2 * QEMU RTL8139 emulation
4 * Copyright (c) 2006 Igor Kovalenko
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 * 2006-Jan-28 Mark Malakanov : TSAD and CSCR implementation (for Windows driver)
27 * 2006-Apr-28 Juergen Lock : EEPROM emulation changes for FreeBSD driver
28 * HW revision ID changes for FreeBSD driver
30 * 2006-Jul-01 Igor Kovalenko : Implemented loopback mode for FreeBSD driver
31 * Corrected packet transfer reassembly routine for 8139C+ mode
32 * Rearranged debugging print statements
33 * Implemented PCI timer interrupt (disabled by default)
34 * Implemented Tally Counters, increased VM load/save version
35 * Implemented IP/TCP/UDP checksum task offloading
37 * 2006-Jul-04 Igor Kovalenko : Implemented TCP segmentation offloading
38 * Fixed MTU=1500 for produced ethernet frames
40 * 2006-Jul-09 Igor Kovalenko : Fixed TCP header length calculation while processing
41 * segmentation offloading
42 * Removed slirp.h dependency
43 * Added rx/tx buffer reset when enabling rx/tx operation
48 #include "qemu-timer.h"
52 /* debug RTL8139 card */
53 //#define DEBUG_RTL8139 1
55 #define PCI_FREQUENCY 33000000L
57 /* debug RTL8139 card C+ mode only */
58 //#define DEBUG_RTL8139CP 1
60 /* Calculate CRCs properly on Rx packets */
61 #define RTL8139_CALCULATE_RXCRC 1
63 /* Uncomment to enable on-board timer interrupts */
64 //#define RTL8139_ONBOARD_TIMER 1
66 #if defined(RTL8139_CALCULATE_RXCRC)
71 #define SET_MASKED(input, mask, curr) \
72 ( ( (input) & ~(mask) ) | ( (curr) & (mask) ) )
74 /* arg % size for size which is a power of 2 */
75 #define MOD2(input, size) \
76 ( ( input ) & ( size - 1 ) )
78 #if defined (DEBUG_RTL8139)
79 # define DEBUG_PRINT(x) do { printf x ; } while (0)
81 # define DEBUG_PRINT(x)
84 /* Symbolic offsets to registers. */
85 enum RTL8139_registers {
86 MAC0 = 0, /* Ethernet hardware address. */
87 MAR0 = 8, /* Multicast filter. */
88 TxStatus0 = 0x10,/* Transmit status (Four 32bit registers). C mode only */
89 /* Dump Tally Conter control register(64bit). C+ mode only */
90 TxAddr0 = 0x20, /* Tx descriptors (also four 32bit). */
99 Timer = 0x48, /* A general-purpose counter. */
100 RxMissed = 0x4C, /* 24 bits valid, write clears. */
107 Config4 = 0x5A, /* absent on RTL-8139A */
110 PCIRevisionID = 0x5E,
111 TxSummary = 0x60, /* TSAD register. Transmit Status of All Descriptors*/
112 BasicModeCtrl = 0x62,
113 BasicModeStatus = 0x64,
116 NWayExpansion = 0x6A,
117 /* Undocumented registers, but required for proper operation. */
118 FIFOTMS = 0x70, /* FIFO Control and test. */
119 CSCR = 0x74, /* Chip Status and Configuration Register. */
121 PARA7c = 0x7c, /* Magic transceiver parameter register. */
122 Config5 = 0xD8, /* absent on RTL-8139A */
124 TxPoll = 0xD9, /* Tell chip to check Tx descriptors for work */
125 RxMaxSize = 0xDA, /* Max size of an Rx packet (8169 only) */
126 CpCmd = 0xE0, /* C+ Command register (C+ mode only) */
127 IntrMitigate = 0xE2, /* rx/tx interrupt mitigation control */
128 RxRingAddrLO = 0xE4, /* 64-bit start addr of Rx ring */
129 RxRingAddrHI = 0xE8, /* 64-bit start addr of Rx ring */
130 TxThresh = 0xEC, /* Early Tx threshold */
134 MultiIntrClear = 0xF000,
136 Config1Clear = (1<<7)|(1<<6)|(1<<3)|(1<<2)|(1<<1),
148 CPlusRxVLAN = 0x0040, /* enable receive VLAN detagging */
149 CPlusRxChkSum = 0x0020, /* enable receive checksum offloading */
154 /* Interrupt register bits, using my own meaningful names. */
155 enum IntrStatusBits {
166 RxAckBits = RxFIFOOver | RxOverflow | RxOK,
173 TxOutOfWindow = 0x20000000,
174 TxAborted = 0x40000000,
175 TxCarrierLost = 0x80000000,
178 RxMulticast = 0x8000,
180 RxBroadcast = 0x2000,
181 RxBadSymbol = 0x0020,
189 /* Bits in RxConfig. */
193 AcceptBroadcast = 0x08,
194 AcceptMulticast = 0x04,
196 AcceptAllPhys = 0x01,
199 /* Bits in TxConfig. */
200 enum tx_config_bits {
202 /* Interframe Gap Time. Only TxIFG96 doesn't violate IEEE 802.3 */
204 TxIFG84 = (0 << TxIFGShift), /* 8.4us / 840ns (10 / 100Mbps) */
205 TxIFG88 = (1 << TxIFGShift), /* 8.8us / 880ns (10 / 100Mbps) */
206 TxIFG92 = (2 << TxIFGShift), /* 9.2us / 920ns (10 / 100Mbps) */
207 TxIFG96 = (3 << TxIFGShift), /* 9.6us / 960ns (10 / 100Mbps) */
209 TxLoopBack = (1 << 18) | (1 << 17), /* enable loopback test mode */
210 TxCRC = (1 << 16), /* DISABLE appending CRC to end of Tx packets */
211 TxClearAbt = (1 << 0), /* Clear abort (WO) */
212 TxDMAShift = 8, /* DMA burst value (0-7) is shifted this many bits */
213 TxRetryShift = 4, /* TXRR value (0-15) is shifted this many bits */
215 TxVersionMask = 0x7C800000, /* mask out version bits 30-26, 23 */
219 /* Transmit Status of All Descriptors (TSAD) Register */
221 TSAD_TOK3 = 1<<15, // TOK bit of Descriptor 3
222 TSAD_TOK2 = 1<<14, // TOK bit of Descriptor 2
223 TSAD_TOK1 = 1<<13, // TOK bit of Descriptor 1
224 TSAD_TOK0 = 1<<12, // TOK bit of Descriptor 0
225 TSAD_TUN3 = 1<<11, // TUN bit of Descriptor 3
226 TSAD_TUN2 = 1<<10, // TUN bit of Descriptor 2
227 TSAD_TUN1 = 1<<9, // TUN bit of Descriptor 1
228 TSAD_TUN0 = 1<<8, // TUN bit of Descriptor 0
229 TSAD_TABT3 = 1<<07, // TABT bit of Descriptor 3
230 TSAD_TABT2 = 1<<06, // TABT bit of Descriptor 2
231 TSAD_TABT1 = 1<<05, // TABT bit of Descriptor 1
232 TSAD_TABT0 = 1<<04, // TABT bit of Descriptor 0
233 TSAD_OWN3 = 1<<03, // OWN bit of Descriptor 3
234 TSAD_OWN2 = 1<<02, // OWN bit of Descriptor 2
235 TSAD_OWN1 = 1<<01, // OWN bit of Descriptor 1
236 TSAD_OWN0 = 1<<00, // OWN bit of Descriptor 0
240 /* Bits in Config1 */
242 Cfg1_PM_Enable = 0x01,
243 Cfg1_VPD_Enable = 0x02,
246 LWAKE = 0x10, /* not on 8139, 8139A */
247 Cfg1_Driver_Load = 0x20,
250 SLEEP = (1 << 1), /* only on 8139, 8139A */
251 PWRDN = (1 << 0), /* only on 8139, 8139A */
254 /* Bits in Config3 */
256 Cfg3_FBtBEn = (1 << 0), /* 1 = Fast Back to Back */
257 Cfg3_FuncRegEn = (1 << 1), /* 1 = enable CardBus Function registers */
258 Cfg3_CLKRUN_En = (1 << 2), /* 1 = enable CLKRUN */
259 Cfg3_CardB_En = (1 << 3), /* 1 = enable CardBus registers */
260 Cfg3_LinkUp = (1 << 4), /* 1 = wake up on link up */
261 Cfg3_Magic = (1 << 5), /* 1 = wake up on Magic Packet (tm) */
262 Cfg3_PARM_En = (1 << 6), /* 0 = software can set twister parameters */
263 Cfg3_GNTSel = (1 << 7), /* 1 = delay 1 clock from PCI GNT signal */
266 /* Bits in Config4 */
268 LWPTN = (1 << 2), /* not on 8139, 8139A */
271 /* Bits in Config5 */
273 Cfg5_PME_STS = (1 << 0), /* 1 = PCI reset resets PME_Status */
274 Cfg5_LANWake = (1 << 1), /* 1 = enable LANWake signal */
275 Cfg5_LDPS = (1 << 2), /* 0 = save power when link is down */
276 Cfg5_FIFOAddrPtr = (1 << 3), /* Realtek internal SRAM testing */
277 Cfg5_UWF = (1 << 4), /* 1 = accept unicast wakeup frame */
278 Cfg5_MWF = (1 << 5), /* 1 = accept multicast wakeup frame */
279 Cfg5_BWF = (1 << 6), /* 1 = accept broadcast wakeup frame */
283 /* rx fifo threshold */
285 RxCfgFIFONone = (7 << RxCfgFIFOShift),
289 RxCfgDMAUnlimited = (7 << RxCfgDMAShift),
291 /* rx ring buffer length */
293 RxCfgRcv16K = (1 << 11),
294 RxCfgRcv32K = (1 << 12),
295 RxCfgRcv64K = (1 << 11) | (1 << 12),
297 /* Disable packet wrap at end of Rx buffer. (not possible with 64k) */
301 /* Twister tuning parameters from RealTek.
302 Completely undocumented, but required to tune bad links on some boards. */
305 CSCR_LinkOKBit = 0x0400,
306 CSCR_LinkChangeBit = 0x0800,
307 CSCR_LinkStatusBits = 0x0f000,
308 CSCR_LinkDownOffCmd = 0x003c0,
309 CSCR_LinkDownCmd = 0x0f3c0,
312 CSCR_Testfun = 1<<15, /* 1 = Auto-neg speeds up internal timer, WO, def 0 */
313 CSCR_LD = 1<<9, /* Active low TPI link disable signal. When low, TPI still transmits link pulses and TPI stays in good link state. def 1*/
314 CSCR_HEART_BIT = 1<<8, /* 1 = HEART BEAT enable, 0 = HEART BEAT disable. HEART BEAT function is only valid in 10Mbps mode. def 1*/
315 CSCR_JBEN = 1<<7, /* 1 = enable jabber function. 0 = disable jabber function, def 1*/
316 CSCR_F_LINK_100 = 1<<6, /* Used to login force good link in 100Mbps for diagnostic purposes. 1 = DISABLE, 0 = ENABLE. def 1*/
317 CSCR_F_Connect = 1<<5, /* Assertion of this bit forces the disconnect function to be bypassed. def 0*/
318 CSCR_Con_status = 1<<3, /* This bit indicates the status of the connection. 1 = valid connected link detected; 0 = disconnected link detected. RO def 0*/
319 CSCR_Con_status_En = 1<<2, /* Assertion of this bit configures LED1 pin to indicate connection status. def 0*/
320 CSCR_PASS_SCR = 1<<0, /* Bypass Scramble, def 0*/
325 Cfg9346_Unlock = 0xC0,
342 HasHltClk = (1 << 0),
346 #define HW_REVID(b30, b29, b28, b27, b26, b23, b22) \
347 (b30<<30 | b29<<29 | b28<<28 | b27<<27 | b26<<26 | b23<<23 | b22<<22)
348 #define HW_REVID_MASK HW_REVID(1, 1, 1, 1, 1, 1, 1)
350 #define RTL8139_PCI_REVID_8139 0x10
351 #define RTL8139_PCI_REVID_8139CPLUS 0x20
353 #define RTL8139_PCI_REVID RTL8139_PCI_REVID_8139CPLUS
355 /* Size is 64 * 16bit words */
356 #define EEPROM_9346_ADDR_BITS 6
357 #define EEPROM_9346_SIZE (1 << EEPROM_9346_ADDR_BITS)
358 #define EEPROM_9346_ADDR_MASK (EEPROM_9346_SIZE - 1)
360 enum Chip9346Operation
362 Chip9346_op_mask = 0xc0, /* 10 zzzzzz */
363 Chip9346_op_read = 0x80, /* 10 AAAAAA */
364 Chip9346_op_write = 0x40, /* 01 AAAAAA D(15)..D(0) */
365 Chip9346_op_ext_mask = 0xf0, /* 11 zzzzzz */
366 Chip9346_op_write_enable = 0x30, /* 00 11zzzz */
367 Chip9346_op_write_all = 0x10, /* 00 01zzzz */
368 Chip9346_op_write_disable = 0x00, /* 00 00zzzz */
374 Chip9346_enter_command_mode,
375 Chip9346_read_command,
376 Chip9346_data_read, /* from output register */
377 Chip9346_data_write, /* to input register, then to contents at specified address */
378 Chip9346_data_write_all, /* to input register, then filling contents */
381 typedef struct EEprom9346
383 uint16_t contents[EEPROM_9346_SIZE];
396 typedef struct RTL8139TallyCounters
412 } RTL8139TallyCounters;
414 /* Clears all tally counters */
415 static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters);
417 /* Writes tally counters to specified physical memory address */
418 static void RTL8139TallyCounters_physical_memory_write(target_phys_addr_t tc_addr, RTL8139TallyCounters* counters);
420 typedef struct RTL8139State {
422 uint8_t phys[8]; /* mac address */
423 uint8_t mult[8]; /* multicast mask array */
425 uint32_t TxStatus[4]; /* TxStatus0 in C mode*/ /* also DTCCR[0] and DTCCR[1] in C+ mode */
426 uint32_t TxAddr[4]; /* TxAddr0 */
427 uint32_t RxBuf; /* Receive buffer */
428 uint32_t RxBufferSize;/* internal variable, receive ring buffer size in C mode */
448 uint8_t clock_enabled;
449 uint8_t bChipCmdState;
453 uint16_t BasicModeCtrl;
454 uint16_t BasicModeStatus;
457 uint16_t NWayExpansion;
464 int rtl8139_mmio_io_addr;
470 uint32_t cplus_enabled;
472 uint32_t currCPlusRxDesc;
473 uint32_t currCPlusTxDesc;
475 uint32_t RxRingAddrLO;
476 uint32_t RxRingAddrHI;
485 RTL8139TallyCounters tally_counters;
487 /* Non-persistent data */
488 uint8_t *cplus_txbuffer;
489 int cplus_txbuffer_len;
490 int cplus_txbuffer_offset;
492 /* PCI interrupt timer */
497 static void prom9346_decode_command(EEprom9346 *eeprom, uint8_t command)
499 DEBUG_PRINT(("RTL8139: eeprom command 0x%02x\n", command));
501 switch (command & Chip9346_op_mask)
503 case Chip9346_op_read:
505 eeprom->address = command & EEPROM_9346_ADDR_MASK;
506 eeprom->output = eeprom->contents[eeprom->address];
509 eeprom->mode = Chip9346_data_read;
510 DEBUG_PRINT(("RTL8139: eeprom read from address 0x%02x data=0x%04x\n",
511 eeprom->address, eeprom->output));
515 case Chip9346_op_write:
517 eeprom->address = command & EEPROM_9346_ADDR_MASK;
520 eeprom->mode = Chip9346_none; /* Chip9346_data_write */
521 DEBUG_PRINT(("RTL8139: eeprom begin write to address 0x%02x\n",
526 eeprom->mode = Chip9346_none;
527 switch (command & Chip9346_op_ext_mask)
529 case Chip9346_op_write_enable:
530 DEBUG_PRINT(("RTL8139: eeprom write enabled\n"));
532 case Chip9346_op_write_all:
533 DEBUG_PRINT(("RTL8139: eeprom begin write all\n"));
535 case Chip9346_op_write_disable:
536 DEBUG_PRINT(("RTL8139: eeprom write disabled\n"));
543 static void prom9346_shift_clock(EEprom9346 *eeprom)
545 int bit = eeprom->eedi?1:0;
549 DEBUG_PRINT(("eeprom: tick %d eedi=%d eedo=%d\n", eeprom->tick, eeprom->eedi, eeprom->eedo));
551 switch (eeprom->mode)
553 case Chip9346_enter_command_mode:
556 eeprom->mode = Chip9346_read_command;
559 DEBUG_PRINT(("eeprom: +++ synchronized, begin command read\n"));
563 case Chip9346_read_command:
564 eeprom->input = (eeprom->input << 1) | (bit & 1);
565 if (eeprom->tick == 8)
567 prom9346_decode_command(eeprom, eeprom->input & 0xff);
571 case Chip9346_data_read:
572 eeprom->eedo = (eeprom->output & 0x8000)?1:0;
573 eeprom->output <<= 1;
574 if (eeprom->tick == 16)
577 // the FreeBSD drivers (rl and re) don't explicitly toggle
578 // CS between reads (or does setting Cfg9346 to 0 count too?),
579 // so we need to enter wait-for-command state here
580 eeprom->mode = Chip9346_enter_command_mode;
584 DEBUG_PRINT(("eeprom: +++ end of read, awaiting next command\n"));
586 // original behaviour
588 eeprom->address &= EEPROM_9346_ADDR_MASK;
589 eeprom->output = eeprom->contents[eeprom->address];
592 DEBUG_PRINT(("eeprom: +++ read next address 0x%02x data=0x%04x\n",
593 eeprom->address, eeprom->output));
598 case Chip9346_data_write:
599 eeprom->input = (eeprom->input << 1) | (bit & 1);
600 if (eeprom->tick == 16)
602 DEBUG_PRINT(("RTL8139: eeprom write to address 0x%02x data=0x%04x\n",
603 eeprom->address, eeprom->input));
605 eeprom->contents[eeprom->address] = eeprom->input;
606 eeprom->mode = Chip9346_none; /* waiting for next command after CS cycle */
612 case Chip9346_data_write_all:
613 eeprom->input = (eeprom->input << 1) | (bit & 1);
614 if (eeprom->tick == 16)
617 for (i = 0; i < EEPROM_9346_SIZE; i++)
619 eeprom->contents[i] = eeprom->input;
621 DEBUG_PRINT(("RTL8139: eeprom filled with data=0x%04x\n",
624 eeprom->mode = Chip9346_enter_command_mode;
635 static int prom9346_get_wire(RTL8139State *s)
637 EEprom9346 *eeprom = &s->eeprom;
644 /* FIXME: This should be merged into/replaced by eeprom93xx.c. */
645 static void prom9346_set_wire(RTL8139State *s, int eecs, int eesk, int eedi)
647 EEprom9346 *eeprom = &s->eeprom;
648 uint8_t old_eecs = eeprom->eecs;
649 uint8_t old_eesk = eeprom->eesk;
655 DEBUG_PRINT(("eeprom: +++ wires CS=%d SK=%d DI=%d DO=%d\n",
656 eeprom->eecs, eeprom->eesk, eeprom->eedi, eeprom->eedo));
658 if (!old_eecs && eecs)
660 /* Synchronize start */
664 eeprom->mode = Chip9346_enter_command_mode;
666 DEBUG_PRINT(("=== eeprom: begin access, enter command mode\n"));
671 DEBUG_PRINT(("=== eeprom: end access\n"));
675 if (!old_eesk && eesk)
678 prom9346_shift_clock(eeprom);
682 static void rtl8139_update_irq(RTL8139State *s)
685 isr = (s->IntrStatus & s->IntrMask) & 0xffff;
687 DEBUG_PRINT(("RTL8139: Set IRQ to %d (%04x %04x)\n",
688 isr ? 1 : 0, s->IntrStatus, s->IntrMask));
690 qemu_set_irq(s->dev.irq[0], (isr != 0));
693 #define POLYNOMIAL 0x04c11db6
697 static int compute_mcast_idx(const uint8_t *ep)
704 for (i = 0; i < 6; i++) {
706 for (j = 0; j < 8; j++) {
707 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
711 crc = ((crc ^ POLYNOMIAL) | carry);
717 static int rtl8139_RxWrap(RTL8139State *s)
719 /* wrapping enabled; assume 1.5k more buffer space if size < 65536 */
720 return (s->RxConfig & (1 << 7));
723 static int rtl8139_receiver_enabled(RTL8139State *s)
725 return s->bChipCmdState & CmdRxEnb;
728 static int rtl8139_transmitter_enabled(RTL8139State *s)
730 return s->bChipCmdState & CmdTxEnb;
733 static int rtl8139_cp_receiver_enabled(RTL8139State *s)
735 return s->CpCmd & CPlusRxEnb;
738 static int rtl8139_cp_transmitter_enabled(RTL8139State *s)
740 return s->CpCmd & CPlusTxEnb;
743 static void rtl8139_write_buffer(RTL8139State *s, const void *buf, int size)
745 if (s->RxBufAddr + size > s->RxBufferSize)
747 int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize);
749 /* write packet data */
750 if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s)))
752 DEBUG_PRINT((">>> RTL8139: rx packet wrapped in buffer at %d\n", size-wrapped));
756 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr,
760 /* reset buffer pointer */
763 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr,
764 buf + (size-wrapped), wrapped );
766 s->RxBufAddr = wrapped;
772 /* non-wrapping path or overwrapping enabled */
773 cpu_physical_memory_write( s->RxBuf + s->RxBufAddr, buf, size );
775 s->RxBufAddr += size;
778 #define MIN_BUF_SIZE 60
779 static inline target_phys_addr_t rtl8139_addr64(uint32_t low, uint32_t high)
781 #if TARGET_PHYS_ADDR_BITS > 32
782 return low | ((target_phys_addr_t)high << 32);
788 static int rtl8139_can_receive(VLANClientState *vc)
790 RTL8139State *s = vc->opaque;
793 /* Receive (drop) packets if card is disabled. */
794 if (!s->clock_enabled)
796 if (!rtl8139_receiver_enabled(s))
799 if (rtl8139_cp_receiver_enabled(s)) {
800 /* ??? Flow control not implemented in c+ mode.
801 This is a hack to work around slirp deficiencies anyway. */
804 avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr,
806 return (avail == 0 || avail >= 1514);
810 static ssize_t rtl8139_do_receive(VLANClientState *vc, const uint8_t *buf, size_t size_, int do_interrupt)
812 RTL8139State *s = vc->opaque;
815 uint32_t packet_header = 0;
818 static const uint8_t broadcast_macaddr[6] =
819 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
821 DEBUG_PRINT((">>> RTL8139: received len=%d\n", size));
823 /* test if board clock is stopped */
824 if (!s->clock_enabled)
826 DEBUG_PRINT(("RTL8139: stopped ==========================\n"));
830 /* first check if receiver is enabled */
832 if (!rtl8139_receiver_enabled(s))
834 DEBUG_PRINT(("RTL8139: receiver disabled ================\n"));
838 /* XXX: check this */
839 if (s->RxConfig & AcceptAllPhys) {
840 /* promiscuous: receive all */
841 DEBUG_PRINT((">>> RTL8139: packet received in promiscuous mode\n"));
844 if (!memcmp(buf, broadcast_macaddr, 6)) {
845 /* broadcast address */
846 if (!(s->RxConfig & AcceptBroadcast))
848 DEBUG_PRINT((">>> RTL8139: broadcast packet rejected\n"));
850 /* update tally counter */
851 ++s->tally_counters.RxERR;
856 packet_header |= RxBroadcast;
858 DEBUG_PRINT((">>> RTL8139: broadcast packet received\n"));
860 /* update tally counter */
861 ++s->tally_counters.RxOkBrd;
863 } else if (buf[0] & 0x01) {
865 if (!(s->RxConfig & AcceptMulticast))
867 DEBUG_PRINT((">>> RTL8139: multicast packet rejected\n"));
869 /* update tally counter */
870 ++s->tally_counters.RxERR;
875 int mcast_idx = compute_mcast_idx(buf);
877 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
879 DEBUG_PRINT((">>> RTL8139: multicast address mismatch\n"));
881 /* update tally counter */
882 ++s->tally_counters.RxERR;
887 packet_header |= RxMulticast;
889 DEBUG_PRINT((">>> RTL8139: multicast packet received\n"));
891 /* update tally counter */
892 ++s->tally_counters.RxOkMul;
894 } else if (s->phys[0] == buf[0] &&
895 s->phys[1] == buf[1] &&
896 s->phys[2] == buf[2] &&
897 s->phys[3] == buf[3] &&
898 s->phys[4] == buf[4] &&
899 s->phys[5] == buf[5]) {
901 if (!(s->RxConfig & AcceptMyPhys))
903 DEBUG_PRINT((">>> RTL8139: rejecting physical address matching packet\n"));
905 /* update tally counter */
906 ++s->tally_counters.RxERR;
911 packet_header |= RxPhysical;
913 DEBUG_PRINT((">>> RTL8139: physical address matching packet received\n"));
915 /* update tally counter */
916 ++s->tally_counters.RxOkPhy;
920 DEBUG_PRINT((">>> RTL8139: unknown packet\n"));
922 /* update tally counter */
923 ++s->tally_counters.RxERR;
929 /* if too small buffer, then expand it */
930 if (size < MIN_BUF_SIZE) {
931 memcpy(buf1, buf, size);
932 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
937 if (rtl8139_cp_receiver_enabled(s))
939 DEBUG_PRINT(("RTL8139: in C+ Rx mode ================\n"));
941 /* begin C+ receiver mode */
943 /* w0 ownership flag */
944 #define CP_RX_OWN (1<<31)
945 /* w0 end of ring flag */
946 #define CP_RX_EOR (1<<30)
947 /* w0 bits 0...12 : buffer size */
948 #define CP_RX_BUFFER_SIZE_MASK ((1<<13) - 1)
949 /* w1 tag available flag */
950 #define CP_RX_TAVA (1<<16)
951 /* w1 bits 0...15 : VLAN tag */
952 #define CP_RX_VLAN_TAG_MASK ((1<<16) - 1)
953 /* w2 low 32bit of Rx buffer ptr */
954 /* w3 high 32bit of Rx buffer ptr */
956 int descriptor = s->currCPlusRxDesc;
957 target_phys_addr_t cplus_rx_ring_desc;
959 cplus_rx_ring_desc = rtl8139_addr64(s->RxRingAddrLO, s->RxRingAddrHI);
960 cplus_rx_ring_desc += 16 * descriptor;
962 DEBUG_PRINT(("RTL8139: +++ C+ mode reading RX descriptor %d from host memory at %08x %08x = %016" PRIx64 "\n",
963 descriptor, s->RxRingAddrHI, s->RxRingAddrLO, (uint64_t)cplus_rx_ring_desc));
965 uint32_t val, rxdw0,rxdw1,rxbufLO,rxbufHI;
967 cpu_physical_memory_read(cplus_rx_ring_desc, (uint8_t *)&val, 4);
968 rxdw0 = le32_to_cpu(val);
969 cpu_physical_memory_read(cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
970 rxdw1 = le32_to_cpu(val);
971 cpu_physical_memory_read(cplus_rx_ring_desc+8, (uint8_t *)&val, 4);
972 rxbufLO = le32_to_cpu(val);
973 cpu_physical_memory_read(cplus_rx_ring_desc+12, (uint8_t *)&val, 4);
974 rxbufHI = le32_to_cpu(val);
976 DEBUG_PRINT(("RTL8139: +++ C+ mode RX descriptor %d %08x %08x %08x %08x\n",
978 rxdw0, rxdw1, rxbufLO, rxbufHI));
980 if (!(rxdw0 & CP_RX_OWN))
982 DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d is owned by host\n", descriptor));
984 s->IntrStatus |= RxOverflow;
987 /* update tally counter */
988 ++s->tally_counters.RxERR;
989 ++s->tally_counters.MissPkt;
991 rtl8139_update_irq(s);
995 uint32_t rx_space = rxdw0 & CP_RX_BUFFER_SIZE_MASK;
997 /* TODO: scatter the packet over available receive ring descriptors space */
999 if (size+4 > rx_space)
1001 DEBUG_PRINT(("RTL8139: C+ Rx mode : descriptor %d size %d received %d + 4\n",
1002 descriptor, rx_space, size));
1004 s->IntrStatus |= RxOverflow;
1007 /* update tally counter */
1008 ++s->tally_counters.RxERR;
1009 ++s->tally_counters.MissPkt;
1011 rtl8139_update_irq(s);
1015 target_phys_addr_t rx_addr = rtl8139_addr64(rxbufLO, rxbufHI);
1017 /* receive/copy to target memory */
1018 cpu_physical_memory_write( rx_addr, buf, size );
1020 if (s->CpCmd & CPlusRxChkSum)
1022 /* do some packet checksumming */
1025 /* write checksum */
1026 #if defined (RTL8139_CALCULATE_RXCRC)
1027 val = cpu_to_le32(crc32(0, buf, size));
1031 cpu_physical_memory_write( rx_addr+size, (uint8_t *)&val, 4);
1033 /* first segment of received packet flag */
1034 #define CP_RX_STATUS_FS (1<<29)
1035 /* last segment of received packet flag */
1036 #define CP_RX_STATUS_LS (1<<28)
1037 /* multicast packet flag */
1038 #define CP_RX_STATUS_MAR (1<<26)
1039 /* physical-matching packet flag */
1040 #define CP_RX_STATUS_PAM (1<<25)
1041 /* broadcast packet flag */
1042 #define CP_RX_STATUS_BAR (1<<24)
1043 /* runt packet flag */
1044 #define CP_RX_STATUS_RUNT (1<<19)
1045 /* crc error flag */
1046 #define CP_RX_STATUS_CRC (1<<18)
1047 /* IP checksum error flag */
1048 #define CP_RX_STATUS_IPF (1<<15)
1049 /* UDP checksum error flag */
1050 #define CP_RX_STATUS_UDPF (1<<14)
1051 /* TCP checksum error flag */
1052 #define CP_RX_STATUS_TCPF (1<<13)
1054 /* transfer ownership to target */
1055 rxdw0 &= ~CP_RX_OWN;
1057 /* set first segment bit */
1058 rxdw0 |= CP_RX_STATUS_FS;
1060 /* set last segment bit */
1061 rxdw0 |= CP_RX_STATUS_LS;
1063 /* set received packet type flags */
1064 if (packet_header & RxBroadcast)
1065 rxdw0 |= CP_RX_STATUS_BAR;
1066 if (packet_header & RxMulticast)
1067 rxdw0 |= CP_RX_STATUS_MAR;
1068 if (packet_header & RxPhysical)
1069 rxdw0 |= CP_RX_STATUS_PAM;
1071 /* set received size */
1072 rxdw0 &= ~CP_RX_BUFFER_SIZE_MASK;
1075 /* reset VLAN tag flag */
1076 rxdw1 &= ~CP_RX_TAVA;
1078 /* update ring data */
1079 val = cpu_to_le32(rxdw0);
1080 cpu_physical_memory_write(cplus_rx_ring_desc, (uint8_t *)&val, 4);
1081 val = cpu_to_le32(rxdw1);
1082 cpu_physical_memory_write(cplus_rx_ring_desc+4, (uint8_t *)&val, 4);
1084 /* update tally counter */
1085 ++s->tally_counters.RxOk;
1087 /* seek to next Rx descriptor */
1088 if (rxdw0 & CP_RX_EOR)
1090 s->currCPlusRxDesc = 0;
1094 ++s->currCPlusRxDesc;
1097 DEBUG_PRINT(("RTL8139: done C+ Rx mode ----------------\n"));
1102 DEBUG_PRINT(("RTL8139: in ring Rx mode ================\n"));
1104 /* begin ring receiver mode */
1105 int avail = MOD2(s->RxBufferSize + s->RxBufPtr - s->RxBufAddr, s->RxBufferSize);
1107 /* if receiver buffer is empty then avail == 0 */
1109 if (avail != 0 && size + 8 >= avail)
1111 DEBUG_PRINT(("rx overflow: rx buffer length %d head 0x%04x read 0x%04x === available 0x%04x need 0x%04x\n",
1112 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8));
1114 s->IntrStatus |= RxOverflow;
1116 rtl8139_update_irq(s);
1120 packet_header |= RxStatusOK;
1122 packet_header |= (((size+4) << 16) & 0xffff0000);
1125 uint32_t val = cpu_to_le32(packet_header);
1127 rtl8139_write_buffer(s, (uint8_t *)&val, 4);
1129 rtl8139_write_buffer(s, buf, size);
1131 /* write checksum */
1132 #if defined (RTL8139_CALCULATE_RXCRC)
1133 val = cpu_to_le32(crc32(0, buf, size));
1138 rtl8139_write_buffer(s, (uint8_t *)&val, 4);
1140 /* correct buffer write pointer */
1141 s->RxBufAddr = MOD2((s->RxBufAddr + 3) & ~0x3, s->RxBufferSize);
1143 /* now we can signal we have received something */
1145 DEBUG_PRINT((" received: rx buffer length %d head 0x%04x read 0x%04x\n",
1146 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
1149 s->IntrStatus |= RxOK;
1153 rtl8139_update_irq(s);
1159 static ssize_t rtl8139_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
1161 return rtl8139_do_receive(vc, buf, size, 1);
1164 static void rtl8139_reset_rxring(RTL8139State *s, uint32_t bufferSize)
1166 s->RxBufferSize = bufferSize;
1171 static void rtl8139_reset(DeviceState *d)
1173 RTL8139State *s = container_of(d, RTL8139State, dev.qdev);
1176 /* restore MAC address */
1177 memcpy(s->phys, s->conf.macaddr.a, 6);
1179 /* reset interrupt mask */
1183 rtl8139_update_irq(s);
1185 /* prepare eeprom */
1186 s->eeprom.contents[0] = 0x8129;
1188 // PCI vendor and device ID should be mirrored here
1189 s->eeprom.contents[1] = PCI_VENDOR_ID_REALTEK;
1190 s->eeprom.contents[2] = PCI_DEVICE_ID_REALTEK_8139;
1193 s->eeprom.contents[7] = s->conf.macaddr.a[0] | s->conf.macaddr.a[1] << 8;
1194 s->eeprom.contents[8] = s->conf.macaddr.a[2] | s->conf.macaddr.a[3] << 8;
1195 s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
1197 /* mark all status registers as owned by host */
1198 for (i = 0; i < 4; ++i)
1200 s->TxStatus[i] = TxHostOwns;
1204 s->currCPlusRxDesc = 0;
1205 s->currCPlusTxDesc = 0;
1207 s->RxRingAddrLO = 0;
1208 s->RxRingAddrHI = 0;
1212 rtl8139_reset_rxring(s, 8192);
1218 // s->TxConfig |= HW_REVID(1, 0, 0, 0, 0, 0, 0); // RTL-8139 HasHltClk
1219 s->clock_enabled = 0;
1221 s->TxConfig |= HW_REVID(1, 1, 1, 0, 1, 1, 0); // RTL-8139C+ HasLWake
1222 s->clock_enabled = 1;
1225 s->bChipCmdState = CmdReset; /* RxBufEmpty bit is calculated on read from ChipCmd */;
1227 /* set initial state data */
1228 s->Config0 = 0x0; /* No boot ROM */
1229 s->Config1 = 0xC; /* IO mapped and MEM mapped registers available */
1230 s->Config3 = 0x1; /* fast back-to-back compatible */
1233 s->CSCR = CSCR_F_LINK_100 | CSCR_HEART_BIT | CSCR_LD;
1235 s->CpCmd = 0x0; /* reset C+ mode */
1236 s->cplus_enabled = 0;
1239 // s->BasicModeCtrl = 0x3100; // 100Mbps, full duplex, autonegotiation
1240 // s->BasicModeCtrl = 0x2100; // 100Mbps, full duplex
1241 s->BasicModeCtrl = 0x1000; // autonegotiation
1243 s->BasicModeStatus = 0x7809;
1244 //s->BasicModeStatus |= 0x0040; /* UTP medium */
1245 s->BasicModeStatus |= 0x0020; /* autonegotiation completed */
1246 s->BasicModeStatus |= 0x0004; /* link is up */
1248 s->NWayAdvert = 0x05e1; /* all modes, full duplex */
1249 s->NWayLPAR = 0x05e1; /* all modes, full duplex */
1250 s->NWayExpansion = 0x0001; /* autonegotiation supported */
1252 /* also reset timer and disable timer interrupt */
1257 /* reset tally counters */
1258 RTL8139TallyCounters_clear(&s->tally_counters);
1261 static void RTL8139TallyCounters_clear(RTL8139TallyCounters* counters)
1265 counters->TxERR = 0;
1266 counters->RxERR = 0;
1267 counters->MissPkt = 0;
1269 counters->Tx1Col = 0;
1270 counters->TxMCol = 0;
1271 counters->RxOkPhy = 0;
1272 counters->RxOkBrd = 0;
1273 counters->RxOkMul = 0;
1274 counters->TxAbt = 0;
1275 counters->TxUndrn = 0;
1278 static void RTL8139TallyCounters_physical_memory_write(target_phys_addr_t tc_addr, RTL8139TallyCounters* tally_counters)
1284 val64 = cpu_to_le64(tally_counters->TxOk);
1285 cpu_physical_memory_write(tc_addr + 0, (uint8_t *)&val64, 8);
1287 val64 = cpu_to_le64(tally_counters->RxOk);
1288 cpu_physical_memory_write(tc_addr + 8, (uint8_t *)&val64, 8);
1290 val64 = cpu_to_le64(tally_counters->TxERR);
1291 cpu_physical_memory_write(tc_addr + 16, (uint8_t *)&val64, 8);
1293 val32 = cpu_to_le32(tally_counters->RxERR);
1294 cpu_physical_memory_write(tc_addr + 24, (uint8_t *)&val32, 4);
1296 val16 = cpu_to_le16(tally_counters->MissPkt);
1297 cpu_physical_memory_write(tc_addr + 28, (uint8_t *)&val16, 2);
1299 val16 = cpu_to_le16(tally_counters->FAE);
1300 cpu_physical_memory_write(tc_addr + 30, (uint8_t *)&val16, 2);
1302 val32 = cpu_to_le32(tally_counters->Tx1Col);
1303 cpu_physical_memory_write(tc_addr + 32, (uint8_t *)&val32, 4);
1305 val32 = cpu_to_le32(tally_counters->TxMCol);
1306 cpu_physical_memory_write(tc_addr + 36, (uint8_t *)&val32, 4);
1308 val64 = cpu_to_le64(tally_counters->RxOkPhy);
1309 cpu_physical_memory_write(tc_addr + 40, (uint8_t *)&val64, 8);
1311 val64 = cpu_to_le64(tally_counters->RxOkBrd);
1312 cpu_physical_memory_write(tc_addr + 48, (uint8_t *)&val64, 8);
1314 val32 = cpu_to_le32(tally_counters->RxOkMul);
1315 cpu_physical_memory_write(tc_addr + 56, (uint8_t *)&val32, 4);
1317 val16 = cpu_to_le16(tally_counters->TxAbt);
1318 cpu_physical_memory_write(tc_addr + 60, (uint8_t *)&val16, 2);
1320 val16 = cpu_to_le16(tally_counters->TxUndrn);
1321 cpu_physical_memory_write(tc_addr + 62, (uint8_t *)&val16, 2);
1324 /* Loads values of tally counters from VM state file */
1326 static const VMStateDescription vmstate_tally_counters = {
1327 .name = "tally_counters",
1329 .minimum_version_id = 1,
1330 .minimum_version_id_old = 1,
1331 .fields = (VMStateField []) {
1332 VMSTATE_UINT64(TxOk, RTL8139TallyCounters),
1333 VMSTATE_UINT64(RxOk, RTL8139TallyCounters),
1334 VMSTATE_UINT64(TxERR, RTL8139TallyCounters),
1335 VMSTATE_UINT32(RxERR, RTL8139TallyCounters),
1336 VMSTATE_UINT16(MissPkt, RTL8139TallyCounters),
1337 VMSTATE_UINT16(FAE, RTL8139TallyCounters),
1338 VMSTATE_UINT32(Tx1Col, RTL8139TallyCounters),
1339 VMSTATE_UINT32(TxMCol, RTL8139TallyCounters),
1340 VMSTATE_UINT64(RxOkPhy, RTL8139TallyCounters),
1341 VMSTATE_UINT64(RxOkBrd, RTL8139TallyCounters),
1342 VMSTATE_UINT16(TxAbt, RTL8139TallyCounters),
1343 VMSTATE_UINT16(TxUndrn, RTL8139TallyCounters),
1344 VMSTATE_END_OF_LIST()
1348 static void rtl8139_ChipCmd_write(RTL8139State *s, uint32_t val)
1352 DEBUG_PRINT(("RTL8139: ChipCmd write val=0x%08x\n", val));
1356 DEBUG_PRINT(("RTL8139: ChipCmd reset\n"));
1357 rtl8139_reset(&s->dev.qdev);
1361 DEBUG_PRINT(("RTL8139: ChipCmd enable receiver\n"));
1363 s->currCPlusRxDesc = 0;
1367 DEBUG_PRINT(("RTL8139: ChipCmd enable transmitter\n"));
1369 s->currCPlusTxDesc = 0;
1372 /* mask unwriteable bits */
1373 val = SET_MASKED(val, 0xe3, s->bChipCmdState);
1375 /* Deassert reset pin before next read */
1378 s->bChipCmdState = val;
1381 static int rtl8139_RxBufferEmpty(RTL8139State *s)
1383 int unread = MOD2(s->RxBufferSize + s->RxBufAddr - s->RxBufPtr, s->RxBufferSize);
1387 DEBUG_PRINT(("RTL8139: receiver buffer data available 0x%04x\n", unread));
1391 DEBUG_PRINT(("RTL8139: receiver buffer is empty\n"));
1396 static uint32_t rtl8139_ChipCmd_read(RTL8139State *s)
1398 uint32_t ret = s->bChipCmdState;
1400 if (rtl8139_RxBufferEmpty(s))
1403 DEBUG_PRINT(("RTL8139: ChipCmd read val=0x%04x\n", ret));
1408 static void rtl8139_CpCmd_write(RTL8139State *s, uint32_t val)
1412 DEBUG_PRINT(("RTL8139C+ command register write(w) val=0x%04x\n", val));
1414 s->cplus_enabled = 1;
1416 /* mask unwriteable bits */
1417 val = SET_MASKED(val, 0xff84, s->CpCmd);
1422 static uint32_t rtl8139_CpCmd_read(RTL8139State *s)
1424 uint32_t ret = s->CpCmd;
1426 DEBUG_PRINT(("RTL8139C+ command register read(w) val=0x%04x\n", ret));
1431 static void rtl8139_IntrMitigate_write(RTL8139State *s, uint32_t val)
1433 DEBUG_PRINT(("RTL8139C+ IntrMitigate register write(w) val=0x%04x\n", val));
1436 static uint32_t rtl8139_IntrMitigate_read(RTL8139State *s)
1440 DEBUG_PRINT(("RTL8139C+ IntrMitigate register read(w) val=0x%04x\n", ret));
1445 static int rtl8139_config_writeable(RTL8139State *s)
1447 if (s->Cfg9346 & Cfg9346_Unlock)
1452 DEBUG_PRINT(("RTL8139: Configuration registers are write-protected\n"));
1457 static void rtl8139_BasicModeCtrl_write(RTL8139State *s, uint32_t val)
1461 DEBUG_PRINT(("RTL8139: BasicModeCtrl register write(w) val=0x%04x\n", val));
1463 /* mask unwriteable bits */
1464 uint32_t mask = 0x4cff;
1466 if (1 || !rtl8139_config_writeable(s))
1468 /* Speed setting and autonegotiation enable bits are read-only */
1470 /* Duplex mode setting is read-only */
1474 val = SET_MASKED(val, mask, s->BasicModeCtrl);
1476 s->BasicModeCtrl = val;
1479 static uint32_t rtl8139_BasicModeCtrl_read(RTL8139State *s)
1481 uint32_t ret = s->BasicModeCtrl;
1483 DEBUG_PRINT(("RTL8139: BasicModeCtrl register read(w) val=0x%04x\n", ret));
1488 static void rtl8139_BasicModeStatus_write(RTL8139State *s, uint32_t val)
1492 DEBUG_PRINT(("RTL8139: BasicModeStatus register write(w) val=0x%04x\n", val));
1494 /* mask unwriteable bits */
1495 val = SET_MASKED(val, 0xff3f, s->BasicModeStatus);
1497 s->BasicModeStatus = val;
1500 static uint32_t rtl8139_BasicModeStatus_read(RTL8139State *s)
1502 uint32_t ret = s->BasicModeStatus;
1504 DEBUG_PRINT(("RTL8139: BasicModeStatus register read(w) val=0x%04x\n", ret));
1509 static void rtl8139_Cfg9346_write(RTL8139State *s, uint32_t val)
1513 DEBUG_PRINT(("RTL8139: Cfg9346 write val=0x%02x\n", val));
1515 /* mask unwriteable bits */
1516 val = SET_MASKED(val, 0x31, s->Cfg9346);
1518 uint32_t opmode = val & 0xc0;
1519 uint32_t eeprom_val = val & 0xf;
1521 if (opmode == 0x80) {
1523 int eecs = (eeprom_val & 0x08)?1:0;
1524 int eesk = (eeprom_val & 0x04)?1:0;
1525 int eedi = (eeprom_val & 0x02)?1:0;
1526 prom9346_set_wire(s, eecs, eesk, eedi);
1527 } else if (opmode == 0x40) {
1530 rtl8139_reset(&s->dev.qdev);
1536 static uint32_t rtl8139_Cfg9346_read(RTL8139State *s)
1538 uint32_t ret = s->Cfg9346;
1540 uint32_t opmode = ret & 0xc0;
1545 int eedo = prom9346_get_wire(s);
1556 DEBUG_PRINT(("RTL8139: Cfg9346 read val=0x%02x\n", ret));
1561 static void rtl8139_Config0_write(RTL8139State *s, uint32_t val)
1565 DEBUG_PRINT(("RTL8139: Config0 write val=0x%02x\n", val));
1567 if (!rtl8139_config_writeable(s))
1570 /* mask unwriteable bits */
1571 val = SET_MASKED(val, 0xf8, s->Config0);
1576 static uint32_t rtl8139_Config0_read(RTL8139State *s)
1578 uint32_t ret = s->Config0;
1580 DEBUG_PRINT(("RTL8139: Config0 read val=0x%02x\n", ret));
1585 static void rtl8139_Config1_write(RTL8139State *s, uint32_t val)
1589 DEBUG_PRINT(("RTL8139: Config1 write val=0x%02x\n", val));
1591 if (!rtl8139_config_writeable(s))
1594 /* mask unwriteable bits */
1595 val = SET_MASKED(val, 0xC, s->Config1);
1600 static uint32_t rtl8139_Config1_read(RTL8139State *s)
1602 uint32_t ret = s->Config1;
1604 DEBUG_PRINT(("RTL8139: Config1 read val=0x%02x\n", ret));
1609 static void rtl8139_Config3_write(RTL8139State *s, uint32_t val)
1613 DEBUG_PRINT(("RTL8139: Config3 write val=0x%02x\n", val));
1615 if (!rtl8139_config_writeable(s))
1618 /* mask unwriteable bits */
1619 val = SET_MASKED(val, 0x8F, s->Config3);
1624 static uint32_t rtl8139_Config3_read(RTL8139State *s)
1626 uint32_t ret = s->Config3;
1628 DEBUG_PRINT(("RTL8139: Config3 read val=0x%02x\n", ret));
1633 static void rtl8139_Config4_write(RTL8139State *s, uint32_t val)
1637 DEBUG_PRINT(("RTL8139: Config4 write val=0x%02x\n", val));
1639 if (!rtl8139_config_writeable(s))
1642 /* mask unwriteable bits */
1643 val = SET_MASKED(val, 0x0a, s->Config4);
1648 static uint32_t rtl8139_Config4_read(RTL8139State *s)
1650 uint32_t ret = s->Config4;
1652 DEBUG_PRINT(("RTL8139: Config4 read val=0x%02x\n", ret));
1657 static void rtl8139_Config5_write(RTL8139State *s, uint32_t val)
1661 DEBUG_PRINT(("RTL8139: Config5 write val=0x%02x\n", val));
1663 /* mask unwriteable bits */
1664 val = SET_MASKED(val, 0x80, s->Config5);
1669 static uint32_t rtl8139_Config5_read(RTL8139State *s)
1671 uint32_t ret = s->Config5;
1673 DEBUG_PRINT(("RTL8139: Config5 read val=0x%02x\n", ret));
1678 static void rtl8139_TxConfig_write(RTL8139State *s, uint32_t val)
1680 if (!rtl8139_transmitter_enabled(s))
1682 DEBUG_PRINT(("RTL8139: transmitter disabled; no TxConfig write val=0x%08x\n", val));
1686 DEBUG_PRINT(("RTL8139: TxConfig write val=0x%08x\n", val));
1688 val = SET_MASKED(val, TxVersionMask | 0x8070f80f, s->TxConfig);
1693 static void rtl8139_TxConfig_writeb(RTL8139State *s, uint32_t val)
1695 DEBUG_PRINT(("RTL8139C TxConfig via write(b) val=0x%02x\n", val));
1697 uint32_t tc = s->TxConfig;
1699 tc |= (val & 0x000000FF);
1700 rtl8139_TxConfig_write(s, tc);
1703 static uint32_t rtl8139_TxConfig_read(RTL8139State *s)
1705 uint32_t ret = s->TxConfig;
1707 DEBUG_PRINT(("RTL8139: TxConfig read val=0x%04x\n", ret));
1712 static void rtl8139_RxConfig_write(RTL8139State *s, uint32_t val)
1714 DEBUG_PRINT(("RTL8139: RxConfig write val=0x%08x\n", val));
1716 /* mask unwriteable bits */
1717 val = SET_MASKED(val, 0xf0fc0040, s->RxConfig);
1721 /* reset buffer size and read/write pointers */
1722 rtl8139_reset_rxring(s, 8192 << ((s->RxConfig >> 11) & 0x3));
1724 DEBUG_PRINT(("RTL8139: RxConfig write reset buffer size to %d\n", s->RxBufferSize));
1727 static uint32_t rtl8139_RxConfig_read(RTL8139State *s)
1729 uint32_t ret = s->RxConfig;
1731 DEBUG_PRINT(("RTL8139: RxConfig read val=0x%08x\n", ret));
1736 static void rtl8139_transfer_frame(RTL8139State *s, const uint8_t *buf, int size, int do_interrupt)
1740 DEBUG_PRINT(("RTL8139: +++ empty ethernet frame\n"));
1744 if (TxLoopBack == (s->TxConfig & TxLoopBack))
1746 DEBUG_PRINT(("RTL8139: +++ transmit loopback mode\n"));
1747 rtl8139_do_receive(s->vc, buf, size, do_interrupt);
1751 qemu_send_packet(s->vc, buf, size);
1755 static int rtl8139_transmit_one(RTL8139State *s, int descriptor)
1757 if (!rtl8139_transmitter_enabled(s))
1759 DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: transmitter disabled\n",
1764 if (s->TxStatus[descriptor] & TxHostOwns)
1766 DEBUG_PRINT(("RTL8139: +++ cannot transmit from descriptor %d: owned by host (%08x)\n",
1767 descriptor, s->TxStatus[descriptor]));
1771 DEBUG_PRINT(("RTL8139: +++ transmitting from descriptor %d\n", descriptor));
1773 int txsize = s->TxStatus[descriptor] & 0x1fff;
1774 uint8_t txbuffer[0x2000];
1776 DEBUG_PRINT(("RTL8139: +++ transmit reading %d bytes from host memory at 0x%08x\n",
1777 txsize, s->TxAddr[descriptor]));
1779 cpu_physical_memory_read(s->TxAddr[descriptor], txbuffer, txsize);
1781 /* Mark descriptor as transferred */
1782 s->TxStatus[descriptor] |= TxHostOwns;
1783 s->TxStatus[descriptor] |= TxStatOK;
1785 rtl8139_transfer_frame(s, txbuffer, txsize, 0);
1787 DEBUG_PRINT(("RTL8139: +++ transmitted %d bytes from descriptor %d\n", txsize, descriptor));
1789 /* update interrupt */
1790 s->IntrStatus |= TxOK;
1791 rtl8139_update_irq(s);
1796 /* structures and macros for task offloading */
1797 typedef struct ip_header
1799 uint8_t ip_ver_len; /* version and header length */
1800 uint8_t ip_tos; /* type of service */
1801 uint16_t ip_len; /* total length */
1802 uint16_t ip_id; /* identification */
1803 uint16_t ip_off; /* fragment offset field */
1804 uint8_t ip_ttl; /* time to live */
1805 uint8_t ip_p; /* protocol */
1806 uint16_t ip_sum; /* checksum */
1807 uint32_t ip_src,ip_dst; /* source and dest address */
1810 #define IP_HEADER_VERSION_4 4
1811 #define IP_HEADER_VERSION(ip) ((ip->ip_ver_len >> 4)&0xf)
1812 #define IP_HEADER_LENGTH(ip) (((ip->ip_ver_len)&0xf) << 2)
1814 typedef struct tcp_header
1816 uint16_t th_sport; /* source port */
1817 uint16_t th_dport; /* destination port */
1818 uint32_t th_seq; /* sequence number */
1819 uint32_t th_ack; /* acknowledgement number */
1820 uint16_t th_offset_flags; /* data offset, reserved 6 bits, TCP protocol flags */
1821 uint16_t th_win; /* window */
1822 uint16_t th_sum; /* checksum */
1823 uint16_t th_urp; /* urgent pointer */
1826 typedef struct udp_header
1828 uint16_t uh_sport; /* source port */
1829 uint16_t uh_dport; /* destination port */
1830 uint16_t uh_ulen; /* udp length */
1831 uint16_t uh_sum; /* udp checksum */
1834 typedef struct ip_pseudo_header
1840 uint16_t ip_payload;
1843 #define IP_PROTO_TCP 6
1844 #define IP_PROTO_UDP 17
1846 #define TCP_HEADER_DATA_OFFSET(tcp) (((be16_to_cpu(tcp->th_offset_flags) >> 12)&0xf) << 2)
1847 #define TCP_FLAGS_ONLY(flags) ((flags)&0x3f)
1848 #define TCP_HEADER_FLAGS(tcp) TCP_FLAGS_ONLY(be16_to_cpu(tcp->th_offset_flags))
1850 #define TCP_HEADER_CLEAR_FLAGS(tcp, off) ((tcp)->th_offset_flags &= cpu_to_be16(~TCP_FLAGS_ONLY(off)))
1852 #define TCP_FLAG_FIN 0x01
1853 #define TCP_FLAG_PUSH 0x08
1855 /* produces ones' complement sum of data */
1856 static uint16_t ones_complement_sum(uint8_t *data, size_t len)
1858 uint32_t result = 0;
1860 for (; len > 1; data+=2, len-=2)
1862 result += *(uint16_t*)data;
1865 /* add the remainder byte */
1868 uint8_t odd[2] = {*data, 0};
1869 result += *(uint16_t*)odd;
1873 result = (result & 0xffff) + (result >> 16);
1878 static uint16_t ip_checksum(void *data, size_t len)
1880 return ~ones_complement_sum((uint8_t*)data, len);
1883 static int rtl8139_cplus_transmit_one(RTL8139State *s)
1885 if (!rtl8139_transmitter_enabled(s))
1887 DEBUG_PRINT(("RTL8139: +++ C+ mode: transmitter disabled\n"));
1891 if (!rtl8139_cp_transmitter_enabled(s))
1893 DEBUG_PRINT(("RTL8139: +++ C+ mode: C+ transmitter disabled\n"));
1897 int descriptor = s->currCPlusTxDesc;
1899 target_phys_addr_t cplus_tx_ring_desc =
1900 rtl8139_addr64(s->TxAddr[0], s->TxAddr[1]);
1902 /* Normal priority ring */
1903 cplus_tx_ring_desc += 16 * descriptor;
1905 DEBUG_PRINT(("RTL8139: +++ C+ mode reading TX descriptor %d from host memory at %08x0x%08x = 0x%8lx\n",
1906 descriptor, s->TxAddr[1], s->TxAddr[0], cplus_tx_ring_desc));
1908 uint32_t val, txdw0,txdw1,txbufLO,txbufHI;
1910 cpu_physical_memory_read(cplus_tx_ring_desc, (uint8_t *)&val, 4);
1911 txdw0 = le32_to_cpu(val);
1912 cpu_physical_memory_read(cplus_tx_ring_desc+4, (uint8_t *)&val, 4);
1913 txdw1 = le32_to_cpu(val);
1914 cpu_physical_memory_read(cplus_tx_ring_desc+8, (uint8_t *)&val, 4);
1915 txbufLO = le32_to_cpu(val);
1916 cpu_physical_memory_read(cplus_tx_ring_desc+12, (uint8_t *)&val, 4);
1917 txbufHI = le32_to_cpu(val);
1919 DEBUG_PRINT(("RTL8139: +++ C+ mode TX descriptor %d %08x %08x %08x %08x\n",
1921 txdw0, txdw1, txbufLO, txbufHI));
1923 /* w0 ownership flag */
1924 #define CP_TX_OWN (1<<31)
1925 /* w0 end of ring flag */
1926 #define CP_TX_EOR (1<<30)
1927 /* first segment of received packet flag */
1928 #define CP_TX_FS (1<<29)
1929 /* last segment of received packet flag */
1930 #define CP_TX_LS (1<<28)
1931 /* large send packet flag */
1932 #define CP_TX_LGSEN (1<<27)
1933 /* large send MSS mask, bits 16...25 */
1934 #define CP_TC_LGSEN_MSS_MASK ((1 << 12) - 1)
1936 /* IP checksum offload flag */
1937 #define CP_TX_IPCS (1<<18)
1938 /* UDP checksum offload flag */
1939 #define CP_TX_UDPCS (1<<17)
1940 /* TCP checksum offload flag */
1941 #define CP_TX_TCPCS (1<<16)
1943 /* w0 bits 0...15 : buffer size */
1944 #define CP_TX_BUFFER_SIZE (1<<16)
1945 #define CP_TX_BUFFER_SIZE_MASK (CP_TX_BUFFER_SIZE - 1)
1946 /* w1 tag available flag */
1947 #define CP_RX_TAGC (1<<17)
1948 /* w1 bits 0...15 : VLAN tag */
1949 #define CP_TX_VLAN_TAG_MASK ((1<<16) - 1)
1950 /* w2 low 32bit of Rx buffer ptr */
1951 /* w3 high 32bit of Rx buffer ptr */
1953 /* set after transmission */
1954 /* FIFO underrun flag */
1955 #define CP_TX_STATUS_UNF (1<<25)
1956 /* transmit error summary flag, valid if set any of three below */
1957 #define CP_TX_STATUS_TES (1<<23)
1958 /* out-of-window collision flag */
1959 #define CP_TX_STATUS_OWC (1<<22)
1960 /* link failure flag */
1961 #define CP_TX_STATUS_LNKF (1<<21)
1962 /* excessive collisions flag */
1963 #define CP_TX_STATUS_EXC (1<<20)
1965 if (!(txdw0 & CP_TX_OWN))
1967 DEBUG_PRINT(("RTL8139: C+ Tx mode : descriptor %d is owned by host\n", descriptor));
1971 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : transmitting from descriptor %d\n", descriptor));
1973 if (txdw0 & CP_TX_FS)
1975 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is first segment descriptor\n", descriptor));
1977 /* reset internal buffer offset */
1978 s->cplus_txbuffer_offset = 0;
1981 int txsize = txdw0 & CP_TX_BUFFER_SIZE_MASK;
1982 target_phys_addr_t tx_addr = rtl8139_addr64(txbufLO, txbufHI);
1984 /* make sure we have enough space to assemble the packet */
1985 if (!s->cplus_txbuffer)
1987 s->cplus_txbuffer_len = CP_TX_BUFFER_SIZE;
1988 s->cplus_txbuffer = qemu_malloc(s->cplus_txbuffer_len);
1989 s->cplus_txbuffer_offset = 0;
1991 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer allocated space %d\n", s->cplus_txbuffer_len));
1994 while (s->cplus_txbuffer && s->cplus_txbuffer_offset + txsize >= s->cplus_txbuffer_len)
1996 s->cplus_txbuffer_len += CP_TX_BUFFER_SIZE;
1997 s->cplus_txbuffer = qemu_realloc(s->cplus_txbuffer, s->cplus_txbuffer_len);
1999 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission buffer space changed to %d\n", s->cplus_txbuffer_len));
2002 if (!s->cplus_txbuffer)
2006 DEBUG_PRINT(("RTL8139: +++ C+ mode transmiter failed to reallocate %d bytes\n", s->cplus_txbuffer_len));
2008 /* update tally counter */
2009 ++s->tally_counters.TxERR;
2010 ++s->tally_counters.TxAbt;
2015 /* append more data to the packet */
2017 DEBUG_PRINT(("RTL8139: +++ C+ mode transmit reading %d bytes from host memory at %016" PRIx64 " to offset %d\n",
2018 txsize, (uint64_t)tx_addr, s->cplus_txbuffer_offset));
2020 cpu_physical_memory_read(tx_addr, s->cplus_txbuffer + s->cplus_txbuffer_offset, txsize);
2021 s->cplus_txbuffer_offset += txsize;
2023 /* seek to next Rx descriptor */
2024 if (txdw0 & CP_TX_EOR)
2026 s->currCPlusTxDesc = 0;
2030 ++s->currCPlusTxDesc;
2031 if (s->currCPlusTxDesc >= 64)
2032 s->currCPlusTxDesc = 0;
2035 /* transfer ownership to target */
2036 txdw0 &= ~CP_RX_OWN;
2038 /* reset error indicator bits */
2039 txdw0 &= ~CP_TX_STATUS_UNF;
2040 txdw0 &= ~CP_TX_STATUS_TES;
2041 txdw0 &= ~CP_TX_STATUS_OWC;
2042 txdw0 &= ~CP_TX_STATUS_LNKF;
2043 txdw0 &= ~CP_TX_STATUS_EXC;
2045 /* update ring data */
2046 val = cpu_to_le32(txdw0);
2047 cpu_physical_memory_write(cplus_tx_ring_desc, (uint8_t *)&val, 4);
2048 // val = cpu_to_le32(txdw1);
2049 // cpu_physical_memory_write(cplus_tx_ring_desc+4, &val, 4);
2051 /* Now decide if descriptor being processed is holding the last segment of packet */
2052 if (txdw0 & CP_TX_LS)
2054 DEBUG_PRINT(("RTL8139: +++ C+ Tx mode : descriptor %d is last segment descriptor\n", descriptor));
2056 /* can transfer fully assembled packet */
2058 uint8_t *saved_buffer = s->cplus_txbuffer;
2059 int saved_size = s->cplus_txbuffer_offset;
2060 int saved_buffer_len = s->cplus_txbuffer_len;
2062 /* reset the card space to protect from recursive call */
2063 s->cplus_txbuffer = NULL;
2064 s->cplus_txbuffer_offset = 0;
2065 s->cplus_txbuffer_len = 0;
2067 if (txdw0 & (CP_TX_IPCS | CP_TX_UDPCS | CP_TX_TCPCS | CP_TX_LGSEN))
2069 DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task checksum\n"));
2071 #define ETH_P_IP 0x0800 /* Internet Protocol packet */
2073 #define ETH_MTU 1500
2075 /* ip packet header */
2076 ip_header *ip = NULL;
2078 uint8_t ip_protocol = 0;
2079 uint16_t ip_data_len = 0;
2081 uint8_t *eth_payload_data = NULL;
2082 size_t eth_payload_len = 0;
2084 int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
2085 if (proto == ETH_P_IP)
2087 DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
2090 eth_payload_data = saved_buffer + ETH_HLEN;
2091 eth_payload_len = saved_size - ETH_HLEN;
2093 ip = (ip_header*)eth_payload_data;
2095 if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
2096 DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version %d expected %d\n", IP_HEADER_VERSION(ip), IP_HEADER_VERSION_4));
2099 hlen = IP_HEADER_LENGTH(ip);
2100 ip_protocol = ip->ip_p;
2101 ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
2107 if (txdw0 & CP_TX_IPCS)
2109 DEBUG_PRINT(("RTL8139: +++ C+ mode need IP checksum\n"));
2111 if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
2112 /* bad packet header len */
2113 /* or packet too short */
2118 ip->ip_sum = ip_checksum(ip, hlen);
2119 DEBUG_PRINT(("RTL8139: +++ C+ mode IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
2123 if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
2125 #if defined (DEBUG_RTL8139)
2126 int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
2128 DEBUG_PRINT(("RTL8139: +++ C+ mode offloaded task TSO MTU=%d IP data %d frame data %d specified MSS=%d\n",
2129 ETH_MTU, ip_data_len, saved_size - ETH_HLEN, large_send_mss));
2131 int tcp_send_offset = 0;
2134 /* maximum IP header length is 60 bytes */
2135 uint8_t saved_ip_header[60];
2137 /* save IP header template; data area is used in tcp checksum calculation */
2138 memcpy(saved_ip_header, eth_payload_data, hlen);
2140 /* a placeholder for checksum calculation routine in tcp case */
2141 uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
2142 // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
2144 /* pointer to TCP header */
2145 tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
2147 int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
2149 /* ETH_MTU = ip header len + tcp header len + payload */
2150 int tcp_data_len = ip_data_len - tcp_hlen;
2151 int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
2153 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP data len %d TCP hlen %d TCP data len %d TCP chunk size %d\n",
2154 ip_data_len, tcp_hlen, tcp_data_len, tcp_chunk_size));
2156 /* note the cycle below overwrites IP header data,
2157 but restores it from saved_ip_header before sending packet */
2159 int is_last_frame = 0;
2161 for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
2163 uint16_t chunk_size = tcp_chunk_size;
2165 /* check if this is the last frame */
2166 if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
2169 chunk_size = tcp_data_len - tcp_send_offset;
2172 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP seqno %08x\n", be32_to_cpu(p_tcp_hdr->th_seq)));
2174 /* add 4 TCP pseudoheader fields */
2175 /* copy IP source and destination fields */
2176 memcpy(data_to_checksum, saved_ip_header + 12, 8);
2178 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO calculating TCP checksum for packet with %d bytes data\n", tcp_hlen + chunk_size));
2180 if (tcp_send_offset)
2182 memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
2185 /* keep PUSH and FIN flags only for the last frame */
2188 TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
2191 /* recalculate TCP checksum */
2192 ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
2193 p_tcpip_hdr->zeros = 0;
2194 p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
2195 p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
2197 p_tcp_hdr->th_sum = 0;
2199 int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
2200 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO TCP checksum %04x\n", tcp_checksum));
2202 p_tcp_hdr->th_sum = tcp_checksum;
2204 /* restore IP header */
2205 memcpy(eth_payload_data, saved_ip_header, hlen);
2207 /* set IP data length and recalculate IP checksum */
2208 ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
2210 /* increment IP id for subsequent frames */
2211 ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
2214 ip->ip_sum = ip_checksum(eth_payload_data, hlen);
2215 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO IP header len=%d checksum=%04x\n", hlen, ip->ip_sum));
2217 int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
2218 DEBUG_PRINT(("RTL8139: +++ C+ mode TSO transferring packet size %d\n", tso_send_size));
2219 rtl8139_transfer_frame(s, saved_buffer, tso_send_size, 0);
2221 /* add transferred count to TCP sequence number */
2222 p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
2226 /* Stop sending this frame */
2229 else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
2231 DEBUG_PRINT(("RTL8139: +++ C+ mode need TCP or UDP checksum\n"));
2233 /* maximum IP header length is 60 bytes */
2234 uint8_t saved_ip_header[60];
2235 memcpy(saved_ip_header, eth_payload_data, hlen);
2237 uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
2238 // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
2240 /* add 4 TCP pseudoheader fields */
2241 /* copy IP source and destination fields */
2242 memcpy(data_to_checksum, saved_ip_header + 12, 8);
2244 if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
2246 DEBUG_PRINT(("RTL8139: +++ C+ mode calculating TCP checksum for packet with %d bytes data\n", ip_data_len));
2248 ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
2249 p_tcpip_hdr->zeros = 0;
2250 p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
2251 p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
2253 tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
2255 p_tcp_hdr->th_sum = 0;
2257 int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
2258 DEBUG_PRINT(("RTL8139: +++ C+ mode TCP checksum %04x\n", tcp_checksum));
2260 p_tcp_hdr->th_sum = tcp_checksum;
2262 else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
2264 DEBUG_PRINT(("RTL8139: +++ C+ mode calculating UDP checksum for packet with %d bytes data\n", ip_data_len));
2266 ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
2267 p_udpip_hdr->zeros = 0;
2268 p_udpip_hdr->ip_proto = IP_PROTO_UDP;
2269 p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
2271 udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
2273 p_udp_hdr->uh_sum = 0;
2275 int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
2276 DEBUG_PRINT(("RTL8139: +++ C+ mode UDP checksum %04x\n", udp_checksum));
2278 p_udp_hdr->uh_sum = udp_checksum;
2281 /* restore IP header */
2282 memcpy(eth_payload_data, saved_ip_header, hlen);
2287 /* update tally counter */
2288 ++s->tally_counters.TxOk;
2290 DEBUG_PRINT(("RTL8139: +++ C+ mode transmitting %d bytes packet\n", saved_size));
2292 rtl8139_transfer_frame(s, saved_buffer, saved_size, 1);
2294 /* restore card space if there was no recursion and reset offset */
2295 if (!s->cplus_txbuffer)
2297 s->cplus_txbuffer = saved_buffer;
2298 s->cplus_txbuffer_len = saved_buffer_len;
2299 s->cplus_txbuffer_offset = 0;
2303 qemu_free(saved_buffer);
2308 DEBUG_PRINT(("RTL8139: +++ C+ mode transmission continue to next descriptor\n"));
2314 static void rtl8139_cplus_transmit(RTL8139State *s)
2318 while (rtl8139_cplus_transmit_one(s))
2323 /* Mark transfer completed */
2326 DEBUG_PRINT(("RTL8139: C+ mode : transmitter queue stalled, current TxDesc = %d\n",
2327 s->currCPlusTxDesc));
2331 /* update interrupt status */
2332 s->IntrStatus |= TxOK;
2333 rtl8139_update_irq(s);
2337 static void rtl8139_transmit(RTL8139State *s)
2339 int descriptor = s->currTxDesc, txcount = 0;
2342 if (rtl8139_transmit_one(s, descriptor))
2349 /* Mark transfer completed */
2352 DEBUG_PRINT(("RTL8139: transmitter queue stalled, current TxDesc = %d\n", s->currTxDesc));
2356 static void rtl8139_TxStatus_write(RTL8139State *s, uint32_t txRegOffset, uint32_t val)
2359 int descriptor = txRegOffset/4;
2361 /* handle C+ transmit mode register configuration */
2363 if (s->cplus_enabled)
2365 DEBUG_PRINT(("RTL8139C+ DTCCR write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
2367 /* handle Dump Tally Counters command */
2368 s->TxStatus[descriptor] = val;
2370 if (descriptor == 0 && (val & 0x8))
2372 target_phys_addr_t tc_addr = rtl8139_addr64(s->TxStatus[0] & ~0x3f, s->TxStatus[1]);
2374 /* dump tally counters to specified memory location */
2375 RTL8139TallyCounters_physical_memory_write( tc_addr, &s->tally_counters);
2377 /* mark dump completed */
2378 s->TxStatus[0] &= ~0x8;
2384 DEBUG_PRINT(("RTL8139: TxStatus write offset=0x%x val=0x%08x descriptor=%d\n", txRegOffset, val, descriptor));
2386 /* mask only reserved bits */
2387 val &= ~0xff00c000; /* these bits are reset on write */
2388 val = SET_MASKED(val, 0x00c00000, s->TxStatus[descriptor]);
2390 s->TxStatus[descriptor] = val;
2392 /* attempt to start transmission */
2393 rtl8139_transmit(s);
2396 static uint32_t rtl8139_TxStatus_read(RTL8139State *s, uint32_t txRegOffset)
2398 uint32_t ret = s->TxStatus[txRegOffset/4];
2400 DEBUG_PRINT(("RTL8139: TxStatus read offset=0x%x val=0x%08x\n", txRegOffset, ret));
2405 static uint16_t rtl8139_TSAD_read(RTL8139State *s)
2409 /* Simulate TSAD, it is read only anyway */
2411 ret = ((s->TxStatus[3] & TxStatOK )?TSAD_TOK3:0)
2412 |((s->TxStatus[2] & TxStatOK )?TSAD_TOK2:0)
2413 |((s->TxStatus[1] & TxStatOK )?TSAD_TOK1:0)
2414 |((s->TxStatus[0] & TxStatOK )?TSAD_TOK0:0)
2416 |((s->TxStatus[3] & TxUnderrun)?TSAD_TUN3:0)
2417 |((s->TxStatus[2] & TxUnderrun)?TSAD_TUN2:0)
2418 |((s->TxStatus[1] & TxUnderrun)?TSAD_TUN1:0)
2419 |((s->TxStatus[0] & TxUnderrun)?TSAD_TUN0:0)
2421 |((s->TxStatus[3] & TxAborted )?TSAD_TABT3:0)
2422 |((s->TxStatus[2] & TxAborted )?TSAD_TABT2:0)
2423 |((s->TxStatus[1] & TxAborted )?TSAD_TABT1:0)
2424 |((s->TxStatus[0] & TxAborted )?TSAD_TABT0:0)
2426 |((s->TxStatus[3] & TxHostOwns )?TSAD_OWN3:0)
2427 |((s->TxStatus[2] & TxHostOwns )?TSAD_OWN2:0)
2428 |((s->TxStatus[1] & TxHostOwns )?TSAD_OWN1:0)
2429 |((s->TxStatus[0] & TxHostOwns )?TSAD_OWN0:0) ;
2432 DEBUG_PRINT(("RTL8139: TSAD read val=0x%04x\n", ret));
2437 static uint16_t rtl8139_CSCR_read(RTL8139State *s)
2439 uint16_t ret = s->CSCR;
2441 DEBUG_PRINT(("RTL8139: CSCR read val=0x%04x\n", ret));
2446 static void rtl8139_TxAddr_write(RTL8139State *s, uint32_t txAddrOffset, uint32_t val)
2448 DEBUG_PRINT(("RTL8139: TxAddr write offset=0x%x val=0x%08x\n", txAddrOffset, val));
2450 s->TxAddr[txAddrOffset/4] = val;
2453 static uint32_t rtl8139_TxAddr_read(RTL8139State *s, uint32_t txAddrOffset)
2455 uint32_t ret = s->TxAddr[txAddrOffset/4];
2457 DEBUG_PRINT(("RTL8139: TxAddr read offset=0x%x val=0x%08x\n", txAddrOffset, ret));
2462 static void rtl8139_RxBufPtr_write(RTL8139State *s, uint32_t val)
2464 DEBUG_PRINT(("RTL8139: RxBufPtr write val=0x%04x\n", val));
2466 /* this value is off by 16 */
2467 s->RxBufPtr = MOD2(val + 0x10, s->RxBufferSize);
2469 DEBUG_PRINT((" CAPR write: rx buffer length %d head 0x%04x read 0x%04x\n",
2470 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr));
2473 static uint32_t rtl8139_RxBufPtr_read(RTL8139State *s)
2475 /* this value is off by 16 */
2476 uint32_t ret = s->RxBufPtr - 0x10;
2478 DEBUG_PRINT(("RTL8139: RxBufPtr read val=0x%04x\n", ret));
2483 static uint32_t rtl8139_RxBufAddr_read(RTL8139State *s)
2485 /* this value is NOT off by 16 */
2486 uint32_t ret = s->RxBufAddr;
2488 DEBUG_PRINT(("RTL8139: RxBufAddr read val=0x%04x\n", ret));
2493 static void rtl8139_RxBuf_write(RTL8139State *s, uint32_t val)
2495 DEBUG_PRINT(("RTL8139: RxBuf write val=0x%08x\n", val));
2499 /* may need to reset rxring here */
2502 static uint32_t rtl8139_RxBuf_read(RTL8139State *s)
2504 uint32_t ret = s->RxBuf;
2506 DEBUG_PRINT(("RTL8139: RxBuf read val=0x%08x\n", ret));
2511 static void rtl8139_IntrMask_write(RTL8139State *s, uint32_t val)
2513 DEBUG_PRINT(("RTL8139: IntrMask write(w) val=0x%04x\n", val));
2515 /* mask unwriteable bits */
2516 val = SET_MASKED(val, 0x1e00, s->IntrMask);
2520 rtl8139_update_irq(s);
2523 static uint32_t rtl8139_IntrMask_read(RTL8139State *s)
2525 uint32_t ret = s->IntrMask;
2527 DEBUG_PRINT(("RTL8139: IntrMask read(w) val=0x%04x\n", ret));
2532 static void rtl8139_IntrStatus_write(RTL8139State *s, uint32_t val)
2534 DEBUG_PRINT(("RTL8139: IntrStatus write(w) val=0x%04x\n", val));
2538 /* writing to ISR has no effect */
2543 uint16_t newStatus = s->IntrStatus & ~val;
2545 /* mask unwriteable bits */
2546 newStatus = SET_MASKED(newStatus, 0x1e00, s->IntrStatus);
2548 /* writing 1 to interrupt status register bit clears it */
2550 rtl8139_update_irq(s);
2552 s->IntrStatus = newStatus;
2553 rtl8139_update_irq(s);
2557 static uint32_t rtl8139_IntrStatus_read(RTL8139State *s)
2559 uint32_t ret = s->IntrStatus;
2561 DEBUG_PRINT(("RTL8139: IntrStatus read(w) val=0x%04x\n", ret));
2565 /* reading ISR clears all interrupts */
2568 rtl8139_update_irq(s);
2575 static void rtl8139_MultiIntr_write(RTL8139State *s, uint32_t val)
2577 DEBUG_PRINT(("RTL8139: MultiIntr write(w) val=0x%04x\n", val));
2579 /* mask unwriteable bits */
2580 val = SET_MASKED(val, 0xf000, s->MultiIntr);
2585 static uint32_t rtl8139_MultiIntr_read(RTL8139State *s)
2587 uint32_t ret = s->MultiIntr;
2589 DEBUG_PRINT(("RTL8139: MultiIntr read(w) val=0x%04x\n", ret));
2594 static void rtl8139_io_writeb(void *opaque, uint8_t addr, uint32_t val)
2596 RTL8139State *s = opaque;
2602 case MAC0 ... MAC0+5:
2603 s->phys[addr - MAC0] = val;
2605 case MAC0+6 ... MAC0+7:
2608 case MAR0 ... MAR0+7:
2609 s->mult[addr - MAR0] = val;
2612 rtl8139_ChipCmd_write(s, val);
2615 rtl8139_Cfg9346_write(s, val);
2617 case TxConfig: /* windows driver sometimes writes using byte-lenth call */
2618 rtl8139_TxConfig_writeb(s, val);
2621 rtl8139_Config0_write(s, val);
2624 rtl8139_Config1_write(s, val);
2627 rtl8139_Config3_write(s, val);
2630 rtl8139_Config4_write(s, val);
2633 rtl8139_Config5_write(s, val);
2637 DEBUG_PRINT(("RTL8139: not implemented write(b) to MediaStatus val=0x%02x\n", val));
2641 DEBUG_PRINT(("RTL8139: HltClk write val=0x%08x\n", val));
2644 s->clock_enabled = 1;
2646 else if (val == 'H')
2648 s->clock_enabled = 0;
2653 DEBUG_PRINT(("RTL8139C+ TxThresh write(b) val=0x%02x\n", val));
2658 DEBUG_PRINT(("RTL8139C+ TxPoll write(b) val=0x%02x\n", val));
2661 DEBUG_PRINT(("RTL8139C+ TxPoll high priority transmission (not implemented)\n"));
2662 //rtl8139_cplus_transmit(s);
2666 DEBUG_PRINT(("RTL8139C+ TxPoll normal priority transmission\n"));
2667 rtl8139_cplus_transmit(s);
2673 DEBUG_PRINT(("RTL8139: not implemented write(b) addr=0x%x val=0x%02x\n", addr, val));
2678 static void rtl8139_io_writew(void *opaque, uint8_t addr, uint32_t val)
2680 RTL8139State *s = opaque;
2687 rtl8139_IntrMask_write(s, val);
2691 rtl8139_IntrStatus_write(s, val);
2695 rtl8139_MultiIntr_write(s, val);
2699 rtl8139_RxBufPtr_write(s, val);
2703 rtl8139_BasicModeCtrl_write(s, val);
2705 case BasicModeStatus:
2706 rtl8139_BasicModeStatus_write(s, val);
2709 DEBUG_PRINT(("RTL8139: NWayAdvert write(w) val=0x%04x\n", val));
2710 s->NWayAdvert = val;
2713 DEBUG_PRINT(("RTL8139: forbidden NWayLPAR write(w) val=0x%04x\n", val));
2716 DEBUG_PRINT(("RTL8139: NWayExpansion write(w) val=0x%04x\n", val));
2717 s->NWayExpansion = val;
2721 rtl8139_CpCmd_write(s, val);
2725 rtl8139_IntrMitigate_write(s, val);
2729 DEBUG_PRINT(("RTL8139: ioport write(w) addr=0x%x val=0x%04x via write(b)\n", addr, val));
2731 rtl8139_io_writeb(opaque, addr, val & 0xff);
2732 rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
2737 static void rtl8139_io_writel(void *opaque, uint8_t addr, uint32_t val)
2739 RTL8139State *s = opaque;
2746 DEBUG_PRINT(("RTL8139: RxMissed clearing on write\n"));
2751 rtl8139_TxConfig_write(s, val);
2755 rtl8139_RxConfig_write(s, val);
2758 case TxStatus0 ... TxStatus0+4*4-1:
2759 rtl8139_TxStatus_write(s, addr-TxStatus0, val);
2762 case TxAddr0 ... TxAddr0+4*4-1:
2763 rtl8139_TxAddr_write(s, addr-TxAddr0, val);
2767 rtl8139_RxBuf_write(s, val);
2771 DEBUG_PRINT(("RTL8139: C+ RxRing low bits write val=0x%08x\n", val));
2772 s->RxRingAddrLO = val;
2776 DEBUG_PRINT(("RTL8139: C+ RxRing high bits write val=0x%08x\n", val));
2777 s->RxRingAddrHI = val;
2781 DEBUG_PRINT(("RTL8139: TCTR Timer reset on write\n"));
2783 s->TCTR_base = qemu_get_clock(vm_clock);
2787 DEBUG_PRINT(("RTL8139: FlashReg TimerInt write val=0x%08x\n", val));
2792 DEBUG_PRINT(("RTL8139: ioport write(l) addr=0x%x val=0x%08x via write(b)\n", addr, val));
2793 rtl8139_io_writeb(opaque, addr, val & 0xff);
2794 rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff);
2795 rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff);
2796 rtl8139_io_writeb(opaque, addr + 3, (val >> 24) & 0xff);
2801 static uint32_t rtl8139_io_readb(void *opaque, uint8_t addr)
2803 RTL8139State *s = opaque;
2810 case MAC0 ... MAC0+5:
2811 ret = s->phys[addr - MAC0];
2813 case MAC0+6 ... MAC0+7:
2816 case MAR0 ... MAR0+7:
2817 ret = s->mult[addr - MAR0];
2820 ret = rtl8139_ChipCmd_read(s);
2823 ret = rtl8139_Cfg9346_read(s);
2826 ret = rtl8139_Config0_read(s);
2829 ret = rtl8139_Config1_read(s);
2832 ret = rtl8139_Config3_read(s);
2835 ret = rtl8139_Config4_read(s);
2838 ret = rtl8139_Config5_read(s);
2843 DEBUG_PRINT(("RTL8139: MediaStatus read 0x%x\n", ret));
2847 ret = s->clock_enabled;
2848 DEBUG_PRINT(("RTL8139: HltClk read 0x%x\n", ret));
2852 ret = RTL8139_PCI_REVID;
2853 DEBUG_PRINT(("RTL8139: PCI Revision ID read 0x%x\n", ret));
2858 DEBUG_PRINT(("RTL8139C+ TxThresh read(b) val=0x%02x\n", ret));
2861 case 0x43: /* Part of TxConfig register. Windows driver tries to read it */
2862 ret = s->TxConfig >> 24;
2863 DEBUG_PRINT(("RTL8139C TxConfig at 0x43 read(b) val=0x%02x\n", ret));
2867 DEBUG_PRINT(("RTL8139: not implemented read(b) addr=0x%x\n", addr));
2875 static uint32_t rtl8139_io_readw(void *opaque, uint8_t addr)
2877 RTL8139State *s = opaque;
2880 addr &= 0xfe; /* mask lower bit */
2885 ret = rtl8139_IntrMask_read(s);
2889 ret = rtl8139_IntrStatus_read(s);
2893 ret = rtl8139_MultiIntr_read(s);
2897 ret = rtl8139_RxBufPtr_read(s);
2901 ret = rtl8139_RxBufAddr_read(s);
2905 ret = rtl8139_BasicModeCtrl_read(s);
2907 case BasicModeStatus:
2908 ret = rtl8139_BasicModeStatus_read(s);
2911 ret = s->NWayAdvert;
2912 DEBUG_PRINT(("RTL8139: NWayAdvert read(w) val=0x%04x\n", ret));
2916 DEBUG_PRINT(("RTL8139: NWayLPAR read(w) val=0x%04x\n", ret));
2919 ret = s->NWayExpansion;
2920 DEBUG_PRINT(("RTL8139: NWayExpansion read(w) val=0x%04x\n", ret));
2924 ret = rtl8139_CpCmd_read(s);
2928 ret = rtl8139_IntrMitigate_read(s);
2932 ret = rtl8139_TSAD_read(s);
2936 ret = rtl8139_CSCR_read(s);
2940 DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x via read(b)\n", addr));
2942 ret = rtl8139_io_readb(opaque, addr);
2943 ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
2945 DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x val=0x%04x\n", addr, ret));
2952 static uint32_t rtl8139_io_readl(void *opaque, uint8_t addr)
2954 RTL8139State *s = opaque;
2957 addr &= 0xfc; /* also mask low 2 bits */
2964 DEBUG_PRINT(("RTL8139: RxMissed read val=0x%08x\n", ret));
2968 ret = rtl8139_TxConfig_read(s);
2972 ret = rtl8139_RxConfig_read(s);
2975 case TxStatus0 ... TxStatus0+4*4-1:
2976 ret = rtl8139_TxStatus_read(s, addr-TxStatus0);
2979 case TxAddr0 ... TxAddr0+4*4-1:
2980 ret = rtl8139_TxAddr_read(s, addr-TxAddr0);
2984 ret = rtl8139_RxBuf_read(s);
2988 ret = s->RxRingAddrLO;
2989 DEBUG_PRINT(("RTL8139: C+ RxRing low bits read val=0x%08x\n", ret));
2993 ret = s->RxRingAddrHI;
2994 DEBUG_PRINT(("RTL8139: C+ RxRing high bits read val=0x%08x\n", ret));
2999 DEBUG_PRINT(("RTL8139: TCTR Timer read val=0x%08x\n", ret));
3004 DEBUG_PRINT(("RTL8139: FlashReg TimerInt read val=0x%08x\n", ret));
3008 DEBUG_PRINT(("RTL8139: ioport read(l) addr=0x%x via read(b)\n", addr));
3010 ret = rtl8139_io_readb(opaque, addr);
3011 ret |= rtl8139_io_readb(opaque, addr + 1) << 8;
3012 ret |= rtl8139_io_readb(opaque, addr + 2) << 16;
3013 ret |= rtl8139_io_readb(opaque, addr + 3) << 24;
3015 DEBUG_PRINT(("RTL8139: read(l) addr=0x%x val=%08x\n", addr, ret));
3024 static void rtl8139_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
3026 rtl8139_io_writeb(opaque, addr & 0xFF, val);
3029 static void rtl8139_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
3031 rtl8139_io_writew(opaque, addr & 0xFF, val);
3034 static void rtl8139_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
3036 rtl8139_io_writel(opaque, addr & 0xFF, val);
3039 static uint32_t rtl8139_ioport_readb(void *opaque, uint32_t addr)
3041 return rtl8139_io_readb(opaque, addr & 0xFF);
3044 static uint32_t rtl8139_ioport_readw(void *opaque, uint32_t addr)
3046 return rtl8139_io_readw(opaque, addr & 0xFF);
3049 static uint32_t rtl8139_ioport_readl(void *opaque, uint32_t addr)
3051 return rtl8139_io_readl(opaque, addr & 0xFF);
3056 static void rtl8139_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3058 rtl8139_io_writeb(opaque, addr & 0xFF, val);
3061 static void rtl8139_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3063 #ifdef TARGET_WORDS_BIGENDIAN
3066 rtl8139_io_writew(opaque, addr & 0xFF, val);
3069 static void rtl8139_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3071 #ifdef TARGET_WORDS_BIGENDIAN
3074 rtl8139_io_writel(opaque, addr & 0xFF, val);
3077 static uint32_t rtl8139_mmio_readb(void *opaque, target_phys_addr_t addr)
3079 return rtl8139_io_readb(opaque, addr & 0xFF);
3082 static uint32_t rtl8139_mmio_readw(void *opaque, target_phys_addr_t addr)
3084 uint32_t val = rtl8139_io_readw(opaque, addr & 0xFF);
3085 #ifdef TARGET_WORDS_BIGENDIAN
3091 static uint32_t rtl8139_mmio_readl(void *opaque, target_phys_addr_t addr)
3093 uint32_t val = rtl8139_io_readl(opaque, addr & 0xFF);
3094 #ifdef TARGET_WORDS_BIGENDIAN
3100 static int rtl8139_post_load(void *opaque, int version_id)
3102 RTL8139State* s = opaque;
3103 if (version_id < 4) {
3104 s->cplus_enabled = s->CpCmd != 0;
3110 static const VMStateDescription vmstate_rtl8139 = {
3113 .minimum_version_id = 3,
3114 .minimum_version_id_old = 3,
3115 .post_load = rtl8139_post_load,
3116 .fields = (VMStateField []) {
3117 VMSTATE_PCI_DEVICE(dev, RTL8139State),
3118 VMSTATE_PARTIAL_BUFFER(phys, RTL8139State, 6),
3119 VMSTATE_BUFFER(mult, RTL8139State),
3120 VMSTATE_UINT32_ARRAY(TxStatus, RTL8139State, 4),
3121 VMSTATE_UINT32_ARRAY(TxAddr, RTL8139State, 4),
3123 VMSTATE_UINT32(RxBuf, RTL8139State),
3124 VMSTATE_UINT32(RxBufferSize, RTL8139State),
3125 VMSTATE_UINT32(RxBufPtr, RTL8139State),
3126 VMSTATE_UINT32(RxBufAddr, RTL8139State),
3128 VMSTATE_UINT16(IntrStatus, RTL8139State),
3129 VMSTATE_UINT16(IntrMask, RTL8139State),
3131 VMSTATE_UINT32(TxConfig, RTL8139State),
3132 VMSTATE_UINT32(RxConfig, RTL8139State),
3133 VMSTATE_UINT32(RxMissed, RTL8139State),
3134 VMSTATE_UINT16(CSCR, RTL8139State),
3136 VMSTATE_UINT8(Cfg9346, RTL8139State),
3137 VMSTATE_UINT8(Config0, RTL8139State),
3138 VMSTATE_UINT8(Config1, RTL8139State),
3139 VMSTATE_UINT8(Config3, RTL8139State),
3140 VMSTATE_UINT8(Config4, RTL8139State),
3141 VMSTATE_UINT8(Config5, RTL8139State),
3143 VMSTATE_UINT8(clock_enabled, RTL8139State),
3144 VMSTATE_UINT8(bChipCmdState, RTL8139State),
3146 VMSTATE_UINT16(MultiIntr, RTL8139State),
3148 VMSTATE_UINT16(BasicModeCtrl, RTL8139State),
3149 VMSTATE_UINT16(BasicModeStatus, RTL8139State),
3150 VMSTATE_UINT16(NWayAdvert, RTL8139State),
3151 VMSTATE_UINT16(NWayLPAR, RTL8139State),
3152 VMSTATE_UINT16(NWayExpansion, RTL8139State),
3154 VMSTATE_UINT16(CpCmd, RTL8139State),
3155 VMSTATE_UINT8(TxThresh, RTL8139State),
3158 VMSTATE_MACADDR(conf.macaddr, RTL8139State),
3159 VMSTATE_INT32(rtl8139_mmio_io_addr, RTL8139State),
3161 VMSTATE_UINT32(currTxDesc, RTL8139State),
3162 VMSTATE_UINT32(currCPlusRxDesc, RTL8139State),
3163 VMSTATE_UINT32(currCPlusTxDesc, RTL8139State),
3164 VMSTATE_UINT32(RxRingAddrLO, RTL8139State),
3165 VMSTATE_UINT32(RxRingAddrHI, RTL8139State),
3167 VMSTATE_UINT16_ARRAY(eeprom.contents, RTL8139State, EEPROM_9346_SIZE),
3168 VMSTATE_INT32(eeprom.mode, RTL8139State),
3169 VMSTATE_UINT32(eeprom.tick, RTL8139State),
3170 VMSTATE_UINT8(eeprom.address, RTL8139State),
3171 VMSTATE_UINT16(eeprom.input, RTL8139State),
3172 VMSTATE_UINT16(eeprom.output, RTL8139State),
3174 VMSTATE_UINT8(eeprom.eecs, RTL8139State),
3175 VMSTATE_UINT8(eeprom.eesk, RTL8139State),
3176 VMSTATE_UINT8(eeprom.eedi, RTL8139State),
3177 VMSTATE_UINT8(eeprom.eedo, RTL8139State),
3179 VMSTATE_UINT32(TCTR, RTL8139State),
3180 VMSTATE_UINT32(TimerInt, RTL8139State),
3181 VMSTATE_INT64(TCTR_base, RTL8139State),
3183 VMSTATE_STRUCT(tally_counters, RTL8139State, 0,
3184 vmstate_tally_counters, RTL8139TallyCounters),
3186 VMSTATE_UINT32_V(cplus_enabled, RTL8139State, 4),
3187 VMSTATE_END_OF_LIST()
3191 /***********************************************************/
3192 /* PCI RTL8139 definitions */
3194 static void rtl8139_mmio_map(PCIDevice *pci_dev, int region_num,
3195 pcibus_t addr, pcibus_t size, int type)
3197 RTL8139State *s = DO_UPCAST(RTL8139State, dev, pci_dev);
3199 cpu_register_physical_memory(addr + 0, 0x100, s->rtl8139_mmio_io_addr);
3202 static void rtl8139_ioport_map(PCIDevice *pci_dev, int region_num,
3203 pcibus_t addr, pcibus_t size, int type)
3205 RTL8139State *s = DO_UPCAST(RTL8139State, dev, pci_dev);
3207 register_ioport_write(addr, 0x100, 1, rtl8139_ioport_writeb, s);
3208 register_ioport_read( addr, 0x100, 1, rtl8139_ioport_readb, s);
3210 register_ioport_write(addr, 0x100, 2, rtl8139_ioport_writew, s);
3211 register_ioport_read( addr, 0x100, 2, rtl8139_ioport_readw, s);
3213 register_ioport_write(addr, 0x100, 4, rtl8139_ioport_writel, s);
3214 register_ioport_read( addr, 0x100, 4, rtl8139_ioport_readl, s);
3217 static CPUReadMemoryFunc * const rtl8139_mmio_read[3] = {
3223 static CPUWriteMemoryFunc * const rtl8139_mmio_write[3] = {
3224 rtl8139_mmio_writeb,
3225 rtl8139_mmio_writew,
3226 rtl8139_mmio_writel,
3229 static inline int64_t rtl8139_get_next_tctr_time(RTL8139State *s, int64_t current_time)
3231 int64_t next_time = current_time +
3232 muldiv64(1, get_ticks_per_sec(), PCI_FREQUENCY);
3233 if (next_time <= current_time)
3234 next_time = current_time + 1;
3238 #ifdef RTL8139_ONBOARD_TIMER
3239 static void rtl8139_timer(void *opaque)
3241 RTL8139State *s = opaque;
3248 if (!s->clock_enabled)
3250 DEBUG_PRINT(("RTL8139: >>> timer: clock is not running\n"));
3254 curr_time = qemu_get_clock(vm_clock);
3256 curr_tick = muldiv64(curr_time - s->TCTR_base, PCI_FREQUENCY,
3257 get_ticks_per_sec());
3259 if (s->TimerInt && curr_tick >= s->TimerInt)
3261 if (s->TCTR < s->TimerInt || curr_tick < s->TCTR)
3267 s->TCTR = curr_tick;
3269 // DEBUG_PRINT(("RTL8139: >>> timer: tick=%08u\n", s->TCTR));
3273 DEBUG_PRINT(("RTL8139: >>> timer: timeout tick=%08u\n", s->TCTR));
3274 s->IntrStatus |= PCSTimeout;
3275 rtl8139_update_irq(s);
3278 qemu_mod_timer(s->timer,
3279 rtl8139_get_next_tctr_time(s,curr_time));
3281 #endif /* RTL8139_ONBOARD_TIMER */
3283 static void rtl8139_cleanup(VLANClientState *vc)
3285 RTL8139State *s = vc->opaque;
3290 static int pci_rtl8139_uninit(PCIDevice *dev)
3292 RTL8139State *s = DO_UPCAST(RTL8139State, dev, dev);
3294 cpu_unregister_io_memory(s->rtl8139_mmio_io_addr);
3295 if (s->cplus_txbuffer) {
3296 qemu_free(s->cplus_txbuffer);
3297 s->cplus_txbuffer = NULL;
3299 #ifdef RTL8139_ONBOARD_TIMER
3300 qemu_del_timer(s->timer);
3301 qemu_free_timer(s->timer);
3303 vmstate_unregister(&vmstate_rtl8139, s);
3304 qemu_del_vlan_client(s->vc);
3308 static int pci_rtl8139_init(PCIDevice *dev)
3310 RTL8139State * s = DO_UPCAST(RTL8139State, dev, dev);
3313 pci_conf = s->dev.config;
3314 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_REALTEK);
3315 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_REALTEK_8139);
3316 pci_conf[0x04] = 0x05; /* command = I/O space, Bus Master */
3317 pci_conf[0x08] = RTL8139_PCI_REVID; /* PCI revision ID; >=0x20 is for 8139C+ */
3318 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
3319 pci_conf[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; /* header_type */
3320 pci_conf[0x3d] = 1; /* interrupt pin 0 */
3321 pci_conf[0x34] = 0xdc;
3323 /* I/O handler for memory-mapped I/O */
3324 s->rtl8139_mmio_io_addr =
3325 cpu_register_io_memory(rtl8139_mmio_read, rtl8139_mmio_write, s);
3327 pci_register_bar(&s->dev, 0, 0x100,
3328 PCI_BASE_ADDRESS_SPACE_IO, rtl8139_ioport_map);
3330 pci_register_bar(&s->dev, 1, 0x100,
3331 PCI_BASE_ADDRESS_SPACE_MEMORY, rtl8139_mmio_map);
3333 qemu_macaddr_default_if_unset(&s->conf.macaddr);
3335 s->vc = qemu_new_vlan_client(NET_CLIENT_TYPE_NIC,
3336 s->conf.vlan, s->conf.peer,
3337 dev->qdev.info->name, dev->qdev.id,
3338 rtl8139_can_receive, rtl8139_receive, NULL,
3339 NULL, rtl8139_cleanup, s);
3340 qemu_format_nic_info_str(s->vc, s->conf.macaddr.a);
3342 s->cplus_txbuffer = NULL;
3343 s->cplus_txbuffer_len = 0;
3344 s->cplus_txbuffer_offset = 0;
3346 vmstate_register(-1, &vmstate_rtl8139, s);
3348 #ifdef RTL8139_ONBOARD_TIMER
3349 s->timer = qemu_new_timer(vm_clock, rtl8139_timer, s);
3351 qemu_mod_timer(s->timer,
3352 rtl8139_get_next_tctr_time(s,qemu_get_clock(vm_clock)));
3353 #endif /* RTL8139_ONBOARD_TIMER */
3355 if (!dev->qdev.hotplugged) {
3356 static int loaded = 0;
3358 rom_add_option("pxe-rtl8139.bin");
3365 static PCIDeviceInfo rtl8139_info = {
3366 .qdev.name = "rtl8139",
3367 .qdev.size = sizeof(RTL8139State),
3368 .qdev.reset = rtl8139_reset,
3369 .init = pci_rtl8139_init,
3370 .exit = pci_rtl8139_uninit,
3371 .qdev.props = (Property[]) {
3372 DEFINE_NIC_PROPERTIES(RTL8139State, conf),
3373 DEFINE_PROP_END_OF_LIST(),
3377 static void rtl8139_register_devices(void)
3379 pci_qdev_register(&rtl8139_info);
3382 device_init(rtl8139_register_devices)
projects / qemu.git / blob