2 * QEMU NE2000 emulation
4 * Copyright (c) 2003-2004 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 /* debug NE2000 card */
29 //#define DEBUG_NE2000
31 #define MAX_ETH_FRAME_SIZE 1514
33 #define E8390_CMD 0x00 /* The command register (for all pages) */
34 /* Page 0 register offsets. */
35 #define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
36 #define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
37 #define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
38 #define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
39 #define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
40 #define EN0_TSR 0x04 /* Transmit status reg RD */
41 #define EN0_TPSR 0x04 /* Transmit starting page WR */
42 #define EN0_NCR 0x05 /* Number of collision reg RD */
43 #define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
44 #define EN0_FIFO 0x06 /* FIFO RD */
45 #define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
46 #define EN0_ISR 0x07 /* Interrupt status reg RD WR */
47 #define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
48 #define EN0_RSARLO 0x08 /* Remote start address reg 0 */
49 #define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
50 #define EN0_RSARHI 0x09 /* Remote start address reg 1 */
51 #define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
52 #define EN0_RTL8029ID0 0x0a /* Realtek ID byte #1 RD */
53 #define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
54 #define EN0_RTL8029ID1 0x0b /* Realtek ID byte #2 RD */
55 #define EN0_RSR 0x0c /* rx status reg RD */
56 #define EN0_RXCR 0x0c /* RX configuration reg WR */
57 #define EN0_TXCR 0x0d /* TX configuration reg WR */
58 #define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
59 #define EN0_DCFG 0x0e /* Data configuration reg WR */
60 #define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
61 #define EN0_IMR 0x0f /* Interrupt mask reg WR */
62 #define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
65 #define EN1_CURPAG 0x17
68 #define EN2_STARTPG 0x21 /* Starting page of ring bfr RD */
69 #define EN2_STOPPG 0x22 /* Ending page +1 of ring bfr RD */
71 #define EN3_CONFIG0 0x33
72 #define EN3_CONFIG1 0x34
73 #define EN3_CONFIG2 0x35
74 #define EN3_CONFIG3 0x36
76 /* Register accessed at EN_CMD, the 8390 base addr. */
77 #define E8390_STOP 0x01 /* Stop and reset the chip */
78 #define E8390_START 0x02 /* Start the chip, clear reset */
79 #define E8390_TRANS 0x04 /* Transmit a frame */
80 #define E8390_RREAD 0x08 /* Remote read */
81 #define E8390_RWRITE 0x10 /* Remote write */
82 #define E8390_NODMA 0x20 /* Remote DMA */
83 #define E8390_PAGE0 0x00 /* Select page chip registers */
84 #define E8390_PAGE1 0x40 /* using the two high-order bits */
85 #define E8390_PAGE2 0x80 /* Page 3 is invalid. */
87 /* Bits in EN0_ISR - Interrupt status register */
88 #define ENISR_RX 0x01 /* Receiver, no error */
89 #define ENISR_TX 0x02 /* Transmitter, no error */
90 #define ENISR_RX_ERR 0x04 /* Receiver, with error */
91 #define ENISR_TX_ERR 0x08 /* Transmitter, with error */
92 #define ENISR_OVER 0x10 /* Receiver overwrote the ring */
93 #define ENISR_COUNTERS 0x20 /* Counters need emptying */
94 #define ENISR_RDC 0x40 /* remote dma complete */
95 #define ENISR_RESET 0x80 /* Reset completed */
96 #define ENISR_ALL 0x3f /* Interrupts we will enable */
98 /* Bits in received packet status byte and EN0_RSR*/
99 #define ENRSR_RXOK 0x01 /* Received a good packet */
100 #define ENRSR_CRC 0x02 /* CRC error */
101 #define ENRSR_FAE 0x04 /* frame alignment error */
102 #define ENRSR_FO 0x08 /* FIFO overrun */
103 #define ENRSR_MPA 0x10 /* missed pkt */
104 #define ENRSR_PHY 0x20 /* physical/multicast address */
105 #define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
106 #define ENRSR_DEF 0x80 /* deferring */
108 /* Transmitted packet status, EN0_TSR. */
109 #define ENTSR_PTX 0x01 /* Packet transmitted without error */
110 #define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
111 #define ENTSR_COL 0x04 /* The transmit collided at least once. */
112 #define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
113 #define ENTSR_CRS 0x10 /* The carrier sense was lost. */
114 #define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
115 #define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
116 #define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
118 #define NE2000_PMEM_SIZE (32*1024)
119 #define NE2000_PMEM_START (16*1024)
120 #define NE2000_PMEM_END (NE2000_PMEM_SIZE+NE2000_PMEM_START)
121 #define NE2000_MEM_SIZE NE2000_PMEM_END
123 typedef struct NE2000State {
138 uint8_t phys[6]; /* mac address */
140 uint8_t mult[8]; /* multicast mask array */
145 uint8_t mem[NE2000_MEM_SIZE];
148 static void ne2000_reset(NE2000State *s)
152 s->isr = ENISR_RESET;
153 memcpy(s->mem, s->macaddr, 6);
157 /* duplicate prom data */
158 for(i = 15;i >= 0; i--) {
159 s->mem[2 * i] = s->mem[i];
160 s->mem[2 * i + 1] = s->mem[i];
164 static void ne2000_update_irq(NE2000State *s)
167 isr = (s->isr & s->imr) & 0x7f;
168 #if defined(DEBUG_NE2000)
169 printf("NE2000: Set IRQ to %d (%02x %02x)\n",
170 isr ? 1 : 0, s->isr, s->imr);
172 qemu_set_irq(s->irq, (isr != 0));
175 #define POLYNOMIAL 0x04c11db6
179 static int compute_mcast_idx(const uint8_t *ep)
186 for (i = 0; i < 6; i++) {
188 for (j = 0; j < 8; j++) {
189 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
193 crc = ((crc ^ POLYNOMIAL) | carry);
199 static int ne2000_buffer_full(NE2000State *s)
201 int avail, index, boundary;
203 index = s->curpag << 8;
204 boundary = s->boundary << 8;
205 if (index < boundary)
206 avail = boundary - index;
208 avail = (s->stop - s->start) - (index - boundary);
209 if (avail < (MAX_ETH_FRAME_SIZE + 4))
214 static int ne2000_can_receive(void *opaque)
216 NE2000State *s = opaque;
218 if (s->cmd & E8390_STOP)
220 return !ne2000_buffer_full(s);
223 #define MIN_BUF_SIZE 60
225 static void ne2000_receive(void *opaque, const uint8_t *buf, int size)
227 NE2000State *s = opaque;
229 unsigned int total_len, next, avail, len, index, mcast_idx;
231 static const uint8_t broadcast_macaddr[6] =
232 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
234 #if defined(DEBUG_NE2000)
235 printf("NE2000: received len=%d\n", size);
238 if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
241 /* XXX: check this */
242 if (s->rxcr & 0x10) {
243 /* promiscuous: receive all */
245 if (!memcmp(buf, broadcast_macaddr, 6)) {
246 /* broadcast address */
247 if (!(s->rxcr & 0x04))
249 } else if (buf[0] & 0x01) {
251 if (!(s->rxcr & 0x08))
253 mcast_idx = compute_mcast_idx(buf);
254 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
256 } else if (s->mem[0] == buf[0] &&
257 s->mem[2] == buf[1] &&
258 s->mem[4] == buf[2] &&
259 s->mem[6] == buf[3] &&
260 s->mem[8] == buf[4] &&
261 s->mem[10] == buf[5]) {
269 /* if too small buffer, then expand it */
270 if (size < MIN_BUF_SIZE) {
271 memcpy(buf1, buf, size);
272 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
277 index = s->curpag << 8;
278 /* 4 bytes for header */
279 total_len = size + 4;
280 /* address for next packet (4 bytes for CRC) */
281 next = index + ((total_len + 4 + 255) & ~0xff);
283 next -= (s->stop - s->start);
284 /* prepare packet header */
286 s->rsr = ENRSR_RXOK; /* receive status */
287 /* XXX: check this */
293 p[3] = total_len >> 8;
296 /* write packet data */
298 if (index <= s->stop)
299 avail = s->stop - index;
305 memcpy(s->mem + index, buf, len);
308 if (index == s->stop)
312 s->curpag = next >> 8;
314 /* now we can signal we have received something */
316 ne2000_update_irq(s);
319 static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
321 NE2000State *s = opaque;
322 int offset, page, index;
326 printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
328 if (addr == E8390_CMD) {
329 /* control register */
331 if (!(val & E8390_STOP)) { /* START bit makes no sense on RTL8029... */
332 s->isr &= ~ENISR_RESET;
333 /* test specific case: zero length transfer */
334 if ((val & (E8390_RREAD | E8390_RWRITE)) &&
337 ne2000_update_irq(s);
339 if (val & E8390_TRANS) {
340 index = (s->tpsr << 8);
341 /* XXX: next 2 lines are a hack to make netware 3.11 work */
342 if (index >= NE2000_PMEM_END)
343 index -= NE2000_PMEM_SIZE;
344 /* fail safe: check range on the transmitted length */
345 if (index + s->tcnt <= NE2000_PMEM_END) {
346 qemu_send_packet(s->vc, s->mem + index, s->tcnt);
348 /* signal end of transfer */
351 s->cmd &= ~E8390_TRANS;
352 ne2000_update_irq(s);
357 offset = addr | (page << 4);
370 ne2000_update_irq(s);
376 s->tcnt = (s->tcnt & 0xff00) | val;
379 s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
382 s->rsar = (s->rsar & 0xff00) | val;
385 s->rsar = (s->rsar & 0x00ff) | (val << 8);
388 s->rcnt = (s->rcnt & 0xff00) | val;
391 s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
400 s->isr &= ~(val & 0x7f);
401 ne2000_update_irq(s);
403 case EN1_PHYS ... EN1_PHYS + 5:
404 s->phys[offset - EN1_PHYS] = val;
409 case EN1_MULT ... EN1_MULT + 7:
410 s->mult[offset - EN1_MULT] = val;
416 static uint32_t ne2000_ioport_read(void *opaque, uint32_t addr)
418 NE2000State *s = opaque;
419 int offset, page, ret;
422 if (addr == E8390_CMD) {
426 offset = addr | (page << 4);
438 ret = s->rsar & 0x00ff;
443 case EN1_PHYS ... EN1_PHYS + 5:
444 ret = s->phys[offset - EN1_PHYS];
449 case EN1_MULT ... EN1_MULT + 7:
450 ret = s->mult[offset - EN1_MULT];
468 ret = 0; /* 10baseT media */
471 ret = 0x40; /* 10baseT active */
474 ret = 0x40; /* Full duplex */
482 printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
487 static inline void ne2000_mem_writeb(NE2000State *s, uint32_t addr,
491 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
496 static inline void ne2000_mem_writew(NE2000State *s, uint32_t addr,
499 addr &= ~1; /* XXX: check exact behaviour if not even */
501 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
502 *(uint16_t *)(s->mem + addr) = cpu_to_le16(val);
506 static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
509 addr &= ~1; /* XXX: check exact behaviour if not even */
511 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
512 cpu_to_le32wu((uint32_t *)(s->mem + addr), val);
516 static inline uint32_t ne2000_mem_readb(NE2000State *s, uint32_t addr)
519 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
526 static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
528 addr &= ~1; /* XXX: check exact behaviour if not even */
530 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
531 return le16_to_cpu(*(uint16_t *)(s->mem + addr));
537 static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
539 addr &= ~1; /* XXX: check exact behaviour if not even */
541 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
542 return le32_to_cpupu((uint32_t *)(s->mem + addr));
548 static inline void ne2000_dma_update(NE2000State *s, int len)
552 /* XXX: check what to do if rsar > stop */
553 if (s->rsar == s->stop)
556 if (s->rcnt <= len) {
558 /* signal end of transfer */
560 ne2000_update_irq(s);
566 static void ne2000_asic_ioport_write(void *opaque, uint32_t addr, uint32_t val)
568 NE2000State *s = opaque;
571 printf("NE2000: asic write val=0x%04x\n", val);
575 if (s->dcfg & 0x01) {
577 ne2000_mem_writew(s, s->rsar, val);
578 ne2000_dma_update(s, 2);
581 ne2000_mem_writeb(s, s->rsar, val);
582 ne2000_dma_update(s, 1);
586 static uint32_t ne2000_asic_ioport_read(void *opaque, uint32_t addr)
588 NE2000State *s = opaque;
591 if (s->dcfg & 0x01) {
593 ret = ne2000_mem_readw(s, s->rsar);
594 ne2000_dma_update(s, 2);
597 ret = ne2000_mem_readb(s, s->rsar);
598 ne2000_dma_update(s, 1);
601 printf("NE2000: asic read val=0x%04x\n", ret);
606 static void ne2000_asic_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
608 NE2000State *s = opaque;
611 printf("NE2000: asic writel val=0x%04x\n", val);
616 ne2000_mem_writel(s, s->rsar, val);
617 ne2000_dma_update(s, 4);
620 static uint32_t ne2000_asic_ioport_readl(void *opaque, uint32_t addr)
622 NE2000State *s = opaque;
626 ret = ne2000_mem_readl(s, s->rsar);
627 ne2000_dma_update(s, 4);
629 printf("NE2000: asic readl val=0x%04x\n", ret);
634 static void ne2000_reset_ioport_write(void *opaque, uint32_t addr, uint32_t val)
636 /* nothing to do (end of reset pulse) */
639 static uint32_t ne2000_reset_ioport_read(void *opaque, uint32_t addr)
641 NE2000State *s = opaque;
646 static void ne2000_save(QEMUFile* f,void* opaque)
648 NE2000State* s=(NE2000State*)opaque;
652 pci_device_save(s->pci_dev, f);
654 qemu_put_8s(f, &s->rxcr);
656 qemu_put_8s(f, &s->cmd);
657 qemu_put_be32s(f, &s->start);
658 qemu_put_be32s(f, &s->stop);
659 qemu_put_8s(f, &s->boundary);
660 qemu_put_8s(f, &s->tsr);
661 qemu_put_8s(f, &s->tpsr);
662 qemu_put_be16s(f, &s->tcnt);
663 qemu_put_be16s(f, &s->rcnt);
664 qemu_put_be32s(f, &s->rsar);
665 qemu_put_8s(f, &s->rsr);
666 qemu_put_8s(f, &s->isr);
667 qemu_put_8s(f, &s->dcfg);
668 qemu_put_8s(f, &s->imr);
669 qemu_put_buffer(f, s->phys, 6);
670 qemu_put_8s(f, &s->curpag);
671 qemu_put_buffer(f, s->mult, 8);
673 qemu_put_be32s(f, &tmp); /* ignored, was irq */
674 qemu_put_buffer(f, s->mem, NE2000_MEM_SIZE);
677 static int ne2000_load(QEMUFile* f,void* opaque,int version_id)
679 NE2000State* s=(NE2000State*)opaque;
686 if (s->pci_dev && version_id >= 3) {
687 ret = pci_device_load(s->pci_dev, f);
692 if (version_id >= 2) {
693 qemu_get_8s(f, &s->rxcr);
698 qemu_get_8s(f, &s->cmd);
699 qemu_get_be32s(f, &s->start);
700 qemu_get_be32s(f, &s->stop);
701 qemu_get_8s(f, &s->boundary);
702 qemu_get_8s(f, &s->tsr);
703 qemu_get_8s(f, &s->tpsr);
704 qemu_get_be16s(f, &s->tcnt);
705 qemu_get_be16s(f, &s->rcnt);
706 qemu_get_be32s(f, &s->rsar);
707 qemu_get_8s(f, &s->rsr);
708 qemu_get_8s(f, &s->isr);
709 qemu_get_8s(f, &s->dcfg);
710 qemu_get_8s(f, &s->imr);
711 qemu_get_buffer(f, s->phys, 6);
712 qemu_get_8s(f, &s->curpag);
713 qemu_get_buffer(f, s->mult, 8);
714 qemu_get_be32s(f, &tmp); /* ignored */
715 qemu_get_buffer(f, s->mem, NE2000_MEM_SIZE);
720 void isa_ne2000_init(int base, qemu_irq irq, NICInfo *nd)
724 s = qemu_mallocz(sizeof(NE2000State));
728 register_ioport_write(base, 16, 1, ne2000_ioport_write, s);
729 register_ioport_read(base, 16, 1, ne2000_ioport_read, s);
731 register_ioport_write(base + 0x10, 1, 1, ne2000_asic_ioport_write, s);
732 register_ioport_read(base + 0x10, 1, 1, ne2000_asic_ioport_read, s);
733 register_ioport_write(base + 0x10, 2, 2, ne2000_asic_ioport_write, s);
734 register_ioport_read(base + 0x10, 2, 2, ne2000_asic_ioport_read, s);
736 register_ioport_write(base + 0x1f, 1, 1, ne2000_reset_ioport_write, s);
737 register_ioport_read(base + 0x1f, 1, 1, ne2000_reset_ioport_read, s);
739 memcpy(s->macaddr, nd->macaddr, 6);
743 s->vc = qemu_new_vlan_client(nd->vlan, ne2000_receive,
744 ne2000_can_receive, s);
746 snprintf(s->vc->info_str, sizeof(s->vc->info_str),
747 "ne2000 macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
755 register_savevm("ne2000", 0, 2, ne2000_save, ne2000_load, s);
758 /***********************************************************/
759 /* PCI NE2000 definitions */
761 typedef struct PCINE2000State {
766 static void ne2000_map(PCIDevice *pci_dev, int region_num,
767 uint32_t addr, uint32_t size, int type)
769 PCINE2000State *d = (PCINE2000State *)pci_dev;
770 NE2000State *s = &d->ne2000;
772 register_ioport_write(addr, 16, 1, ne2000_ioport_write, s);
773 register_ioport_read(addr, 16, 1, ne2000_ioport_read, s);
775 register_ioport_write(addr + 0x10, 1, 1, ne2000_asic_ioport_write, s);
776 register_ioport_read(addr + 0x10, 1, 1, ne2000_asic_ioport_read, s);
777 register_ioport_write(addr + 0x10, 2, 2, ne2000_asic_ioport_write, s);
778 register_ioport_read(addr + 0x10, 2, 2, ne2000_asic_ioport_read, s);
779 register_ioport_write(addr + 0x10, 4, 4, ne2000_asic_ioport_writel, s);
780 register_ioport_read(addr + 0x10, 4, 4, ne2000_asic_ioport_readl, s);
782 register_ioport_write(addr + 0x1f, 1, 1, ne2000_reset_ioport_write, s);
783 register_ioport_read(addr + 0x1f, 1, 1, ne2000_reset_ioport_read, s);
786 void pci_ne2000_init(PCIBus *bus, NICInfo *nd, int devfn)
792 d = (PCINE2000State *)pci_register_device(bus,
793 "NE2000", sizeof(PCINE2000State),
796 pci_conf = d->dev.config;
797 pci_conf[0x00] = 0xec; // Realtek 8029
798 pci_conf[0x01] = 0x10;
799 pci_conf[0x02] = 0x29;
800 pci_conf[0x03] = 0x80;
801 pci_conf[0x0a] = 0x00; // ethernet network controller
802 pci_conf[0x0b] = 0x02;
803 pci_conf[0x0e] = 0x00; // header_type
804 pci_conf[0x3d] = 1; // interrupt pin 0
806 pci_register_io_region(&d->dev, 0, 0x100,
807 PCI_ADDRESS_SPACE_IO, ne2000_map);
809 s->irq = d->dev.irq[0];
810 s->pci_dev = (PCIDevice *)d;
811 memcpy(s->macaddr, nd->macaddr, 6);
813 s->vc = qemu_new_vlan_client(nd->vlan, ne2000_receive,
814 ne2000_can_receive, s);
816 snprintf(s->vc->info_str, sizeof(s->vc->info_str),
817 "ne2000 pci macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
825 /* XXX: instance number ? */
826 register_savevm("ne2000", 0, 3, ne2000_save, ne2000_load, s);
projects / qemu / blob