Skip to content

rtl8811au support#22

Open
RomanLut wants to merge 1 commit into
OpenIPC:masterfrom
RomanLut:rtl8811au_support
Open

rtl8811au support#22
RomanLut wants to merge 1 commit into
OpenIPC:masterfrom
RomanLut:rtl8811au_support

Conversation

@RomanLut
Copy link
Copy Markdown

@RomanLut RomanLut commented May 19, 2026

Attempt to add rtl8811au support.

Still no luck, waiting for hardware.

The missing parts were taken from https://github.com/svpcom/rtl8812au/tree/v5.2.20-rssi-fix-but-sometimes-crash

@RomanLut RomanLut mentioned this pull request May 19, 2026
Closed
4 tasks
@josephnef josephnef mentioned this pull request May 19, 2026
Open
@josephnef
Copy link
Copy Markdown
Collaborator

josephnef commented May 19, 2026

Thanks for porting this — adding the 8821a HAL tree is exactly the missing piece for actual RTL8821AU dongles. Two coordination notes plus one logistics ask.

Scope / dispatch. The PID allow-list in RtlUsbAdapter::InitDvObj currently lumps real RTL8811AU PIDs (0bda:0811, 0bda:a811) into RtlChipType::RTL8821. Those are Jaguar silicon (CHIP_8812 with RFType=1T1R), not Jaguar2 — sending them through the 8821 HAL with the 8821 firmware blob shouldn't work. Suggest narrowing the table to genuinely-8821 SKUs (e.g. 2357:0120, 0bda:0820/0821/0823, the 8821-combo OEM IDs) and letting the existing 8812 path handle 8811AU. Even better long-term would be a SYS_CFG-based family check (IC-ID bits) so new SKU revs don't need a code patch — that's what upstream rtl8812au does.

Conflict with #21. I have a small PR open (#21) that touches the same lines in EepromManager::read_chip_version_8812a — it derives RFType from REG_SYS_CFG bit 27 (RF_TYPE_ID) so the already-present 1T1R BB/RF paths reach actual 8811AU dongles. Whichever lands first will force the other to rebase. Happy to coordinate — I think the two compose cleanly once #22's dispatch is narrowed:

Hardware / logistics. The reporter on #20 (BadPotato1007) has a TP-Link Archer T2U Plus (2357:0120) — that's already in your allow-list — and is up for testing #22, which would close the loop. Also: we'd like to keep one in the OpenIPC lab for regressions. Where did you source / where are you planning to source your test dongle from? Happy to order from the same place so we're testing against an identical SKU rev.

@RomanLut
Copy link
Copy Markdown
Author

RomanLut commented May 19, 2026

Where did you source / where are you planning to source your test dongle from?

https://www.amazon.de/-/en/dp/B07P681N66?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1
I hope correct chipset arrive. You may wait a few days untill I check.

@josephnef
Copy link
Copy Markdown
Collaborator

josephnef commented May 21, 2026

Putting this on hold — RTL8811AU support landed via #23 (squash-merged f05b743), so master now carries the 8811 code path. We'd like to keep this PR around as a second-source data point but are postponing review/merge until we have RTL8811AU hardware in hand to verify against before integrating any deltas. Thanks for the contribution.

@josephnef
Copy link
Copy Markdown
Collaborator

josephnef commented May 23, 2026

Hardware test (2026-05-23). Finally got a TP-Link Archer T2U Plus (2357:0120, RTL8821AU) in-lab on a Mac. Ran current master (5de6d62) against it to characterise the failure mode before re-attempting this PR.

RX and TX die at the same stage:

<devourer>read_chip_version_8812a SYS_CFG(0xF0)=0x04412535
<devourer>Chip Version Info: CHIP_8812_Normal_Chip_TSMC_D_CUT_2T2R_RomVer(0)
... (EFUSE autoload OK, sensible defaults) ...
<devourer>power-on :REG_SYS_CLKR 0x09=0x30. REG_CR 0x100=0xEA
<devourer>MAC has not been powered on yet
<devourer>InitPowerOn: run power on flow fail

Master applies Rtl8812_NIC_ENABLE_FLOW to 8821AU silicon and HalPwrSeqCmdParsing returns false — chip stays in CARDEMU, never transitions to ACT. This is exactly what your hal/Hal8821APwrSeq.{c,h} is for. USB open / claim / reset / EFUSE autoload all work; the gap is purely in the HAL.

@josephnef josephnef mentioned this pull request May 23, 2026
Merged
josephnef added a commit that referenced this pull request May 23, 2026
@josephnef @web-flow @claude
RTL8821AU: partial bring-up — chip init OK, RX silent — WIP (#30)
22d1cd0 
## Status: WIP — chip init succeeds, RX data flow still silent

Brings up the RTL8821AU end-to-end except for RX bulk-IN data flow.
Posting so @RomanLut and others can continue the investigation from a
clean checkpoint that builds against current master instead of
resurrecting #22 (which deletes the 8814AU work and has a parallel
dispatch enum that doesn't compose with the `ICType`-based convention
#23-#29 established).

## What works on T2U Plus 2357:0120 (verified on macOS)

- Chip detection: `CHIP_8821_Normal_Chip_TSMC_D_CUT_1T1R`
- 8821 power-on flow (`rtl8821A_card_enable_flow`)
- Firmware download — 8821 blob, signature `0x2101`, FW ready in ~30ms
- MAC/BB/AGC/RadioA register tables via existing `PhyTableLoader` (same
phydm conditional encoding as 8814AU)
- RFE pinmux (`phy_SetRFEReg8821`), band switch 2.4G/5G, channel + TX
power table on ch6/36/100
- USB endpoint discovery: bulk IN 0x84, OUTs 0x05/0x06/0x08/0x09 (vs
8812/8814's 0x81 and 0x02-0x05)
- `libusb_clear_halt` on IN + `REG_USB_HRPWM=0x84` LPS wake

## What's NOT working

- **RX bulk-IN reads succeed at the USB layer but the chip never pushes
data.** 0 RX packets across 15s on ch100 even with the host Mac actively
associated to a busy 5GHz AP. The chip-internal RX-DMA → bulk-IN-EP
binding isn't engaging despite all known init steps.
- TX path is wired (correct OUT EP, no `LIBUSB_ERROR_NOT_FOUND`) but
unvalidated end-to-end on 8821AU — no peer sniffer in this session.

## Regression matrix (Linux trainer-arch, master vs
`feat/rtl8821au-support`)

| Adapter | Test | Result | vs master |
|---|---|---|---|
| 8812AU (`0bda:8812`) | RX | 41 pkts / 15s, 0 errors, `CHIP_8812`
detected | ✓ no regression |
| 8812AU | TX | 15 prints all `rc=1`, 0 failures (2 runs) | ✓ no
regression |
| 8814AU (`0bda:8813`) | RX | 0 pkts | ✓ matches master baseline
(pre-existing) |
| 8814AU | TX | `rc=1`, ~270-320 async failures (timing-variant) | ✓
matches master baseline |

The new `CHIP_8821` dispatch correctly routes 8812 → 8812 path and 8814
→ 8814 path. No misrouting.

## Suggested next steps for whoever picks this up

1. usbmon trace of `aircrack-ng/rtl8812au`'s RX bring-up against an
8821AU on Linux; diff post-fwdl register writes vs ours
(REG_TRXDMA_CTRL, REG_USB_AGG_TH/TO, REG_RXDMA_AGG_PG_TH,
REG_USB_SPECIAL_OPTION).
2. Compare register state post-init (kernel-driver readback vs our
post-init pyusb dump). Same technique that unblocked the 8814AU TX work.
3. Re-read @RomanLut's #22 `HalModule.cpp` for any 8821-specific init
steps I didn't carry over when rewiring through `ICType`.

## What this preserves

- 8812AU support — untouched (default dispatch branch)
- 8814AU support — untouched (#23-#29 work preserved)
- Same `HAL_IC_TYPE_E` / `ICType` dispatch pattern; no parallel enum

## Attribution

8821a HAL data (`Hal8821APwrSeq`, `Hal8821PhyReg`, `hal8821a_fw`) ported
verbatim from @RomanLut's #22 (svpcom/rtl8812au v5.2.20). Wiring re-done
to follow master's existing convention.

Refs #20 (BadPotato1007's underlying request) and #22 (RomanLut's
original port).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: RomanLut <noreply@github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 23, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RomanLut @josephnef