MBIM Patch (Round 3)

classic Classic list List threaded Threaded
43 messages Options
123
Reply | Threaded
Open this post in threaded view
|

MBIM Patch (Round 3)

Gerhard Roth-2
Here comes the next version of the MBIM driver.

Changes since last version:

- incorporated suggestions from mpi@

- renamed to "umb"
        Only file "mbim.h" which contains MBIM protocol related stuff
        continues to use "mbim" as prefix.

- No longer takes fake addresses nor does it try to restore them


I would be glad to hear from some people trying this with a real MBIM
device.


Gerhard



Index: sbin/ifconfig/ifconfig.8
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.267
diff -u -p -u -p -r1.267 ifconfig.8
--- sbin/ifconfig/ifconfig.8 6 Apr 2016 10:07:14 -0000 1.267
+++ sbin/ifconfig/ifconfig.8 8 Jun 2016 12:52:59 -0000
@@ -519,6 +519,8 @@ tunnel
 .Xr vxlan 4 )
 .It
 .Xr vlan 4
+.It
+.Xr umb 4
 .El
 .\" BRIDGE
 .Sh BRIDGE
@@ -1645,6 +1647,67 @@ will be assigned 802.1Q tag 5.
 Disassociate from the parent interface.
 This breaks the link between the vlan interface and its parent,
 clears its vlan tag, flags, and link address, and shuts the interface down.
+.El
+.\" UMB
+.Sh UMB
+.nr nS 1
+.Bk -words
+.Nm ifconfig
+.Ar umb-interface
+.Op Cm pin Ar pin
+.Op Cm chgpin Ar oldpin Ar newpin
+.Op Cm puk Ar puk Ar newpin
+.Op Oo Fl Oc Ns Cm apn Ar apn
+.Op Oo Fl Oc Ns Cm class Ar class,class,...
+.Op Oo Fl Oc Ns Cm roaming
+.Ek
+.nr nS 0
+.Pp
+The following options are available for an
+.Xr umb 4
+interface:
+.Bl -tag -width Ds
+.It Cm pin Ar pin
+Enter the PIN required to unlock the SIM card. Most SIM cards will not
+allow to establish a network association without providing a PIN.
+.It Cm chgpin Ar oldpin Ar newpin
+Permanently changes the PIN of the SIM card from the current value
+.Ar oldpin
+to
+.Ar newpin .
+.It Cm puk Ar puk Ar newpin
+Sets the PIN of the SIM card to
+.Ar newpin
+using the PUK
+.Ar puk
+to validate the request.
+.It Cm apn Ar apn
+Set the "Access Point Name" required by your network provider.
+.It Fl apn
+Clear the current "Access Point Name" value.
+.It Cm class
+List all available cell classes.
+.It Cm class Ar class,class,...
+Set the preferred cell classes. Apart from those listed by
+.Nm Cm class
+the following aliases can be used:
+.Ar 4G,
+.Ar 3G,
+and
+.Ar 2G.
+.It Fl class
+Clear any cell class preferences.
+.It Cm roaming
+Enable data roaming.
+.It Fl roaming
+Disable data roaming.
+.It Cm up
+As soon as the interface is marked as "up", the
+.Xr umb 4
+device will try to establish a data connection with the service provider.
+.It Cm down
+Marking the interface as "down" will terminate any existing data connection
+and deregister with the service provider.
 .El
 .Sh EXAMPLES
 Assign the
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.322
diff -u -p -u -p -r1.322 ifconfig.c
--- sbin/ifconfig/ifconfig.c 3 May 2016 17:52:33 -0000 1.322
+++ sbin/ifconfig/ifconfig.c 8 Jun 2016 12:52:59 -0000
@@ -107,6 +107,10 @@
 #include <ifaddrs.h>
 
 #include "brconfig.h"
+#ifndef SMALL
+#include <dev/usb/mbim.h>
+#include <dev/usb/if_umb.h>
+#endif /* SMALL */
 
 #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
@@ -145,6 +149,7 @@ int showmediaflag;
 int showcapsflag;
 int shownet80211chans;
 int shownet80211nodes;
+int showclasses;
 
 void notealias(const char *, int);
 void setifaddr(const char *, int);
@@ -275,6 +280,18 @@ void unsetifdesc(const char *, int);
 void printifhwfeatures(const char *, int);
 void setpair(const char *, int);
 void unsetpair(const char *, int);
+void umb_status(void);
+void umb_printclasses(char *, int);
+int umb_parse_classes(const char *);
+void umb_setpin(const char *, int);
+void umb_chgpin(const char *, const char *);
+void umb_puk(const char *, const char *);
+void umb_pinop(int, int, const char *, const char *);
+void umb_apn(const char *, int);
+void umb_setclass(const char *, int);
+void umb_roaming(const char *, int);
+void utf16_to_char(uint16_t *, int, char *, size_t);
+int char_to_utf16(const char *, uint16_t *, size_t);
 #else
 void setignore(const char *, int);
 #endif
@@ -486,6 +503,15 @@ const struct cmd {
  { "-descr", 1, 0, unsetifdesc },
  { "wol", IFXF_WOL, 0, setifxflags },
  { "-wol", -IFXF_WOL, 0, setifxflags },
+ { "pin", NEXTARG, 0, umb_setpin },
+ { "chgpin", NEXTARG2, 0, NULL, umb_chgpin },
+ { "puk", NEXTARG2, 0, NULL, umb_puk },
+ { "apn", NEXTARG, 0, umb_apn },
+ { "-apn", -1, 0, umb_apn },
+ { "class", NEXTARG0, 0, umb_setclass },
+ { "-class", -1, 0, umb_setclass },
+ { "roaming", 1, 0, umb_roaming },
+ { "-roaming", 0, 0, umb_roaming },
  { "patch", NEXTARG, 0, setpair },
  { "-patch", 1, 0, unsetpair },
 #else /* SMALL */
@@ -2942,6 +2968,7 @@ status(int link, struct sockaddr_dl *sdl
  mpe_status();
  mpw_status();
  pflow_status();
+ umb_status();
 #endif
  trunk_status();
  getifgroups();
@@ -4875,6 +4902,403 @@ setifpriority(const char *id, int param)
  if (ioctl(s, SIOCSIFPRIORITY, (caddr_t)&ifr) < 0)
  warn("SIOCSIFPRIORITY");
 }
+
+
+const struct umb_valdescr umb_regstate[] = MBIM_REGSTATE_DESCRIPTIONS;
+const struct umb_valdescr umb_dataclass[] = MBIM_DATACLASS_DESCRIPTIONS;
+const struct umb_valdescr umb_simstate[] = MBIM_SIMSTATE_DESCRIPTIONS;
+const struct umb_valdescr umb_istate[] = UMB_INTERNAL_STATE_DESCRIPTIONS;
+const struct umb_valdescr umb_pktstate[] = MBIM_PKTSRV_STATE_DESCRIPTIONS;
+const struct umb_valdescr umb_actstate[] = MBIM_ACTIVATION_STATE_DESCRIPTIONS;
+
+const struct umb_valdescr umb_classalias[] = {
+ { MBIM_DATACLASS_GPRS | MBIM_DATACLASS_EDGE, "2g" },
+ { MBIM_DATACLASS_UMTS | MBIM_DATACLASS_HSDPA | MBIM_DATACLASS_HSUPA,
+    "3g" },
+ { MBIM_DATACLASS_LTE, "4g" },
+ { 0, NULL }
+};
+
+int
+umb_descr2val(const struct umb_valdescr *vdp, char *str)
+{
+ while (vdp->descr != NULL) {
+ if (!strcasecmp(vdp->descr, str))
+ return vdp->val;
+ vdp++;
+ }
+ return 0;
+}
+
+void
+umb_status(void)
+{
+ struct umb_info mi;
+ char provider[UMB_PROVIDERNAME_MAXLEN+1];
+ char roamingtxt[UMB_ROAMINGTEXT_MAXLEN+1];
+ char devid[UMB_DEVID_MAXLEN+1];
+ char fwinfo[UMB_FWINFO_MAXLEN+1];
+ char hwinfo[UMB_HWINFO_MAXLEN+1];
+ char sid[UMB_SUBSCRIBERID_MAXLEN+1];
+ char iccid[UMB_ICCID_MAXLEN+1];
+ char apn[UMB_APN_MAXLEN+1];
+ char pn[UMB_PHONENR_MAXLEN+1];
+ int i, n;
+
+ memset((char *)&mi, 0, sizeof(mi));
+ ifr.ifr_data = (caddr_t)&mi;
+ if (ioctl(s, SIOCGUMBINFO, (caddr_t)&ifr) == -1)
+ return;
+
+ if (mi.nwerror) {
+ /* 3GPP 24.008 Cause Code */
+ printf("\terror: ");
+ switch (mi.nwerror) {
+ case 2:
+ printf("SIM not activated");
+ break;
+ case 4:
+ printf("Roaming not supported");
+ break;
+ case 6:
+ printf("SIM reported stolen");
+ break;
+ case 7:
+ printf("No GPRS subscription");
+ break;
+ case 8:
+ printf("GPRS and non-GPRS services not allowed");
+ break;
+ case 11:
+ printf("Subscription expired");
+ break;
+ case 12:
+ printf("Subscription does not cover current location");
+ break;
+ case 13:
+ printf("No roaming in this location");
+ break;
+ case 14:
+ printf("GPRS not supported");
+ break;
+ case 15:
+ printf("No subscription for the service");
+ break;
+ case 17:
+ printf("Registration failed");
+ break;
+ case 22:
+ printf("Network congestion");
+ break;
+ default:
+ printf("Error code %d", mi.nwerror);
+ break;
+ }
+ printf("\n");
+ }
+
+ printf("\troaming %s registration %s",
+    mi.enable_roaming ? "enabled" : "disabled",
+    umb_val2descr(umb_regstate, mi.regstate));
+ utf16_to_char(mi.roamingtxt, UMB_ROAMINGTEXT_MAXLEN,
+    roamingtxt, sizeof (roamingtxt));
+ if (roamingtxt[0])
+ printf(" [%s]", roamingtxt);
+ printf("\n");
+
+ if (showclasses)
+ umb_printclasses("available classes", mi.supportedclasses);
+ printf("\tstate %s cell-class %s",
+    umb_val2descr(umb_istate, mi.state),
+    umb_val2descr(umb_dataclass, mi.highestclass));
+ if (mi.rssi != UMB_VALUE_UNKNOWN && mi.rssi != 0)
+ printf(" rssi %ddBm", mi.rssi);
+ if (mi.uplink_speed != 0 || mi.downlink_speed != 0) {
+ char s[2][FMT_SCALED_STRSIZE];
+ if (fmt_scaled(mi.uplink_speed, s[0]) != 0)
+ snprintf(s[0], sizeof (s[0]), "%llu", mi.uplink_speed);
+ if (fmt_scaled(mi.downlink_speed, s[1]) != 0)
+ snprintf(s[1], sizeof (s[1]), "%llu", mi.downlink_speed);
+ printf(" speed %sps up %sps down", s[0], s[1]);
+ }
+ printf("\n");
+
+ printf("\tSIM %s PIN ", umb_val2descr(umb_simstate, mi.sim_state));
+ switch (mi.pin_state) {
+ case UMB_PIN_REQUIRED:
+ printf("required");
+ break;
+ case UMB_PIN_UNLOCKED:
+ printf("valid");
+ break;
+ case UMB_PUK_REQUIRED:
+ printf("locked (PUK required)");
+ break;
+ default:
+ printf("unkown state (%d)", mi.pin_state);
+ break;
+ }
+ if (mi.pin_attempts_left != UMB_VALUE_UNKNOWN)
+ printf(" (%d attempts left)", mi.pin_attempts_left);
+ printf("\n");
+
+ utf16_to_char(mi.sid, UMB_SUBSCRIBERID_MAXLEN, sid, sizeof (sid));
+ utf16_to_char(mi.iccid, UMB_ICCID_MAXLEN, iccid, sizeof (iccid));
+ utf16_to_char(mi.provider, UMB_PROVIDERNAME_MAXLEN,
+    provider, sizeof (provider));
+ if (sid[0] || iccid[0] || provider[0]) {
+ printf("\t");
+ n = 0;
+ if (sid[0])
+ printf("%ssubscriber-id %s", n++ ? " " : "", sid);
+ if (iccid[0])
+ printf("%sICC-id %s", n++ ? " " : "", iccid);
+ if (provider[0])
+ printf("%sprovider %s", n ? " " : "", provider);
+ printf("\n");
+ }
+
+ utf16_to_char(mi.hwinfo, UMB_HWINFO_MAXLEN, hwinfo, sizeof (hwinfo));
+ utf16_to_char(mi.devid, UMB_DEVID_MAXLEN, devid, sizeof (devid));
+ utf16_to_char(mi.fwinfo, UMB_FWINFO_MAXLEN, fwinfo, sizeof (fwinfo));
+ if (hwinfo[0] || devid[0] || fwinfo[0]) {
+ printf("\t");
+ n = 0;
+ if (hwinfo[0])
+ printf("%sdevice %s", n++ ? " " : "", hwinfo);
+ if (devid[0]) {
+ printf("%s", n++ ? " " : "");
+ switch (mi.cellclass) {
+ case MBIM_CELLCLASS_GSM:
+ printf("IMEI");
+ break;
+ case MBIM_CELLCLASS_CDMA:
+ n = strlen(devid);
+ if (n == 8 || n == 11) {
+ printf("ESN");
+ break;
+ } else if (n == 14 || n == 18) {
+ printf("MEID");
+ break;
+ }
+ /*FALLTHROUGH*/
+ default:
+ printf("ID");
+ break;
+ }
+ printf(" %s", devid);
+ }
+ if (fwinfo[0])
+ printf("%sfirmware %s", n++ ? " " : "", fwinfo);
+ printf("\n");
+ }
+
+ utf16_to_char(mi.pn, UMB_PHONENR_MAXLEN, pn, sizeof (pn));
+ utf16_to_char(mi.apn, UMB_APN_MAXLEN, apn, sizeof (apn));
+ if (pn[0] || apn[0]) {
+ printf("\t");
+ n = 0;
+ if (pn[0])
+ printf("%sphone# +%s", n++ ? " " : "", pn);
+ if (apn[0])
+ printf("%sAPN %s", n++ ? " " : "", apn);
+ printf("\n");
+ }
+
+ for (i = 0, n = 0; i < UMB_MAX_DNSSRV; i++) {
+ if (mi.ipv4dns[i] == INADDR_ANY)
+ break;
+ printf("%s %s", n++ ? "" : "\tdns",
+    inet_ntoa(*(struct in_addr *)&mi.ipv4dns[i]));
+ }
+ if (n)
+ printf("\n");
+}
+
+void
+umb_printclasses(char *tag, int c)
+{
+ int i;
+ char *sep = "";
+
+ printf("\t%s: ", tag);
+ i = 0;
+ while (umb_dataclass[i].descr) {
+ if (umb_dataclass[i].val & c) {
+ printf("%s%s", sep, umb_dataclass[i].descr);
+ sep = ",";
+ }
+ i++;
+ }
+ printf("\n");
+}
+
+int
+umb_parse_classes(const char *spec)
+{
+ char *optlist, *str;
+ int c = 0, v;
+
+ if ((optlist = strdup(spec)) == NULL)
+ err(1, "strdup");
+ str = strtok(optlist, ",");
+ while (str != NULL) {
+ if ((v = umb_descr2val(umb_dataclass, str)) != 0 ||
+    (v = umb_descr2val(umb_classalias, str)) != 0)
+ c |= v;
+ str = strtok(NULL, ",");
+ }
+ free(optlist);
+ return c;
+}
+
+void
+umb_setpin(const char *pin, int d)
+{
+ umb_pinop(MBIM_PIN_OP_ENTER, 0, pin, NULL);
+}
+
+void
+umb_chgpin(const char *pin, const char *newpin)
+{
+ umb_pinop(MBIM_PIN_OP_CHANGE, 0, pin, newpin);
+}
+
+void
+umb_puk(const char *pin, const char *newpin)
+{
+ umb_pinop(MBIM_PIN_OP_ENTER, 1, pin, newpin);
+}
+
+void
+umb_pinop(int op, int is_puk, const char *pin, const char *newpin)
+{
+ struct umb_parameter mp;
+
+ memset(&mp, 0, sizeof (mp));
+ ifr.ifr_data = (caddr_t)&mp;
+ if (ioctl(s, SIOCGUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCGUMBPARAM");
+
+ mp.op = op;
+ mp.is_puk = is_puk;
+ if ((mp.pinlen = char_to_utf16(pin, (uint16_t *)mp.pin,
+    sizeof (mp.pin))) == -1)
+ errx(1, "PIN too long");
+
+ if (newpin) {
+ if ((mp.newpinlen = char_to_utf16(newpin, (uint16_t *)mp.newpin,
+    sizeof (mp.newpin))) == -1)
+ errx(1, "new PIN too long");
+ }
+
+ if (ioctl(s, SIOCSUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCSUMBPARAM");
+}
+
+void
+umb_apn(const char *apn, int d)
+{
+ struct umb_parameter mp;
+
+ memset(&mp, 0, sizeof (mp));
+ ifr.ifr_data = (caddr_t)&mp;
+ if (ioctl(s, SIOCGUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCGUMBPARAM");
+
+ if (d != 0)
+ memset(mp.apn, 0, sizeof (mp.apn));
+ else if ((mp.apnlen = char_to_utf16(apn, mp.apn,
+    sizeof (mp.apn))) == -1)
+ errx(1, "APN too long");
+
+ if (ioctl(s, SIOCSUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCSUMBPARAM");
+}
+
+void
+umb_setclass(const char *val, int d)
+{
+ struct umb_parameter mp;
+
+ if (val == NULL) {
+ if (showclasses)
+ usage(1);
+ showclasses = 1;
+ return;
+ }
+
+ memset(&mp, 0, sizeof (mp));
+ ifr.ifr_data = (caddr_t)&mp;
+ if (ioctl(s, SIOCGUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCGUMBPARAM");
+ if (d != -1)
+ mp.preferredclasses = umb_parse_classes(val);
+ else
+ mp.preferredclasses = MBIM_DATACLASS_NONE;
+ if (ioctl(s, SIOCSUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCSUMBPARAM");
+}
+
+void
+umb_roaming(const char *val, int d)
+{
+ struct umb_parameter mp;
+
+ memset(&mp, 0, sizeof (mp));
+ ifr.ifr_data = (caddr_t)&mp;
+ if (ioctl(s, SIOCGUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCGUMBPARAM");
+ mp.roaming = d;
+ if (ioctl(s, SIOCSUMBPARAM, (caddr_t)&ifr) == -1)
+ err(1, "SIOCSUMBPARAM");
+}
+
+void
+utf16_to_char(uint16_t *in, int inlen, char *out, size_t outlen)
+{
+ uint16_t c;
+
+ while (outlen > 0) {
+ c = inlen > 0 ? letoh16(*in) : 0;
+ if (c == 0 || --outlen == 0) {
+ /* always NUL terminate result */
+done:
+ *out = '\0';
+ break;
+ }
+ *out++ = isascii(c) ? (char)c : '?';
+ in++;
+ inlen -= sizeof (*in);
+ }
+}
+
+int
+char_to_utf16(const char *in, uint16_t *out, size_t outlen)
+{
+ int n = 0;
+ uint16_t c;
+
+ for (;;) {
+ c = *in++;
+
+ if (c == '\0') {
+ /*
+ * NUL termination is not required, but zero out the
+ * residual buffer
+ */
+ memset(out, 0, outlen);
+ return n;
+ }
+ if (outlen < sizeof (*out))
+ return -1;
+
+ *out++ = htole16(c);
+ n += sizeof (*out);
+ outlen -= sizeof (*out);
+ }
+}
+
 #endif
 
 #define SIN(x) ((struct sockaddr_in *) &(x))
Index: share/man/man4/Makefile
===================================================================
RCS file: /cvs/src/share/man/man4/Makefile,v
retrieving revision 1.622
diff -u -p -u -p -r1.622 Makefile
--- share/man/man4/Makefile 3 Jun 2016 19:16:59 -0000 1.622
+++ share/man/man4/Makefile 8 Jun 2016 12:52:59 -0000
@@ -60,8 +60,8 @@ MAN= aac.4 ac97.4 acphy.4 \
  ucom.4 uchcom.4 ucycom.4 uslhcom.4 udav.4 udcf.4 udl.4 udp.4 udsbr.4 \
  uftdi.4 ugen.4 ugl.4 ugold.4 uguru.4 uhci.4 uhid.4 uhidev.4 uipaq.4 \
  uk.4 ukbd.4 \
- ukphy.4 ulpt.4 umass.4 umbg.4 umcs.4 umct.4 umidi.4 umodem.4 ums.4 \
- umsm.4 unix.4 uonerng.4 uow.4 uoaklux.4 uoakrh.4 uoakv.4 upd.4 \
+ ukphy.4 ulpt.4 umass.4 umb.4 umbg.4 umcs.4 umct.4 umidi.4 umodem.4 \
+ ums.4 umsm.4 unix.4 uonerng.4 uow.4 uoaklux.4 uoakrh.4 uoakv.4 upd.4 \
  upgt.4 upl.4 uplcom.4 ural.4 url.4 urlphy.4 \
  urndis.4 urtw.4 urtwn.4 usb.4  usbf.4 uscom.4 uslcom.4 usps.4 \
  uthum.4 uticom.4 utpms.4 utwitch.4 utrh.4 uts.4 utvfu.4 uvideo.4 \
Index: share/man/man4/umb.4
===================================================================
RCS file: share/man/man4/umb.4
diff -N share/man/man4/umb.4
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ share/man/man4/umb.4 8 Jun 2016 12:52:59 -0000
@@ -0,0 +1,79 @@
+.\" $OpenBSD: mdoc.template,v 1.15 2014/03/31 00:09:54 dlg Exp $
+.\"
+.\" Copyright (c) 2016 genua mbH
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt UMB 4
+.Os
+.Sh NAME
+.Nm umb
+.Nd USB Mobile Broadband Interface Model (MBIM)
+.Sh SYNOPSIS
+.Cd "umb*  at uhub?"
+.Sh DESCRIPTION
+The
+.Nm
+driver provides support for USB MBIM devices. Those devices allow to
+establish connections via celluar networks such as GPRS, UMTS, LTE, etc.
+.Pp
+The
+.Nm
+device appears as a regular point-to-point network interface,
+transporting raw IP frames.
+.Pp
+Required configuration parameters like PIN and APN have to be set
+via
+.Xr ifconfig 8 .
+Once the SIM card has has been unlocked with the correct PIN, it
+will remain in this state until the device is power-cycled.
+In case the device is connected to an "always-on" USB port,
+it is possible to connect to a provider without entering the
+PIN again even afer a reboot of the system.
+.Pp
+If a default gateway route is configured for the
+.Nm
+network interface, the driver will modify the destination IP address
+dynamically, according to the information sent by the network provider.
+.Sh HARDWARE
+The following devices are known to be supported by the
+.Nm
+driver:
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Tn Sierra Wireless MC8305
+.It Tn Sierra Wireless EM8805
+.El
+.Pp
+There are probably a lot more devices that also work flawlessly.
+If some devices fail to provide a confirming MBIM implementation,
+their vendor and product IDs should be added to the driver's blacklist
+manually.  Since most device offer multiple interfaces, blacklisted ones
+will probably be attached by some other driver, e.g.
+.Xr umsm 4 .
+.Sh SEE ALSO
+.Xr intro 4 ,
+.Xr netintro 4 ,
+.Xr usb 4 ,
+.Xr hostname.if 5 ,
+.Xr ifconfig 8
+.Xr route 8
+.Rs
+.%T "Universal Serial Bus Communications Class Subclass Specification for Mobile Broadband Interface Model"
+.%U http://www.usb.org/developers/docs/devclass_docs/MBIM10Errata1_073013.zip
+.Re
+.Sh CAVEATS
+The
+.Nm
+driver currently does not support IPv6 addresses.
Index: share/man/man4/usb.4
===================================================================
RCS file: /cvs/src/share/man/man4/usb.4,v
retrieving revision 1.176
diff -u -p -u -p -r1.176 usb.4
--- share/man/man4/usb.4 4 Jun 2016 20:54:13 -0000 1.176
+++ share/man/man4/usb.4 8 Jun 2016 12:52:59 -0000
@@ -279,6 +279,11 @@ USBRH temperature and humidity sensor
 .It Xr utwitch 4
 YUREX USB twitch/jiggle of knee sensor
 .El
+.Ss WAN network devices
+.Bl -tag -width 12n -offset ind -compact
+.It Xr umb 4
+USB Mobile Broadband device
+.El
 .Ss Miscellaneous devices
 .Bl -tag -width 12n -offset ind -compact
 .It Xr ualea 4
Index: sys/arch/amd64/conf/GENERIC
===================================================================
RCS file: /cvs/src/sys/arch/amd64/conf/GENERIC,v
retrieving revision 1.419
diff -u -p -u -p -r1.419 GENERIC
--- sys/arch/amd64/conf/GENERIC 1 Jun 2016 09:48:20 -0000 1.419
+++ sys/arch/amd64/conf/GENERIC 8 Jun 2016 12:52:59 -0000
@@ -279,6 +279,7 @@ urtw* at uhub? # Realtek 8187
 rsu* at uhub? # Realtek RTL8188SU/RTL8191SU/RTL8192SU
 urtwn* at uhub? # Realtek RTL8188CU/RTL8192CU
 udcf* at uhub? # Gude Expert mouseCLOCK
+umb* at uhub? # Mobile Broadband Interface Model
 uthum* at uhidev? # TEMPerHUM sensor
 ugold* at uhidev? # gold TEMPer sensor
 utrh* at uhidev? # USBRH sensor
Index: sys/arch/i386/conf/GENERIC
===================================================================
RCS file: /cvs/src/sys/arch/i386/conf/GENERIC,v
retrieving revision 1.815
diff -u -p -u -p -r1.815 GENERIC
--- sys/arch/i386/conf/GENERIC 1 Jun 2016 11:39:59 -0000 1.815
+++ sys/arch/i386/conf/GENERIC 8 Jun 2016 12:52:59 -0000
@@ -314,6 +314,7 @@ rsu* at uhub? # Realtek RTL8188SU/RTL81
 urtwn* at uhub? # Realtek RTL8188CU/RTL8192CU
 udcf* at uhub? # Gude Expert mouseCLOCK
 umbg* at uhub? # Meinberg Funkuhren USB5131
+umb* at uhub? # Mobile Broadband Interface Model
 uthum* at uhidev? # TEMPerHUM sensor
 ugold* at uhidev? # gold TEMPer sensor
 utrh* at uhidev? # USBRH sensor
Index: sys/dev/usb/files.usb
===================================================================
RCS file: /cvs/src/sys/dev/usb/files.usb,v
retrieving revision 1.127
diff -u -p -u -p -r1.127 files.usb
--- sys/dev/usb/files.usb 1 Jun 2016 09:48:20 -0000 1.127
+++ sys/dev/usb/files.usb 8 Jun 2016 12:52:59 -0000
@@ -402,6 +402,11 @@ device otus: ether, ifnet, ifmedia, wlan
 attach otus at uhub
 file dev/usb/if_otus.c otus
 
+# Mobile Broadband Interface Model
+device umb: ifnet, ifmedia
+attach umb at uhub
+file dev/usb/if_umb.c umb
+
 # USB logical device
 device usbf {}
 attach usbf at usbdev
Index: sys/dev/usb/if_umb.c
===================================================================
RCS file: sys/dev/usb/if_umb.c
diff -N sys/dev/usb/if_umb.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/dev/usb/if_umb.c 8 Jun 2016 12:52:59 -0000
@@ -0,0 +1,2316 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2016 genua mbH
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Mobile Broadband Interface Model
+ * http://www.usb.org/developers/docs/devclass_docs/MBIM-Compliance-1.0.pdf
+ */
+#include "bpfilter.h"
+
+#include <sys/param.h>
+#include <sys/mbuf.h>
+#include <sys/socket.h>
+#include <sys/systm.h>
+#include <sys/syslog.h>
+
+#if NBPFILTER > 0
+#include <net/bpf.h>
+#endif
+#include <net/if.h>
+#include <net/if_var.h>
+#include <net/if_types.h>
+
+#include <netinet/in.h>
+#include <netinet/in_var.h>
+#include <netinet/ip.h>
+
+#include <machine/bus.h>
+
+#include <dev/usb/usb.h>
+#include <dev/usb/usbdi.h>
+#include <dev/usb/usbdivar.h>
+#include <dev/usb/usbdi_util.h>
+#include <dev/usb/usbdevs.h>
+#include <dev/usb/usbcdc.h>
+
+#include <dev/usb/mbim.h>
+#include <dev/usb/if_umb.h>
+
+#ifdef UMB_DEBUG
+#define DPRINTF(x...) \
+ do { if (umb_debug) log(LOG_DEBUG, x); } while (0)
+
+#define DPRINTFN(n, x...) \
+ do { if (umb_debug >= (n)) log(LOG_DEBUG, x); } while (0)
+
+#define DDUMPN(n, b, l) \
+ do { \
+ if (umb_debug >= (n)) \
+ umb_dump((b), (l)); \
+ } while (0)
+
+int umb_debug = 0;
+char *umb_uuid2str(uint8_t [MBIM_UUID_LEN]);
+void umb_dump(void *, int);
+
+#else
+#define DPRINTF(x...) do { } while (0)
+#define DPRINTFN(n, x...) do { } while (0)
+#define DDUMPN(n, b, l) do { } while (0)
+#endif
+
+#define DEVNAM(sc) (((struct umb_softc *)(sc))->sc_dev.dv_xname)
+
+/*
+ * State change timeout
+ */
+#define UMB_STATE_CHANGE_TIMEOUT 30
+
+/*
+ * State change flags
+ */
+#define UMB_NS_DONT_DROP 0x0001 /* do not drop below current state */
+#define UMB_NS_DONT_RAISE 0x0002 /* do not raise below current state */
+
+/*
+ * Diagnostic macros
+ */
+const struct umb_valdescr umb_regstates[] = MBIM_REGSTATE_DESCRIPTIONS;
+const struct umb_valdescr umb_dataclasses[] = MBIM_DATACLASS_DESCRIPTIONS;
+const struct umb_valdescr umb_simstate[] = MBIM_SIMSTATE_DESCRIPTIONS;
+const struct umb_valdescr umb_messages[] = MBIM_MESSAGES_DESCRIPTIONS;
+const struct umb_valdescr umb_status[] = MBIM_STATUS_DESCRIPTIONS;
+const struct umb_valdescr umb_cids[] = MBIM_CID_DESCRIPTIONS;
+const struct umb_valdescr umb_pktstate[] = MBIM_PKTSRV_STATE_DESCRIPTIONS;
+const struct umb_valdescr umb_actstate[] = MBIM_ACTIVATION_STATE_DESCRIPTIONS;
+const struct umb_valdescr umb_error[] = MBIM_ERROR_DESCRIPTIONS;
+const struct umb_valdescr umb_pintype[] = MBIM_PINTYPE_DESCRIPTIONS;
+const struct umb_valdescr umb_istate[] = UMB_INTERNAL_STATE_DESCRIPTIONS;
+
+#define umb_regstate(c) umb_val2descr(umb_regstates, (c))
+#define umb_dataclass(c) umb_val2descr(umb_dataclasses, (c))
+#define umb_simstate(s) umb_val2descr(umb_simstate, (s))
+#define umb_request2str(m) umb_val2descr(umb_messages, (m))
+#define umb_status2str(s) umb_val2descr(umb_status, (s))
+#define umb_cid2str(c) umb_val2descr(umb_cids, (c))
+#define umb_packet_state(s) umb_val2descr(umb_pktstate, (s))
+#define umb_activation(s) umb_val2descr(umb_actstate, (s))
+#define umb_error2str(e) umb_val2descr(umb_error, (e))
+#define umb_pin_type(t) umb_val2descr(umb_pintype, (t))
+#define umb_istate(s) umb_val2descr(umb_istate, (s))
+
+int umb_match(struct device *, void *, void *);
+void umb_attach(struct device *, struct device *, void *);
+int umb_detach(struct device *, int);
+int umb_alloc_xfers(struct umb_softc *);
+void umb_free_xfers(struct umb_softc *);
+int umb_alloc_bulkpipes(struct umb_softc *);
+void umb_close_bulkpipes(struct umb_softc *);
+int umb_ioctl(struct ifnet *, u_long, caddr_t);
+int umb_output(struct ifnet *, struct mbuf *, struct sockaddr *,
+    struct rtentry *);
+int umb_input(struct ifnet *, struct mbuf *, void *);
+void umb_start(struct ifnet *);
+void umb_watchdog(struct ifnet *);
+void umb_statechg_timeout(void *);
+
+void umb_newstate(struct umb_softc *, enum umb_state, int);
+void umb_state_task(void *);
+void umb_up(struct umb_softc *);
+void umb_down(struct umb_softc *, int);
+
+void umb_get_response_task(void *);
+
+void umb_decode_response(struct umb_softc *, void *, int);
+void umb_handle_indicate_status_msg(struct umb_softc *, void *,
+    int);
+void umb_handle_opendone_msg(struct umb_softc *, void *, int);
+void umb_handle_closedone_msg(struct umb_softc *, void *, int);
+int umb_decode_register_state(struct umb_softc *, void *, int);
+int umb_decode_devices_caps(struct umb_softc *, void *, int);
+int umb_decode_subscriber_status(struct umb_softc *, void *, int);
+int umb_decode_radio_state(struct umb_softc *, void *, int);
+int umb_decode_pin(struct umb_softc *, void *, int);
+int umb_decode_packet_service(struct umb_softc *, void *, int);
+int umb_decode_signal_state(struct umb_softc *, void *, int);
+int umb_decode_connect_info(struct umb_softc *, void *, int);
+int umb_decode_ip_configuration(struct umb_softc *, void *, int);
+void umb_rx(struct umb_softc *);
+void umb_rxeof(struct usbd_xfer *, void *, usbd_status);
+int umb_encap(struct umb_softc *, struct mbuf *);
+void umb_txeof(struct usbd_xfer *, void *, usbd_status);
+void umb_decap(struct umb_softc *, struct usbd_xfer *);
+
+usbd_status umb_send_encap_command(struct umb_softc *, void *, int);
+int umb_get_encap_response(struct umb_softc *, void *, int *);
+void umb_ctrl_msg(struct umb_softc *, uint32_t, void *, int);
+
+void umb_open(struct umb_softc *);
+void umb_close(struct umb_softc *);
+
+int umb_setpin(struct umb_softc *, int, int, void *, int, void *,
+    int);
+void umb_setdataclass(struct umb_softc *);
+void umb_radio(struct umb_softc *, int);
+void umb_packet_service(struct umb_softc *, int);
+void umb_connect(struct umb_softc *);
+void umb_disconnect(struct umb_softc *);
+void umb_send_connect(struct umb_softc *, int);
+
+void umb_qry_ipconfig(struct umb_softc *);
+void umb_cmd(struct umb_softc *, int, int, void *, int);
+void umb_command_done(struct umb_softc *, void *, int);
+void umb_decode_cid(struct umb_softc *, uint32_t, void *, int);
+
+void umb_intr(struct usbd_xfer *, void *, usbd_status);
+
+char *umb_ntop(struct sockaddr *);
+
+int umb_xfer_tout = USBD_DEFAULT_TIMEOUT;
+
+uint8_t umb_uuid_basic_connect[] = MBIM_UUID_BASIC_CONNECT;
+uint8_t umb_uuid_context_internet[] = MBIM_UUID_CONTEXT_INTERNET;
+uint32_t umb_session_id = 0;
+
+struct cfdriver umb_cd = {
+ NULL, "umb", DV_DULL
+};
+
+const struct cfattach umb_ca = {
+ sizeof (struct umb_softc),
+ umb_match,
+ umb_attach,
+ umb_detach,
+ NULL,
+};
+
+int umb_delay = 4000;
+
+/*
+ * Normally, MBIM devices are detected by their interface class and subclass.
+ * But for some models that have multiple configurations, it is better to
+ * match by vendor and product id so that we can select the desired
+ * configuration ourselves.
+ *
+ * OTOH, some devices identifiy themself als an MBIM device but fail to speak
+ * the MBIM protocol.
+ */
+struct umb_products {
+ struct usb_devno dev;
+ int confno;
+};
+const struct umb_products umb_devs[] = {
+ /*
+ * Add devices here to force them to attach as umb.
+ * Format: { { VID, PID }, CONFIGNO }
+ */
+};
+
+#define umb_lookup(vid, pid) \
+ ((const struct umb_products *)usb_lookup(umb_devs, vid, pid))
+
+int
+umb_match(struct device *parent, void *match, void *aux)
+{
+ struct usb_attach_arg *uaa = aux;
+ usb_interface_descriptor_t *id;
+
+ if (umb_lookup(uaa->vendor, uaa->product) != NULL)
+ return UMATCH_VENDOR_PRODUCT;
+ if (!uaa->iface)
+ return UMATCH_NONE;
+ if ((id = usbd_get_interface_descriptor(uaa->iface)) == NULL)
+ return UMATCH_NONE;
+ if (id->bInterfaceClass != UICLASS_CDC ||
+    id->bInterfaceSubClass !=
+    UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL ||
+    id->bNumEndpoints != 1)
+ return UMATCH_NONE;
+
+ return UMATCH_DEVCLASS_DEVSUBCLASS;
+}
+
+void
+umb_attach(struct device *parent, struct device *self, void *aux)
+{
+ struct umb_softc *sc = (struct umb_softc *)self;
+ struct usb_attach_arg *uaa = aux;
+ usbd_status status;
+ struct usbd_desc_iter iter;
+ const usb_descriptor_t *desc;
+ int v;
+ struct mbim_descriptor *md;
+ int i;
+ struct usbd_interface *ctrl_iface = NULL;
+ int ctrl_ep;
+ uint8_t data_ifaceno;
+ usb_interface_descriptor_t *id;
+ usb_config_descriptor_t *cd;
+ usb_endpoint_descriptor_t *ed;
+ int altnum;
+ int s;
+ struct ifnet *ifp;
+ int hard_mtu;
+
+ sc->sc_udev = uaa->device;
+
+ if (uaa->configno < 0) {
+ /*
+ * In case the device was matched by VID/PID instead of
+ * InterfaceClass/InterfaceSubClass, we have to pick the
+ * correct configuration ourself.
+ */
+ uaa->configno = umb_lookup(uaa->vendor, uaa->product)->confno;
+ DPRINTF("%s: switching to config #%d\n", DEVNAM(sc),
+    uaa->configno);
+ status = usbd_set_config_no(sc->sc_udev, uaa->configno, 1);
+ if (status) {
+ printf("%s: failed to switch to config #%d: %s\n",
+    DEVNAM(sc), uaa->configno, usbd_errstr(status));
+ goto fail;
+ }
+ }
+
+ sc->sc_ver_maj = sc->sc_ver_min = -1;
+ usbd_desc_iter_init(sc->sc_udev, &iter);
+ hard_mtu = MBIM_MAXSEGSZ_MINVAL;
+ while ((desc = usbd_desc_iter_next(&iter))) {
+ if (desc->bDescriptorType != UDESC_CS_INTERFACE)
+ continue;
+ switch (desc->bDescriptorSubtype) {
+ case UDESCSUB_MBIM:
+ md = (struct mbim_descriptor *)desc;
+ v = UGETW(md->bcdMBIMVersion);
+ sc->sc_ver_maj = MBIM_VER_MAJOR(v);
+ sc->sc_ver_min = MBIM_VER_MINOR(v);
+ sc->sc_ctrl_len = UGETW(md->wMaxControlMessage);
+ /* Never trust a USB device! Could try to exploit us */
+ if (sc->sc_ctrl_len < MBIM_CTRLMSG_MINLEN ||
+    sc->sc_ctrl_len > MBIM_CTRLMSG_MAXLEN) {
+ printf("%s: control message len %d out of "
+    "bounds [%d .. %d]\n", DEVNAM(sc),
+    sc->sc_ctrl_len, MBIM_CTRLMSG_MINLEN,
+    MBIM_CTRLMSG_MAXLEN);
+ /* cont. anyway */
+ }
+ sc->sc_maxpktlen = UGETW(md->wMaxSegmentSize);
+ if (sc->sc_maxpktlen < MBIM_MAXSEGSZ_MINVAL) {
+ printf("%s: ignoring invalid segment size %d\n",
+    DEVNAM(sc), sc->sc_maxpktlen);
+ /* cont. anyway */
+ sc->sc_maxpktlen = 8 * 1024;
+ }
+ hard_mtu = sc->sc_maxpktlen;
+ DPRINTFN(2, "%s: ctrl_len=%d, maxpktlen=%d, cap=0x%x\n",
+    DEVNAM(sc), sc->sc_ctrl_len, sc->sc_maxpktlen,
+    md->bmNetworkCapabilities);
+ break;
+ default:
+ break;
+ }
+ }
+ if (sc->sc_ver_maj < 0) {
+ printf("%s: missing MBIM descriptor\n", DEVNAM(sc));
+ goto fail;
+ }
+
+ for (i = 0; i < sc->sc_udev->cdesc->bNumInterface; i++) {
+ if (usbd_iface_claimed(sc->sc_udev, i))
+ continue;
+ id = usbd_get_interface_descriptor(&sc->sc_udev->ifaces[i]);
+ if (id == NULL)
+ continue;
+ if (id->bInterfaceClass == UICLASS_CDC &&
+    id->bInterfaceSubClass ==
+    UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL) {
+ ctrl_iface = &sc->sc_udev->ifaces[i];
+ sc->sc_ctrl_ifaceno = id->bInterfaceNumber;
+ usbd_claim_iface(sc->sc_udev, i);
+ } else if (id->bInterfaceClass == UICLASS_CDC_DATA &&
+    id->bInterfaceSubClass == UISUBCLASS_DATA &&
+    id->bInterfaceProtocol == UIPROTO_DATA_MBIM) {
+ sc->sc_data_iface = &sc->sc_udev->ifaces[i];
+ data_ifaceno = id->bInterfaceNumber;
+ usbd_claim_iface(sc->sc_udev, i);
+ }
+ }
+ if (ctrl_iface == NULL) {
+ printf("%s: no control interface found\n", DEVNAM(sc));
+ goto fail;
+ }
+ if (sc->sc_data_iface == NULL) {
+ printf("%s: no data interface found\n", DEVNAM(sc));
+ goto fail;
+ }
+
+ id = usbd_get_interface_descriptor(ctrl_iface);
+ ctrl_ep = -1;
+ for (i = 0; i < id->bNumEndpoints && ctrl_ep == -1; i++) {
+ ed = usbd_interface2endpoint_descriptor(ctrl_iface, i);
+ if (ed == NULL)
+ break;
+ if (UE_GET_XFERTYPE(ed->bmAttributes) == UE_INTERRUPT &&
+    UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN)
+ ctrl_ep = ed->bEndpointAddress;
+ }
+ if (ctrl_ep == -1) {
+ printf("%s: missing interrupt endpoint\n", DEVNAM(sc));
+ goto fail;
+ }
+
+ cd = usbd_get_config_descriptor(sc->sc_udev);
+ id = usbd_get_interface_descriptor(sc->sc_data_iface);
+ altnum = usbd_get_no_alts(cd, id->bInterfaceNumber);
+ if (MBIM_INTERFACE_ALTSETTING >= altnum) {
+ printf("%s: missing alt setting %d for interface #%d\n",
+    DEVNAM(sc), MBIM_INTERFACE_ALTSETTING, data_ifaceno);
+ goto fail;
+ }
+ sc->sc_rx_ep = sc->sc_tx_ep = -1;
+ if ((status = usbd_set_interface(sc->sc_data_iface,
+    MBIM_INTERFACE_ALTSETTING))) {
+ printf("%s: select alt setting %d for interface #%d "
+    "failed: %s\n", DEVNAM(sc), MBIM_INTERFACE_ALTSETTING,
+    data_ifaceno, usbd_errstr(status));
+ goto fail;
+ }
+ id = usbd_get_interface_descriptor(sc->sc_data_iface);
+ for (i = 0; i < id->bNumEndpoints; i++) {
+ if ((ed = usbd_interface2endpoint_descriptor(sc->sc_data_iface,
+    i)) == NULL)
+ break;
+ if (UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK &&
+    UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN)
+ sc->sc_rx_ep = ed->bEndpointAddress;
+ else if (UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK &&
+    UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT)
+ sc->sc_tx_ep = ed->bEndpointAddress;
+ }
+ if (sc->sc_rx_ep == -1 || sc->sc_tx_ep == -1) {
+ printf("%s: missing bulk endpoints\n", DEVNAM(sc));
+ goto fail;
+ }
+
+ DPRINTFN(2, "%s: ctrl-ifno#%d: ep-ctrl=%d, data-ifno#%d: ep-rx=%d, "
+    "ep-tx=%d\n", DEVNAM(sc), sc->sc_ctrl_ifaceno,
+    UE_GET_ADDR(ctrl_ep), data_ifaceno,
+    UE_GET_ADDR(sc->sc_rx_ep), UE_GET_ADDR(sc->sc_tx_ep));
+
+ usb_init_task(&sc->sc_umb_task, umb_state_task, sc,
+    USB_TASK_TYPE_GENERIC);
+ usb_init_task(&sc->sc_get_response_task, umb_get_response_task, sc,
+    USB_TASK_TYPE_GENERIC);
+ timeout_set(&sc->sc_statechg_timer, umb_statechg_timeout, sc);
+
+ if (usbd_open_pipe_intr(ctrl_iface, ctrl_ep, USBD_SHORT_XFER_OK,
+    &sc->sc_ctrl_pipe, sc, &sc->sc_intr_msg, sizeof (sc->sc_intr_msg),
+    umb_intr, USBD_DEFAULT_INTERVAL)) {
+ printf("%s: failed to open control pipe\n", DEVNAM(sc));
+ goto fail;
+ }
+ sc->sc_resp_buf = malloc(sc->sc_ctrl_len, M_USBDEV, M_NOWAIT);
+ if (sc->sc_resp_buf == NULL) {
+ printf("%s: allocation of resp buffer failed\n", DEVNAM(sc));
+ goto fail;
+ }
+ sc->sc_ctrl_msg = malloc(sc->sc_ctrl_len, M_USBDEV, M_NOWAIT);
+ if (sc->sc_ctrl_msg == NULL) {
+ printf("%s: allocation of ctrl msg buffer failed\n",
+    DEVNAM(sc));
+ goto fail;
+ }
+
+ sc->sc_info.regstate = MBIM_REGSTATE_UNKNOWN;
+ sc->sc_info.pin_attempts_left = UMB_VALUE_UNKNOWN;
+ sc->sc_info.rssi = UMB_VALUE_UNKNOWN;
+ sc->sc_info.ber = UMB_VALUE_UNKNOWN;
+
+ s = splnet();
+ ifp = GET_IFP(sc);
+ ifp->if_flags = IFF_SIMPLEX | IFF_MULTICAST | IFF_POINTOPOINT;
+ ifp->if_ioctl = umb_ioctl;
+ ifp->if_start = umb_start;
+ ifp->if_rtrequest = p2p_rtrequest;
+
+ ifp->if_watchdog = umb_watchdog;
+ strlcpy(ifp->if_xname, DEVNAM(sc), IFNAMSIZ);
+ ifp->if_link_state = LINK_STATE_DOWN;
+
+ ifp->if_type = IFT_MBIM;
+ ifp->if_addrlen = 0;
+ ifp->if_hdrlen = sizeof (struct ncm_header16) +
+    sizeof (struct ncm_pointer16);
+ ifp->if_mtu = 1500; /* use a common default */
+ ifp->if_hardmtu = hard_mtu;
+ ifp->if_output = umb_output;
+ if_attach(ifp);
+ if_ih_insert(ifp, umb_input, NULL);
+ if_alloc_sadl(ifp);
+ ifp->if_softc = sc;
+#if NBPFILTER > 0
+ bpfattach(&ifp->if_bpf, ifp, DLT_RAW, 0);
+#endif
+ /*
+ * Open the device now so that we are able to query device information.
+ * XXX maybe close when done?
+ */
+ umb_open(sc);
+ splx(s);
+
+ printf("%s: vers %d.%d\n", DEVNAM(sc), sc->sc_ver_maj, sc->sc_ver_min);
+ return;
+
+fail:
+ usbd_deactivate(sc->sc_udev);
+ return;
+}
+
+int
+umb_detach(struct device *self, int flags)
+{
+ struct umb_softc *sc = (struct umb_softc *)self;
+ struct ifnet *ifp = GET_IFP(sc);
+ int s;
+
+ s = splnet();
+ if (ifp->if_flags & IFF_RUNNING)
+ umb_down(sc, 1);
+ umb_close(sc);
+
+ usb_rem_wait_task(sc->sc_udev, &sc->sc_get_response_task);
+ if (timeout_initialized(&sc->sc_statechg_timer))
+ timeout_del(&sc->sc_statechg_timer);
+ sc->sc_nresp = 0;
+ usb_rem_wait_task(sc->sc_udev, &sc->sc_umb_task);
+ if (sc->sc_ctrl_pipe) {
+ usbd_close_pipe(sc->sc_ctrl_pipe);
+ sc->sc_ctrl_pipe = NULL;
+ }
+ if (sc->sc_ctrl_msg) {
+ free(sc->sc_ctrl_msg, M_USBDEV, sc->sc_ctrl_len);
+ sc->sc_ctrl_msg = NULL;
+ }
+ if (sc->sc_resp_buf) {
+ free(sc->sc_resp_buf, M_USBDEV, sc->sc_ctrl_len);
+ sc->sc_resp_buf = NULL;
+ }
+ if (ifp->if_softc != NULL) {
+ if_ih_remove(ifp, umb_input, NULL);
+ if_detach(ifp);
+ }
+
+ splx(s);
+ return 0;
+}
+
+int
+umb_alloc_xfers(struct umb_softc *sc)
+{
+ if (!sc->sc_rx_xfer) {
+ if ((sc->sc_rx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL)
+ sc->sc_rx_buf = usbd_alloc_buffer(sc->sc_rx_xfer,
+    sc->sc_maxpktlen + MBIM_HDR32_LEN);
+ }
+ if (!sc->sc_tx_xfer) {
+ if ((sc->sc_tx_xfer = usbd_alloc_xfer(sc->sc_udev)) != NULL)
+ sc->sc_tx_buf = usbd_alloc_buffer(sc->sc_tx_xfer,
+    sc->sc_maxpktlen + MBIM_HDR16_LEN);
+ }
+ return (sc->sc_rx_buf && sc->sc_tx_buf) ? 1 : 0;
+}
+
+void
+umb_free_xfers(struct umb_softc *sc)
+{
+ if (sc->sc_rx_xfer) {
+ /* implicit usbd_free_buffer() */
+ usbd_free_xfer(sc->sc_rx_xfer);
+ sc->sc_rx_xfer = NULL;
+ sc->sc_rx_buf = NULL;
+ }
+ if (sc->sc_tx_xfer) {
+ usbd_free_xfer(sc->sc_tx_xfer);
+ sc->sc_tx_xfer = NULL;
+ sc->sc_tx_buf = NULL;
+ }
+ if (sc->sc_tx_m) {
+ m_freem(sc->sc_tx_m);
+ sc->sc_tx_m = NULL;
+ }
+}
+
+int
+umb_alloc_bulkpipes(struct umb_softc *sc)
+{
+ struct ifnet *ifp = GET_IFP(sc);
+
+ if (!(ifp->if_flags & IFF_RUNNING)) {
+ if (usbd_open_pipe(sc->sc_data_iface, sc->sc_rx_ep,
+    USBD_EXCLUSIVE_USE, &sc->sc_rx_pipe))
+ return 0;
+ if (usbd_open_pipe(sc->sc_data_iface, sc->sc_tx_ep,
+    USBD_EXCLUSIVE_USE, &sc->sc_tx_pipe))
+ return 0;
+
+ ifp->if_flags |= IFF_RUNNING;
+ ifq_clr_oactive(&ifp->if_snd);
+ umb_rx(sc);
+ }
+ return 1;
+}
+
+void
+umb_close_bulkpipes(struct umb_softc *sc)
+{
+ struct ifnet *ifp = GET_IFP(sc);
+
+ ifp->if_flags &= ~IFF_RUNNING;
+ ifq_clr_oactive(&ifp->if_snd);
+ ifp->if_timer = 0;
+ if (sc->sc_rx_pipe) {
+ usbd_close_pipe(sc->sc_rx_pipe);
+ sc->sc_rx_pipe = NULL;
+ }
+ if (sc->sc_tx_pipe) {
+ usbd_close_pipe(sc->sc_tx_pipe);
+ sc->sc_tx_pipe = NULL;
+ }
+}
+
+int
+umb_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct proc *p = curproc;
+ struct umb_softc *sc = ifp->if_softc;
+ struct ifreq *ifr = (struct ifreq *)data;
+ int s, error = 0;
+ struct umb_parameter mp;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return EIO;
+
+ s = splnet();
+ switch (cmd) {
+ case SIOCSIFFLAGS:
+ usb_add_task(sc->sc_udev, &sc->sc_umb_task);
+ break;
+ case SIOCGUMBINFO:
+ error = copyout(&sc->sc_info, ifr->ifr_data,
+    sizeof (sc->sc_info));
+ break;
+ case SIOCSUMBPARAM:
+ if ((error = suser(p, 0)) != 0)
+ break;
+ if ((error = copyin(ifr->ifr_data, &mp, sizeof (mp))) != 0)
+ break;
+
+ if ((error = umb_setpin(sc, mp.op, mp.is_puk, mp.pin, mp.pinlen,
+    mp.newpin, mp.newpinlen)) != 0)
+ break;
+
+ if (mp.apnlen < 0 || mp.apnlen > sizeof (sc->sc_info.apn)) {
+ error = EINVAL;
+ break;
+ }
+ sc->sc_roaming = mp.roaming ? 1 : 0;
+ memset(sc->sc_info.apn, 0, sizeof (sc->sc_info.apn));
+ memcpy(sc->sc_info.apn, mp.apn, mp.apnlen);
+ sc->sc_info.apnlen = mp.apnlen;
+ sc->sc_info.preferredclasses = mp.preferredclasses;
+ umb_setdataclass(sc);
+ break;
+ case SIOCGUMBPARAM:
+ memset(&mp, 0, sizeof (mp));
+ memcpy(mp.apn, sc->sc_info.apn, sc->sc_info.apnlen);
+ mp.apnlen = sc->sc_info.apnlen;
+ mp.roaming = sc->sc_roaming;
+ mp.preferredclasses = sc->sc_info.preferredclasses;
+ error = copyout(&mp, ifr->ifr_data, sizeof (mp));
+ break;
+ case SIOCSIFMTU:
+ /* Does this include the NCM headers and tail? */
+ if (ifr->ifr_mtu > ifp->if_hardmtu) {
+ error = EINVAL;
+ break;
+ }
+ ifp->if_mtu = ifr->ifr_mtu;
+ break;
+ case SIOCGIFMTU:
+ ifr->ifr_mtu = ifp->if_mtu;
+ break;
+ case SIOCGIFHARDMTU:
+ ifr->ifr_hardmtu = ifp->if_hardmtu;
+ break;
+ case SIOCSIFADDR:
+ case SIOCAIFADDR:
+ case SIOCSIFDSTADDR:
+ case SIOCADDMULTI:
+ case SIOCDELMULTI:
+ break;
+ default:
+ error = ENOTTY;
+ break;
+ }
+ splx(s);
+ return error;
+}
+
+int
+umb_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
+    struct rtentry *rtp)
+{
+ if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) {
+ m_freem(m);
+ return ENETDOWN;
+ }
+ return if_enqueue(ifp, m);
+}
+
+int
+umb_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
+{
+ struct niqueue *inq;
+ uint8_t ipv;
+
+ if ((ifp->if_flags & IFF_UP) == 0) {
+ m_freem(m);
+ return 1;
+ }
+ if (m->m_pkthdr.len < sizeof (struct ip)) {
+ ifp->if_ierrors++;
+ DPRINTFN(4, "%s: dropping short packet (len %d)\n", __func__,
+    m->m_pkthdr.len);
+ m_freem(m);
+ return 1;
+ }
+ m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
+ m_copydata(m, 0, sizeof (ipv), &ipv);
+ ipv >>= 4;
+
+ ifp->if_ibytes += m->m_pkthdr.len;
+ switch (ipv) {
+ case 4:
+ inq = &ipintrq;
+ break;
+ case 6:
+ inq = &ip6intrq;
+ break;
+ default:
+ ifp->if_ierrors++;
+ DPRINTFN(4, "%s: dropping packet with bad IP version (%d)\n",
+    __func__, ipv);
+ m_freem(m);
+ return 1;
+ }
+ niq_enqueue(inq, m);
+ return 1;
+}
+
+void
+umb_start(struct ifnet *ifp)
+{
+ struct umb_softc *sc = ifp->if_softc;
+ struct mbuf *m_head = NULL;
+
+ if (usbd_is_dying(sc->sc_udev) ||
+    !(ifp->if_flags & IFF_RUNNING) ||
+    ifq_is_oactive(&ifp->if_snd))
+ return;
+
+ m_head = ifq_deq_begin(&ifp->if_snd);
+ if (m_head == NULL)
+ return;
+
+ if (!umb_encap(sc, m_head)) {
+ ifq_deq_rollback(&ifp->if_snd, m_head);
+ ifq_set_oactive(&ifp->if_snd);
+ return;
+ }
+ ifq_deq_commit(&ifp->if_snd, m_head);
+
+#if NBPFILTER > 0
+ if (ifp->if_bpf)
+ bpf_mtap(ifp->if_bpf, m_head, BPF_DIRECTION_OUT);
+#endif
+
+ ifq_set_oactive(&ifp->if_snd);
+ ifp->if_timer = (2 * umb_xfer_tout) / 1000;
+}
+
+void
+umb_watchdog(struct ifnet *ifp)
+{
+ struct umb_softc *sc = ifp->if_softc;
+
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+
+ ifp->if_oerrors++;
+ printf("%s: watchdog timeout\n", DEVNAM(sc));
+ /* XXX FIXME: re-initialize device */
+ return;
+}
+
+void
+umb_statechg_timeout(void *arg)
+{
+ struct umb_softc *sc = arg;
+
+ printf("%s: state change time out\n",DEVNAM(sc));
+ usb_add_task(sc->sc_udev, &sc->sc_umb_task);
+}
+
+void
+umb_newstate(struct umb_softc *sc, enum umb_state newstate, int flags)
+{
+ if (newstate == sc->sc_state)
+ return;
+ if (((flags & UMB_NS_DONT_DROP) && newstate < sc->sc_state) ||
+    ((flags & UMB_NS_DONT_RAISE) && newstate > sc->sc_state))
+ return;
+ log(LOG_DEBUG, "%s: state going %s from '%s' to '%s'\n", DEVNAM(sc),
+    newstate > sc->sc_state ? "up" : "down",
+    umb_istate(sc->sc_state), umb_istate(newstate));
+ sc->sc_state = newstate;
+ usb_add_task(sc->sc_udev, &sc->sc_umb_task);
+}
+
+void
+umb_state_task(void *arg)
+{
+ struct umb_softc *sc = arg;
+ struct ifnet *ifp = GET_IFP(sc);
+ struct ifreq ifr;
+ struct in_aliasreq ifra;
+ int s;
+ int state;
+
+ s = splnet();
+ if (ifp->if_flags & IFF_UP)
+ umb_up(sc);
+ else
+ umb_down(sc, 0);
+
+ state = sc->sc_state == UMB_S_UP ? LINK_STATE_UP : LINK_STATE_DOWN;
+ if (ifp->if_link_state != state) {
+ log(LOG_INFO, "%s: link state changed from %s to %s\n",
+    DEVNAM(sc),
+    LINK_STATE_IS_UP(ifp->if_link_state) ? "up" : "down",
+    LINK_STATE_IS_UP(state) ? "up" : "down");
+ ifp->if_link_state = state;
+ if (!LINK_STATE_IS_UP(state)) {
+ /*
+ * Purge any existing addresses
+ */
+ memset(sc->sc_info.ipv4dns, 0,
+    sizeof (sc->sc_info.ipv4dns));
+ if (in_ioctl(SIOCGIFADDR, (caddr_t)&ifr, ifp, 1) == 0 &&
+    satosin(&ifr.ifr_addr)->sin_addr.s_addr !=
+    INADDR_ANY) {
+ memset(&ifra, 0, sizeof (ifra));
+ memcpy(&ifra.ifra_addr, &ifr.ifr_addr,
+    sizeof (ifra.ifra_addr));
+ in_ioctl(SIOCDIFADDR, (caddr_t)&ifra, ifp, 1);
+ }
+ }
+ if_link_state_change(ifp);
+ }
+ splx(s);
+}
+
+void
+umb_up(struct umb_softc *sc)
+{
+ struct ifnet *ifp = GET_IFP(sc);
+
+ splassert(IPL_NET);
+
+ switch (sc->sc_state) {
+ case UMB_S_DOWN:
+ DPRINTF("%s: init: opening ...\n", DEVNAM(sc));
+ umb_open(sc);
+ break;
+ case UMB_S_OPEN:
+ DPRINTF("%s: init: turning radio on ...\n", DEVNAM(sc));
+ umb_radio(sc, 1);
+ break;
+ case UMB_S_RADIO:
+ DPRINTF("%s: init: checking SIM state ...\n", DEVNAM(sc));
+ umb_cmd(sc, MBIM_CID_SUBSCRIBER_READY_STATUS, MBIM_CMDOP_QRY,
+    NULL, 0);
+ break;
+ case UMB_S_SIMREADY:
+ DPRINTF("%s: init: attaching ...\n", DEVNAM(sc));
+ umb_packet_service(sc, 1);
+ break;
+ case UMB_S_ATTACHED:
+ sc->sc_tx_seq = 0;
+ if (!umb_alloc_xfers(sc)) {
+ umb_free_xfers(sc);
+ log(LOG_ERR, "%s: allocation of xfers failed\n",
+    DEVNAM(sc));
+ break;
+ }
+ DPRINTF("%s: init: connecting ...\n", DEVNAM(sc));
+ umb_connect(sc);
+ break;
+ case UMB_S_CONNECTED:
+ DPRINTF("%s: init: getting IP config ...\n", DEVNAM(sc));
+ umb_qry_ipconfig(sc);
+ break;
+ case UMB_S_UP:
+ DPRINTF("%s: init: reached state UP\n", DEVNAM(sc));
+ if (!umb_alloc_bulkpipes(sc)) {
+ log(LOG_ERR, "%s: opening bulk pipes failed\n",
+    DEVNAM(sc));
+ ifp->if_flags &= ~IFF_UP;
+ umb_down(sc, 1);
+ }
+ break;
+ }
+ if (sc->sc_state < UMB_S_UP)
+ timeout_add_sec(&sc->sc_statechg_timer,
+    UMB_STATE_CHANGE_TIMEOUT);
+ else
+ timeout_del(&sc->sc_statechg_timer);
+ return;
+}
+
+void
+umb_down(struct umb_softc *sc, int force)
+{
+ splassert(IPL_NET);
+
+ umb_close_bulkpipes(sc);
+ if (sc->sc_state < UMB_S_CONNECTED)
+ umb_free_xfers(sc);
+
+ switch (sc->sc_state) {
+ case UMB_S_UP:
+ case UMB_S_CONNECTED:
+ DPRINTF("%s: stop: disconnecting ...\n", DEVNAM(sc));
+ umb_disconnect(sc);
+ if (!force)
+ break;
+ /*FALLTHROUGH*/
+ case UMB_S_ATTACHED:
+ DPRINTF("%s: stop: detaching ...\n", DEVNAM(sc));
+ umb_packet_service(sc, 0);
+ if (!force)
+ break;
+ /*FALLTHROUGH*/
+ case UMB_S_SIMREADY:
+ case UMB_S_RADIO:
+ DPRINTF("%s: stop: turning radio off ...\n", DEVNAM(sc));
+ umb_radio(sc, 0);
+ if (!force)
+ break;
+ /*FALLTHROUGH*/
+ case UMB_S_OPEN:
+ case UMB_S_DOWN:
+ /* Do not close the device */
+ DPRINTF("%s: stop: reached state DOWN\n", DEVNAM(sc));
+ break;
+ }
+ if (force)
+ sc->sc_state = UMB_S_OPEN;
+
+ if (sc->sc_state > UMB_S_OPEN)
+ timeout_add_sec(&sc->sc_statechg_timer,
+    UMB_STATE_CHANGE_TIMEOUT);
+ else
+ timeout_del(&sc->sc_statechg_timer);
+}
+
+void
+umb_get_response_task(void *arg)
+{
+ struct umb_softc *sc = arg;
+ int len;
+ int s;
+
+ /*
+ * Function is required to send on RESPONSE_AVAILABLE notification for
+ * each encapsulated response that is to be processed by the host.
+ * But of course, we can receive multiple notifications before the
+ * response task is run.
+ */
+ s = splusb();
+ while (sc->sc_nresp > 0) {
+ --sc->sc_nresp;
+ len = sc->sc_ctrl_len;
+ if (umb_get_encap_response(sc, sc->sc_resp_buf, &len))
+ umb_decode_response(sc, sc->sc_resp_buf, len);
+ }
+ splx(s);
+}
+
+void
+umb_decode_response(struct umb_softc *sc, void *response, int len)
+{
+ struct mbim_msghdr *hdr = response;
+ struct mbim_fragmented_msg_hdr *fraghdr;
+ uint32_t type;
+ uint32_t tid;
+
+ DPRINTFN(3, "%s: got response: len %d\n", DEVNAM(sc), len);
+ DDUMPN(4, response, len);
+
+ if (len < sizeof (*hdr) || letoh32(hdr->len) != len) {
+ /*
+ * We should probably cancel a transaction, but since the
+ * message is too short, we cannot decode the transaction
+ * id (tid) and hence don't know, whom to cancel. Must wait
+ * for the timeout.
+ */
+ DPRINTF("%s: received short response (len %d)\n",
+    DEVNAM(sc), len);
+ return;
+ }
+
+ /*
+ * XXX FIXME: if message is fragmented, store it until last frag
+ * is received and then re-assemble all fragments.
+ */
+ type = letoh32(hdr->type);
+ tid = letoh32(hdr->tid);
+ switch (type) {
+ case MBIM_INDICATE_STATUS_MSG:
+ case MBIM_COMMAND_DONE:
+ fraghdr = response;
+ if (letoh32(fraghdr->frag.nfrag) != 1) {
+ DPRINTF("%s: discarding fragmented messages\n",
+    DEVNAM(sc));
+ return;
+ }
+ break;
+ default:
+ break;
+ }
+
+ DPRINTF("%s: <- rcv %s (tid %u)\n", DEVNAM(sc), umb_request2str(type),
+    tid);
+ switch (type) {
+ case MBIM_FUNCTION_ERROR_MSG:
+ case MBIM_HOST_ERROR_MSG:
+ {
+ struct mbim_f2h_hosterr *e;
+ int err;
+
+ if (len >= sizeof (*e)) {
+ e = response;
+ err = letoh32(e->err);
+
+ DPRINTF("%s: %s message, error %s (tid %u)\n",
+    DEVNAM(sc), umb_request2str(type),
+    umb_error2str(err), tid);
+ if (err == MBIM_ERROR_NOT_OPENED)
+ umb_newstate(sc, UMB_S_DOWN, 0);
+ }
+ break;
+ }
+ case MBIM_INDICATE_STATUS_MSG:
+ umb_handle_indicate_status_msg(sc, response, len);
+ break;
+ case MBIM_OPEN_DONE:
+ umb_handle_opendone_msg(sc, response, len);
+ break;
+ case MBIM_CLOSE_DONE:
+ umb_handle_closedone_msg(sc, response, len);
+ break;
+ case MBIM_COMMAND_DONE:
+ umb_command_done(sc, response, len);
+ break;
+ default:
+ DPRINTF("%s: discard messsage %s\n", DEVNAM(sc),
+    umb_request2str(type));
+ break;
+ }
+}
+
+void
+umb_handle_indicate_status_msg(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_f2h_indicate_status *m = data;
+ uint32_t infolen;
+ uint32_t cid;
+
+ if (len < sizeof (*m)) {
+ DPRINTF("%s: discard short %s messsage\n", DEVNAM(sc),
+    umb_request2str(letoh32(m->hdr.type)));
+ return;
+ }
+ if (memcmp(m->devid, umb_uuid_basic_connect, sizeof (m->devid))) {
+ DPRINTF("%s: discard %s messsage for other UUID '%s'\n",
+    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),
+    umb_uuid2str(m->devid));
+ return;
+ }
+ infolen = letoh32(m->infolen);
+ if (len < sizeof (*m) + infolen) {
+ DPRINTF("%s: discard truncated %s messsage (want %d, got %d)\n",
+    DEVNAM(sc), umb_request2str(letoh32(m->hdr.type)),
+    (int)sizeof (*m) + infolen, len);
+ return;
+ }
+
+ cid = letoh32(m->cid);
+ DPRINTF("%s: indicate %s status\n", DEVNAM(sc), umb_cid2str(cid));
+ umb_decode_cid(sc, cid, m->info, infolen);
+}
+
+void
+umb_handle_opendone_msg(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_f2h_openclosedone *resp = data;
+ uint32_t status;
+
+ status = letoh32(resp->status);
+ if (status == MBIM_STATUS_SUCCESS) {
+ if (sc->sc_maxsessions == 0) {
+ umb_cmd(sc, MBIM_CID_DEVICE_CAPS, MBIM_CMDOP_QRY, NULL,
+    0);
+ umb_cmd(sc, MBIM_CID_PIN, MBIM_CMDOP_QRY, NULL, 0);
+ umb_cmd(sc, MBIM_CID_REGISTER_STATE, MBIM_CMDOP_QRY,
+    NULL, 0);
+ }
+ umb_newstate(sc, UMB_S_OPEN, UMB_NS_DONT_DROP);
+ } else
+ log(LOG_ERR, "%s: open error: %s\n", DEVNAM(sc),
+    umb_status2str(status));
+ return;
+}
+
+void
+umb_handle_closedone_msg(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_f2h_openclosedone *resp = data;
+ uint32_t status;
+
+ status = letoh32(resp->status);
+ if (status == MBIM_STATUS_SUCCESS)
+ umb_newstate(sc, UMB_S_DOWN, 0);
+ else
+ DPRINTF("%s: close error: %s\n", DEVNAM(sc),
+    umb_status2str(status));
+ return;
+}
+
+static inline void
+umb_getinfobuf(void *in, int inlen, uint32_t offs, uint32_t sz,
+    void *out, size_t outlen)
+{
+ offs = letoh32(offs);
+ sz = letoh32(sz);
+ if (inlen >= offs + sz) {
+ memset(out, 0, outlen);
+ memcpy(out, in + offs, MIN(sz, outlen));
+ }
+}
+
+static inline int
+umb_padding(void *data, int len, size_t sz)
+{
+ char *p = data;
+ int np = 0;
+
+ while (len < sz && (len % 4) != 0) {
+ *p++ = '\0';
+ len++;
+ np++;
+ }
+ return np;
+}
+
+static inline int
+umb_addstr(void *buf, size_t bufsz, int *offs, void *str, int slen,
+    uint32_t *offsmember, uint32_t *sizemember)
+{
+ if (*offs + slen > bufsz)
+ return 0;
+
+ *sizemember = htole32((uint32_t)slen);
+ if (slen && str) {
+ *offsmember = htole32((uint32_t)*offs);
+ memcpy(buf + *offs, str, slen);
+ *offs += slen;
+ *offs += umb_padding(buf, *offs, bufsz);
+ } else
+ *offsmember = htole32(0);
+ return 1;
+}
+
+int
+umb_decode_register_state(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_registration_state_info *rs = data;
+
+ if (len < sizeof (*rs))
+ return 0;
+ sc->sc_info.nwerror = letoh32(rs->nwerror);
+ sc->sc_info.regstate = letoh32(rs->regstate);
+ sc->sc_info.regmode = letoh32(rs->regmode);
+ sc->sc_info.cellclass = letoh32(rs->curcellclass);
+
+ /* XXX should we remember the provider_id? */
+ umb_getinfobuf(data, len, rs->provname_offs, rs->provname_size,
+    sc->sc_info.provider, sizeof (sc->sc_info.provider));
+ umb_getinfobuf(data, len, rs->roamingtxt_offs, rs->roamingtxt_size,
+    sc->sc_info.roamingtxt, sizeof (sc->sc_info.roamingtxt));
+
+ DPRINTFN(2, "%s: %s, availclass 0x%x, class 0x%x, regmode %d\n",
+    DEVNAM(sc), umb_regstate(sc->sc_info.regstate),
+    letoh32(rs->availclasses), sc->sc_info.cellclass,
+    sc->sc_info.regmode);
+
+ if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING &&
+    !sc->sc_roaming &&
+    sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED) {
+ log(LOG_INFO, "%s: disconnecting from roaming network\n",
+    DEVNAM(sc));
+ umb_newstate(sc, UMB_S_ATTACHED, UMB_NS_DONT_RAISE);
+ }
+ return 1;
+}
+
+int
+umb_decode_devices_caps(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_device_caps *dc = data;
+
+ if (len < sizeof (*dc))
+ return 0;
+ sc->sc_maxsessions = letoh32(dc->max_sessions);
+ sc->sc_info.supportedclasses = letoh32(dc->dataclass);
+ umb_getinfobuf(data, len, dc->devid_offs, dc->devid_size,
+    sc->sc_info.devid, sizeof (sc->sc_info.devid));
+ umb_getinfobuf(data, len, dc->fwinfo_offs, dc->fwinfo_size,
+    sc->sc_info.fwinfo, sizeof (sc->sc_info.fwinfo));
+ umb_getinfobuf(data, len, dc->hwinfo_offs, dc->hwinfo_size,
+    sc->sc_info.hwinfo, sizeof (sc->sc_info.hwinfo));
+ DPRINTFN(2, "%s: max sessions %d, supported classes 0x%x\n",
+    DEVNAM(sc), sc->sc_maxsessions, sc->sc_info.supportedclasses);
+ return 1;
+}
+
+int
+umb_decode_subscriber_status(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_subscriber_ready_info *si = data;
+ int npn;
+
+ if (len < sizeof (*si))
+ return 0;
+ sc->sc_info.sim_state = letoh32(si->ready);
+
+ umb_getinfobuf(data, len, si->sid_offs, si->sid_size,
+    sc->sc_info.sid, sizeof (sc->sc_info.sid));
+ umb_getinfobuf(data, len, si->icc_offs, si->icc_size,
+    sc->sc_info.iccid, sizeof (sc->sc_info.iccid));
+
+ npn = letoh32(si->no_pn);
+ if (npn > 0)
+ umb_getinfobuf(data, len, si->pn[0].offs, si->pn[0].size,
+    sc->sc_info.pn, sizeof (sc->sc_info.pn));
+ else
+ memset(sc->sc_info.pn, 0, sizeof (sc->sc_info.pn));
+
+ if (sc->sc_info.sim_state == MBIM_SIMSTATE_LOCKED)
+ sc->sc_info.pin_state = UMB_PUK_REQUIRED;
+ log(LOG_INFO, "%s: SIM %s\n", DEVNAM(sc),
+    umb_simstate(sc->sc_info.sim_state));
+ if (sc->sc_info.sim_state == MBIM_SIMSTATE_INITIALIZED)
+ umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_DROP);
+ return 1;
+}
+
+int
+umb_decode_radio_state(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_radio_state_info *rs = data;
+
+ if (len < sizeof (*rs))
+ return 0;
+
+ sc->sc_info.hw_radio_on =
+    (letoh32(rs->hw_state) == MBIM_RADIO_STATE_ON) ? 1 : 0;
+ sc->sc_info.sw_radio_on =
+    (letoh32(rs->sw_state) == MBIM_RADIO_STATE_ON) ? 1 : 0;
+ if (!sc->sc_info.hw_radio_on) {
+ log(LOG_INFO, "%s: radio is off by rfkill switch\n",
+    DEVNAM(sc));
+ /*
+ * XXX do we need a time to poll the state of the rfkill switch
+ * or will the device send an unsolicited notification
+ * in case the state changes?
+ */
+ umb_newstate(sc, UMB_S_OPEN, 0);
+ } else if (!sc->sc_info.sw_radio_on) {
+ log(LOG_INFO, "%s: radio is off\n", DEVNAM(sc));
+ umb_newstate(sc, UMB_S_OPEN, 0);
+ } else
+ umb_newstate(sc, UMB_S_RADIO, UMB_NS_DONT_DROP);
+ return 1;
+}
+
+int
+umb_decode_pin(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_pin_info *pi = data;
+ uint32_t attempts_left;
+
+ if (len < sizeof (*pi))
+ return 0;
+
+ attempts_left = letoh32(pi->remaining_attempts);
+ if (attempts_left != 0xffffffff)
+ sc->sc_info.pin_attempts_left = attempts_left;
+
+ switch (letoh32(pi->state)) {
+ case MBIM_PIN_STATE_UNLOCKED:
+ sc->sc_info.pin_state = UMB_PIN_UNLOCKED;
+ break;
+ case MBIM_PIN_STATE_LOCKED:
+ switch (letoh32(pi->type)) {
+ case MBIM_PIN_TYPE_PIN1:
+ sc->sc_info.pin_state = UMB_PIN_REQUIRED;
+ break;
+ case MBIM_PIN_TYPE_PUK1:
+ sc->sc_info.pin_state = UMB_PUK_REQUIRED;
+ break;
+ case MBIM_PIN_TYPE_PIN2:
+ case MBIM_PIN_TYPE_PUK2:
+ /* Assume that PIN1 was accepted */
+ sc->sc_info.pin_state = UMB_PIN_UNLOCKED;
+ break;
+ }
+ break;
+ }
+ log(LOG_INFO, "%s: %s state %s (%d attempts left)\n",
+    DEVNAM(sc), umb_pin_type(letoh32(pi->type)),
+    (letoh32(pi->state) == MBIM_PIN_STATE_UNLOCKED) ?
+        "unlocked" : "locked",
+    letoh32(pi->remaining_attempts));
+
+ /*
+ * In case the PIN was set after IFF_UP, retrigger the state machine
+ */
+ usb_add_task(sc->sc_udev, &sc->sc_umb_task);
+ return 1;
+}
+
+int
+umb_decode_packet_service(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_packet_service_info *psi = data;
+ int state, highestclass;
+ uint64_t up_speed, down_speed;
+ struct ifnet *ifp = GET_IFP(sc);
+
+ if (len < sizeof (*psi))
+ return 0;
+
+ sc->sc_info.nwerror = letoh32(psi->nwerror);
+ state = letoh32(psi->state);
+ highestclass = letoh32(psi->highest_dataclass);
+ up_speed = letoh64(psi->uplink_speed);
+ down_speed = letoh64(psi->downlink_speed);
+ if (sc->sc_info.packetstate  != state ||
+    sc->sc_info.uplink_speed != up_speed ||
+    sc->sc_info.downlink_speed != down_speed) {
+ log(LOG_INFO, "%s: packet service ", DEVNAM(sc));
+ if (sc->sc_info.packetstate  != state)
+ addlog("changed from %s to ",
+    umb_packet_state(sc->sc_info.packetstate));
+ addlog("%s, class %s, speed: %llu up / %llu down\n",
+    umb_packet_state(state), umb_dataclass(highestclass),
+    up_speed, down_speed);
+ }
+ sc->sc_info.packetstate = state;
+ sc->sc_info.highestclass = highestclass;
+ sc->sc_info.uplink_speed = up_speed;
+ sc->sc_info.downlink_speed = down_speed;
+
+ if (sc->sc_info.regmode == MBIM_REGMODE_AUTOMATIC) {
+ /*
+ * For devices using automatic registration mode, just proceed,
+ * once registration has completed.
+ */
+ if (ifp->if_flags & IFF_UP) {
+ switch (sc->sc_info.regstate) {
+ case MBIM_REGSTATE_HOME:
+ case MBIM_REGSTATE_ROAMING:
+ case MBIM_REGSTATE_PARTNER:
+ umb_newstate(sc, UMB_S_ATTACHED,
+    UMB_NS_DONT_DROP);
+ break;
+ default:
+ break;
+ }
+ } else
+ umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE);
+ } else switch (sc->sc_info.packetstate) {
+ case MBIM_PKTSERVICE_STATE_ATTACHED:
+ umb_newstate(sc, UMB_S_ATTACHED, UMB_NS_DONT_DROP);
+ break;
+ case MBIM_PKTSERVICE_STATE_DETACHED:
+ umb_newstate(sc, UMB_S_SIMREADY, UMB_NS_DONT_RAISE);
+ break;
+ }
+ return 1;
+}
+
+int
+umb_decode_signal_state(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_signal_state *ss = data;
+ int rssi;
+
+ if (len < sizeof (*ss))
+ return 0;
+
+ if (letoh32(ss->rssi) == 99)
+ rssi = UMB_VALUE_UNKNOWN;
+ else {
+ rssi = -113 + 2 * letoh32(ss->rssi);
+ if (sc->sc_info.rssi != rssi &&
+    sc->sc_state >= UMB_S_CONNECTED)
+ log(LOG_INFO, "%s: rssi %d dBm\n", DEVNAM(sc), rssi);
+ }
+ sc->sc_info.rssi = rssi;
+ sc->sc_info.ber = letoh32(ss->err_rate);
+ if (sc->sc_info.ber == -99)
+ sc->sc_info.ber = UMB_VALUE_UNKNOWN;
+ return 1;
+}
+
+int
+umb_decode_connect_info(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_connect_info *ci = data;
+ int act;
+
+ if (len < sizeof (*ci))
+ return 0;
+
+ if (letoh32(ci->sessionid) != umb_session_id) {
+ DPRINTF("%s: discard connection info for session %u\n",
+    DEVNAM(sc), letoh32(ci->sessionid));
+ return 1;
+ }
+ if (memcmp(ci->context, umb_uuid_context_internet,
+    sizeof (ci->context))) {
+ DPRINTF("%s: discard connection info for other context\n",
+    DEVNAM(sc));
+ return 1;
+ }
+ act = letoh32(ci->activation);
+ if (sc->sc_info.activation != act) {
+ log(LOG_INFO, "%s: connection %s\n", DEVNAM(sc),
+    umb_activation(act));
+ if (letoh32(ci->iptype) != MBIM_CONTEXT_IPTYPE_DEFAULT &&
+    letoh32(ci->iptype) != MBIM_CONTEXT_IPTYPE_IPV4)
+ log(LOG_DEBUG, "%s: got iptype %d connection\n",
+    DEVNAM(sc), letoh32(ci->iptype));
+
+ sc->sc_info.activation = act;
+ sc->sc_info.nwerror = letoh32(ci->nwerror);
+
+ if (sc->sc_info.activation == MBIM_ACTIVATION_STATE_ACTIVATED)
+ umb_newstate(sc, UMB_S_CONNECTED, UMB_NS_DONT_DROP);
+ else if (sc->sc_info.activation ==
+    MBIM_ACTIVATION_STATE_DEACTIVATED)
+ umb_newstate(sc, UMB_S_ATTACHED, 0);
+ /* else: other states are purely transitional */
+ }
+ return 1;
+}
+
+int
+umb_decode_ip_configuration(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_cid_ip_configuration_info *ic = data;
+ struct ifnet *ifp = GET_IFP(sc);
+ int s;
+ uint32_t avail;
+ uint32_t val;
+ int n, i;
+ int off;
+ struct mbim_cid_ipv4_element ipv4elem;
+ struct in_aliasreq ifra;
+ struct sockaddr_in *sin;
+ int state = -1;
+ int rv;
+
+ if (len < sizeof (*ic))
+ return 0;
+ if (letoh32(ic->sessionid) != umb_session_id) {
+ DPRINTF("%s: ignore IP configration for session id %d\n",
+    DEVNAM(sc), letoh32(ic->sessionid));
+ return 0;
+ }
+ s = splnet();
+
+ /*
+ * IPv4 configuation
+ */
+ avail = letoh32(ic->ipv4_available);
+ if (avail & MBIM_IPCONF_HAS_ADDRINFO) {
+ n = letoh32(ic->ipv4_naddr);
+ off = letoh32(ic->ipv4_addroffs);
+
+ if (n == 0 || off + sizeof (ipv4elem) > len)
+ goto done;
+
+ /* Only pick the first one */
+ memcpy(&ipv4elem, data + off, sizeof (ipv4elem));
+ ipv4elem.addr = letoh32(ipv4elem.addr);
+ ipv4elem.prefixlen = letoh32(ipv4elem.prefixlen);
+
+ memset(&ifra, 0, sizeof (ifra));
+ sin = (struct sockaddr_in *)&ifra.ifra_addr;
+ sin->sin_family = AF_INET;
+ sin->sin_len = sizeof (ifra.ifra_addr);
+ sin->sin_addr.s_addr = ipv4elem.addr;
+
+ sin = (struct sockaddr_in *)&ifra.ifra_dstaddr;
+ sin->sin_family = AF_INET;
+ sin->sin_len = sizeof (ifra.ifra_dstaddr);
+ if (avail & MBIM_IPCONF_HAS_GWINFO) {
+ off = letoh32(ic->ipv4_gwoffs);
+ sin->sin_addr.s_addr =
+    letoh32(*((uint32_t *)(data + off)));
+ }
+
+ sin = (struct sockaddr_in *)&ifra.ifra_mask;
+ sin->sin_family = AF_INET;
+ sin->sin_len = sizeof (ifra.ifra_mask);
+ in_len2mask(&sin->sin_addr, ipv4elem.prefixlen);
+
+ if ((rv = in_ioctl(SIOCAIFADDR, (caddr_t)&ifra, ifp, 1)) == 0) {
+ log(LOG_INFO, "%s: IPv4 addr %s, mask %s, gateway %s\n",
+    DEVNAM(ifp->if_softc),
+    umb_ntop(sintosa(&ifra.ifra_addr)),
+    umb_ntop(sintosa(&ifra.ifra_mask)),
+    umb_ntop(sintosa(&ifra.ifra_dstaddr)));
+ state = UMB_S_UP;
+ } else
+ log(LOG_ERR, "%s: unable to set IPv4 address, "
+    "error %d\n", DEVNAM(ifp->if_softc), rv);
+ }
+
+ memset(sc->sc_info.ipv4dns, 0, sizeof (sc->sc_info.ipv4dns));
+ if (avail & MBIM_IPCONF_HAS_DNSINFO) {
+ n = letoh32(ic->ipv4_ndnssrv);
+ off = letoh32(ic->ipv4_dnssrvoffs);
+ i = 0;
+ while (n-- > 0) {
+ if (off + sizeof (uint32_t) > len)
+ break;
+ val = letoh32(*((uint32_t *)(data + off)));
+ if (i < UMB_MAX_DNSSRV)
+ sc->sc_info.ipv4dns[i++] = val;
+ off += sizeof (uint32_t);
+ }
+ }
+
+ if ((avail & MBIM_IPCONF_HAS_MTUINFO)) {
+ val = letoh32(ic->ipv4_mtu);
+ if (ifp->if_hardmtu != val && val <= sc->sc_maxpktlen) {
+ ifp->if_hardmtu = val;
+ if (ifp->if_mtu > val)
+ ifp->if_mtu = val;
+ log(LOG_INFO, "%s: MTU is %d\n", DEVNAM(sc), val);
+ }
+ }
+
+ avail = letoh32(ic->ipv6_available);
+ if (avail & MBIM_IPCONF_HAS_ADDRINFO) {
+ /* XXX FIXME: IPv6 configuation missing */
+ log(LOG_INFO, "%s: ignoring IPv6 configuration\n", DEVNAM(sc));
+ }
+ if (state != -1)
+ umb_newstate(sc, state, 0);
+
+done:
+ splx(s);
+ return 1;
+}
+
+void
+umb_rx(struct umb_softc *sc)
+{
+ usbd_setup_xfer(sc->sc_rx_xfer, sc->sc_rx_pipe, sc, sc->sc_rx_buf,
+    sc->sc_maxpktlen, USBD_SHORT_XFER_OK | USBD_NO_COPY,
+    USBD_NO_TIMEOUT, umb_rxeof);
+ usbd_transfer(sc->sc_rx_xfer);
+}
+
+void
+umb_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
+{
+ struct umb_softc *sc = priv;
+ struct ifnet *ifp = GET_IFP(sc);
+
+ if (usbd_is_dying(sc->sc_udev) || !(ifp->if_flags & IFF_RUNNING))
+ return;
+
+ if (status != USBD_NORMAL_COMPLETION) {
+ if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
+ return;
+ DPRINTF("%s: rx error: %s\n", DEVNAM(sc), usbd_errstr(status));
+ if (status == USBD_STALLED)
+ usbd_clear_endpoint_stall_async(sc->sc_rx_pipe);
+ if (++sc->sc_rx_nerr > 100) {
+ log(LOG_ERR, "%s: too many rx errors, disabling\n",
+    DEVNAM(sc));
+ usbd_deactivate(sc->sc_udev);
+ }
+ } else {
+ sc->sc_rx_nerr = 0;
+ umb_decap(sc, xfer);
+ }
+
+ umb_rx(sc);
+ return;
+}
+
+int
+umb_encap(struct umb_softc *sc, struct mbuf *m)
+{
+ struct ncm_header16 *hdr;
+ struct ncm_pointer16 *ptr;
+ usbd_status  err;
+ int len;
+
+ KASSERT(sc->sc_tx_m == NULL);
+
+ hdr = sc->sc_tx_buf;
+ ptr = (struct ncm_pointer16 *)(hdr + 1);
+
+ USETDW(hdr->dwSignature, NCM_HDR16_SIG);
+ USETW(hdr->wHeaderLength, sizeof (*hdr));
+ USETW(hdr->wSequence, sc->sc_tx_seq);
+ sc->sc_tx_seq++;
+ USETW(hdr->wNdpIndex, sizeof (*hdr));
+
+ len = m->m_pkthdr.len;
+ USETDW(ptr->dwSignature, MBIM_NCM_NTH16_SIG(umb_session_id));
+ USETW(ptr->wLength, sizeof (*ptr));
+ USETW(ptr->wNextNdpIndex, 0);
+ USETW(ptr->dgram[0].wDatagramIndex, MBIM_HDR16_LEN);
+ USETW(ptr->dgram[0].wDatagramLen, len);
+ USETW(ptr->dgram[1].wDatagramIndex, 0);
+ USETW(ptr->dgram[1].wDatagramLen, 0);
+
+ m_copydata(m, 0, len, (caddr_t)(ptr + 1));
+ sc->sc_tx_m = m;
+ len += MBIM_HDR16_LEN;
+ USETW(hdr->wBlockLength, len);
+
+ DPRINTFN(3, "%s: encap %d bytes\n", DEVNAM(sc), len);
+ DDUMPN(5, sc->sc_tx_buf, len);
+ usbd_setup_xfer(sc->sc_tx_xfer, sc->sc_tx_pipe, sc, sc->sc_tx_buf, len,
+    USBD_FORCE_SHORT_XFER | USBD_NO_COPY, umb_xfer_tout, umb_txeof);
+ err = usbd_transfer(sc->sc_tx_xfer);
+ if (err != USBD_IN_PROGRESS) {
+ DPRINTF("%s: start tx error: %s\n", DEVNAM(sc),
+    usbd_errstr(err));
+ return 0;
+ }
+ return 1;
+}
+
+void
+umb_txeof(struct usbd_xfer *xfer, void *priv, usbd_status status)
+{
+ struct umb_softc *sc = priv;
+ struct ifnet *ifp = GET_IFP(sc);
+ int s;
+
+ s = splnet();
+ ifq_clr_oactive(&ifp->if_snd);
+ ifp->if_timer = 0;
+
+ m_freem(sc->sc_tx_m);
+ sc->sc_tx_m = NULL;
+
+ if (status != USBD_NORMAL_COMPLETION) {
+ if (status != USBD_NOT_STARTED && status != USBD_CANCELLED) {
+ ifp->if_oerrors++;
+ DPRINTF("%s: tx error: %s\n", DEVNAM(sc),
+    usbd_errstr(status));
+ if (status == USBD_STALLED)
+ usbd_clear_endpoint_stall_async(sc->sc_tx_pipe);
+ }
+ } else {
+ ifp->if_opackets++;
+ if (IFQ_IS_EMPTY(&ifp->if_snd) == 0)
+ umb_start(ifp);
+ }
+
+ splx(s);
+}
+
+void
+umb_decap(struct umb_softc *sc, struct usbd_xfer *xfer)
+{
+ struct ifnet *ifp = GET_IFP(sc);
+ int s;
+ void *buf;
+ uint32_t len;
+ char *dp;
+ struct ncm_header16 *hdr16;
+ struct ncm_header32 *hdr32;
+ struct ncm_pointer16 *ptr16;
+ struct ncm_pointer16_dgram *dgram16;
+ struct ncm_pointer32_dgram *dgram32;
+ uint32_t hsig, psig;
+ int hlen, blen;
+ int ptrlen, ptroff, dgentryoff;
+ uint32_t doff, dlen;
+ struct mbuf_list ml = MBUF_LIST_INITIALIZER();
+ struct mbuf *m;
+
+ usbd_get_xfer_status(xfer, NULL, &buf, &len, NULL);
+ DPRINTFN(4, "%s: recv %d bytes\n", DEVNAM(sc), len);
+ DDUMPN(5, buf, len);
+ s = splnet();
+ if (len < sizeof (*hdr16))
+ goto toosmall;
+ if (len > sc->sc_maxpktlen) {
+ DPRINTF("%s: packet too large (%d)\n", DEVNAM(sc), len);
+ goto fail;
+ }
+
+ hdr16 = (struct ncm_header16 *)buf;
+ hsig = UGETDW(hdr16->dwSignature);
+ hlen = UGETW(hdr16->wHeaderLength);
+ switch (hsig) {
+ case NCM_HDR16_SIG:
+ blen = UGETW(hdr16->wBlockLength);
+ if (hlen != sizeof (*hdr16)) {
+ DPRINTF("%s: bad header len %d for NTH16 (exp %zu)\n",
+    DEVNAM(sc), hlen, sizeof (*hdr16));
+ goto fail;
+ }
+ break;
+ case NCM_HDR32_SIG:
+ hdr32 = (struct ncm_header32 *)hdr16;
+ blen = UGETDW(hdr32->dwBlockLength);
+ if (hlen != sizeof (*hdr32)) {
+ DPRINTF("%s: bad header len %d for NTH32 (exp %zu)\n",
+    DEVNAM(sc), hlen, sizeof (*hdr32));
+ goto fail;
+ }
+ break;
+ default:
+ DPRINTF("%s: unsupported NCM header signature (0x%08x)\n",
+    DEVNAM(sc), hsig);
+ goto fail;
+ }
+ if (len < hlen)
+ goto toosmall;
+ if (len < blen) {
+ DPRINTF("%s: bad NTB len (%d) for %d bytes of data\n",
+    DEVNAM(sc), blen, len);
+ goto fail;
+ }
+
+ ptroff = hlen;
+ ptr16 = (struct ncm_pointer16 *)(buf + ptroff);
+ psig = UGETDW(ptr16->dwSignature);
+ ptrlen = UGETW(ptr16->wLength);
+ if (len < ptrlen + ptroff)
+ goto toosmall;
+ if (!MBIM_NCM_NTH16_ISISG(psig) && !MBIM_NCM_NTH32_ISISG(psig)) {
+ DPRINTF("%s: unsupported NCM pointer signature (0x%08x)\n",
+    DEVNAM(sc), psig);
+ goto fail;
+ }
+
+ switch (hsig) {
+ case NCM_HDR16_SIG:
+ dgentryoff = offsetof(struct ncm_pointer16, dgram);
+ break;
+ case NCM_HDR32_SIG:
+ dgentryoff = offsetof(struct ncm_pointer32, dgram);
+ break;
+ default:
+ goto fail;
+ }
+
+ while (dgentryoff < ptrlen) {
+ switch (hsig) {
+ case NCM_HDR16_SIG:
+ if (ptroff + dgentryoff < sizeof (*dgram16))
+ goto done;
+ dgram16 = (struct ncm_pointer16_dgram *)
+    (buf + ptroff + dgentryoff);
+ dgentryoff += sizeof (*dgram16);
+ dlen = UGETW(dgram16->wDatagramLen);
+ doff = UGETW(dgram16->wDatagramIndex);
+ break;
+ case NCM_HDR32_SIG:
+ if (ptroff + dgentryoff < sizeof (*dgram32))
+ goto done;
+ dgram32 = (struct ncm_pointer32_dgram *)
+    (buf + ptroff + dgentryoff);
+ dgentryoff += sizeof (*dgram32);
+ dlen = UGETDW(dgram32->dwDatagramLen);
+ doff = UGETDW(dgram32->dwDatagramIndex);
+ break;
+ default:
+ ifp->if_ierrors++;
+ goto done;
+ }
+
+ /* Terminating zero entry */
+ if (dlen == 0 && doff == 0)
+ break;
+ if (len < dlen + doff) {
+ /* Skip giant datagram but continue processing */
+ DPRINTF("%s: datagram too large (%d @ off %d)\n",
+    DEVNAM(sc), dlen, doff);
+ continue;
+ }
+
+ dp = buf + doff;
+ DPRINTFN(3, "%s: decap %d bytes\n", DEVNAM(sc), dlen);
+ m = m_devget(dp, dlen, 0);
+ if (m == NULL) {
+ ifp->if_iqdrops++;
+ continue;
+ }
+
+ ml_enqueue(&ml, m);
+ }
+done:
+ if_input(ifp, &ml);
+ splx(s);
+ return;
+toosmall:
+ DPRINTF("%s: packet too small (%d)\n", DEVNAM(sc), len);
+fail:
+ ifp->if_ierrors++;
+ splx(s);
+}
+
+usbd_status
+umb_send_encap_command(struct umb_softc *sc, void *data, int len)
+{
+ struct usbd_xfer *xfer;
+ usb_device_request_t req;
+ char *buf;
+
+ if (len > sc->sc_ctrl_len)
+ return USBD_INVAL;
+
+ if ((xfer = usbd_alloc_xfer(sc->sc_udev)) == NULL)
+ return USBD_NOMEM;
+ if ((buf = usbd_alloc_buffer(xfer, len)) == NULL) {
+ usbd_free_xfer(xfer);
+ return USBD_NOMEM;
+ }
+ memcpy(buf, data, len);
+
+ /* XXX FIXME: if (total len > sc->sc_ctrl_len) => must fragment */
+ req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
+ req.bRequest = UCDC_SEND_ENCAPSULATED_COMMAND;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, sc->sc_ctrl_ifaceno);
+ USETW(req.wLength, len);
+ DELAY(umb_delay);
+ return usbd_request_async(xfer, &req, NULL, NULL);
+}
+
+int
+umb_get_encap_response(struct umb_softc *sc, void *buf, int *len)
+{
+ usb_device_request_t req;
+ usbd_status err;
+
+ req.bmRequestType = UT_READ_CLASS_INTERFACE;
+ req.bRequest = UCDC_GET_ENCAPSULATED_RESPONSE;
+ USETW(req.wValue, 0);
+ USETW(req.wIndex, sc->sc_ctrl_ifaceno);
+ USETW(req.wLength, *len);
+ /* XXX FIXME: re-assemble fragments */
+
+ DELAY(umb_delay);
+ err = usbd_do_request_flags(sc->sc_udev, &req, buf, USBD_SHORT_XFER_OK,
+    len, umb_xfer_tout);
+ if (err == USBD_NORMAL_COMPLETION)
+ return 1;
+ DPRINTF("%s: ctrl recv: %s\n", DEVNAM(sc), usbd_errstr(err));
+ return 0;
+}
+
+void
+umb_ctrl_msg(struct umb_softc *sc, uint32_t req, void *data, int len)
+{
+ uint32_t tid;
+ struct mbim_msghdr *hdr = data;
+ usbd_status err;
+ int s;
+
+ assertwaitok();
+ if (usbd_is_dying(sc->sc_udev))
+ return;
+ if (len < sizeof (*hdr))
+ return;
+ tid = ++sc->sc_tid;
+
+ hdr->type = htole32(req);
+ hdr->len = htole32(len);
+ hdr->tid = htole32(tid);
+
+#ifdef UMB_DEBUG
+ if (umb_debug) {
+ const char *op, *str;
+ if (req == MBIM_COMMAND_MSG) {
+ struct mbim_h2f_cmd *c = data;
+ if (letoh32(c->op) == MBIM_CMDOP_SET)
+ op = "set";
+ else
+ op = "qry";
+ str = umb_cid2str(letoh32(c->cid));
+ } else {
+ op = "snd";
+ str = umb_request2str(req);
+ }
+ DPRINTF("%s: -> %s %s (tid %u)\n", DEVNAM(sc), op, str, tid);
+ }
+#endif
+ s = splusb();
+ err = umb_send_encap_command(sc, data, len);
+ splx(s);
+ if (err != USBD_NORMAL_COMPLETION) {
+ log(LOG_ERR, "%s: send %s msg (tid %u) failed: %s\n",
+    DEVNAM(sc), umb_request2str(req), tid, usbd_errstr(err));
+
+ /* will affect other transactions, too */
+ usbd_abort_pipe(sc->sc_udev->default_pipe);
+ } else {
+ DPRINTFN(2, "%s: sent %s (tid %u)\n", DEVNAM(sc),
+    umb_request2str(req), tid);
+ DDUMPN(3, data, len);
+ }
+ return;
+}
+
+void
+umb_open(struct umb_softc *sc)
+{
+ struct mbim_h2f_openmsg msg;
+
+ memset(&msg, 0, sizeof (msg));
+ msg.maxlen = htole32(sc->sc_ctrl_len);
+ umb_ctrl_msg(sc, MBIM_OPEN_MSG, &msg, sizeof (msg));
+ return;
+}
+
+void
+umb_close(struct umb_softc *sc)
+{
+ struct mbim_h2f_closemsg msg;
+
+ memset(&msg, 0, sizeof (msg));
+ umb_ctrl_msg(sc, MBIM_CLOSE_MSG, &msg, sizeof (msg));
+}
+
+int
+umb_setpin(struct umb_softc *sc, int op, int is_puk, void *pin, int pinlen,
+    void *newpin, int newpinlen)
+{
+ struct mbim_cid_pin cp;
+ int off;
+
+ if (pinlen == 0)
+ return 0;
+ if (pinlen < 0 || pinlen > MBIM_PIN_MAXLEN ||
+    newpinlen < 0 || newpinlen > MBIM_PIN_MAXLEN ||
+    op < 0 || op > MBIM_PIN_OP_CHANGE ||
+    (is_puk && op != MBIM_PIN_OP_ENTER))
+ return EINVAL;
+
+ memset(&cp, 0, sizeof (cp));
+ cp.type = htole32(is_puk ? MBIM_PIN_TYPE_PUK1 : MBIM_PIN_TYPE_PIN1);
+
+ off = offsetof(struct mbim_cid_pin, data);
+ if (!umb_addstr(&cp, sizeof (cp), &off, pin, pinlen,
+    &cp.pin_offs, &cp.pin_size))
+ return EINVAL;
+
+ cp.op  = htole32(op);
+ if (newpinlen) {
+ if (!umb_addstr(&cp, sizeof (cp), &off, newpin, newpinlen,
+    &cp.newpin_offs, &cp.newpin_size))
+ return EINVAL;
+ } else {
+ if ((op == MBIM_PIN_OP_CHANGE) || is_puk)
+ return EINVAL;
+ if (!umb_addstr(&cp, sizeof (cp), &off, NULL, 0,
+    &cp.newpin_offs, &cp.newpin_size))
+ return EINVAL;
+ }
+ umb_cmd(sc, MBIM_CID_PIN, MBIM_CMDOP_SET, &cp, off);
+ return 0;
+}
+
+void
+umb_setdataclass(struct umb_softc *sc)
+{
+ struct mbim_cid_registration_state rs;
+ uint32_t classes;
+
+ if (sc->sc_info.supportedclasses == MBIM_DATACLASS_NONE)
+ return;
+
+ memset(&rs, 0, sizeof (rs));
+ rs.regaction = htole32(MBIM_REGACTION_AUTOMATIC);
+ classes = sc->sc_info.supportedclasses;
+ if (sc->sc_info.preferredclasses != MBIM_DATACLASS_NONE)
+ classes &= sc->sc_info.preferredclasses;
+ rs.data_class = htole32(classes);
+ umb_cmd(sc, MBIM_CID_REGISTER_STATE, MBIM_CMDOP_SET, &rs, sizeof (rs));
+}
+
+void
+umb_radio(struct umb_softc *sc, int on)
+{
+ struct mbim_cid_radio_state s;
+
+ DPRINTF("%s: set radio %s\n", DEVNAM(sc), on ? "on" : "off");
+ memset(&s, 0, sizeof (s));
+ s.state = htole32(on ? MBIM_RADIO_STATE_ON : MBIM_RADIO_STATE_OFF);
+ umb_cmd(sc, MBIM_CID_RADIO_STATE, MBIM_CMDOP_SET, &s, sizeof (s));
+}
+
+void
+umb_packet_service(struct umb_softc *sc, int attach)
+{
+ struct mbim_cid_packet_service s;
+
+ DPRINTF("%s: %s packet service\n", DEVNAM(sc),
+    attach ? "attach" : "detach");
+ memset(&s, 0, sizeof (s));
+ s.action = htole32(attach ?
+    MBIM_PKTSERVICE_ACTION_ATTACH : MBIM_PKTSERVICE_ACTION_DETACH);
+ umb_cmd(sc, MBIM_CID_PACKET_SERVICE, MBIM_CMDOP_SET, &s, sizeof (s));
+}
+
+void
+umb_connect(struct umb_softc *sc)
+{
+ if (sc->sc_info.regstate == MBIM_REGSTATE_ROAMING && !sc->sc_roaming) {
+ log(LOG_INFO, "%s: connection disabled in roaming network\n",
+    DEVNAM(sc));
+ return;
+ }
+ log(LOG_DEBUG, "%s: connecting ...\n", DEVNAM(sc));
+ umb_send_connect(sc, MBIM_CONNECT_ACTIVATE);
+}
+
+void
+umb_disconnect(struct umb_softc *sc)
+{
+ log(LOG_DEBUG, "%s: disconnecting ...\n", DEVNAM(sc));
+ umb_send_connect(sc, MBIM_CONNECT_DEACTIVATE);
+}
+
+void
+umb_send_connect(struct umb_softc *sc, int command)
+{
+ struct mbim_cid_connect *c;
+ int off;
+
+ /* Too large or the stack */
+ c = malloc(sizeof (*c), M_USBDEV, M_WAIT|M_ZERO);
+ c->sessionid = htole32(umb_session_id);
+ c->command = htole32(command);
+ off = offsetof(struct mbim_cid_connect, data);
+ if (!umb_addstr(c, sizeof (*c), &off, sc->sc_info.apn,
+    sc->sc_info.apnlen, &c->access_offs, &c->access_size))
+ goto done;
+ /* XXX FIXME: support user name and passphrase */
+ c->user_offs = htole32(0);
+ c->user_size = htole32(0);
+ c->passwd_offs = htole32(0);
+ c->passwd_size = htole32(0);
+ c->authprot = htole32(MBIM_AUTHPROT_NONE);
+ c->compression = htole32(MBIM_COMPRESSION_NONE);
+ c->iptype = htole32(MBIM_CONTEXT_IPTYPE_IPV4);
+ memcpy(c->context, umb_uuid_context_internet, sizeof (c->context));
+ umb_cmd(sc, MBIM_CID_CONNECT, MBIM_CMDOP_SET, c, off);
+done:
+ free(c, M_USBDEV, sizeof (*c));
+ return;
+}
+
+void
+umb_qry_ipconfig(struct umb_softc *sc)
+{
+ struct mbim_cid_ip_configuration_info ipc;
+
+ memset(&ipc, 0, sizeof (ipc));
+ ipc.sessionid = htole32(umb_session_id);
+ umb_cmd(sc, MBIM_CID_IP_CONFIGURATION, MBIM_CMDOP_QRY,
+    &ipc, sizeof (ipc));
+}
+
+void
+umb_cmd(struct umb_softc *sc, int cid, int op, void *data, int len)
+{
+ struct mbim_h2f_cmd *cmd;
+ int totlen;
+
+ /* XXX FIXME support sending fragments */
+ if (sizeof (*cmd) + len > sc->sc_ctrl_len) {
+ DPRINTF("%s: set %s msg too long: cannot send\n",
+    DEVNAM(sc), umb_cid2str(cid));
+ return;
+ }
+ cmd = sc->sc_ctrl_msg;
+ memset(cmd, 0, sizeof (*cmd));
+ cmd->frag.nfrag = htole32(1);
+ memcpy(cmd->devid, umb_uuid_basic_connect, sizeof (cmd->devid));
+ cmd->cid = htole32(cid);
+ cmd->op = htole32(op);
+ cmd->infolen = htole32(len);
+ totlen = sizeof (*cmd);
+ if (len > 0) {
+ memcpy(cmd + 1, data, len);
+ totlen += len;
+ }
+ umb_ctrl_msg(sc, MBIM_COMMAND_MSG, cmd, totlen);
+}
+
+void
+umb_command_done(struct umb_softc *sc, void *data, int len)
+{
+ struct mbim_f2h_cmddone *cmd = data;
+ uint32_t status;
+ uint32_t cid;
+ uint32_t infolen;
+
+ if (len < sizeof (*cmd)) {
+ DPRINTF("%s: discard short %s messsage\n", DEVNAM(sc),
+    umb_request2str(letoh32(cmd->hdr.type)));
+ return;
+ }
+ cid = letoh32(cmd->cid);
+ if (memcmp(cmd->devid, umb_uuid_basic_connect, sizeof (cmd->devid))) {
+ DPRINTF("%s: discard %s messsage for other UUID '%s'\n",
+    DEVNAM(sc), umb_request2str(letoh32(cmd->hdr.type)),
+    umb_uuid2str(cmd->devid));
+ return;
+ }
+
+ status = letoh32(cmd->status);
+ switch (status) {
+ case MBIM_STATUS_SUCCESS:
+ break;
+ case MBIM_STATUS_NOT_INITIALIZED:
+ log(LOG_ERR, "%s: SIM not initialized (PIN missing)\n",
+    DEVNAM(sc));
+ return;
+ case MBIM_STATUS_PIN_REQUIRED:
+ sc->sc_info.pin_state = UMB_PIN_REQUIRED;
+ /*FALLTHROUGH*/
+ default:
+ log(LOG_ERR, "%s: set/qry %s failed: %s\n", DEVNAM(sc),
+    umb_cid2str(cid), umb_status2str(status));
+ return;
+ }
+
+ infolen = letoh32(cmd->infolen);
+ if (len < sizeof (*cmd) + infolen) {
+ DPRINTF("%s: discard truncated %s messsage (want %d, got %d)\n",
+    DEVNAM(sc), umb_cid2str(cid),
+    (int)sizeof (*cmd) + infolen, len);
+ return;
+ }
+ DPRINTFN(2, "%s: set/qry %s done\n", DEVNAM(sc), umb_cid2str(cid));
+ umb_decode_cid(sc, cid, cmd->info, infolen);
+}
+
+void
+umb_decode_cid(struct umb_softc *sc, uint32_t cid, void *data, int len)
+{
+ int ok = 1;
+
+ switch (cid) {
+ case MBIM_CID_DEVICE_CAPS:
+ ok = umb_decode_devices_caps(sc, data, len);
+ break;
+ case MBIM_CID_SUBSCRIBER_READY_STATUS:
+ ok = umb_decode_subscriber_status(sc, data, len);
+ break;
+ case MBIM_CID_RADIO_STATE:
+ ok = umb_decode_radio_state(sc, data, len);
+ break;
+ case MBIM_CID_PIN:
+ ok = umb_decode_pin(sc, data, len);
+ break;
+ case MBIM_CID_REGISTER_STATE:
+ ok = umb_decode_register_state(sc, data, len);
+ break;
+ case MBIM_CID_PACKET_SERVICE:
+ ok = umb_decode_packet_service(sc, data, len);
+ break;
+ case MBIM_CID_SIGNAL_STATE:
+ ok = umb_decode_signal_state(sc, data, len);
+ break;
+ case MBIM_CID_CONNECT:
+ ok = umb_decode_connect_info(sc, data, len);
+ break;
+ case MBIM_CID_IP_CONFIGURATION:
+ ok = umb_decode_ip_configuration(sc, data, len);
+ break;
+ default:
+ /*
+ * Note: the above list is incomplete and only contains
+ * mandatory CIDs from the BASIC_CONNECT set.
+ * So alternate values are not unusual.
+ */
+ DPRINTFN(4, "%s: ignore %s\n", DEVNAM(sc), umb_cid2str(cid));
+ break;
+ }
+ if (!ok)
+ DPRINTF("%s: discard %s with bad info length %d\n",
+    DEVNAM(sc), umb_cid2str(cid), len);
+ return;
+}
+
+void
+umb_intr(struct usbd_xfer *xfer, void *priv, usbd_status status)
+{
+ struct umb_softc *sc = priv;
+ int total_len;
+
+ if (status != USBD_NORMAL_COMPLETION) {
+ DPRINTF("%s: notification error: %s\n", DEVNAM(sc),
+    usbd_errstr(status));
+ if (status == USBD_STALLED)
+ usbd_clear_endpoint_stall_async(sc->sc_ctrl_pipe);
+ return;
+ }
+ usbd_get_xfer_status(xfer, NULL, NULL, &total_len, NULL);
+ if (total_len < UCDC_NOTIFICATION_LENGTH) {
+ DPRINTF("%s: short notification (%d<%d)\n", DEVNAM(sc),
+    total_len, UCDC_NOTIFICATION_LENGTH);
+    return;
+ }
+ if (sc->sc_intr_msg.bmRequestType != UCDC_NOTIFICATION) {
+ DPRINTF("%s: unexpected notification (type=0x%02x)\n",
+    DEVNAM(sc), sc->sc_intr_msg.bmRequestType);
+ return;
+ }
+
+ switch (sc->sc_intr_msg.bNotification) {
+ case UCDC_N_NETWORK_CONNECTION:
+ log(LOG_DEBUG, "%s: network %sconnected\n", DEVNAM(sc),
+    UGETW(sc->sc_intr_msg.wValue) ? "" : "dis");
+ break;
+ case UCDC_N_RESPONSE_AVAILABLE:
+ DPRINTFN(2, "%s: umb_intr: response available\n", DEVNAM(sc));
+ ++sc->sc_nresp;
+ usb_add_task(sc->sc_udev, &sc->sc_get_response_task);
+ break;
+ case UCDC_N_CONNECTION_SPEED_CHANGE:
+ DPRINTFN(2, "%s: umb_intr: connection speed changed\n",
+    DEVNAM(sc));
+ break;
+ default:
+ DPRINTF("%s: unexpected notifiation (0x%02x)\n",
+    DEVNAM(sc), sc->sc_intr_msg.bNotification);
+ break;
+ }
+}
+
+/*
+ * Diagnostic routines
+ */
+char *
+umb_ntop(struct sockaddr *sa)
+{
+#define NUMBUFS 4
+ static char astr[NUMBUFS][INET_ADDRSTRLEN];
+ static unsigned nbuf = 0;
+ char *s;
+
+ s = astr[nbuf++];
+ if (nbuf >= NUMBUFS)
+ nbuf = 0;
+
+ switch (sa->sa_family) {
+ case AF_INET:
+ default:
+ inet_ntop(AF_INET, &satosin(sa)->sin_addr, s, sizeof (astr[0]));
+ break;
+ case AF_INET6:
+ inet_ntop(AF_INET6, &satosin6(sa)->sin6_addr, s,
+    sizeof (astr[0]));
+ break;
+ }
+ return s;
+}
+
+#ifdef UMB_DEBUG
+char *
+umb_uuid2str(uint8_t uuid[MBIM_UUID_LEN])
+{
+ static char uuidstr[2 * MBIM_UUID_LEN + 5];
+
+#define UUID_BFMT "%02X"
+#define UUID_SEP "-"
+ snprintf(uuidstr, sizeof (uuidstr),
+    UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_SEP
+    UUID_BFMT UUID_BFMT UUID_SEP
+    UUID_BFMT UUID_BFMT UUID_SEP
+    UUID_BFMT UUID_BFMT UUID_SEP
+    UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT UUID_BFMT,
+    uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5],
+    uuid[6], uuid[7], uuid[8], uuid[9], uuid[10], uuid[11],
+    uuid[12], uuid[13], uuid[14], uuid[15]);
+ return uuidstr;
+}
+
+void
+umb_dump(void *buf, int len)
+{
+ int i = 0;
+ uint8_t *c = buf;
+
+ if (len == 0)
+ return;
+ while (i < len) {
+ if ((i % 16) == 0) {
+ if (i > 0)
+ addlog("\n");
+ log(LOG_DEBUG, "%4d:  ", i);
+ }
+ addlog(" %02x", *c);
+ c++;
+ i++;
+ }
+ addlog("\n");
+}
+#endif /* UMB_DEBUG */
Index: sys/dev/usb/if_umb.h
===================================================================
RCS file: sys/dev/usb/if_umb.h
diff -N sys/dev/usb/if_umb.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/dev/usb/if_umb.h 8 Jun 2016 12:52:59 -0000
@@ -0,0 +1,372 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2016 genua mbH
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Mobile Broadband Interface Model
+ * http://www.usb.org/developers/docs/devclass_docs/MBIM-Compliance-1.0.pdf
+ */
+
+struct umb_valdescr {
+ int val;
+ char *descr;
+};
+
+static const char *
+umb_val2descr(const struct umb_valdescr *vdp, int val)
+{
+ static char sval[32];
+
+ while (vdp->descr != NULL) {
+ if (vdp->val == val)
+ return vdp->descr;
+ vdp++;
+ }
+ snprintf(sval, sizeof (sval), "#%d", val);
+ return sval;
+}
+
+#define MBIM_REGSTATE_DESCRIPTIONS { \
+ { MBIM_REGSTATE_UNKNOWN, "unknown" }, \
+ { MBIM_REGSTATE_DEREGISTERED, "not registered" }, \
+ { MBIM_REGSTATE_SEARCHING, "searching" }, \
+ { MBIM_REGSTATE_HOME, "home network" }, \
+ { MBIM_REGSTATE_ROAMING, "roaming network" }, \
+ { MBIM_REGSTATE_PARTNER, "partner network" }, \
+ { MBIM_REGSTATE_DENIED, "access denied" }, \
+ { 0, NULL } }
+
+#define MBIM_DATACLASS_DESCRIPTIONS { \
+ { MBIM_DATACLASS_NONE, "none" }, \
+ { MBIM_DATACLASS_GPRS, "GPRS" }, \
+ { MBIM_DATACLASS_EDGE, "EDGE" }, \
+ { MBIM_DATACLASS_UMTS, "UMTS" }, \
+ { MBIM_DATACLASS_HSDPA, "HSDPA" }, \
+ { MBIM_DATACLASS_HSUPA, "HSUPA" }, \
+ { MBIM_DATACLASS_HSDPA|MBIM_DATACLASS_HSUPA, "HSPA" }, \
+ { MBIM_DATACLASS_LTE, "LTE" }, \
+ { MBIM_DATACLASS_1XRTT, "CDMA2000" }, \
+ { MBIM_DATACLASS_1XEVDO, "CDMA2000" }, \
+ { MBIM_DATACLASS_1XEVDO_REV_A, "CDMA2000" }, \
+ { MBIM_DATACLASS_1XEVDV, "CDMA2000" }, \
+ { MBIM_DATACLASS_3XRTT, "CDMA2000" }, \
+ { MBIM_DATACLASS_1XEVDO_REV_B, "CDMA2000" }, \
+ { MBIM_DATACLASS_UMB, "CDMA2000" }, \
+ { MBIM_DATACLASS_CUSTOM, "custom" }, \
+ { 0, NULL } }
+
+#define MBIM_1TO1_DESCRIPTION(m) { (m), #m }
+#define MBIM_MESSAGES_DESCRIPTIONS { \
+ MBIM_1TO1_DESCRIPTION(MBIM_OPEN_MSG), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CLOSE_MSG), \
+ MBIM_1TO1_DESCRIPTION(MBIM_COMMAND_MSG), \
+ MBIM_1TO1_DESCRIPTION(MBIM_HOST_ERROR_MSG), \
+ MBIM_1TO1_DESCRIPTION(MBIM_OPEN_DONE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CLOSE_DONE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_COMMAND_DONE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_FUNCTION_ERROR_MSG), \
+ MBIM_1TO1_DESCRIPTION(MBIM_INDICATE_STATUS_MSG), \
+ { 0, NULL } }
+
+#define MBIM_STATUS_DESCRIPTION(m) { MBIM_STATUS_ ## m, #m }
+#define MBIM_STATUS_DESCRIPTIONS { \
+ MBIM_STATUS_DESCRIPTION(SUCCESS), \
+ MBIM_STATUS_DESCRIPTION(BUSY), \
+ MBIM_STATUS_DESCRIPTION(FAILURE), \
+ MBIM_STATUS_DESCRIPTION(SIM_NOT_INSERTED), \
+ MBIM_STATUS_DESCRIPTION(BAD_SIM), \
+ MBIM_STATUS_DESCRIPTION(PIN_REQUIRED), \
+ MBIM_STATUS_DESCRIPTION(PIN_DISABLED), \
+ MBIM_STATUS_DESCRIPTION(NOT_REGISTERED), \
+ MBIM_STATUS_DESCRIPTION(PROVIDERS_NOT_FOUND), \
+ MBIM_STATUS_DESCRIPTION(NO_DEVICE_SUPPORT), \
+ MBIM_STATUS_DESCRIPTION(PROVIDER_NOT_VISIBLE), \
+ MBIM_STATUS_DESCRIPTION(DATA_CLASS_NOT_AVAILABLE), \
+ MBIM_STATUS_DESCRIPTION(PACKET_SERVICE_DETACHED), \
+ MBIM_STATUS_DESCRIPTION(MAX_ACTIVATED_CONTEXTS), \
+ MBIM_STATUS_DESCRIPTION(NOT_INITIALIZED), \
+ MBIM_STATUS_DESCRIPTION(VOICE_CALL_IN_PROGRESS), \
+ MBIM_STATUS_DESCRIPTION(CONTEXT_NOT_ACTIVATED), \
+ MBIM_STATUS_DESCRIPTION(SERVICE_NOT_ACTIVATED), \
+ MBIM_STATUS_DESCRIPTION(INVALID_ACCESS_STRING), \
+ MBIM_STATUS_DESCRIPTION(INVALID_USER_NAME_PWD), \
+ MBIM_STATUS_DESCRIPTION(RADIO_POWER_OFF), \
+ MBIM_STATUS_DESCRIPTION(INVALID_PARAMETERS), \
+ MBIM_STATUS_DESCRIPTION(READ_FAILURE), \
+ MBIM_STATUS_DESCRIPTION(WRITE_FAILURE), \
+ MBIM_STATUS_DESCRIPTION(NO_PHONEBOOK), \
+ MBIM_STATUS_DESCRIPTION(PARAMETER_TOO_LONG), \
+ MBIM_STATUS_DESCRIPTION(STK_BUSY), \
+ MBIM_STATUS_DESCRIPTION(OPERATION_NOT_ALLOWED), \
+ MBIM_STATUS_DESCRIPTION(MEMORY_FAILURE), \
+ MBIM_STATUS_DESCRIPTION(INVALID_MEMORY_INDEX), \
+ MBIM_STATUS_DESCRIPTION(MEMORY_FULL), \
+ MBIM_STATUS_DESCRIPTION(FILTER_NOT_SUPPORTED), \
+ MBIM_STATUS_DESCRIPTION(DSS_INSTANCE_LIMIT), \
+ MBIM_STATUS_DESCRIPTION(INVALID_DEVICE_SERVICE_OPERATION), \
+ MBIM_STATUS_DESCRIPTION(AUTH_INCORRECT_AUTN), \
+ MBIM_STATUS_DESCRIPTION(AUTH_SYNC_FAILURE), \
+ MBIM_STATUS_DESCRIPTION(AUTH_AMF_NOT_SET), \
+ MBIM_STATUS_DESCRIPTION(CONTEXT_NOT_SUPPORTED), \
+ MBIM_STATUS_DESCRIPTION(SMS_UNKNOWN_SMSC_ADDRESS), \
+ MBIM_STATUS_DESCRIPTION(SMS_NETWORK_TIMEOUT), \
+ MBIM_STATUS_DESCRIPTION(SMS_LANG_NOT_SUPPORTED), \
+ MBIM_STATUS_DESCRIPTION(SMS_ENCODING_NOT_SUPPORTED), \
+ MBIM_STATUS_DESCRIPTION(SMS_FORMAT_NOT_SUPPORTED), \
+ { 0, NULL } }
+
+#define MBIM_ERROR_DESCRIPTION(m) { MBIM_ERROR_ ## m, #m }
+#define MBIM_ERROR_DESCRIPTIONS { \
+ MBIM_ERROR_DESCRIPTION(TIMEOUT_FRAGMENT), \
+ MBIM_ERROR_DESCRIPTION(FRAGMENT_OUT_OF_SEQUENCE), \
+ MBIM_ERROR_DESCRIPTION(LENGTH_MISMATCH), \
+ MBIM_ERROR_DESCRIPTION(DUPLICATED_TID), \
+ MBIM_ERROR_DESCRIPTION(NOT_OPENED), \
+ MBIM_ERROR_DESCRIPTION(UNKNOWN), \
+ MBIM_ERROR_DESCRIPTION(CANCEL), \
+ MBIM_ERROR_DESCRIPTION(MAX_TRANSFER), \
+ { 0, NULL } }
+
+#define MBIM_CID_DESCRIPTIONS { \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_DEVICE_CAPS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_SUBSCRIBER_READY_STATUS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_RADIO_STATE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PIN), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PIN_LIST), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_HOME_PROVIDER), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PREFERRED_PROVIDERS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_VISIBLE_PROVIDERS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_REGISTER_STATE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PACKET_SERVICE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_SIGNAL_STATE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_CONNECT), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PROVISIONED_CONTEXTS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_SERVICE_ACTIVATION), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_IP_CONFIGURATION), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_DEVICE_SERVICES), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_PACKET_STATISTICS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_NETWORK_IDLE_HINT), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_EMERGENCY_MODE), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_IP_PACKET_FILTERS), \
+ MBIM_1TO1_DESCRIPTION(MBIM_CID_MULTICARRIER_PROVIDERS), \
+ { 0, NULL } }
+
+#define MBIM_SIMSTATE_DESCRIPTIONS { \
+ { MBIM_SIMSTATE_NOTINITIALIZED, "not initialized" }, \
+ { MBIM_SIMSTATE_INITIALIZED, "initialized" }, \
+ { MBIM_SIMSTATE_NOTINSERTED, "not inserted" }, \
+ { MBIM_SIMSTATE_BADSIM, "bad type" }, \
+ { MBIM_SIMSTATE_FAILURE, "failed" }, \
+ { MBIM_SIMSTATE_NOTACTIVATED, "not activated" }, \
+ { MBIM_SIMSTATE_LOCKED, "locked" }, \
+ { 0, NULL } }
+
+#define MBIM_PINTYPE_DESCRIPTIONS { \
+ { MBIM_PIN_TYPE_NONE, "none" }, \
+ { MBIM_PIN_TYPE_CUSTOM, "custom" }, \
+ { MBIM_PIN_TYPE_PIN1, "PIN1" }, \
+ { MBIM_PIN_TYPE_PIN2, "PIN2" }, \
+ { MBIM_PIN_TYPE_DEV_SIM_PIN, "device PIN" }, \
+ { MBIM_PIN_TYPE_DEV_FIRST_SIM_PIN, "device 1st PIN" }, \
+ { MBIM_PIN_TYPE_NETWORK_PIN, "network PIN" }, \
+ { MBIM_PIN_TYPE_NETWORK_SUBSET_PIN, "network subset PIN" }, \
+ { MBIM_PIN_TYPE_SERVICE_PROVIDER_PIN, "provider PIN" }, \
+ { MBIM_PIN_TYPE_CORPORATE_PIN, "corporate PIN" }, \
+ { MBIM_PIN_TYPE_SUBSIDY_LOCK, "subsidy lock" }, \
+ { MBIM_PIN_TYPE_PUK1, "PUK" }, \
+ { MBIM_PIN_TYPE_PUK2, "PUK2" }, \
+ { MBIM_PIN_TYPE_DEV_FIRST_SIM_PUK, "device 1st PUK" }, \
+ { MBIM_PIN_TYPE_NETWORK_PUK, "network PUK" }, \
+ { MBIM_PIN_TYPE_NETWORK_SUBSET_PUK, "network subset PUK" }, \
+ { MBIM_PIN_TYPE_SERVICE_PROVIDER_PUK, "provider PUK" }, \
+ { MBIM_PIN_TYPE_CORPORATE_PUK, "corporate PUK" }, \
+ { 0, NULL } }
+
+#define MBIM_PKTSRV_STATE_DESCRIPTIONS { \
+ { MBIM_PKTSERVICE_STATE_UNKNOWN, "unknown" }, \
+ { MBIM_PKTSERVICE_STATE_ATTACHING, "attaching" }, \
+ { MBIM_PKTSERVICE_STATE_ATTACHED, "attached" }, \
+ { MBIM_PKTSERVICE_STATE_DETACHING, "detaching" }, \
+ { MBIM_PKTSERVICE_STATE_DETACHED, "detached" }, \
+ { 0, NULL } }
+
+#define MBIM_ACTIVATION_STATE_DESCRIPTIONS { \
+ { MBIM_ACTIVATION_STATE_UNKNOWN, "unknown" }, \
+ { MBIM_ACTIVATION_STATE_ACTIVATED, "activated" }, \
+ { MBIM_ACTIVATION_STATE_ACTIVATING, "activating" }, \
+ { MBIM_ACTIVATION_STATE_DEACTIVATED, "deactivated" }, \
+ { MBIM_ACTIVATION_STATE_DEACTIVATING, "deactivating" }, \
+ { 0, NULL } }
+
+/*
+ * Driver internal state
+ */
+enum umb_state {
+ UMB_S_DOWN = 0, /* interface down */
+ UMB_S_OPEN, /* MBIM device has been opened */
+ UMB_S_RADIO, /* radio is on */
+ UMB_S_SIMREADY, /* SIM is ready */
+ UMB_S_ATTACHED, /* packet service is attached */
+ UMB_S_CONNECTED, /* connected to provider */
+ UMB_S_UP, /* have IP configuration */
+};
+
+#define UMB_INTERNAL_STATE_DESCRIPTIONS { \
+ { UMB_S_DOWN, "down" }, \
+ { UMB_S_OPEN, "open" }, \
+ { UMB_S_RADIO, "radio on" }, \
+ { UMB_S_SIMREADY, "SIM is ready" }, \
+ { UMB_S_ATTACHED, "attached" }, \
+ { UMB_S_CONNECTED, "connected" }, \
+ { UMB_S_UP, "up" }, \
+ { 0, NULL } }
+
+/*
+ * UMB parameters (SIOC[GS]UMBPARAM ioctls)
+ */
+struct umb_parameter {
+ int op;
+ int is_puk;
+ char pin[MBIM_PIN_MAXLEN];
+ int pinlen;
+
+ char newpin[MBIM_PIN_MAXLEN];
+ int newpinlen;
+
+#define UMB_APN_MAXLEN 100
+ uint16_t apn[UMB_APN_MAXLEN];
+ int apnlen;
+
+ int roaming;
+ uint32_t preferredclasses;
+};
+
+/*
+ * UMB device status info (SIOCGUMBINFO ioctl)
+ */
+struct umb_info {
+ enum umb_state state;
+ int enable_roaming;
+#define UMB_PIN_REQUIRED 0
+#define UMB_PIN_UNLOCKED 1
+#define UMB_PUK_REQUIRED 2
+ int pin_state;
+ int pin_attempts_left;
+ int activation;
+ int sim_state;
+ int regstate;
+ int regmode;
+ int nwerror;
+ int packetstate;
+ uint32_t supportedclasses; /* what the hw supports */
+ uint32_t preferredclasses; /* what the user prefers */
+ uint32_t highestclass; /* what the network offers */
+ uint32_t cellclass;
+#define UMB_PROVIDERNAME_MAXLEN 20
+ uint16_t provider[UMB_PROVIDERNAME_MAXLEN];
+#define UMB_PHONENR_MAXLEN 22
+ uint16_t pn[UMB_PHONENR_MAXLEN];
+#define UMB_SUBSCRIBERID_MAXLEN 15
+ uint16_t sid[UMB_SUBSCRIBERID_MAXLEN];
+#define UMB_ICCID_MAXLEN 20
+ uint16_t iccid[UMB_ICCID_MAXLEN];
+#define UMB_ROAMINGTEXT_MAXLEN 63
+ uint16_t roamingtxt[UMB_ROAMINGTEXT_MAXLEN];
+
+#define UMB_DEVID_MAXLEN 18
+ uint16_t devid[UMB_DEVID_MAXLEN];
+#define UMB_FWINFO_MAXLEN 30
+ uint16_t fwinfo[UMB_FWINFO_MAXLEN];
+#define UMB_HWINFO_MAXLEN 30
+ uint16_t hwinfo[UMB_HWINFO_MAXLEN];
+
+ uint16_t apn[UMB_APN_MAXLEN];
+ int apnlen;
+
+#define UMB_VALUE_UNKNOWN -999
+ int rssi;
+#define UMB_BER_EXCELLENT 0
+#define UMB_BER_VERYGOOD 1
+#define UMB_BER_GOOD 2
+#define UMB_BER_OK 3
+#define UMB_BER_MEDIUM 4
+#define UMB_BER_BAD 5
+#define UMB_BER_VERYBAD 6
+#define UMB_BER_EXTREMELYBAD 7
+ int ber;
+
+ int hw_radio_on;
+ int sw_radio_on;
+
+ uint64_t uplink_speed;
+ uint64_t downlink_speed;
+
+#define UMB_MAX_DNSSRV 2
+ u_int32_t ipv4dns[UMB_MAX_DNSSRV];
+};
+
+#ifdef _KERNEL
+/*
+ * UMB device
+ */
+struct umb_softc {
+ struct device sc_dev;
+ struct ifnet sc_if;
+#define GET_IFP(sc) (&(sc)->sc_if)
+ struct usbd_device *sc_udev;
+
+ int sc_ver_maj;
+ int sc_ver_min;
+ int sc_ctrl_len;
+ int sc_maxpktlen;
+ int sc_maxsessions;
+
+ struct usb_task sc_umb_task;
+ struct usb_task sc_get_response_task;
+ int sc_nresp;
+ struct timeout sc_statechg_timer;
+
+ uint8_t sc_ctrl_ifaceno;
+ struct usbd_pipe *sc_ctrl_pipe;
+ struct usb_cdc_notification sc_intr_msg;
+ struct usbd_interface *sc_data_iface;
+
+ void *sc_resp_buf;
+ void *sc_ctrl_msg;
+
+ int sc_rx_ep;
+ struct usbd_xfer *sc_rx_xfer;
+ void *sc_rx_buf;
+ struct usbd_pipe *sc_rx_pipe;
+ unsigned sc_rx_nerr;
+
+ int sc_tx_ep;
+ struct usbd_xfer *sc_tx_xfer;
+ void *sc_tx_buf;
+ struct usbd_pipe *sc_tx_pipe;
+ struct mbuf *sc_tx_m;
+ uint32_t sc_tx_seq;
+
+ uint32_t sc_tid;
+
+#define sc_state sc_info.state
+#define sc_roaming sc_info.enable_roaming
+ struct umb_info sc_info;
+};
+#endif /* _KERNEL */
Index: sys/dev/usb/mbim.h
===================================================================
RCS file: sys/dev/usb/mbim.h
diff -N sys/dev/usb/mbim.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ sys/dev/usb/mbim.h 8 Jun 2016 12:52:59 -0000
@@ -0,0 +1,670 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2016 genua mbH
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Mobile Broadband Interface Model
+ * http://www.usb.org/developers/docs/devclass_docs/MBIM-Compliance-1.0.pdf
+ */
+#ifndef _MBIM_H_
+#define _MBIM_H_
+
+#define UDESCSUB_MBIM 27
+#define MBIM_INTERFACE_ALTSETTING 1
+
+#define MBIM_RESET_FUNCTION 0x05
+
+/*
+ * Registration state (MBIM_REGISTER_STATE)
+ */
+#define MBIM_REGSTATE_UNKNOWN 0
+#define MBIM_REGSTATE_DEREGISTERED 1
+#define MBIM_REGSTATE_SEARCHING 2
+#define MBIM_REGSTATE_HOME 3
+#define MBIM_REGSTATE_ROAMING 4
+#define MBIM_REGSTATE_PARTNER 5
+#define MBIM_REGSTATE_DENIED 6
+
+/*
+ * Data classes mask (MBIM_DATA_CLASS)
+ */
+#define MBIM_DATACLASS_NONE 0x00000000
+#define MBIM_DATACLASS_GPRS 0x00000001
+#define MBIM_DATACLASS_EDGE 0x00000002
+#define MBIM_DATACLASS_UMTS 0x00000004
+#define MBIM_DATACLASS_HSDPA 0x00000008
+#define MBIM_DATACLASS_HSUPA 0x00000010
+#define MBIM_DATACLASS_LTE 0x00000020
+#define MBIM_DATACLASS_1XRTT 0x00010000
+#define MBIM_DATACLASS_1XEVDO 0x00020000
+#define MBIM_DATACLASS_1XEVDO_REV_A 0x00040000
+#define MBIM_DATACLASS_1XEVDV 0x00080000
+#define MBIM_DATACLASS_3XRTT 0x00100000
+#define MBIM_DATACLASS_1XEVDO_REV_B 0x00200000
+#define MBIM_DATACLASS_UMB 0x00400000
+#define MBIM_DATACLASS_CUSTOM 0x80000000
+
+/*
+ * Cell classes mask (MBIM_CELLULAR_CLASS)
+ */
+#define MBIM_CELLCLASS_GSM 0x00000001
+#define MBIM_CELLCLASS_CDMA 0x00000002
+
+/*
+ * UUIDs
+ */
+#define MBIM_UUID_LEN 16
+
+#define MBIM_UUID_BASIC_CONNECT { \
+ 0xa2, 0x89, 0xcc, 0x33, 0xbc, 0xbb, 0x8b, 0x4f, \
+ 0xb6, 0xb0, 0x13, 0x3e, 0xc2, 0xaa, 0xe6, 0xdf \
+ }
+
+#define MBIM_UUID_CONTEXT_INTERNET { \
+ 0x7e, 0x5e, 0x2a, 0x7e, 0x4e, 0x6f, 0x72, 0x72, \
+ 0x73, 0x6b, 0x65, 0x6e, 0x7e, 0x5e, 0x2a, 0x7e \
+ }
+
+#define MBIM_UUID_CONTEXT_VPN { \
+ 0x9b, 0x9f, 0x7b, 0xbe, 0x89, 0x52, 0x44, 0xb7, \
+ 0x83, 0xac, 0xca, 0x41, 0x31, 0x8d, 0xf7, 0xa0 \
+ }
+
+#define MBIM_CTRLMSG_MINLEN 64
+#define MBIM_CTRLMSG_MAXLEN (4 * 1204)
+
+#define MBIM_MAXSEGSZ_MINVAL (2 * 1024)
+
+/*
+ * Control messages (host to function)
+ */
+#define MBIM_OPEN_MSG 1U
+#define MBIM_CLOSE_MSG 2U
+#define MBIM_COMMAND_MSG 3U
+#define MBIM_HOST_ERROR_MSG 4U
+
+/*
+ * Control messages (function to host)
+ */
+#define MBIM_OPEN_DONE 0x80000001U
+#define MBIM_CLOSE_DONE 0x80000002U
+#define MBIM_COMMAND_DONE 0x80000003U
+#define MBIM_FUNCTION_ERROR_MSG 0x80000004U
+#define MBIM_INDICATE_STATUS_MSG 0x80000007U
+
+/*
+ * Generic status codes
+ */
+#define MBIM_STATUS_SUCCESS 0
+#define MBIM_STATUS_BUSY 1
+#define MBIM_STATUS_FAILURE 2
+#define MBIM_STATUS_SIM_NOT_INSERTED 3
+#define MBIM_STATUS_BAD_SIM 4
+#define MBIM_STATUS_PIN_REQUIRED 5
+#define MBIM_STATUS_PIN_DISABLED 6
+#define MBIM_STATUS_NOT_REGISTERED 7
+#define MBIM_STATUS_PROVIDERS_NOT_FOUND 8
+#define MBIM_STATUS_NO_DEVICE_SUPPORT 9
+#define MBIM_STATUS_PROVIDER_NOT_VISIBLE 10
+#define MBIM_STATUS_DATA_CLASS_NOT_AVAILABLE 11
+#define MBIM_STATUS_PACKET_SERVICE_DETACHED 12
+#define MBIM_STATUS_MAX_ACTIVATED_CONTEXTS 13
+#define MBIM_STATUS_NOT_INITIALIZED 14
+#define MBIM_STATUS_VOICE_CALL_IN_PROGRESS 15
+#define MBIM_STATUS_CONTEXT_NOT_ACTIVATED 16
+#define MBIM_STATUS_SERVICE_NOT_ACTIVATED 17
+#define MBIM_STATUS_INVALID_ACCESS_STRING 18
+#define MBIM_STATUS_INVALID_USER_NAME_PWD 19
+#define MBIM_STATUS_RADIO_POWER_OFF 20
+#define MBIM_STATUS_INVALID_PARAMETERS 21
+#define MBIM_STATUS_READ_FAILURE 22
+#define MBIM_STATUS_WRITE_FAILURE 23
+#define MBIM_STATUS_NO_PHONEBOOK 25
+#define MBIM_STATUS_PARAMETER_TOO_LONG 26
+#define MBIM_STATUS_STK_BUSY 27
+#define MBIM_STATUS_OPERATION_NOT_ALLOWED 28
+#define MBIM_STATUS_MEMORY_FAILURE 29
+#define MBIM_STATUS_INVALID_MEMORY_INDEX 30
+#define MBIM_STATUS_MEMORY_FULL 31
+#define MBIM_STATUS_FILTER_NOT_SUPPORTED 32
+#define MBIM_STATUS_DSS_INSTANCE_LIMIT 33
+#define MBIM_STATUS_INVALID_DEVICE_SERVICE_OPERATION 34
+#define MBIM_STATUS_AUTH_INCORRECT_AUTN 35
+#define MBIM_STATUS_AUTH_SYNC_FAILURE 36
+#define MBIM_STATUS_AUTH_AMF_NOT_SET 37
+#define MBIM_STATUS_CONTEXT_NOT_SUPPORTED 38
+#define MBIM_STATUS_SMS_UNKNOWN_SMSC_ADDRESS 100
+#define MBIM_STATUS_SMS_NETWORK_TIMEOUT 101
+#define MBIM_STATUS_SMS_LANG_NOT_SUPPORTED 102
+#define MBIM_STATUS_SMS_ENCODING_NOT_SUPPORTED 103
+#define MBIM_STATUS_SMS_FORMAT_NOT_SUPPORTED 104
+
+/*
+ * Message formats
+ */
+struct mbim_msghdr {
+ /* Msg header */
+ uint32_t type; /* message type */
+ uint32_t len; /* message length */
+ uint32_t tid; /* transaction id */
+} __packed;
+
+struct mbim_fraghdr {
+ uint32_t nfrag; /* total # of fragments */
+ uint32_t currfrag; /* current fragment */
+} __packed;
+
+struct mbim_fragmented_msg_hdr {
+ struct mbim_msghdr hdr;
+ struct mbim_fraghdr frag;
+} __packed;
+
+struct mbim_h2f_openmsg {
+ struct mbim_msghdr hdr;
+ uint32_t maxlen;
+} __packed;
+
+struct mbim_h2f_closemsg {
+ struct mbim_msghdr hdr;
+} __packed;
+
+struct mbim_h2f_cmd {
+ struct mbim_msghdr hdr;
+ struct mbim_fraghdr frag;
+ uint8_t devid[MBIM_UUID_LEN];
+ uint32_t cid; /* command id */
+#define MBIM_CMDOP_QRY 0
+#define MBIM_CMDOP_SET 1
+ uint32_t op;
+ uint32_t infolen;
+ uint8_t info[];
+} __packed;
+
+struct mbim_f2h_indicate_status {
+ struct mbim_msghdr hdr;
+ struct mbim_fraghdr frag;
+ uint8_t devid[MBIM_UUID_LEN];
+ uint32_t cid; /* command id */
+ uint32_t infolen;
+ uint8_t info[];
+} __packed;
+
+struct mbim_f2h_hosterr {
+ struct mbim_msghdr hdr;
+
+#define MBIM_ERROR_TIMEOUT_FRAGMENT 1
+#define MBIM_ERROR_FRAGMENT_OUT_OF_SEQUENCE 2
+#define MBIM_ERROR_LENGTH_MISMATCH 3
+#define MBIM_ERROR_DUPLICATED_TID 4
+#define MBIM_ERROR_NOT_OPENED 5
+#define MBIM_ERROR_UNKNOWN 6
+#define MBIM_ERROR_CANCEL 7
+#define MBIM_ERROR_MAX_TRANSFER 8
+ uint32_t err;
+} __packed;
+
+struct mbim_f2h_openclosedone {
+ struct mbim_msghdr hdr;
+ int32_t status;
+} __packed;
+
+struct mbim_f2h_cmddone {
+ struct mbim_msghdr hdr;
+ struct mbim_fraghdr frag;
+ uint8_t devid[MBIM_UUID_LEN];
+ uint32_t cid; /* command id */
+ int32_t status;
+ uint32_t infolen;
+ uint8_t info[];
+} __packed;
+
+/*
+ * Messages and commands for MBIM_UUID_BASIC_CONNECT
+ */
+#define MBIM_CID_DEVICE_CAPS 1
+#define MBIM_CID_SUBSCRIBER_READY_STATUS 2
+#define MBIM_CID_RADIO_STATE 3
+#define MBIM_CID_PIN 4
+#define MBIM_CID_PIN_LIST 5
+#define MBIM_CID_HOME_PROVIDER 6
+#define MBIM_CID_PREFERRED_PROVIDERS 7
+#define MBIM_CID_VISIBLE_PROVIDERS 8
+#define MBIM_CID_REGISTER_STATE 9
+#define MBIM_CID_PACKET_SERVICE 10
+#define MBIM_CID_SIGNAL_STATE 11
+#define MBIM_CID_CONNECT 12
+#define MBIM_CID_PROVISIONED_CONTEXTS 13
+#define MBIM_CID_SERVICE_ACTIVATION 14
+#define MBIM_CID_IP_CONFIGURATION 15
+#define MBIM_CID_DEVICE_SERVICES 16
+#define MBIM_CID_DEVICE_SERVICE_SUBSCRIBE_LIST 19
+#define MBIM_CID_PACKET_STATISTICS 20
+#define MBIM_CID_NETWORK_IDLE_HINT 21
+#define MBIM_CID_EMERGENCY_MODE 22
+#define MBIM_CID_IP_PACKET_FILTERS 23
+#define MBIM_CID_MULTICARRIER_PROVIDERS 24
+
+struct mbim_cid_subscriber_ready_info {
+#define MBIM_SIMSTATE_NOTINITIALIZED 0
+#define MBIM_SIMSTATE_INITIALIZED 1
+#define MBIM_SIMSTATE_NOTINSERTED 2
+#define MBIM_SIMSTATE_BADSIM 3
+#define MBIM_SIMSTATE_FAILURE 4
+#define MBIM_SIMSTATE_NOTACTIVATED 5
+#define MBIM_SIMSTATE_LOCKED 6
+ uint32_t ready;
+
+ uint32_t sid_offs;
+ uint32_t sid_size;
+
+ uint32_t icc_offs;
+ uint32_t icc_size;
+
+#define MBIM_SIMUNIQEID_NONE 0
+#define MBIM_SIMUNIQEID_PROTECT 1
+ uint32_t info;
+
+ uint32_t no_pn;
+ struct {
+ uint32_t offs;
+ uint32_t size;
+ }
+ pn[];
+} __packed;
+
+struct mbim_cid_radio_state {
+#define MBIM_RADIO_STATE_OFF 0
+#define MBIM_RADIO_STATE_ON 1
+ uint32_t state;
+} __packed;
+
+struct mbim_cid_radio_state_info {
+ uint32_t hw_state;
+ uint32_t sw_state;
+} __packed;
+
+struct mbim_cid_pin {
+#define MBIM_PIN_TYPE_NONE 0
+#define MBIM_PIN_TYPE_CUSTOM 1
+#define MBIM_PIN_TYPE_PIN1 2
+#define MBIM_PIN_TYPE_PIN2 3
+#define MBIM_PIN_TYPE_DEV_SIM_PIN 4
+#define MBIM_PIN_TYPE_DEV_FIRST_SIM_PIN 5
+#define MBIM_PIN_TYPE_NETWORK_PIN 6
+#define MBIM_PIN_TYPE_NETWORK_SUBSET_PIN 7
+#define MBIM_PIN_TYPE_SERVICE_PROVIDER_PIN 8
+#define MBIM_PIN_TYPE_CORPORATE_PIN 9
+#define MBIM_PIN_TYPE_SUBSIDY_LOCK 10
+#define MBIM_PIN_TYPE_PUK1 11
+#define MBIM_PIN_TYPE_PUK2 12
+#define MBIM_PIN_TYPE_DEV_FIRST_SIM_PUK 13
+#define MBIM_PIN_TYPE_NETWORK_PUK 14
+#define MBIM_PIN_TYPE_NETWORK_SUBSET_PUK 15
+#define MBIM_PIN_TYPE_SERVICE_PROVIDER_PUK 16
+#define MBIM_PIN_TYPE_CORPORATE_PUK 17
+ uint32_t type;
+
+#define MBIM_PIN_OP_ENTER 0
+#define MBIM_PIN_OP_ENABLE 1
+#define MBIM_PIN_OP_DISABLE 2
+#define MBIM_PIN_OP_CHANGE 3
+ uint32_t op;
+ uint32_t pin_offs;
+ uint32_t pin_size;
+ uint32_t newpin_offs;
+ uint32_t newpin_size;
+#define MBIM_PIN_MAXLEN 32
+ uint8_t data[2 * MBIM_PIN_MAXLEN];
+} __packed;
+
+struct mbim_cid_pin_info {
+ uint32_t type;
+
+#define MBIM_PIN_STATE_UNLOCKED 0
+#define MBIM_PIN_STATE_LOCKED 1
+ uint32_t state;
+ uint32_t remaining_attempts;
+} __packed;
+
+struct mbim_cid_pin_list_info {
+ struct mbim_pin_desc {
+
+#define MBIM_PINMODE_NOTSUPPORTED 0
+#define MBIM_PINMODE_ENABLED 1
+#define MBIM_PINMODE_DISABLED 2
+ uint32_t mode;
+
+#define MBIM_PINFORMAT_UNKNOWN 0
+#define MBIM_PINFORMAT_NUMERIC 1
+#define MBIM_PINFORMAT_ALPHANUMERIC 2
+ uint32_t format;
+
+ uint32_t minlen;
+ uint32_t maxlen;
+ }
+ pin1,
+ pin2,
+ dev_sim_pin,
+ first_dev_sim_pin,
+ net_pin,
+ net_sub_pin,
+ svp_pin,
+ corp_pin,
+ subsidy_lock,
+ custom;
+} __packed;
+
+struct mbim_cid_device_caps {
+#define MBIM_DEVTYPE_UNKNOWN 0
+#define MBIM_DEVTYPE_EMBEDDED 1
+#define MBIM_DEVTYPE_REMOVABLE 2
+#define MBIM_DEVTYPE_REMOTE 3
+ uint32_t devtype;
+
+ uint32_t cellclass; /* values: MBIM_CELLULAR_CLASS */
+ uint32_t voiceclass;
+ uint32_t simclass;
+ uint32_t dataclass; /* values: MBIM_DATA_CLASS */
+ uint32_t smscaps;
+ uint32_t cntrlcaps;
+ uint32_t max_sessions;
+
+ uint32_t custdataclass_offs;
+ uint32_t custdataclass_size;
+
+ uint32_t devid_offs;
+ uint32_t devid_size;
+
+ uint32_t fwinfo_offs;
+ uint32_t fwinfo_size;
+
+ uint32_t hwinfo_offs;
+ uint32_t hwinfo_size;
+
+ uint32_t data[];
+} __packed;
+
+struct mbim_cid_registration_state {
+ uint32_t provid_offs;
+ uint32_t provid_size;
+
+#define MBIM_REGACTION_AUTOMATIC 0
+#define MBIM_REGACTION_MANUAL 1
+ uint32_t regaction;
+ uint32_t data_class;
+
+ uint32_t data[];
+} __packed;
+
+struct mbim_cid_registration_state_info {
+ uint32_t nwerror;
+
+ uint32_t regstate; /* values: MBIM_REGISTER_STATE */
+
+#define MBIM_REGMODE_UNKNOWN 0
+#define MBIM_REGMODE_AUTOMATIC 1
+#define MBIM_REGMODE_MANUAL 2
+ uint32_t regmode;
+
+ uint32_t availclasses; /* values: MBIM_DATA_CLASS */
+ uint32_t curcellclass; /* values: MBIM_CELLULAR_CLASS */
+
+ uint32_t provid_offs;
+ uint32_t provid_size;
+
+ uint32_t provname_offs;
+ uint32_t provname_size;
+
+ uint32_t roamingtxt_offs;
+ uint32_t roamingtxt_size;
+
+#define MBIM_REGFLAGS_NONE 0
+#define MBIM_REGFLAGS_MANUAL_NOT_AVAILABLE 1
+#define MBIM_REGFLAGS_PACKETSERVICE_AUTOATTACH 2
+ uint32_t regflag;
+
+ uint32_t data[];
+} __packed;
+
+struct mbim_cid_packet_service {
+#define MBIM_PKTSERVICE_ACTION_ATTACH 0
+#define MBIM_PKTSERVICE_ACTION_DETACH 1
+ uint32_t action;
+} __packed;
+
+struct mbim_cid_packet_service_info {
+ uint32_t nwerror;
+
+#define MBIM_PKTSERVICE_STATE_UNKNOWN 0
+#define MBIM_PKTSERVICE_STATE_ATTACHING 1
+#define MBIM_PKTSERVICE_STATE_ATTACHED 2
+#define MBIM_PKTSERVICE_STATE_DETACHING 3
+#define MBIM_PKTSERVICE_STATE_DETACHED 4
+ uint32_t state;
+
+ uint32_t highest_dataclass;
+ uint64_t uplink_speed;
+ uint64_t downlink_speed;
+} __packed;
+
+struct mbim_cid_signal_state {
+ uint32_t rssi;
+ uint32_t err_rate;
+ uint32_t ss_intvl;
+ uint32_t rssi_thr;
+ uint32_t err_thr;
+} __packed;
+
+struct mbim_cid_connect {
+ uint32_t sessionid;
+
+#define MBIM_CONNECT_DEACTIVATE 0
+#define MBIM_CONNECT_ACTIVATE 1
+ uint32_t command;
+
+#define MBIM_ACCESS_MAXLEN 200
+ uint32_t access_offs;
+ uint32_t access_size;
+
+#define MBIM_USER_MAXLEN 510
+ uint32_t user_offs;
+ uint32_t user_size;
+
+#define MBIM_PASSWD_MAXLEN 510
+ uint32_t passwd_offs;
+ uint32_t passwd_size;
+
+#define MBIM_COMPRESSION_NONE 0
+#define MBIM_COMPRESSION_ENABLE 1
+ uint32_t compression;
+
+#define MBIM_AUTHPROT_NONE 0
+#define MBIM_AUTHPROT_PAP 1
+#define MBIM_AUTHPROT_CHAP 2
+#define MBIM_AUTHPROT_MSCHAP 3
+ uint32_t authprot;
+
+#define MBIM_CONTEXT_IPTYPE_DEFAULT 0
+#define MBIM_CONTEXT_IPTYPE_IPV4 1
+#define MBIM_CONTEXT_IPTYPE_IPV6 2
+#define MBIM_CONTEXT_IPTYPE_IPV4V6 3
+#define MBIM_CONTEXT_IPTYPE_IPV4ANDV6 4
+ uint32_t iptype;
+
+ uint8_t context[MBIM_UUID_LEN];
+
+ uint8_t data[MBIM_ACCESS_MAXLEN + MBIM_USER_MAXLEN +
+     MBIM_PASSWD_MAXLEN];
+
+} __packed;
+
+struct mbim_cid_connect_info {
+ uint32_t sessionid;
+
+#define MBIM_ACTIVATION_STATE_UNKNOWN 0
+#define MBIM_ACTIVATION_STATE_ACTIVATED 1
+#define MBIM_ACTIVATION_STATE_ACTIVATING 2
+#define MBIM_ACTIVATION_STATE_DEACTIVATED 3
+#define MBIM_ACTIVATION_STATE_DEACTIVATING 4
+ uint32_t activation;
+
+ uint32_t voice;
+ uint32_t iptype;
+ uint8_t context[MBIM_UUID_LEN];
+ uint32_t nwerror;
+} __packed;
+
+struct mbim_cid_ipv4_element {
+ uint32_t prefixlen;
+ uint32_t addr;
+} __packed;
+
+struct mbim_cid_ipv6_element {
+ uint32_t prefixlen;
+ uint8_t addr[16];
+} __packed;
+
+struct mbim_cid_ip_configuration_info {
+ uint32_t sessionid;
+
+#define MBIM_IPCONF_HAS_ADDRINFO 0x0001
+#define MBIM_IPCONF_HAS_GWINFO 0x0002
+#define MBIM_IPCONF_HAS_DNSINFO 0x0004
+#define MBIM_IPCONF_HAS_MTUINFO 0x0008
+ uint32_t ipv4_available;
+ uint32_t ipv6_available;
+
+ uint32_t ipv4_naddr;
+ uint32_t ipv4_addroffs;
+ uint32_t ipv6_naddr;
+ uint32_t ipv6_addroffs;
+
+ uint32_t ipv4_gwoffs;
+ uint32_t ipv6_gwoffs;
+
+ uint32_t ipv4_ndnssrv;
+ uint32_t ipv4_dnssrvoffs;
+ uint32_t ipv6_ndnssrv;
+ uint32_t ipv6_dnssrvoffs;
+
+ uint32_t ipv4_mtu;
+ uint32_t ipv6_mtu;
+
+ uint32_t data[];
+} __packed;
+
+struct mbim_cid_packet_statistics_info {
+ uint32_t in_discards;
+ uint32_t in_errors;
+ uint64_t in_octets;
+ uint64_t in_packets;
+ uint64_t out_octets;
+ uint64_t out_packets;
+ uint32_t out_errors;
+ uint32_t out_discards;
+} __packed;
+
+
+#ifdef _KERNEL
+
+struct mbim_descriptor {
+ uByte bLength;
+ uByte bDescriptorType;
+ uByte bDescriptorSubtype;
+#define MBIM_VER_MAJOR(v) (((v) >> 8) & 0x0f)
+#define MBIM_VER_MINOR(v) ((v) & 0x0f)
+ uWord bcdMBIMVersion;
+ uWord wMaxControlMessage;
+ uByte bNumberFilters;
+ uByte bMaxFilterSize;
+ uWord wMaxSegmentSize;
+ uByte bmNetworkCapabilities;
+} __packed;
+
+/*
+ * NCM Encoding
+ */
+#define MBIM_HDR16_LEN \
+ (sizeof (struct ncm_header16) + sizeof (struct ncm_pointer16))
+#define MBIM_HDR32_LEN \
+ (sizeof (struct ncm_header32) + sizeof (struct ncm_pointer32))
+
+struct ncm_header16 {
+#define NCM_HDR16_SIG 0x484d434e
+ uDWord dwSignature;
+ uWord wHeaderLength;
+ uWord wSequence;
+ uWord wBlockLength;
+ uWord wNdpIndex;
+} __packed;
+
+struct ncm_header32 {
+#define NCM_HDR32_SIG 0x686d636e
+ uDWord dwSignature;
+ uWord wHeaderLength;
+ uWord wSequence;
+ uDWord dwBlockLength;
+ uDWord dwNdpIndex;
+} __packed;
+
+
+#define MBIM_NCM_NTH_SIDSHIFT 24
+#define MBIM_NCM_NTH_GETSID(s) (((s) > MBIM_NCM_NTH_SIDSHIFT) & 0xff)
+
+struct ncm_pointer16_dgram {
+ uWord wDatagramIndex;
+ uWord wDatagramLen;
+} __packed;
+
+struct ncm_pointer16 {
+#define MBIM_NCM_NTH16_IPS 0x00535049
+#define MBIM_NCM_NTH16_ISISG(s) (((s) & 0x00ffffff) == MBIM_NCM_NTH16_IPS)
+#define MBIM_NCM_NTH16_SIG(s) \
+ ((((s) & 0xff) << MBIM_NCM_NTH_SIDSHIFT) | MBIM_NCM_NTH16_IPS)
+ uDWord dwSignature;
+ uWord wLength;
+ uWord wNextNdpIndex;
+
+ /* Minimum is two datagrams, but can be more */
+ struct ncm_pointer16_dgram dgram[2];
+} __packed;
+
+struct ncm_pointer32_dgram {
+ uDWord dwDatagramIndex;
+ uDWord dwDatagramLen;
+} __packed;
+
+struct ncm_pointer32 {
+#define MBIM_NCM_NTH32_IPS 0x00737069
+#define MBIM_NCM_NTH32_ISISG(s) \
+ (((s) & 0x00ffffff) == MBIM_NCM_NTH32_IPS)
+#define MBIM_NCM_NTH32_SIG(s) \
+ ((((s) & 0xff) << MBIM_NCM_NTH_SIDSHIFT) | MBIM_NCM_NTH32_IPS)
+ uDWord dwSignature;
+ uWord wLength;
+ uWord wReserved6;
+ uDWord dwNextNdpIndex;
+ uDWord dwReserved12;
+
+ /* Minimum is two datagrams, but can be more */
+ struct ncm_pointer32_dgram dgram[2];
+} __packed;
+
+#endif /* _KERNEL */
+
+#endif /* _MBIM_H_ */
Index: sys/dev/usb/uhub.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/uhub.c,v
retrieving revision 1.88
diff -u -p -u -p -r1.88 uhub.c
--- sys/dev/usb/uhub.c 29 Nov 2015 16:30:48 -0000 1.88
+++ sys/dev/usb/uhub.c 8 Jun 2016 12:52:59 -0000
@@ -523,7 +523,9 @@ uhub_port_connect(struct uhub_softc *sc,
 {
  struct usbd_port *up = &sc->sc_hub->hub->ports[port-1];
  int speed;
+ int retry = 1;
 
+again:
  /* We have a connect status change, handle it. */
  usbd_clear_port_feature(sc->sc_hub, port, UHF_C_PORT_CONNECTION);
 
@@ -613,6 +615,11 @@ uhub_port_connect(struct uhub_softc *sc,
  * some other serious problem.  Since we cannot leave
  * at 0 we have to disable the port instead.
  */
+ if (retry--) {
+ printf("%s: port %d: retrying\n", DEVNAME(sc), port);
+ goto again;
+ }
+
  printf("%s: device problem, disabling port %d\n", DEVNAME(sc),
     port);
  usbd_clear_port_feature(sc->sc_hub, port, UHF_PORT_ENABLE);
Index: sys/dev/usb/usb.h
===================================================================
RCS file: /cvs/src/sys/dev/usb/usb.h,v
retrieving revision 1.55
diff -u -p -u -p -r1.55 usb.h
--- sys/dev/usb/usb.h 24 May 2016 05:35:01 -0000 1.55
+++ sys/dev/usb/usb.h 8 Jun 2016 12:52:59 -0000
@@ -508,6 +508,7 @@ typedef struct usb_port_status usb_port_
 #define UISUBCLASS_ETHERNET_NETWORKING_CONTROL_MODEL 6
 #define UISUBCLASS_ATM_NETWORKING_CONTROL_MODEL 7
 #define UISUBCLASS_MOBILE_DIRECT_LINE_MODEL 10
+#define UISUBCLASS_MOBILE_BROADBAND_INTERFACE_MODEL 14
 #define   UIPROTO_CDC_AT 1
 
 #define UICLASS_HID 0x03
@@ -545,6 +546,7 @@ typedef struct usb_port_status usb_port_
 
 #define UICLASS_CDC_DATA 0x0a
 #define  UISUBCLASS_DATA 0
+#define   UIPROTO_DATA_MBIM 0x02    /* MBIM */
 #define   UIPROTO_DATA_ISDNBRI 0x30    /* Physical iface */
 #define   UIPROTO_DATA_HDLC 0x31    /* HDLC */
 #define   UIPROTO_DATA_TRANSPARENT 0x32    /* Transparent */
Index: sys/net/if_types.h
===================================================================
RCS file: /cvs/src/sys/net/if_types.h,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 if_types.h
--- sys/net/if_types.h 7 Mar 2016 19:33:26 -0000 1.20
+++ sys/net/if_types.h 8 Jun 2016 12:52:59 -0000
@@ -268,5 +268,6 @@
 #define IFT_CARP 0xf7 /* Common Address Redundancy Protocol */
 #define IFT_BLUETOOTH 0xf8 /* Bluetooth */
 #define IFT_PFLOW 0xf9 /* pflow */
+#define IFT_MBIM 0xfa /* Mobile Broadband Interface Model */
 
 #endif /* _NET_IF_TYPES_H_ */
Index: sys/netinet/in.c
===================================================================
RCS file: /cvs/src/sys/netinet/in.c,v
retrieving revision 1.127
diff -u -p -u -p -r1.127 in.c
--- sys/netinet/in.c 18 Apr 2016 06:43:51 -0000 1.127
+++ sys/netinet/in.c 8 Jun 2016 12:53:00 -0000
@@ -83,9 +83,7 @@
 
 
 void in_socktrim(struct sockaddr_in *);
-void in_len2mask(struct in_addr *, int);
-int in_lifaddr_ioctl(struct socket *, u_long, caddr_t,
- struct ifnet *);
+int in_lifaddr_ioctl(u_long, caddr_t, struct ifnet *, int);
 
 void in_purgeaddr(struct ifaddr *);
 int in_addhost(struct in_ifaddr *, struct sockaddr_in *);
@@ -172,14 +170,11 @@ in_len2mask(struct in_addr *mask, int le
 int
 in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
 {
- struct ifreq *ifr = (struct ifreq *)data;
- struct ifaddr *ifa;
- struct in_ifaddr *ia = NULL;
- struct in_aliasreq *ifra = (struct in_aliasreq *)data;
- struct sockaddr_in oldaddr;
- int error;
- int newifaddr;
- int s;
+ int privileged;
+
+ privileged = 0;
+ if ((so->so_state & SS_PRIV) != 0)
+ privileged++;
 
  switch (cmd) {
 #ifdef MROUTING
@@ -189,18 +184,33 @@ in_control(struct socket *so, u_long cmd
 #endif /* MROUTING */
  case SIOCALIFADDR:
  case SIOCDLIFADDR:
- if ((so->so_state & SS_PRIV) == 0)
+ if (!privileged)
  return (EPERM);
  /* FALLTHROUGH */
  case SIOCGLIFADDR:
  if (ifp == NULL)
  return (EINVAL);
- return in_lifaddr_ioctl(so, cmd, data, ifp);
+ return in_lifaddr_ioctl(cmd, data, ifp, privileged);
  default:
  if (ifp == NULL)
  return (EOPNOTSUPP);
  }
 
+ return (in_ioctl(cmd, data, ifp, privileged));
+}
+
+int
+in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
+{
+ struct ifreq *ifr = (struct ifreq *)data;
+ struct ifaddr *ifa;
+ struct in_ifaddr *ia = NULL;
+ struct in_aliasreq *ifra = (struct in_aliasreq *)data;
+ struct sockaddr_in oldaddr;
+ int error;
+ int newifaddr;
+ int s;
+
  TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
  if (ifa->ifa_addr->sa_family == AF_INET) {
  ia = ifatoia(ifa);
@@ -225,7 +235,7 @@ in_control(struct socket *so, u_long cmd
  return (EADDRNOTAVAIL);
  /* FALLTHROUGH */
  case SIOCSIFADDR:
- if ((so->so_state & SS_PRIV) == 0)
+ if (!privileged)
  return (EPERM);
 
  if (ia == NULL) {
@@ -250,7 +260,7 @@ in_control(struct socket *so, u_long cmd
  case SIOCSIFNETMASK:
  case SIOCSIFDSTADDR:
  case SIOCSIFBRDADDR:
- if ((so->so_state & SS_PRIV) == 0)
+ if (!privileged)
  return (EPERM);
  /* FALLTHROUGH */
 
@@ -410,8 +420,7 @@ in_control(struct socket *so, u_long cmd
  * other values may be returned from in_ioctl()
  */
 int
-in_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data,
-    struct ifnet *ifp)
+in_lifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
 {
  struct if_laddrreq *iflr = (struct if_laddrreq *)data;
  struct ifaddr *ifa;
@@ -481,7 +490,7 @@ in_lifaddr_ioctl(struct socket *so, u_lo
  ifra.ifra_mask.sin_len = sizeof(struct sockaddr_in);
  in_len2mask(&ifra.ifra_mask.sin_addr, iflr->prefixlen);
 
- return in_control(so, SIOCAIFADDR, (caddr_t)&ifra, ifp);
+ return in_ioctl(SIOCAIFADDR, (caddr_t)&ifra, ifp, privileged);
     }
  case SIOCGLIFADDR:
  case SIOCDLIFADDR:
@@ -566,7 +575,8 @@ in_lifaddr_ioctl(struct socket *so, u_lo
  memcpy(&ifra.ifra_dstaddr, &ia->ia_sockmask,
     ia->ia_sockmask.sin_len);
 
- return in_control(so, SIOCDIFADDR, (caddr_t)&ifra, ifp);
+ return in_ioctl(SIOCDIFADDR, (caddr_t)&ifra, ifp,
+    privileged);
  }
     }
  }
Index: sys/netinet/in.h
===================================================================
RCS file: /cvs/src/sys/netinet/in.h,v
retrieving revision 1.115
diff -u -p -u -p -r1.115 in.h
--- sys/netinet/in.h 20 Oct 2015 20:22:42 -0000 1.115
+++ sys/netinet/in.h 8 Jun 2016 12:53:00 -0000
@@ -791,6 +791,7 @@ extern   struct in_addr zeroin_addr;
 
 struct mbuf;
 
+void   in_purgeaddr(struct ifaddr *);
 int   in_broadcast(struct in_addr, u_int);
 int   in_canforward(struct in_addr);
 int   in_cksum(struct mbuf *, int);
@@ -798,6 +799,7 @@ int   in4_cksum(struct mbuf *, u_int8_t
 void   in_proto_cksum_out(struct mbuf *, struct ifnet *);
 void   in_ifdetach(struct ifnet *);
 int   in_mask2len(struct in_addr *);
+void   in_len2mask(struct in_addr *, int);
 
 char  *inet_ntoa(struct in_addr);
 int   inet_nat64(int, const void *, void *, const void *, u_int8_t);
Index: sys/netinet/in_var.h
===================================================================
RCS file: /cvs/src/sys/netinet/in_var.h,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 in_var.h
--- sys/netinet/in_var.h 21 Jan 2016 11:23:48 -0000 1.38
+++ sys/netinet/in_var.h 8 Jun 2016 12:53:00 -0000
@@ -157,6 +157,7 @@ void in_delmulti(struct in_multi *);
 int in_hasmulti(struct in_addr *, struct ifnet *);
 void in_ifscrub(struct ifnet *, struct in_ifaddr *);
 int in_control(struct socket *, u_long, caddr_t, struct ifnet *);
+int in_ioctl(u_long, caddr_t, struct ifnet *, int);
 void in_prefixlen2mask(struct in_addr *, int);
 #endif
 
Index: sys/netinet6/in6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.186
diff -u -p -u -p -r1.186 in6.c
--- sys/netinet6/in6.c 3 Mar 2016 12:57:15 -0000 1.186
+++ sys/netinet6/in6.c 8 Jun 2016 12:53:00 -0000
@@ -118,7 +118,8 @@ const struct in6_addr in6mask64 = IN6MAS
 const struct in6_addr in6mask96 = IN6MASK96;
 const struct in6_addr in6mask128 = IN6MASK128;
 
-int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t, struct ifnet *);
+int in6_lifaddr_ioctl(u_long, caddr_t, struct ifnet *, int);
+int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
 
@@ -165,11 +166,7 @@ in6_mask2len(struct in6_addr *mask, u_ch
 int
 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
 {
- struct in6_ifreq *ifr = (struct in6_ifreq *)data;
- struct in6_ifaddr *ia6 = NULL;
- struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
- struct sockaddr_in6 *sa6;
- int s, privileged;
+ int privileged;
 
  privileged = 0;
  if ((so->so_state & SS_PRIV) != 0)
@@ -183,6 +180,18 @@ in6_control(struct socket *so, u_long cm
  }
 #endif
 
+ return (in6_ioctl(cmd, data, ifp, privileged));
+}
+
+int
+in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
+{
+ struct in6_ifreq *ifr = (struct in6_ifreq *)data;
+ struct in6_ifaddr *ia6 = NULL;
+ struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
+ struct sockaddr_in6 *sa6;
+ int s;
+
  if (ifp == NULL)
  return (EOPNOTSUPP);
 
@@ -206,7 +215,7 @@ in6_control(struct socket *so, u_long cm
  return (EPERM);
  /* FALLTHROUGH */
  case SIOCGLIFADDR:
- return in6_lifaddr_ioctl(so, cmd, data, ifp);
+ return in6_lifaddr_ioctl(cmd, data, ifp, privileged);
  }
 
  /*
@@ -939,8 +948,7 @@ in6_unlink_ifa(struct in6_ifaddr *ia6, s
  * address encoding scheme. (see figure on page 8)
  */
 int
-in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data,
-    struct ifnet *ifp)
+in6_lifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
 {
  struct if_laddrreq *iflr = (struct if_laddrreq *)data;
  struct ifaddr *ifa;
@@ -1047,7 +1055,8 @@ in6_lifaddr_ioctl(struct socket *so, u_l
  in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen);
 
  ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX;
- return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp);
+ return in6_ioctl(SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp,
+    privileged);
     }
  case SIOCGLIFADDR:
  case SIOCDLIFADDR:
@@ -1142,8 +1151,8 @@ in6_lifaddr_ioctl(struct socket *so, u_l
     ia6->ia_prefixmask.sin6_len);
 
  ifra.ifra_flags = ia6->ia6_flags;
- return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra,
-    ifp);
+ return in6_ioctl(SIOCDIFADDR_IN6, (caddr_t)&ifra, ifp,
+    privileged);
  }
     }
  }
Index: sys/netinet6/in6_var.h
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_var.h,v
retrieving revision 1.62
diff -u -p -u -p -r1.62 in6_var.h
--- sys/netinet6/in6_var.h 3 Mar 2016 12:57:15 -0000 1.62
+++ sys/netinet6/in6_var.h 8 Jun 2016 12:53:00 -0000
@@ -394,6 +394,7 @@ int in6_hasmulti(struct in6_addr *, stru
 struct in6_multi_mship *in6_joingroup(struct ifnet *, struct in6_addr *, int *);
 int in6_leavegroup(struct in6_multi_mship *);
 int in6_control(struct socket *, u_long, caddr_t, struct ifnet *);
+int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
 int in6_update_ifa(struct ifnet *, struct in6_aliasreq *,
  struct in6_ifaddr *);
 void in6_purgeaddr(struct ifaddr *);
Index: sys/sys/sockio.h
===================================================================
RCS file: /cvs/src/sys/sys/sockio.h,v
retrieving revision 1.64
diff -u -p -u -p -r1.64 sockio.h
--- sys/sys/sockio.h 31 May 2016 22:35:02 -0000 1.64
+++ sys/sys/sockio.h 8 Jun 2016 12:53:00 -0000
@@ -202,6 +202,10 @@
 #define SIOCGIFPARENT _IOWR('i', 179, struct if_parent) /* get parent if */
 #define SIOCDIFPARENT _IOW('i', 180, struct ifreq) /* del parent if */
 
+#define SIOCGUMBINFO _IOWR('i', 190, struct ifreq) /* get MBIM info */
+#define SIOCSUMBPARAM _IOW('i', 191, struct ifreq) /* set MBIM param */
+#define SIOCGUMBPARAM _IOWR('i', 192, struct ifreq) /* get MBIM param */
+
 #define SIOCSVH _IOWR('i', 245, struct ifreq) /* set carp param */
 #define SIOCGVH _IOWR('i', 246, struct ifreq) /* get carp param */
 

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Stuart Henderson
On 2016/06/08 15:08, Gerhard Roth wrote:
> I would be glad to hear from some people trying this with a real MBIM
> device.

So I have a Dell-branded Sierra MC8805, but I don't seem able to
get it to recognise my SIM card (which I can see from my Huawei
umsm).

# ifconfig umb0 pin 0000 apn x
# ifconfig umb0  
umb0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
        index 19 priority 0
        roaming disabled registration unknown
        state down cell-class none
        SIM not initialized PIN required
        APN x
        status: down

Any suggestions of where I can poke?

Jun  9 15:22:31 zoo apmd: system resumed from sleep
Jun  9 15:22:31 zoo /bsd: uvideo0 at uhub4 port 5 configuration 1 interface 0 "Sonix Technology Co., Ltd. USB 2.0 Camera" rev 2.00/1.00 addr 2
Jun  9 15:22:31 zoo /bsd: video0 at uvideo0
Jun  9 15:22:32 zoo /bsd: usbd_fill_iface_data: bad max packet size
Jun  9 15:22:32 zoo /bsd: usbd_fill_iface_data: bad max packet size
Jun  9 15:22:32 zoo /bsd: ugen0 at uhub4 port 6 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.00 addr 3
Jun  9 15:22:32 zoo /bsd: ugen0: setting configuration index 0 failed
Jun  9 15:22:32 zoo /bsd: ugen0 detached
Jun  9 15:22:43 zoo /bsd: umb0 at uhub4 port 6 configuration 2 interface 12 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.06 addr 3
Jun  9 15:22:43 zoo /bsd: umb0: ctrl_len=4096, maxpktlen=4064, cap=0x20
Jun  9 15:22:43 zoo /bsd: umb0: ctrl-ifno#12: ep-ctrl=2, data-ifno#13: ep-rx=1, ep-tx=1
Jun  9 15:22:43 zoo /bsd: umb0: -> snd MBIM_OPEN_MSG (tid 1)
Jun  9 15:22:43 zoo /bsd: umb0: sent MBIM_OPEN_MSG (tid 1)
Jun  9 15:22:43 zoo /bsd:    0:   01 00 00 00 10 00 00 00 01 00 00 00 00 10 00 00
Jun  9 15:22:43 zoo /bsd: umb0: vers 1.0
Jun  9 15:22:44 zoo /bsd: umb0: notification error: IOERROR
Jun  9 15:22:51 zoo last message repeated 305 times
Jun  9 15:22:51 zoo /bsd: umb0: notification error: CANCELLED
Jun  9 15:22:51 zoo /bsd: umb0 detached
Jun  9 15:23:02 zoo /bsd: umb0 at uhub4 port 6 configuration 2 interface 12 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.06 addr 3
Jun  9 15:23:02 zoo /bsd: umb0: ctrl_len=4096, maxpktlen=4064, cap=0x20
Jun  9 15:23:02 zoo /bsd: umb0: ctrl-ifno#12: ep-ctrl=2, data-ifno#13: ep-rx=1, ep-tx=1
Jun  9 15:23:02 zoo /bsd: umb0: -> snd MBIM_OPEN_MSG (tid 1)
Jun  9 15:23:02 zoo /bsd: umb0: sent MBIM_OPEN_MSG (tid 1)
Jun  9 15:23:02 zoo /bsd:    0:   01 00 00 00 10 00 00 00 01 00 00 00 00 10 00 00
Jun  9 15:23:02 zoo /bsd: umb0: vers 1.0
Jun  9 15:24:06 zoo /bsd: umb0: -> set MBIM_CID_PIN (tid 2)
Jun  9 15:24:06 zoo /bsd: umb0: sent MBIM_COMMAND_MSG (tid 2)
Jun  9 15:24:06 zoo /bsd:    0:   03 00 00 00 50 00 00 00 02 00 00 00 01 00 00 00
Jun  9 15:24:06 zoo /bsd:   16:   00 00 00 00 a2 89 cc 33 bc bb 8b 4f b6 b0 13 3e
Jun  9 15:24:06 zoo /bsd:   32:   c2 aa e6 df 04 00 00 00 01 00 00 00 20 00 00 00
Jun  9 15:24:06 zoo /bsd:   48:   02 00 00 00 00 00 00 00 18 00 00 00 08 00 00 00
Jun  9 15:24:06 zoo /bsd:   64:   00 00 00 00 00 00 00 00 30 00 30 00 30 00 30 00

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
On Thu, 9 Jun 2016 15:29:34 +0100 Stuart Henderson <[hidden email]> wrote:
> On 2016/06/08 15:08, Gerhard Roth wrote:
> > I would be glad to hear from some people trying this with a real MBIM
> > device.
>
> So I have a Dell-branded Sierra MC8805, but I don't seem able to
> get it to recognise my SIM card (which I can see from my Huawei
> umsm).

You're not even getting anywhere near SIM card information. See below.


>
> # ifconfig umb0 pin 0000 apn x
> # ifconfig umb0  
> umb0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> index 19 priority 0
> roaming disabled registration unknown
> state down cell-class none
> SIM not initialized PIN required
> APN x
> status: down
>
> Any suggestions of where I can poke?
>
> Jun  9 15:22:31 zoo apmd: system resumed from sleep
> Jun  9 15:22:31 zoo /bsd: uvideo0 at uhub4 port 5 configuration 1 interface 0 "Sonix Technology Co., Ltd. USB 2.0 Camera" rev 2.00/1.00 addr 2
> Jun  9 15:22:31 zoo /bsd: video0 at uvideo0
> Jun  9 15:22:32 zoo /bsd: usbd_fill_iface_data: bad max packet size
> Jun  9 15:22:32 zoo /bsd: usbd_fill_iface_data: bad max packet size
> Jun  9 15:22:32 zoo /bsd: ugen0 at uhub4 port 6 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.00 addr 3
> Jun  9 15:22:32 zoo /bsd: ugen0: setting configuration index 0 failed
> Jun  9 15:22:32 zoo /bsd: ugen0 detached
> Jun  9 15:22:43 zoo /bsd: umb0 at uhub4 port 6 configuration 2 interface 12 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.06 addr 3
> Jun  9 15:22:43 zoo /bsd: umb0: ctrl_len=4096, maxpktlen=4064, cap=0x20
> Jun  9 15:22:43 zoo /bsd: umb0: ctrl-ifno#12: ep-ctrl=2, data-ifno#13: ep-rx=1, ep-tx=1
> Jun  9 15:22:43 zoo /bsd: umb0: -> snd MBIM_OPEN_MSG (tid 1)
> Jun  9 15:22:43 zoo /bsd: umb0: sent MBIM_OPEN_MSG (tid 1)
> Jun  9 15:22:43 zoo /bsd:    0:   01 00 00 00 10 00 00 00 01 00 00 00 00 10 00 00
> Jun  9 15:22:43 zoo /bsd: umb0: vers 1.0

This is the first MBIM message sent the the device.


> Jun  9 15:22:44 zoo /bsd: umb0: notification error: IOERROR
> Jun  9 15:22:51 zoo last message repeated 305 times

Normally, the device would reply with a MBIM_OPEN_DONE message on the
control pipe. And it should inform us that this reply is ready for
fetching by a UCDC_N_RESPONSE_AVAILABLE message on the interrupt pipe.

Apparently it tries to send something on the interrupt pipe, but
we fail to receive it (306 IOERRORs within 7 seconds).

I have no idea what makes the interrupt pipe fail.


> Jun  9 15:22:51 zoo /bsd: umb0: notification error: CANCELLED
> Jun  9 15:22:51 zoo /bsd: umb0 detached
> Jun  9 15:23:02 zoo /bsd: umb0 at uhub4 port 6 configuration 2 interface 12 "Sierra Wireless, Incorporated Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card" rev 2.00/0.06 addr 3
> Jun  9 15:23:02 zoo /bsd: umb0: ctrl_len=4096, maxpktlen=4064, cap=0x20
> Jun  9 15:23:02 zoo /bsd: umb0: ctrl-ifno#12: ep-ctrl=2, data-ifno#13: ep-rx=1, ep-tx=1
> Jun  9 15:23:02 zoo /bsd: umb0: -> snd MBIM_OPEN_MSG (tid 1)
> Jun  9 15:23:02 zoo /bsd: umb0: sent MBIM_OPEN_MSG (tid 1)
> Jun  9 15:23:02 zoo /bsd:    0:   01 00 00 00 10 00 00 00 01 00 00 00 00 10 00 00
> Jun  9 15:23:02 zoo /bsd: umb0: vers 1.0
> Jun  9 15:24:06 zoo /bsd: umb0: -> set MBIM_CID_PIN (tid 2)
> Jun  9 15:24:06 zoo /bsd: umb0: sent MBIM_COMMAND_MSG (tid 2)
> Jun  9 15:24:06 zoo /bsd:    0:   03 00 00 00 50 00 00 00 02 00 00 00 01 00 00 00
> Jun  9 15:24:06 zoo /bsd:   16:   00 00 00 00 a2 89 cc 33 bc bb 8b 4f b6 b0 13 3e
> Jun  9 15:24:06 zoo /bsd:   32:   c2 aa e6 df 04 00 00 00 01 00 00 00 20 00 00 00
> Jun  9 15:24:06 zoo /bsd:   48:   02 00 00 00 00 00 00 00 18 00 00 00 08 00 00 00
> Jun  9 15:24:06 zoo /bsd:   64:   00 00 00 00 00 00 00 00 30 00 30 00 30 00 30 00

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Stuart Henderson
In reply to this post by Stuart Henderson
On 2016/06/09 15:29, Stuart Henderson wrote:
> On 2016/06/08 15:08, Gerhard Roth wrote:
> > I would be glad to hear from some people trying this with a real MBIM
> > device.
>
> So I have a Dell-branded Sierra MC8805, but I don't seem able to
> get it to recognise my SIM card (which I can see from my Huawei
> umsm).

aha, it needs a command (and same for some HP-branded ones)...
https://sigquit.wordpress.com/2015/02/

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
On Thu, 9 Jun 2016 16:19:14 +0100 Stuart Henderson <[hidden email]> wrote:

> On 2016/06/09 15:29, Stuart Henderson wrote:
> > On 2016/06/08 15:08, Gerhard Roth wrote:
> > > I would be glad to hear from some people trying this with a real MBIM
> > > device.
> >
> > So I have a Dell-branded Sierra MC8805, but I don't seem able to
> > get it to recognise my SIM card (which I can see from my Huawei
> > umsm).
>
> aha, it needs a command (and same for some HP-branded ones)...
> https://sigquit.wordpress.com/2015/02/

Hmm, so you need somthing similar to umb_cmd() where you have to
use UUID d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3 instead of
'umb_uuid_basic_connect'. It is clear that 'op' is MBIM_CMDOP_SET.

But what value to use for 'cid' (command-id)? Somewhere it says '1',
but '1' is MBIM_CID_DEVICE_CAPS. Well, could be anyway.

And what's inside the payload ('data', 'len')? I'm not sure.

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Stuart Henderson
In reply to this post by Stuart Henderson
On 2016/06/09 16:19, Stuart Henderson wrote:

> On 2016/06/09 15:29, Stuart Henderson wrote:
> > On 2016/06/08 15:08, Gerhard Roth wrote:
> > > I would be glad to hear from some people trying this with a real MBIM
> > > device.
> >
> > So I have a Dell-branded Sierra MC8805, but I don't seem able to
> > get it to recognise my SIM card (which I can see from my Huawei
> > umsm).
>
> aha, it needs a command (and same for some HP-branded ones)...
> https://sigquit.wordpress.com/2015/02/
>

By the way, for anyone interested, on the APU2 it's the middle
mPCIe connector (mPCIe 2, J13) that the SIM holder is routed to.

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
In reply to this post by Gerhard Roth-2
On Thu, 9 Jun 2016 17:37:54 +0200 Gerhard Roth <[hidden email]> wrote:

> On Thu, 9 Jun 2016 16:19:14 +0100 Stuart Henderson <[hidden email]> wrote:
> > On 2016/06/09 15:29, Stuart Henderson wrote:
> > > On 2016/06/08 15:08, Gerhard Roth wrote:
> > > > I would be glad to hear from some people trying this with a real MBIM
> > > > device.
> > >
> > > So I have a Dell-branded Sierra MC8805, but I don't seem able to
> > > get it to recognise my SIM card (which I can see from my Huawei
> > > umsm).
> >
> > aha, it needs a command (and same for some HP-branded ones)...
> > https://sigquit.wordpress.com/2015/02/
>
> Hmm, so you need somthing similar to umb_cmd() where you have to
> use UUID d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3 instead of
> 'umb_uuid_basic_connect'. It is clear that 'op' is MBIM_CMDOP_SET.
>
> But what value to use for 'cid' (command-id)? Somewhere it says '1',
> but '1' is MBIM_CID_DEVICE_CAPS. Well, could be anyway.
>
> And what's inside the payload ('data', 'len')? I'm not sure.


Decoding the bytes from https://lists.freedesktop.org/archives/libmbim-devel/2015-August/000626.html

03 00 00 00 3D 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 D1 A3 0B C2
^type       ^len        ^tid        ^nfrag      ^currfrag   ^UUID
F9 7A 6E 43 BF 65 C7 E2 4F B0 F0 D3 01 00 00 00 01 00 00 00 0D 00 00 00
                                    ^cid        ^op == SET  ^infolen
01 0C 00 00 02 14 00 01 00 5F 55 00 00
^info


So:

- CID is in fact 1
- payload is { 0x01, 0x0c, 0x00, 0x00, 0x02, 0x14, 0x00, 0x01, 0x00, 0x5f, 0x55, 0x00, 0x00 }

But: this payload is only 13 bytes but the length field says 14 bytes (0x0d).
So maybe the guy missed to paste the last byte of the payload. Appending
another null byte would be a good start :)

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Ingo Schwarze
In reply to this post by Gerhard Roth-2
Hi Gerhard,

Gerhard Roth wrote on Wed, Jun 08, 2016 at 03:08:52PM +0200:

> +.\" Copyright (c) 2016 genua mbH
> + * Copyright (c) 2016 genua mbH

These kinds of Copyright notices without the name of the actual author
are misleading.  The purpose of a Copyright notice is to inform the
reader who enjoys rights with respect to the Works; while they are
not legally required to establish Copyright and purely of advisory
nature, it is hard in practice, often almost impossible, to find out
who holds rights without them.  So putting incorrect or incomplete
information in Copyright notices defeats the very purpose of these
notices.  Please never do that.

According to international law, specifically Article 6bis of the
Berne Convention (1886, last amended 1979), even when transferring
all the economic rights, the original author of a Works always
retains the Moral Rights, including the following:

  "Independently of the author's economic rights, and even after
  the transfer of the said rights, the author shall have the right
  to claim authorship of the work and to object to any distortion,
  mutilation or other modification of, or other derogatory action
  in relation to, the said work, which would be prejudicial to his
  honor or reputation."

So not naming the author in the Copyright notice effectively
subverts the author's most fundamental inalienable right:
Being known as the author - without which the other moral rights
against derogatory action etc. lose most of their power.

At the very least, the name of the author must be included,
for example as follows:

  Copyright (c) 2016 genua mbH
  This software was written by Gerhard Roth.

But actually, company names on ISC software licences are silly.

The ISC license is specifically designed to grant all rights under
Copyright that can legally be granted except one:  To relicense.
But relicensing never has any effect since that ISC license already
grants all rights; relicensing under a different license could only
grant less rights, which would have no legal effect but might confuse
people unaware of the original grant of the ISC license.  The ISC
license only explicitly reserves one right:  To be known as the
author.  And that cannot ever be given away (see Article 6bis above).

So technically, if genua mbH insists on "(C) genua mbH", what they
are actually saying is this:  "Look, in the future, we might wish
to decide to attempt to deceive people into believing that this
software is less free than it actually is, so we reserve the right
to relicense under a less free license; or we mistrust the author
and fear that he himself might attempt this deception, so we legally
bar the author from re-releasing his own code."  In my book, both
would make them look somewhat silly.

So please get their OK for:

  Copyright (c) 2016 Gerhard Roth.

If they want acknowledgement for supporting the development, which
would only be fair if they did support it, that acknowledgement
does not belong inside, but after the license, for example:

  * Copyright (c) 2016 Gerhard Roth.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * [...]
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
  * Development of this software was supported by genua mbH.

Of course, if you have a working contract with them, they may be
allowed to insist on the silly line "Copyright (c) 2016 genua mbH"
if they want to.  But even if they try to forbid you from adding

  This software was written by Gerhard Roth.

they cannot prevent that.  Even if your working contract would say
that you transfer all your rights including the Moral Rights, that
part of it would be null and void.


Note that the form you used might be considered legal in the U.S.
because the U.S. still doesn't fully implement the Berne Convention,
after all those 130 years.  Last time i checked, the U.S. still
allowed companies to strip authors of rights that are inalienable
by international law.  But in most other countries, in particular
those that respect international law, and specifically in Germany,
your version of the Copyright notice seriously misrepresents the
legal situation.  And none of my proposed versions is illegal in
the U.S., by the way.

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

joshua stein-3
On Thu, 09 Jun 2016 at 19:04:27 +0200, Ingo Schwarze wrote:

> Hi Gerhard,
>
> Gerhard Roth wrote on Wed, Jun 08, 2016 at 03:08:52PM +0200:
>
> > +.\" Copyright (c) 2016 genua mbH
> > + * Copyright (c) 2016 genua mbH
>
> These kinds of Copyright notices without the name of the actual author
> are misleading.  The purpose of a Copyright notice is to inform the
> reader who enjoys rights with respect to the Works; while they are
> not legally required to establish Copyright and purely of advisory
> nature, it is hard in practice, often almost impossible, to find out
> who holds rights without them.  So putting incorrect or incomplete
> information in Copyright notices defeats the very purpose of these
> notices.  Please never do that.

Can we stop all this bullshit bikeshedding and just get this driver
imported?  This is getting so ridiculous.  I'm amazed Gerhard has
stuck with it this long.

There is tons of code in our tree that has a copyright line of a
corporate entity.  "The NetBSD Foundation, Inc.", "Carnegie-Mellon
University", etc.  Your argument makes no sense and you are in no
position to tell Gerhard to force him to go get the code re-licensed
(which makes no sense anyway, as he probably wrote it on company
time).

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Marcus Glocker
On Thu, Jun 09, 2016 at 12:21:26PM -0500, joshua stein wrote:

> On Thu, 09 Jun 2016 at 19:04:27 +0200, Ingo Schwarze wrote:
> > Hi Gerhard,
> >
> > Gerhard Roth wrote on Wed, Jun 08, 2016 at 03:08:52PM +0200:
> >
> > > +.\" Copyright (c) 2016 genua mbH
> > > + * Copyright (c) 2016 genua mbH
> >
> > These kinds of Copyright notices without the name of the actual author
> > are misleading.  The purpose of a Copyright notice is to inform the
> > reader who enjoys rights with respect to the Works; while they are
> > not legally required to establish Copyright and purely of advisory
> > nature, it is hard in practice, often almost impossible, to find out
> > who holds rights without them.  So putting incorrect or incomplete
> > information in Copyright notices defeats the very purpose of these
> > notices.  Please never do that.
>
> Can we stop all this bullshit bikeshedding and just get this driver
> imported?  This is getting so ridiculous.  I'm amazed Gerhard has
> stuck with it this long.
>
> There is tons of code in our tree that has a copyright line of a
> corporate entity.  "The NetBSD Foundation, Inc.", "Carnegie-Mellon
> University", etc.  Your argument makes no sense and you are in no
> position to tell Gerhard to force him to go get the code re-licensed
> (which makes no sense anyway, as he probably wrote it on company
> time).

One of the best e-mails i've seen recently on this thread ...

I think some initial code shaping is fine before importing, but i also
see no point to rewrite the whole driver in a mailing list.

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
In reply to this post by Gerhard Roth-2
On 09.06.2016 17:52, Gerhard Roth wrote:
> But: this payload is only 13 bytes but the length field says 14 bytes (0x0d).

Studid me. Can't even read single digit hex values anymore :(

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
In reply to this post by Ingo Schwarze
On 09.06.2016 19:04, Ingo Schwarze wrote:

> Hi Gerhard,
>
> Gerhard Roth wrote on Wed, Jun 08, 2016 at 03:08:52PM +0200:
>
>> +.\" Copyright (c) 2016 genua mbH
>> + * Copyright (c) 2016 genua mbH
>
> These kinds of Copyright notices without the name of the actual author
> are misleading.  The purpose of a Copyright notice is to inform the
> reader who enjoys rights with respect to the Works; while they are
> not legally required to establish Copyright and purely of advisory
> nature, it is hard in practice, often almost impossible, to find out
> who holds rights without them.  So putting incorrect or incomplete
> information in Copyright notices defeats the very purpose of these
> notices.  Please never do that.
>
> According to international law, specifically Article 6bis of the
> Berne Convention (1886, last amended 1979), even when transferring
> all the economic rights, the original author of a Works always
> retains the Moral Rights, including the following:
>
>   "Independently of the author's economic rights, and even after
>   the transfer of the said rights, the author shall have the right
>   to claim authorship of the work and to object to any distortion,
>   mutilation or other modification of, or other derogatory action
>   in relation to, the said work, which would be prejudicial to his
>   honor or reputation."
>
> So not naming the author in the Copyright notice effectively
> subverts the author's most fundamental inalienable right:
> Being known as the author - without which the other moral rights
> against derogatory action etc. lose most of their power.
>
> At the very least, the name of the author must be included,
> for example as follows:
>
>   Copyright (c) 2016 genua mbH
>   This software was written by Gerhard Roth.
>
> But actually, company names on ISC software licences are silly.
>
> The ISC license is specifically designed to grant all rights under
> Copyright that can legally be granted except one:  To relicense.
> But relicensing never has any effect since that ISC license already
> grants all rights; relicensing under a different license could only
> grant less rights, which would have no legal effect but might confuse
> people unaware of the original grant of the ISC license.  The ISC
> license only explicitly reserves one right:  To be known as the
> author.  And that cannot ever be given away (see Article 6bis above).
>
> So technically, if genua mbH insists on "(C) genua mbH", what they
> are actually saying is this:  "Look, in the future, we might wish
> to decide to attempt to deceive people into believing that this
> software is less free than it actually is, so we reserve the right
> to relicense under a less free license; or we mistrust the author
> and fear that he himself might attempt this deception, so we legally
> bar the author from re-releasing his own code."  In my book, both
> would make them look somewhat silly.
>
> So please get their OK for:
>
>   Copyright (c) 2016 Gerhard Roth.
>
> If they want acknowledgement for supporting the development, which
> would only be fair if they did support it, that acknowledgement
> does not belong inside, but after the license, for example:
>
>   * Copyright (c) 2016 Gerhard Roth.
>   *
>   * Permission to use, copy, modify, and distribute this software for any
>   * [...]
>   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>   *
>   * Development of this software was supported by genua mbH.
>
> Of course, if you have a working contract with them, they may be
> allowed to insist on the silly line "Copyright (c) 2016 genua mbH"
> if they want to.  But even if they try to forbid you from adding
>
>   This software was written by Gerhard Roth.
>
> they cannot prevent that.  Even if your working contract would say
> that you transfer all your rights including the Moral Rights, that
> part of it would be null and void.
>
>
> Note that the form you used might be considered legal in the U.S.
> because the U.S. still doesn't fully implement the Berne Convention,
> after all those 130 years.  Last time i checked, the U.S. still
> allowed companies to strip authors of rights that are inalienable
> by international law.  But in most other countries, in particular
> those that respect international law, and specifically in Germany,
> your version of the Copyright notice seriously misrepresents the
> legal situation.  And none of my proposed versions is illegal in
> the U.S., by the way.
>
> Yours,
>   Ingo
>


Please don't tell me how to licence the code. As you are not the author
and as you don't have any rights on it, this is none of your business.

Either OpenBSD accepts it this way or it rejects it. But the copyright
notice won't change. EOT

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Ingo Schwarze
In reply to this post by joshua stein-3
Hi Joshua,

joshua stein wrote on Thu, Jun 09, 2016 at 12:21:26PM -0500:
> On Thu, 09 Jun 2016 at 19:04:27 +0200, Ingo Schwarze wrote:
>> Gerhard Roth wrote on Wed, Jun 08, 2016 at 03:08:52PM +0200:

>>> +.\" Copyright (c) 2016 genua mbH
>>> + * Copyright (c) 2016 genua mbH

>> These kinds of Copyright notices without the name of the actual author
>> are misleading.  The purpose of a Copyright notice is to inform the
>> reader who enjoys rights with respect to the Works; while they are
>> not legally required to establish Copyright and purely of advisory
>> nature, it is hard in practice, often almost impossible, to find out
>> who holds rights without them.  So putting incorrect or incomplete
>> information in Copyright notices defeats the very purpose of these
>> notices.  Please never do that.

> Can we stop all this bullshit bikeshedding and just get this driver
> imported?

Just to be clear:  I didn't intend to say that the exact wording of
Copyright notices should prevent import (unless the license is
unacceptable of course, which is clearly not the case here).

Of course, i'm in no position to comment on kernel code.

> This is getting so ridiculous.

I do not consider making Copyright notices and licences as clear
and complete as possible "ridiculous".  The finer details are of
course not as important as the code itself, but even getting the
details right makes things better.

It is not all that difficult.  With the ISC license, the purpose
of the Copyright line is to name the author because he or she
retains the Moral Rights.  All other (economic) rights are freely
licensed to the public.  I consider it important that everybody
be aware of this one simple idea.  It is central to the way
OpenBSD attributes and licenses its software.

Yes, this fundamental idea is quite different from the way for
example NetBSD or the FSF do it.


Also note that failing to mention the author in a Copyright notice
is not a choice of "how to licence the code", but an omission in a
statement of fact.  The author is free to choose the license terms
(and to transfer economic rights, of course).  It is the redistibutor's
(the OpenBSD project's) responsibility to make it clear who owns
rights on the code it distributes.  Sometimes, you only get that
out of the CVS logs.  Again, that certainly doesn't hinder import,
but i consider it somewhat unfortunate when it happens.




My remaining answers concern details of less, mostly historical,
importance:

[...]
> There is tons of code in our tree that has a copyright line of a
> corporate entity.

Sure, but those are mostly historical leftovers, and some also
contain slight defects.

The most common case is probably this one:

  * Copyright (c) 1989, 1993
  * The Regents of the University of California.  All rights reserved.

Note that the UCB CSRG had very serious issues in U.S. courts,
so they definitely had to focus on U.S. law and were naturally
less concerned with the Berne Convention.

Besides, even those files usually say something like this:

  * This code is derived from software contributed to Berkeley by
  * Kevin Fall.

And yet besides, the original BSD licenses (four and even three
clauses) were not as free as the ISC license; they put some material
conditions on the redistributor, however easy to comply with.

  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.

In that case, it does matter slightly who holds the economic rights.
For the ISC license, it matters much less.

> "The NetBSD Foundation, Inc.", "Carnegie-Mellon University", etc.

Both are U.S. legal entities, so maybe they do indeed intend to
violate international law and strip authors of inalienable rights.
Of course, internationally, that is null and void, and we should
add the author names when missing (outside the license, of course).
Obviously, it's not a high priority for existing code, but we can
at least make new files get it right.

> Your argument makes no sense

Do you mean to say that owning some ISC-licensed code may provide
some benefit to a company?  Which one, exactly?

> and you are in no position to tell Gerhard to force him

Of course i'm not trying to force anything.

> to go get the code re-licensed (which makes no sense anyway, as he
> probably wrote it on company time).

Even when working on company time, the Copyright originates in him.
In the working contract, the company may have reserved the right
to have the economic rights transferred, but exercising that right
makes no sense for code that is intended to be put under an ISC
license.

No re-licensing is involved here.  The question is only whether the
company insists in first claiming the economic rights of the code
before giving it away.  It's actually simpler to just license it
freely without transferring the economic rights first.

But as i said, just adding the author name is suffficent if the
company (or the author) does want to perform the "first take then
give" dance.

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Bryan Vyhmeister-3
In reply to this post by Gerhard Roth-2
On Wed, Jun 08, 2016 at 03:08:52PM +0200, Gerhard Roth wrote:
> I would be glad to hear from some people trying this with a real MBIM
> device.

I have a Sierra Wireless EM7455 MBIM device that I purchased with my
ThinkPad X260. I am very excited for this driver to make it into
OpenBSD. I am a little bit unclear as to how to connect to AT&T wireless
in the United States thus far but I want to rule out an error in how I
am using the driver. Perhaps I have a similar issue to what sthen@ has.
I have been watching the driver discussion on the list and applied the
most recent complete patch and then did the following sequence:

ifconfig umb0 pin 1234 apn broadband
ifconfig umb0 inet 0.0.0.1 0.0.0.2
route add -ifp umb0 default 0.0.0.2
ifconfig umb0 up

I don't have a PIN set on this SIM card which seems to be needed? I'm
not sure if it's different elsewhere but I've never had a SIM card with
a PIN set before here. The output of ifconfig umb0:

umb0: flags=8811<UP,POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
        index 4 priority 0
        roaming disabled registration not registered
        state open cell-class none
        SIM not initialized PIN valid (3 attempts left)
        device EM7455 IMEI 014582000 firmware SWI9X30C_02.08.
        APN broadband
        groups: egress
        status: down
        inet 0.0.0.1 --> 0.0.0.2 netmask 0xff000000

From the console:

umb0: state going up from 'down' to 'open'
umb0: PIN2 state locked (3 attempts left)
umb0: SIM not initialized (PIN missing)
umb0: SIM not initialized (PIN missing)
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE

I'm not totally clear as to whether I have the right firmware by default. I
haven't booted up Windows on this system at all and there is different firmware
for some carriers (AT&T, Verizon, Spring) listed from Sierra Wireless for this
model. Perhaps I need to try with Verizon and see what happens.

I also tried with several other apn values that work in some circumstances (wap.cingular, phone) with identical results. Any ideas? Thank you!

Bryan



OpenBSD 6.0-beta (GENERIC.MP) #1: Wed Jun  8 08:11:28 PDT 2016
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17024274432 (16235MB)
avail mem = 16503767040 (15739MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xb7c01000 (66 entries)
bios0: vendor LENOVO version "R02ET44W (1.17 )" date 01/25/2016
bios0: LENOVO 20F6CTO1WW
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI SSDT SSDT ECDT HPET APIC MCFG SSDT SSDT DBGP DBG2 BOOT BATB SSDT SSDT MSDM DMAR ASF! FPDT UEFI
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) EXP8(S4) PXSX(S4) XHCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 23999999 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 1097.89 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 926.72 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PTcpu1: failed to identify
,SENSOR,ARATcpu2 at mainbus0
cpu1: 256KB 64b/line 8-way L2 cache
: apid 1 (application processor)
cpu1: smt 0, core 1, package 0
cpu2: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 897.90 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWPcpu2: failed to identify
,PERF,ITSCcpu3 at mainbus0,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT: apid 3 (application processor)
,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu3: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 897.90 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSCcpu2: smt 1, core 0, package 0
cpu3: failed to identify
,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PTioapic0 at mainbus0,SENSOR,ARAT
: apid 2 pa 0xfec00000cpu3: 256KB 64b/line 8-way L2 cache
, version 20, 120 pins
cpu3: smt 1, core 1, package 0
acpimcfg0 at acpi0 addr 0xf8000000, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 2 (EXP1)
acpiprt5 at acpi0: bus 4 (EXP3)
acpiprt6 at acpi0: bus -1 (EXP4)
acpiprt7 at acpi0: bus -1 (EXP5)
acpiprt8 at acpi0: bus -1 (EXP8)
acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI
acpipwrres1 at acpi0: PG00, resource for PEG0
acpipwrres2 at acpi0: PG01, resource for PEG1
acpipwrres3 at acpi0: PG02, resource for PEG2
acpipwrres4 at acpi0: WRST
acpipwrres5 at acpi0: WRST
acpitz0 at acpi0: critical temperature is 128 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0071" at acpi0 not configured
"LEN2014" at acpi0 not configured
"INT3F0D" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "45N1113" serial  4020 type LION oem "LGC"
acpibat1 at acpi0: BAT1 model "45N1738" serial  2903 type LION oem "LGC"
acpiac0 at acpi0: AC unit offline
acpithinkpad0 at acpi0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"INT3394" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout at acpivideo0 not configured
cpu0: Enhanced SpeedStep 1097 MHz: speeds: 2701, 2700, 2600, 2500, 2300, 2100, 1900, 1800, 1600, 1400, 1300, 1100, 800, 700, 600, 400 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 6G Host" rev 0x08
"Intel HD Graphics 520" rev 0x07 at pci0 dev 2 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x21: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
pchtemp0 at pci0 dev 20 function 2 "Intel 100 Series Thermal" rev 0x21
"Intel 100 Series MEI" rev 0x21 at pci0 dev 22 function 0 not configured
ahci0 at pci0 dev 23 function 0 "Intel 100 Series AHCI" rev 0x21: msi, AHCI 1.3.1
ahci0: port 1: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 1 lun 0: <ATA, Samsung SSD 850, EXM0> SCSI3 0/direct fixed naa.500253884012b49d
sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
pci1 at ppb0 bus 2
rtsx0 at pci1 dev 0 function 0 "Realtek RTS522A Card Reader" rev 0x01: msi
sdmmc0 at rtsx0: 4-bit
ppb1 at pci0 dev 28 function 2 "Intel 100 Series PCIE" rev 0xf1: msi
pci2 at ppb1 bus 4
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 8260" rev 0x3a, msi
pcib0 at pci0 dev 31 function 0 "Intel 100 Series LPC" rev 0x21
"Intel 100 Series PMC" rev 0x21 at pci0 dev 31 function 2 not configured
azalia0 at pci0 dev 31 function 3 "Intel 100 Series HD Audio" rev 0x21: msi
azalia0: codecs: Realtek/0x0293, Intel/0x2809, using Realtek/0x0293
audio0 at azalia0
ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x21: apic 2 int 16
iic0 at ichiic0
em0 at pci0 dev 31 function 6 "Intel I219-LM" rev 0x21: msi
em0: Hardware Initialization Failed
em0: Unable to initialize the hardware
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
efifb0 at mainbus0
wsdisplay0 at efifb0 mux 1: console (std, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
umb0 at uhub0 port 3 configuration 1 interface 12 "Sierra Wireless, Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 LTE-A" rev 2.10/0.06 addr 2
umb0: vers 1.0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd1: 244197MB, 512 bytes/sector, 500116577 sectors
root on sd1a (acef1b0856ff7402.a) swap on sd1b dump on sd1b
iwm0: hw rev 0x200, fw ver 16.242414.0, address 44:85:00:0f:cf:8a
umb0: state going up from 'down' to 'open'
umb0: PIN2 state locked (3 attempts left)
umb0: SIM not initialized (PIN missing)
umb0: SIM not initialized (PIN missing)
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
umb0: state change time out
umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
On 09.06.2016 21:35, Bryan Vyhmeister wrote:

> On Wed, Jun 08, 2016 at 03:08:52PM +0200, Gerhard Roth wrote:
>> I would be glad to hear from some people trying this with a real MBIM
>> device.
>
> I have a Sierra Wireless EM7455 MBIM device that I purchased with my
> ThinkPad X260. I am very excited for this driver to make it into
> OpenBSD. I am a little bit unclear as to how to connect to AT&T wireless
> in the United States thus far but I want to rule out an error in how I
> am using the driver. Perhaps I have a similar issue to what sthen@ has.
> I have been watching the driver discussion on the list and applied the
> most recent complete patch and then did the following sequence:
>
> ifconfig umb0 pin 1234 apn broadband
> ifconfig umb0 inet 0.0.0.1 0.0.0.2
> route add -ifp umb0 default 0.0.0.2
> ifconfig umb0 up

If you're using the latest version of the driver, the 'ifconfig ubm0
inet ...' isn't required anymore.

But you probably have to set the default route after the interface is
up.


>
> I don't have a PIN set on this SIM card which seems to be needed? I'm
> not sure if it's different elsewhere but I've never had a SIM card with
> a PIN set before here. The output of ifconfig umb0:
>
> umb0: flags=8811<UP,POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
>         index 4 priority 0
>         roaming disabled registration not registered
>         state open cell-class none
>         SIM not initialized PIN valid (3 attempts left)
>         device EM7455 IMEI 014582000 firmware SWI9X30C_02.08.
>         APN broadband
>         groups: egress
>         status: down
>         inet 0.0.0.1 --> 0.0.0.2 netmask 0xff000000

Hmm, around here apart from some special company bulk contracts,
almost all SIM cards require PINs. But since yours says "PIN valid"
it clearly is content without one. But the "SIM not initialized"
is a bit strange.


>
>>From the console:
>
> umb0: state going up from 'down' to 'open'
> umb0: PIN2 state locked (3 attempts left)
> umb0: SIM not initialized (PIN missing)
> umb0: SIM not initialized (PIN missing)
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
>
> I'm not totally clear as to whether I have the right firmware by default. I
> haven't booted up Windows on this system at all and there is different firmware
> for some carriers (AT&T, Verizon, Spring) listed from Sierra Wireless for this
> model. Perhaps I need to try with Verizon and see what happens.
>
> I also tried with several other apn values that work in some circumstances (wap.cingular, phone) with identical results. Any ideas? Thank you!

No, I don't think that you have problems with the correct APN at this
stage. The driver is trying to turn on the radio and doesn't get a
response on the radio state.

Are you sure you haven't turned it off with the rfkill switch?

Or maybe this device refuses to accept radio commands and wants to
auto-control the radio. You could try this by commenting out the
"break" statement in umb_ub() in the UBM_S_RADIO case and see
what happens:

         case UMB_S_RADIO:
                 umb_cmd(sc, MBIM_CID_SUBSCRIBER_READY_STATUS,
                    MBIM_CMDOP_QRY, NULL, 0);
                 // break;
         case UMB_S_SIMREADY:
                 umb_packet_service(sc, 1);
                 break;

This way, it will send a command to turn the radio on, but also
continue to send the next command (register packet service) which
would otherwise be delayed until the device confirms that the radio
is on.

If that doesn't help, please set UMB_DEBUG and set umb_debug to 5.

>
> Bryan
>
>
>
> OpenBSD 6.0-beta (GENERIC.MP) #1: Wed Jun  8 08:11:28 PDT 2016
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 17024274432 (16235MB)
> avail mem = 16503767040 (15739MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xb7c01000 (66 entries)
> bios0: vendor LENOVO version "R02ET44W (1.17 )" date 01/25/2016
> bios0: LENOVO 20F6CTO1WW
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP UEFI SSDT SSDT ECDT HPET APIC MCFG SSDT SSDT DBGP DBG2 BOOT BATB SSDT SSDT MSDM DMAR ASF! FPDT UEFI
> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) EXP8(S4) PXSX(S4) XHCI(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpihpet0 at acpi0: 23999999 Hz
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 1097.89 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 23MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 926.72 MHz
> cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PTcpu1: failed to identify
> ,SENSOR,ARATcpu2 at mainbus0
> cpu1: 256KB 64b/line 8-way L2 cache
> : apid 1 (application processor)
> cpu1: smt 0, core 1, package 0
> cpu2: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 897.90 MHz
> cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWPcpu2: failed to identify
> ,PERF,ITSCcpu3 at mainbus0,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT: apid 3 (application processor)
> ,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu3: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 897.90 MHz
> cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSCcpu2: smt 1, core 0, package 0
> cpu3: failed to identify
> ,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PTioapic0 at mainbus0,SENSOR,ARAT
> : apid 2 pa 0xfec00000cpu3: 256KB 64b/line 8-way L2 cache
> , version 20, 120 pins
> cpu3: smt 1, core 1, package 0
> acpimcfg0 at acpi0 addr 0xf8000000, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG0)
> acpiprt2 at acpi0: bus -1 (PEG1)
> acpiprt3 at acpi0: bus -1 (PEG2)
> acpiprt4 at acpi0: bus 2 (EXP1)
> acpiprt5 at acpi0: bus 4 (EXP3)
> acpiprt6 at acpi0: bus -1 (EXP4)
> acpiprt7 at acpi0: bus -1 (EXP5)
> acpiprt8 at acpi0: bus -1 (EXP8)
> acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PUBS, resource for XHCI
> acpipwrres1 at acpi0: PG00, resource for PEG0
> acpipwrres2 at acpi0: PG01, resource for PEG1
> acpipwrres3 at acpi0: PG02, resource for PEG2
> acpipwrres4 at acpi0: WRST
> acpipwrres5 at acpi0: WRST
> acpitz0 at acpi0: critical temperature is 128 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> "LEN0071" at acpi0 not configured
> "LEN2014" at acpi0 not configured
> "INT3F0D" at acpi0 not configured
> acpibat0 at acpi0: BAT0 model "45N1113" serial  4020 type LION oem "LGC"
> acpibat1 at acpi0: BAT1 model "45N1738" serial  2903 type LION oem "LGC"
> acpiac0 at acpi0: AC unit offline
> acpithinkpad0 at acpi0
> "PNP0C14" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> "INT3394" at acpi0 not configured
> acpivideo0 at acpi0: GFX0
> acpivout at acpivideo0 not configured
> cpu0: Enhanced SpeedStep 1097 MHz: speeds: 2701, 2700, 2600, 2500, 2300, 2100, 1900, 1800, 1600, 1400, 1300, 1100, 800, 700, 600, 400 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core 6G Host" rev 0x08
> "Intel HD Graphics 520" rev 0x07 at pci0 dev 2 function 0 not configured
> xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x21: msi
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
> pchtemp0 at pci0 dev 20 function 2 "Intel 100 Series Thermal" rev 0x21
> "Intel 100 Series MEI" rev 0x21 at pci0 dev 22 function 0 not configured
> ahci0 at pci0 dev 23 function 0 "Intel 100 Series AHCI" rev 0x21: msi, AHCI 1.3.1
> ahci0: port 1: 6.0Gb/s
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 1 lun 0: <ATA, Samsung SSD 850, EXM0> SCSI3 0/direct fixed naa.500253884012b49d
> sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
> pci1 at ppb0 bus 2
> rtsx0 at pci1 dev 0 function 0 "Realtek RTS522A Card Reader" rev 0x01: msi
> sdmmc0 at rtsx0: 4-bit
> ppb1 at pci0 dev 28 function 2 "Intel 100 Series PCIE" rev 0xf1: msi
> pci2 at ppb1 bus 4
> iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 8260" rev 0x3a, msi
> pcib0 at pci0 dev 31 function 0 "Intel 100 Series LPC" rev 0x21
> "Intel 100 Series PMC" rev 0x21 at pci0 dev 31 function 2 not configured
> azalia0 at pci0 dev 31 function 3 "Intel 100 Series HD Audio" rev 0x21: msi
> azalia0: codecs: Realtek/0x0293, Intel/0x2809, using Realtek/0x0293
> audio0 at azalia0
> ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x21: apic 2 int 16
> iic0 at ichiic0
> em0 at pci0 dev 31 function 6 "Intel I219-LM" rev 0x21: msi
> em0: Hardware Initialization Failed
> em0: Unable to initialize the hardware
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> wsmouse1 at pms0 mux 0
> pms0: Synaptics clickpad, firmware 8.1
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT
> efifb0 at mainbus0
> wsdisplay0 at efifb0 mux 1: console (std, vt100 emulation), using wskbd0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> umb0 at uhub0 port 3 configuration 1 interface 12 "Sierra Wireless, Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 LTE-A" rev 2.10/0.06 addr 2
> umb0: vers 1.0
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
> sd1: 244197MB, 512 bytes/sector, 500116577 sectors
> root on sd1a (acef1b0856ff7402.a) swap on sd1b dump on sd1b
> iwm0: hw rev 0x200, fw ver 16.242414.0, address 44:85:00:0f:cf:8a
> umb0: state going up from 'down' to 'open'
> umb0: PIN2 state locked (3 attempts left)
> umb0: SIM not initialized (PIN missing)
> umb0: SIM not initialized (PIN missing)
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
> umb0: state change time out
> umb0: set/qry MBIM_CID_RADIO_STATE failed: FAILURE
>

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Stuart Henderson
In reply to this post by Bryan Vyhmeister-3
On 2016/06/09 12:35, Bryan Vyhmeister wrote:

> On Wed, Jun 08, 2016 at 03:08:52PM +0200, Gerhard Roth wrote:
> > I would be glad to hear from some people trying this with a real MBIM
> > device.
>
> I have a Sierra Wireless EM7455 MBIM device that I purchased with my
> ThinkPad X260. I am very excited for this driver to make it into
> OpenBSD. I am a little bit unclear as to how to connect to AT&T wireless
> in the United States thus far but I want to rule out an error in how I
> am using the driver. Perhaps I have a similar issue to what sthen@ has.
> I have been watching the driver discussion on the list and applied the
> most recent complete patch and then did the following sequence:

You're getting further than me.

Though, looking at list posts, it does seem that Lenovo is another
vendor which requires the command being referred to as "fcc auth"
in order to connect, at least in some of their cards.

> ifconfig umb0 pin 1234 apn broadband
> ifconfig umb0 inet 0.0.0.1 0.0.0.2
> route add -ifp umb0 default 0.0.0.2
> ifconfig umb0 up
>
> I don't have a PIN set on this SIM card which seems to be needed? I'm
> not sure if it's different elsewhere but I've never had a SIM card with
> a PIN set before here. The output of ifconfig umb0:
>
> umb0: flags=8811<UP,POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
>         index 4 priority 0
>         roaming disabled registration not registered
>         state open cell-class none
>         SIM not initialized PIN valid (3 attempts left)
                              ^^^^^^^^^
This suggests that you don't need to enter a PIN, otherwise
you would get "PIN required" instead of "PIN valid".

>         device EM7455 IMEI 014582000 firmware SWI9X30C_02.08.
>         APN broadband
>         groups: egress
>         status: down
>         inet 0.0.0.1 --> 0.0.0.2 netmask 0xff000000
>
> From the console:
>
> umb0: state going up from 'down' to 'open'
> umb0: PIN2 state locked (3 attempts left)

There are several PINs and unlock codes (PIN1 PIN2 PUK1 PUK2)
on a SIM card. A SIM can be setup so that a PIN1 is required to
make calls etc, or not required. PIN2 is for configuration
(setting call restrictions, editing the restricted numbers
list, etc).

Too many bad attempts to enter a PIN1 will result in the SIM
being locked and requiring the PUK1 to unlock. In most cases
these are fairly easy to obtain from the operator.

Too many bad attempts to enter a PIN2 will result in the SIM
being locked and requiring the PUK2 to unlock. These are
usually harder to obtain from the operator and at least
require more checks.

From a phone or older-type WWAN device with AT command set
(or probably the vendor tools on Windows, and maybe libmbim
on linux) you can control which PINs the card asks for.
You'll need to know what a PIN is before you can lock it.
Most operators have a default PIN that they use (different
ones for different operators) though theoretically they
could use a different one per SIM.

If PIN1 is unlocked (no matter whether PIN2 is locked or not),
you shouldn't need to use a PIN to connect.

> umb0: SIM not initialized (PIN missing)
> umb0: SIM not initialized (PIN missing)

The description in the spec for the state which triggers this
message is,

        "The operation failed because the device is
        in the process of initializing. Retry the
        operation after the ReadyState of the device
        changes to MBIMSubscriberReadyStateInitialized."

Spec may differ from real-world devices, but from my reading
of the spec it doesn't seem to me that this indicates "PIN
missing".

I think you should rebuild with UMB_DEBUG (one simple way
is to just add "#define UMB_DEBUG" before #ifdef UMB_DEBUG
in if_umb.c) and see if you get more information. It's
probably worth changing the 'umb_debug = 0' to 2 or 4
while debugging too (this can be done using DDB, but if
you want to capture any possible messages starting at
boot then you probably want to chagne it in the code).

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Mark Kettenis
In reply to this post by Gerhard Roth-2
> Date: Wed, 8 Jun 2016 15:08:52 +0200
> From: Gerhard Roth <[hidden email]>
>
> Here comes the next version of the MBIM driver.
>
> Changes since last version:
>
> - incorporated suggestions from mpi@
>
> - renamed to "umb"
> Only file "mbim.h" which contains MBIM protocol related stuff
> continues to use "mbim" as prefix.
>
> - No longer takes fake addresses nor does it try to restore them
>
>
> I would be glad to hear from some people trying this with a real MBIM
> device.

Sierra Wireless EM7345 4G LTE here.  This devices currently attached
as umodem(4).  But I did add its vendor id and device id to umb_devs,
which makes it partially attach:

umb0 at uhub0 port 4 "Sierra Wireless Inc. Sierra Wireless EM7345 4G LTE" rev 2.00/17.29 addr 2
umb0: switching to config #1
umb0: ignoring invalid segment size 1500
umb0: ctrl_len=512, maxpktlen=8192, cap=0x4
umb0: no control interface found

(this is with UMB_DEBUG enabled)

It seems this device needs some additional poking to select alternate
interface settings.  Currently playing around with that.  But in case
you're curious, the lsusb -v output for this device is:


Bus 000 Device 002: ID 1199:a001 Sierra Wireless, Inc.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass          239 Miscellaneous Device
  bDeviceSubClass         2 ?
  bDeviceProtocol         1 Interface Association
  bMaxPacketSize0        64
  idVendor           0x1199 Sierra Wireless, Inc.
  idProduct          0xa001
  bcdDevice           17.29
  iManufacturer           1 Sierra Wireless Inc.
  iProduct                2 Sierra Wireless EM7345 4G LTE
  iSerial                 3 013937004372999
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          229
    bNumInterfaces          4
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              100mA
    Interface Association:
      bLength                 8
      bDescriptorType        11
      bFirstInterface         0
      bInterfaceCount         2
      bFunctionClass          2 Communications
      bFunctionSubClass      13
      bFunctionProtocol       0
      iFunction               4 Sierra Wireless EM7345 4G LTE
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass     13
      bInterfaceProtocol      0
      iInterface              5 Sierra Wireless EM7345 4G LTE (NCM)
      CDC Header:
        bcdCDC               1.20
      CDC Union:
        bMasterInterface        0
        bSlaveInterface         1
      CDC NCM:
        bcdNcmVersion        1.00
        bmNetworkCapabilities 0x00
      CDC Ethernet:
        iMacAddress                      6 000011121314
        bmEthernetStatistics    0x00000000
        wMaxSegmentSize               2048
        wNumberMCFilters            0x0000
        bNumberPowerFilters              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               4
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       1
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass     14
      bInterfaceProtocol      0
      iInterface              7 Sierra Wireless EM7345 4G LTE (MBIM)
      CDC Header:
        bcdCDC               1.20
      CDC Union:
        bMasterInterface        0
        bSlaveInterface         1
      CDC MBIM:
        bcdMBIMVersion       1.00
        wMaxControlMessage   512
        bNumberFilters       32
        bMaxFilterSize       192
        wMaxSegmentSize      1500
        bmNetworkCapabilities 0x04
      UNRECOGNIZED CDC:  08 24 1c 00 01 01 94 05
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               4
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           0
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      1
      iInterface              8 Data (OFF)
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       1
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      1
      iInterface              9 Data (NCM)
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       2
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      2
      iInterface             10 Data (MBIM)
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
    Interface Association:
      bLength                 8
      bDescriptorType        11
      bFirstInterface         2
      bInterfaceCount         2
      bFunctionClass          2 Communications
      bFunctionSubClass       2 Abstract (modem)
      bFunctionProtocol       1 AT-commands (v.25ter)
      iFunction              11 Sierra Wireless EM7345 4G LTE
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        2
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface             12 Sierra Wireless EM7345 4G LTE
      CDC Header:
        bcdCDC               1.20
      CDC Union:
        bMasterInterface        2
        bSlaveInterface         3
      CDC Call Management:
        bmCapabilities       0x00
        bDataInterface          3
      CDC ACM:
        bmCapabilities       0x07
          sends break
          line coding and serial state
          get/set/clear comm features
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               4
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        3
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      0
      iInterface             13 Data
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x84  EP 4 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass          239 Miscellaneous Device
  bDeviceSubClass         2 ?
  bDeviceProtocol         1 Interface Association
  bMaxPacketSize0        64
  bNumConfigurations      1
Device Status:     0x0001
  Self Powered





Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Stuart Henderson
On 2016/06/09 22:59, Mark Kettenis wrote:
> It seems this device needs some additional poking to select alternate
> interface settings.  Currently playing around with that.  But in case
> you're curious, the lsusb -v output for this device is:

Oh lsusb -v, that is a good idea, and interesting. With a kernel
containing umb:

Bus 001 Device 003: ID 413c:81a3 Dell Computer Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x413c Dell Computer Corp.
  idProduct          0x81a3
  bcdDevice            0.06
  iManufacturer           1 (error)
  iProduct                2 (error)
  iSerial                 3 (error)
  bNumConfigurations      2
Device Status:     0x6544
  (Bus Powered)
  Test Mode
  Debug Mode

(By the way I have tried it on a netbook as well as the APU2, and
have similar results, though it's a bit fiddly to move it between them
so I won't fetch lsusb from there unless requested).

It's much longer without:

Bus 001 Device 003: ID 413c:81a3 Dell Computer Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x413c Dell Computer Corp.
  idProduct          0x81a3
  bcdDevice            0.06
  iManufacturer           1 Sierra Wireless, Incorporated
  iProduct                2 Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card
  iSerial                 3
  bNumConfigurations      2
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          204
    bNumInterfaces          4
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        2
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      0
      bInterfaceProtocol      0
      iInterface              0
      ** UNRECOGNIZED:  05 24 00 10 01
      ** UNRECOGNIZED:  05 24 01 00 00
      ** UNRECOGNIZED:  04 24 02 02
      ** UNRECOGNIZED:  05 24 06 00 00
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x000c  1x 12 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        3
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      0
      bInterfaceProtocol      0
      iInterface              0
      ** UNRECOGNIZED:  05 24 00 10 01
      ** UNRECOGNIZED:  05 24 01 00 00
      ** UNRECOGNIZED:  04 24 02 02
      ** UNRECOGNIZED:  05 24 06 00 00
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x84  EP 4 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x000c  1x 12 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        8
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x86  EP 6 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x000a  1x 10 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x85  EP 5 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
        ** UNRECOGNIZED:  2c ff 42 49 53 54 00 01 07 f5 40 f6 00 00 00 00 01 f7 c4 09 02 f8 c4 09 03 f9 88 13 04 fa 10 27 05 fb 10 27 06 fc c4 09 07 fd c4 09
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x87  EP 7 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           82
    bNumInterfaces          2
    bConfigurationValue     2
    iConfiguration          0
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              500mA
    Interface Association:
      bLength                 8
      bDescriptorType        11
      bFirstInterface        12
      bInterfaceCount         2
      bFunctionClass          2 Communications
      bFunctionSubClass      14
      bFunctionProtocol       0
      iFunction               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber       12
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass     14
      bInterfaceProtocol      0
      iInterface              0
      CDC Header:
        bcdCDC               1.10
      CDC MBIM:
        bcdMBIMVersion       1.00
        wMaxControlMessage   4096
        bNumberFilters       16
        bMaxFilterSize       128
        wMaxSegmentSize      4064
        bmNetworkCapabilities 0x20
          8-byte ntb input size
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval              32
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber       13
      bAlternateSetting       0
      bNumEndpoints           0
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      2
      iInterface              0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber       13
      bAlternateSetting       1
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 Unused
      bInterfaceProtocol      2
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  bNumConfigurations      2
Device Status:     0x0000
  (Bus Powered)


Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Mark Kettenis
In reply to this post by Mark Kettenis
> Date: Thu, 9 Jun 2016 22:59:28 +0200 (CEST)
> From: Mark Kettenis <[hidden email]>
>
> > Date: Wed, 8 Jun 2016 15:08:52 +0200
> > From: Gerhard Roth <[hidden email]>
> >
> > I would be glad to hear from some people trying this with a real MBIM
> > device.
>
> Sierra Wireless EM7345 4G LTE here.  This devices currently attached
> as umodem(4).  But I did add its vendor id and device id to umb_devs,
> which makes it partially attach:
>
> umb0 at uhub0 port 4 "Sierra Wireless Inc. Sierra Wireless EM7345 4G LTE" rev 2.00/17.29 addr 2
> umb0: switching to config #1
> umb0: ignoring invalid segment size 1500
> umb0: ctrl_len=512, maxpktlen=8192, cap=0x4
> umb0: no control interface found
>
> (this is with UMB_DEBUG enabled)
>
> It seems this device needs some additional poking to select alternate
> interface settings.

With the appropriate alternate settings for the communication
interface and data interface (1 and 2) hardcoded in the driver, this
works!

umb0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        index 5 priority 0
        roaming disabled registration home network
        state up cell-class LTE rssi -79dBm speed 47.7Mps up 95.4Mps down
        SIM initialized PIN valid (3 attempts left)
        subscriber-id XXXXXXXX ICC-id YYYYYYYYYY provider NL KPN  
        device XMM7160_V1.2_MB IMEI ZZZZZZZZZ firmware FIH7160_V1.2_WW
        APN umts.xs4all.nl
        groups: egress
        status: active
        inet 83.161.163.248 --> 83.161.163.1 netmask 0xffffff00

Reply | Threaded
Open this post in threaded view
|

Re: MBIM Patch (Round 3)

Gerhard Roth-2
On 09.06.2016 23:42, Mark Kettenis wrote:

>> Date: Thu, 9 Jun 2016 22:59:28 +0200 (CEST)
>> From: Mark Kettenis <[hidden email]>
>>
>>> Date: Wed, 8 Jun 2016 15:08:52 +0200
>>> From: Gerhard Roth <[hidden email]>
>>>
>>> I would be glad to hear from some people trying this with a real MBIM
>>> device.
>>
>> Sierra Wireless EM7345 4G LTE here.  This devices currently attached
>> as umodem(4).  But I did add its vendor id and device id to umb_devs,
>> which makes it partially attach:
>>
>> umb0 at uhub0 port 4 "Sierra Wireless Inc. Sierra Wireless EM7345 4G LTE" rev 2.00/17.29 addr 2
>> umb0: switching to config #1
>> umb0: ignoring invalid segment size 1500
>> umb0: ctrl_len=512, maxpktlen=8192, cap=0x4
>> umb0: no control interface found
>>
>> (this is with UMB_DEBUG enabled)
>>
>> It seems this device needs some additional poking to select alternate
>> interface settings.
>
> With the appropriate alternate settings for the communication
> interface and data interface (1 and 2) hardcoded in the driver, this
> works!

Great!

Although another example of a device violating the MBIM spec which
clearly states that alternate settings 0 and 1 have to be used.


>
> umb0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> index 5 priority 0
> roaming disabled registration home network
> state up cell-class LTE rssi -79dBm speed 47.7Mps up 95.4Mps down
> SIM initialized PIN valid (3 attempts left)
> subscriber-id XXXXXXXX ICC-id YYYYYYYYYY provider NL KPN
> device XMM7160_V1.2_MB IMEI ZZZZZZZZZ firmware FIH7160_V1.2_WW
> APN umts.xs4all.nl
> groups: egress
> status: active
> inet 83.161.163.248 --> 83.161.163.1 netmask 0xffffff00
>

123