2 * QEMU RTL8139 emulation
4 * Copyright (c) 2006 Igor Kovalenko
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 * 2006-Jan-28 Mark Malakanov : TSAD and CSCR implementation (for Windows driver)
27 * 2006-Apr-28 Juergen Lock : EEPROM emulation changes for FreeBSD driver
28 * HW revision ID changes for FreeBSD driver
30 * 2006-Jul-01 Igor Kovalenko : Implemented loopback mode for FreeBSD driver
31 * Corrected packet transfer reassembly routine for 8139C+ mode
32 * Rearranged debugging print statements
33 * Implemented PCI timer interrupt (disabled by default)
34 * Implemented Tally Counters, increased VM load/save version
35 * Implemented IP/TCP/UDP checksum task offloading
37 * 2006-Jul-04 Igor Kovalenko : Implemented TCP segmentation offloading
38 * Fixed MTU=1500 for produced ethernet frames
40 * 2006-Jul-09 Igor Kovalenko : Fixed TCP header length calculation while processing
41 * segmentation offloading
42 * Removed slirp.h dependency
43 * Added rx/tx buffer reset when enabling rx/tx operation
48 #include "qemu-timer.h"
52 /* debug RTL8139 card */
53 //#define DEBUG_RTL8139 1
55 #define PCI_FREQUENCY 33000000L
57 /* debug RTL8139 card C+ mode only */
58 //#define DEBUG_RTL8139CP 1
60 /* Calculate CRCs properly on Rx packets */
61 #define RTL8139_CALCULATE_RXCRC 1
63 /* Uncomment to enable on-board timer interrupts */
64 //#define RTL8139_ONBOARD_TIMER 1
66 #if defined(RTL8139_CALCULATE_RXCRC)
71 #define SET_MASKED(input, mask, curr) \
72 ( ( (input) & ~(mask) ) | ( (curr) & (mask) ) )
74 /* arg % size for size which is a power of 2 */
75 #define MOD2(input, size) \
76 ( ( input ) & ( size - 1 ) )
78 #if defined (DEBUG_RTL8139)
79 # define DEBUG_PRINT(x) do { printf x ; } while (0)
81 # define DEBUG_PRINT(x)
84 /* Symbolic offsets to registers. */
85 enum RTL8139_registers {
86 MAC0 = 0, /* Ethernet hardware address. */
87 MAR0 = 8, /* Multicast filter. */
88 TxStatus0 = 0x10,/* Transmit status (Four 32bit registers). C mode only */
89 /* Dump Tally Conter control register(64bit). C+ mode only */
90 TxAddr0 = 0x20, /* Tx descriptors (also four 32bit). */
99 Timer = 0x48, /* A general-purpose counter. */
100 RxMissed = 0x4C, /* 24 bits valid, write clears. */
107 Config4 = 0x5A, /* absent on RTL-8139A */
110 PCIRevisionID = 0x5E,
111 TxSummary = 0x60, /* TSAD register. Transmit Status of All Descriptors*/
112 BasicModeCtrl = 0x62,
113 BasicModeStatus = 0x64,
116 NWayExpansion = 0x6A,
117 /* Undocumented registers, but required for proper operation. */
118 FIFOTMS = 0x70, /* FIFO Control and test. */
119 CSCR = 0x74, /* Chip Status and Configuration Register. */
121 PARA7c = 0x7c, /* Magic transceiver parameter register. */
122 Config5 = 0xD8, /* absent on RTL-8139A */
124 TxPoll = 0xD9, /* Tell chip to check Tx descriptors for work */
125 RxMaxSize = 0xDA, /* Max size of an Rx packet (8169 only) */
126 CpCmd = 0xE0, /* C+ Command register (C+ mode only) */
127 IntrMitigate = 0xE2, /* rx/tx interrupt mitigation control */
128 RxRingAddrLO = 0xE4, /* 64-bit start addr of Rx ring */
129 RxRingAddrHI = 0xE8, /* 64-bit start addr of Rx ring */
130 TxThresh = 0xEC, /* Early Tx threshold */
134 MultiIntrClear = 0xF000,
136 Config1Clear = (1<<7)|(1<<6)|(1<<3)|(1<<2)|(1<<1),
148 CPlusRxVLAN = 0x0040, /* enable receive VLAN detagging */
149 CPlusRxChkSum = 0x0020, /* enable receive checksum offloading */
154 /* Interrupt register bits, using my own meaningful names. */
155 enum IntrStatusBits {
166 RxAckBits = RxFIFOOver | RxOverflow | RxOK,
173 TxOutOfWindow = 0x20000000,
174 TxAborted = 0x40000000,
175 TxCarrierLost = 0x80000000,
178 RxMulticast = 0x8000,
180 RxBroadcast = 0x2000,
181 RxBadSymbol = 0x0020,
189 /* Bits in RxConfig. */
193 AcceptBroadcast = 0x08,
194 AcceptMulticast = 0x04,
196 AcceptAllPhys = 0x01,
199 /* Bits in TxConfig. */
200 enum tx_config_bits {
202 /* Interframe Gap Time. Only TxIFG96 doesn't violate IEEE 802.3 */
204 TxIFG84 = (0 << TxIFGShift), /* 8.4us / 840ns (10 / 100Mbps) */
205 TxIFG88 = (1 << TxIFGShift), /* 8.8us / 880ns (10 / 100Mbps) */
206 TxIFG92 = (2 << TxIFGShift), /* 9.2us / 920ns (10 / 100Mbps) */
207 TxIFG96 = (3 << TxIFGShift), /* 9.6us / 960ns (10 / 100Mbps) */
209 TxLoopBack = (1 << 18) | (1 << 17), /* enable loopback test mode */
210 TxCRC = (1 << 16), /* DISABLE appending CRC to end of Tx packets */
211 TxClearAbt = (1 << 0), /* Clear abort (WO) */
212 TxDMAShift = 8, /* DMA burst value (0-7) is shifted this many bits */
213 TxRetryShift = 4, /* TXRR value (0-15) is shifted this many bits */
215 TxVersionMask = 0x7C800000, /* mask out version bits 30-26, 23 */
219 /* Transmit Status of All Descriptors (TSAD) Register */
221 TSAD_TOK3 = 1<<15, // TOK bit of Descriptor 3
222 TSAD_TOK2 = 1<<14, // TOK bit of Descriptor 2
223 TSAD_TOK1 = 1<<13, // TOK bit of Descriptor 1
224 TSAD_TOK0 = 1<<12, // TOK bit of Descriptor 0
225 TSAD_TUN3 = 1<<11, // TUN bit of Descriptor 3
226 TSAD_TUN2 = 1<<10, // TUN bit of Descriptor 2
227 TSAD_TUN1 = 1<<9, // TUN bit of Descriptor 1
228 TSAD_TUN0 = 1<<8, // TUN bit of Descriptor 0
229 TSAD_TABT3 = 1<<07, // TABT bit of Descriptor 3
230 TSAD_TABT2 = 1<<06, // TABT bit of Descriptor 2
231 TSAD_TABT1 = 1<<05, // TABT bit of Descriptor 1
232 TSAD_TABT0 = 1<<04, // TABT bit of Descriptor 0
233 TSAD_OWN3 = 1<<03, // OWN bit of Descriptor 3
234 TSAD_OWN2 = 1<<02, // OWN bit of Descriptor 2
235 TSAD_OWN1 = 1<<01, // OWN bit of Descriptor 1
236 TSAD_OWN0 = 1<<00, // OWN bit of Descriptor 0
240 /* Bits in Config1 */
242 Cfg1_PM_Enable = 0x01,
243 Cfg1_VPD_Enable = 0x02,
246 LWAKE = 0x10, /* not on 8139, 8139A */
247 Cfg1_Driver_Load = 0x20,
250 SLEEP = (1 << 1), /* only on 8139, 8139A */
251 PWRDN = (1 << 0), /* only on 8139, 8139A */
254 /* Bits in Config3 */
256 Cfg3_FBtBEn = (1 << 0), /* 1 = Fast Back to Back */
257 Cfg3_FuncRegEn = (1 << 1), /* 1 = enable CardBus Function registers */
258 Cfg3_CLKRUN_En = (1 << 2), /* 1 = enable CLKRUN */
259 Cfg3_CardB_En = (1 << 3), /* 1 = enable CardBus registers */
260 Cfg3_LinkUp = (1 << 4), /* 1 = wake up on link up */
261 Cfg3_Magic = (1 << 5), /* 1 = wake up on Magic Packet (tm) */
262 Cfg3_PARM_En = (1 << 6), /* 0 = software can set twister parameters */
263 Cfg3_GNTSel = (1 << 7), /* 1 = delay 1 clock from PCI GNT signal */
266 /* Bits in Config4 */
268 LWPTN = (1 << 2), /* not on 8139, 8139A */
271 /* Bits in Config5 */
273 Cfg5_PME_STS = (1 << 0), /* 1 = PCI reset resets PME_Status */
274 Cfg5_LANWake = (1 << 1), /* 1 = enable LANWake signal */
275 Cfg5_LDPS = (1 << 2), /* 0 = save power when link is down */
276 Cfg5_FIFOAddrPtr = (1 << 3), /* Realtek internal SRAM testing */
277 Cfg5_UWF = (1 << 4), /* 1 = accept unicast wakeup frame */
278 Cfg5_MWF = (1 << 5), /* 1 = accept multicast wakeup frame */
279 Cfg5_BWF = (1 << 6), /* 1 = accept broadcast wakeup frame */
283 /* rx fifo threshold */
285 RxCfgFIFONone = (7 << RxCfgFIFOShift),
289 RxCfgDMAUnlimited = (7 << RxCfgDMAShift),
291 /* rx ring buffer length */
293 RxCfgRcv16K = (1 << 11),
294 RxCfgRcv32K = (1 << 12),
295 RxCfgRcv64K = (1 << 11) | (1 << 12),
297 /* Disable packet wrap at end of Rx buffer. (not possible with 64k) */
301 /* Twister tuning parameters from RealTek.
302 Completely undocumented, but required to tune bad links on some boards. */
305 CSCR_LinkOKBit = 0x0400,
306 CSCR_LinkChangeBit = 0x0800,
307 CSCR_LinkStatusBits = 0x0f000,
308 CSCR_LinkDownOffCmd = 0x003c0,
309 CSCR_LinkDownCmd = 0x0f3c0,
312 CSCR_Testfun = 1<<15, /* 1 = Auto-neg speeds up internal timer, WO, def 0 */
313 CSCR_LD = 1<<9, /* Active low TPI link disable signal. When low, TPI still transmits link pulses and TPI stays in good link state. def 1*/
314 CSCR_HEART_BIT = 1<<8, /* 1 = HEART BEAT enable, 0 = HEART BEAT disable. HEART BEAT function is only valid in 10Mbps mode. def 1*/
315 CSCR_JBEN = 1<<7, /* 1 = enable jabber function. 0 = disable jabber function, def 1*/
316 CSCR_F_LINK_100 = 1<<6, /* Used to login force good link in 100Mbps for diagnostic purposes. 1 = DISABLE, 0 = ENABLE. def 1*/
317 CSCR_F_Connect = 1<<5, /* Assertion of this bit forces the disconnect function to be bypassed. def 0*/
318 CSCR_Con_status = 1<<3, /* This bit indicates the status of the connection. 1 = valid connected link detected; 0 = disconnected link detected. RO def 0*/
319 CSCR_Con_status_En = 1<<2, /* Assertion of this bit configures LED1 pin to indicate connection status. def 0*/
320 CSCR_PASS_SCR = 1<<0, /* Bypass Scramble, def 0*/
325 Cfg9346_Unlock = 0xC0,
342 HasHltClk = (1 << 0),
346 #define HW_REVID(b30, b29, b28, b27, b26, b23, b22) \
347 (b30<<30 | b29<<29 | b28<<28 | b27<<27 | b26<<26 | b23<<23 | b22<<22)
348 #define HW_REVID_MASK HW_REVID(1, 1, 1, 1, 1, 1, 1)
350 #define RTL8139_PCI_REVID_8139 0x10
351 #define RTL8139_PCI_REVID_8139CPLUS 0x20
353 #define RTL8139_PCI_REVID RTL8139_PCI_REVID_8139CPLUS
355 /* Size is 64 * 16bit words */
356 #define EEPROM_9346_ADDR_BITS 6
357 #define EEPROM_9346_SIZE (1 << EEPROM_9346_ADDR_BITS)
358 #define EEPROM_9346_ADDR_MASK (EEPROM_9346_SIZE - 1)
360 enum Chip9346Operation
362 Chip9346_op_mask = 0xc0, /* 10 zzzzzz */
363 Chip9346_op_read = 0x80, /* 10 AAAAAA */
364 Chip9346_op_write = 0x40, /* 01 AAAAAA D(15)..D(0) */
365 Chip9346_op_ext_mask = 0xf0, /* 11 zzzzzz */
366 Chip9346_op_write_enable = 0x30, /* 00 11zzzz */
367 Chip9346_op_write_all = 0x10, /* 00 01zzzz */
368 Chip9346_op_write_disable = 0x00, /* 00 00zzzz */
374 Chip9346_enter_command_mode,
375 Chip9346_read_command,
376 Chip9346_data_read, /* from output register */
377 Chip9346_data_write, /* to input register, then to contents at specified address */
378 Chip9346_data_write_all, /* to input register, then filling contents */
381 typedef struct EEprom9346
383 uint16_t contents[EEPROM_9346_SIZE];
396 typedef struct RTL8139TallyCounters
412 } RTL8139TallyCounters;
414 /* Clears all tally counters */
415 static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters);
417 /* Writes tally counters to specified physical memory address */
418 static void RTL8139TallyCounters_physical_memory_write(target_phys_addr_t tc_addr, RTL8139TallyCounters* counters);
420 typedef struct RTL8139State {
422 uint8_t phys[8]; /* mac address */
423 uint8_t mult[8]; /* multicast mask array */
425 uint32_t TxStatus[4]; /* TxStatus0 in C mode*/ /* also DTCCR[0] and DTCCR[1] in C+ mode */
426 uint32_t TxAddr[4]; /* TxAddr0 */
427 uint32_t RxBuf; /* Receive buffer */
428 uint32_t RxBufferSize;/* internal variable, receive ring buffer size in C mode */
448 uint8_t clock_enabled;
449 uint8_t bChipCmdState;
453 uint16_t BasicModeCtrl;
454 uint16_t BasicModeStatus;
457 uint16_t NWayExpansion;
464 int rtl8139_mmio_io_addr;
470 uint32_t cplus_enabled;
472 uint32_t currCPlusRxDesc;
473 uint32_t currCPlusTxDesc;
475 uint32_t RxRingAddrLO;
476 uint32_t RxRingAddrHI;
485 RTL8139TallyCounters tally_counters;
487 /* Non-persistent data */
488 uint8_t *cplus_txbuffer;
489 int cplus_txbuffer_len;
490 int cplus_txbuffer_offset;
492 /* PCI interrupt timer */
497 static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
499 DEBUG_PRINT(("RTL8139: eeprom command 0x%02x\n", command));
501 switch (command & Chip9346_op_mask)
503 case Chip9346_op_read:
505 eeprom->address = command & EEPROM_9346_ADDR_MASK;
506 eeprom->output = eeprom->contents[eeprom->address];
509 eeprom->mode = Chip9346_data_read;
510 DEBUG_PRINT(("RTL8139: eeprom read from address 0x%02x data=0x%04x\n",
511 eeprom->address, eeprom->output));
515 case Chip9346_op_write:
517 eeprom->address = command & EEPROM_9346_ADDR_MASK;
520 eeprom->mode = Chip9346_none; /* Chip9346_data_write */
521 DEBUG_PRINT(("RTL8139: eeprom begin write to address 0x%02x\n",
526 eeprom->mode = Chip9346_none;
527 switch (command & Chip9346_op_ext_mask)
529 case Chip9346_op_write_enable:
530 DEBUG_PRINT(("RTL8139: eeprom write enabled\n"));
532 case Chip9346_op_write_all:
533 DEBUG_PRINT(("RTL8139: eeprom begin write all\n"));
535 case Chip9346_op_write_disable:
536 DEBUG_PRINT(("RTL8139: eeprom write disabled\n"));
543 static void prom9346_shift_clock(EEprom9346 *eeprom)
545 int bit = eeprom->eedi?1:0;
549 DEBUG_PRINT(("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi, eeprom->eedo));
551 switch (eeprom->mode)
553 case Chip9346_enter_command_mode:
556 eeprom->mode = Chip9346_read_command;
559 DEBUG_PRINT(("eeprom: +++ synchronized, begin command read\n"));
563 case Chip9346_read_command:
564 eeprom->input = (eeprom->input << 1) | (bit & 1);
565 if (eeprom->tick == 8)
567 prom9346_decode_command(eeprom, eeprom->input & 0xff);
571 case Chip9346_data_read:
572 eeprom->eedo = (eeprom->output & 0x8000)?1:0;
573 eeprom->output <<= 1;
574 if (eeprom->tick == 16)
577 // the FreeBSD drivers (rl and re) don't explicitly toggle
578 // CS between reads (or does setting Cfg9346 to 0 count too?),
579 // so we need to enter wait-for-command state here
580 eeprom->mode = Chip9346_enter_command_mode;
584 DEBUG_PRINT(("eeprom: +++ end of read, awaiting next command\n"));
586 // original behaviour
588 eeprom->address &= EEPROM_9346_ADDR_MASK;
589 eeprom->output = eeprom->contents[eeprom->address];
592 DEBUG_PRINT(("eeprom: +++ read next address 0x%02x data=0x%04x\n",
593 eeprom->address, eeprom->output));
598 case Chip9346_data_write:
599 eeprom->input = (eeprom->input << 1) | (bit & 1);
600 if (eeprom->tick == 16)
602 DEBUG_PRINT(("RTL8139: eeprom write to address 0x%02x data=0x%04x\n",
603 eeprom->address, eeprom->input));
605 eeprom->contents[eeprom->address] = eeprom->input;
606 eeprom->mode = Chip9346_none; /* waiting for next command after CS cycle */
612 case Chip9346_data_write_all:
613 eeprom->input = (eeprom->input << 1) | (bit & 1);
614 if (eeprom->tick == 16)
617 for (i = 0; i < EEPROM_9346_SIZE; i++)
619 eeprom->contents[i] = eeprom->input;
621 DEBUG_PRINT(("RTL8139: eeprom filled with data=0x%04x\n",
624 eeprom->mode = Chip9346_enter_command_mode;
635 static int prom9346_get_wire(RTL8139State *s)
637 EEprom9346 *eeprom = &s->eeprom;
644 /* FIXME: This should be merged into/replaced by eeprom93xx.c. */
645 static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
647 EEprom9346 *eeprom = &s->eeprom;
648 uint8_t old_eecs = eeprom->eecs;
649 uint8_t old_eesk = eeprom->eesk;
655 DEBUG_PRINT(("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n",
656 eeprom->eecs, eeprom->eesk, eeprom->eedi, eeprom->eedo));
658 if (!old_eecs && eecs)
660 /* Synchronize start */
664 eeprom->mode = Chip9346_enter_command_mode;
666 DEBUG_PRINT(("=== eeprom: begin access, enter command mode\n"));
671 DEBUG_PRINT(("=== eeprom: end access\n"));
675 if (!old_eesk && eesk)
678 prom9346_shift_clock(eeprom);
682 static void rtl8139_update_irq(RTL8139State *s)
685 isr = (s->IntrStatus & s->IntrMask) & 0xffff;
687 DEBUG_PRINT(("RTL8139: Set IRQ to %d (%04x %04x)\n",
688 isr ? 1 : 0, s->IntrStatus, s->IntrMask));
690 qemu_set_irq(s->dev.irq[0], (isr != 0));
693 #define POLYNOMIAL 0x04c11db6
697 static int compute_mcast_idx(const uint8_t *ep)
704 for (i = 0; i < 6; i++) {
706 for (j = 0; j < 8; j++) {
707 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
711 crc = ((crc ^ POLYNOMIAL) | carry);
717 static int rtl8139_RxWrap(RTL8139State *s)
719 /* wrapping enabled; assume 1.5k more buffer space if size < 65536 */
720 return (s->RxConfig & (1 << 7));
723 static int rtl8139_receiver_enabled(RTL8139State *s)
725 return s->bChipCmdState & CmdRxEnb;
728 static int rtl8139_transmitter_enabled(RTL8139State *s)
730 return s->bChipCmdState & CmdTxEnb;
733 static int rtl8139_cp_receiver_enabled(RTL8139State *s)
735 return s->CpCmd & CPlusRxEnb;
738 static int rtl8139_cp_transmitter_enabled(RTL8139State *s)
740 return s->CpCmd & CPlusTxEnb;
743 static void rtl8139_write_buffer(RTL8139State *s, const void *buf, int size)
745 if (s->RxBufAddr + size > s->RxBufferSize)
747 int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize);
749 /* write packet data */
750 if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
752 DEBUG_PRINT((">>> RTL8139: rx packet wrapped in buffer at %d\n", size-wrapped));
756 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr,
760 /* reset buffer pointer */
763 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr,
764 buf + (size-wrapped), wrapped );
766 s->RxBufAddr = wrapped;
772 /* non-wrapping path or overwrapping enabled */
773 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr, buf, size );
775 s->RxBufAddr += size;
778 #define MIN_BUF_SIZE 60
779 static inline target_phys_addr_t rtl8139_addr64(uint32_t low, uint32_t high)
781 #if TARGET_PHYS_ADDR_BITS > 32
782 return low | ((target_phys_addr_t)high << 32);
788 static int rtl8139_can_receive(VLANClientState *nc)
790 RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
793 /* Receive (drop) packets if card is disabled. */
794 if (!s->clock_enabled)
796 if (!rtl8139_receiver_enabled(s))
799 if (rtl8139_cp_receiver_enabled(s)) {
800 /* ??? Flow control not implemented in c+ mode.
801 This is a hack to work around slirp deficiencies anyway. */
804 avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr,
806 return (avail == 0 || avail >= 1514);
810 static ssize_t rtl8139_do_receive(VLANClientState *nc, const uint8_t *buf, size_t size_, int do_interrupt)
812 RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
815 uint32_t packet_header = 0;
818 static const uint8_t broadcast_macaddr[6] =
819 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
821 DEBUG_PRINT((">>> RTL8139: received len=%d\n", size));
823 /* test if board clock is stopped */
824 if (!s->clock_enabled)
826 DEBUG_PRINT(("RTL8139: stopped ==========================\n"));
830 /* first check if receiver is enabled */
832 if (!rtl8139_receiver_enabled(s))
834 DEBUG_PRINT(("RTL8139: receiver disabled ================\n"));
838 /* XXX: check this */
839 if (s->RxConfig & AcceptAllPhys) {
840 /* promiscuous: receive all */
841 DEBUG_PRINT((">>> RTL8139: packet received in promiscuous mode\n"));
844 if (!memcmp(buf, broadcast_macaddr, 6)) {
845 /* broadcast address */
846 if (!(s->RxConfig & AcceptBroadcast))
848 DEBUG_PRINT((">>> RTL8139: broadcast packet rejected\n"));
850 /* update tally counter */
851 ++s->tally_counters.RxERR;
856 packet_header |= RxBroadcast;
858 DEBUG_PRINT((">>> RTL8139: broadcast packet received\n"));
860 /* update tally counter */
861 ++s->tally_counters.RxOkBrd;
863 } else if (buf[0] & 0x01) {
865 if (!(s->RxConfig & AcceptMulticast))
867 DEBUG_PRINT((">>> RTL8139: multicast packet rejected\n"));
869 /* update tally counter */
870 ++s->tally_counters.RxERR;
875 int mcast_idx = compute_mcast_idx(buf);
877 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
879 DEBUG_PRINT((">>> RTL8139: multicast address mismatch\n"));
881 /* update tally counter */
882 ++s->tally_counters.RxERR;
887 packet_header |= RxMulticast;
889 DEBUG_PRINT((">>> RTL8139: multicast packet received\n"));
891 /* update tally counter */
892 ++s->tally_counters.RxOkMul;
894 } else if (s->phys[0] == buf[0] &&
895 s->phys[1] == buf[1] &&
896 s->phys[2] == buf[2] &&
897 s->phys[3] == buf[3] &&
898 s->phys[4] == buf[4] &&
899 s->phys[5] == buf[5]) {
901 if (!(s->RxConfig & AcceptMyPhys))
903 DEBUG_PRINT((">>> RTL8139: rejecting physical address matching packet\n"));
905 /* update tally counter */
906 ++s->tally_counters.RxERR;
911 packet_header |= RxPhysical;
913 DEBUG_PRINT((">>> RTL8139: physical address matching packet received\n"));
915 /* update tally counter */
916 ++s->tally_counters.RxOkPhy;
920 DEBUG_PRINT((">>> RTL8139: unknown packet\n"));
922 /* update tally counter */
923 ++s->tally_counters.RxERR;
929 /* if too small buffer, then expand it */
930 if (size < MIN_BUF_SIZE) {
931 memcpy(buf1, buf, size);
932 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
937 if (rtl8139_cp_receiver_enabled(s))
939 DEBUG_PRINT(("RTL8139: in C+ Rx mode ================\n"));
941 /* begin C+ receiver mode */
943 /* w0 ownership flag */
944 #define CP_RX_OWN (1<<31)
945 /* w0 end of ring flag */
946 #define CP_RX_EOR (1<<30)
947 /* w0 bits 0...12 : buffer size */
948 #define CP_RX_BUFFER_SIZE_MASK ((1<<13) - 1)
949 /* w1 tag available flag */
950 #define CP_RX_TAVA (1<<16)
951 /* w1 bits 0...15 : VLAN tag */
952 #define CP_RX_VLAN_TAG_MASK ((1<<16) - 1)
953 /* w2 low 32bit of Rx buffer ptr */
954 /* w3 high 32bit of Rx buffer ptr */
956 int descriptor = s->currCPlusRxDesc;
957 target_phys_addr_t cplus_rx_ring_desc;
959 cplus_rx_ring_desc = rtl8139_addr64(s->RxRingAddrLO, s->RxRingAddrHI);
960 cplus_rx_ring_desc += 16 * descriptor;
962 DEBUG_PRINT(("RTL8139: +++ C+ mode reading RX descriptor %d from host memory at %08x %08x = %016" PRIx64 "\n",
963 descriptor, s->RxRingAddrHI, s->RxRingAddrLO, (uint64_t)cplus_rx_ring_desc));
965 uint32_t val, rxdw0,rxdw1,rxbufLO,rxbufHI;
967 cpu_physical_memory_read(cplus_rx_ring_desc, (uint8_t *)&val, 4);
968 rxdw0 = le32_to_cpu(val);
969 cpu_physical_memory_read(cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
970 rxdw1 = le32_to_cpu(val);
971 cpu_physical_memory_read(cplus_rx_ring_desc+8, (uint8_t *)&val, 4);
972 rxbufLO = le32_to_cpu(val);
973 cpu_physical_memory_read(cplus_rx_ring_desc+12, (uint8_t *)&val, 4);
974 rxbufHI = le32_to_cpu(val);
976 DEBUG_PRINT(("RTL8139: +++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
978 rxdw0, rxdw1, rxbufLO, rxbufHI));
980 if (!(rxdw0 & CP_RX_OWN))
982 DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d is owned by host\n", descriptor));
984 s->IntrStatus |= RxOverflow;
987 /* update tally counter */
988 ++s->tally_counters.RxERR;
989 ++s->tally_counters.MissPkt;
991 rtl8139_update_irq(s);
995 uint32_t rx_space = rxdw0 & CP_RX_BUFFER_SIZE_MASK;
997 /* TODO: scatter the packet over available receive ring descriptors space */
999 if (size+4 > rx_space)
1001 DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d size %d received %d + 4\n",
1002 descriptor, rx_space, size));
1004 s->IntrStatus |= RxOverflow;
1007 /* update tally counter */
1008 ++s->tally_counters.RxERR;
1009 ++s->tally_counters.MissPkt;
1011 rtl8139_update_irq(s);
1015 target_phys_addr_t rx_addr = rtl8139_addr64(rxbufLO, rxbufHI);
1017 /* receive/copy to target memory */
1018 cpu_physical_memory_write( rx_addr, buf, size );
1020 if (s->CpCmd & CPlusRxChkSum)
1022 /* do some packet checksumming */
1025 /* write checksum */
1026 #if defined (RTL8139_CALCULATE_RXCRC)
1027 val = cpu_to_le32(crc32(0, buf, size));
1031 cpu_physical_memory_write( rx_addr+size, (uint8_t *)&val, 4);
1033 /* first segment of received packet flag */
1034 #define CP_RX_STATUS_FS (1<<29)
1035 /* last segment of received packet flag */
1036 #define CP_RX_STATUS_LS (1<<28)
1037 /* multicast packet flag */
1038 #define CP_RX_STATUS_MAR (1<<26)
1039 /* physical-matching packet flag */
1040 #define CP_RX_STATUS_PAM (1<<25)
1041 /* broadcast packet flag */
1042 #define CP_RX_STATUS_BAR (1<<24)
1043 /* runt packet flag */
1044 #define CP_RX_STATUS_RUNT (1<<19)
1045 /* crc error flag */
1046 #define CP_RX_STATUS_CRC (1<<18)
1047 /* IP checksum error flag */
1048 #define CP_RX_STATUS_IPF (1<<15)
1049 /* UDP checksum error flag */
1050 #define CP_RX_STATUS_UDPF (1<<14)
1051 /* TCP checksum error flag */
1052 #define CP_RX_STATUS_TCPF (1<<13)
1054 /* transfer ownership to target */
1055 rxdw0 &= ~CP_RX_OWN;
1057 /* set first segment bit */
1058 rxdw0 |= CP_RX_STATUS_FS;
1060 /* set last segment bit */
1061 rxdw0 |= CP_RX_STATUS_LS;
1063 /* set received packet type flags */
1064 if (packet_header & RxBroadcast)
1065 rxdw0 |= CP_RX_STATUS_BAR;
1066 if (packet_header & RxMulticast)
1067 rxdw0 |= CP_RX_STATUS_MAR;
1068 if (packet_header & RxPhysical)
1069 rxdw0 |= CP_RX_STATUS_PAM;
1071 /* set received size */
1072 rxdw0 &= ~CP_RX_BUFFER_SIZE_MASK;
1075 /* reset VLAN tag flag */
1076 rxdw1 &= ~CP_RX_TAVA;
1078 /* update ring data */
1079 val = cpu_to_le32(rxdw0);
1080 cpu_physical_memory_write(cplus_rx_ring_desc, (uint8_t *)&val, 4);
1081 val = cpu_to_le32(rxdw1);
1082 cpu_physical_memory_write(cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
1084 /* update tally counter */
1085 ++s->tally_counters.RxOk;
1087 /* seek to next Rx descriptor */
1088 if (rxdw0 & CP_RX_EOR)
1090 s->currCPlusRxDesc = 0;
1094 ++s->currCPlusRxDesc;
1097 DEBUG_PRINT(("RTL8139: done C+ Rx mode ----------------\n"));
1102 DEBUG_PRINT(("RTL8139: in ring Rx mode ================\n"));
1104 /* begin ring receiver mode */
1105 int avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr, s->RxBufferSize);
1107 /* if receiver buffer is empty then avail == 0 */
1109 if (avail != 0 && size + 8 >= avail)
1111 DEBUG_PRINT(("rx overflow: rx buffer length %d head 0x%04x read 0x%04x === available 0x%04x need 0x%04x\n",
1112 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8));
1114 s->IntrStatus |= RxOverflow;
1116 rtl8139_update_irq(s);
1120 packet_header |= RxStatusOK;
1122 packet_header |= (((size+4) << 16) & 0xffff0000);
1125 uint32_t val = cpu_to_le32(packet_header);
1127 rtl8139_write_buffer(s, (uint8_t *)&val, 4);
1129 rtl8139_write_buffer(s, buf, size);
1131 /* write checksum */
1132 #if defined (RTL8139_CALCULATE_RXCRC)
1133 val = cpu_to_le32(crc32(0, buf, size));
1138 rtl8139_write_buffer(s, (uint8_t *)&val, 4);
1140 /* correct buffer write pointer */
1141 s->RxBufAddr = MOD2((s->RxBufAddr + 3) & ~0x3, s->RxBufferSize);
1143 /* now we can signal we have received something */
1145 DEBUG_PRINT((" received: rx buffer length %d head 0x%04x read 0x%04x\n",
1146 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
1149 s->IntrStatus |= RxOK;
1153 rtl8139_update_irq(s);
1159 static ssize_t rtl8139_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
1161 return rtl8139_do_receive(nc, buf, size, 1);
1164 static void rtl8139_reset_rxring(RTL8139State *s, uint32_t bufferSize)
1166 s->RxBufferSize = bufferSize;
1171 static void rtl8139_reset(DeviceState *d)
1173 RTL8139State *s = container_of(d, RTL8139State, dev.qdev);
1176 /* restore MAC address */
1177 memcpy(s->phys, s->conf.macaddr.a, 6);
1179 /* reset interrupt mask */
1183 rtl8139_update_irq(s);
1185 /* prepare eeprom */
1186 s->eeprom.contents[0] = 0x8129;
1188 // PCI vendor and device ID should be mirrored here
1189 s->eeprom.contents[1] = PCI_VENDOR_ID_REALTEK;
1190 s->eeprom.contents[2] = PCI_DEVICE_ID_REALTEK_8139;
1193 s->eeprom.contents[7] = s->conf.macaddr.a[0] | s->conf.macaddr.a[1] << 8;
1194 s->eeprom.contents[8] = s->conf.macaddr.a[2] | s->conf.macaddr.a[3] << 8;
1195 s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
1197 /* mark all status registers as owned by host */
1198 for (i = 0; i < 4; ++i)
1200 s->TxStatus[i] = TxHostOwns;
1204 s->currCPlusRxDesc = 0;
1205 s->currCPlusTxDesc = 0;
1207 s->RxRingAddrLO = 0;
1208 s->RxRingAddrHI = 0;
1212 rtl8139_reset_rxring(s, 8192);
1218 // s->TxConfig |= HW_REVID(1, 0, 0, 0, 0, 0, 0); // RTL-8139 HasHltClk
1219 s->clock_enabled = 0;
1221 s->TxConfig |= HW_REVID(1, 1, 1, 0, 1, 1, 0); // RTL-8139C+ HasLWake
1222 s->clock_enabled = 1;
1225 s->bChipCmdState = CmdReset; /* RxBufEmpty bit is calculated on read from ChipCmd */;
1227 /* set initial state data */
1228 s->Config0 = 0x0; /* No boot ROM */
1229 s->Config1 = 0xC; /* IO mapped and MEM mapped registers available */
1230 s->Config3 = 0x1; /* fast back-to-back compatible */
1233 s->CSCR = CSCR_F_LINK_100 | CSCR_HEART_BIT | CSCR_LD;
1235 s->CpCmd = 0x0; /* reset C+ mode */
1236 s->cplus_enabled = 0;
1239 // s->BasicModeCtrl = 0x3100; // 100Mbps, full duplex, autonegotiation
1240 // s->BasicModeCtrl = 0x2100; // 100Mbps, full duplex
1241 s->BasicModeCtrl = 0x1000; // autonegotiation
1243 s->BasicModeStatus = 0x7809;
1244 //s->BasicModeStatus |= 0x0040; /* UTP medium */
1245 s->BasicModeStatus |= 0x0020; /* autonegotiation completed */
1246 s->BasicModeStatus |= 0x0004; /* link is up */
1248 s->NWayAdvert = 0x05e1; /* all modes, full duplex */
1249 s->NWayLPAR = 0x05e1; /* all modes, full duplex */
1250 s->NWayExpansion = 0x0001; /* autonegotiation supported */
1252 /* also reset timer and disable timer interrupt */
1257 /* reset tally counters */
1258 RTL8139TallyCounters_clear(&s->tally_counters);
1261 static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters)
1265 counters->TxERR = 0;
1266 counters->RxERR = 0;
1267 counters->MissPkt = 0;
1269 counters->Tx1Col = 0;
1270 counters->TxMCol = 0;
1271 counters->RxOkPhy = 0;
1272 counters->RxOkBrd = 0;
1273 counters->RxOkMul = 0;
1274 counters->TxAbt = 0;
1275 counters->TxUndrn = 0;
1278 static void RTL8139TallyCounters_physical_memory_write(target_phys_addr_t tc_addr, RTL8139TallyCounters* tally_counters)
1284 val64 = cpu_to_le64(tally_counters->TxOk);
1285 cpu_physical_memory_write(tc_addr + 0, (uint8_t *)&val64, 8);
1287 val64 = cpu_to_le64(tally_counters->RxOk);
1288 cpu_physical_memory_write(tc_addr + 8, (uint8_t *)&val64, 8);
1290 val64 = cpu_to_le64(tally_counters->TxERR);
1291 cpu_physical_memory_write(tc_addr + 16, (uint8_t *)&val64, 8);
1293 val32 = cpu_to_le32(tally_counters->RxERR);
1294 cpu_physical_memory_write(tc_addr + 24, (uint8_t *)&val32, 4);
1296 val16 = cpu_to_le16(tally_counters->MissPkt);
1297 cpu_physical_memory_write(tc_addr + 28, (uint8_t *)&val16, 2);
1299 val16 = cpu_to_le16(tally_counters->FAE);
1300 cpu_physical_memory_write(tc_addr + 30, (uint8_t *)&val16, 2);
1302 val32 = cpu_to_le32(tally_counters->Tx1Col);
1303 cpu_physical_memory_write(tc_addr + 32, (uint8_t *)&val32, 4);
1305 val32 = cpu_to_le32(tally_counters->TxMCol);
1306 cpu_physical_memory_write(tc_addr + 36, (uint8_t *)&val32, 4);
1308 val64 = cpu_to_le64(tally_counters->RxOkPhy);
1309 cpu_physical_memory_write(tc_addr + 40, (uint8_t *)&val64, 8);
1311 val64 = cpu_to_le64(tally_counters->RxOkBrd);
1312 cpu_physical_memory_write(tc_addr + 48, (uint8_t *)&val64, 8);
1314 val32 = cpu_to_le32(tally_counters->RxOkMul);
1315 cpu_physical_memory_write(tc_addr + 56, (uint8_t *)&val32, 4);
1317 val16 = cpu_to_le16(tally_counters->TxAbt);
1318 cpu_physical_memory_write(tc_addr + 60, (uint8_t *)&val16, 2);
1320 val16 = cpu_to_le16(tally_counters->TxUndrn);
1321 cpu_physical_memory_write(tc_addr + 62, (uint8_t *)&val16, 2);
1324 /* Loads values of tally counters from VM state file */
1326 static const VMStateDescription vmstate_tally_counters = {
1327 .name = "tally_counters",
1329 .minimum_version_id = 1,
1330 .minimum_version_id_old = 1,
1331 .fields = (VMStateField []) {
1332 VMSTATE_UINT64(TxOk, RTL8139TallyCounters),
1333 VMSTATE_UINT64(RxOk, RTL8139TallyCounters),
1334 VMSTATE_UINT64(TxERR, RTL8139TallyCounters),
1335 VMSTATE_UINT32(RxERR, RTL8139TallyCounters),
1336 VMSTATE_UINT16(MissPkt, RTL8139TallyCounters),
1337 VMSTATE_UINT16(FAE, RTL8139TallyCounters),
1338 VMSTATE_UINT32(Tx1Col, RTL8139TallyCounters),
1339 VMSTATE_UINT32(TxMCol, RTL8139TallyCounters),
1340 VMSTATE_UINT64(RxOkPhy, RTL8139TallyCounters),
1341 VMSTATE_UINT64(RxOkBrd, RTL8139TallyCounters),
1342 VMSTATE_UINT16(TxAbt, RTL8139TallyCounters),
1343 VMSTATE_UINT16(TxUndrn, RTL8139TallyCounters),
1344 VMSTATE_END_OF_LIST()
1348 static void rtl8139_ChipCmd_write(RTL8139State *s, uint32_t val)
1352 DEBUG_PRINT(("RTL8139: ChipCmd write val=0x%08x\n", val));
1356 DEBUG_PRINT(("RTL8139: ChipCmd reset\n"));
1357 rtl8139_reset(&s->dev.qdev);
1361 DEBUG_PRINT(("RTL8139: ChipCmd enable receiver\n"));
1363 s->currCPlusRxDesc = 0;
1367 DEBUG_PRINT(("RTL8139: ChipCmd enable transmitter\n"));
1369 s->currCPlusTxDesc = 0;
1372 /* mask unwriteable bits */
1373 val = SET_MASKED(val, 0xe3, s->bChipCmdState);
1375 /* Deassert reset pin before next read */
1378 s->bChipCmdState = val;
1381 static int rtl8139_RxBufferEmpty(RTL8139State *s)
1383 int unread = MOD2(s->RxBufferSize + s->RxBufAddr - s->RxBufPtr, s->RxBufferSize);
1387 DEBUG_PRINT(("RTL8139: receiver buffer data available 0x%04x\n", unread));
1391 DEBUG_PRINT(("RTL8139: receiver buffer is empty\n"));
1396 static uint32_t rtl8139_ChipCmd_read(RTL8139State *s)
1398 uint32_t ret = s->bChipCmdState;
1400 if (rtl8139_RxBufferEmpty(s))
1403 DEBUG_PRINT(("RTL8139: ChipCmd read val=0x%04x\n", ret));
1408 static void rtl8139_CpCmd_write(RTL8139State *s, uint32_t val)
1412 DEBUG_PRINT(("RTL8139C+ command register write(w) val=0x%04x\n", val));
1414 s->cplus_enabled = 1;
1416 /* mask unwriteable bits */
1417 val = SET_MASKED(val, 0xff84, s->CpCmd);
1422 static uint32_t rtl8139_CpCmd_read(RTL8139State *s)
1424 uint32_t ret = s->CpCmd;
1426 DEBUG_PRINT(("RTL8139C+ command register read(w) val=0x%04x\n", ret));
1431 static void rtl8139_IntrMitigate_write(RTL8139State *s, uint32_t val)
1433 DEBUG_PRINT(("RTL8139C+ IntrMitigate register write(w) val=0x%04x\n", val));
1436 static uint32_t rtl8139_IntrMitigate_read(RTL8139State *s)
1440 DEBUG_PRINT(("RTL8139C+ IntrMitigate register read(w) val=0x%04x\n", ret));
1445 static int rtl8139_config_writeable(RTL8139State *s)
1447 if (s->Cfg9346 & Cfg9346_Unlock)
1452 DEBUG_PRINT(("RTL8139: Configuration registers are write-protected\n"));
1457 static void rtl8139_BasicModeCtrl_write(RTL8139State *s, uint32_t val)
1461 DEBUG_PRINT(("RTL8139: BasicModeCtrl register write(w) val=0x%04x\n", val));
1463 /* mask unwriteable bits */
1464 uint32_t mask = 0x4cff;
1466 if (1 || !rtl8139_config_writeable(s))
1468 /* Speed setting and autonegotiation enable bits are read-only */
1470 /* Duplex mode setting is read-only */
1474 val = SET_MASKED(val, mask, s->BasicModeCtrl);
1476 s->BasicModeCtrl = val;
1479 static uint32_t rtl8139_BasicModeCtrl_read(RTL8139State *s)
1481 uint32_t ret = s->BasicModeCtrl;
1483 DEBUG_PRINT(("RTL8139: BasicModeCtrl register read(w) val=0x%04x\n", ret));
1488 static void rtl8139_BasicModeStatus_write(RTL8139State *s, uint32_t val)
1492 DEBUG_PRINT(("RTL8139: BasicModeStatus register write(w) val=0x%04x\n", val));
1494 /* mask unwriteable bits */
1495 val = SET_MASKED(val, 0xff3f, s->BasicModeStatus);
1497 s->BasicModeStatus = val;
1500 static uint32_t rtl8139_BasicModeStatus_read(RTL8139State *s)
1502 uint32_t ret = s->BasicModeStatus;
1504 DEBUG_PRINT(("RTL8139: BasicModeStatus register read(w) val=0x%04x\n", ret));
1509 static void rtl8139_Cfg9346_write(RTL8139State *s, uint32_t val)
1513 DEBUG_PRINT(("RTL8139: Cfg9346 write val=0x%02x\n", val));
1515 /* mask unwriteable bits */
1516 val = SET_MASKED(val, 0x31, s->Cfg9346);
1518 uint32_t opmode = val & 0xc0;
1519 uint32_t eeprom_val = val & 0xf;
1521 if (opmode == 0x80) {
1523 int eecs = (eeprom_val & 0x08)?1:0;
1524 int eesk = (eeprom_val & 0x04)?1:0;
1525 int eedi = (eeprom_val & 0x02)?1:0;
1526 prom9346_set_wire(s, eecs, eesk, eedi);
1527 } else if (opmode == 0x40) {
1530 rtl8139_reset(&s->dev.qdev);
1536 static uint32_t rtl8139_Cfg9346_read(RTL8139State *s)
1538 uint32_t ret = s->Cfg9346;
1540 uint32_t opmode = ret & 0xc0;
1545 int eedo = prom9346_get_wire(s);
1556 DEBUG_PRINT(("RTL8139: Cfg9346 read val=0x%02x\n", ret));
1561 static void rtl8139_Config0_write(RTL8139State *s, uint32_t val)
1565 DEBUG_PRINT(("RTL8139: Config0 write val=0x%02x\n", val));
1567 if (!rtl8139_config_writeable(s))
1570 /* mask unwriteable bits */
1571 val = SET_MASKED(val, 0xf8, s->Config0);
1576 static uint32_t rtl8139_Config0_read(RTL8139State *s)
1578 uint32_t ret = s->Config0;
1580 DEBUG_PRINT(("RTL8139: Config0 read val=0x%02x\n", ret));
1585 static void rtl8139_Config1_write(RTL8139State *s, uint32_t val)
1589 DEBUG_PRINT(("RTL8139: Config1 write val=0x%02x\n", val));
1591 if (!rtl8139_config_writeable(s))
1594 /* mask unwriteable bits */
1595 val = SET_MASKED(val, 0xC, s->Config1);
1600 static uint32_t rtl8139_Config1_read(RTL8139State *s)
1602 uint32_t ret = s->Config1;
1604 DEBUG_PRINT(("RTL8139: Config1 read val=0x%02x\n", ret));
1609 static void rtl8139_Config3_write(RTL8139State *s, uint32_t val)
1613 DEBUG_PRINT(("RTL8139: Config3 write val=0x%02x\n", val));
1615 if (!rtl8139_config_writeable(s))
1618 /* mask unwriteable bits */
1619 val = SET_MASKED(val, 0x8F, s->Config3);
1624 static uint32_t rtl8139_Config3_read(RTL8139State *s)
1626 uint32_t ret = s->Config3;
1628 DEBUG_PRINT(("RTL8139: Config3 read val=0x%02x\n", ret));
1633 static void rtl8139_Config4_write(RTL8139State *s, uint32_t val)
1637 DEBUG_PRINT(("RTL8139: Config4 write val=0x%02x\n", val));
1639 if (!rtl8139_config_writeable(s))
1642 /* mask unwriteable bits */
1643 val = SET_MASKED(val, 0x0a, s->Config4);
1648 static uint32_t rtl8139_Config4_read(RTL8139State *s)
1650 uint32_t ret = s->Config4;
1652 DEBUG_PRINT(("RTL8139: Config4 read val=0x%02x\n", ret));
1657 static void rtl8139_Config5_write(RTL8139State *s, uint32_t val)
1661 DEBUG_PRINT(("RTL8139: Config5 write val=0x%02x\n", val));
1663 /* mask unwriteable bits */
1664 val = SET_MASKED(val, 0x80, s->Config5);
1669 static uint32_t rtl8139_Config5_read(RTL8139State *s)
1671 uint32_t ret = s->Config5;
1673 DEBUG_PRINT(("RTL8139: Config5 read val=0x%02x\n", ret));
1678 static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
1680 if (!rtl8139_transmitter_enabled(s))
1682 DEBUG_PRINT(("RTL8139: transmitter disabled; no TxConfig write val=0x%08x\n", val));
1686 DEBUG_PRINT(("RTL8139: TxConfig write val=0x%08x\n", val));
1688 val = SET_MASKED(val, TxVersionMask | 0x8070f80f, s->TxConfig);
1693 static void rtl8139_TxConfig_writeb(RTL8139State *s, uint32_t val)
1695 DEBUG_PRINT(("RTL8139C TxConfig via write(b) val=0x%02x\n", val));
1697 uint32_t tc = s->TxConfig;
1699 tc |= (val & 0x000000FF);
1700 rtl8139_TxConfig_write(s, tc);
1703 static uint32_t rtl8139_TxConfig_read(RTL8139State *s)
1705 uint32_t ret = s->TxConfig;
1707 DEBUG_PRINT(("RTL8139: TxConfig read val=0x%04x\n", ret));
1712 static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
1714 DEBUG_PRINT(("RTL8139: RxConfig write val=0x%08x\n", val));
1716 /* mask unwriteable bits */
1717 val = SET_MASKED(val, 0xf0fc0040, s->RxConfig);
1721 /* reset buffer size and read/write pointers */
1722 rtl8139_reset_rxring(s, 8192 << ((s->RxConfig >> 11) & 0x3));
1724 DEBUG_PRINT(("RTL8139: RxConfig write reset buffer size to %d\n", s->RxBufferSize));
1727 static uint32_t rtl8139_RxConfig_read(RTL8139State *s)
1729 uint32_t ret = s->RxConfig;
1731 DEBUG_PRINT(("RTL8139: RxConfig read val=0x%08x\n", ret));
1736 static void rtl8139_transfer_frame(RTL8139State *s, const uint8_t *buf, int size, int do_interrupt)
1740 DEBUG_PRINT(("RTL8139: +++ empty ethernet frame\n"));
1744 if (TxLoopBack == (s->TxConfig & TxLoopBack))
1746 DEBUG_PRINT(("RTL8139: +++ transmit loopback mode\n"));
1747 rtl8139_do_receive(&s->nic->nc, buf, size, do_interrupt);
1751 qemu_send_packet(&s->nic->nc, buf, size);
1755 static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
1757 if (!rtl8139_transmitter_enabled(s))
1759 DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: transmitter disabled\n",
1764 if (s->TxStatus[descriptor] & TxHostOwns)
1766 DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: owned by host (%08x)\n",
1767 descriptor, s->TxStatus[descriptor]));
1771 DEBUG_PRINT(("RTL8139: +++ transmitting from descriptor %d\n", descriptor));
1773 int txsize = s->TxStatus[descriptor] & 0x1fff;
1774 uint8_t txbuffer[0x2000];
1776 DEBUG_PRINT(("RTL8139: +++ transmit reading %d bytes from host memory at 0x%08x\n",
1777 txsize, s->TxAddr[descriptor]));
1779 cpu_physical_memory_read(s->TxAddr[descriptor], txbuffer, txsize);
1781 /* Mark descriptor as transferred */
1782 s->TxStatus[descriptor] |= TxHostOwns;
1783 s->TxStatus[descriptor] |= TxStatOK;
1785 rtl8139_transfer_frame(s, txbuffer, txsize, 0);
1787 DEBUG_PRINT(("RTL8139: +++ transmitted %d bytes from descriptor %d\n", txsize, descriptor));
1789 /* update interrupt */
1790 s->IntrStatus |= TxOK;
1791 rtl8139_update_irq(s);
1796 /* structures and macros for task offloading */
1797 typedef struct ip_header
1799 uint8_t ip_ver_len; /* version and header length */
1800 uint8_t ip_tos; /* type of service */
1801 uint16_t ip_len; /* total length */
1802 uint16_t ip_id; /* identification */
1803 uint16_t ip_off; /* fragment offset field */
1804 uint8_t ip_ttl; /* time to live */
1805 uint8_t ip_p; /* protocol */
1806 uint16_t ip_sum; /* checksum */
1807 uint32_t ip_src,ip_dst; /* source and dest address */
1810 #define IP_HEADER_VERSION_4 4
1811 #define IP_HEADER_VERSION(ip) ((ip->ip_ver_len >> 4)&0xf)
1812 #define IP_HEADER_LENGTH(ip) (((ip->ip_ver_len)&0xf) << 2)
1814 typedef struct tcp_header
1816 uint16_t th_sport; /* source port */
1817 uint16_t th_dport; /* destination port */
1818 uint32_t th_seq; /* sequence number */
1819 uint32_t th_ack; /* acknowledgement number */
1820 uint16_t th_offset_flags; /* data offset, reserved 6 bits, TCP protocol flags */
1821 uint16_t th_win; /* window */
1822 uint16_t th_sum; /* checksum */
1823 uint16_t th_urp; /* urgent pointer */
1826 typedef struct udp_header
1828 uint16_t uh_sport; /* source port */
1829 uint16_t uh_dport; /* destination port */
1830 uint16_t uh_ulen; /* udp length */
1831 uint16_t uh_sum; /* udp checksum */
1834 typedef struct ip_pseudo_header
1840 uint16_t ip_payload;
1843 #define IP_PROTO_TCP 6
1844 #define IP_PROTO_UDP 17
1846 #define TCP_HEADER_DATA_OFFSET(tcp) (((be16_to_cpu(tcp->th_offset_flags) >> 12)&0xf) << 2)
1847 #define TCP_FLAGS_ONLY(flags) ((flags)&0x3f)
1848 #define TCP_HEADER_FLAGS(tcp) TCP_FLAGS_ONLY(be16_to_cpu(tcp->th_offset_flags))
1850 #define TCP_HEADER_CLEAR_FLAGS(tcp, off) ((tcp)->th_offset_flags &= cpu_to_be16(~TCP_FLAGS_ONLY(off)))
1852 #define TCP_FLAG_FIN 0x01
1853 #define TCP_FLAG_PUSH 0x08
1855 /* produces ones' complement sum of data */
1856 static uint16_t ones_complement_sum(uint8_t *data, size_t len)
1858 uint32_t result = 0;
1860 for (; len > 1; data+=2, len-=2)
1862 result += *(uint16_t*)data;
1865 /* add the remainder byte */
1868 uint8_t odd[2] = {*data, 0};
1869 result += *(uint16_t*)odd;
1873 result = (result & 0xffff) + (result >> 16);
1878 static uint16_t ip_checksum(void *data, size_t len)
1880 return ~ones_complement_sum((uint8_t*)data, len);
1883 static int rtl8139_cplus_transmit_one(RTL8139State *s)
1885 if (!rtl8139_transmitter_enabled(s))
1887 DEBUG_PRINT(("RTL8139: +++ C+ mode: transmitter disabled\n"));
1891 if (!rtl8139_cp_transmitter_enabled(s))
1893 DEBUG_PRINT(("RTL8139: +++ C+ mode: C+ transmitter disabled\n"));
1897 int descriptor = s->currCPlusTxDesc;
1899 target_phys_addr_t cplus_tx_ring_desc =
1900 rtl8139_addr64(s->TxAddr[0], s->TxAddr[1]);
1902 /* Normal priority ring */
1903 cplus_tx_ring_desc += 16 * descriptor;
1905 DEBUG_PRINT(("RTL8139: +++ C+ mode reading TX descriptor %d from host memory at %08x0x%08x = 0x%8lx\n",
1906 descriptor, s->TxAddr[1], s->TxAddr[0], cplus_tx_ring_desc));
1908 uint32_t val, txdw0,txdw1,txbufLO,txbufHI;
1910 cpu_physical_memory_read(cplus_tx_ring_desc, (uint8_t *)&val, 4);
1911 txdw0 = le32_to_cpu(val);
1912 /* TODO: implement VLAN tagging support, VLAN tag data is read to txdw1 */
1913 cpu_physical_memory_read(cplus_tx_ring_desc+4, (uint8_t *)&val, 4);
1914 txdw1 = le32_to_cpu(val);
1915 cpu_physical_memory_read(cplus_tx_ring_desc+8, (uint8_t *)&val, 4);
1916 txbufLO = le32_to_cpu(val);
1917 cpu_physical_memory_read(cplus_tx_ring_desc+12, (uint8_t *)&val, 4);
1918 txbufHI = le32_to_cpu(val);
1920 DEBUG_PRINT(("RTL8139: +++ C+ mode TX descriptor %d %08x %08x %08x %08x\n",
1922 txdw0, txdw1, txbufLO, txbufHI));
1924 /* TODO: the following discard cast should clean clang analyzer output */
1927 /* w0 ownership flag */
1928 #define CP_TX_OWN (1<<31)
1929 /* w0 end of ring flag */
1930 #define CP_TX_EOR (1<<30)
1931 /* first segment of received packet flag */
1932 #define CP_TX_FS (1<<29)
1933 /* last segment of received packet flag */
1934 #define CP_TX_LS (1<<28)
1935 /* large send packet flag */
1936 #define CP_TX_LGSEN (1<<27)
1937 /* large send MSS mask, bits 16...25 */
1938 #define CP_TC_LGSEN_MSS_MASK ((1 << 12) - 1)
1940 /* IP checksum offload flag */
1941 #define CP_TX_IPCS (1<<18)
1942 /* UDP checksum offload flag */
1943 #define CP_TX_UDPCS (1<<17)
1944 /* TCP checksum offload flag */
1945 #define CP_TX_TCPCS (1<<16)
1947 /* w0 bits 0...15 : buffer size */
1948 #define CP_TX_BUFFER_SIZE (1<<16)
1949 #define CP_TX_BUFFER_SIZE_MASK (CP_TX_BUFFER_SIZE - 1)
1950 /* w1 tag available flag */
1951 #define CP_RX_TAGC (1<<17)
1952 /* w1 bits 0...15 : VLAN tag */
1953 #define CP_TX_VLAN_TAG_MASK ((1<<16) - 1)
1954 /* w2 low 32bit of Rx buffer ptr */
1955 /* w3 high 32bit of Rx buffer ptr */
1957 /* set after transmission */
1958 /* FIFO underrun flag */
1959 #define CP_TX_STATUS_UNF (1<<25)
1960 /* transmit error summary flag, valid if set any of three below */
1961 #define CP_TX_STATUS_TES (1<<23)
1962 /* out-of-window collision flag */
1963 #define CP_TX_STATUS_OWC (1<<22)
1964 /* link failure flag */
1965 #define CP_TX_STATUS_LNKF (1<<21)
1966 /* excessive collisions flag */
1967 #define CP_TX_STATUS_EXC (1<<20)
1969 if (!(txdw0 & CP_TX_OWN))
1971 DEBUG_PRINT(("RTL8139: C+ Tx mode : descriptor %d is owned by host\n", descriptor));
1975 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : transmitting from descriptor %d\n", descriptor));
1977 if (txdw0 & CP_TX_FS)
1979 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is first segment descriptor\n", descriptor));
1981 /* reset internal buffer offset */
1982 s->cplus_txbuffer_offset = 0;
1985 int txsize = txdw0 & CP_TX_BUFFER_SIZE_MASK;
1986 target_phys_addr_t tx_addr = rtl8139_addr64(txbufLO, txbufHI);
1988 /* make sure we have enough space to assemble the packet */
1989 if (!s->cplus_txbuffer)
1991 s->cplus_txbuffer_len = CP_TX_BUFFER_SIZE;
1992 s->cplus_txbuffer = qemu_malloc(s->cplus_txbuffer_len);
1993 s->cplus_txbuffer_offset = 0;
1995 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len));
1998 while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
2000 s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
2001 s->cplus_txbuffer = qemu_realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
2003 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len));
2006 if (!s->cplus_txbuffer)
2010 DEBUG_PRINT(("RTL8139: +++ C+ mode transmiter failed to reallocate %d bytes\n", s->cplus_txbuffer_len));
2012 /* update tally counter */
2013 ++s->tally_counters.TxERR;
2014 ++s->tally_counters.TxAbt;
2019 /* append more data to the packet */
2021 DEBUG_PRINT(("RTL8139: +++ C+ mode transmit reading %d bytes from host memory at %016" PRIx64 " to offset %d\n",
2022 txsize, (uint64_t)tx_addr, s->cplus_txbuffer_offset));
2024 cpu_physical_memory_read(tx_addr, s->cplus_txbuffer + s->cplus_txbuffer_offset, txsize);
2025 s->cplus_txbuffer_offset += txsize;
2027 /* seek to next Rx descriptor */
2028 if (txdw0 & CP_TX_EOR)
2030 s->currCPlusTxDesc = 0;
2034 ++s->currCPlusTxDesc;
2035 if (s->currCPlusTxDesc >= 64)
2036 s->currCPlusTxDesc = 0;
2039 /* transfer ownership to target */
2040 txdw0 &= ~CP_RX_OWN;
2042 /* reset error indicator bits */
2043 txdw0 &= ~CP_TX_STATUS_UNF;
2044 txdw0 &= ~CP_TX_STATUS_TES;
2045 txdw0 &= ~CP_TX_STATUS_OWC;
2046 txdw0 &= ~CP_TX_STATUS_LNKF;
2047 txdw0 &= ~CP_TX_STATUS_EXC;
2049 /* update ring data */
2050 val = cpu_to_le32(txdw0);
2051 cpu_physical_memory_write(cplus_tx_ring_desc, (uint8_t *)&val, 4);
2052 /* TODO: implement VLAN tagging support, VLAN tag data is read to txdw1 */
2053 // val = cpu_to_le32(txdw1);
2054 // cpu_physical_memory_write(cplus_tx_ring_desc+4, &val, 4);
2056 /* Now decide if descriptor being processed is holding the last segment of packet */
2057 if (txdw0 & CP_TX_LS)
2059 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is last segment descriptor\n", descriptor));
2061 /* can transfer fully assembled packet */
2063 uint8_t *saved_buffer = s->cplus_txbuffer;
2064 int saved_size = s->cplus_txbuffer_offset;
2065 int saved_buffer_len = s->cplus_txbuffer_len;
2067 /* reset the card space to protect from recursive call */
2068 s->cplus_txbuffer = NULL;
2069 s->cplus_txbuffer_offset = 0;
2070 s->cplus_txbuffer_len = 0;
2072 if (txdw0 & (CP_TX_IPCS | CP_TX_UDPCS | CP_TX_TCPCS | CP_TX_LGSEN))
2074 DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task checksum\n"));
2076 #define ETH_P_IP 0x0800 /* Internet Protocol packet */
2078 #define ETH_MTU 1500
2080 /* ip packet header */
2081 ip_header *ip = NULL;
2083 uint8_t ip_protocol = 0;
2084 uint16_t ip_data_len = 0;
2086 uint8_t *eth_payload_data = NULL;
2087 size_t eth_payload_len = 0;
2089 int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
2090 if (proto == ETH_P_IP)
2092 DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
2095 eth_payload_data = saved_buffer + ETH_HLEN;
2096 eth_payload_len = saved_size - ETH_HLEN;
2098 ip = (ip_header*)eth_payload_data;
2100 if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
2101 DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version %d expected %d\n", IP_HEADER_VERSION(ip), IP_HEADER_VERSION_4));
2104 hlen = IP_HEADER_LENGTH(ip);
2105 ip_protocol = ip->ip_p;
2106 ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
2112 if (txdw0 & CP_TX_IPCS)
2114 DEBUG_PRINT(("RTL8139: +++ C+ mode need IP checksum\n"));
2116 if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
2117 /* bad packet header len */
2118 /* or packet too short */
2123 ip->ip_sum = ip_checksum(ip, hlen);
2124 DEBUG_PRINT(("RTL8139: +++ C+ mode IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
2128 if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
2130 #if defined (DEBUG_RTL8139)
2131 int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
2133 DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task TSO MTU=%d IP data %d frame data %d specified MSS=%d\n",
2134 ETH_MTU, ip_data_len, saved_size - ETH_HLEN, large_send_mss));
2136 int tcp_send_offset = 0;
2139 /* maximum IP header length is 60 bytes */
2140 uint8_t saved_ip_header[60];
2142 /* save IP header template; data area is used in tcp checksum calculation */
2143 memcpy(saved_ip_header, eth_payload_data, hlen);
2145 /* a placeholder for checksum calculation routine in tcp case */
2146 uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
2147 // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
2149 /* pointer to TCP header */
2150 tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
2152 int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
2154 /* ETH_MTU = ip header len + tcp header len + payload */
2155 int tcp_data_len = ip_data_len - tcp_hlen;
2156 int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
2158 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP data len %d TCP hlen %d TCP data len %d TCP chunk size %d\n",
2159 ip_data_len, tcp_hlen, tcp_data_len, tcp_chunk_size));
2161 /* note the cycle below overwrites IP header data,
2162 but restores it from saved_ip_header before sending packet */
2164 int is_last_frame = 0;
2166 for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
2168 uint16_t chunk_size = tcp_chunk_size;
2170 /* check if this is the last frame */
2171 if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
2174 chunk_size = tcp_data_len - tcp_send_offset;
2177 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP seqno %08x\n", be32_to_cpu(p_tcp_hdr->th_seq)));
2179 /* add 4 TCP pseudoheader fields */
2180 /* copy IP source and destination fields */
2181 memcpy(data_to_checksum, saved_ip_header + 12, 8);
2183 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO calculating TCP checksum for packet with %d bytes data\n", tcp_hlen + chunk_size));
2185 if (tcp_send_offset)
2187 memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
2190 /* keep PUSH and FIN flags only for the last frame */
2193 TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
2196 /* recalculate TCP checksum */
2197 ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
2198 p_tcpip_hdr->zeros = 0;
2199 p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
2200 p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
2202 p_tcp_hdr->th_sum = 0;
2204 int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
2205 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP checksum %04x\n", tcp_checksum));
2207 p_tcp_hdr->th_sum = tcp_checksum;
2209 /* restore IP header */
2210 memcpy(eth_payload_data, saved_ip_header, hlen);
2212 /* set IP data length and recalculate IP checksum */
2213 ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
2215 /* increment IP id for subsequent frames */
2216 ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
2219 ip->ip_sum = ip_checksum(eth_payload_data, hlen);
2220 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
2222 int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
2223 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO transferring packet size %d\n", tso_send_size));
2224 rtl8139_transfer_frame(s, saved_buffer, tso_send_size, 0);
2226 /* add transferred count to TCP sequence number */
2227 p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
2231 /* Stop sending this frame */
2234 else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
2236 DEBUG_PRINT(("RTL8139: +++ C+ mode need TCP or UDP checksum\n"));
2238 /* maximum IP header length is 60 bytes */
2239 uint8_t saved_ip_header[60];
2240 memcpy(saved_ip_header, eth_payload_data, hlen);
2242 uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
2243 // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
2245 /* add 4 TCP pseudoheader fields */
2246 /* copy IP source and destination fields */
2247 memcpy(data_to_checksum, saved_ip_header + 12, 8);
2249 if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
2251 DEBUG_PRINT(("RTL8139: +++ C+ mode calculating TCP checksum for packet with %d bytes data\n", ip_data_len));
2253 ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
2254 p_tcpip_hdr->zeros = 0;
2255 p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
2256 p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
2258 tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
2260 p_tcp_hdr->th_sum = 0;
2262 int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
2263 DEBUG_PRINT(("RTL8139: +++ C+ mode TCP checksum %04x\n", tcp_checksum));
2265 p_tcp_hdr->th_sum = tcp_checksum;
2267 else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
2269 DEBUG_PRINT(("RTL8139: +++ C+ mode calculating UDP checksum for packet with %d bytes data\n", ip_data_len));
2271 ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
2272 p_udpip_hdr->zeros = 0;
2273 p_udpip_hdr->ip_proto = IP_PROTO_UDP;
2274 p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
2276 udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
2278 p_udp_hdr->uh_sum = 0;
2280 int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
2281 DEBUG_PRINT(("RTL8139: +++ C+ mode UDP checksum %04x\n", udp_checksum));
2283 p_udp_hdr->uh_sum = udp_checksum;
2286 /* restore IP header */
2287 memcpy(eth_payload_data, saved_ip_header, hlen);
2292 /* update tally counter */
2293 ++s->tally_counters.TxOk;
2295 DEBUG_PRINT(("RTL8139: +++ C+ mode transmitting %d bytes packet\n", saved_size));
2297 rtl8139_transfer_frame(s, saved_buffer, saved_size, 1);
2299 /* restore card space if there was no recursion and reset offset */
2300 if (!s->cplus_txbuffer)
2302 s->cplus_txbuffer = saved_buffer;
2303 s->cplus_txbuffer_len = saved_buffer_len;
2304 s->cplus_txbuffer_offset = 0;
2308 qemu_free(saved_buffer);
2313 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission continue to next descriptor\n"));
2319 static void rtl8139_cplus_transmit(RTL8139State *s)
2323 while (rtl8139_cplus_transmit_one(s))
2328 /* Mark transfer completed */
2331 DEBUG_PRINT(("RTL8139: C+ mode : transmitter queue stalled, current TxDesc = %d\n",
2332 s->currCPlusTxDesc));
2336 /* update interrupt status */
2337 s->IntrStatus |= TxOK;
2338 rtl8139_update_irq(s);
2342 static void rtl8139_transmit(RTL8139State *s)
2344 int descriptor = s->currTxDesc, txcount = 0;
2347 if (rtl8139_transmit_one(s, descriptor))
2354 /* Mark transfer completed */
2357 DEBUG_PRINT(("RTL8139: transmitter queue stalled, current TxDesc = %d\n", s->currTxDesc));
2361 static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32_t val)
2364 int descriptor = txRegOffset/4;
2366 /* handle C+ transmit mode register configuration */
2368 if (s->cplus_enabled)
2370 DEBUG_PRINT(("RTL8139C+ DTCCR write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
2372 /* handle Dump Tally Counters command */
2373 s->TxStatus[descriptor] = val;
2375 if (descriptor == 0 && (val & 0x8))
2377 target_phys_addr_t tc_addr = rtl8139_addr64(s->TxStatus[0] & ~0x3f, s->TxStatus[1]);
2379 /* dump tally counters to specified memory location */
2380 RTL8139TallyCounters_physical_memory_write( tc_addr, &s->tally_counters);
2382 /* mark dump completed */
2383 s->TxStatus[0] &= ~0x8;
2389 DEBUG_PRINT(("RTL8139: TxStatus write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
2391 /* mask only reserved bits */
2392 val &= ~0xff00c000; /* these bits are reset on write */
2393 val = SET_MASKED(val, 0x00c00000, s->TxStatus[descriptor]);
2395 s->TxStatus[descriptor] = val;
2397 /* attempt to start transmission */
2398 rtl8139_transmit(s);
2401 static uint32_t rtl8139_TxStatus_read(RTL8139State *s, uint32_t txRegOffset)
2403 uint32_t ret = s->TxStatus[txRegOffset/4];
2405 DEBUG_PRINT(("RTL8139: TxStatus read offset=0x%x val=0x%08x\n", txRegOffset, ret));
2410 static uint16_t rtl8139_TSAD_read(RTL8139State *s)
2414 /* Simulate TSAD, it is read only anyway */
2416 ret = ((s->TxStatus[3] & TxStatOK )?TSAD_TOK3:0)
2417 |((s->TxStatus[2] & TxStatOK )?TSAD_TOK2:0)
2418 |((s->TxStatus[1] & TxStatOK )?TSAD_TOK1:0)
2419 |((s->TxStatus[0] & TxStatOK )?TSAD_TOK0:0)
2421 |((s->TxStatus[3] & TxUnderrun)?TSAD_TUN3:0)
2422 |((s->TxStatus[2] & TxUnderrun)?TSAD_TUN2:0)
2423 |((s->TxStatus[1] & TxUnderrun)?TSAD_TUN1:0)
2424 |((s->TxStatus[0] & TxUnderrun)?TSAD_TUN0:0)
2426 |((s->TxStatus[3] & TxAborted )?TSAD_TABT3:0)
2427 |((s->TxStatus[2] & TxAborted )?TSAD_TABT2:0)
2428 |((s->TxStatus[1] & TxAborted )?TSAD_TABT1:0)
2429 |((s->TxStatus[0] & TxAborted )?TSAD_TABT0:0)
2431 |((s->TxStatus[3] & TxHostOwns )?TSAD_OWN3:0)
2432 |((s->TxStatus[2] & TxHostOwns )?TSAD_OWN2:0)
2433 |((s->TxStatus[1] & TxHostOwns )?TSAD_OWN1:0)
2434 |((s->TxStatus[0] & TxHostOwns )?TSAD_OWN0:0) ;
2437 DEBUG_PRINT(("RTL8139: TSAD read val=0x%04x\n", ret));
2442 static uint16_t rtl8139_CSCR_read(RTL8139State *s)
2444 uint16_t ret = s->CSCR;
2446 DEBUG_PRINT(("RTL8139: CSCR read val=0x%04x\n", ret));
2451 static void rtl8139_TxAddr_write(RTL8139State *s, uint32_t txAddrOffset, uint32_t val)
2453 DEBUG_PRINT(("RTL8139: TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val));
2455 s->TxAddr[txAddrOffset/4] = val;
2458 static uint32_t rtl8139_TxAddr_read(RTL8139State *s, uint32_t txAddrOffset)
2460 uint32_t ret = s->TxAddr[txAddrOffset/4];
2462 DEBUG_PRINT(("RTL8139: TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret));
2467 static void rtl8139_RxBufPtr_write(RTL8139State *s, uint32_t val)
2469 DEBUG_PRINT(("RTL8139: RxBufPtr write val=0x%04x\n", val));
2471 /* this value is off by 16 */
2472 s->RxBufPtr = MOD2(val + 0x10, s->RxBufferSize);
2474 DEBUG_PRINT((" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
2475 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
2478 static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
2480 /* this value is off by 16 */
2481 uint32_t ret = s->RxBufPtr - 0x10;
2483 DEBUG_PRINT(("RTL8139: RxBufPtr read val=0x%04x\n", ret));
2488 static uint32_t rtl8139_RxBufAddr_read(RTL8139State *s)
2490 /* this value is NOT off by 16 */
2491 uint32_t ret = s->RxBufAddr;
2493 DEBUG_PRINT(("RTL8139: RxBufAddr read val=0x%04x\n", ret));
2498 static void rtl8139_RxBuf_write(RTL8139State *s, uint32_t val)
2500 DEBUG_PRINT(("RTL8139: RxBuf write val=0x%08x\n", val));
2504 /* may need to reset rxring here */
2507 static uint32_t rtl8139_RxBuf_read(RTL8139State *s)
2509 uint32_t ret = s->RxBuf;
2511 DEBUG_PRINT(("RTL8139: RxBuf read val=0x%08x\n", ret));
2516 static void rtl8139_IntrMask_write(RTL8139State *s, uint32_t val)
2518 DEBUG_PRINT(("RTL8139: IntrMask write(w) val=0x%04x\n", val));
2520 /* mask unwriteable bits */
2521 val = SET_MASKED(val, 0x1e00, s->IntrMask);
2525 rtl8139_update_irq(s);
2528 static uint32_t rtl8139_IntrMask_read(RTL8139State *s)
2530 uint32_t ret = s->IntrMask;
2532 DEBUG_PRINT(("RTL8139: IntrMask read(w) val=0x%04x\n", ret));
2537 static void rtl8139_IntrStatus_write(RTL8139State *s, uint32_t val)
2539 DEBUG_PRINT(("RTL8139: IntrStatus write(w) val=0x%04x\n", val));
2543 /* writing to ISR has no effect */
2548 uint16_t newStatus = s->IntrStatus & ~val;
2550 /* mask unwriteable bits */
2551 newStatus = SET_MASKED(newStatus, 0x1e00, s->IntrStatus);
2553 /* writing 1 to interrupt status register bit clears it */
2555 rtl8139_update_irq(s);
2557 s->IntrStatus = newStatus;
2558 rtl8139_update_irq(s);
2562 static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
2564 uint32_t ret = s->IntrStatus;
2566 DEBUG_PRINT(("RTL8139: IntrStatus read(w) val=0x%04x\n", ret));
2570 /* reading ISR clears all interrupts */
2573 rtl8139_update_irq(s);
2580 static void rtl8139_MultiIntr_write(RTL8139State *s, uint32_t val)
2582 DEBUG_PRINT(("RTL8139: MultiIntr write(w) val=0x%04x\n", val));
2584 /* mask unwriteable bits */
2585 val = SET_MASKED(val, 0xf000, s->MultiIntr);
2590 static uint32_t rtl8139_MultiIntr_read(RTL8139State *s)
2592 uint32_t ret = s->MultiIntr;
2594 DEBUG_PRINT(("RTL8139: MultiIntr read(w) val=0x%04x\n", ret));
2599 static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
2601 RTL8139State *s = opaque;
2607 case MAC0 ... MAC0+5:
2608 s->phys[addr - MAC0] = val;
2610 case MAC0+6 ... MAC0+7:
2613 case MAR0 ... MAR0+7:
2614 s->mult[addr - MAR0] = val;
2617 rtl8139_ChipCmd_write(s, val);
2620 rtl8139_Cfg9346_write(s, val);
2622 case TxConfig: /* windows driver sometimes writes using byte-lenth call */
2623 rtl8139_TxConfig_writeb(s, val);
2626 rtl8139_Config0_write(s, val);
2629 rtl8139_Config1_write(s, val);
2632 rtl8139_Config3_write(s, val);
2635 rtl8139_Config4_write(s, val);
2638 rtl8139_Config5_write(s, val);
2642 DEBUG_PRINT(("RTL8139: not implemented write(b) to MediaStatus val=0x%02x\n", val));
2646 DEBUG_PRINT(("RTL8139: HltClk write val=0x%08x\n", val));
2649 s->clock_enabled = 1;
2651 else if (val == 'H')
2653 s->clock_enabled = 0;
2658 DEBUG_PRINT(("RTL8139C+ TxThresh write(b) val=0x%02x\n", val));
2663 DEBUG_PRINT(("RTL8139C+ TxPoll write(b) val=0x%02x\n", val));
2666 DEBUG_PRINT(("RTL8139C+ TxPoll high priority transmission (not implemented)\n"));
2667 //rtl8139_cplus_transmit(s);
2671 DEBUG_PRINT(("RTL8139C+ TxPoll normal priority transmission\n"));
2672 rtl8139_cplus_transmit(s);
2678 DEBUG_PRINT(("RTL8139: not implemented write(b) addr=0x%x val=0x%02x\n", addr, val));
2683 static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
2685 RTL8139State *s = opaque;
2692 rtl8139_IntrMask_write(s, val);
2696 rtl8139_IntrStatus_write(s, val);
2700 rtl8139_MultiIntr_write(s, val);
2704 rtl8139_RxBufPtr_write(s, val);
2708 rtl8139_BasicModeCtrl_write(s, val);
2710 case BasicModeStatus:
2711 rtl8139_BasicModeStatus_write(s, val);
2714 DEBUG_PRINT(("RTL8139: NWayAdvert write(w) val=0x%04x\n", val));
2715 s->NWayAdvert = val;
2718 DEBUG_PRINT(("RTL8139: forbidden NWayLPAR write(w) val=0x%04x\n", val));
2721 DEBUG_PRINT(("RTL8139: NWayExpansion write(w) val=0x%04x\n", val));
2722 s->NWayExpansion = val;
2726 rtl8139_CpCmd_write(s, val);
2730 rtl8139_IntrMitigate_write(s, val);
2734 DEBUG_PRINT(("RTL8139: ioport write(w) addr=0x%x val=0x%04x via write(b)\n", addr, val));
2736 rtl8139_io_writeb(opaque, addr, val & 0xff);
2737 rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
2742 static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
2744 RTL8139State *s = opaque;
2751 DEBUG_PRINT(("RTL8139: RxMissed clearing on write\n"));
2756 rtl8139_TxConfig_write(s, val);
2760 rtl8139_RxConfig_write(s, val);
2763 case TxStatus0 ... TxStatus0+4*4-1:
2764 rtl8139_TxStatus_write(s, addr-TxStatus0, val);
2767 case TxAddr0 ... TxAddr0+4*4-1:
2768 rtl8139_TxAddr_write(s, addr-TxAddr0, val);
2772 rtl8139_RxBuf_write(s, val);
2776 DEBUG_PRINT(("RTL8139: C+ RxRing low bits write val=0x%08x\n", val));
2777 s->RxRingAddrLO = val;
2781 DEBUG_PRINT(("RTL8139: C+ RxRing high bits write val=0x%08x\n", val));
2782 s->RxRingAddrHI = val;
2786 DEBUG_PRINT(("RTL8139: TCTR Timer reset on write\n"));
2788 s->TCTR_base = qemu_get_clock(vm_clock);
2792 DEBUG_PRINT(("RTL8139: FlashReg TimerInt write val=0x%08x\n", val));
2797 DEBUG_PRINT(("RTL8139: ioport write(l) addr=0x%x val=0x%08x via write(b)\n", addr, val));
2798 rtl8139_io_writeb(opaque, addr, val & 0xff);
2799 rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
2800 rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff);
2801 rtl8139_io_writeb(opaque, addr + 3, (val >> 24) & 0xff);
2806 static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
2808 RTL8139State *s = opaque;
2815 case MAC0 ... MAC0+5:
2816 ret = s->phys[addr - MAC0];
2818 case MAC0+6 ... MAC0+7:
2821 case MAR0 ... MAR0+7:
2822 ret = s->mult[addr - MAR0];
2825 ret = rtl8139_ChipCmd_read(s);
2828 ret = rtl8139_Cfg9346_read(s);
2831 ret = rtl8139_Config0_read(s);
2834 ret = rtl8139_Config1_read(s);
2837 ret = rtl8139_Config3_read(s);
2840 ret = rtl8139_Config4_read(s);
2843 ret = rtl8139_Config5_read(s);
2848 DEBUG_PRINT(("RTL8139: MediaStatus read 0x%x\n", ret));
2852 ret = s->clock_enabled;
2853 DEBUG_PRINT(("RTL8139: HltClk read 0x%x\n", ret));
2857 ret = RTL8139_PCI_REVID;
2858 DEBUG_PRINT(("RTL8139: PCI Revision ID read 0x%x\n", ret));
2863 DEBUG_PRINT(("RTL8139C+ TxThresh read(b) val=0x%02x\n", ret));
2866 case 0x43: /* Part of TxConfig register. Windows driver tries to read it */
2867 ret = s->TxConfig >> 24;
2868 DEBUG_PRINT(("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret));
2872 DEBUG_PRINT(("RTL8139: not implemented read(b) addr=0x%x\n", addr));
2880 static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
2882 RTL8139State *s = opaque;
2885 addr &= 0xfe; /* mask lower bit */
2890 ret = rtl8139_IntrMask_read(s);
2894 ret = rtl8139_IntrStatus_read(s);
2898 ret = rtl8139_MultiIntr_read(s);
2902 ret = rtl8139_RxBufPtr_read(s);
2906 ret = rtl8139_RxBufAddr_read(s);
2910 ret = rtl8139_BasicModeCtrl_read(s);
2912 case BasicModeStatus:
2913 ret = rtl8139_BasicModeStatus_read(s);
2916 ret = s->NWayAdvert;
2917 DEBUG_PRINT(("RTL8139: NWayAdvert read(w) val=0x%04x\n", ret));
2921 DEBUG_PRINT(("RTL8139: NWayLPAR read(w) val=0x%04x\n", ret));
2924 ret = s->NWayExpansion;
2925 DEBUG_PRINT(("RTL8139: NWayExpansion read(w) val=0x%04x\n", ret));
2929 ret = rtl8139_CpCmd_read(s);
2933 ret = rtl8139_IntrMitigate_read(s);
2937 ret = rtl8139_TSAD_read(s);
2941 ret = rtl8139_CSCR_read(s);
2945 DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x via read(b)\n", addr));
2947 ret = rtl8139_io_readb(opaque, addr);
2948 ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
2950 DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x val=0x%04x\n", addr, ret));
2957 static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
2959 RTL8139State *s = opaque;
2962 addr &= 0xfc; /* also mask low 2 bits */
2969 DEBUG_PRINT(("RTL8139: RxMissed read val=0x%08x\n", ret));
2973 ret = rtl8139_TxConfig_read(s);
2977 ret = rtl8139_RxConfig_read(s);
2980 case TxStatus0 ... TxStatus0+4*4-1:
2981 ret = rtl8139_TxStatus_read(s, addr-TxStatus0);
2984 case TxAddr0 ... TxAddr0+4*4-1:
2985 ret = rtl8139_TxAddr_read(s, addr-TxAddr0);
2989 ret = rtl8139_RxBuf_read(s);
2993 ret = s->RxRingAddrLO;
2994 DEBUG_PRINT(("RTL8139: C+ RxRing low bits read val=0x%08x\n", ret));
2998 ret = s->RxRingAddrHI;
2999 DEBUG_PRINT(("RTL8139: C+ RxRing high bits read val=0x%08x\n", ret));
3004 DEBUG_PRINT(("RTL8139: TCTR Timer read val=0x%08x\n", ret));
3009 DEBUG_PRINT(("RTL8139: FlashReg TimerInt read val=0x%08x\n", ret));
3013 DEBUG_PRINT(("RTL8139: ioport read(l) addr=0x%x via read(b)\n", addr));
3015 ret = rtl8139_io_readb(opaque, addr);
3016 ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
3017 ret |= rtl8139_io_readb(opaque, addr + 2) << 16;
3018 ret |= rtl8139_io_readb(opaque, addr + 3) << 24;
3020 DEBUG_PRINT(("RTL8139: read(l) addr=0x%x val=%08x\n", addr, ret));
3029 static void rtl8139_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
3031 rtl8139_io_writeb(opaque, addr & 0xFF, val);
3034 static void rtl8139_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
3036 rtl8139_io_writew(opaque, addr & 0xFF, val);
3039 static void rtl8139_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
3041 rtl8139_io_writel(opaque, addr & 0xFF, val);
3044 static uint32_t rtl8139_ioport_readb(void *opaque, uint32_t addr)
3046 return rtl8139_io_readb(opaque, addr & 0xFF);
3049 static uint32_t rtl8139_ioport_readw(void *opaque, uint32_t addr)
3051 return rtl8139_io_readw(opaque, addr & 0xFF);
3054 static uint32_t rtl8139_ioport_readl(void *opaque, uint32_t addr)
3056 return rtl8139_io_readl(opaque, addr & 0xFF);
3061 static void rtl8139_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3063 rtl8139_io_writeb(opaque, addr & 0xFF, val);
3066 static void rtl8139_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3068 #ifdef TARGET_WORDS_BIGENDIAN
3071 rtl8139_io_writew(opaque, addr & 0xFF, val);
3074 static void rtl8139_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3076 #ifdef TARGET_WORDS_BIGENDIAN
3079 rtl8139_io_writel(opaque, addr & 0xFF, val);
3082 static uint32_t rtl8139_mmio_readb(void *opaque, target_phys_addr_t addr)
3084 return rtl8139_io_readb(opaque, addr & 0xFF);
3087 static uint32_t rtl8139_mmio_readw(void *opaque, target_phys_addr_t addr)
3089 uint32_t val = rtl8139_io_readw(opaque, addr & 0xFF);
3090 #ifdef TARGET_WORDS_BIGENDIAN
3096 static uint32_t rtl8139_mmio_readl(void *opaque, target_phys_addr_t addr)
3098 uint32_t val = rtl8139_io_readl(opaque, addr & 0xFF);
3099 #ifdef TARGET_WORDS_BIGENDIAN
3105 static int rtl8139_post_load(void *opaque, int version_id)
3107 RTL8139State* s = opaque;
3108 if (version_id < 4) {
3109 s->cplus_enabled = s->CpCmd != 0;
3115 static const VMStateDescription vmstate_rtl8139 = {
3118 .minimum_version_id = 3,
3119 .minimum_version_id_old = 3,
3120 .post_load = rtl8139_post_load,
3121 .fields = (VMStateField []) {
3122 VMSTATE_PCI_DEVICE(dev, RTL8139State),
3123 VMSTATE_PARTIAL_BUFFER(phys, RTL8139State, 6),
3124 VMSTATE_BUFFER(mult, RTL8139State),
3125 VMSTATE_UINT32_ARRAY(TxStatus, RTL8139State, 4),
3126 VMSTATE_UINT32_ARRAY(TxAddr, RTL8139State, 4),
3128 VMSTATE_UINT32(RxBuf, RTL8139State),
3129 VMSTATE_UINT32(RxBufferSize, RTL8139State),
3130 VMSTATE_UINT32(RxBufPtr, RTL8139State),
3131 VMSTATE_UINT32(RxBufAddr, RTL8139State),
3133 VMSTATE_UINT16(IntrStatus, RTL8139State),
3134 VMSTATE_UINT16(IntrMask, RTL8139State),
3136 VMSTATE_UINT32(TxConfig, RTL8139State),
3137 VMSTATE_UINT32(RxConfig, RTL8139State),
3138 VMSTATE_UINT32(RxMissed, RTL8139State),
3139 VMSTATE_UINT16(CSCR, RTL8139State),
3141 VMSTATE_UINT8(Cfg9346, RTL8139State),
3142 VMSTATE_UINT8(Config0, RTL8139State),
3143 VMSTATE_UINT8(Config1, RTL8139State),
3144 VMSTATE_UINT8(Config3, RTL8139State),
3145 VMSTATE_UINT8(Config4, RTL8139State),
3146 VMSTATE_UINT8(Config5, RTL8139State),
3148 VMSTATE_UINT8(clock_enabled, RTL8139State),
3149 VMSTATE_UINT8(bChipCmdState, RTL8139State),
3151 VMSTATE_UINT16(MultiIntr, RTL8139State),
3153 VMSTATE_UINT16(BasicModeCtrl, RTL8139State),
3154 VMSTATE_UINT16(BasicModeStatus, RTL8139State),
3155 VMSTATE_UINT16(NWayAdvert, RTL8139State),
3156 VMSTATE_UINT16(NWayLPAR, RTL8139State),
3157 VMSTATE_UINT16(NWayExpansion, RTL8139State),
3159 VMSTATE_UINT16(CpCmd, RTL8139State),
3160 VMSTATE_UINT8(TxThresh, RTL8139State),
3163 VMSTATE_MACADDR(conf.macaddr, RTL8139State),
3164 VMSTATE_INT32(rtl8139_mmio_io_addr, RTL8139State),
3166 VMSTATE_UINT32(currTxDesc, RTL8139State),
3167 VMSTATE_UINT32(currCPlusRxDesc, RTL8139State),
3168 VMSTATE_UINT32(currCPlusTxDesc, RTL8139State),
3169 VMSTATE_UINT32(RxRingAddrLO, RTL8139State),
3170 VMSTATE_UINT32(RxRingAddrHI, RTL8139State),
3172 VMSTATE_UINT16_ARRAY(eeprom.contents, RTL8139State, EEPROM_9346_SIZE),
3173 VMSTATE_INT32(eeprom.mode, RTL8139State),
3174 VMSTATE_UINT32(eeprom.tick, RTL8139State),
3175 VMSTATE_UINT8(eeprom.address, RTL8139State),
3176 VMSTATE_UINT16(eeprom.input, RTL8139State),
3177 VMSTATE_UINT16(eeprom.output, RTL8139State),
3179 VMSTATE_UINT8(eeprom.eecs, RTL8139State),
3180 VMSTATE_UINT8(eeprom.eesk, RTL8139State),
3181 VMSTATE_UINT8(eeprom.eedi, RTL8139State),
3182 VMSTATE_UINT8(eeprom.eedo, RTL8139State),
3184 VMSTATE_UINT32(TCTR, RTL8139State),
3185 VMSTATE_UINT32(TimerInt, RTL8139State),
3186 VMSTATE_INT64(TCTR_base, RTL8139State),
3188 VMSTATE_STRUCT(tally_counters, RTL8139State, 0,
3189 vmstate_tally_counters, RTL8139TallyCounters),
3191 VMSTATE_UINT32_V(cplus_enabled, RTL8139State, 4),
3192 VMSTATE_END_OF_LIST()
3196 /***********************************************************/
3197 /* PCI RTL8139 definitions */
3199 static void rtl8139_mmio_map(PCIDevice *pci_dev, int region_num,
3200 pcibus_t addr, pcibus_t size, int type)
3202 RTL8139State *s = DO_UPCAST(RTL8139State, dev, pci_dev);
3204 cpu_register_physical_memory(addr + 0, 0x100, s->rtl8139_mmio_io_addr);
3207 static void rtl8139_ioport_map(PCIDevice *pci_dev, int region_num,
3208 pcibus_t addr, pcibus_t size, int type)
3210 RTL8139State *s = DO_UPCAST(RTL8139State, dev, pci_dev);
3212 register_ioport_write(addr, 0x100, 1, rtl8139_ioport_writeb, s);
3213 register_ioport_read( addr, 0x100, 1, rtl8139_ioport_readb, s);
3215 register_ioport_write(addr, 0x100, 2, rtl8139_ioport_writew, s);
3216 register_ioport_read( addr, 0x100, 2, rtl8139_ioport_readw, s);
3218 register_ioport_write(addr, 0x100, 4, rtl8139_ioport_writel, s);
3219 register_ioport_read( addr, 0x100, 4, rtl8139_ioport_readl, s);
3222 static CPUReadMemoryFunc * const rtl8139_mmio_read[3] = {
3228 static CPUWriteMemoryFunc * const rtl8139_mmio_write[3] = {
3229 rtl8139_mmio_writeb,
3230 rtl8139_mmio_writew,
3231 rtl8139_mmio_writel,
3234 static inline int64_t rtl8139_get_next_tctr_time(RTL8139State *s, int64_t current_time)
3236 int64_t next_time = current_time +
3237 muldiv64(1, get_ticks_per_sec(), PCI_FREQUENCY);
3238 if (next_time <= current_time)
3239 next_time = current_time + 1;
3243 #ifdef RTL8139_ONBOARD_TIMER
3244 static void rtl8139_timer(void *opaque)
3246 RTL8139State *s = opaque;
3253 if (!s->clock_enabled)
3255 DEBUG_PRINT(("RTL8139: >>> timer: clock is not running\n"));
3259 curr_time = qemu_get_clock(vm_clock);
3261 curr_tick = muldiv64(curr_time - s->TCTR_base, PCI_FREQUENCY,
3262 get_ticks_per_sec());
3264 if (s->TimerInt && curr_tick >= s->TimerInt)
3266 if (s->TCTR < s->TimerInt || curr_tick < s->TCTR)
3272 s->TCTR = curr_tick;
3274 // DEBUG_PRINT(("RTL8139: >>> timer: tick=%08u\n", s->TCTR));
3278 DEBUG_PRINT(("RTL8139: >>> timer: timeout tick=%08u\n", s->TCTR));
3279 s->IntrStatus |= PCSTimeout;
3280 rtl8139_update_irq(s);
3283 qemu_mod_timer(s->timer,
3284 rtl8139_get_next_tctr_time(s,curr_time));
3286 #endif /* RTL8139_ONBOARD_TIMER */
3288 static void rtl8139_cleanup(VLANClientState *nc)
3290 RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
3295 static int pci_rtl8139_uninit(PCIDevice *dev)
3297 RTL8139State *s = DO_UPCAST(RTL8139State, dev, dev);
3299 cpu_unregister_io_memory(s->rtl8139_mmio_io_addr);
3300 if (s->cplus_txbuffer) {
3301 qemu_free(s->cplus_txbuffer);
3302 s->cplus_txbuffer = NULL;
3304 #ifdef RTL8139_ONBOARD_TIMER
3305 qemu_del_timer(s->timer);
3306 qemu_free_timer(s->timer);
3308 qemu_del_vlan_client(&s->nic->nc);
3312 static NetClientInfo net_rtl8139_info = {
3313 .type = NET_CLIENT_TYPE_NIC,
3314 .size = sizeof(NICState),
3315 .can_receive = rtl8139_can_receive,
3316 .receive = rtl8139_receive,
3317 .cleanup = rtl8139_cleanup,
3320 static int pci_rtl8139_init(PCIDevice *dev)
3322 RTL8139State * s = DO_UPCAST(RTL8139State, dev, dev);
3325 pci_conf = s->dev.config;
3326 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_REALTEK);
3327 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_REALTEK_8139);
3328 /* TODO: value should be 0 at RST#. */
3329 pci_conf[PCI_COMMAND] = PCI_COMMAND_IO | PCI_COMMAND_MASTER;
3330 pci_conf[PCI_REVISION_ID] = RTL8139_PCI_REVID; /* >=0x20 is for 8139C+ */
3331 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
3332 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL;
3333 /* TODO: value should be 0 at RST# */
3334 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin 0 */
3335 /* TODO: start of capability list, but no capability
3336 * list bit in status register, and offset 0xdc seems unused. */
3337 pci_conf[PCI_CAPABILITY_LIST] = 0xdc;
3339 /* I/O handler for memory-mapped I/O */
3340 s->rtl8139_mmio_io_addr =
3341 cpu_register_io_memory(rtl8139_mmio_read, rtl8139_mmio_write, s);
3343 pci_register_bar(&s->dev, 0, 0x100,
3344 PCI_BASE_ADDRESS_SPACE_IO, rtl8139_ioport_map);
3346 pci_register_bar(&s->dev, 1, 0x100,
3347 PCI_BASE_ADDRESS_SPACE_MEMORY, rtl8139_mmio_map);
3349 qemu_macaddr_default_if_unset(&s->conf.macaddr);
3351 s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
3352 dev->qdev.info->name, dev->qdev.id, s);
3353 qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
3355 s->cplus_txbuffer = NULL;
3356 s->cplus_txbuffer_len = 0;
3357 s->cplus_txbuffer_offset = 0;
3359 #ifdef RTL8139_ONBOARD_TIMER
3360 s->timer = qemu_new_timer(vm_clock, rtl8139_timer, s);
3362 qemu_mod_timer(s->timer,
3363 rtl8139_get_next_tctr_time(s,qemu_get_clock(vm_clock)));
3364 #endif /* RTL8139_ONBOARD_TIMER */
3368 static PCIDeviceInfo rtl8139_info = {
3369 .qdev.name = "rtl8139",
3370 .qdev.size = sizeof(RTL8139State),
3371 .qdev.reset = rtl8139_reset,
3372 .qdev.vmsd = &vmstate_rtl8139,
3373 .init = pci_rtl8139_init,
3374 .exit = pci_rtl8139_uninit,
3375 .romfile = "pxe-rtl8139.bin",
3376 .qdev.props = (Property[]) {
3377 DEFINE_NIC_PROPERTIES(RTL8139State, conf),
3378 DEFINE_PROP_END_OF_LIST(),
3382 static void rtl8139_register_devices(void)
3384 pci_qdev_register(&rtl8139_info);
3387 device_init(rtl8139_register_devices)
projects / qemu.git / blob