)) {
n = letoh32(ic->ipv6_naddr)((__uint32_t)(ic->ipv6_naddr));
off = letoh32(ic->ipv6_addroffs)((__uint32_t)(ic->ipv6_addroffs));

if (n == 0 || off + sizeof (ipv6elem) > len)
	goto done;
if (n != 1 && ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_INFO6, "%s: more than one IPv6 addr: %d\n",
	    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), n);

/* Only pick the first one */
memcpy(&ipv6elem, data + off, sizeof (ipv6elem))__builtin_memcpy((&ipv6elem), (data + off), (sizeof (ipv6elem
)));
memcpy(&addr6, ipv6elem.addr, sizeof (addr6))__builtin_memcpy((&addr6), (ipv6elem.addr), (sizeof (addr6
)));

off = letoh32(ic->ipv6_gwoffs)((__uint32_t)(ic->ipv6_gwoffs));
if (off + sizeof (gw6) > len)
	goto done;
memcpy(&gw6, data + off, sizeof (gw6))__builtin_memcpy((&gw6), (data + off), (sizeof (gw6)));

rv = umb_add_inet6_config(sc, &addr6, ipv6elem.prefixlen, &gw6);
if (rv == 0)
	state = UMB_S_UP;
}

if (avail_v6 & MBIM_IPCONF_HAS_DNSINFO0x0004) {
n = letoh32(ic->ipv6_ndnssrv)((__uint32_t)(ic->ipv6_ndnssrv));
off = letoh32(ic->ipv6_dnssrvoffs)((__uint32_t)(ic->ipv6_dnssrvoffs));
i = 0;
while (n-- > 0) {
	if (off + sizeof (addr6) > len)
		break;
	memcpy(&addr6, data + off, sizeof(addr6))__builtin_memcpy((&addr6), (data + off), (sizeof(addr6)));
	if (i < UMB_MAX_DNSSRV2)
		sc->sc_info.ipv6dns[i++] = addr6;
	off += sizeof(addr6);
	if (ifp->if_flags & IFF_DEBUG0x4) {
		char str[INET6_ADDRSTRLEN46];
		log(LOG_INFO6, "%s: IPv6 nameserver %s\n",
		    DEVNAM(ifp->if_softc)(((struct umb_softc *)(ifp->if_softc))->sc_dev.dv_xname
), inet_ntop(AF_INET624,
		    &addr6, str, sizeof(str)));
	}
}
umb_send_inet_proposal(sc, AF_INET624);
}

if ((avail_v6 & MBIM_IPCONF_HAS_MTUINFO0x0008)) {
val = letoh32(ic->ipv6_mtu)((__uint32_t)(ic->ipv6_mtu));
if (ifp->if_hardmtu != val && val <= sc->sc_maxpktlen) {
	hasmtu = 1;
	ifp->if_hardmtu = val;
	if (ifp->if_mtuif_data.ifi_mtu > val)
		ifp->if_mtuif_data.ifi_mtu = val;
}
}
2158#endif

2160done:
if (hasmtu && (ifp->if_flags & IFF_DEBUG0x4))
log(LOG_INFO6, "%s: MTU %d\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), ifp->if_hardmtu);

if (state != -1)
umb_newstate(sc, state, 0);

splx(s)spllower(s);
return 1;
2169}

2171void
2172umb_rx(struct umb_softc *sc)
2173{
usbd_setup_xfer(sc->sc_rx_xfer, sc->sc_rx_pipe, sc, sc->sc_rx_buf,
   sc->sc_rx_bufsz, USBD_SHORT_XFER_OK0x04 | USBD_NO_COPY0x01,
   USBD_NO_TIMEOUT0, umb_rxeof);
usbd_transfer(sc->sc_rx_xfer);
2178}

2180void
2181umb_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2182{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (usbd_is_dying(sc->sc_udev) || !(ifp->if_flags & IFF_RUNNING0x40))
return;

if (status != USBD_NORMAL_COMPLETION) {
if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
	return;
DPRINTF("%s: rx error: %s\n", DEVNAM(sc), usbd_errstr(status))do { } while (0);
if (status == USBD_STALLED)
	usbd_clear_endpoint_stall_async(sc->sc_rx_pipe);
if (++sc->sc_rx_nerr > 100) {
	log(LOG_ERR3, "%s: too many rx errors, disabling\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
	usbd_deactivate(sc->sc_udev);
}
} else {
sc->sc_rx_nerr = 0;
umb_decap(sc, xfer);
}

umb_rx(sc);
return;
2207}

2209int
2210umb_encap(struct umb_softc *sc, int ndgram)
2211{
struct ncm_header16 *hdr16 = NULL((void *)0);
struct ncm_header32 *hdr32 = NULL((void *)0);
struct ncm_pointer16 *ptr16 = NULL((void *)0);
struct ncm_pointer32 *ptr32 = NULL((void *)0);
struct ncm_pointer16_dgram *dgram16 = NULL((void *)0);
struct ncm_pointer32_dgram *dgram32 = NULL((void *)0);
int	 offs = 0, plen = 0;
int	 dgoffs = 0, poffs;
struct mbuf *m;
usbd_status  err;

/* All size constraints have been validated by the caller! */

/* NCM Header */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
hdr16 = sc->sc_tx_buf;
USETDW(hdr16->dwSignature, NCM_HDR16_SIG)(*(u_int32_t *)(hdr16->dwSignature) = (0x484d434e));
USETW(hdr16->wHeaderLength, sizeof (*hdr16))(*(u_int16_t *)(hdr16->wHeaderLength) = (sizeof (*hdr16)));
USETW(hdr16->wSequence, sc->sc_tx_seq)(*(u_int16_t *)(hdr16->wSequence) = (sc->sc_tx_seq));
USETW(hdr16->wBlockLength, 0)(*(u_int16_t *)(hdr16->wBlockLength) = (0));
offs = sizeof (*hdr16);
break;
case NCM_FORMAT_NTB320x01:
hdr32 = sc->sc_tx_buf;
USETDW(hdr32->dwSignature, NCM_HDR32_SIG)(*(u_int32_t *)(hdr32->dwSignature) = (0x686d636e));
USETW(hdr32->wHeaderLength, sizeof (*hdr32))(*(u_int16_t *)(hdr32->wHeaderLength) = (sizeof (*hdr32)));
USETW(hdr32->wSequence, sc->sc_tx_seq)(*(u_int16_t *)(hdr32->wSequence) = (sc->sc_tx_seq));
USETDW(hdr32->dwBlockLength, 0)(*(u_int32_t *)(hdr32->dwBlockLength) = (0));
offs = sizeof (*hdr32);
break;
}
offs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz, offs,
   sc->sc_align, 0);

if (sc->sc_flags & UMBFLG_NDP_AT_END0x0004) {
dgoffs = offs;

/*
 * Calculate space needed for datagrams.
 *
 * XXX cannot use ml_len(&sc->sc_tx_ml), since it ignores
 *	the padding requirements.
 */
poffs = dgoffs;
MBUF_LIST_FOREACH(&sc->sc_tx_ml, m)for ((m) = ((&sc->sc_tx_ml)->ml_head); (m) != ((void
 *)0); (m) = ((m)->m_hdr.mh_nextpkt)) {
	poffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz,
	    poffs, sc->sc_ndp_div, sc->sc_ndp_remainder);
	poffs += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
}
poffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz,
    poffs, sc->sc_ndp_div, sc->sc_ndp_remainder);
} else
poffs = offs;

/* NCM Pointer */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
USETW(hdr16->wNdpIndex, poffs)(*(u_int16_t *)(hdr16->wNdpIndex) = (poffs));
ptr16 = (struct ncm_pointer16 *)(sc->sc_tx_buf + poffs);
plen = sizeof(*ptr16) + ndgram * sizeof(*dgram16);
USETDW(ptr16->dwSignature, MBIM_NCM_NTH16_SIG(umb_session_id))(*(u_int32_t *)(ptr16->dwSignature) = (((((umb_session_id)
 & 0xff) << 24) | 0x00535049)));
USETW(ptr16->wLength, plen)(*(u_int16_t *)(ptr16->wLength) = (plen));
USETW(ptr16->wNextNdpIndex, 0)(*(u_int16_t *)(ptr16->wNextNdpIndex) = (0));
dgram16 = ptr16->dgram;
break;
case NCM_FORMAT_NTB320x01:
USETDW(hdr32->dwNdpIndex, poffs)(*(u_int32_t *)(hdr32->dwNdpIndex) = (poffs));
ptr32 = (struct ncm_pointer32 *)(sc->sc_tx_buf + poffs);
plen = sizeof(*ptr32) + ndgram * sizeof(*dgram32);
USETDW(ptr32->dwSignature, MBIM_NCM_NTH32_SIG(umb_session_id))(*(u_int32_t *)(ptr32->dwSignature) = (((((umb_session_id)
 & 0xff) << 24) | 0x00737069)));
USETW(ptr32->wLength, plen)(*(u_int16_t *)(ptr32->wLength) = (plen));
USETW(ptr32->wReserved6, 0)(*(u_int16_t *)(ptr32->wReserved6) = (0));
USETDW(ptr32->dwNextNdpIndex, 0)(*(u_int32_t *)(ptr32->dwNextNdpIndex) = (0));
USETDW(ptr32->dwReserved12, 0)(*(u_int32_t *)(ptr32->dwReserved12) = (0));
dgram32 = ptr32->dgram;
break;
}

if (!(sc->sc_flags & UMBFLG_NDP_AT_END0x0004))
dgoffs = offs + plen;

/* Encap mbufs to NCM dgrams */
sc->sc_tx_seq++;
while ((m = ml_dequeue(&sc->sc_tx_ml)) != NULL((void *)0)) {
dgoffs += umb_padding(sc->sc_tx_buf, sc->sc_tx_bufsz, dgoffs,
    sc->sc_ndp_div, sc->sc_ndp_remainder);
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
	USETW(dgram16->wDatagramIndex, dgoffs)(*(u_int16_t *)(dgram16->wDatagramIndex) = (dgoffs));
	USETW(dgram16->wDatagramLen, m->m_pkthdr.len)(*(u_int16_t *)(dgram16->wDatagramLen) = (m->M_dat.MH.MH_pkthdr
.len));
	dgram16++;
	break;
case NCM_FORMAT_NTB320x01:
	USETDW(dgram32->dwDatagramIndex, dgoffs)(*(u_int32_t *)(dgram32->dwDatagramIndex) = (dgoffs));
	USETDW(dgram32->dwDatagramLen, m->m_pkthdr.len)(*(u_int32_t *)(dgram32->dwDatagramLen) = (m->M_dat.MH.
MH_pkthdr.len));
	dgram32++;
	break;
}
m_copydata(m, 0, m->m_pkthdrM_dat.MH.MH_pkthdr.len, sc->sc_tx_buf + dgoffs);
dgoffs += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
m_freem(m);
}

if (sc->sc_flags & UMBFLG_NDP_AT_END0x0004)
offs = poffs + plen;
else
offs = dgoffs;

/* Terminating pointer and datagram size */
switch (sc->sc_ncm_format) {
case NCM_FORMAT_NTB160x00:
USETW(dgram16->wDatagramIndex, 0)(*(u_int16_t *)(dgram16->wDatagramIndex) = (0));
USETW(dgram16->wDatagramLen, 0)(*(u_int16_t *)(dgram16->wDatagramLen) = (0));
USETW(hdr16->wBlockLength, offs)(*(u_int16_t *)(hdr16->wBlockLength) = (offs));
KASSERT(dgram16 - ptr16->dgram == ndgram)((dgram16 - ptr16->dgram == ndgram) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2327, "dgram16 - ptr16->dgram == ndgram"
));
break;
case NCM_FORMAT_NTB320x01:
USETDW(dgram32->dwDatagramIndex, 0)(*(u_int32_t *)(dgram32->dwDatagramIndex) = (0));
USETDW(dgram32->dwDatagramLen, 0)(*(u_int32_t *)(dgram32->dwDatagramLen) = (0));
USETDW(hdr32->dwBlockLength, offs)(*(u_int32_t *)(hdr32->dwBlockLength) = (offs));
KASSERT(dgram32 - ptr32->dgram == ndgram)((dgram32 - ptr32->dgram == ndgram) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2333, "dgram32 - ptr32->dgram == ndgram"
));
break;
}

DPRINTFN(3, "%s: encap %d bytes\n", DEVNAM(sc), offs)do { } while (0);
DDUMPN(5, sc->sc_tx_buf, offs)do { } while (0);
KASSERT(offs <= sc->sc_tx_bufsz)((offs <= sc->sc_tx_bufsz) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/dev/usb/if_umb.c", 2339, "offs <= sc->sc_tx_bufsz"
));

usbd_setup_xfer(sc->sc_tx_xfer, sc->sc_tx_pipe, sc, sc->sc_tx_buf, offs,
   USBD_FORCE_SHORT_XFER0x08 | USBD_NO_COPY0x01, umb_xfer_tout, umb_txeof);
err = usbd_transfer(sc->sc_tx_xfer);
if (err != USBD_IN_PROGRESS) {
DPRINTF("%s: start tx error: %s\n", DEVNAM(sc),do { } while (0)
    usbd_errstr(err))do { } while (0);
ml_purge(&sc->sc_tx_ml);
return 0;
}
return 1;
2351}

2353void
2354umb_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
2355{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;

s = splnet()splraise(0x7);
ml_purge(&sc->sc_tx_ml);
ifq_clr_oactive(&ifp->if_snd);
ifp->if_timer = 0;

if (status != USBD_NORMAL_COMPLETION) {
1
Assuming 'status' is equal to USBD_NORMAL_COMPLETION→
2
←
Taking false branch→
if (status != USBD_NOT_STARTED && status != USBD_CANCELLED) {
	ifp->if_oerrorsif_data.ifi_oerrors++;
	DPRINTF("%s: tx error: %s\n", DEVNAM(sc),do { } while (0)
	    usbd_errstr(status))do { } while (0);
	if (status == USBD_STALLED)
		usbd_clear_endpoint_stall_async(sc->sc_tx_pipe);
}
}
if (ifq_empty(&ifp->if_snd)(((&ifp->if_snd)->ifq_len) == 0) == 0)
3
←
Assuming field 'ifq_len' is not equal to 0→
4
←
Taking true branch→
umb_start(ifp);
5
←
Calling 'umb_start'→

splx(s)spllower(s);
2378}

2380void
2381umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer)
2382{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 s;
void	*buf;
uint32_t len, af = 0;
char	*dp;
struct ncm_header16 *hdr16;
struct ncm_header32 *hdr32;
struct ncm_pointer16 *ptr16;
struct ncm_pointer16_dgram *dgram16;
struct ncm_pointer32_dgram *dgram32;
uint32_t hsig, psig;
int	 blen;
int	 ptrlen, ptroff, dgentryoff;
uint32_t doff, dlen;
struct mbuf_list ml = MBUF_LIST_INITIALIZER(){ ((void *)0), ((void *)0), 0 };
struct mbuf *m;

usbd_get_xfer_status(xfer, NULL((void *)0), &buf, &len, NULL((void *)0));
DPRINTFN(4, "%s: recv %d bytes\n", DEVNAM(sc), len)do { } while (0);
DDUMPN(5, buf, len)do { } while (0);
s = splnet()splraise(0x7);
if (len < sizeof (*hdr16))
goto toosmall;

hdr16 = (struct ncm_header16 *)buf;
hsig = UGETDW(hdr16->dwSignature)(*(u_int32_t *)(hdr16->dwSignature));

switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
blen = UGETW(hdr16->wBlockLength)(*(u_int16_t *)(hdr16->wBlockLength));
ptroff = UGETW(hdr16->wNdpIndex)(*(u_int16_t *)(hdr16->wNdpIndex));
if (UGETW(hdr16->wHeaderLength)(*(u_int16_t *)(hdr16->wHeaderLength)) != sizeof (*hdr16)) {
	DPRINTF("%s: bad header len %d for NTH16 (exp %zu)\n",do { } while (0)
	    DEVNAM(sc), UGETW(hdr16->wHeaderLength),do { } while (0)
	    sizeof (*hdr16))do { } while (0);
	goto fail;
}
break;
case NCM_HDR32_SIG0x686d636e:
if (len < sizeof (*hdr32))
	goto toosmall;
hdr32 = (struct ncm_header32 *)hdr16;
blen = UGETDW(hdr32->dwBlockLength)(*(u_int32_t *)(hdr32->dwBlockLength));
ptroff = UGETDW(hdr32->dwNdpIndex)(*(u_int32_t *)(hdr32->dwNdpIndex));
if (UGETW(hdr32->wHeaderLength)(*(u_int16_t *)(hdr32->wHeaderLength)) != sizeof (*hdr32)) {
	DPRINTF("%s: bad header len %d for NTH32 (exp %zu)\n",do { } while (0)
	    DEVNAM(sc), UGETW(hdr32->wHeaderLength),do { } while (0)
	    sizeof (*hdr32))do { } while (0);
	goto fail;
}
break;
default:
DPRINTF("%s: unsupported NCM header signature (0x%08x)\n",do { } while (0)
    DEVNAM(sc), hsig)do { } while (0);
goto fail;
}
if (blen != 0 && len < blen) {
DPRINTF("%s: bad NTB len (%d) for %d bytes of data\n",do { } while (0)
    DEVNAM(sc), blen, len)do { } while (0);
goto fail;
}

ptr16 = (struct ncm_pointer16 *)(buf + ptroff);
psig = UGETDW(ptr16->dwSignature)(*(u_int32_t *)(ptr16->dwSignature));
ptrlen = UGETW(ptr16->wLength)(*(u_int16_t *)(ptr16->wLength));
if (len < ptrlen + ptroff)
goto toosmall;
if (!MBIM_NCM_NTH16_ISISG(psig)(((psig) & 0x00ffffff) == 0x00535049) && !MBIM_NCM_NTH32_ISISG(psig)(((psig) & 0x00ffffff) == 0x00737069)) {
DPRINTF("%s: unsupported NCM pointer signature (0x%08x)\n",do { } while (0)
    DEVNAM(sc), psig)do { } while (0);
goto fail;
}

switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
dgentryoff = offsetof(struct ncm_pointer16, dgram)__builtin_offsetof(struct ncm_pointer16, dgram);
break;
case NCM_HDR32_SIG0x686d636e:
dgentryoff = offsetof(struct ncm_pointer32, dgram)__builtin_offsetof(struct ncm_pointer32, dgram);
break;
default:
goto fail;
}

while (dgentryoff < ptrlen) {
switch (hsig) {
case NCM_HDR16_SIG0x484d434e:
	if (ptroff + dgentryoff < sizeof (*dgram16))
		goto done;
	dgram16 = (struct ncm_pointer16_dgram *)
	    (buf + ptroff + dgentryoff);
	dgentryoff += sizeof (*dgram16);
	dlen = UGETW(dgram16->wDatagramLen)(*(u_int16_t *)(dgram16->wDatagramLen));
	doff = UGETW(dgram16->wDatagramIndex)(*(u_int16_t *)(dgram16->wDatagramIndex));
	break;
case NCM_HDR32_SIG0x686d636e:
	if (ptroff + dgentryoff < sizeof (*dgram32))
		goto done;
	dgram32 = (struct ncm_pointer32_dgram *)
	    (buf + ptroff + dgentryoff);
	dgentryoff += sizeof (*dgram32);
	dlen = UGETDW(dgram32->dwDatagramLen)(*(u_int32_t *)(dgram32->dwDatagramLen));
	doff = UGETDW(dgram32->dwDatagramIndex)(*(u_int32_t *)(dgram32->dwDatagramIndex));
	break;
default:
	ifp->if_ierrorsif_data.ifi_ierrors++;
	goto done;
}

/* Terminating zero entry */
if (dlen == 0 || doff == 0)
	break;
if (len < dlen + doff) {
	/* Skip giant datagram but continue processing */
	DPRINTF("%s: datagram too large (%d @ off %d)\n",do { } while (0)
	    DEVNAM(sc), dlen, doff)do { } while (0);
	continue;
}

dp = buf + doff;
DPRINTFN(3, "%s: decap %d bytes\n", DEVNAM(sc), dlen)do { } while (0);
m = m_devget(dp, dlen, sizeof(uint32_t));
if (m == NULL((void *)0)) {
	ifp->if_iqdropsif_data.ifi_iqdrops++;
	continue;
}
m = m_prepend(m, sizeof(uint32_t), M_DONTWAIT0x0002);
if (m == NULL((void *)0)) {
	ifp->if_iqdropsif_data.ifi_iqdrops++;
	continue;
}
switch (*dp & 0xf0) {
case 4 << 4:
	af = htonl(AF_INET)(__uint32_t)(__builtin_constant_p(2) ? (__uint32_t)(((__uint32_t
)(2) & 0xff) << 24 | ((__uint32_t)(2) & 0xff00)
 << 8 | ((__uint32_t)(2) & 0xff0000) >> 8 | (
(__uint32_t)(2) & 0xff000000) >> 24) : __swap32md(2
));
	break;
case 6 << 4:
	af = htonl(AF_INET6)(__uint32_t)(__builtin_constant_p(24) ? (__uint32_t)(((__uint32_t
)(24) & 0xff) << 24 | ((__uint32_t)(24) & 0xff00
) << 8 | ((__uint32_t)(24) & 0xff0000) >> 8 |
 ((__uint32_t)(24) & 0xff000000) >> 24) : __swap32md
(24));
	break;
}
*mtod(m, uint32_t *)((uint32_t *)((m)->m_hdr.mh_data)) = af;
ml_enqueue(&ml, m);
}
2525done:
if_input(ifp, &ml);
splx(s)spllower(s);
return;
2529toosmall:
DPRINTF("%s: packet too small (%d)\n", DEVNAM(sc), len)do { } while (0);
2531fail:
ifp->if_ierrorsif_data.ifi_ierrors++;
splx(s)spllower(s);
2534}

2536usbd_status
2537umb_send_encap_command(struct umb_softc *sc, void *data, int len)
2538{
struct usbd_xfer *xfer;
usb_device_request_t req;
char *buf;

if (len > sc->sc_ctrl_len)
return USBD_INVAL;

if ((xfer = usbd_alloc_xfer(sc->sc_udev)) == NULL((void *)0))
return USBD_NOMEM;
if ((buf = usbd_alloc_buffer(xfer, len)) == NULL((void *)0)) {
usbd_free_xfer(xfer);
return USBD_NOMEM;
}
memcpy(buf, data, len)__builtin_memcpy((buf), (data), (len));

/* XXX FIXME: if (total len > sc->sc_ctrl_len) => must fragment */
req.bmRequestType = UT_WRITE_CLASS_INTERFACE(0x00 | 0x20 | 0x01);
req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND0x00;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, len)(*(u_int16_t *)(req.wLength) = (len));
DELAY(umb_delay)(*delay_func)(umb_delay);
return usbd_request_async(xfer, &req, NULL((void *)0), NULL((void *)0));
2562}

2564int
2565umb_get_encap_response(struct umb_softc *sc, void *buf, int *len)
2566{
usb_device_request_t req;
usbd_status err;

req.bmRequestType = UT_READ_CLASS_INTERFACE(0x80 | 0x20 | 0x01);
req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE0x01;
USETW(req.wValue, 0)(*(u_int16_t *)(req.wValue) = (0));
USETW(req.wIndex, sc->sc_ctrl_ifaceno)(*(u_int16_t *)(req.wIndex) = (sc->sc_ctrl_ifaceno));
USETW(req.wLength, *len)(*(u_int16_t *)(req.wLength) = (*len));
/* XXX FIXME: re-assemble fragments */

DELAY(umb_delay)(*delay_func)(umb_delay);
err = usbd_do_request_flags(sc->sc_udev, &req, buf, USBD_SHORT_XFER_OK0x04,
   len, umb_xfer_tout);
if (err == USBD_NORMAL_COMPLETION)
return 1;
DPRINTF("%s: ctrl recv: %s\n", DEVNAM(sc), usbd_errstr(err))do { } while (0);
return 0;
2584}

2586void
2587umb_ctrl_msg(struct umb_softc *sc, uint32_t req, void *data, int len)
2588{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t tid;
struct mbim_msghdr *hdr = data;
usbd_status err;
int	 s;

assertwaitok();
if (usbd_is_dying(sc->sc_udev))
return;
if (len < sizeof (*hdr))
return;
tid = ++sc->sc_tid;

hdr->type = htole32(req)((__uint32_t)(req));
hdr->len = htole32(len)((__uint32_t)(len));
hdr->tid = htole32(tid)((__uint32_t)(tid));

2606#ifdef UMB_DEBUG
if (umb_debug) {
const char *op, *str;
if (req == MBIM_COMMAND_MSG3U) {
	struct mbim_h2f_cmd *c = data;
	if (letoh32(c->op)((__uint32_t)(c->op)) == MBIM_CMDOP_SET1)
		op = "set";
	else
		op = "qry";
	str = umb_cid2str(letoh32(c->cid))umb_val2descr(umb_cids, (((__uint32_t)(c->cid))));
} else {
	op = "snd";
	str = umb_request2str(req)umb_val2descr(umb_messages, (req));
}
DPRINTF("%s: -> %s %s (tid %u)\n", DEVNAM(sc), op, str, tid)do { } while (0);
}
2622#endif
s = splusb()splraise(0x5);
err = umb_send_encap_command(sc, data, len);
splx(s)spllower(s);
if (err != USBD_NORMAL_COMPLETION) {
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: send %s msg (tid %u) failed: %s\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), umb_request2str(req)umb_val2descr(umb_messages, (req)), tid,
	    usbd_errstr(err));

/* will affect other transactions, too */
usbd_abort_pipe(sc->sc_udev->default_pipe);
} else {
DPRINTFN(2, "%s: sent %s (tid %u)\n", DEVNAM(sc),do { } while (0)
    umb_request2str(req), tid)do { } while (0);
DDUMPN(3, data, len)do { } while (0);
}
return;
2640}

2642void
2643umb_open(struct umb_softc *sc)
2644{
struct mbim_h2f_openmsg msg;

memset(&msg, 0, sizeof (msg))__builtin_memset((&msg), (0), (sizeof (msg)));
msg.maxlen = htole32(sc->sc_ctrl_len)((__uint32_t)(sc->sc_ctrl_len));
umb_ctrl_msg(sc, MBIM_OPEN_MSG1U, &msg, sizeof (msg));
return;
2651}

2653void
2654umb_close(struct umb_softc *sc)
2655{
struct mbim_h2f_closemsg msg;

memset(&msg, 0, sizeof (msg))__builtin_memset((&msg), (0), (sizeof (msg)));
umb_ctrl_msg(sc, MBIM_CLOSE_MSG2U, &msg, sizeof (msg));
2660}

2662int
2663umb_setpin(struct umb_softc *sc, int op, int is_puk, void *pin, int pinlen,
  void *newpin, int newpinlen)
2665{
struct mbim_cid_pin cp;
int	 off;

if (pinlen == 0)
return 0;
if (pinlen < 0 || pinlen > MBIM_PIN_MAXLEN32 ||
   newpinlen < 0 || newpinlen > MBIM_PIN_MAXLEN32 ||
   op < 0 || op > MBIM_PIN_OP_CHANGE3 ||
   (is_puk && op != MBIM_PIN_OP_ENTER0))
return EINVAL22;

memset(&cp, 0, sizeof (cp))__builtin_memset((&cp), (0), (sizeof (cp)));
cp.type = htole32(is_puk ? MBIM_PIN_TYPE_PUK1 : MBIM_PIN_TYPE_PIN1)((__uint32_t)(is_puk ? 11 : 2));

off = offsetof(struct mbim_cid_pin, data)__builtin_offsetof(struct mbim_cid_pin, data);
if (!umb_addstr(&cp, sizeof (cp), &off, pin, pinlen,
   &cp.pin_offs, &cp.pin_size))
return EINVAL22;

cp.op  = htole32(op)((__uint32_t)(op));
if (newpinlen) {
if (!umb_addstr(&cp, sizeof (cp), &off, newpin, newpinlen,
    &cp.newpin_offs, &cp.newpin_size))
	return EINVAL22;
} else {
if ((op == MBIM_PIN_OP_CHANGE3) || is_puk)
	return EINVAL22;
if (!umb_addstr(&cp, sizeof (cp), &off, NULL((void *)0), 0,
    &cp.newpin_offs, &cp.newpin_size))
	return EINVAL22;
}
umb_cmd(sc, MBIM_CID_PIN4, MBIM_CMDOP_SET1, &cp, off);
return 0;
2699}

2701void
2702umb_setdataclass(struct umb_softc *sc)
2703{
struct mbim_cid_registration_state rs;
uint32_t	 classes;

if (sc->sc_info.supportedclasses == MBIM_DATACLASS_NONE0x00000000)
return;

memset(&rs, 0, sizeof (rs))__builtin_memset((&rs), (0), (sizeof (rs)));
rs.regaction = htole32(MBIM_REGACTION_AUTOMATIC)((__uint32_t)(0));
classes = sc->sc_info.supportedclasses;
if (sc->sc_info.preferredclasses != MBIM_DATACLASS_NONE0x00000000)
classes &= sc->sc_info.preferredclasses;
rs.data_class = htole32(classes)((__uint32_t)(classes));
umb_cmd(sc, MBIM_CID_REGISTER_STATE9, MBIM_CMDOP_SET1, &rs, sizeof (rs));
2717}

2719void
2720umb_radio(struct umb_softc *sc, int on)
2721{
struct mbim_cid_radio_state s;

DPRINTF("%s: set radio %s\n", DEVNAM(sc), on ? "on" : "off")do { } while (0);
memset(&s, 0, sizeof (s))__builtin_memset((&s), (0), (sizeof (s)));
s.state = htole32(on ? MBIM_RADIO_STATE_ON : MBIM_RADIO_STATE_OFF)((__uint32_t)(on ? 1 : 0));
umb_cmd(sc, MBIM_CID_RADIO_STATE3, MBIM_CMDOP_SET1, &s, sizeof (s));
2728}

2730void
2731umb_allocate_cid(struct umb_softc *sc)
2732{
umb_cmd1(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_SET1,
   umb_qmi_alloc_cid, sizeof (umb_qmi_alloc_cid), umb_uuid_qmi_mbim);
2735}

2737void
2738umb_send_fcc_auth(struct umb_softc *sc)
2739{
uint8_t	 fccauth[sizeof (umb_qmi_fcc_auth)];

if (sc->sc_cid == -1) {
DPRINTF("%s: missing CID, cannot send FCC auth\n", DEVNAM(sc))do { } while (0);
umb_allocate_cid(sc);
return;
}
memcpy(fccauth, umb_qmi_fcc_auth, sizeof (fccauth))__builtin_memcpy((fccauth), (umb_qmi_fcc_auth), (sizeof (fccauth
)));
fccauth[UMB_QMI_CID_OFFS5] = sc->sc_cid;
umb_cmd1(sc, MBIM_CID_DEVICE_CAPS1, MBIM_CMDOP_SET1,
   fccauth, sizeof (fccauth), umb_uuid_qmi_mbim);
2751}

2753void
2754umb_packet_service(struct umb_softc *sc, int attach)
2755{
struct mbim_cid_packet_service	s;

DPRINTF("%s: %s packet service\n", DEVNAM(sc),do { } while (0)
   attach ? "attach" : "detach")do { } while (0);
memset(&s, 0, sizeof (s))__builtin_memset((&s), (0), (sizeof (s)));
s.action = htole32(attach ?((__uint32_t)(attach ? 0 : 1))
   MBIM_PKTSERVICE_ACTION_ATTACH : MBIM_PKTSERVICE_ACTION_DETACH)((__uint32_t)(attach ? 0 : 1));
umb_cmd(sc, MBIM_CID_PACKET_SERVICE10, MBIM_CMDOP_SET1, &s, sizeof (s));
2764}

2766void
2767umb_connect(struct umb_softc *sc)
2768{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING4 && !sc->sc_roamingsc_info.enable_roaming) {
log(LOG_INFO6, "%s: connection disabled in roaming network\n",
    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
return;
}
if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: connecting ...\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_send_connect(sc, MBIM_CONNECT_ACTIVATE1);
2779}

2781void
2782umb_disconnect(struct umb_softc *sc)
2783{
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);

if (ifp->if_flags & IFF_DEBUG0x4)
log(LOG_DEBUG7, "%s: disconnecting ...\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
umb_send_connect(sc, MBIM_CONNECT_DEACTIVATE0);
2789}

2791void
2792umb_send_connect(struct umb_softc *sc, int command)
2793{
struct mbim_cid_connect *c;
int	 off;

/* Too large or the stack */
c = malloc(sizeof (*c), M_USBDEV102, M_WAIT0x0001|M_ZERO0x0008);
c->sessionid = htole32(umb_session_id)((__uint32_t)(umb_session_id));
c->command = htole32(command)((__uint32_t)(command));
off = offsetof(struct mbim_cid_connect, data)__builtin_offsetof(struct mbim_cid_connect, data);
if (!umb_addstr(c, sizeof (*c), &off, sc->sc_info.apn,
   sc->sc_info.apnlen, &c->access_offs, &c->access_size))
goto done;
/* XXX FIXME: support user name and passphrase */
c->user_offs = htole32(0)((__uint32_t)(0));
c->user_size = htole32(0)((__uint32_t)(0));
c->passwd_offs = htole32(0)((__uint32_t)(0));
c->passwd_size = htole32(0)((__uint32_t)(0));
c->authprot = htole32(MBIM_AUTHPROT_NONE)((__uint32_t)(0));
c->compression = htole32(MBIM_COMPRESSION_NONE)((__uint32_t)(0));
c->iptype = htole32(MBIM_CONTEXT_IPTYPE_IPV4)((__uint32_t)(1));
2813#ifdef INET61
/* XXX FIXME: support IPv6-only mode, too */
if ((sc->sc_flags & UMBFLG_NO_INET60x0002) == 0 &&
   in6ifa_ifpforlinklocal(GET_IFP(sc)(&(sc)->sc_if), 0) != NULL((void *)0))
c->iptype = htole32(MBIM_CONTEXT_IPTYPE_IPV4V6)((__uint32_t)(3));
2818#endif
memcpy(c->context, umb_uuid_context_internet, sizeof (c->context))__builtin_memcpy((c->context), (umb_uuid_context_internet)
, (sizeof (c->context)));
umb_cmd(sc, MBIM_CID_CONNECT12, MBIM_CMDOP_SET1, c, off);
2821done:
free(c, M_USBDEV102, sizeof (*c));
return;
2824}

2826void
2827umb_qry_ipconfig(struct umb_softc *sc)
2828{
struct mbim_cid_ip_configuration_info ipc;

memset(&ipc, 0, sizeof (ipc))__builtin_memset((&ipc), (0), (sizeof (ipc)));
ipc.sessionid = htole32(umb_session_id)((__uint32_t)(umb_session_id));
umb_cmd(sc, MBIM_CID_IP_CONFIGURATION15, MBIM_CMDOP_QRY0,
   &ipc, sizeof (ipc));
2835}

2837void
2838umb_cmd(struct umb_softc *sc, int cid, int op, void *data, int len)
2839{
umb_cmd1(sc, cid, op, data, len, umb_uuid_basic_connect);
2841}

2843void
2844umb_cmd1(struct umb_softc *sc, int cid, int op, void *data, int len,
  uint8_t *uuid)
2846{
struct mbim_h2f_cmd *cmd;
int	totlen;

/* XXX FIXME support sending fragments */
if (sizeof (*cmd) + len > sc->sc_ctrl_len) {
DPRINTF("%s: set %s msg too long: cannot send\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid))do { } while (0);
return;
}
cmd = sc->sc_ctrl_msg;
memset(cmd, 0, sizeof (*cmd))__builtin_memset((cmd), (0), (sizeof (*cmd)));
cmd->frag.nfrag = htole32(1)((__uint32_t)(1));
memcpy(cmd->devid, uuid, sizeof (cmd->devid))__builtin_memcpy((cmd->devid), (uuid), (sizeof (cmd->devid
)));
cmd->cid = htole32(cid)((__uint32_t)(cid));
cmd->op = htole32(op)((__uint32_t)(op));
cmd->infolen = htole32(len)((__uint32_t)(len));
totlen = sizeof (*cmd);
if (len > 0) {
memcpy(cmd + 1, data, len)__builtin_memcpy((cmd + 1), (data), (len));
totlen += len;
}
umb_ctrl_msg(sc, MBIM_COMMAND_MSG3U, cmd, totlen);
2869}

2871void
2872umb_command_done(struct umb_softc *sc, void *data, int len)
2873{
struct mbim_f2h_cmddone *cmd = data;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
uint32_t status;
uint32_t cid;
uint32_t infolen;
int	 qmimsg = 0;

if (len < sizeof (*cmd)) {
DPRINTF("%s: discard short %s message\n", DEVNAM(sc),do { } while (0)
    umb_request2str(letoh32(cmd->hdr.type)))do { } while (0);
return;
}
cid = letoh32(cmd->cid)((__uint32_t)(cmd->cid));
if (memcmp(cmd->devid, umb_uuid_basic_connect, sizeof (cmd->devid))__builtin_memcmp((cmd->devid), (umb_uuid_basic_connect), (
sizeof (cmd->devid)))) {
if (memcmp(cmd->devid, umb_uuid_qmi_mbim,__builtin_memcmp((cmd->devid), (umb_uuid_qmi_mbim), (sizeof
 (cmd->devid)))
    sizeof (cmd->devid))__builtin_memcmp((cmd->devid), (umb_uuid_qmi_mbim), (sizeof
 (cmd->devid)))) {
	DPRINTF("%s: discard %s message for other UUID '%s'\n",do { } while (0)
	    DEVNAM(sc), umb_request2str(letoh32(cmd->hdr.type)),do { } while (0)
	    umb_uuid2str(cmd->devid))do { } while (0);
	return;
} else
	qmimsg = 1;
}

status = letoh32(cmd->status)((__uint32_t)(cmd->status));
switch (status) {
case MBIM_STATUS_SUCCESS0:
break;
2902#ifdef INET61
case MBIM_STATUS_NO_DEVICE_SUPPORT9:
if ((cid == MBIM_CID_CONNECT12) &&
    (sc->sc_flags & UMBFLG_NO_INET60x0002) == 0) {
	sc->sc_flags |= UMBFLG_NO_INET60x0002;
	if (ifp->if_flags & IFF_DEBUG0x4)
		log(LOG_ERR3,
		    "%s: device does not support IPv6\n",
		    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
}
/* Re-trigger the connect, this time IPv4 only */
usb_add_task(sc->sc_udev, &sc->sc_umb_task);
return;
2915#endif
case MBIM_STATUS_NOT_INITIALIZED14:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: SIM not initialized (PIN missing)\n",
	    DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname));
return;
case MBIM_STATUS_PIN_REQUIRED5:
sc->sc_info.pin_state = UMB_PIN_REQUIRED0;
/*FALLTHROUGH*/
default:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_ERR3, "%s: set/qry %s failed: %s\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    umb_cid2str(cid)umb_val2descr(umb_cids, (cid)), umb_status2str(status)umb_val2descr(umb_status, (status)));
return;
}

infolen = letoh32(cmd->infolen)((__uint32_t)(cmd->infolen));
if (len < sizeof (*cmd) + infolen) {
DPRINTF("%s: discard truncated %s message (want %d, got %d)\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid),do { } while (0)
    (int)sizeof (*cmd) + infolen, len)do { } while (0);
return;
}
if (qmimsg) {
if (sc->sc_flags & UMBFLG_FCC_AUTH_REQUIRED0x0001)
	umb_decode_qmi(sc, cmd->info, infolen);
} else {
DPRINTFN(2, "%s: set/qry %s done\n", DEVNAM(sc),do { } while (0)
    umb_cid2str(cid))do { } while (0);
umb_decode_cid(sc, cid, cmd->info, infolen);
}
2946}

2948void
2949umb_decode_cid(struct umb_softc *sc, uint32_t cid, void *data, int len)
2950{
int	 ok = 1;

switch (cid) {
case MBIM_CID_DEVICE_CAPS1:
ok = umb_decode_devices_caps(sc, data, len);
break;
case MBIM_CID_SUBSCRIBER_READY_STATUS2:
ok = umb_decode_subscriber_status(sc, data, len);
break;
case MBIM_CID_RADIO_STATE3:
ok = umb_decode_radio_state(sc, data, len);
break;
case MBIM_CID_PIN4:
ok = umb_decode_pin(sc, data, len);
break;
case MBIM_CID_REGISTER_STATE9:
ok = umb_decode_register_state(sc, data, len);
break;
case MBIM_CID_PACKET_SERVICE10:
ok = umb_decode_packet_service(sc, data, len);
break;
case MBIM_CID_SIGNAL_STATE11:
ok = umb_decode_signal_state(sc, data, len);
break;
case MBIM_CID_CONNECT12:
ok = umb_decode_connect_info(sc, data, len);
break;
case MBIM_CID_IP_CONFIGURATION15:
ok = umb_decode_ip_configuration(sc, data, len);
break;
default:
/*
 * Note: the above list is incomplete and only contains
 *	mandatory CIDs from the BASIC_CONNECT set.
 *	So alternate values are not unusual.
 */
DPRINTFN(4, "%s: ignore %s\n", DEVNAM(sc), umb_cid2str(cid))do { } while (0);
break;
}
if (!ok)
DPRINTF("%s: discard %s with bad info length %d\n",do { } while (0)
    DEVNAM(sc), umb_cid2str(cid), len)do { } while (0);
return;
2994}

2996void
2997umb_decode_qmi(struct umb_softc *sc, uint8_t *data, int len)
2998{
uint8_t	srv;
uint16_t msg, tlvlen;
uint32_t val;

3003#define UMB_QMI_QMUXLEN6		6
if (len < UMB_QMI_QMUXLEN6)
goto tooshort;

srv = data[4];
data += UMB_QMI_QMUXLEN6;
len -= UMB_QMI_QMUXLEN6;

3011#define UMB_GET16(p)((uint16_t)*p | (uint16_t)*(p + 1) << 8)	((uint16_t)*p | (uint16_t)*(p + 1) << 8)
3012#define UMB_GET32(p)((uint32_t)*p | (uint32_t)*(p + 1) << 8 | (uint32_t)*(p
 + 2) << 16 |(uint32_t)*(p + 3) << 24)	((uint32_t)*p | (uint32_t)*(p + 1) << 8 | \
	    (uint32_t)*(p + 2) << 16 |(uint32_t)*(p + 3) << 24)
switch (srv) {
case 0:	/* ctl */
3016#define UMB_QMI_CTLLEN6		6
if (len < UMB_QMI_CTLLEN6)
	goto tooshort;
msg = UMB_GET16(&data[2])((uint16_t)*&data[2] | (uint16_t)*(&data[2] + 1) <<
 8);
tlvlen = UMB_GET16(&data[4])((uint16_t)*&data[4] | (uint16_t)*(&data[4] + 1) <<
 8);
data += UMB_QMI_CTLLEN6;
len -= UMB_QMI_CTLLEN6;
break;
case 2:	/* dms  */
3025#define UMB_QMI_DMSLEN7		7
if (len < UMB_QMI_DMSLEN7)
	goto tooshort;
msg = UMB_GET16(&data[3])((uint16_t)*&data[3] | (uint16_t)*(&data[3] + 1) <<
 8);
tlvlen = UMB_GET16(&data[5])((uint16_t)*&data[5] | (uint16_t)*(&data[5] + 1) <<
 8);
data += UMB_QMI_DMSLEN7;
len -= UMB_QMI_DMSLEN7;
break;
default:
DPRINTF("%s: discard QMI message for unknown service type %d\n",do { } while (0)
    DEVNAM(sc), srv)do { } while (0);
return;
}

if (len < tlvlen)
goto tooshort;

3042#define UMB_QMI_TLVLEN3		3
while (len > 0) {
if (len < UMB_QMI_TLVLEN3)
	goto tooshort;
tlvlen = UMB_GET16(&data[1])((uint16_t)*&data[1] | (uint16_t)*(&data[1] + 1) <<
 8);
if (len < UMB_QMI_TLVLEN3 + tlvlen)
	goto tooshort;
switch (data[0]) {
case 1:	/* allocation info */
	if (msg == 0x0022) {	/* Allocate CID */
		if (tlvlen != 2 || data[3] != 2) /* dms */
			break;
		sc->sc_cid = data[4];
		DPRINTF("%s: QMI CID %d allocated\n",do { } while (0)
		    DEVNAM(sc), sc->sc_cid)do { } while (0);
		umb_newstate(sc, UMB_S_CID, UMB_NS_DONT_DROP0x0001);
	}
	break;
case 2:	/* response */
	if (tlvlen != sizeof (val))
		break;
	val = UMB_GET32(&data[3])((uint32_t)*&data[3] | (uint32_t)*(&data[3] + 1) <<
| (uint32_t)*(&data[3] + 2) << 16 |(uint32_t)*(&
data[3] + 3) << 24);
	switch (msg) {
	case 0x0022:	/* Allocate CID */
		if (val != 0) {
			log(LOG_ERR3, "%s: allocation of QMI CID"
			    " failed, error 0x%x\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
			    val);
			/* XXX how to proceed? */
			return;
		}
		break;
	case 0x555f:	/* Send FCC Authentication */
		if (val == 0)
			DPRINTF("%s: send FCC "do { } while (0)
			    "Authentication succeeded\n",do { } while (0)
			    DEVNAM(sc))do { } while (0);
		else if (val == 0x001a0001)
			DPRINTF("%s: FCC Authentication "do { } while (0)
			    "not required\n", DEVNAM(sc))do { } while (0);
		else
			log(LOG_INFO6, "%s: send FCC "
			    "Authentication failed, "
			    "error 0x%x\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname), val);

		/* FCC Auth is needed only once after power-on*/
		sc->sc_flags &= ~UMBFLG_FCC_AUTH_REQUIRED0x0001;

		/* Try to proceed anyway */
		DPRINTF("%s: init: turning radio on ...\n",do { } while (0)
		    DEVNAM(sc))do { } while (0);
		umb_radio(sc, 1);
		break;
	default:
		break;
	}
	break;
default:
	break;
}
data += UMB_QMI_TLVLEN3 + tlvlen;
len -= UMB_QMI_TLVLEN3 + tlvlen;
}
return;

3107tooshort:
DPRINTF("%s: discard short QMI message\n", DEVNAM(sc))do { } while (0);
return;
3110}

3112void
3113umb_intr(struct usbd_xfer *xfer, void *priv, usbd_status status)
3114{
struct umb_softc *sc = priv;
struct ifnet *ifp = GET_IFP(sc)(&(sc)->sc_if);
int	 total_len;

if (status != USBD_NORMAL_COMPLETION) {
DPRINTF("%s: notification error: %s\n", DEVNAM(sc),do { } while (0)
    usbd_errstr(status))do { } while (0);
if (status == USBD_STALLED)
	usbd_clear_endpoint_stall_async(sc->sc_ctrl_pipe);
return;
}
usbd_get_xfer_status(xfer, NULL((void *)0), NULL((void *)0), &total_len, NULL((void *)0));
if (total_len < UCDC_NOTIFICATION_LENGTH8) {
DPRINTF("%s: short notification (%d<%d)\n", DEVNAM(sc),do { } while (0)
    total_len, UCDC_NOTIFICATION_LENGTH)do { } while (0);
    return;
}
if (sc->sc_intr_msg.bmRequestType != UCDC_NOTIFICATION0xa1) {
DPRINTF("%s: unexpected notification (type=0x%02x)\n",do { } while (0)
    DEVNAM(sc), sc->sc_intr_msg.bmRequestType)do { } while (0);
return;
}

switch (sc->sc_intr_msg.bNotification) {
case UCDC_N_NETWORK_CONNECTION0x00:
if (ifp->if_flags & IFF_DEBUG0x4)
	log(LOG_DEBUG7, "%s: network %sconnected\n", DEVNAM(sc)(((struct umb_softc *)(sc))->sc_dev.dv_xname),
	    UGETW(sc->sc_intr_msg.wValue)(*(u_int16_t *)(sc->sc_intr_msg.wValue)) ? "" : "dis");
break;
case UCDC_N_RESPONSE_AVAILABLE0x01:
DPRINTFN(2, "%s: umb_intr: response available\n", DEVNAM(sc))do { } while (0);
++sc->sc_nresp;
usb_add_task(sc->sc_udev, &sc->sc_get_response_task);
break;
case UCDC_N_CONNECTION_SPEED_CHANGE0x2a:
DPRINTFN(2, "%s: umb_intr: connection speed changed\n",do { } while (0)
    DEVNAM(sc))do { } while (0);
break;
default:
DPRINTF("%s: unexpected notification (0x%02x)\n",do { } while (0)
    DEVNAM(sc), sc->sc_intr_msg.bNotification)do { } while (0);
break;
}
3158}

3160/*
* Diagnostic routines
*/
3163#ifdef UMB_DEBUG
3164char *
3165umb_uuid2str(uint8_t uuid[MBIM_UUID_LEN16])
3166{
static char uuidstr[2 * MBIM_UUID_LEN16 + 5];

3169#define UUID_BFMT	"%02X"
3170#define UUID_SEP	"-"
snprintf(uuidstr, sizeof (uuidstr),
   UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_SEP
   UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT,
   uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5],
   uuid[6], uuid[7], uuid[8], uuid[9], uuid[10], uuid[11],
   uuid[12], uuid[13], uuid[14], uuid[15]);
return uuidstr;
3181}

3183void
3184umb_dump(void *buf, int len)
3185{
int	 i = 0;
uint8_t	*c = buf;

if (len == 0)
return;
while (i < len) {
if ((i % 16) == 0) {
	if (i > 0)
		addlog("\n");
	log(LOG_DEBUG7, "%4d:  ", i);
}
addlog(" %02x", *c);
c++;
i++;
}
addlog("\n");
3202}
3203#endif /* UMB_DEBUG */

←

/usr/src/sys/net/ifq.h

1/*	$OpenBSD: ifq.h,v 1.33 2021/03/10 10:21:48 jsg Exp $ */

3/*
* Copyright (c) 2015 David Gwynne <dlg@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

19#ifndef _NET_IFQ_H_
20#define _NET_IFQ_H_

22struct ifnet;
23struct kstat;

25struct ifq_ops;

27struct ifqueue {
struct ifnet		*ifq_if;
struct taskq		*ifq_softnet;
union {
void			*_ifq_softc;
/*
 * a rings sndq is found by looking up an array of pointers.
 * by default we only have one sndq and the default drivers
 * dont use ifq_softc, so we can borrow it for the map until
 * we need to allocate a proper map.
 */
struct ifqueue		*_ifq_ifqs[1];
} _ifq_ptr;
40#define ifq_softc_ifq_ptr._ifq_softc		 _ifq_ptr._ifq_softc
41#define ifq_ifqs_ifq_ptr._ifq_ifqs		 _ifq_ptr._ifq_ifqs

/* mbuf handling */
struct mutex		 ifq_mtx;
const struct ifq_ops	*ifq_ops;
void			*ifq_q;
struct mbuf_list	 ifq_free;
unsigned int		 ifq_len;
unsigned int		 ifq_oactive;

/* statistics */
uint64_t		 ifq_packets;
uint64_t		 ifq_bytes;
uint64_t		 ifq_qdrops;
uint64_t		 ifq_errors;
uint64_t		 ifq_mcasts;

struct kstat		*ifq_kstat;

/* work serialisation */
struct mutex		 ifq_task_mtx;
struct task_list	 ifq_task_list;
void			*ifq_serializer;
struct task		 ifq_bundle;

/* work to be serialised */
struct task		 ifq_start;
struct task		 ifq_restart;

/* properties */
unsigned int		 ifq_maxlen;
unsigned int		 ifq_idx;
73};

75struct ifiqueue {
struct ifnet		*ifiq_if;
struct taskq		*ifiq_softnet;
union {
void			*_ifiq_softc;
struct ifiqueue		*_ifiq_ifiqs[1];
} _ifiq_ptr;
82#define ifiq_softc_ifiq_ptr._ifiq_softc		 _ifiq_ptr._ifiq_softc
83#define ifiq_ifiqs_ifiq_ptr._ifiq_ifiqs		 _ifiq_ptr._ifiq_ifiqs

struct mutex		 ifiq_mtx;
struct mbuf_list	 ifiq_ml;
struct task		 ifiq_task;
unsigned int		 ifiq_pressure;

/* counters */
uint64_t		 ifiq_packets;
uint64_t		 ifiq_bytes;
uint64_t		 ifiq_qdrops;
uint64_t		 ifiq_errors;
uint64_t		 ifiq_mcasts;
uint64_t		 ifiq_noproto;

struct kstat		*ifiq_kstat;

/* properties */
unsigned int		 ifiq_idx;
102};

104#ifdef _KERNEL1

106#define IFQ_MAXLEN256		256

108/*
*
* Interface Send Queues
*
* struct ifqueue sits between the network stack and a drivers
* transmission of packets. The high level view is that when the stack
* has finished generating a packet it hands it to a driver for
* transmission. It does this by queueing the packet on an ifqueue and
* notifying the driver to start transmission of the queued packets.
*
* A network device may have multiple contexts for the transmission
* of packets, ie, independent transmit rings. Such a network device,
* represented by a struct ifnet, would then have multiple ifqueue
* structures, each of which maps to an independent transmit ring.
*
* struct ifqueue also provides the point where conditioning of
* traffic (ie, priq and hfsc) is implemented, and provides some
* infrastructure to assist in the implementation of network drivers.
*
* = ifq API
*
* The ifq API provides functions for three distinct consumers:
*
* 1. The network stack
* 2. Traffic QoS/conditioning implementations
* 3. Network drivers
*
* == Network Stack API
*
* The network stack is responsible for initialising and destroying
* the ifqueue structures, changing the traffic conditioner on an
* interface, enqueuing packets for transmission, and notifying
* the driver to start transmission of a particular ifqueue.
*
* === ifq_init()
*
* During if_attach(), the network stack calls ifq_init to initialise
* the ifqueue structure. By default it configures the priq traffic
* conditioner.
*
* === ifq_destroy()
*
* The network stack calls ifq_destroy() during if_detach to tear down
* the ifqueue structure. It frees the traffic conditioner state, and
* frees any mbufs that were left queued.
*
* === ifq_attach()
*
* ifq_attach() is used to replace the current traffic conditioner on
* the ifqueue. All the pending mbufs are removed from the previous
* conditioner and requeued on the new.
*
* === ifq_idx()
*
* ifq_idx() selects a specific ifqueue from the current ifnet
* structure for use in the transmission of the mbuf.
*
* === ifq_enqueue()
*
* ifq_enqueue() attempts to fit an mbuf onto the ifqueue. The
* current traffic conditioner may drop a packet to make space on the
* queue.
*
* === ifq_start()
*
* Once a packet has been successfully queued with ifq_enqueue(),
* the network card is notified with a call to ifq_start().
* Calls to ifq_start() run in the ifqueue serialisation context,
* guaranteeing that only one instance of ifp->if_qstart() will be
* running on behalf of a specific ifqueue in the system at any point
* in time.
*
* == Traffic conditioners API
*
* The majority of interaction between struct ifqueue and a traffic
* conditioner occurs via the callbacks a traffic conditioner provides
* in an instance of struct ifq_ops.
*
* XXX document ifqop_*
*
* The ifqueue API implements the locking on behalf of the conditioning
* implementations so conditioners only have to reject or keep mbufs.
* If something needs to inspect a conditioners internals, the queue lock
* needs to be taken to allow for a consistent or safe view. The queue
* lock may be taken and released with ifq_q_enter() and ifq_q_leave().
*
* === ifq_q_enter()
*
* Code wishing to access a conditioners internals may take the queue
* lock with ifq_q_enter(). The caller must pass a reference to the
* conditioners ifq_ops structure so the infrastructure can ensure the
* caller is able to understand the internals. ifq_q_enter() returns
* a pointer to the conditioners internal structures, or NULL if the
* ifq_ops did not match the current conditioner.
*
* === ifq_q_leave()
*
* The queue lock acquired with ifq_q_enter() is released with
* ifq_q_leave().
*
* === ifq_mfreem() and ifq_mfreeml()
*
* A goal of the API is to avoid freeing an mbuf while mutexes are
* held. Because the ifq API manages the lock on behalf of the backend
* ifqops, the backend should not directly free mbufs. If a conditioner
* backend needs to drop a packet during the handling of ifqop_deq_begin,
* it may free it by calling ifq_mfreem(). This accounts for the drop,
* and schedules the free of the mbuf outside the hold of ifq_mtx.
* ifq_mfreeml() takes an mbuf list as an argument instead.
*
*
* == Network Driver API
*
* The API used by network drivers is mostly documented in the
* ifq_dequeue(9) manpage except for ifq_serialize().
*
* === ifq_serialize()
*
* A driver may run arbitrary work in the ifqueue serialiser context
* via ifq_serialize(). The work to be done is represented by a task
* that has been prepared with task_set.
*
* The work will be run in series with any other work dispatched by
* ifq_start(), ifq_restart(), or other ifq_serialize() calls.
*
* Because the work may be run on another CPU, the lifetime of the
* task and the work it represents can extend beyond the end of the
* call to ifq_serialize() that dispatched it.
*
*
* = ifqueue work serialisation
*
* ifqueues provide a mechanism to dispatch work to be run in a single
* context. Work in this mechanism is represented by task structures.
*
* The tasks are run in a context similar to a taskq serviced by a
* single kernel thread, except the work is run immediately by the
* first CPU that dispatches work. If a second CPU attempts to dispatch
* additional tasks while the first is still running, it will be queued
* to be run by the first CPU. The second CPU will return immediately.
*
* = MP Safe Network Drivers
*
* An MP safe network driver is one in which its start routine can be
* called by the network stack without holding the big kernel lock.
*
* == Attach
*
* A driver advertises it's ability to run its start routine without
* the kernel lock by setting the IFXF_MPSAFE flag in ifp->if_xflags
* before calling if_attach(). Advertising an MPSAFE start routine
* also implies that the driver understands that a network card can
* have multiple rings or transmit queues, and therefore provides
* if_qstart function (which takes an ifqueue pointer) instead of an
* if_start function (which takes an ifnet pointer).
*
* If the hardware supports multiple transmit rings, it advertises
* support for multiple rings to the network stack with if_attach_queues()
* after the call to if_attach(). if_attach_queues allocates a struct
* ifqueue for each hardware ring, which can then be initialised by
* the driver with data for each ring.
*
*	void	drv_start(struct ifqueue *);
*
*	void
*	drv_attach()
*	{
*	...
*		ifp->if_xflags = IFXF_MPSAFE;
*		ifp->if_qstart = drv_start;
*		if_attach(ifp);
*
*		if_attach_queues(ifp, DRV_NUM_TX_RINGS);
*		for (i = ; i < DRV_NUM_TX_RINGS; i++) {
*			struct ifqueue *ifq = ifp->if_ifqs[i];
*			struct drv_tx_ring *ring = &sc->sc_tx_rings[i];
*
*			ifq->ifq_softc = ring;
*			ring->ifq = ifq;
*		}
*	}
*
* The network stack will then call ifp->if_qstart via ifq_start()
* to guarantee there is only one instance of that function running
* for each ifq in the system, and to serialise it with other work
* the driver may provide.
*
* == Initialise
*
* When the stack requests an interface be brought up (ie, drv_ioctl()
* is called to handle SIOCSIFFLAGS with IFF_UP set in ifp->if_flags)
* drivers should set IFF_RUNNING in ifp->if_flags, and then call
* ifq_clr_oactive() against each ifq.
*
* == if_start
*
* ifq_start() checks that IFF_RUNNING is set in ifp->if_flags, that
* ifq_is_oactive() does not return true, and that there are pending
* packets to transmit via a call to ifq_len(). Therefore, drivers are
* no longer responsible for doing this themselves.
*
* If a driver should not transmit packets while its link is down, use
* ifq_purge() to flush pending packets from the transmit queue.
*
* Drivers for hardware should use the following pattern to transmit
* packets:
*
*	void
*	drv_start(struct ifqueue *ifq)
*	{
*		struct drv_tx_ring *ring = ifq->ifq_softc;
*		struct ifnet *ifp = ifq->ifq_if;
*		struct drv_softc *sc = ifp->if_softc;
*		struct mbuf *m;
*		int kick = 0;
*
*		if (NO_LINK) {
*			ifq_purge(ifq);
*			return;
*		}
*
*		for (;;) {
*			if (NO_SPACE(ring)) {
*				ifq_set_oactive(ifq);
*				break;
*			}
*
*			m = ifq_dequeue(ifq);
*			if (m == NULL)
*				break;
*
*			if (drv_encap(sc, ring, m) != 0) { // map and fill ring
*				m_freem(m);
*				continue;
*			}
*
*			bpf_mtap();
*		}
*
*		drv_kick(ring); // notify hw of new descriptors on the ring
*	 }
*
* == Transmission completion
*
* The following pattern should be used for transmit queue interrupt
* processing:
*
*	void
*	drv_txeof(struct drv_tx_ring *ring)
*	{
*		struct ifqueue *ifq = ring->ifq;
*
*		while (COMPLETED_PKTS(ring)) {
*			// unmap packets, m_freem() the mbufs.
*		}
*
*		if (ifq_is_oactive(ifq))
*			ifq_restart(ifq);
*	}
*
* == Stop
*
* Bringing an interface down (ie, IFF_UP was cleared in ifp->if_flags)
* should clear IFF_RUNNING in ifp->if_flags, and guarantee the start
* routine is not running before freeing any resources it uses:
*
*	void
*	drv_down(struct drv_softc *sc)
*	{
*		struct ifnet *ifp = &sc->sc_if;
*		struct ifqueue *ifq;
*		int i;
*
*		CLR(ifp->if_flags, IFF_RUNNING);
*		DISABLE_INTERRUPTS();
*
*		for (i = 0; i < sc->sc_num_queues; i++) {
*			ifq = ifp->if_ifqs[i];
*			ifq_barrier(ifq);
*		}
*
*		intr_barrier(sc->sc_ih);
*
*		FREE_RESOURCES();
*
*		for (i = 0; i < sc->sc_num_queues; i++) {
*			ifq = ifp->if_ifqs[i];
*			ifq_clr_oactive(ifq);
*		}
*	}
*
*/

401struct ifq_ops {
unsigned int		 (*ifqop_idx)(unsigned int,
		    const struct mbuf *);
struct mbuf		*(*ifqop_enq)(struct ifqueue *, struct mbuf *);
struct mbuf		*(*ifqop_deq_begin)(struct ifqueue *, void **);
void			 (*ifqop_deq_commit)(struct ifqueue *,
		    struct mbuf *, void *);
void			 (*ifqop_purge)(struct ifqueue *,
		    struct mbuf_list *);
void			*(*ifqop_alloc)(unsigned int, void *);
void			 (*ifqop_free)(unsigned int, void *);
412};

414extern const struct ifq_ops * const ifq_priq_ops;

416/*
* Interface send queues.
*/

420void		 ifq_init(struct ifqueue *, struct ifnet *, unsigned int);
421void		 ifq_attach(struct ifqueue *, const struct ifq_ops *, void *);
422void		 ifq_destroy(struct ifqueue *);
423void		 ifq_add_data(struct ifqueue *, struct if_data *);
424int		 ifq_enqueue(struct ifqueue *, struct mbuf *);
425void		 ifq_start(struct ifqueue *);
426struct mbuf	*ifq_deq_begin(struct ifqueue *);
427void		 ifq_deq_commit(struct ifqueue *, struct mbuf *);
428void		 ifq_deq_rollback(struct ifqueue *, struct mbuf *);
429struct mbuf	*ifq_dequeue(struct ifqueue *);
430int		 ifq_hdatalen(struct ifqueue *);
431void		 ifq_mfreem(struct ifqueue *, struct mbuf *);
432void		 ifq_mfreeml(struct ifqueue *, struct mbuf_list *);
433unsigned int	 ifq_purge(struct ifqueue *);
434void		*ifq_q_enter(struct ifqueue *, const struct ifq_ops *);
435void		 ifq_q_leave(struct ifqueue *, void *);
436void		 ifq_serialize(struct ifqueue *, struct task *);
437void		 ifq_barrier(struct ifqueue *);


440int		 ifq_deq_sleep(struct ifqueue *, struct mbuf **, int, int,
     const char *, volatile unsigned int *,
     volatile unsigned int *);

444#define	ifq_len(_ifq)((_ifq)->ifq_len)			((_ifq)->ifq_len)
445#define	ifq_empty(_ifq)(((_ifq)->ifq_len) == 0)			(ifq_len(_ifq)((_ifq)->ifq_len) == 0)
446#define	ifq_set_maxlen(_ifq, _l)((_ifq)->ifq_maxlen = (_l))	((_ifq)->ifq_maxlen = (_l))

448static inline int
449ifq_is_priq(struct ifqueue *ifq)
450{
return (ifq->ifq_ops == ifq_priq_ops);
452}

454static inline void
455ifq_set_oactive(struct ifqueue *ifq)
456{
ifq->ifq_oactive = 1;
458}

460static inline void
461ifq_clr_oactive(struct ifqueue *ifq)
462{
ifq->ifq_oactive = 0;
464}

466static inline unsigned int
467ifq_is_oactive(struct ifqueue *ifq)
468{
return (ifq->ifq_oactive);
10
←
Returning without writing to 'ifq->ifq_oactive', which participates in a condition later→
11
←
Returning zero, which participates in a condition later→
470}

472static inline void
473ifq_restart(struct ifqueue *ifq)
474{
ifq_serialize(ifq, &ifq->ifq_restart);
476}

478static inline unsigned int
479ifq_idx(struct ifqueue *ifq, unsigned int nifqs, const struct mbuf *m)
480{
return ((*ifq->ifq_ops->ifqop_idx)(nifqs, m));
482}

484/* ifiq */

486void		 ifiq_init(struct ifiqueue *, struct ifnet *, unsigned int);
487void		 ifiq_destroy(struct ifiqueue *);
488int		 ifiq_input(struct ifiqueue *, struct mbuf_list *);
489int		 ifiq_enqueue(struct ifiqueue *, struct mbuf *);
490void		 ifiq_add_data(struct ifiqueue *, struct if_data *);

492#define	ifiq_len(_ifiq)((&(_ifiq)->ifiq_ml)->ml_len)			ml_len(&(_ifiq)->ifiq_ml)((&(_ifiq)->ifiq_ml)->ml_len)
493#define	ifiq_empty(_ifiq)((&(_ifiq)->ifiq_ml)->ml_len == 0)		ml_empty(&(_ifiq)->ifiq_ml)((&(_ifiq)->ifiq_ml)->ml_len == 0)

495#endif /* _KERNEL */

497#endif /* _NET_IFQ_H_ */