ar9170: ar9170: mac80211 interaction code

This patch contains almost all mac80211 interaction code of AR9170.

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/drivers/net/wireless/ar9170/main.c b/drivers/net/wireless/ar9170/main.c
new file mode 100644
index 0000000..a3b5323
--- /dev/null
+++ b/drivers/net/wireless/ar9170/main.c
@@ -0,0 +1,1776 @@
+/*
+ * Atheros AR9170 driver
+ *
+ * mac80211 interaction code
+ *
+ * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ * Copyright 2009, Christian Lamparter <chunkeey@web.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, see
+ * http://www.gnu.org/licenses/.
+ *
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
+ *    Copyright (c) 2007-2008 Atheros Communications, Inc.
+ *
+ *    Permission to use, copy, modify, and/or distribute this software for any
+ *    purpose with or without fee is hereby granted, provided that the above
+ *    copyright notice and this permission notice appear in all copies.
+ *
+ *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * BIG FAT TODO:
+ *
+ * By the looks of things: these devices share a lot of things like
+ * EEPROM layout/design and PHY code with other Atheros WIFI products.
+ * So this driver/library will eventually become ath9k code... or vice versa ;-)
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/etherdevice.h>
+#include <net/mac80211.h>
+#include "ar9170.h"
+#include "hw.h"
+#include "cmd.h"
+
+static int modparam_nohwcrypt;
+module_param_named(nohwcrypt, modparam_nohwcrypt, bool, S_IRUGO);
+MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
+MODULE_AUTHOR("Johannes Berg <johannes@sipsolutions.net>");
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Atheros shared code for AR9170 wireless devices");
+
+#define RATE(_bitrate, _hw_rate, _txpidx, _flags) {	\
+	.bitrate	= (_bitrate),			\
+	.flags		= (_flags),			\
+	.hw_value	= (_hw_rate) | (_txpidx) << 4,	\
+}
+
+static struct ieee80211_rate __ar9170_ratetable[] = {
+	RATE(10, 0, 0, 0),
+	RATE(20, 1, 1, IEEE80211_RATE_SHORT_PREAMBLE),
+	RATE(55, 2, 2, IEEE80211_RATE_SHORT_PREAMBLE),
+	RATE(110, 3, 3, IEEE80211_RATE_SHORT_PREAMBLE),
+	RATE(60, 0xb, 0, 0),
+	RATE(90, 0xf, 0, 0),
+	RATE(120, 0xa, 0, 0),
+	RATE(180, 0xe, 0, 0),
+	RATE(240, 0x9, 0, 0),
+	RATE(360, 0xd, 1, 0),
+	RATE(480, 0x8, 2, 0),
+	RATE(540, 0xc, 3, 0),
+};
+#undef RATE
+
+#define ar9170_g_ratetable	(__ar9170_ratetable + 0)
+#define ar9170_g_ratetable_size	12
+#define ar9170_a_ratetable	(__ar9170_ratetable + 4)
+#define ar9170_a_ratetable_size	8
+
+/*
+ * NB: The hw_value is used as an index into the ar9170_phy_freq_params
+ *     array in phy.c so that we don't have to do frequency lookups!
+ */
+#define CHAN(_freq, _idx) {		\
+	.center_freq	= (_freq),	\
+	.hw_value	= (_idx),	\
+	.max_power	= 18, /* XXX */	\
+}
+
+static struct ieee80211_channel ar9170_2ghz_chantable[] = {
+	CHAN(2412,  0),
+	CHAN(2417,  1),
+	CHAN(2422,  2),
+	CHAN(2427,  3),
+	CHAN(2432,  4),
+	CHAN(2437,  5),
+	CHAN(2442,  6),
+	CHAN(2447,  7),
+	CHAN(2452,  8),
+	CHAN(2457,  9),
+	CHAN(2462, 10),
+	CHAN(2467, 11),
+	CHAN(2472, 12),
+	CHAN(2484, 13),
+};
+
+static struct ieee80211_channel ar9170_5ghz_chantable[] = {
+	CHAN(4920, 14),
+	CHAN(4940, 15),
+	CHAN(4960, 16),
+	CHAN(4980, 17),
+	CHAN(5040, 18),
+	CHAN(5060, 19),
+	CHAN(5080, 20),
+	CHAN(5180, 21),
+	CHAN(5200, 22),
+	CHAN(5220, 23),
+	CHAN(5240, 24),
+	CHAN(5260, 25),
+	CHAN(5280, 26),
+	CHAN(5300, 27),
+	CHAN(5320, 28),
+	CHAN(5500, 29),
+	CHAN(5520, 30),
+	CHAN(5540, 31),
+	CHAN(5560, 32),
+	CHAN(5580, 33),
+	CHAN(5600, 34),
+	CHAN(5620, 35),
+	CHAN(5640, 36),
+	CHAN(5660, 37),
+	CHAN(5680, 38),
+	CHAN(5700, 39),
+	CHAN(5745, 40),
+	CHAN(5765, 41),
+	CHAN(5785, 42),
+	CHAN(5805, 43),
+	CHAN(5825, 44),
+	CHAN(5170, 45),
+	CHAN(5190, 46),
+	CHAN(5210, 47),
+	CHAN(5230, 48),
+};
+#undef CHAN
+
+static struct ieee80211_supported_band ar9170_band_2GHz = {
+	.channels	= ar9170_2ghz_chantable,
+	.n_channels	= ARRAY_SIZE(ar9170_2ghz_chantable),
+	.bitrates	= ar9170_g_ratetable,
+	.n_bitrates	= ar9170_g_ratetable_size,
+};
+
+#ifdef AR9170_QUEUE_DEBUG
+/*
+ * In case some wants works with AR9170's crazy tx_status queueing techniques.
+ * He might need this rather useful probing function.
+ *
+ * NOTE: caller must hold the queue's spinlock!
+ */
+
+static void ar9170_print_txheader(struct ar9170 *ar, struct sk_buff *skb)
+{
+	struct ar9170_tx_control *txc = (void *) skb->data;
+	struct ieee80211_hdr *hdr = (void *)txc->frame_data;
+
+	printk(KERN_DEBUG "%s: => FRAME [skb:%p, queue:%d, DA:[%pM] "
+			  "mac_control:%04x, phy_control:%08x]\n",
+	       wiphy_name(ar->hw->wiphy), skb, skb_get_queue_mapping(skb),
+	       ieee80211_get_DA(hdr), le16_to_cpu(txc->mac_control),
+	       le32_to_cpu(txc->phy_control));
+}
+
+static void ar9170_dump_station_tx_status_queue(struct ar9170 *ar,
+						struct sk_buff_head *queue)
+{
+	struct sk_buff *skb;
+	int i = 0;
+
+	printk(KERN_DEBUG "---[ cut here ]---\n");
+	printk(KERN_DEBUG "%s: %d entries in tx_status queue.\n",
+	       wiphy_name(ar->hw->wiphy), skb_queue_len(queue));
+
+	skb_queue_walk(queue, skb) {
+		struct ar9170_tx_control *txc = (void *) skb->data;
+		struct ieee80211_hdr *hdr = (void *)txc->frame_data;
+
+		printk(KERN_DEBUG "index:%d => \n", i);
+		ar9170_print_txheader(ar, skb);
+	}
+	printk(KERN_DEBUG "---[ end ]---\n");
+}
+#endif /* AR9170_QUEUE_DEBUG */
+
+static struct ieee80211_supported_band ar9170_band_5GHz = {
+	.channels	= ar9170_5ghz_chantable,
+	.n_channels	= ARRAY_SIZE(ar9170_5ghz_chantable),
+	.bitrates	= ar9170_a_ratetable,
+	.n_bitrates	= ar9170_a_ratetable_size,
+};
+
+void ar9170_handle_tx_status(struct ar9170 *ar, struct sk_buff *skb,
+			     bool valid_status, u16 tx_status)
+{
+	struct ieee80211_tx_info *txinfo;
+	unsigned int retries = 0, queue = skb_get_queue_mapping(skb);
+	unsigned long flags;
+
+	spin_lock_irqsave(&ar->tx_stats_lock, flags);
+	ar->tx_stats[queue].len--;
+	if (ieee80211_queue_stopped(ar->hw, queue))
+		ieee80211_wake_queue(ar->hw, queue);
+	spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
+
+	txinfo = IEEE80211_SKB_CB(skb);
+	ieee80211_tx_info_clear_status(txinfo);
+
+	switch (tx_status) {
+	case AR9170_TX_STATUS_RETRY:
+		retries = 2;
+	case AR9170_TX_STATUS_COMPLETE:
+		txinfo->flags |= IEEE80211_TX_STAT_ACK;
+		break;
+
+	case AR9170_TX_STATUS_FAILED:
+		retries = ar->hw->conf.long_frame_max_tx_count;
+		break;
+
+	default:
+		printk(KERN_ERR "%s: invalid tx_status response (%x).\n",
+		       wiphy_name(ar->hw->wiphy), tx_status);
+		break;
+	}
+
+	if (valid_status)
+		txinfo->status.rates[0].count = retries + 1;
+
+	skb_pull(skb, sizeof(struct ar9170_tx_control));
+	ieee80211_tx_status_irqsafe(ar->hw, skb);
+}
+EXPORT_SYMBOL_GPL(ar9170_handle_tx_status);
+
+static struct sk_buff *ar9170_find_skb_in_queue(struct ar9170 *ar,
+						const u8 *mac,
+						const u32 queue,
+						struct sk_buff_head *q)
+{
+	unsigned long flags;
+	struct sk_buff *skb;
+
+	spin_lock_irqsave(&q->lock, flags);
+	skb_queue_walk(q, skb) {
+		struct ar9170_tx_control *txc = (void *) skb->data;
+		struct ieee80211_hdr *hdr = (void *) txc->frame_data;
+		u32 txc_queue = (le32_to_cpu(txc->phy_control) &
+				AR9170_TX_PHY_QOS_MASK) >>
+				AR9170_TX_PHY_QOS_SHIFT;
+
+		if  ((queue != txc_queue) ||
+		     (compare_ether_addr(ieee80211_get_DA(hdr), mac)))
+			continue;
+
+		__skb_unlink(skb, q);
+		spin_unlock_irqrestore(&q->lock, flags);
+		return skb;
+	}
+	spin_unlock_irqrestore(&q->lock, flags);
+	return NULL;
+}
+
+static struct sk_buff *ar9170_find_skb_in_queue_by_mac(struct ar9170 *ar,
+						       const u8 *mac,
+						       struct sk_buff_head *q)
+{
+	unsigned long flags;
+	struct sk_buff *skb;
+
+	spin_lock_irqsave(&q->lock, flags);
+	skb_queue_walk(q, skb) {
+		struct ar9170_tx_control *txc = (void *) skb->data;
+		struct ieee80211_hdr *hdr = (void *) txc->frame_data;
+
+		if (compare_ether_addr(ieee80211_get_DA(hdr), mac))
+			continue;
+
+		__skb_unlink(skb, q);
+		spin_unlock_irqrestore(&q->lock, flags);
+		return skb;
+	}
+	spin_unlock_irqrestore(&q->lock, flags);
+	return NULL;
+}
+
+static struct sk_buff *ar9170_find_skb_in_queue_by_txcq(struct ar9170 *ar,
+							const u32 queue,
+							struct sk_buff_head *q)
+{
+	unsigned long flags;
+	struct sk_buff *skb;
+
+	spin_lock_irqsave(&q->lock, flags);
+	skb_queue_walk(q, skb) {
+		struct ar9170_tx_control *txc = (void *) skb->data;
+		u32 txc_queue = (le32_to_cpu(txc->phy_control) &
+				AR9170_TX_PHY_QOS_MASK) >>
+				AR9170_TX_PHY_QOS_SHIFT;
+
+		if (queue != txc_queue)
+			continue;
+
+		__skb_unlink(skb, q);
+		spin_unlock_irqrestore(&q->lock, flags);
+		return skb;
+	}
+	spin_unlock_irqrestore(&q->lock, flags);
+	return NULL;
+}
+
+static struct sk_buff *ar9170_find_queued_skb(struct ar9170 *ar, const u8 *mac,
+					      const u32 queue)
+{
+	struct ieee80211_sta *sta;
+	struct sk_buff *skb;
+
+	/*
+	 * Unfortunately, the firmware does not tell to which (queued) frame
+	 * this transmission status report belongs to.
+	 *
+	 * So we have to make risky guesses - with the scarce information
+	 * the firmware provided (-> destination MAC, and phy_control) -
+	 * and hope that we picked the right one...
+	 */
+	rcu_read_lock();
+	sta = ieee80211_find_sta(ar->hw, mac);
+
+	if (likely(sta)) {
+		struct ar9170_sta_info *sta_priv = (void *) sta->drv_priv;
+		skb = ar9170_find_skb_in_queue_by_txcq(ar, queue,
+						       &sta_priv->tx_status);
+	} else {
+		/* STA is not in database (yet/anymore). */
+
+		/* scan the waste bin for likely candidates */
+		skb = ar9170_find_skb_in_queue(ar, mac, queue,
+					       &ar->global_tx_status_waste);
+		if (!skb) {
+			/* so it still _must_ be in the global list. */
+			skb = ar9170_find_skb_in_queue(ar, mac, queue,
+						       &ar->global_tx_status);
+		}
+	}
+	rcu_read_unlock();
+
+#ifdef AR9170_QUEUE_DEBUG
+	if (unlikely((!skb) && net_ratelimit())) {
+		printk(KERN_ERR "%s: ESS:[%pM] does not have any "
+				"outstanding frames in this queue (%d).\n",
+				wiphy_name(ar->hw->wiphy), mac, queue);
+	}
+#endif /* AR9170_QUEUE_DEBUG */
+
+	return skb;
+}
+
+/*
+ * This worker tries to keep the global tx_status queue empty.
+ * So we can guarantee that incoming tx_status reports for
+ * unregistered stations are always synced with the actual
+ * frame - which we think - belongs to.
+ */
+
+static void ar9170_tx_status_janitor(struct work_struct *work)
+{
+	struct ar9170 *ar = container_of(work, struct ar9170,
+					 filter_config_work);
+	struct sk_buff *skb;
+
+	/* recycle the garbage back to mac80211... one by one. */
+	while ((skb = skb_dequeue(&ar->global_tx_status_waste))) {
+#ifdef AR9170_QUEUE_DEBUG
+		printk(KERN_DEBUG "%s: dispose queued frame =>\n",
+		       wiphy_name(ar->hw->wiphy));
+		ar9170_print_txheader(ar, skb);
+#endif /* AR9170_QUEUE_DEBUG */
+		ar9170_handle_tx_status(ar, skb, false,
+					AR9170_TX_STATUS_FAILED);
+	}
+
+
+
+	while ((skb = skb_dequeue(&ar->global_tx_status))) {
+#ifdef AR9170_QUEUE_DEBUG
+		printk(KERN_DEBUG "%s: moving frame into waste queue =>\n",
+		       wiphy_name(ar->hw->wiphy));
+
+		ar9170_print_txheader(ar, skb);
+#endif /* AR9170_QUEUE_DEBUG */
+		skb_queue_tail(&ar->global_tx_status_waste, skb);
+	}
+
+	/* recall the janitor in 100ms - if there's garbage in the can. */
+	if (skb_queue_len(&ar->global_tx_status_waste) > 0)
+		queue_delayed_work(ar->hw->workqueue, &ar->tx_status_janitor,
+				   msecs_to_jiffies(100));
+}
+
+static void ar9170_handle_command_response(struct ar9170 *ar,
+					   void *buf, u32 len)
+{
+	struct ar9170_cmd_response *cmd = (void *) buf;
+
+	if ((cmd->type & 0xc0) != 0xc0) {
+		ar->callback_cmd(ar, len, buf);
+		return;
+	}
+
+	/* hardware event handlers */
+	switch (cmd->type) {
+	case 0xc1: {
+		/*
+		 * TX status notification:
+		 * bytes: 0c c1 XX YY M1 M2 M3 M4 M5 M6 R4 R3 R2 R1 S2 S1
+		 *
+		 * XX always 81
+		 * YY always 00
+		 * M1-M6 is the MAC address
+		 * R1-R4 is the transmit rate
+		 * S1-S2 is the transmit status
+		 */
+
+		struct sk_buff *skb;
+		u32 queue = (le32_to_cpu(cmd->tx_status.rate) &
+			    AR9170_TX_PHY_QOS_MASK) >> AR9170_TX_PHY_QOS_SHIFT;
+
+		skb = ar9170_find_queued_skb(ar, cmd->tx_status.dst, queue);
+		if (unlikely(!skb))
+			return ;
+
+		ar9170_handle_tx_status(ar, skb, true,
+					le16_to_cpu(cmd->tx_status.status));
+		break;
+		}
+
+	case 0xc0:
+		/*
+		 * pre-TBTT event
+		 */
+		if (ar->vif && ar->vif->type == NL80211_IFTYPE_AP)
+			queue_work(ar->hw->workqueue, &ar->beacon_work);
+		break;
+
+	case 0xc2:
+		/*
+		 * (IBSS) beacon send notification
+		 * bytes: 04 c2 XX YY B4 B3 B2 B1
+		 *
+		 * XX always 80
+		 * YY always 00
+		 * B1-B4 "should" be the number of send out beacons.
+		 */
+		break;
+
+	case 0xc3:
+		/* End of Atim Window */
+		break;
+
+	case 0xc4:
+	case 0xc5:
+		/* BlockACK events */
+		break;
+
+	case 0xc6:
+		/* Watchdog Interrupt */
+		break;
+
+	case 0xc9:
+		/* retransmission issue / SIFS/EIFS collision ?! */
+		break;
+
+	default:
+		printk(KERN_INFO "received unhandled event %x\n", cmd->type);
+		print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len);
+		break;
+	}
+}
+
+/*
+ * If the frame alignment is right (or the kernel has
+ * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there
+ * is only a single MPDU in the USB frame, then we can
+ * submit to mac80211 the SKB directly. However, since
+ * there may be multiple packets in one SKB in stream
+ * mode, and we need to observe the proper ordering,
+ * this is non-trivial.
+ */
+static void ar9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len)
+{
+	struct sk_buff *skb;
+	struct ar9170_rx_head *head = (void *)buf;
+	struct ar9170_rx_tail *tail;
+	struct ieee80211_rx_status status;
+	int mpdu_len, i;
+	u8 error, antennas = 0, decrypt;
+	__le16 fc;
+	int reserved;
+
+	if (unlikely(!IS_STARTED(ar)))
+		return ;
+
+	/* Received MPDU */
+	mpdu_len = len;
+	mpdu_len -= sizeof(struct ar9170_rx_head);
+	mpdu_len -= sizeof(struct ar9170_rx_tail);
+	BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12);
+	BUILD_BUG_ON(sizeof(struct ar9170_rx_tail) != 24);
+
+	if (mpdu_len <= FCS_LEN)
+		return;
+
+	tail = (void *)(buf + sizeof(struct ar9170_rx_head) + mpdu_len);
+
+	for (i = 0; i < 3; i++)
+		if (tail->rssi[i] != 0x80)
+			antennas |= BIT(i);
+
+	/* post-process RSSI */
+	for (i = 0; i < 7; i++)
+		if (tail->rssi[i] & 0x80)
+			tail->rssi[i] = ((tail->rssi[i] & 0x7f) + 1) & 0x7f;
+
+	memset(&status, 0, sizeof(status));
+
+	status.band = ar->channel->band;
+	status.freq = ar->channel->center_freq;
+	status.signal = ar->noise[0] + tail->rssi_combined;
+	status.noise = ar->noise[0];
+	status.antenna = antennas;
+
+	switch (tail->status & AR9170_RX_STATUS_MODULATION_MASK) {
+	case AR9170_RX_STATUS_MODULATION_CCK:
+		if (tail->status & AR9170_RX_STATUS_SHORT_PREAMBLE)
+			status.flag |= RX_FLAG_SHORTPRE;
+		switch (head->plcp[0]) {
+		case 0x0a:
+			status.rate_idx = 0;
+			break;
+		case 0x14:
+			status.rate_idx = 1;
+			break;
+		case 0x37:
+			status.rate_idx = 2;
+			break;
+		case 0x6e:
+			status.rate_idx = 3;
+			break;
+		default:
+			if ((!ar->sniffer_enabled) && (net_ratelimit()))
+				printk(KERN_ERR "%s: invalid plcp cck rate "
+				       "(%x).\n", wiphy_name(ar->hw->wiphy),
+				       head->plcp[0]);
+			return;
+		}
+		break;
+	case AR9170_RX_STATUS_MODULATION_OFDM:
+		switch (head->plcp[0] & 0xF) {
+		case 0xB:
+			status.rate_idx = 0;
+			break;
+		case 0xF:
+			status.rate_idx = 1;
+			break;
+		case 0xA:
+			status.rate_idx = 2;
+			break;
+		case 0xE:
+			status.rate_idx = 3;
+			break;
+		case 0x9:
+			status.rate_idx = 4;
+			break;
+		case 0xD:
+			status.rate_idx = 5;
+			break;
+		case 0x8:
+			status.rate_idx = 6;
+			break;
+		case 0xC:
+			status.rate_idx = 7;
+			break;
+		default:
+			if ((!ar->sniffer_enabled) && (net_ratelimit()))
+				printk(KERN_ERR "%s: invalid plcp ofdm rate "
+				       "(%x).\n", wiphy_name(ar->hw->wiphy),
+				       head->plcp[0]);
+			return;
+		}
+		if (status.band == IEEE80211_BAND_2GHZ)
+			status.rate_idx += 4;
+		break;
+	case AR9170_RX_STATUS_MODULATION_HT:
+	case AR9170_RX_STATUS_MODULATION_DUPOFDM:
+		/* XXX */
+
+		if (net_ratelimit())
+			printk(KERN_ERR "%s: invalid modulation\n",
+			       wiphy_name(ar->hw->wiphy));
+		return;
+	}
+
+	error = tail->error;
+
+	if (error & AR9170_RX_ERROR_MMIC) {
+		status.flag |= RX_FLAG_MMIC_ERROR;
+		error &= ~AR9170_RX_ERROR_MMIC;
+	}
+
+	if (error & AR9170_RX_ERROR_PLCP) {
+		status.flag |= RX_FLAG_FAILED_PLCP_CRC;
+		error &= ~AR9170_RX_ERROR_PLCP;
+	}
+
+	if (error & AR9170_RX_ERROR_FCS) {
+		status.flag |= RX_FLAG_FAILED_FCS_CRC;
+		error &= ~AR9170_RX_ERROR_FCS;
+	}
+
+	decrypt = ar9170_get_decrypt_type(tail);
+	if (!(decrypt & AR9170_RX_ENC_SOFTWARE) &&
+	    decrypt != AR9170_ENC_ALG_NONE)
+		status.flag |= RX_FLAG_DECRYPTED;
+
+	/* ignore wrong RA errors */
+	error &= ~AR9170_RX_ERROR_WRONG_RA;
+
+	if (error & AR9170_RX_ERROR_DECRYPT) {
+		error &= ~AR9170_RX_ERROR_DECRYPT;
+
+		/*
+		 * Rx decryption is done in place,
+		 * the original data is lost anyway.
+		 */
+		return ;
+	}
+
+	/* drop any other error frames */
+	if ((error) && (net_ratelimit())) {
+		printk(KERN_DEBUG "%s: errors: %#x\n",
+		       wiphy_name(ar->hw->wiphy), error);
+		return;
+	}
+
+	buf += sizeof(struct ar9170_rx_head);
+	fc = *(__le16 *)buf;
+
+	if (ieee80211_is_data_qos(fc) ^ ieee80211_has_a4(fc))
+		reserved = 32 + 2;
+	else
+		reserved = 32;
+
+	skb = dev_alloc_skb(mpdu_len + reserved);
+	if (!skb)
+		return;
+
+	skb_reserve(skb, reserved);
+	memcpy(skb_put(skb, mpdu_len), buf, mpdu_len);
+	ieee80211_rx_irqsafe(ar->hw, skb, &status);
+}
+
+/*
+ * TODO:
+ * It looks like AR9170 supports more than just the USB transport interface.
+ * Unfortunately, there is no available information what parts of the
+ * precendent and following code fragments is device specific and what not.
+ * For now, everything stays here, until some SPI chips pop up.
+ */
+void ar9170_rx(struct ar9170 *ar, struct sk_buff *skb)
+{
+	unsigned int i, tlen, resplen;
+	u8 *tbuf, *respbuf;
+
+	tbuf = skb->data;
+	tlen = skb->len;
+
+	while (tlen >= 4) {
+		int clen = tbuf[1] << 8 | tbuf[0];
+		int wlen = (clen + 3) & ~3;
+
+		/*
+		 * parse stream (if any)
+		 */
+		if (tbuf[2] != 0 || tbuf[3] != 0x4e) {
+			printk(KERN_ERR "%s: missing tag!\n",
+			       wiphy_name(ar->hw->wiphy));
+			return ;
+		}
+		if (wlen > tlen - 4) {
+			printk(KERN_ERR "%s: invalid RX (%d, %d, %d)\n",
+			       wiphy_name(ar->hw->wiphy), clen, wlen, tlen);
+			print_hex_dump(KERN_DEBUG, "data: ",
+				       DUMP_PREFIX_OFFSET,
+				       16, 1, tbuf, tlen, true);
+			return ;
+		}
+		resplen = clen;
+		respbuf = tbuf + 4;
+		tbuf += wlen + 4;
+		tlen -= wlen + 4;
+
+		i = 0;
+
+		/* weird thing, but this is the same in the original driver */
+		while (resplen > 2 && i < 12 &&
+		       respbuf[0] == 0xff && respbuf[1] == 0xff) {
+			i += 2;
+			resplen -= 2;
+			respbuf += 2;
+		}
+
+		if (resplen < 4)
+			continue;
+
+		/* found the 6 * 0xffff marker? */
+		if (i == 12)
+			ar9170_handle_command_response(ar, respbuf, resplen);
+		else
+			ar9170_handle_mpdu(ar, respbuf, resplen);
+	}
+
+	if (tlen)
+		printk(KERN_ERR "%s: buffer remains!\n",
+		       wiphy_name(ar->hw->wiphy));
+}
+EXPORT_SYMBOL_GPL(ar9170_rx);
+
+#define AR9170_FILL_QUEUE(queue, ai_fs, cwmin, cwmax, _txop)		\
+do {									\
+	queue.aifs = ai_fs;						\
+	queue.cw_min = cwmin;						\
+	queue.cw_max = cwmax;						\
+	queue.txop = _txop;						\
+} while (0)
+
+static int ar9170_op_start(struct ieee80211_hw *hw)
+{
+	struct ar9170 *ar = hw->priv;
+	int err, i;
+
+	mutex_lock(&ar->mutex);
+
+	/* reinitialize queues statistics */
+	memset(&ar->tx_stats, 0, sizeof(ar->tx_stats));
+	for (i = 0; i < ARRAY_SIZE(ar->tx_stats); i++)
+		ar->tx_stats[i].limit = 8;
+
+	/* reset QoS defaults */
+	AR9170_FILL_QUEUE(ar->edcf[0], 3, 15, 1023,  0); /* BEST EFFORT*/
+	AR9170_FILL_QUEUE(ar->edcf[1], 7, 15, 1023,  0); /* BACKGROUND */
+	AR9170_FILL_QUEUE(ar->edcf[2], 2, 7,    15, 94); /* VIDEO */
+	AR9170_FILL_QUEUE(ar->edcf[3], 2, 3,     7, 47); /* VOICE */
+	AR9170_FILL_QUEUE(ar->edcf[4], 2, 3,     7,  0); /* SPECIAL */
+
+	err = ar->open(ar);
+	if (err)
+		goto out;
+
+	err = ar9170_init_mac(ar);
+	if (err)
+		goto out;
+
+	err = ar9170_set_qos(ar);
+	if (err)
+		goto out;
+
+	err = ar9170_init_phy(ar, IEEE80211_BAND_2GHZ);
+	if (err)
+		goto out;
+
+	err = ar9170_init_rf(ar);
+	if (err)
+		goto out;
+
+	/* start DMA */
+	err = ar9170_write_reg(ar, 0x1c3d30, 0x100);
+	if (err)
+		goto out;
+
+	ar->state = AR9170_STARTED;
+
+out:
+	mutex_unlock(&ar->mutex);
+	return err;
+}
+
+static void ar9170_op_stop(struct ieee80211_hw *hw)
+{
+	struct ar9170 *ar = hw->priv;
+
+	if (IS_STARTED(ar))
+		ar->state = AR9170_IDLE;
+
+	mutex_lock(&ar->mutex);
+
+	cancel_delayed_work_sync(&ar->tx_status_janitor);
+	cancel_work_sync(&ar->filter_config_work);
+	cancel_work_sync(&ar->beacon_work);
+	skb_queue_purge(&ar->global_tx_status_waste);
+	skb_queue_purge(&ar->global_tx_status);
+
+	if (IS_ACCEPTING_CMD(ar)) {
+		ar9170_set_leds_state(ar, 0);
+
+		/* stop DMA */
+		ar9170_write_reg(ar, 0x1c3d30, 0);
+		ar->stop(ar);
+	}
+
+	mutex_unlock(&ar->mutex);
+}
+
+int ar9170_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
+{
+	struct ar9170 *ar = hw->priv;
+	struct ieee80211_hdr *hdr;
+	struct ar9170_tx_control *txc;
+	struct ieee80211_tx_info *info;
+	struct ieee80211_rate *rate = NULL;
+	struct ieee80211_tx_rate *txrate;
+	unsigned int queue = skb_get_queue_mapping(skb);
+	unsigned long flags = 0;
+	struct ar9170_sta_info *sta_info = NULL;
+	u32 power, chains;
+	u16 keytype = 0;
+	u16 len, icv = 0;
+	int err;
+	bool tx_status;
+
+	if (unlikely(!IS_STARTED(ar)))
+		goto err_free;
+
+	hdr = (void *)skb->data;
+	info = IEEE80211_SKB_CB(skb);
+	len = skb->len;
+
+	spin_lock_irqsave(&ar->tx_stats_lock, flags);
+	if (ar->tx_stats[queue].limit < ar->tx_stats[queue].len) {
+		spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
+		return NETDEV_TX_OK;
+	}
+
+	ar->tx_stats[queue].len++;
+	ar->tx_stats[queue].count++;
+	if (ar->tx_stats[queue].limit == ar->tx_stats[queue].len)
+		ieee80211_stop_queue(hw, queue);
+
+	spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
+
+	txc = (void *)skb_push(skb, sizeof(*txc));
+
+	tx_status = (((info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) != 0) ||
+		    ((info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS) != 0));
+
+	if (info->control.hw_key) {
+		icv = info->control.hw_key->icv_len;
+
+		switch (info->control.hw_key->alg) {
+		case ALG_WEP:
+			keytype = AR9170_TX_MAC_ENCR_RC4;
+			break;
+		case ALG_TKIP:
+			keytype = AR9170_TX_MAC_ENCR_RC4;
+			break;
+		case ALG_CCMP:
+			keytype = AR9170_TX_MAC_ENCR_AES;
+			break;
+		default:
+			WARN_ON(1);
+			goto err_dequeue;
+		}
+	}
+
+	/* Length */
+	txc->length = cpu_to_le16(len + icv + 4);
+
+	txc->mac_control = cpu_to_le16(AR9170_TX_MAC_HW_DURATION |
+				       AR9170_TX_MAC_BACKOFF);
+	txc->mac_control |= cpu_to_le16(ar9170_qos_hwmap[queue] <<
+					AR9170_TX_MAC_QOS_SHIFT);
+	txc->mac_control |= cpu_to_le16(keytype);
+	txc->phy_control = cpu_to_le32(0);
+
+	if (info->flags & IEEE80211_TX_CTL_NO_ACK)
+		txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_NO_ACK);
+
+	if (info->flags & IEEE80211_TX_CTL_AMPDU)
+		txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_AGGR);
+
+	txrate = &info->control.rates[0];
+
+	if (txrate->flags & IEEE80211_TX_RC_USE_CTS_PROTECT)
+		txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS);
+	else if (txrate->flags & IEEE80211_TX_RC_USE_RTS_CTS)
+		txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS);
+
+	if (txrate->flags & IEEE80211_TX_RC_GREEN_FIELD)
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_GREENFIELD);
+
+	if (txrate->flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_SHORT_PREAMBLE);
+
+	if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ);
+	/* this works because 40 MHz is 2 and dup is 3 */
+	if (txrate->flags & IEEE80211_TX_RC_DUP_DATA)
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_BW_40MHZ_DUP);
+
+	if (txrate->flags & IEEE80211_TX_RC_SHORT_GI)
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_SHORT_GI);
+
+	if (txrate->flags & IEEE80211_TX_RC_MCS) {
+		u32 r = txrate->idx;
+		u8 *txpower;
+
+		r <<= AR9170_TX_PHY_MCS_SHIFT;
+		if (WARN_ON(r & ~AR9170_TX_PHY_MCS_MASK))
+			goto err_dequeue;
+		txc->phy_control |= cpu_to_le32(r & AR9170_TX_PHY_MCS_MASK);
+		txc->phy_control |= cpu_to_le32(AR9170_TX_PHY_MOD_HT);
+
+		if (txrate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH) {
+			if (info->band == IEEE80211_BAND_5GHZ)
+				txpower = ar->power_5G_ht40;
+			else
+				txpower = ar->power_2G_ht40;
+		} else {
+			if (info->band == IEEE80211_BAND_5GHZ)
+				txpower = ar->power_5G_ht20;
+			else
+				txpower = ar->power_2G_ht20;
+		}
+
+		power = txpower[(txrate->idx) & 7];
+	} else {
+		u8 *txpower;
+		u32 mod;
+		u32 phyrate;
+		u8 idx = txrate->idx;
+
+		if (info->band != IEEE80211_BAND_2GHZ) {
+			idx += 4;
+			txpower = ar->power_5G_leg;
+			mod = AR9170_TX_PHY_MOD_OFDM;
+		} else {
+			if (idx < 4) {
+				txpower = ar->power_2G_cck;
+				mod = AR9170_TX_PHY_MOD_CCK;
+			} else {
+				mod = AR9170_TX_PHY_MOD_OFDM;
+				txpower = ar->power_2G_ofdm;
+			}
+		}
+
+		rate = &__ar9170_ratetable[idx];
+
+		phyrate = rate->hw_value & 0xF;
+		power = txpower[(rate->hw_value & 0x30) >> 4];
+		phyrate <<= AR9170_TX_PHY_MCS_SHIFT;
+
+		txc->phy_control |= cpu_to_le32(mod);
+		txc->phy_control |= cpu_to_le32(phyrate);
+	}
+
+	power <<= AR9170_TX_PHY_TX_PWR_SHIFT;
+	power &= AR9170_TX_PHY_TX_PWR_MASK;
+	txc->phy_control |= cpu_to_le32(power);
+
+	/* set TX chains */
+	if (ar->eeprom.tx_mask == 1) {
+		chains = AR9170_TX_PHY_TXCHAIN_1;
+	} else {
+		chains = AR9170_TX_PHY_TXCHAIN_2;
+
+		/* >= 36M legacy OFDM - use only one chain */
+		if (rate && rate->bitrate >= 360)
+			chains = AR9170_TX_PHY_TXCHAIN_1;
+	}
+	txc->phy_control |= cpu_to_le32(chains << AR9170_TX_PHY_TXCHAIN_SHIFT);
+
+	if (tx_status) {
+		txc->mac_control |= cpu_to_le16(AR9170_TX_MAC_RATE_PROBE);
+		/*
+		 * WARNING:
+		 * Putting the QoS queue bits into an unexplored territory is
+		 * certainly not elegant.
+		 *
+		 * In my defense: This idea provides a reasonable way to
+		 * smuggle valuable information to the tx_status callback.
+		 * Also, the idea behind this bit-abuse came straight from
+		 * the original driver code.
+		 */
+
+		txc->phy_control |=
+			cpu_to_le32(queue << AR9170_TX_PHY_QOS_SHIFT);
+
+		if (info->control.sta) {
+			sta_info = (void *) info->control.sta->drv_priv;
+			skb_queue_tail(&sta_info->tx_status, skb);
+		} else {
+			skb_queue_tail(&ar->global_tx_status, skb);
+
+			queue_delayed_work(ar->hw->workqueue,
+					   &ar->tx_status_janitor,
+					   msecs_to_jiffies(100));
+		}
+	}
+
+	err = ar->tx(ar, skb, tx_status, 0);
+	if (unlikely(tx_status && err)) {
+		if (info->control.sta)
+			skb_unlink(skb, &sta_info->tx_status);
+		else
+			skb_unlink(skb, &ar->global_tx_status);
+	}
+
+	return NETDEV_TX_OK;
+
+err_dequeue:
+	spin_lock_irqsave(&ar->tx_stats_lock, flags);
+	ar->tx_stats[queue].len--;
+	ar->tx_stats[queue].count--;
+	spin_unlock_irqrestore(&ar->tx_stats_lock, flags);
+
+err_free:
+	dev_kfree_skb(skb);
+	return NETDEV_TX_OK;
+}
+
+static int ar9170_op_add_interface(struct ieee80211_hw *hw,
+				   struct ieee80211_if_init_conf *conf)
+{
+	struct ar9170 *ar = hw->priv;
+	int err = 0;
+
+	mutex_lock(&ar->mutex);
+
+	if (ar->vif) {
+		err = -EBUSY;
+		goto unlock;
+	}
+
+	ar->vif = conf->vif;
+	memcpy(ar->mac_addr, conf->mac_addr, ETH_ALEN);
+
+	if (modparam_nohwcrypt || (ar->vif->type != NL80211_IFTYPE_STATION)) {
+		ar->rx_software_decryption = true;
+		ar->disable_offload = true;
+	}
+
+	ar->cur_filter = 0;
+	ar->want_filter = AR9170_MAC_REG_FTF_DEFAULTS;
+	err = ar9170_update_frame_filter(ar);
+	if (err)
+		goto unlock;
+
+	err = ar9170_set_operating_mode(ar);
+
+unlock:
+	mutex_unlock(&ar->mutex);
+	return err;
+}
+
+static void ar9170_op_remove_interface(struct ieee80211_hw *hw,
+				       struct ieee80211_if_init_conf *conf)
+{
+	struct ar9170 *ar = hw->priv;
+
+	mutex_lock(&ar->mutex);
+	ar->vif = NULL;
+	ar->want_filter = 0;
+	ar9170_update_frame_filter(ar);
+	ar9170_set_beacon_timers(ar);
+	dev_kfree_skb(ar->beacon);
+	ar->beacon = NULL;
+	ar->sniffer_enabled = false;
+	ar->rx_software_decryption = false;
+	ar9170_set_operating_mode(ar);
+	mutex_unlock(&ar->mutex);
+}
+
+static int ar9170_op_config(struct ieee80211_hw *hw, u32 changed)
+{
+	struct ar9170 *ar = hw->priv;
+	int err = 0;
+
+	mutex_lock(&ar->mutex);
+
+	if (changed & IEEE80211_CONF_CHANGE_RADIO_ENABLED) {
+		/* TODO */
+		err = 0;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
+		/* TODO */
+		err = 0;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_PS) {
+		/* TODO */
+		err = 0;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_POWER) {
+		/* TODO */
+		err = 0;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS) {
+		/*
+		 * is it long_frame_max_tx_count or short_frame_max_tx_count?
+		 */
+
+		err = ar9170_set_hwretry_limit(ar,
+			ar->hw->conf.long_frame_max_tx_count);
+		if (err)
+			goto out;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_BEACON_INTERVAL) {
+		err = ar9170_set_beacon_timers(ar);
+		if (err)
+			goto out;
+	}
+
+	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
+		err = ar9170_set_channel(ar, hw->conf.channel,
+					 AR9170_RFI_NONE, AR9170_BW_20);
+		if (err)
+			goto out;
+		/* adjust slot time for 5 GHz */
+		if (hw->conf.channel->band == IEEE80211_BAND_5GHZ)
+			err = ar9170_write_reg(ar, AR9170_MAC_REG_SLOT_TIME,
+					       9 << 10);
+	}
+
+out:
+	mutex_unlock(&ar->mutex);
+	return err;
+}
+
+static int ar9170_op_config_interface(struct ieee80211_hw *hw,
+				      struct ieee80211_vif *vif,
+				      struct ieee80211_if_conf *conf)
+{
+	struct ar9170 *ar = hw->priv;
+	int err = 0;
+
+	mutex_lock(&ar->mutex);
+
+	if (conf->changed & IEEE80211_IFCC_BSSID) {
+		memcpy(ar->bssid, conf->bssid, ETH_ALEN);
+		err = ar9170_set_operating_mode(ar);
+	}
+
+	if (conf->changed & IEEE80211_IFCC_BEACON) {
+		err = ar9170_update_beacon(ar);
+
+		if (err)
+			goto out;
+		err = ar9170_set_beacon_timers(ar);
+	}
+
+out:
+	mutex_unlock(&ar->mutex);
+	return err;
+}
+
+static void ar9170_set_filters(struct work_struct *work)
+{
+	struct ar9170 *ar = container_of(work, struct ar9170,
+					 filter_config_work);
+	int err;
+
+	mutex_lock(&ar->mutex);
+	if (unlikely(!IS_STARTED(ar)))
+		goto unlock;
+
+	if (ar->filter_changed & AR9170_FILTER_CHANGED_PROMISC) {
+		err = ar9170_set_operating_mode(ar);
+		if (err)
+			goto unlock;
+	}
+
+	if (ar->filter_changed & AR9170_FILTER_CHANGED_MULTICAST) {
+		err = ar9170_update_multicast(ar);
+		if (err)
+			goto unlock;
+	}
+
+	if (ar->filter_changed & AR9170_FILTER_CHANGED_FRAMEFILTER)
+		err = ar9170_update_frame_filter(ar);
+
+unlock:
+	mutex_unlock(&ar->mutex);
+}
+
+static void ar9170_op_configure_filter(struct ieee80211_hw *hw,
+				       unsigned int changed_flags,
+				       unsigned int *new_flags,
+				       int mc_count, struct dev_mc_list *mclist)
+{
+	struct ar9170 *ar = hw->priv;
+
+	/* mask supported flags */
+	*new_flags &= FIF_ALLMULTI | FIF_CONTROL | FIF_BCN_PRBRESP_PROMISC |
+		      FIF_PROMISC_IN_BSS;
+
+	/*
+	 * We can support more by setting the sniffer bit and
+	 * then checking the error flags, later.
+	 */
+
+	if (changed_flags & FIF_ALLMULTI) {
+		if (*new_flags & FIF_ALLMULTI) {
+			ar->want_mc_hash = ~0ULL;
+		} else {
+			u64 mchash;
+			int i;
+
+			/* always get broadcast frames */
+			mchash = 1ULL << (0xff>>2);
+
+			for (i = 0; i < mc_count; i++) {
+				if (WARN_ON(!mclist))
+					break;
+				mchash |= 1ULL << (mclist->dmi_addr[5] >> 2);
+				mclist = mclist->next;
+			}
+		ar->want_mc_hash = mchash;
+		}
+		ar->filter_changed |= AR9170_FILTER_CHANGED_MULTICAST;
+	}
+
+	if (changed_flags & FIF_CONTROL) {
+		u32 filter = AR9170_MAC_REG_FTF_PSPOLL |
+			     AR9170_MAC_REG_FTF_RTS |
+			     AR9170_MAC_REG_FTF_CTS |
+			     AR9170_MAC_REG_FTF_ACK |
+			     AR9170_MAC_REG_FTF_CFE |
+			     AR9170_MAC_REG_FTF_CFE_ACK;
+
+		if (*new_flags & FIF_CONTROL)
+			ar->want_filter = ar->cur_filter | filter;
+		else
+			ar->want_filter = ar->cur_filter & ~filter;
+
+		ar->filter_changed |= AR9170_FILTER_CHANGED_FRAMEFILTER;
+	}
+
+	if (changed_flags & FIF_PROMISC_IN_BSS) {
+		ar->sniffer_enabled = ((*new_flags) & FIF_PROMISC_IN_BSS) != 0;
+		ar->filter_changed |= AR9170_FILTER_CHANGED_PROMISC;
+	}
+
+	if (likely(IS_STARTED(ar)))
+		queue_work(ar->hw->workqueue, &ar->filter_config_work);
+}
+
+static void ar9170_op_bss_info_changed(struct ieee80211_hw *hw,
+				       struct ieee80211_vif *vif,
+				       struct ieee80211_bss_conf *bss_conf,
+				       u32 changed)
+{
+	struct ar9170 *ar = hw->priv;
+	int err = 0;
+
+	mutex_lock(&ar->mutex);
+
+	ar9170_regwrite_begin(ar);
+
+	if (changed & BSS_CHANGED_ASSOC) {
+		ar->state = bss_conf->assoc ? AR9170_ASSOCIATED : ar->state;
+
+#ifndef CONFIG_AR9170_LEDS
+		/* enable assoc LED. */
+		err = ar9170_set_leds_state(ar, bss_conf->assoc ? 2 : 0);
+#endif /* CONFIG_AR9170_LEDS */
+	}
+
+	if (changed & BSS_CHANGED_HT) {
+		/* TODO */
+		err = 0;
+	}
+
+	if (changed & BSS_CHANGED_ERP_SLOT) {
+		u32 slottime = 20;
+
+		if (bss_conf->use_short_slot)
+			slottime = 9;
+
+		ar9170_regwrite(AR9170_MAC_REG_SLOT_TIME, slottime << 10);
+	}
+
+	if (changed & BSS_CHANGED_BASIC_RATES) {
+		u32 cck, ofdm;
+
+		if (hw->conf.channel->band == IEEE80211_BAND_5GHZ) {
+			ofdm = bss_conf->basic_rates;
+			cck = 0;
+		} else {
+			/* four cck rates */
+			cck = bss_conf->basic_rates & 0xf;
+			ofdm = bss_conf->basic_rates >> 4;
+		}
+		ar9170_regwrite(AR9170_MAC_REG_BASIC_RATE,
+				ofdm << 8 | cck);
+	}
+
+	ar9170_regwrite_finish();
+	err = ar9170_regwrite_result();
+	mutex_unlock(&ar->mutex);
+}
+
+static u64 ar9170_op_get_tsf(struct ieee80211_hw *hw)
+{
+	struct ar9170 *ar = hw->priv;
+	int err;
+	u32 tsf_low;
+	u32 tsf_high;
+	u64 tsf;
+
+	mutex_lock(&ar->mutex);
+	err = ar9170_read_reg(ar, AR9170_MAC_REG_TSF_L, &tsf_low);
+	if (!err)
+		err = ar9170_read_reg(ar, AR9170_MAC_REG_TSF_H, &tsf_high);
+	mutex_unlock(&ar->mutex);
+
+	if (WARN_ON(err))
+		return 0;
+
+	tsf = tsf_high;
+	tsf = (tsf << 32) | tsf_low;
+	return tsf;
+}
+
+static int ar9170_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
+			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
+			  struct ieee80211_key_conf *key)
+{
+	struct ar9170 *ar = hw->priv;
+	int err = 0, i;
+	u8 ktype;
+
+	if ((!ar->vif) || (ar->disable_offload))
+		return -EOPNOTSUPP;
+
+	switch (key->alg) {
+	case ALG_WEP:
+		if (key->keylen == LEN_WEP40)
+			ktype = AR9170_ENC_ALG_WEP64;
+		else
+			ktype = AR9170_ENC_ALG_WEP128;
+		break;
+	case ALG_TKIP:
+		ktype = AR9170_ENC_ALG_TKIP;
+		break;
+	case ALG_CCMP:
+		ktype = AR9170_ENC_ALG_AESCCMP;
+		break;
+	default:
+		return -EOPNOTSUPP;
+	}
+
+	mutex_lock(&ar->mutex);
+	if (cmd == SET_KEY) {
+		if (unlikely(!IS_STARTED(ar))) {
+			err = -EOPNOTSUPP;
+			goto out;
+		}
+
+		/* group keys need all-zeroes address */
+		if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+			sta = NULL;
+
+		if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
+			for (i = 0; i < 64; i++)
+				if (!(ar->usedkeys & BIT(i)))
+					break;
+			if (i == 64) {
+				ar->rx_software_decryption = true;
+				ar9170_set_operating_mode(ar);
+				err = -ENOSPC;
+				goto out;
+			}
+		} else {
+			i = 64 + key->keyidx;
+		}
+
+		key->hw_key_idx = i;
+
+		err = ar9170_upload_key(ar, i, sta ? sta->addr : NULL, ktype, 0,
+					key->key, min_t(u8, 16, key->keylen));
+		if (err)
+			goto out;
+
+		if (key->alg == ALG_TKIP) {
+			err = ar9170_upload_key(ar, i, sta ? sta->addr : NULL,
+						ktype, 1, key->key + 16, 16);
+			if (err)
+				goto out;
+
+			/*
+			 * hardware is not capable generating the MMIC
+			 * for fragmented frames!
+			 */
+			key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
+		}
+
+		if (i < 64)
+			ar->usedkeys |= BIT(i);
+
+		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
+	} else {
+		if (unlikely(!IS_STARTED(ar))) {
+			/* The device is gone... together with the key ;-) */
+			err = 0;
+			goto out;
+		}
+
+		err = ar9170_disable_key(ar, key->hw_key_idx);
+		if (err)
+			goto out;
+
+		if (key->hw_key_idx < 64) {
+			ar->usedkeys &= ~BIT(key->hw_key_idx);
+		} else {
+			err = ar9170_upload_key(ar, key->hw_key_idx, NULL,
+						AR9170_ENC_ALG_NONE, 0,
+						NULL, 0);
+			if (err)
+				goto out;
+
+			if (key->alg == ALG_TKIP) {
+				err = ar9170_upload_key(ar, key->hw_key_idx,
+							NULL,
+							AR9170_ENC_ALG_NONE, 1,
+							NULL, 0);
+				if (err)
+					goto out;
+			}
+
+		}
+	}
+
+	ar9170_regwrite_begin(ar);
+	ar9170_regwrite(AR9170_MAC_REG_ROLL_CALL_TBL_L, ar->usedkeys);
+	ar9170_regwrite(AR9170_MAC_REG_ROLL_CALL_TBL_H, ar->usedkeys >> 32);
+	ar9170_regwrite_finish();
+	err = ar9170_regwrite_result();
+
+out:
+	mutex_unlock(&ar->mutex);
+
+	return err;
+}
+
+static void ar9170_sta_notify(struct ieee80211_hw *hw,
+			      struct ieee80211_vif *vif,
+			      enum sta_notify_cmd cmd,
+			      struct ieee80211_sta *sta)
+{
+	struct ar9170 *ar = hw->priv;
+	struct ar9170_sta_info *info = (void *) sta->drv_priv;
+	struct sk_buff *skb;
+
+	switch (cmd) {
+	case STA_NOTIFY_ADD:
+		skb_queue_head_init(&info->tx_status);
+
+		/*
+		 * do we already have a frame that needs tx_status
+		 * from this station in our queue?
+		 * If so then transfer them to the new station queue.
+		 */
+
+		/* preserve the correct order - check the waste bin first */
+		while ((skb = ar9170_find_skb_in_queue_by_mac(ar, sta->addr,
+				&ar->global_tx_status_waste)))
+			skb_queue_tail(&info->tx_status, skb);
+
+		/* now the still pending frames */
+		while ((skb = ar9170_find_skb_in_queue_by_mac(ar, sta->addr,
+				&ar->global_tx_status)))
+			skb_queue_tail(&info->tx_status, skb);
+
+#ifdef AR9170_QUEUE_DEBUG
+		printk(KERN_DEBUG "%s: STA[%pM] has %d queued frames =>\n",
+		       wiphy_name(ar->hw->wiphy), sta->addr,
+		       skb_queue_len(&info->tx_status));
+
+		ar9170_dump_station_tx_status_queue(ar, &info->tx_status);
+#endif /* AR9170_QUEUE_DEBUG */
+
+
+		break;
+
+	case STA_NOTIFY_REMOVE:
+
+		/*
+		 * transfer all outstanding frames that need a tx_status
+		 * reports to the fallback queue
+		 */
+
+		while ((skb = skb_dequeue(&ar->global_tx_status))) {
+#ifdef AR9170_QUEUE_DEBUG
+			printk(KERN_DEBUG "%s: queueing frame in global "
+					  "tx_status queue =>\n",
+			       wiphy_name(ar->hw->wiphy));
+
+			ar9170_print_txheader(ar, skb);
+#endif /* AR9170_QUEUE_DEBUG */
+			skb_queue_tail(&ar->global_tx_status_waste, skb);
+		}
+		break;
+
+	default:
+		break;
+	}
+}
+
+static int ar9170_get_stats(struct ieee80211_hw *hw,
+			    struct ieee80211_low_level_stats *stats)
+{
+	struct ar9170 *ar = hw->priv;
+	u32 val;
+	int err;
+
+	mutex_lock(&ar->mutex);
+	err = ar9170_read_reg(ar, AR9170_MAC_REG_TX_RETRY, &val);
+	ar->stats.dot11ACKFailureCount += val;
+
+	memcpy(stats, &ar->stats, sizeof(*stats));
+	mutex_unlock(&ar->mutex);
+
+	return 0;
+}
+
+static int ar9170_get_tx_stats(struct ieee80211_hw *hw,
+			       struct ieee80211_tx_queue_stats *tx_stats)
+{
+	struct ar9170 *ar = hw->priv;
+
+	spin_lock_bh(&ar->tx_stats_lock);
+	memcpy(tx_stats, ar->tx_stats, sizeof(tx_stats[0]) * hw->queues);
+	spin_unlock_bh(&ar->tx_stats_lock);
+
+	return 0;
+}
+
+static int ar9170_conf_tx(struct ieee80211_hw *hw, u16 queue,
+			  const struct ieee80211_tx_queue_params *param)
+{
+	struct ar9170 *ar = hw->priv;
+	int ret;
+
+	mutex_lock(&ar->mutex);
+	if ((param) && !(queue > 4)) {
+		memcpy(&ar->edcf[ar9170_qos_hwmap[queue]],
+		       param, sizeof(*param));
+
+		ret = ar9170_set_qos(ar);
+	} else
+		ret = -EINVAL;
+
+	mutex_unlock(&ar->mutex);
+	return ret;
+}
+
+static const struct ieee80211_ops ar9170_ops = {
+	.start			= ar9170_op_start,
+	.stop			= ar9170_op_stop,
+	.tx			= ar9170_op_tx,
+	.add_interface		= ar9170_op_add_interface,
+	.remove_interface	= ar9170_op_remove_interface,
+	.config			= ar9170_op_config,
+	.config_interface	= ar9170_op_config_interface,
+	.configure_filter	= ar9170_op_configure_filter,
+	.conf_tx		= ar9170_conf_tx,
+	.bss_info_changed	= ar9170_op_bss_info_changed,
+	.get_tsf		= ar9170_op_get_tsf,
+	.set_key		= ar9170_set_key,
+	.sta_notify		= ar9170_sta_notify,
+	.get_stats		= ar9170_get_stats,
+	.get_tx_stats		= ar9170_get_tx_stats,
+};
+
+void *ar9170_alloc(size_t priv_size)
+{
+	struct ieee80211_hw *hw;
+	struct ar9170 *ar;
+	int i;
+
+	hw = ieee80211_alloc_hw(priv_size, &ar9170_ops);
+	if (!hw)
+		return ERR_PTR(-ENOMEM);
+
+	ar = hw->priv;
+	ar->hw = hw;
+
+	mutex_init(&ar->mutex);
+	spin_lock_init(&ar->cmdlock);
+	spin_lock_init(&ar->tx_stats_lock);
+	skb_queue_head_init(&ar->global_tx_status);
+	skb_queue_head_init(&ar->global_tx_status_waste);
+	INIT_WORK(&ar->filter_config_work, ar9170_set_filters);
+	INIT_WORK(&ar->beacon_work, ar9170_new_beacon);
+	INIT_DELAYED_WORK(&ar->tx_status_janitor, ar9170_tx_status_janitor);
+
+	/* all hw supports 2.4 GHz, so set channel to 1 by default */
+	ar->channel = &ar9170_2ghz_chantable[0];
+
+	/* first part of wiphy init */
+	ar->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
+					 BIT(NL80211_IFTYPE_WDS) |
+					 BIT(NL80211_IFTYPE_ADHOC);
+	ar->hw->flags |= IEEE80211_HW_RX_INCLUDES_FCS |
+			 IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING |
+			 IEEE80211_HW_SIGNAL_DBM |
+			 IEEE80211_HW_NOISE_DBM;
+
+	ar->hw->queues = 4;
+	ar->hw->extra_tx_headroom = 8;
+	ar->hw->sta_data_size = sizeof(struct ar9170_sta_info);
+
+	ar->hw->max_rates = 1;
+	ar->hw->max_rate_tries = 3;
+
+	for (i = 0; i < ARRAY_SIZE(ar->noise); i++)
+		ar->noise[i] = -95; /* ATH_DEFAULT_NOISE_FLOOR */
+
+	return ar;
+}
+EXPORT_SYMBOL_GPL(ar9170_alloc);
+
+static int ar9170_read_eeprom(struct ar9170 *ar)
+{
+#define RW	8	/* number of words to read at once */
+#define RB	(sizeof(u32) * RW)
+	DECLARE_MAC_BUF(mbuf);
+	u8 *eeprom = (void *)&ar->eeprom;
+	u8 *addr = ar->eeprom.mac_address;
+	__le32 offsets[RW];
+	int i, j, err, bands = 0;
+
+	BUILD_BUG_ON(sizeof(ar->eeprom) & 3);
+
+	BUILD_BUG_ON(RB > AR9170_MAX_CMD_LEN - 4);
+#ifndef __CHECKER__
+	/* don't want to handle trailing remains */
+	BUILD_BUG_ON(sizeof(ar->eeprom) % RB);
+#endif
+
+	for (i = 0; i < sizeof(ar->eeprom)/RB; i++) {
+		for (j = 0; j < RW; j++)
+			offsets[j] = cpu_to_le32(AR9170_EEPROM_START +
+						 RB * i + 4 * j);
+
+		err = ar->exec_cmd(ar, AR9170_CMD_RREG,
+				   RB, (u8 *) &offsets,
+				   RB, eeprom + RB * i);
+		if (err)
+			return err;
+	}
+
+#undef RW
+#undef RB
+
+	if (ar->eeprom.length == cpu_to_le16(0xFFFF))
+		return -ENODATA;
+
+	if (ar->eeprom.operating_flags & AR9170_OPFLAG_2GHZ) {
+		ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &ar9170_band_2GHz;
+		bands++;
+	}
+	if (ar->eeprom.operating_flags & AR9170_OPFLAG_5GHZ) {
+		ar->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &ar9170_band_5GHz;
+		bands++;
+	}
+	/*
+	 * I measured this, a bandswitch takes roughly
+	 * 135 ms and a frequency switch about 80.
+	 *
+	 * FIXME: measure these values again once EEPROM settings
+	 *	  are used, that will influence them!
+	 */
+	if (bands == 2)
+		ar->hw->channel_change_time = 135 * 1000;
+	else
+		ar->hw->channel_change_time = 80 * 1000;
+
+	/* second part of wiphy init */
+	SET_IEEE80211_PERM_ADDR(ar->hw, addr);
+
+	return bands ? 0 : -EINVAL;
+}
+
+int ar9170_register(struct ar9170 *ar, struct device *pdev)
+{
+	int err;
+
+	/* try to read EEPROM, init MAC addr */
+	err = ar9170_read_eeprom(ar);
+	if (err)
+		goto err_out;
+
+	err = ieee80211_register_hw(ar->hw);
+	if (err)
+		goto err_out;
+
+	err = ar9170_init_leds(ar);
+	if (err)
+		goto err_unreg;
+
+#ifdef CONFIG_AR9170_LEDS
+	err = ar9170_register_leds(ar);
+	if (err)
+		goto err_unreg;
+#endif /* CONFIG_AR9170_LEDS */
+
+	dev_info(pdev, "Atheros AR9170 is registered as '%s'\n",
+		 wiphy_name(ar->hw->wiphy));
+
+	return err;
+
+err_unreg:
+	ieee80211_unregister_hw(ar->hw);
+
+err_out:
+	return err;
+}
+EXPORT_SYMBOL_GPL(ar9170_register);
+
+void ar9170_unregister(struct ar9170 *ar)
+{
+#ifdef CONFIG_AR9170_LEDS
+	ar9170_unregister_leds(ar);
+#endif /* CONFIG_AR9170_LEDS */
+
+	ieee80211_unregister_hw(ar->hw);
+	mutex_destroy(&ar->mutex);
+}
+EXPORT_SYMBOL_GPL(ar9170_unregister);
+
+static int __init ar9170_init(void)
+{
+	if (modparam_nohwcrypt)
+		printk(KERN_INFO "ar9170: cryptographic acceleration "
+				 "disabled.\n");
+
+	return 0;
+}
+
+static void __exit ar9170_exit(void)
+{
+
+}
+
+module_init(ar9170_init);
+module_exit(ar9170_exit);