# ROM wifi funcs todo: - disasm the wifi binary ```sh $ find . -type f -name "*.o" -exec bash -c ' for file in "$@"; do nm "$file" | grep ROM_ | sed "s|^|$file: |" done' bash {} + ``` ``` ./lib_wlan_mp/rtl8711b_cmd.o: U ROM_WIFI_BCN_VALID ./lib_wlan_mp/rtl8711b_firmware.o: U ROM_WIFI_8051Reset ./lib_wlan_mp/rtl8711b_firmware.o: U ROM_WIFI_FWDownloadEnable ./lib_wlan_mp/rtl8711b_hal_efuse.o: U ROM_WIFI_EfuseParseTxPowerInfo ./lib_wlan_mp/lxbus_ops.o: 00000001 T ROM_WIFI_InitLxDma_patch ./lib_wlan_mp/phydm_CfoTracking.o: U ROM_odm_CfoTrackingFlow ./lib_wlan_mp/phydm_CfoTracking.o: U ROM_ODM_CfoTrackingReset ./lib_wlan_mp/phydm_CfoTracking.o: U ROM_odm_GetDefaultCrytaltalCap ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitAdaptiveCtrl ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_INIT_BeaconParameters ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitBurstPktLen ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitDriverInfoSize ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitEDCA ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitLLTTable ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitLxDma_patch ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitNetworkType ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitNormalChipRegPriority ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitOperationMode ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitPageBoundary ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitRateFallback ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitRCR ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitRetryFunction ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitSIFS ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitTransferPageSize ./lib_wlan_mp/lxbus_halinit.o: U ROM_WIFI_InitTxBufferBoundary ./lib_wlan_mp/lxbus_suspend.o: U ROM_WIFI_32K_Cmd ./lib_wlan_mp/phydm_HWConfig.o: U ROM_odm_EVMdbToPercentage ./lib_wlan_mp/phydm_HWConfig.o: U ROM_odm_QueryRxPwrPercentage ./lib_wlan_mp/phydm_HWConfig.o: U ROM_odm_SignalScaleMapping_8711B ./lib_wlan_mp/rtw_mp.o: U ROM_odm_FalseAlarmCounterStatistics ./lib_wlan_mp/rtw_mp.o: U ROM_odm_SetCrystalCap ./lib_wlan_mp/rtl8711b_xmit.o: U ROM_WIFI_BCN_VALID ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_ACM_CTRL ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_BASIC_RATE ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_BCN_FUNC ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_BSSID_SET ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_BWMapping ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_CAM_WRITE ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_CHECK_BSSID ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_CHECK_TXBUF ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_DISCONNECT ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_FIFO_CLEARN_UP ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_FillFakeTxdesc ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_FillTxdescSectype ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_INIT_BeaconParameters ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_MACADDR_SET ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_MEDIA_STATUS ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_MEDIA_STATUS1 ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_PROMISC_Cmd ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_ReadChipVersion ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_RESP_SIFS ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_RESUME_TxBeacon ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_SCMapping ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_SetOpmodeAP ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_SET_TSF ./lib_wlan_mp/rtl8711b_hal_init.o: U ROM_WIFI_STOP_TXBeacon ./lib_wlan_mp/HalPhyRf_8711B.o: U ROM_odm_SetCrystalCap ./lib_wlan_mp/rtl8711b_phycfg.o: U ROM_odm_SetCrystalCap ./lib_wlan/rtl8711b_cmd.o: U ROM_WIFI_BCN_VALID ./lib_wlan/rtl8711b_firmware.o: U ROM_WIFI_8051Reset ./lib_wlan/rtl8711b_firmware.o: U ROM_WIFI_FWDownloadEnable ./lib_wlan/rtl8711b_hal_efuse.o: U ROM_WIFI_EfuseParseTxPowerInfo ./lib_wlan/lxbus_ops.o: 00000001 T ROM_WIFI_InitLxDma_patch ./lib_wlan/phydm_CfoTracking.o: U ROM_odm_CfoTrackingFlow ./lib_wlan/phydm_CfoTracking.o: U ROM_ODM_CfoTrackingReset ./lib_wlan/phydm_CfoTracking.o: U ROM_odm_GetDefaultCrytaltalCap ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitAdaptiveCtrl ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_INIT_BeaconParameters ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitBurstPktLen ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitDriverInfoSize ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitEDCA ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitLLTTable ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitLxDma_patch ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitNetworkType ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitNormalChipRegPriority ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitOperationMode ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitPageBoundary ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitRateFallback ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitRCR ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitRetryFunction ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitSIFS ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitTransferPageSize ./lib_wlan/lxbus_halinit.o: U ROM_WIFI_InitTxBufferBoundary ./lib_wlan/lxbus_suspend.o: U ROM_WIFI_32K_Cmd ./lib_wlan/phydm_HWConfig.o: U ROM_odm_EVMdbToPercentage ./lib_wlan/phydm_HWConfig.o: U ROM_odm_QueryRxPwrPercentage ./lib_wlan/phydm_HWConfig.o: U ROM_odm_SignalScaleMapping_8711B ./lib_wlan/rtl8711b_xmit.o: U ROM_WIFI_BCN_VALID ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_ACM_CTRL ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_BASIC_RATE ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_BCN_FUNC ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_BSSID_SET ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_BWMapping ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_CAM_WRITE ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_CHECK_BSSID ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_CHECK_TXBUF ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_DISCONNECT ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_FIFO_CLEARN_UP ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_FillFakeTxdesc ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_FillTxdescSectype ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_INIT_BeaconParameters ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_MACADDR_SET ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_MEDIA_STATUS ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_MEDIA_STATUS1 ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_PROMISC_Cmd ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_ReadChipVersion ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_RESP_SIFS ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_RESUME_TxBeacon ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_SCMapping ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_SetOpmodeAP ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_SET_TSF ./lib_wlan/rtl8711b_hal_init.o: U ROM_WIFI_STOP_TXBeacon ./lib_wlan/HalPhyRf_8711B.o: U ROM_odm_SetCrystalCap ./lib_wlan/rtl8711b_phycfg.o: U ROM_odm_SetCrystalCap ``` ### DMA ```c // 0x40080000 typedef struct { // 0x000-0x1FF: MAC/BB control registers uint32_t reserved1[...]; // 0x000-0x0FC __IO uint32_t NET_TYPE; // 0x100 - bits [17:16] = network type __IO uint8_t TRANSFER_PAGE_SIZE; // 0x104 - Transfer page size uint8_t reserved[...]; // Fill to 0x108 __IO uint16_t REG_PRIORITY; // 0x10C - Priority configuration uint32_t reserved[...]; __IO uint16_t PAGE_BOUNDARY; // 0x116 - Page Boundary config, set to 0x3F7F uint32_t reserved[...]; // Continue to 0x200 // 0x200-0x2FF: System control/status uint32_t reserved[...]; // 0x200-0x207 __IO uint8_t TX_BUFFER_BOUNDARY2; // 0x209 uint8_t reserved[...]; // 0x20A-0x20B __IO uint32_t REG_20C; // 0x20C - DMA Global Enable (bit 28) uint8_t reserved[...]; // 0x210-0x223 __IO uint32_t REG_224; // 0x224 - LLT Status (bit 16 = busy) uint8_t reserved[...]; // 0x225-0x228 __IO uint8_t TX_BUFFER_BOUNDARY3; // 0x229 __IO uint8_t REG_22A; // 0x22A - sets bit 1 if a2 true uint32_t reserved[52]; // -> 0x2FF // 0x300-0x3FF: DMA & Queue __IO uint32_t DMA_CTRL; // 0x300 __IO uint32_t reserved3; __IO uint32_t QUEUE4; // 0x308 __IO uint32_t reserved4; __IO uint32_t QUEUE5; // 0x310 __IO uint32_t reserved5; __IO uint32_t TX_BASE; // 0x318 __IO uint32_t reserved6; __IO uint32_t QUEUE1; // 0x320 __IO uint32_t reserved7; __IO uint32_t QUEUE2; // 0x328 __IO uint32_t reserved8; __IO uint32_t QUEUE3; // 0x330 __IO uint32_t reserved9; __IO uint32_t RX_QUEUE; // 0x338 __IO uint32_t QUEUE6; // 0x340 uint32_t reserved[...]; __IO uint16_t Q_CFG[14]; // 0x380-0x39A uint16_t reserved11; uint32_t reserved[...]; __IO uint32_t DMA_MASK; // 0x3E8 uint32_t reserved[...]; // 0x400-0x4FF region uint32_t reserved[...]; // 0x400-0x420 __IO uint8_t TX_BUFFER_BOUNDARY4; // 0x424 __IO uint8_t TX_BUFFER_BOUNDARY5; // 0x425 __IO uint16_t ADAPT_CTRL1; // 0x428 - a2 in both bytes or first SIFS timing? 4106 __IO uint16_t ADAPT_CTRL2; // 0x42A - (a3 & 0x3F) in both bytes uint32_t reserved[4]; // 0x42C-0x43C __IO uint32_t ADAPT_CTRL3; // 0x440 - a1 | (old[31:20] << 20) uint32_t reserved[...]; // 0x444-0x456 __IO uint8_t TX_BUFFER_BOUNDARY6; // 0x457 uint32_t reserved4_2; // 0x458-0x45B __IO uint8_t MODE_CTRL2; // 0x45C - Controlled by a2 parameter (80 or 0) __IO uint8_t TX_BUFFER_BOUNDARY7; // 0x45D (same as BOUND7), InitTxBufferBoundary uint8_t reserved[...]; __IO uint16_t SIFS3; // 0x514 - Third SIFS timing __IO uint16_t SIFS4; // 0x516 - Fourth SIFS timing // 0x600-0x6FF region uint8_t reserved[...]; // 0x600-0x60E __IO uint8_t DRIVER_INFO_SIZE; // 0x60F - Driver info size __IO uint16_t SIFS2; // 0x63A - Second SIFS timing } WIFI_TypeDef; // TX Ring typedef struct { uint32_t base_addr; // TX_BASE uint32_t reserved1[7]; // 28b uint32_t queue1; // QUEUE1 uint32_t reserved2[7]; uint32_t queue2; // QUEUE2 uint32_t reserved3[7]; uint32_t queue3; // QUEUE3 uint32_t reserved4[7]; uint32_t queue4; // QUEUE4 uint32_t reserved5[7]; uint32_t queue5; // QUEUE5 uint32_t reserved6[7]; uint32_t queue6; // QUEUE6 uint32_t reserved7[7]; } TX_RING_TypeDef; // RX Ring typedef struct { uint32_t base_addr; // RX_QUEUE uint32_t reserved[7]; // ? } RX_RING_TypeDef; ``` ```c // wireless modes from cur_wireless_mode mapping typedef enum { WIRELESS_MODE_2 = 2, // First valid value (v2 starts from 0) // ... up to WIRELESS_MODE_16, v2 > 0xE check } WIRELESS_MODE; // HalData[60] seems to be some hardware capability/mode that affects a2 typedef struct _ADAPTER { uint8_t *HalData; // HalData[60] determines MODE_CTRL2 value struct { uint8_t cur_wireless_mode; // current wireless mode } mlmeextpriv; // ... other fields } ADAPTER, *PADAPTER; ``` ```c // Network type values (2-bit field) #define NET_TYPE_MASK (3 << 16) // 0x00030000 #define NET_TYPE_SHIFT 16 // REG_PRIORITY bit fields #define PRIO_1_MASK (0x3 << 8) // a1 & 3 #define PRIO_2_MASK (0x3 << 10) // a2 & 3 #define PRIO_3_MASK (0x3 << 12) // a5 & 3 #define PRIO_4_MASK (0x3 << 4) // a4 & 3 #define PRIO_5_MASK (0x3 << 6) // a3 << 6 #define PRIO_6_MASK (0x3 << 14) // a6 << 14 #define PRIO_BASE_MASK 0x7 // preserved bits // Called with (1,1,2,3,3,3) // Would set bits: // [15:14] = 3 (a6) // [13:12] = 3 (a5) // [11:10] = 1 (a2) // [9:8] = 1 (a1) // [7:6] = 2 (a3) // [5:4] = 3 (a4) // [2:0] = preserved // ADAPT_CTRL // Called with (1048561, 16, 48) // ADAPT_CTRL1 = 0x1010 (16 | (16 << 8)) // ADAPT_CTRL2 = 0x3030 ((48 & 0x3F) | ((48 & 0x3F) << 8)) // ADAPT_CTRL3 preserves top 12 bits, lower 20 from 1048561 ``` ```mermaid sequenceDiagram participant Device participant AP as Access Point participant MAC as MAC Layer participant PHY as PHY Layer Note over Device,PHY: Initialization Phase Device->>MAC: ROM_WIFI_InitMacClk Device->>MAC: ROM_WIFI_Init32kClk Device->>MAC: ROM_WIFI_InitLxDma Device->>MAC: ROM_WIFI_INIT_MACADDR_SET Device->>MAC: ROM_WIFI_InitNetworkType Device->>MAC: ROM_WIFI_InitEDCA Device->>PHY: ROM_WIFI_ENABLE_BB_RF Note over Device,PHY: Connection Phase Device->>AP: ROM_WIFI_Set_MLME_Sitesurvey AP->>Device: Beacon Frames Device->>MAC: ROM_WIFI_BCN_VALID Device->>MAC: ROM_WIFI_CHECK_BSSID Device->>MAC: ROM_WIFI_Set_MLME_JOIN Device->>MAC: ROM_WIFI_BSSID_SET Note over Device,PHY: Operation Phase Device->>MAC: ROM_WIFI_Set_AC_Param MAC->>Device: ROM_WIFI_CHECK_TXBUF Device->>MAC: ROM_WIFI_SET_MAX_AGG_NUM Note over Device,PHY: Security Setup Device->>MAC: ROM_WIFI_SEC_CFG Device->>MAC: ROM_WIFI_CAM_WRITE Note over Device,PHY: Maintenance Device->>MAC: ROM_WIFI_TSF_GetByPort Device->>MAC: ROM_WIFI_IMR_UPDATE Device->>MAC: ROM_WIFI_High_Queue_Empty_Check ``` 1. init: - sysclock init (`ROM_WIFI_InitMacClk`, `ROM_WIFI_Init32kClk`) - DMA setup (`ROM_WIFI_InitLxDma`) - MAC address config (`ROM_WIFI_INIT_MACADDR_SET`) - Network type setup (`ROM_WIFI_InitNetworkType`) - EDCA params for QoS (`ROM_WIFI_InitEDCA`) - RF/Baseband enable (`ROM_WIFI_ENABLE_BB_RF`) 2. connect: - site survey to find networks (`ROM_WIFI_Set_MLME_Sitesurvey`) - beacon validation (`ROM_WIFI_BCN_VALID`) - BSSID checking (`ROM_WIFI_CHECK_BSSID`) - join request (`ROM_WIFI_Set_MLME_JOIN`) - BSSID setting (`ROM_WIFI_BSSID_SET`) 3. config: - AC (Access Category) param (`ROM_WIFI_Set_AC_Param`) - Buffer management? (`ROM_WIFI_CHECK_TXBUF`) - Aggregation configuration (`ROM_WIFI_SET_MAX_AGG_NUM`) 4. security: - Security configuration (`ROM_WIFI_SEC_CFG`) - CAM (Content Addressable Memory) (`ROM_WIFI_CAM_WRITE`) 5. maintain: - TSF (Timing Synchronization Function) (`ROM_WIFI_TSF_GetByPort`) - Interrupt mask updates (`ROM_WIFI_IMR_UPDATE`) - Queue monitoring (`ROM_WIFI_High_Queue_Empty_Check`) - MU-EDCA (Multi-User EDCA) `ROM_WIFI_AX_MUEDCA_Para` - BSS Coloring `ROM_WIFI_AX_BSS_COLOR_SET` - OFDMA (Orthogonal Frequency Division Multiple Access)