cpmodem_shim/cpmodem_shim.c

/*
 * FILE NAME cpmodem_shim.c
 *
 * BRIEF MODULE DESCRIPTION
 *  Frankendriver - USB to ethernet, ip or PPP controlled via a block driver.
 *
 *  Author: CradlePoint Technology, Inc.  <source@cradlepoint.com>
 *  		Ben Kendall <benk@cradlepoint.com>
 *  		Cory Atkin <catkin@cradlepoint.com>
 *
 * Copyright 2012, CradlePoint Technology, Inc.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to:
 *  Free Software Foundation
 *  51 Franklin Street, Fifth Floor
 *  Boston, MA  02111-1301  USA
 */


// Necessary includes for device drivers
#include <linux/module.h>   	// Needed by all modules 
#include <linux/kernel.h>   	// Needed for KERN_xxxx 
#include <linux/init.h> 		// Needed for the macros 
#include <linux/cdev.h>
#include <linux/slab.h> 		// kmalloc()
#include <linux/fs.h>   		// everything... 
#include <linux/poll.h>
#include <linux/errno.h>		// error codes
#include <linux/types.h>		// size_t
#include <linux/proc_fs.h>
#include <linux/fcntl.h>		
#include <linux/skbuff.h>   	
#include <linux/list.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <linux/ethtool.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/inetdevice.h>
#include <linux/ip.h>
#include <net/addrconf.h>
#include <linux/tty.h>
#include <linux/tty_flip.h>
#include <linux/spinlock.h>
#include <linux/ktime.h>
/* #include <asm/system.h>  	// cli(), *_flags */
#include <asm/uaccess.h>		// copy_from/to_user
#include <linux/usb.h>
#include <linux/version.h>      // LINUX_VERSION_CODE
#include <cpmodem_shim.h>
#include <cpmodem_wrapper.h>


//#define KERNEL_2_6_21 // comment this out for 3.0.29 kernel
/*********************************************** logging and debug ************************************************/

#define RUNTIME_DEBUG_TRACE (1 << 0)
#define RUNTIME_DEBUG_INFO (1 << 1)
#define RUNTIME_DEBUG_WARN (1 << 2)
#define RUNTIME_DEBUG_ERROR (1 << 3)
#define RUNTIME_LOG 0
#define RUNTIME_ASSERT -1

//#undef RUNTIME_DEBUG
//#define RUNTIME_DEBUG ( /*RUNTIME_DEBUG_TRACE |*/  RUNTIME_DEBUG_INFO | RUNTIME_DEBUG_WARN | RUNTIME_DEBUG_ERROR )


static int cp_lkm_log_level = 0;
 
#ifdef RUNTIME_DEBUG
static const char *cp_lkm_shim_runtime_debug_level_str[] = {
	"ASSERT",
	"TRACE",
	"INFO",
	"WARN",
	"ERROR",
};
#else
static const char *cp_lkm_shim_debug_log_level_str[] = {
	"ASSERT",
	"ERROR",
	"WARN",
	"INFO",
	"TRACE",
	"PRINTF"
};
#endif

static int cp_out_get_level_index(int level)
{
	int level_index = 0;
	while (level) {
		level = level >> 1;
		level_index++;
	}
	return level_index;
}

static void cp_out(int level, const char * file, int line, const char *fmt, ...)
{
	int file_str_len = 0;
	char *file_pos = (char *)file; 
	char *fmt1;
	va_list arg;
	int level_index = 0;
	const char *level_str = NULL;
	const char *kernel_lvl_str = NULL;

	if (level>0) { // level of 0 is LOG and -1 is ASSERT - always output
		level_index = cp_out_get_level_index(level);

#ifdef RUNTIME_DEBUG
		if (!(RUNTIME_DEBUG & level)) {
			return;
		}
		level_str = cp_lkm_shim_runtime_debug_level_str[level_index];
#else
		if (!(cp_lkm_log_level & level)) {
			return;
		}
		level_str = cp_lkm_shim_debug_log_level_str[level_index];
#endif
	}


	switch(level) {
	case RUNTIME_DEBUG_TRACE:
		kernel_lvl_str = KERN_INFO;
		break;
	case RUNTIME_DEBUG_INFO: 
		kernel_lvl_str = KERN_INFO;
		break;
	case RUNTIME_DEBUG_WARN: 
		kernel_lvl_str = KERN_WARNING;
		break;
	case RUNTIME_DEBUG_ERROR:
		kernel_lvl_str = KERN_ERR;
		break;
	case RUNTIME_LOG:      
		kernel_lvl_str = KERN_INFO;
		break;
	case RUNTIME_ASSERT:  
		kernel_lvl_str = KERN_ERR;
		break;
	default:
		kernel_lvl_str = KERN_INFO;
		break;
	}


	va_start(arg, fmt);

	if (file) {
		char *pos = (char *)file;
		while ((pos = strchr(pos, '/'))) {
			pos++;
			file_pos = pos;
		}

		file_str_len = strlen(file_pos);
	}

	fmt1 = kmalloc(strlen(fmt) + file_str_len + 12 + 6 + 2, GFP_ATOMIC); // +6 for debug type indication, +2 for linux syslog level
	if (!fmt1) {
		return;
	}
	if (level_str) {
		if (file) {
			sprintf(fmt1, "%s%6s  %s(%4d):%s\n", kernel_lvl_str, level_str, file_pos, line, fmt);
		} else {
			sprintf(fmt1, "%s%6s  %s\n", kernel_lvl_str, level_str, fmt);
		}
	} else {
		if (file) {
			sprintf(fmt1, "%s%s(%4d):%s\n", kernel_lvl_str, file_pos, line, fmt);
		} else {
			sprintf(fmt1, "%s%s\n", kernel_lvl_str, fmt);
		}
	}
	vprintk(fmt1, arg);
	kfree(fmt1);
	va_end(arg);
}

#ifdef RUNTIME_DEBUG
// assert is always defined if RUNTIME_DEBUG is defined
// bad idea to kill things in kernel, so we just print the assert msg and keep going
#define DEBUG_ASSERT(a, args...) \
	if (!(a)) { \
		printk(KERN_ERR "\n!!! CPMODEM_SHIM ASSERT !!!\n"); \
		cp_out(RUNTIME_ASSERT, __FILE__, __LINE__, args); \
		dump_stack(); \
	}
#define DEBUG_TRACE(args...) cp_out(RUNTIME_DEBUG_TRACE, __FILE__, __LINE__, args)
#define DEBUG_INFO(args...)  cp_out(RUNTIME_DEBUG_INFO, __FILE__, __LINE__, args)
#define DEBUG_WARN(args...)  cp_out(RUNTIME_DEBUG_WARN, __FILE__, __LINE__, args)
#define DEBUG_ERROR(args...) cp_out(RUNTIME_DEBUG_ERROR, __FILE__, __LINE__, args)
#else
#define DEBUG_ASSERT(a, args...) 
#define DEBUG_TRACE(args...)	cp_out(LOG_DEBUG_LEVEL_TRACE, __FILE__, __LINE__, args)
								
#define DEBUG_INFO(args...) 	cp_out(LOG_DEBUG_LEVEL_INFO, __FILE__, __LINE__, args)
								
#define DEBUG_WARN(args...) 	cp_out(LOG_DEBUG_LEVEL_WARN, __FILE__, __LINE__, args)
								
#define DEBUG_ERROR(args...)	cp_out(LOG_DEBUG_LEVEL_ERROR, __FILE__, __LINE__, args)
								
#define DEBUG_PRINTF(args...)   cp_out(LOG_DEBUG_LEVEL_PRINTF, __FILE__, __LINE__, args)
								
#endif

#define LOG(args...) cp_out(RUNTIME_LOG, NULL, 0, args)

/*********************************************** general definitions and helper functions *************************/

// Buffer to store data
struct cp_lkm_read_msg {
	struct cp_lkm_msg_hdr hdr;
	struct sk_buff *skb;
	struct list_head list;
};

struct cp_lkm_common_ctx {
	u8 open_cnt;

	// read operation members
	wait_queue_head_t inq;
	struct list_head read_list;    
	spinlock_t  read_list_lock;
	bool reading_data;
	bool q_waiting;
	// write operation members
	struct sk_buff *write_skb;

	int (*open)(struct cp_lkm_common_ctx *ctx); // called at open
	int (*close)(struct cp_lkm_common_ctx *ctx); // called at close
	int (*handle_msg)(struct cp_lkm_common_ctx *ctx, struct cp_lkm_msg_hdr *hdr, struct sk_buff *skb); // called at write
	int (*handle_ioctl)(struct cp_lkm_common_ctx *ctx, int cmd, void *k_argp); // called at ioctl
};


int cp_lkm_open(struct inode *inode, struct file *filp);
int cp_lkm_release(struct inode *inode, struct file *filp);
ssize_t cp_lkm_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos);
ssize_t cp_lkm_write(struct file *filp, const char __user *buf, size_t count, loff_t *f_pos);
#ifdef KERNEL_2_6_21
int cp_lkm_ioctl (struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg);
#else
long cp_lkm_ioctl (struct file *filp, unsigned int cmd, unsigned long arg);
#endif
unsigned int cp_lkm_poll(struct file *filp, struct poll_table_struct *);

static void cp_lkm_common_ctx_init(struct cp_lkm_common_ctx *common);
static void cp_lkm_cleanup_msg_list(struct cp_lkm_common_ctx *common);
static int cp_lkm_post_message(struct cp_lkm_common_ctx *mgr, struct cp_lkm_msg_hdr* hdr, struct sk_buff *skb);

/* Structure that declares the usual file
	access functions */
struct file_operations cp_lkm_fops = {
	.owner = THIS_MODULE,
	.read = cp_lkm_read,
	.write = cp_lkm_write,
#ifdef KERNEL_2_6_21
	.ioctl = cp_lkm_ioctl,
#else
	.unlocked_ioctl = cp_lkm_ioctl,
#endif
	.open = cp_lkm_open,
	.poll = cp_lkm_poll,
	.release = cp_lkm_release
};

static int major;
static struct device *cp_lkm_dev[2];
static struct class *cp_lkm_class;

#define CP_LKM_USB_MGR_MINOR 0
#define CP_LKM_PM_MGR_MINOR 1
#define CP_LKM_ITER         3000   //CP_LIM_ITER * CP_LKM_TIMEOUT_MS = 30000 or 30 seconds
#define CP_LKM_TIMEOUT_MS   10

typedef int (*cp_lkm_data_transfer_t)(void *ctx, struct sk_buff *skb);
typedef void (*cp_lkm_data_hdr_size_t)(void *ctx, int wrapper_hdr_size, int *hdr_size, int* hdr_offset);
typedef int (*cp_lkm_poll_t)(void *ctx, int budget);
typedef void (*cp_lkm_schedule_t)(void *ctx);
typedef void (*cp_lkm_complete_t)(void *ctx);
typedef int (*cp_lkm_msg_t)(void *ctx);
struct cp_lkm_edi {
	//values provided by usb side, called by pm side
	cp_lkm_data_transfer_t usb_send;
	void *usb_send_ctx;
	
	//value provided by pm side, called by usb side
	cp_lkm_msg_t pm_send_pause;    //called by usb to pause the network q
	cp_lkm_msg_t pm_send_resume;   //called by usb to resume the network q
	cp_lkm_data_transfer_t pm_recv;
	cp_lkm_data_hdr_size_t pm_get_hdr_size;  //ask pm how much space it needs for headers
	void *pm_recv_ctx;

	void *pm_stats64_ctx;
};

static int cp_lkm_pm_usb_link(struct cp_lkm_edi *edi, int pm_unique_id, int link);

struct cp_lkm_pm_stats64 {
	u64	rx_packets;	   
	u64	tx_packets;	   
	u64	rx_bytes;	   
	u64	tx_bytes;	   
	u64	rx_errors;	   
	u64	tx_errors;	   
	u64	rx_dropped;	   
	u64	tx_dropped;	   

	u64	rx_over_errors;	   

	struct u64_stats_sync syncp;
};

struct cp_lkm_pm_common {
	int unique_id;
	u32 attached;
	cp_lkm_pm_type_t type;
	struct net_device *net_dev;
	struct cp_lkm_edi *edi;
	struct list_head filter_list;
	u32 filter_drop_cnt;

	// keep these in pm context so dual sim hidden unplug/plug do not affect the stats
	struct cp_lkm_pm_stats64 *pcpu_stats64;

	int pm_link_count;  	 //token used to prevent xmit and poll from being called if we are linking or unlinking, -1 = unlinking so block xmit and poll, 
	spinlock_t pm_link_lock; //lock to protect getting and releasing the pm_link_count token

	struct list_head list;
};

//static void cp_lkm_pm_update_stats64(struct cp_lkm_pm_stats64 *stats, u64 *field, u64 incr);
#define UPDATE_STATS(stats_ctx, field, incr) if (stats_ctx) { \
												struct cp_lkm_pm_stats64 *stats = this_cpu_ptr(((struct cp_lkm_pm_common *)stats_ctx)->pcpu_stats64); \
												if (stats) { \
													u64_stats_update_begin(&stats->syncp); \
													stats->field += incr; \
													u64_stats_update_end(&stats->syncp); \
												} \
											 }

//Keep these commented out for release
//static int dbg_memleak_timer_started = 0;
//static struct timer_list dbg_memleak_timer;  
//static spinlock_t dbg_state_lock;
//static int dbg_state_init = 0;
//static int g_dbg_memalloc_cnt = 0;
//static int g_stuck_cnt = 0;
//static int g_stuck_chk = 0;
//static int g_unlink_cnt = 0;

typedef size_t ref_t;
typedef void (*memref_final_method_t)(void *buf);
struct memref {
	memref_final_method_t mfree;
	atomic_t refs;
};

 
void *memref_alloc(size_t size, memref_final_method_t mfree)
{
	struct memref *ptr;

	ptr = (struct memref *)kmalloc(sizeof(struct memref) + size, GFP_ATOMIC);
	if (!ptr) {
		return NULL;
	}
	//g_dbg_memalloc_cnt++;
	ptr->mfree = mfree;
	atomic_set(&ptr->refs, 1);

	return (ptr + 1);
}

void *memref_alloc_and_zero(size_t size, memref_final_method_t mfree)
{
	void *ptr;

	ptr = memref_alloc(size, mfree);
	if (!ptr) {
		return NULL;
	}

	memset(ptr, 0x00, size);

	return ptr;
}

static void *memref_ref(void *buf)
{
	struct memref *mb;

	if (!buf) {
		return NULL;
	}

	mb = (struct memref *)(buf) - 1;

//  if (0 == atomic_read(&mb->refs)) {
//  	DEBUG_INFO("%s() !refs", __FUNCTION__);
//  	  return NULL;
//    }

	atomic_inc(&mb->refs);

	return buf;
}

#if 0
static ref_t memref_cnt(void *buf)
{
	struct memref *mb;

	if (!buf) {
		return 0;
	}

	mb = (struct memref *)(buf) - 1;
	return atomic_read(&mb->refs);
}
#endif

static ref_t memref_deref(void *buf)
{
	struct memref *mb;

	if (!buf) {
		return 0;
	}

	mb = (struct memref *)(buf) - 1;

//  if (0 == atomic_read(&mb->refs)) {
//  	DEBUG_INFO("%s() !refs", __FUNCTION__);
//  	  return NULL;
//    }

	if (atomic_dec_and_test(&mb->refs)) {
		//g_dbg_memalloc_cnt--;
		if (mb->mfree) {
			mb->mfree(buf);
		}
		kfree(mb);
		return 0;
	}

	return atomic_read(&mb->refs);
}

/*
 * Generic function to repeatedly call a function until it either succeeds or the delay and iters 
 * have been exhausted. Optionally it can throw a kernel panic on failure. 
 *  
 * ctxt     - the ctxt to pass into do_fun 
 * do_fun   - the function to call until it returns success 
 * delay_ms - the amount of time to delay between calls to do_fun on failure 
 * iter     - the number of times to call do_fun 
 * die_str  - if should panic on failure, then pass in the die_str to display 
 *  
 * if die_str provided, this function will not exit on failure. 
 * else it will exit with the result of the call to do_fun 
 * Note: total wait time is delay_ms * iter 
*/
typedef bool (*do_function_t)(void* ctx1, void* ctx2);
bool cp_lkm_do_or_die(void* ctx1, void*ctx2, do_function_t do_fun, u32 delay_ms, u32 iter, const char* die_str)
{
	bool done = false;
	//set_current_state(TASK_UNINTERRUPTIBLE);
	while (!done && iter) {
		iter--;
		done = do_fun(ctx1,ctx2);
		if (!done) {
			msleep(delay_ms);
			//schedule_timeout(msecs_to_jiffies(delay_ms));
			//set_current_state(TASK_UNINTERRUPTIBLE);
		}
	}
	if(!done && die_str) {
		panic(die_str);
		//BUG_ON()
	}
	//set_current_state(TASK_RUNNING);
	return done;
}

/*******************************  kernel module USB/Wrapper functionality ********************************* 
 *  
 * The shim has multiple entry points. It can be pumped by hw interrupts, software interrupts, or threads. 
 * The trick to getting the shim to work properly is knowing from which contexts the different functions can be called 
 * and what you can do in that context. 
 *  
 * The biggest concern is to make sure we aren't nulling out a function or instance pointer in one context while another 
 * context is using it. Pointers are changed when linking or unlinking to the protocol manager or when the device unplugs. 
 * For link/unlink or unplug, we need to make sure all other processing has been blocked or stopped. We use a combination of 
 * tokens and spinlocks to achieve this. 
 *  
 * Another complexity is dealing with multi-core processors such as we have in some routers. With multi-core you can have 
 * a hw interrupt, software interrupt or thread running on one core and a hw interrupt, soft interrupt, or thread running on 
 * another at the same time. In addition, the same soft interrupt code can run on both cores at the same time. 
 * With single core, the hw int would block the thread. The shim was orginally designed with a single-core system, so a lot of work 
 * has been put into verifying multi-core works. 
 *  
 * Single core: We can be pumped by:
 *  	Hardware interrupt  	 - all interrupts disabled, can't be preempted
 *  	Software interrupt  	 - hw interrupts not disabled, can be preempted by hw interrupt
 *  	Thread or other process  - can be preempted by hw or sw interrupt.
 *  
 * Multi core: all bets are off. Everything can run at the same time so you have to be very careful with locks and tokens to not corrupt 
 *  		   variables and to not run funtions reentrantly.
 *  
 * Here are the specific contexts (threads, processes)that pump us:
 *   1. USB on a hardware interrupt context. This happens on tx and rx done (all interrupts disabled, schedule callbacks and get out fast)
 *   2. USB on the hub thread.  This happens on unplug  (can sleep or pause, but be careful because it stops all USB system hub processing)
 *   3. Kernel workqueue thread  (our own callback, can sleep or pause, but be careful, it stops all the kernel workqueue processing)
 *   4. tasklet or timer soft interrupt context (our own callbacks on sw interrupt, hw interrupts enabled, can't sleep or do pause)
 *   5. ioctl or device write on a kernel thread (this is cpusb in app space talking to us, runs on a thread, can be prempted in multi-core)
 *   6. network (send from network side, runs as a software interrupt)
 * 
 *   Which functions are called in which contexts and what they do:
 *   #1 - cp_lkm_usb_xmit_complete  - called by usb layer when transmit is done in hw interrupt context
 *  								throw transfer in done q, on success, schedule tasklet or NAPI poll (#4) by calling
 *  								cp_lkm_usb_done_and_defer_data() for data packets or cp_lkm_usb_done_and_defer_other() for non-data pkts.
 *  								On error schedule kevent (#3) by calling cp_lkm_usb_defer_kevent()
 *  	  cp_lkm_usb_recv_complete  - called by usb layer when recv is done in hw interrupt context
 *  								throw transfer in done q, schedule tasklet or NAPI poll (#4), on error schedule kevent (#3)
 * 
 *   #2 - cp_lkm_usb_probe  	  - called when the usb hub layer detects a plug, called on hub thread context
 *  	  cp_lkm_usb_disconnect   - called when the usb hub layer detects an unplug, called on hub thread context
 *  								schedule mgr_kevent to clean up
 * 
 *   #3 - cp_lkm_usb_kevent 	  - scheduled by tx and rx complete (#1) on USB halt errors or out of memory failure. Is a workqueue thread
 *  								clears the halts, sees if memory available. On success, schedules the tasklet or NAPI poll(#4)
 * 
 *   #4 - cp_lkm_usb_process_data_done_tasklet - Scheduled by rx or tx complete (#1). Runs in soft int context. This function is used when we
 *  											 are using a non-NAPI compliant protocol manager (i.e. PPP). It processes recv'd pkts and sends
 *  											 them onto the protocol manager, frees all sent skb's and restock more recv urbs to the USB layer.
 *  	  cp_lkm_usb_process_other_done_tasklet -Same as first one except is it scheduled anytime we recv a pkt that needs to go to the common
 *  	                                         modem stack instead of to the network stack (ctrl, status or diagnostics pkt)
 *  
 *   #5 - cp_lkm_usb_handle_ioctl - ioctl mux function called by the kernel when the app ioctl is called
 *  								calls the appropriate mux function
 *  	  cp_lkm_usb_plug_intf    - called by ioctl mux to register a device. Register a usb driver to catch
 *  								the plug event from the usb stack
 *  	  cp_lkm_usb_open_intf    - called by ioctl mux indicate the data channel is active. This causes us to
 *  								mux all data packets to the network stack instead of up to cpusb in app space
 *  	  cp_lkm_usb_close_intf   - called by ioctl mux to indicate the data connection has gone down.
 *  								This causes us to mux all packets up to cpusb in app space instead of to network
 *  								
 *  	  cp_lkm_usb_unplug_intf  - called by ioctl mux. Releases the interface, deregisters the usb driver, cleans up memory
 *  	  cp_lkm_usb_handle_msg   - called by the device driver write function. This is how cpusb sends us usb packets that
 *  								we need to send to usb
 *   #6 - cp_lkm_usb_start_xmit   - called by the network interface
 *  								sends a transmit to the usb layer
*/


struct cp_lkm_usb_dev;
struct cp_lkm_usb_base_dev;


/* we record the state for each of our queued skbs */
enum skb_state {
	illegal = 0,
	out_start,     // start a data or other transmit
	out_done,      // data or other transmit done
	in_data_start, // start a recv (either data or other)
	in_data_done,  // recv data done
	in_data_cleanup,
	in_other_start,
	in_other_done, // recv other done
	in_other_cleanup,
	ctrl_start,    // start a usb ctrl transfer
	ctrl_done,     // usb ctrl transfer finished
	unlink_start   // telling usb to give our urb back
};

#define EVENT_TX_HALT    0
#define EVENT_RX_HALT    1
#define EVENT_RX_MEMORY  2
#define EVENT_STS_SPLIT  3
#define EVENT_LINK_RESET 4

//These are standard USB defines
#define  UE_BULK		 0x02
#define  UE_INTERRUPT    0x03

#define MAX_INTF_EPS 10

#define CP_LKM_USB_RECV   0x01
#define CP_LKM_USB_LISTEN 0x02

struct cp_lkm_base_ep
{
	struct list_head list;     // for inserting in the cpbdev list of base endpoints
	struct list_head eps;      // list of cloned endpoints based off this one
	struct cp_lkm_usb_base_dev* cpbdev; // pointer back to the cpdev this endpoint belongs to
	int ep_num; 			   // endpoint number
	unsigned long err_flags;   // errors on the ep (halt, no mem)
	int con_flags;  		   //connection flags (recv, listen)
	int q_cnt;  			   //number of urbs down at the lower layer
	int type;   			   //ep type (interrupt, bulk etc)
	int max_transfer_size;
	int pipe;
	int interval;   		   // interval for interrupt end points
};

struct cp_lkm_ep
{
	struct list_head list_bep;    // for being inserted into the bep's list of eps
	struct list_head list_cpdev;  // for being inserted into the cpdev's list of eps
	struct cp_lkm_base_ep* bep;   // pointer to this ep's base endpoint
	struct cp_lkm_usb_dev* cpdev; // pointer back to the cpdev this endpoint belongs to
	int con_flags;  		   //connection flags (recv, listen)
	int ep_num; 			   // duplicated from base endpoint for convenience
};

/* This struct gets stored in skb->cb which is currently a 48 byte buffer
   The size of this struct needs to not ever be bigger than 48 
*/
struct skb_data {   
	//if pointers and ints are 64 bits (8 bytes) then this is 48 bytes currently and
	//no other variables can be added
	struct urb  *urb;
	struct cp_lkm_usb_base_dev *cpbdev;
	struct cp_lkm_base_ep* bep;
	enum skb_state state;
	int status;
	int unique_id;   //id of cpdev that sent the tx pkt
};

#define MAX_USB_DRVR_NAME 10
#define USB_DRVR_FRMT_STR "cpusb%d"

struct cp_lkm_usb_base_dev
{
	struct list_head list;  	  //for inserting in global dev list
	struct list_head cpdev_list;  //list of cpdevs cloned from this base dev
	struct list_head in_bep_list;     // list of base in endpoints
	struct list_head out_bep_list;     // list of base out endpoints
	int data_in_bep_num;   //data in ep number
	int data_out_bep_num;  //data out ep number

	struct usb_driver* usb_driver;  		 
	struct usb_device_id* usb_id_table;  
	int vid;							   
	int pid;							   
	int intf_num;   					   
	int alt_intf_num;
	int usb_bus;
	int usb_addr;
	int feature_flags;
	int base_id;                  //unique id of the first clone to plug
	cp_lkm_usb_state_t base_state;   					

	struct sk_buff_head in_q;     //recv skb's are stored here while down at usb waiting to be filled with recv data 
	struct sk_buff_head out_q;    //send skb's are stored here while down at usb waiting to be transmitted
	struct sk_buff_head ctrlq;    //ctrl skb's are stored here while down at usb waiting to be filled or transmitted
	struct sk_buff_head data_tx_done;  //tx skb's are stored here while waiting to be freed
	struct sk_buff_head data_rx_done;  //recv and ctrl skb's are stored here while waiting to have recv data processed
	struct sk_buff_head other_done;    //sent skb's are stored here while waiting to be freed

	u32 data_q_len; 				   // holds count of data pkts (both rx and tx) needing to be processed
	spinlock_t data_q_lock; 		   // lock to keep data_q_len sync'd
	spinlock_t processing_state_lock;
	cp_lkm_usb_process_state_t processing_state;
	spinlock_t other_state_lock;
	cp_lkm_usb_process_state_t other_state;
	bool scheduled;  //tasklet scheduled to process the pending

	struct tasklet_struct other_process_tasklet;
	struct tasklet_struct data_process_tasklet;

	int rx_schedule_threshold;
	int tx_schedule_threshold;
	int tx_resume_threshold;

	struct work_struct  kevent;
	char usb_drvr_name[MAX_USB_DRVR_NAME];
	void* wrapper_ctxt;
	int wrapper_hdr_size;
	int pm_hdr_size;
	int pm_hdr_offset;

	struct usb_interface* intf;
	struct usb_device *udev;

	int plug_result;
	bool disconnect_wait;

	struct timer_list rx_delay;  

	int tx_usb_q_count;
	bool tx_paused;

	struct timer_list usb_pause_stuck_timer;  
	int tx_proc_cnt;   //how many data tx pkts have we successfully sent
	int tx_proc_cnt_at_pause; //how many data tx pkts we had sent when we paused

	#if 0
	//debug stuff, comment out
	//unsigned int dbg_total_stuck_cnt;  
	//unsigned int dbg_total_tx_at_stuck_cnt;  
	//unsigned int dbg_total_tx_proc;
	#endif
};

struct cp_lkm_usb_dev
{
	//init at open  	  
	struct cp_lkm_usb_base_dev* cpbdev;
	int unique_id;  	
	int pm_id;  				 
	int clone_num;
	int mux_id;
		  
	cp_lkm_usb_state_t state;   					
	struct list_head list;  	  //for inserting in base dev list

	struct cp_lkm_edi* edi;

	struct list_head in_ep_list;     //list of in endpoints on the dev
	struct list_head out_ep_list;     //list of out endpoints on the dev
	int data_in_ep_num;   //data in ep number
	int data_out_ep_num;  //data out ep number

	//for debug
	#if 0
	struct timer_list dbg_timer;
	unsigned int dbg_total_rx_irq;
	unsigned int dbg_total_tx_irq;
	unsigned int dbg_total_rx_proc;
	unsigned int dbg_total_d_done;
	unsigned int dbg_total_o_done;
	unsigned int dbg_total_pause;
	unsigned int dbg_total_resume;
	unsigned int dbg_total_max_work;
	unsigned int dbg_total_timeout;
	unsigned int dbg_total_budget;
	unsigned int dbg_total_o_tasklet;
	unsigned int dbg_total_d_resched;
	unsigned int dbg_total_wq_sched;
	unsigned int dbg_total_napi_sched;
	unsigned int dbg_total_tasklet_sched;
	unsigned int dbg_total_d_comp;
	//unsigned int dbg_total_ic;
	//unsigned int dbg_total_tc;
	unsigned int dbg_total_rx_qlen;
	unsigned int dbg_total_tx_qlen;
	unsigned int dbg_total_num_hybrid_t;
	unsigned int dbg_total_num_normal_t;
	unsigned int dbg_total_num_hybrid;
	unsigned int dbg_total_num_normal;
	unsigned int dbg_total_num_d_timers;
	unsigned int dbg_total_sch_sk;
	#endif
};

struct cp_lkm_usb_ctx 
{
	struct cp_lkm_common_ctx common;
	struct list_head dev_list;
	spinlock_t  lock;    //used to protect access to dev_list from different instances. Also used to coordinate thread accesses from usb and cpmodem layers.
						 //when one thread grabs the lock, no other threads can run (soft and hw IRQs can still run). The usb hub unplug handler runs on a thread.
						 //this means if one thread grabs the lock it can be guaranteed the modem can unplug while it is doing its thing.
};

//static void cp_lkm_usb_dbg_memleak_timer (unsigned long param);
//static void cp_lkm_usb_dbg_timer (unsigned long param);

enum {
	CP_LKM_STUCK_INIT = 0,
	CP_LKM_STUCK_START,
	CP_LKM_STUCK_STOP,
	CP_LKM_STUCK_DEINIT
};
static void cp_lkm_usb_stuck_check(struct cp_lkm_usb_base_dev* cpbdev, int action);
static void cp_lkm_usb_pause_stuck_timer(unsigned long param);

static void cp_lkm_usb_delay_timer (unsigned long param);
static void cp_lkm_usb_kevent (struct work_struct *work);
static int cp_lkm_usb_open(struct cp_lkm_common_ctx *ctx);
static int cp_lkm_usb_close(struct cp_lkm_common_ctx *ctx);
static int cp_lkm_usb_handle_ioctl(struct cp_lkm_common_ctx *ctx, int cmd, void *k_argp);
static int cp_lkm_usb_handle_msg(struct cp_lkm_common_ctx *ctx, struct cp_lkm_msg_hdr *hdr, struct sk_buff *skb);

static int cp_lkm_usb_start_xmit (void *ctx, struct sk_buff *skb);
static int cp_lkm_usb_start_xmit_common(void *ctx, struct sk_buff *skb, int src, struct cp_lkm_ep* ep);
static void cp_lkm_usb_xmit_complete (struct urb *urb);
static int cp_lkm_usb_submit_recv (struct cp_lkm_usb_base_dev* cpbdev, struct urb *urb, gfp_t flags, struct cp_lkm_base_ep* bep, bool data);
static void cp_lkm_usb_recv_complete (struct urb *urb);

static void cp_lkm_usb_other_recv_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb_in);
static void cp_lkm_usb_data_recv_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb);
static void cp_lkm_usb_ctrl_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb_in);

static int cp_lkm_usb_close_intf(struct cp_lkm_usb_close_intf* ci);
static int cp_lkm_usb_unlink_urbs (struct cp_lkm_usb_base_dev *cpbdev, struct sk_buff_head *q, struct cp_lkm_base_ep* bep);

static void cp_lkm_usb_process_other_done_tasklet (unsigned long param);
static void cp_lkm_usb_process_data_done_tasklet (unsigned long param);
static void cp_lkm_usb_rx_data_restock (struct cp_lkm_usb_base_dev* cpdev);
static void cp_lkm_usb_rx_other_restock (struct cp_lkm_usb_base_dev* cpbdev);
static void cp_lkm_usb_defer_kevent (struct cp_lkm_usb_base_dev* cpbdev, struct cp_lkm_base_ep* bep, int work);
static bool cp_lkm_schedule_data_process(struct cp_lkm_usb_base_dev* cpbdev, bool if_data, bool is_resume, bool have_lock);

static void cp_lkm_schedule_rx_restock(struct cp_lkm_usb_base_dev* cpbdev, struct cp_lkm_base_ep* bep);
static int cp_lkm_usb_start_ctrl_xmit(void *ctx, struct sk_buff *skb_in);
static int cp_lkm_usb_have_data(struct cp_lkm_usb_base_dev *cpbdev);

static struct cp_lkm_usb_ctx cp_lkm_usb_mgr;

// Knobs we can tweak on a processor by processor basis to maximize performance
// Dummy values filled in here so we don't get warning on using unitialized variables
static int CP_LKM_PM_NAPI_WEIGHT = 0;       //budget we register with NAPI (max number of pkts it thinks we will process). 
static int CP_LKM_USB_NAPI_MAX_WORK = 0;    //actual number of pkts we will process (we're not entirely honest with NAPI)
static int CP_LKM_USB_MAX_RX_QLEN = 0;      //max number of rx data URBs we allow to flow in the shim (we alloc these)
static int CP_LKM_USB_MAX_OTHER_QLEN = 0;    //max number of rx urbs on non-data endpoints
static int CP_LKM_USB_TX_PAUSE_Q_PKTS = 0;     //max number of tx data URBs we allow to flow in the shim (alloc'd by network stack, we control this by pausing)
static int CP_LKM_USB_TX_RESUME_Q_PKTS = 0;     //un-pause network at this number
//static int CP_LKM_USB_TX_RESUME_Q_PKTS_HYBRID = 0;  //un-pause network at this number when in hybrid mode with pkt counting
static int CP_LKM_USB_TX_SCHED_CNT = 0;      //How many done tx's we allow to accumulate before scheduling cleanup in normal mode
//static int CP_LKM_USB_TX_SCHED_CNT_HYBRID = 0; //How many done tx's we allow to accumulate before scheduling cleanup in hybrid mode with pkt counting
static int CP_LKM_USB_RX_SCHED_CNT = 0;      //How many done rx's we allow to accumulate before scheduling processing in normal mode
//static int CP_LKM_USB_RX_SCHED_CNT_HYBRID = 0; //How many done rx's we allow to accumulate before scheduling processing in hybrid mode with pkt counting
static int CP_LKM_USB_RESTOCK_MULTIPLE = 0;  //How many rx URBs we should restock as we process them (0 means don't restock as we go, 1 means every one, 2 means 1 out of every 2 etc)
//static int CP_LKM_USB_DATA_MAX_PPS = 0;   //Packets per second that will cause us to transition from normal to hybrid mode when using pkt counting
//static int 	CP_LKM_USB_DATA_MIN_PPS = 0;  //packets per second that will cause us to transition from hybrid back to normal when using pkt counting
static int CP_LKM_USB_TASKLET_CNT = 0;    //in hybrid mode, schedule tasklet on cnts 0 to this number
static int CP_LKM_USB_WORKQUEUE_CNT = 0;  //in hybrid mode, schedule workqueue on cnts CP_LKM_USB_TASKLET_CNT to this number, then start cnt over 
static int CP_LKM_USB_PROCESS_DIVISOR = 0; //times to loop through the process loop, doing pkts/divisor pkts each time. Set to 1 to only process what was there when entering 
//broadcom EHCI controller has issues we need to work around
static int cp_lkm_is_broadcom = 0;

#define CP_LKM_USB_PAUSED_CNT 5000

//TODO remove
#if 0
static int g_dbg_data_skballoc_cnt = 0;
static int g_dbg_other_skballoc_cnt = 0;
static int g_dbg_ctrl_skballoc_cnt = 0;
static int g_dbg_xmit_skballoc_cnt = 0;
static int g_dbg_urballoc_cnt = 0;
static int g_dbg_unplug_cnt = 0;
static void cp_lkm_usb_urb_cnt(int inc)
{
	unsigned long flags;
	spin_lock_irqsave(&dbg_state_lock, flags);
	g_dbg_urballoc_cnt += inc;
	spin_unlock_irqrestore(&dbg_state_lock, flags); //release lock so interrupts can resume firing
}
static void cp_lkm_usb_cnts(int state, int inc)
{
	#if 1
	unsigned long flags;
	spin_lock_irqsave(&dbg_state_lock, flags);

	switch (state) {
		case in_other_start:
		case in_other_done:
		case in_other_cleanup:
			g_dbg_other_skballoc_cnt+=inc;
			break;
		case ctrl_start:
		case ctrl_done:
			g_dbg_ctrl_skballoc_cnt+=inc;
			break;
		case out_start:
		case out_done:
			g_dbg_xmit_skballoc_cnt+=inc;
			break;
		case in_data_start:
		case in_data_done:
		case in_data_cleanup:
			g_dbg_data_skballoc_cnt+=inc;
			break;
		case unlink_start:
			g_dbg_unplug_cnt+=inc;
			break;
		default:
			printk("!!clean: unknown skb state: %d\n",state);
			break;
	}
	spin_unlock_irqrestore(&dbg_state_lock, flags); 
	#endif
}
#endif

static struct cp_lkm_usb_dev* cp_lkm_usb_find_muxed_dev(struct cp_lkm_usb_base_dev* cpbdev, int mux_id)
{
	struct list_head *pos;
	list_for_each(pos, &cpbdev->cpdev_list){
		struct cp_lkm_usb_dev* cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
		//printk("%s() cpdev: %p, cpdev->mux_id: %d\n", __FUNCTION__, cpdev, cpdev->mux_id);
		if(cpdev->mux_id == mux_id) {
			return cpdev;
		}
	}
	return NULL;
}

static struct cp_lkm_usb_dev* cp_lkm_usb_find_dev(int uniqueid)
{
	struct list_head *bpos;
	struct list_head *pos;
	list_for_each(bpos, &cp_lkm_usb_mgr.dev_list){
		struct cp_lkm_usb_base_dev* cpbdev = list_entry(bpos, struct cp_lkm_usb_base_dev, list);
		list_for_each(pos, &cpbdev->cpdev_list){
			struct cp_lkm_usb_dev* cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
			if(cpdev->unique_id == uniqueid) {
				return cpdev;
			}
		}
	}
	return NULL;
}

#define CP_LKM_DEV_MATCH_ALL 1
#define CP_LKM_DEV_MATCH_BUS_ADDR_ONLY 2

// Find base device from its bus, addr and unique id
static struct cp_lkm_usb_base_dev* cp_lkm_usb_find_base_dev(int bus, int addr, int unique_id, int match)
{
	struct list_head *pos;
	struct list_head *bpos;
	list_for_each(bpos, &cp_lkm_usb_mgr.dev_list){
		struct cp_lkm_usb_base_dev* cpbdev = list_entry(bpos, struct cp_lkm_usb_base_dev, list);
		if(cpbdev->usb_bus == bus && cpbdev->usb_addr == addr) {
			if (match == CP_LKM_DEV_MATCH_BUS_ADDR_ONLY) {
				return cpbdev;
			}
			if (cpbdev->base_id == unique_id) {
				//matches the base_id so don't need to look further
				return cpbdev;
			}
			//look to see if matches the unique_id of one of the cpdevs (only hit this case when running clones)
			list_for_each(pos, &cpbdev->cpdev_list){
				struct cp_lkm_usb_dev* cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
				if (cpdev->unique_id == unique_id) {
					return cpbdev;
				}
			}
		}
	}
	return NULL;
}

/*
static struct cp_lkm_usb_dev* cp_lkm_usb_get_head_dev(void)
{
	struct list_head *bpos;
	struct list_head *pos;
	list_for_each(bpos, &cp_lkm_usb_mgr.dev_list){
		struct cp_lkm_usb_base_dev* cpbdev = list_entry(bpos, struct cp_lkm_usb_base_dev, list);
		list_for_each(pos, &cpbdev->cpdev_list){
			struct cp_lkm_usb_dev* cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
			return cpdev;
		}
	}
	return NULL;
}
*/

// pause or unpause all cpdevs associated with this cpbdev
static void cp_lkm_usb_dev_pause(struct cp_lkm_usb_base_dev* cpbdev, bool pause)
{
	struct list_head *pos;

	list_for_each(pos, &cpbdev->cpdev_list){
		struct cp_lkm_usb_dev* cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
		if (pause) {
			if(cpdev->edi->pm_send_pause) {
				cpdev->edi->pm_send_pause(cpdev->edi->pm_recv_ctx);
				//cpdev->dbg_total_pause++;
			}
		}
		else{
			if (cpdev->edi->pm_send_resume) {
				//cpdev->dbg_total_resume++;
				cpdev->edi->pm_send_resume(cpdev->edi->pm_recv_ctx);
			}
		}
	}
	cpbdev->tx_paused = pause;
}

static void cp_lkm_usb_clean_list(struct sk_buff_head* list)
{
	struct sk_buff *skb;
	struct skb_data *entry;

	while((skb = skb_dequeue(list)) != NULL){
		DEBUG_TRACE("%s() found a straggler", __FUNCTION__);
		entry = (struct skb_data *) skb->cb;
		if(entry->urb) {
			//cp_lkm_usb_urb_cnt(-1);
			usb_free_urb (entry->urb);
		}
		//cp_lkm_usb_cnts(entry->state, -1);
		dev_kfree_skb_any(skb);
	}
}

static void cp_lkm_usb_mark_as_dead(struct cp_lkm_usb_dev* cpdev)
{
	cpdev->edi->usb_send_ctx = NULL;
	if(cpdev->state != CP_LKM_USB_DEAD) {
		LOG("Device with id:%d unplugged", cpdev->unique_id);
	}
	cpdev->state = CP_LKM_USB_DEAD;
}

static void cp_lkm_usb_mark_base_as_dead(struct cp_lkm_usb_base_dev* cpbdev)
{
	cpbdev->base_state = CP_LKM_USB_DEAD;
}

static struct cp_lkm_base_ep* cp_lkm_usb_get_bep(struct cp_lkm_usb_base_dev* cpbdev, int ep_num)
{
	struct cp_lkm_base_ep* bep = NULL;
	struct list_head *entry, *nxt, *head;

	if(USB_DIR_IN & ep_num) {
		//printk("%s() search IN list for ep_num: 0x%x\n", __FUNCTION__, ep_num);
		head = &cpbdev->in_bep_list;
	}
	else{
		//printk("%s() search OUT list for ep_num: 0x%x\n", __FUNCTION__, ep_num);
		head = &cpbdev->out_bep_list;
	}

	list_for_each_safe(entry, nxt, head) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		if (bep->ep_num == ep_num) {
			//printk("%s() found ep_num: %d\n", __FUNCTION__, ep_num);
			return bep;
		}
	}
	//printk("%s() didn't find ep_num: %d\n", __FUNCTION__,ep_num);

	return NULL;
}

static struct cp_lkm_ep* cp_lkm_usb_get_ep(struct cp_lkm_usb_dev* cpdev, int ep_num)
{
	struct cp_lkm_ep* ep = NULL;
	struct list_head *entry, *nxt, *head;

	if(USB_DIR_IN & ep_num) {
		//printk("%s() search IN list for ep_num: 0x%x\n", __FUNCTION__, ep_num);
		head = &cpdev->in_ep_list;
	}
	else{
		//printk("%s() search OUT list for ep_num: 0x%x\n", __FUNCTION__, ep_num);
		head = &cpdev->out_ep_list;
	}

	list_for_each_safe(entry, nxt, head) {
		ep = list_entry(entry, struct cp_lkm_ep, list_cpdev);
		if (ep->ep_num == ep_num) {
			//printk("%s() found ep_num: %d\n", __FUNCTION__, ep_num);
			return ep;
		}
	}
	//printk("%s() didn't find ep_num: %d\n", __FUNCTION__,ep_num);

	return NULL;
}

static void cp_lkm_usb_bep_finalize(void *arg)
{
	struct cp_lkm_base_ep* bep = (struct cp_lkm_base_ep*)arg;
	struct list_head *entry, *nxt;
	struct cp_lkm_ep *ep;

	//printk("%s() start\n", __FUNCTION__);
	//todo remove
	//del_timer_sync(&cpdev->dbg_timer);

	//printk("%s() - free eps\n",__FUNCTION__);
	list_for_each_safe(entry, nxt, &bep->eps) {
		ep = list_entry(entry, struct cp_lkm_ep, list_bep);
		//printk("%s() - free ep: %p from bep: %p\n",__FUNCTION__,ep,bep);
		list_del(&ep->list_bep);
		memref_deref(ep);
	}

}

static void cp_lkm_usb_ep_finalize(void *arg)
{
	//struct cp_lkm_ep* ep = (struct cp_lkm_ep*)arg;
	//printk("%s() - free ep: %p, ep_num: 0x%x\n",__FUNCTION__,arg ,ep->ep_num);
}

static struct cp_lkm_ep* cp_lkm_usb_create_ep(struct cp_lkm_usb_dev* cpdev, int ep_num)
{
	struct cp_lkm_ep* ep;
	struct cp_lkm_base_ep* bep;
	struct cp_lkm_usb_base_dev* cpbdev;

	DEBUG_ASSERT(cpdev, "cpdev is null");
	cpbdev = cpdev->cpbdev;
	DEBUG_ASSERT(cpbdev, "cpbdev is null");

	//see if already exists first
	ep = cp_lkm_usb_get_ep(cpdev, ep_num);
	if(ep) {
		DEBUG_TRACE("%s() ep: %p already exists", __FUNCTION__, ep);
		//printk("%s() ep: 0x%x already exists\n", __FUNCTION__, ep_num);
		return ep;
	}
	//printk("%s() - create new ep, cpdev: %p, ep_num: 0x%x\n",__FUNCTION__,cpdev, ep_num);

	//Need to create new ep and possibly a new bep. We will alloc and init everything first and
	//then if that all works, we will put everything in its proper place (in lists and stuff)
	ep = memref_alloc_and_zero(sizeof(struct cp_lkm_ep), cp_lkm_usb_ep_finalize);
	if(!ep) {
		DEBUG_ERROR("%s() failed to alloc new ep", __FUNCTION__);
		return NULL;
	}
	INIT_LIST_HEAD(&ep->list_bep);
	INIT_LIST_HEAD(&ep->list_cpdev);
	ep->ep_num = ep_num;

	//may need to create a new base ep if this is the first time we've seen this endpoint number and direction
	//this is always the case for non-cloned interfaces
	bep = cp_lkm_usb_get_bep(cpbdev, ep_num);
	if (!bep) {
		bep = memref_alloc_and_zero(sizeof(struct cp_lkm_base_ep), cp_lkm_usb_bep_finalize);
		if(!bep) {
			DEBUG_ERROR("%s() failed to alloc new ep", __FUNCTION__);
			memref_deref(ep);
			return NULL;
		}
		//printk("%s() - create new bep: %p, cpbdev: %p, ep_num: 0x%x\n",__FUNCTION__,bep, cpbdev, ep_num);
		bep->ep_num = ep_num;
		bep->cpbdev = cpbdev;
		INIT_LIST_HEAD(&bep->list);
		INIT_LIST_HEAD(&bep->eps);
		if(USB_DIR_IN & ep_num) {
			list_add_tail(&bep->list, &cpbdev->in_bep_list);
		}
		else{
			list_add_tail(&bep->list, &cpbdev->out_bep_list);
		}
	}

	//if we get here, everything alloc'd ok, so can insert in lists and stuf

	// Each ep will have two memrefs, one from the alloc which is for entry in the cpdev list
	// and another for entry into the bep list. This way the ep won't be freed until it is removed 
	// from both lists at unplug time
	ep->cpdev = cpdev;
	ep->bep = bep;
	if(USB_DIR_IN & ep_num) {
		list_add_tail(&ep->list_cpdev, &cpdev->in_ep_list);
	}
	else{
		list_add_tail(&ep->list_cpdev, &cpdev->out_ep_list);
	}
	memref_ref(ep);
	list_add_tail(&ep->list_bep, &bep->eps);
	return ep;

}

// cp_lkm_usb_plug_intf is called by cpusb via the ioctl. It registers a driver for the interface.
// This function is then called by the lower usb layer so we can claim that interface. 
int cp_lkm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id)
{
	struct cp_lkm_usb_base_dev* cpbdev;
	struct usb_device* udev;
	struct usb_host_interface* interface;
	int unique_id;
	//unsigned long flags;
	int rc;
	uintptr_t tmp_uid;

	usb_get_intf(intf);

	//printk("%s()\n",__FUNCTION__);

	udev = interface_to_usbdev (intf);
	interface = intf->cur_altsetting;

	unique_id = (int)id->driver_info;
	tmp_uid = unique_id;
	spin_lock(&cp_lkm_usb_mgr.lock);

	// Error scenario to watch for here:
	//   1. Device unplugs and replugs before the upper app detects the unplug and calls our unplug_intf. In
	//  	this case this driver is still registered and will get the new probe (we don't want this, we want the app driver
	//  	to get the plug and claim the device orginally).  When disconnect happens we set the state to DEAD. If we get
	//  	a probe on a dead device, don't take it.
	cpbdev = cp_lkm_usb_find_base_dev(udev->bus->busnum, udev->devnum, unique_id, CP_LKM_DEV_MATCH_ALL);
	if(!cpbdev || cpbdev->base_state == CP_LKM_USB_DEAD) {
		spin_unlock(&cp_lkm_usb_mgr.lock);

		DEBUG_TRACE("%s() no cpdev or already dead", __FUNCTION__);
		return -ENXIO;
	}

	//make sure it is for our device (match the usb addresses)
	//printk("%s() id: %d ouraddr:%d, probeaddr:%d, ourintf:%d, probeintf:%d!\n", __FUNCTION__, unique_id,
	 //		 cpbdev->usb_addr,udev->devnum,cpbdev->intf_num,interface->desc.bInterfaceNumber);
	if(cpbdev->usb_bus != udev->bus->busnum || cpbdev->usb_addr != udev->devnum || cpbdev->intf_num != interface->desc.bInterfaceNumber) {
		spin_unlock(&cp_lkm_usb_mgr.lock);

		DEBUG_TRACE("%s() reject ourbus: %d, probebus: %d, ouraddr:%d, probeaddr:%d, ourintf:%d, probeintf:%d!", __FUNCTION__,
				   cpbdev->usb_bus, udev->bus->busnum, cpbdev->usb_addr,udev->devnum,cpbdev->intf_num,interface->desc.bInterfaceNumber);
		return -ENXIO;
	}
	cpbdev->intf = intf;
	cpbdev->udev = udev;

	spin_unlock(&cp_lkm_usb_mgr.lock);

	if(cpbdev->alt_intf_num) {
		rc = usb_set_interface(udev, cpbdev->intf_num, cpbdev->alt_intf_num);
		if(rc) {
			DEBUG_ERROR("%s() set intf failed :%d", __FUNCTION__,rc);
			cpbdev->plug_result = -1; //only set this on failure, not reject
			return -1;
		}
	}

	spin_lock(&cp_lkm_usb_mgr.lock);
	cpbdev->base_state = CP_LKM_USB_CTRL;

	usb_set_intfdata(intf, (void*)tmp_uid);
	usb_get_dev (udev);
	memref_ref(cpbdev);
	spin_unlock(&cp_lkm_usb_mgr.lock);

	cp_lkm_usb_stuck_check(cpbdev, CP_LKM_STUCK_INIT);

	//throughput control stuff
	cpbdev->rx_schedule_threshold = CP_LKM_USB_RX_SCHED_CNT;
	cpbdev->tx_schedule_threshold = CP_LKM_USB_TX_SCHED_CNT;
	cpbdev->tx_resume_threshold = CP_LKM_USB_TX_RESUME_Q_PKTS;

	
	//todo remove
	//if (!dbg_memleak_timer_started) {
	//	dbg_memleak_timer_started = 1;
	//	dbg_memleak_timer.function = cp_lkm_usb_dbg_memleak_timer;
	//	dbg_memleak_timer.data = 0;

	//	init_timer(&dbg_memleak_timer);
	//	mod_timer(&dbg_memleak_timer, jiffies + msecs_to_jiffies(20000));
	//}
	//if (dbg_state_init == 0) {
	//	spin_lock_init(&dbg_state_lock);
	//	dbg_state_init = 1;
	//}



	DEBUG_TRACE("%s() probe done", __FUNCTION__);
	return 0;
}

static bool cp_lkm_usb_shuter_down_do_pm_unlink(void* ctx1, void* ctx2)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev*)ctx1;
	struct cp_lkm_usb_dev* cpdev;
	struct list_head *pos;
	unsigned long flags;
	//Unlink from the pm and disable the data state machine 
	bool done = false;
	spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
	if(cpbdev->processing_state == USB_PROCESS_STATE_IDLE){
		cpbdev->processing_state = USB_PROCESS_STATE_PAUSED; //data soft interrupt handlers now won't run

		spin_lock(&cpbdev->data_q_lock);
		cpbdev->data_q_len = CP_LKM_USB_PAUSED_CNT;
		spin_unlock(&cpbdev->data_q_lock);  //usb hw interrupts now won't schedule soft interrupt handlers

		spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags); //release lock so interrupts can resume firing
		//unlink the pm side for all cpdevs associated with this cpbdev. Once this returns we are guaranteed not to get any new xmit skb's from the pm
		list_for_each(pos, &cpbdev->cpdev_list){
			cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
			LOG("Unlink cpdev: %p from pm", cpdev);
			cp_lkm_pm_usb_link(cpdev->edi, cpdev->pm_id, 0);
			cpdev->edi->usb_send_ctx = NULL;
		}

		spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
		done = true;
	}
	spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);
	return done;
}

static bool cp_lkm_usb_shuter_down_do_other_tasklet(void* ctx1, void* ctx2)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev*)ctx1;
	unsigned long flags;
	bool done = false;
	spin_lock_irqsave(&cpbdev->other_state_lock, flags);
	if(cpbdev->other_state == USB_PROCESS_STATE_IDLE){
		cpbdev->other_state = USB_PROCESS_STATE_PAUSED;
		done = true;
	}
	spin_unlock_irqrestore(&cpbdev->other_state_lock, flags);
	return done;
}

static bool cp_lkm_usb_shuter_down_do_empty_queues(void* ctx1, void* ctx2)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev*)ctx1;
	bool done = false;

	if (skb_queue_empty(&cpbdev->in_q) &&
		skb_queue_empty(&cpbdev->out_q) &&
		skb_queue_empty(&cpbdev->ctrlq)){
		done = true;
	}
	return done;
}

static void cp_lkm_usb_shuter_down(struct cp_lkm_usb_base_dev* cpbdev)
{
	struct list_head *entry, *nxt;
	struct cp_lkm_base_ep *bep;


	//printk("%s() done\n", __FUNCTION__);

	//Unlink from the pm and disable the data state machine 
	LOG("Unlink cpdev from pm");
	cp_lkm_do_or_die(cpbdev, NULL, cp_lkm_usb_shuter_down_do_pm_unlink, CP_LKM_TIMEOUT_MS, CP_LKM_ITER, "Failed to unlink pm from cpdev");

	//disable the 'other' tasklet
	LOG("Disable cpdev other tasklet");
	cp_lkm_do_or_die(cpbdev, NULL, cp_lkm_usb_shuter_down_do_other_tasklet, CP_LKM_TIMEOUT_MS, CP_LKM_ITER, "Failed to shutdown cpdev other tasklet");
	
	//Once we get here no xmits can happen or any recv or xmit done processing can happen so no new kevents can be scheduled
	//so we can stop them here
	//clear all the flags before flushing the kevents so that we won't try to do anything during the kevent callback
	list_for_each_safe(entry, nxt, &cpbdev->in_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		bep->err_flags = 0;
		bep->con_flags = 0;
	}
	list_for_each_safe(entry, nxt, &cpbdev->out_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		bep->err_flags = 0;
		bep->con_flags = 0;
	}

	//This forces the kernel to run all scheduled kevents, so any of our pending ones will run. (Note: Make sure 
	//our kevent handlers check to see if we are attached before doing anything so that we don't schedule anything new while
	//shutting down) 
	LOG("Cancel cpdev kevents");
	cancel_work_sync(&cpbdev->kevent);

	//Make sure all the urbs have been cancelled
	// ensure there are no more active urbs
	//set_current_state(TASK_UNINTERRUPTIBLE);
	//these cause the urbs to be cancelled and the callbacks to be called. The urbs are removed from
	//the queues in the callbacks.
	cp_lkm_usb_unlink_urbs (cpbdev, &cpbdev->out_q, NULL);
	cp_lkm_usb_unlink_urbs (cpbdev, &cpbdev->in_q, NULL);
	cp_lkm_usb_unlink_urbs (cpbdev, &cpbdev->ctrlq, NULL);

	LOG("Wait for all cpdev urbs to be returned");
	cp_lkm_do_or_die(cpbdev, NULL, cp_lkm_usb_shuter_down_do_empty_queues, CP_LKM_TIMEOUT_MS, CP_LKM_ITER, "Failed to empty cpdev queues");

	//shutdown timer and tasklets
	LOG("Shutdown cpdev timers and tasklets");
	del_timer_sync (&cpbdev->rx_delay);
	cp_lkm_usb_stuck_check(cpbdev, CP_LKM_STUCK_DEINIT);

	tasklet_kill(&cpbdev->data_process_tasklet);
	tasklet_kill(&cpbdev->other_process_tasklet);

	// All outstanding transfers are back, so now we can clean up.
	cp_lkm_usb_clean_list(&cpbdev->data_tx_done);
	cp_lkm_usb_clean_list(&cpbdev->data_rx_done);
	cp_lkm_usb_clean_list(&cpbdev->other_done);

	//printk("%s() done\n", __FUNCTION__);
	usb_set_intfdata(cpbdev->intf, NULL);
	usb_put_intf(cpbdev->intf);
	cpbdev->intf = NULL;
	LOG("cpdev unplug done");

	return;

}

// Called when the USB hub detects that our device just unplugged.
// Called in a thread context. We do the lower usb cleanup here because there
// are some things that have to be done before exiting from disconnect. 
// We don't clean up the upper layer stuff because the upper layer doesn't yet know
// we are unplugged and will continue to send us data. When the upper layer gets the 
// unplug notify, it will call cp_lkm_usb_unplug_intf. We finish cleaning up in there.
void cp_lkm_usb_disconnect(struct usb_interface *intf)
{
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;
	//unsigned long flags;
	int unique_id;

	// We don't want this function to run at the same time as any of the calls from the modem common stack (ioctl and write)
	// They all grab this lock for the duration of their calls. They also check the state of the device before proceeding.
	// Once we have the lock, we know none of them are running. Any new calls will block waiting on the lock. 
	// If we then change the state to dead we can release the lock while we do the rest of cleanup. When they get the lock
	// they will see the state is dead and error out and return immediately. This prevents us from blocking the common modem thread.
	spin_lock(&cp_lkm_usb_mgr.lock);

	//If cpdev is not in intf, then this is the close->disconnect path, so do nothing
	unique_id = (uintptr_t)usb_get_intfdata(intf);

	//struct usb_device *udev;
	//printk("%s() start, id: %d\n", __FUNCTION__, unique_id);

	//see if device already went away, this should be impossible
	//the unique id is always for the first instance if running clones
	cpdev = cp_lkm_usb_find_dev(unique_id);
	if(!cpdev) {
		//printk("%s() no cpdev, id: %d\n", __FUNCTION__, unique_id);
		spin_unlock(&cp_lkm_usb_mgr.lock);
		return;
	}
	cpbdev = cpdev->cpbdev;
	cpbdev->disconnect_wait = true;

	// Mark the device as dead so we won't start anything new. 
	// NOTE: make sure nothing new can be started on the USB side from this point on.
	//  	 This includes transmits from the network. Transmits from cpusb.
	//  	 Recv packets, halt clears, ioctls etc
	cp_lkm_usb_mark_base_as_dead(cpbdev);

	// Once device is marked dead, we can release the semaphore. This is so write and ioctl from the modem stack
	// can return quickly with errors instead of blocking while the disconnect completes. 
	spin_unlock(&cp_lkm_usb_mgr.lock);

	cp_lkm_usb_shuter_down(cpbdev);

	cpbdev->disconnect_wait = false;
	memref_deref(cpbdev);

	//printk("%s() done id: %d\n", __FUNCTION__,unique_id);
}

static void cp_lkm_usb_base_dev_finalize(void *arg)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev*)arg;
	struct list_head *entry, *nxt;
	struct cp_lkm_base_ep *bep;
	//int unique_id = cpbdev->base_id;
	//printk("%s()\n", __FUNCTION__);

	//if was added to the list, need to remove it.
	if(cpbdev->list.next != &cpbdev->list) {
		spin_lock(&cp_lkm_usb_mgr.lock);
		list_del(&cpbdev->list);
		//printk("%s() free cpbdev from global list \n", __FUNCTION__);
		spin_unlock(&cp_lkm_usb_mgr.lock);
	}

	//These should already be empty, but just in case
	//printk("%s() clean lists\n", __FUNCTION__);
	cp_lkm_usb_clean_list(&cpbdev->in_q);
	cp_lkm_usb_clean_list(&cpbdev->out_q);
	cp_lkm_usb_clean_list(&cpbdev->ctrlq);
	cp_lkm_usb_clean_list(&cpbdev->data_tx_done);
	cp_lkm_usb_clean_list(&cpbdev->data_rx_done);
	cp_lkm_usb_clean_list(&cpbdev->other_done);

	if(cpbdev->wrapper_ctxt) {
		//printk("%s() free wrapper\n", __FUNCTION__);
		cp_lkm_wrapper_instance_free(cpbdev->wrapper_ctxt);
		cpbdev->wrapper_ctxt = NULL;
	}
	if(cpbdev->usb_driver) {
		//printk("%s() free driver\n", __FUNCTION__);
		kfree(cpbdev->usb_driver);
		cpbdev->usb_driver = NULL;
	}
	if(cpbdev->usb_id_table) {
		//printk("%s() free id table\n", __FUNCTION__);
		kfree(cpbdev->usb_id_table);
		cpbdev->usb_id_table = NULL;
	}
	if(cpbdev->udev) {
		//printk("%s() free udev\n", __FUNCTION__);
		usb_put_dev (cpbdev->udev);
		cpbdev->udev = NULL;
	}

	//printk("%s() - free eps\n",__FUNCTION__);
	list_for_each_safe(entry, nxt, &cpbdev->cpdev_list) {
		struct cp_lkm_usb_dev* cpdev = list_entry(entry, struct cp_lkm_usb_dev, list);
		//printk("%s() - free cpdev: %p from cpbdev: %p\n",__FUNCTION__, cpdev, cpbdev);
		list_del(&cpdev->list);
		memref_deref(cpdev);
	}
	list_for_each_safe(entry, nxt, &cpbdev->in_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		//printk("%s() - free in bep: %p from cpbdev: %p\n",__FUNCTION__,bep, cpbdev);
		list_del(&bep->list);
		memref_deref(bep);
	}
	list_for_each_safe(entry, nxt, &cpbdev->out_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		//printk("%s() - free out bep: %p from cpbdev: %p\n ",__FUNCTION__,bep, cpbdev);
		list_del(&bep->list);
		memref_deref(bep);
	}
	//printk("%s() done base_id: %d\n", __FUNCTION__,unique_id);

}

static void cp_lkm_usb_dev_finalize(void *arg)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev*)arg;
	struct list_head *entry, *nxt;
	struct cp_lkm_ep *ep;

	//printk("%s() start\n", __FUNCTION__);
	//todo remove
	//del_timer_sync(&cpdev->dbg_timer);

	//printk("%s() - free eps\n",__FUNCTION__);
	list_for_each_safe(entry, nxt, &cpdev->in_ep_list) {
		ep = list_entry(entry, struct cp_lkm_ep, list_cpdev);
		//printk("%s() - free ep: %p, num: %d from cpdev: %p\n",__FUNCTION__,ep, ep->ep_num, cpdev);
		list_del(&ep->list_cpdev);
		memref_deref(ep);
	}
	list_for_each_safe(entry, nxt, &cpdev->out_ep_list) {
		ep = list_entry(entry, struct cp_lkm_ep, list_cpdev);
		//printk("%s() - free ep: %p, num: %d from cpdev: %p\n",__FUNCTION__,ep, ep->ep_num, cpdev);
		list_del(&ep->list_cpdev);
		memref_deref(ep);
	}

	if(cpdev->edi) {
		//printk("%s() free edi\n", __FUNCTION__);
		cpdev->edi->usb_send_ctx = NULL;
		cpdev->edi->usb_send = NULL;

		memref_deref(cpdev->edi);
		cpdev->edi = NULL;
	}

	//printk("%s() end \n", __FUNCTION__);
}

static int cp_lkm_usb_plug_intf(struct cp_lkm_usb_plug_intf* pi)
{
	int retval;
	struct cp_lkm_usb_dev* cpdev = NULL;
	struct cp_lkm_usb_base_dev* cpbdev = NULL;
	bool need_new;
	bool is_cloneable;

	//Make sure we aren't going to overflow the skb space reserved for us to use
	//DEBUG_ASSERT(sizeof(struct skb_data) < sizeof(((struct sk_buff*)0)->cb));
	//DEBUG_INFO("%s(), skb_data size: %d, skb_buff cb size: %d",__FUNCTION__,sizeof(struct skb_data),sizeof(((struct sk_buff*)0)->cb));

	// We need to alloc a new cpbdev on plug if:
	// 1. The device is not cloned at this layer (thus each plug has its own cpbdev) 
	//    Note: Some devices are cloned at other layers (cpusb_linux.c), so they can be running as clones in the system, but not at this layer.
	//          This is why we can't just look at the clone_num to determine.
	// 2. It is cloneable and clone_num is 0 (only the first clone gets a new cpbdev, the rest share it)
	is_cloneable = pi->feature_flags & CP_LKM_FEATURE_CLONE_MUXED_INTF;
	need_new = !is_cloneable || (is_cloneable && pi->clone_num == 0);

	//printk("%s() start id:%d vid/pid: 0x%x/0x%x, bus/addr: %d/%d, intf: %d, flags: 0x%x, clone: %d, mux: %d\n", __FUNCTION__, pi->unique_id, pi->vid, pi->pid, pi->bus, pi->addr, pi->intf_num, pi->feature_flags, pi->clone_num, pi->mux_id);

	if (need_new) {
		//first instance, so need a new cpbdev
		cpbdev = memref_alloc_and_zero(sizeof(struct cp_lkm_usb_base_dev), cp_lkm_usb_base_dev_finalize);
		if(!cpbdev) {
			//printk("%s() failed to alloc cpbdev\n", __FUNCTION__);
			goto init_fail;
		}
		//printk("%s() id: %d, alloc'd new cpbdev: %p\n", __FUNCTION__, pi->unique_id, cpbdev);
		cpbdev->base_state = CP_LKM_USB_INIT;
		cpbdev->vid = pi->vid;   							
		cpbdev->pid = pi->pid;   							
		cpbdev->intf_num = pi->intf_num;
		cpbdev->alt_intf_num = pi->alt_intf_num;    
		cpbdev->usb_bus = pi->bus;   				   
		cpbdev->usb_addr = pi->addr;
		cpbdev->feature_flags = pi->feature_flags;   				
		cpbdev->base_id = pi->unique_id; 
		INIT_LIST_HEAD(&cpbdev->in_bep_list);
		INIT_LIST_HEAD(&cpbdev->out_bep_list);
		INIT_LIST_HEAD(&cpbdev->list);
		INIT_LIST_HEAD(&cpbdev->cpdev_list);
		cpbdev->data_in_bep_num = pi->ep_in;
		cpbdev->data_out_bep_num = pi->ep_out;

		//alloc and register the usb driver
		cpbdev->usb_driver = kzalloc(sizeof(struct usb_driver), GFP_KERNEL);
		if(!cpbdev->usb_driver) {
			//printk("%s() failed to alloc driver\n", __FUNCTION__);
			goto init_fail;
		}

		cpbdev->usb_id_table = kzalloc(sizeof(struct usb_device_id)*2, GFP_KERNEL);
		if(!cpbdev->usb_id_table) {
			//printk("%s() failed to alloc table\n", __FUNCTION__);
			goto init_fail;
		}

		cpbdev->usb_id_table[0].idVendor = cpbdev->vid;  
		cpbdev->usb_id_table[0].idProduct = cpbdev->pid;
		cpbdev->usb_id_table[0].match_flags = USB_DEVICE_ID_MATCH_DEVICE;
		cpbdev->usb_id_table[0].driver_info = (unsigned long)pi->unique_id;

		//create unique drvr string
		sprintf(cpbdev->usb_drvr_name, USB_DRVR_FRMT_STR, pi->unique_id); 
		cpbdev->usb_driver->name = cpbdev->usb_drvr_name;
		cpbdev->usb_driver->probe = cp_lkm_usb_probe;
		cpbdev->usb_driver->disconnect = cp_lkm_usb_disconnect;
		cpbdev->usb_driver->id_table = cpbdev->usb_id_table;


		skb_queue_head_init (&cpbdev->in_q);
		skb_queue_head_init (&cpbdev->out_q);
		skb_queue_head_init (&cpbdev->ctrlq);
		skb_queue_head_init (&cpbdev->data_tx_done);
		skb_queue_head_init (&cpbdev->data_rx_done);
		skb_queue_head_init (&cpbdev->other_done);
		cpbdev->data_q_len = 0;
		spin_lock_init(&cpbdev->data_q_lock);
		spin_lock_init(&cpbdev->processing_state_lock);
		spin_lock_init(&cpbdev->other_state_lock);
		cpbdev->processing_state = USB_PROCESS_STATE_IDLE;
		cpbdev->other_state = USB_PROCESS_STATE_IDLE;
		INIT_WORK(&cpbdev->kevent, cp_lkm_usb_kevent);

		cpbdev->rx_delay.function = cp_lkm_usb_delay_timer; //TODO: this needs to handle the cpdev or cpbdev??
		cpbdev->rx_delay.data = (unsigned long) cpbdev; //????? should this be cpdev??
		init_timer (&cpbdev->rx_delay);

		cpbdev->data_process_tasklet.func = cp_lkm_usb_process_data_done_tasklet; //TODO: modify to take cpbdev
		cpbdev->data_process_tasklet.data = (unsigned long) cpbdev;

		cpbdev->other_process_tasklet.func = cp_lkm_usb_process_other_done_tasklet; //TODO: modify to take cpbdev
		cpbdev->other_process_tasklet.data = (unsigned long) cpbdev;

		cpbdev->disconnect_wait = false;

		spin_lock(&cp_lkm_usb_mgr.lock);
		list_add_tail(&cpbdev->list, &cp_lkm_usb_mgr.dev_list);
		spin_unlock(&cp_lkm_usb_mgr.lock);

		// When we call register, it calls our probe function with all available matching interfaces. In probe
		// we save the result of the probe so we can return fail here if it didn't go well
		//printk("%s() reg drvr for vid:%x, pid:%x, addr:%d, intf:%d\n", __FUNCTION__, pi->vid,pi->pid,pi->addr,pi->intf_num);
		retval = usb_register(cpbdev->usb_driver);
		if(retval || cpbdev->plug_result != 0) {
			//printk("%s() failed to register driver or probe failed retval:%d, plug_result:%d\n", __FUNCTION__, retval, cpbdev->plug_result);
			goto init_fail;
		}
		cpbdev->base_state = CP_LKM_USB_CTRL;
		DEBUG_TRACE("%s() done", __FUNCTION__);	
	}
	else{
		//clone, should already have a base dev
		cpbdev = cp_lkm_usb_find_base_dev(pi->bus, pi->addr, pi->unique_id, CP_LKM_DEV_MATCH_BUS_ADDR_ONLY);
		if(!cpbdev) {
			//printk("%s() failed to find cpbdev\n", __FUNCTION__);
			goto init_fail;
		}
		//printk("%s() id: %d, already have cpbdev: %p\n", __FUNCTION__, pi->unique_id, cpbdev);
	}

	// make sure base dev has all the feature flags of every clone
	cpbdev->feature_flags |= pi->feature_flags;

	//printk("%s() id: %d, cpbdev: %p, alloc new cpdev\n", __FUNCTION__, pi->unique_id, cpbdev);
	cpdev = memref_alloc_and_zero(sizeof(struct cp_lkm_usb_dev), cp_lkm_usb_dev_finalize);
	if(!cpdev) {
		//printk("%s() failed to alloc cpdev\n", __FUNCTION__);
		goto init_fail;
	}
	//printk("%s() id: %d, cpdev: %p\n", __FUNCTION__, pi->unique_id, cpdev);

	INIT_LIST_HEAD(&cpdev->in_ep_list);
	INIT_LIST_HEAD(&cpdev->out_ep_list);
	INIT_LIST_HEAD(&cpdev->list);
	//add to list right away so if anything below fails, it will be cleaned up when cpbdev is cleaned up
	list_add_tail(&cpdev->list, &cpbdev->cpdev_list);
	cpdev->cpbdev = cpbdev;
	cpdev->unique_id = pi->unique_id;  
	//clone and mux are only used with muxed clone interfaces. 
	cpdev->clone_num = (pi->feature_flags & CP_LKM_FEATURE_CLONE_MUXED_INTF) ? pi->clone_num : 0;
	cpdev->mux_id = (pi->feature_flags & CP_LKM_FEATURE_CLONE_MUXED_INTF) ? pi->mux_id : CP_LKM_WRAPPER_DEFAULT_ID;
	//printk("%s() unique_id: %d, clone: %d, mux_id: %d\n", __FUNCTION__, pi->unique_id, pi->clone_num, cpdev->mux_id);
	cpdev->data_in_ep_num = pi->ep_in;
	cpdev->data_out_ep_num = pi->ep_out;
	//pre-create the data endpoints so they will be first in the list, since they are most often used
	cp_lkm_usb_create_ep(cpdev, pi->ep_in);
	cp_lkm_usb_create_ep(cpdev, pi->ep_out);
	cpdev->edi = memref_alloc_and_zero(sizeof(struct cp_lkm_edi), NULL);
	if(!cpdev->edi) {
		//printk("%s() failed to alloc edi\n", __FUNCTION__);
		goto init_fail;
	}
	cpdev->edi->usb_send = cp_lkm_usb_start_xmit;

	//for debug, comment out before checkin
	//cpdev->dbg_timer.function = cp_lkm_usb_dbg_timer;
	//cpdev->dbg_timer.data = (unsigned long)cpdev;
	//init_timer(&cpdev->dbg_timer);
	//mod_timer(&cpdev->dbg_timer, jiffies + msecs_to_jiffies(10000));

	//TODO CA: I think this shouldn't be set until open, commenting out for now to see if blows chow in plug fest
	//cpdev->edi->usb_send_ctx = cpdev;

	cpdev->state = CP_LKM_USB_CTRL;

	//printk("%s() done success id: %d\n", __FUNCTION__, pi->unique_id);

	return 0;

init_fail:
	if(cpbdev) {
		//the finalizer for cpbdev does the clean up
		memref_deref(cpbdev);
	}
	//returning an error to the modem stack on plug will cause it to hard reset
	//the modem, thus causing the rest of the driver cleanup to occur
	//printk("%s() open_intf fail\n", __FUNCTION__);
	return -1;
}

static int cp_lkm_usb_set_wrapper(struct cp_lkm_usb_set_wrapper* sw)
{	//unsigned long flags;
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;
	void* wrapper_info = NULL;
	unsigned long not_copied;
	int res = 0;
	//printk("%s() unique_id: %d, clone: %d, mux_id: %d\n", __FUNCTION__, sw->unique_id, sw->clone_num, sw->mux_id);

	spin_lock(&cp_lkm_usb_mgr.lock);
	cpdev = cp_lkm_usb_find_dev(sw->unique_id);

	if(!cpdev) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() no cpdev found for id: %d\n", __FUNCTION__, sw->unique_id);
		return -1;
	}
	cpbdev = cpdev->cpbdev;
	if(cpbdev->base_state == CP_LKM_USB_DEAD){
		//modem is unplugging, upper layer just doesn't know it yet, so act like ok until it finds out
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() set_wrapper fail cpdev:%p, state:%d\n", __FUNCTION__, cpdev, cpdev->state);
		return 0;
	}

// benk - what if wrapper_info_len is 0???
	if(cpbdev->wrapper_ctxt){
		//already have a wrapper so free it
		cp_lkm_wrapper_instance_free(cpbdev->wrapper_ctxt);
	}

	if(sw->wrapper_info_len) {
		wrapper_info = kzalloc(sw->wrapper_info_len, GFP_KERNEL);
		if(!wrapper_info) {
			DEBUG_ERROR("%s() couldn't alloc wrapper info", __FUNCTION__);
			res = -1;
			goto set_wrapper_done;
		}
	}


	//copy the wrapper info from user to kernel space
	not_copied = copy_from_user(wrapper_info, sw->wrapper_info, sw->wrapper_info_len);
	if (not_copied) {
		DEBUG_ERROR("%s() couldn't copy wrapper info", __FUNCTION__);
		res = -1;
		goto set_wrapper_done;
	}
	//alloc the wrapper instance. On success it takes ownership of the wrapper_info and is responsible for freeing it
	DEBUG_INFO("%s() wrapper: %d", __FUNCTION__, sw->wrapper);
	cpbdev->wrapper_ctxt = cp_lkm_wrapper_instance_alloc(sw->wrapper, wrapper_info, sw->wrapper_info_len);
	if(!cpbdev->wrapper_ctxt){
		DEBUG_ERROR("%s() couldn't alloc wrapper", __FUNCTION__);
		res = -1;
		goto set_wrapper_done;
	}
	cpbdev->wrapper_hdr_size = cp_lkm_wrapper_hdr_size(cpbdev->wrapper_ctxt);
	cp_lkm_wrapper_set_state(cpbdev->wrapper_ctxt, cpdev->mux_id, CP_LKM_WRAPPER_CTRL);

	cpdev->clone_num = sw->clone_num;
	cpdev->mux_id = sw->mux_id;


set_wrapper_done:
	if(wrapper_info) {
		kfree(wrapper_info);
	}

	spin_unlock(&cp_lkm_usb_mgr.lock);
	return res;

}

static int cp_lkm_usb_set_mux_id(struct cp_lkm_usb_set_mux_id* smi)
{	//unsigned long flags;
	struct cp_lkm_usb_dev* cpdev;
	//struct cp_lkm_usb_base_dev* cpbdev;
	int res = 0;

	//printk("%s()\n", __FUNCTION__);

	spin_lock(&cp_lkm_usb_mgr.lock);
	cpdev = cp_lkm_usb_find_dev(smi->unique_id);
	if(!cpdev) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() failed to find cpdev for id: %d\n", __FUNCTION__, smi->unique_id);
		return -1;
	}
	if(cpdev->cpbdev->base_state == CP_LKM_USB_DEAD){
		//modem is unplugging, upper layer just doesn't know it yet, so act like ok until it finds out
		spin_unlock(&cp_lkm_usb_mgr.lock);
		return 0;
	}
	cpdev->mux_id = smi->mux_id;
	//printk("%s() unique_id: %d, mux_id: %d\n", __FUNCTION__, smi->unique_id, smi->mux_id);

	spin_unlock(&cp_lkm_usb_mgr.lock);
	return res;

}

static int cp_lkm_usb_open_intf(struct cp_lkm_usb_open_intf* oi)
{
	//unsigned long flags;
	struct cp_lkm_usb_dev* cpdev;

	//printk("%s() u-uid: %d\n", __FUNCTION__,oi->unique_id);

	spin_lock(&cp_lkm_usb_mgr.lock);
	cpdev = cp_lkm_usb_find_dev(oi->unique_id);

	//if state isn't CP_LKM_USB_CTRL, then the interface either did not plug for some reason (i.e. didn't get probe from usb),
	//or it plugged, but then unplugged before open was called.
	if(!cpdev || cpdev->cpbdev->base_state  != CP_LKM_USB_CTRL) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() open_intf fail cpdev:%p, state:%d\n", __FUNCTION__, cpdev, cpdev?cpdev->state:0xff);
		return -1;
	}
	cpdev->state = CP_LKM_USB_ACTIVE;
	cpdev->edi->usb_send_ctx = cpdev; //this allows the network side to call me
	cp_lkm_wrapper_set_state(cpdev->cpbdev->wrapper_ctxt, cpdev->mux_id, CP_LKM_WRAPPER_ACTIVE);
	spin_unlock(&cp_lkm_usb_mgr.lock);
	//printk("%s() done\n", __FUNCTION__);
	return 0;

}

static int cp_lkm_usb_close_intf(struct cp_lkm_usb_close_intf* ci)
{
	//unsigned long flags;
	struct cp_lkm_usb_dev* cpdev;

	//printk("%s() u-uid: %d\n", __FUNCTION__, ci->unique_id);

	//down(&cp_lkm_usb_mgr.thread_sem);
	spin_lock(&cp_lkm_usb_mgr.lock);
	cpdev = cp_lkm_usb_find_dev(ci->unique_id);

	if(!cpdev || cpdev->cpbdev->base_state  == CP_LKM_USB_DEAD) {
		//device has already unplugged, or is half-unplugged, so don't allow this action to complete
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//up(&cp_lkm_usb_mgr.thread_sem);
		return 0;
	}
	cpdev->edi->usb_send_ctx = NULL;  //disconnect from network side so he won't send me any more data
	cpdev->state = CP_LKM_USB_CTRL;
	cp_lkm_wrapper_set_state(cpdev->cpbdev->wrapper_ctxt, cpdev->mux_id, CP_LKM_WRAPPER_CTRL);
	spin_unlock(&cp_lkm_usb_mgr.lock);
	//up(&cp_lkm_usb_mgr.thread_sem);
	//printk("%s() done\n", __FUNCTION__);

	return 0;
}

static bool cp_lkm_usb_unplug_do_disconnect_wait(void* ctx1, void* ctx2)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev*)ctx1;
	bool done = false;
	if (cpbdev->disconnect_wait == false){
		done = true;
	}
	return done;
}

/* 
 * This function is called when the common modem stack wants to give up the interface. 
 * There are two scenarios: 
 *   1. Modem unplugs which leads to the following flow:
 *  		-> cp_lkm_usb_disconnect is called by USB sublayer, it cleans up bottom half of cpdev and waits for common modem stack unplug
 *  		-> common modem stack sees unplug event
 *  		-> it calls this function to finish the cleanup and deregister the driver
 *  		-> we are done
 *  
 *   2. Common modem stack decides to give up the interface due to one common
 *  	modem driver relinquishing the modem and another common modem driver grabbing it.
 *  	This leads to the following flow:
 *  		-> Common modem stack calls this function.
 *  		-> it calls usb_deregister() which will call cp_lkm_usb_disconnect in context
 *  		-> cp_lkm_usb_disconnect shuts down and frees the usb interface
 *  		-> After usb_deregister() exits we finish and exit.
 *  
 *  Notes: This means the two shutdown functions, this one and cp_lkm_usb_disconnect can be
 *  	   run in any order, so they must not stomp on each other. For example since
 *  	   cp_lkm_usb_disconnect frees the interface with the kernel, this function better
 *  	   not do anything that requires the interface after calling usb_deregister()
 *  
 *  	   The modem stack is single threaded so this function can never be reentrant
 */
static int cp_lkm_usb_unplug_intf(struct cp_lkm_usb_unplug_intf* ui)
{
	//find dev in list by unique id
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;
	bool shuter_down = true;
	struct list_head *pos;

	//printk("%s() start id: %d\n", __FUNCTION__, ui->unique_id);
	spin_lock(&cp_lkm_usb_mgr.lock);
	//The device should always exist, but if it doesn't, there is no need to blow up, so exit peacefully
	cpdev = cp_lkm_usb_find_dev(ui->unique_id);
	if(!cpdev) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		return -1;
	}
	cpbdev = cpdev->cpbdev;

	cp_lkm_usb_mark_as_dead(cpdev);

	list_for_each(pos, &cpbdev->cpdev_list){
		struct cp_lkm_usb_dev* tmp_cpdev = list_entry(pos, struct cp_lkm_usb_dev, list);
		if(tmp_cpdev->state != CP_LKM_USB_DEAD) {
			//don't shut down until all clone devices have unplugged
			shuter_down = false;
			break;
		}
	}

	//free semaphore before calling usb_deregister because it causes disconnect to be called for case 2 in the header comments
	//which will try and grab the semaphore, so we would be deadlocked
	spin_unlock(&cp_lkm_usb_mgr.lock);

	if (shuter_down) {
		LOG("Wait for cpdev to finish unplugging");
		cp_lkm_do_or_die(cpbdev, NULL, cp_lkm_usb_unplug_do_disconnect_wait,CP_LKM_TIMEOUT_MS,CP_LKM_ITER,"cpdev failed to finish disconnecting");
	
		//printk("%s() usb_deregister\n",__FUNCTION__);
		usb_deregister(cpbdev->usb_driver);

		/* clean up */
		memref_deref(cpbdev);

	}
	/* IMPORTANT: don't do anything other than deref after call to deregister*/

	LOG("cpdev done unplugging");

	return 0;
}

/*
 * Handle endpoint action requests from modem stack. 
 *  
 * Important things to know: 
 *  In normal mode:
 *    1. There will be 1 cpdev per cpbdev, and 1 ep per bep.
 *    2. Every different ep can either be listened on or recv'd on, but never both at the same time
 *  
 *  In clone mode:
 *    1. There will be n cpdevs per cpbdev, and n eps ber bep (depending on number of clones).
 *    2. Every different ep can either be listened on or recv'd on, but never both at the same time.
 *    3. All cloned data eps can be listened on at the same time (data header allows us to mux data between all the data eps, data endpoints don't use recv).
 *    4. With all other cloned eps of the same type (AT, CNS, QMI), only one clone can be listened on or recv'd on at a time.
 *  	 This is because there are not headers on these channels to let us know where to mux the data to. Fortunately, the
 *  	 modem stack enforces this, so we don't have to enforce it here, but we can use it to know how to route cloned packets
 *  	 coming in on non-data channel endpoints 
*/
static int cp_lkm_usb_ep_action(struct cp_lkm_usb_ep_action* ea)
{
	struct cp_lkm_ep* ep;
	struct cp_lkm_base_ep* bep = NULL;
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;
	//unsigned long flags;
	int pump_recv = 0;

	//printk("%s() - action: %d, ep_num: 0x%x, id: %d\n",__FUNCTION__,ea->action, ea->ep_num, ea->unique_id);

	spin_lock(&cp_lkm_usb_mgr.lock);
	//There should always be a device, and it should always be plugged
	cpdev = cp_lkm_usb_find_dev(ea->unique_id);
	if(!cpdev) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() no device found for unique id: %d\n", __FUNCTION__, ea->unique_id);
		return -1;
	}

	cpbdev = cpdev->cpbdev;
	if(cpbdev->base_state == CP_LKM_USB_INIT) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() no probe yet, unique_id: %d, action: %d\n", __FUNCTION__,ea->unique_id,ea->action);
		return -1;
	}
	if(cpbdev->base_state == CP_LKM_USB_DEAD) {
		// The device can unplug down here before cpusb knows about it so it can continue to send us stuff. 
		// The modem will unplug soon so just act like we did it and return ok. I didn't want to
		// return an error because that might cause cpusb unnecessary heartburn.
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() cpdev already dead, shouldn't be doing this: id: %d, action: %d cpbdev: %p, cpdev: %p\n", __FUNCTION__,ea->unique_id,ea->action,cpbdev,cpdev);
		return 0;
	}
	DEBUG_ASSERT(cpbdev, "cpbdev is null");
	//create the ep if it doesn't already exist
	if(ea->action == EP_ACTION_CREATE) {
		cp_lkm_usb_create_ep(cpdev, ea->ep_num);
	}

	if (ea->action == EP_ACTION_FLUSH_CONTROL) {
		ep = NULL;
	} else {
		ep = cp_lkm_usb_get_ep(cpdev, ea->ep_num);
		if(!ep) {
			spin_unlock(&cp_lkm_usb_mgr.lock);
			//printk("%s() failed to find ep: 0x%x for action: %d\n", __FUNCTION__, ea->ep_num, ea->action);
			return -1;
		}
		bep = ep->bep;
		DEBUG_ASSERT(bep,"base ep is null");
	}


	//if (ep && ea->action != EP_ACTION_RECV) {
	//	printk("%s() - action: %d, ep_num: 0x%x, bep: %p, ep: %p, cpbdev: %p, cpdev: %p, id: %d\n",__FUNCTION__,ea->action, ea->ep_num, bep, ep, bep->cpbdev, ep->cpdev,ea->unique_id);
	//}

	//printk("ea->action: %d, ep_num: %d\n", ea->action, ea->ep_num);
	switch(ea->action) {
	case EP_ACTION_CREATE:
		//printk("%s() - action: %d, ep_num: 0x%x, bep: %p, ep: %p, cpbdev: %p, cpdev: %p, id: %d\n",__FUNCTION__,ea->action, ea->ep_num, bep, ep, bep->cpbdev, ep->cpdev,ea->unique_id);
		//initialize endpoint fields
		bep->type = ea->ep_type;
		bep->max_transfer_size = ea->max_transfer_size;
		bep->interval = ea->interval;

		DEBUG_ASSERT(cpbdev->udev,"udev is null");
		if(bep->ep_num & USB_DIR_IN) { //in
			if(bep->type == UE_BULK) {
				bep->pipe = usb_rcvbulkpipe(cpbdev->udev,bep->ep_num);
			}
			else{ //interrupt
				bep->pipe = usb_rcvintpipe(cpbdev->udev, bep->ep_num);
			}   			
		}
		else{ //out
			if(bep->type == UE_BULK) { 
				bep->pipe = usb_sndbulkpipe(cpbdev->udev,bep->ep_num);
			}
			else{ //interrupt
				bep->pipe = usb_sndintpipe(cpbdev->udev, bep->ep_num);
			}
		}
		DEBUG_TRACE("%s() create action:%d, ep:0x%x, type:%d, pipe:0x%x", __FUNCTION__, ea->action, ea->ep_num, ea->ep_type, bep->pipe);
		break;

	case EP_ACTION_LISTEN:
		DEBUG_TRACE("%s() listen action:%d, ep:0x%x, type:%d, pipe:0x%x", __FUNCTION__, ea->action, ea->ep_num, ea->ep_type, bep->pipe);
		ep->con_flags |= CP_LKM_USB_LISTEN;
		//listen on any endpoint starts listen on base
		bep->con_flags |= CP_LKM_USB_LISTEN;
		pump_recv = 1;
		break;

	case EP_ACTION_LISTEN_STOP:
		{
			bool listen_done = true;
			struct list_head *entry, *nxt;
			struct cp_lkm_ep *tmp_ep;

			DEBUG_TRACE("%s() listen stop action:%d, ep:0x%x, type:%d, pipe:0x%x", __FUNCTION__, ea->action, ea->ep_num, ea->ep_type, bep->pipe);

			// the ep is done listening
			ep->con_flags &= ~CP_LKM_USB_LISTEN;

			//now see if all eps on this bep are done listening
			list_for_each_safe(entry, nxt, &bep->eps) {
				tmp_ep = list_entry(entry, struct cp_lkm_ep, list_bep);
				if(tmp_ep->con_flags & CP_LKM_USB_LISTEN) {
					//if any of the eps on the bep still listening, then still listen on the bep
					listen_done = false;
					break;
				}
			}
			if(listen_done) {
				bep->con_flags &= ~CP_LKM_USB_LISTEN;
				//If RX_HALT bit set then there is an error on this endpoint and the kevent will be scheduled to fix the error. As part of the fix
				//he will unlink the urbs. Bad things can happen if we call cp_lkm_usb_unlink_urbs here at same time the kevent handler is calling it
				if(!test_bit (EVENT_RX_HALT, &bep->err_flags)){
					//TODO CORY: is it ok to call unlink while holding the global lock?? Can I set a flag and run the tasklet to do the work instead??
					cp_lkm_usb_unlink_urbs(cpbdev, &cpbdev->in_q, bep);
				}
			}
		}
		break;

	case EP_ACTION_RECV:
		DEBUG_TRACE("%s() recv action:%d, ep:0x%x, type:%d, pipe:0x%x", __FUNCTION__, ea->action, ea->ep_num, ea->ep_type, bep->pipe);
		// can only have one pending recv on a given ep
		ep->con_flags |= CP_LKM_USB_RECV;
		bep->con_flags |= CP_LKM_USB_RECV;
		pump_recv = 1;
		break;

	case EP_ACTION_FLUSH_CONTROL:
		//printk("%s() flush control action:%d\n", __FUNCTION__, ea->action);
		//TODO CORY: is it ok to call unlink while holding the global lock?? Can I set a flag and run the tasklet to do the work instead??
		//We don't schedule kevents to clear endpoint halts since they are self recovering so we don't need to test the halt bits on the ctrl channel
		cp_lkm_usb_unlink_urbs(cpbdev, &cpbdev->ctrlq, NULL);
		break;

	case EP_ACTION_SET_MAX_TX_SIZE:
		//printk("%s() set max tx size to %d on ep: 0x%x\n",__FUNCTION__,ea->max_transfer_size, ea->ep_num);
		bep->max_transfer_size = ea->max_transfer_size;
		break;

	default:
		break;
	}


	if(pump_recv) {
		cp_lkm_schedule_rx_restock(cpbdev, bep);
	}

	spin_unlock(&cp_lkm_usb_mgr.lock);

	return 0;
}

static bool cp_lkm_usb_do_pm_link(void* ctx1, void* ctx2)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev*)ctx1;
	struct cp_lkm_usb_base_dev* cpbdev = cpdev->cpbdev;
	struct cp_lkm_usb_pm_link* upl = (struct cp_lkm_usb_pm_link*)ctx2;
	unsigned long flags;
	bool done = false;
	int rc;

	//printk("%s() usb id: %d, pm id: %d, link: %d\n", __FUNCTION__, upl->usb_unique_id, upl->pm_unique_id ,upl->link);

	// We are getting ready to either link or unlink the usb to the protocol manager. This means we will be changing
	// function pointers that are used by the data processing state machine and by the code that schedules the data
	// processing machine. 
	// 
	// We need to shut both of those down before doing the linking. 
	//   1: We shut the machine down by setting the state to USB_PROCESS_STATE_PAUSED. 
	//   2: We shut down the scheduling by putting the data_q_len to CP_LKM_USB_PAUSED_CNT so the hw interrupts won't schedule a process
	spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
	if(cpbdev->processing_state == USB_PROCESS_STATE_IDLE){
		cpbdev->processing_state = USB_PROCESS_STATE_PAUSED;  //pauses the data processing soft irq handler

		spin_lock(&cpbdev->data_q_lock);
		cpbdev->data_q_len = CP_LKM_USB_PAUSED_CNT;   	  //stops the hw irq handlers from trying to schedule the soft irq handler
		spin_unlock(&cpbdev->data_q_lock);

		if(upl->link) {
			cpdev->edi->usb_send_ctx = cpdev;
		}

		//release lock while calling pm since we don't know how long they may take. We have already set the processing_state to
		//paused so the soft interrupt routines won't try to do anything so we are safe.
		spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);

		rc = cp_lkm_pm_usb_link(cpdev->edi, upl->pm_unique_id, upl->link);
		DEBUG_ASSERT(rc == 0, "Failed to link usb and pm");

		spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
		if(upl->link) {
			if (cpdev->edi->pm_get_hdr_size && cpdev->edi->pm_recv_ctx) {
				cpdev->edi->pm_get_hdr_size(cpdev->edi->pm_recv_ctx, cpbdev->wrapper_hdr_size, &cpbdev->pm_hdr_size, &cpbdev->pm_hdr_offset);
			}
		}
		else{
			cpdev->edi->usb_send_ctx = NULL;
		}

		cpdev->pm_id = upl->pm_unique_id;

		spin_lock(&cpbdev->data_q_lock);
		//set things back up properly before re-enabling the soft irq and hardware handlers 
		cpbdev->data_q_len = cpbdev->data_rx_done.qlen + cpbdev->data_tx_done.qlen; //this must be set before calling schedule_data_process
		spin_unlock(&cpbdev->data_q_lock);

		cpbdev->processing_state = USB_PROCESS_STATE_IDLE;
		done = true;
	}
	spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);

	return done;
}

static int cp_lkm_usb_pm_link(struct cp_lkm_usb_pm_link* upl)
{
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;

	spin_lock(&cp_lkm_usb_mgr.lock);
	//There should always be a device, and it should always be plugged
	cpdev = cp_lkm_usb_find_dev(upl->usb_unique_id);

	//printk("%s() cpdev: %p, u-uid: %d, pm-uid: %d, up: %d\n", __FUNCTION__, cpdev, upl->usb_unique_id, upl->pm_unique_id, upl->link);

	if(!cpdev || cpdev->cpbdev->base_state == CP_LKM_USB_INIT) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() no device or no probe yet\n", __FUNCTION__);
		return -1;
	}
	cpbdev = cpdev->cpbdev;
	// The device can unplug down here before cpusb knows about it so it can continue to send us stuff. 
	// The modem will unplug soon so just act like we did it and return ok. I didn't want to
	// return an error because that might cause cpusb unnecessary heartburn.
	if(cpbdev->base_state == CP_LKM_USB_DEAD) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		//printk("%s() device already unplugged\n", __FUNCTION__);
		return 0;
	}

	//printk("%s() usb id: %d, pm id: %d, link: %d\n", __FUNCTION__, upl->usb_unique_id, upl->pm_unique_id ,upl->link);
	// We are getting ready to either link or unlink the usb to the protocol manager. This means we will be changing
	// function pointers that are used by the data processing state machine and by the code that schedules the data
	// processing machine. 
	// 
	// We need to shut both of those down before doing the linking. 
	//   1: We shut the machine down by setting the state to USB_processing_state_PAUSED. 
	//   2: We shut down the scheduling by putting the data_q_len to CP_LKM_USB_PAUSED_CNT so the hw interrupts won't schedule a process
	cp_lkm_do_or_die(cpdev, upl, cp_lkm_usb_do_pm_link, CP_LKM_TIMEOUT_MS, CP_LKM_ITER, "cpdev failed to link with pm");

	//printk("%s() done\n", __FUNCTION__);
	spin_unlock(&cp_lkm_usb_mgr.lock);
	//force a resume
	cp_lkm_schedule_data_process(cpbdev, false, true, false);
	return 0;
}

static int cp_lkm_usb_is_alive_intf(struct cp_lkm_usb_is_alive_intf *alivei)
{
	//find dev in list by unique id
	struct cp_lkm_usb_dev *cpdev;
	int alive;

	//printk("%s() start\n", __FUNCTION__);
	spin_lock(&cp_lkm_usb_mgr.lock);
	//The device should always exist, but if it doesn't, there is no need to blow up, so exit peacefully
	cpdev = cp_lkm_usb_find_dev(alivei->unique_id);

	if(!cpdev) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		return -1;
	}

	alive = (cpdev->state == CP_LKM_USB_DEAD) ? -1 : 0;
	//free semaphore before calling usb_deregister because it causes disconnect to be called for case 2 in the header comments
	//which will try and grab the semaphore, so we would be deadlocked
	spin_unlock(&cp_lkm_usb_mgr.lock);

	return alive;
}
static bool cp_lkm_usb_is_attached(struct cp_lkm_usb_dev* cpdev)
{
	return (cpdev->state == CP_LKM_USB_ACTIVE || cpdev->state == CP_LKM_USB_CTRL);
}

static bool cp_lkm_usb_is_base_attached(struct cp_lkm_usb_base_dev* cpbdev)
{
	//base has three possible states: INIT, CTRL, DEAD (it never goes to ACTIVE, only the cpdev's do that)
	return cpbdev->base_state == CP_LKM_USB_CTRL;
}


// 
// Input:
//   if_data:       set to true if caller only wants to schedule if there is data pending
//   is_reschedule: set to true if the caller is the scheduled handler to see if it should be rescheduled
//   have_lock:     true if the caller already has the lock
// 
// returns:
//  true if scheduled new processing
//  false if didn't schedule. 
// 
// Note: returns false if it was currently scheduled 
static bool cp_lkm_schedule_data_process(struct cp_lkm_usb_base_dev* cpbdev, bool if_data, bool is_reschedule, bool have_lock)
{
	unsigned long flags;
	bool res = false;

	if (!have_lock) {
		spin_lock_irqsave(&cpbdev->data_q_lock, flags);
	}

	//never schedule processing when we are paused
	if (cpbdev->data_q_len == CP_LKM_USB_PAUSED_CNT) {
		goto schedule_done;
	}

	if (is_reschedule) {
		cpbdev->scheduled = false;
	}

	if (cpbdev->scheduled == true) {
		goto schedule_done;
	}

	if (if_data) {
		if(!cp_lkm_usb_have_data(cpbdev)){
			goto schedule_done;
		}
	}

	cpbdev->scheduled = true;
	res = true;

	//cpdev->dbg_total_tasklet_sched++;
	tasklet_schedule(&cpbdev->data_process_tasklet);

schedule_done:
	if (!have_lock) {
		spin_unlock_irqrestore(&cpbdev->data_q_lock, flags);
	}
	return res;
}

static void cp_lkm_schedule_rx_restock(struct cp_lkm_usb_base_dev* cpbdev, struct cp_lkm_base_ep* bep)
{
	if(bep == NULL) {
		cp_lkm_schedule_data_process(cpbdev,false,false,false);
		tasklet_schedule(&cpbdev->other_process_tasklet);
	}
	else if(bep->ep_num == cpbdev->data_in_bep_num) {
		//printk("start data ep listen\n");
		cp_lkm_schedule_data_process(cpbdev,false,false,false);
	}
	else{
		tasklet_schedule(&cpbdev->other_process_tasklet);
	}
}

#define DATA_SRC_TX 0
#define DATA_SRC_RX 1
#define DATA_SRC_OTHER 2
static void cp_lkm_usb_done_and_defer_data(struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb, int src)
{
	unsigned long   	flags;

	spin_lock_irqsave(&cpbdev->data_q_lock, flags);
	if(src == DATA_SRC_TX) {
		__skb_queue_tail(&cpbdev->data_tx_done, skb);
	}
	else{
		__skb_queue_tail(&cpbdev->data_rx_done, skb);
	}
	if(cpbdev->data_q_len != CP_LKM_USB_PAUSED_CNT) {
		cpbdev->data_q_len++;
		cp_lkm_schedule_data_process(cpbdev,true,false,true);
	}
	spin_unlock_irqrestore(&cpbdev->data_q_lock, flags);

}

//for non data endpoint pkts
static void cp_lkm_usb_done_and_defer_other(struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb)
{
	unsigned long   	flags;

	spin_lock_irqsave(&cpbdev->other_done.lock, flags);
	__skb_queue_tail(&cpbdev->other_done, skb);
	//only rearm the softirq if the list was empty
	if(cpbdev->other_done.qlen == 1) {
		tasklet_schedule(&cpbdev->other_process_tasklet);
	}
	spin_unlock_irqrestore(&cpbdev->other_done.lock, flags);
}

static void cp_lkm_usb_process_other_done_tasklet (unsigned long param)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)param;
	struct sk_buff  	*skb;
	struct skb_data 	*entry;
	bool timed_out = false;
	unsigned long time_limit = jiffies + 2;
	bool can_restock = true;
	unsigned long flags;

	spin_lock_irqsave(&cpbdev->other_state_lock, flags);
	if(cpbdev->other_state != USB_PROCESS_STATE_IDLE){
		spin_unlock_irqrestore(&cpbdev->other_state_lock, flags);
		return;
	}
	cpbdev->other_state = USB_PROCESS_STATE_ACTIVE;
	spin_unlock_irqrestore(&cpbdev->other_state_lock, flags);

	if (timer_pending(&cpbdev->rx_delay) || !cp_lkm_usb_is_base_attached(cpbdev)) {
		//printk("%s(), cpbdev %p delaying or no longer attached, base_state: %d\n", __FUNCTION__,cpbdev,cpbdev->base_state);
		can_restock = false;
	}
	//cpdev->dbg_total_o_done++;

	while(!timed_out) {
		skb = skb_dequeue(&cpbdev->other_done);
		if(skb == NULL) {
			break;
		}
		entry = (struct skb_data *) skb->cb;

		//printk("%s(), other data cpbdev: %p, bep: %p, num: 0x%x\n",__FUNCTION__,cpbdev,entry->bep,(entry->bep?entry->bep->ep_num:0));

		//cp_lkm_usb_cnts(entry->state,-1);
		switch (entry->state) {
			case in_other_done:
				if(entry->urb) {
					//cp_lkm_usb_urb_cnt(-1);
					usb_free_urb (entry->urb);
				}
				cp_lkm_usb_other_recv_process(cpbdev, skb);
				break;
			case ctrl_done:
				if(entry->urb) {
					//cp_lkm_usb_urb_cnt(-1);
					usb_free_urb (entry->urb);
				}
				cp_lkm_usb_ctrl_process(cpbdev, skb);
				break;
			case out_done:
			case in_other_cleanup:
				if(entry->urb) {
					//cp_lkm_usb_urb_cnt(-1);
					usb_free_urb (entry->urb);
				}
				dev_kfree_skb_any(skb);
				break;
			case unlink_start:
			default:
				//printk("!!other: unknown skb state: %d\n",entry->state);
				break;
		}

		if(time_after_eq(jiffies, time_limit)) {
			//ran out of time, process this one and then bail
			timed_out = true;
		}
	}

	if(can_restock) {
		cp_lkm_usb_rx_other_restock(cpbdev);
	}

	if(timed_out) {
		tasklet_schedule(&cpbdev->other_process_tasklet);
	}

	spin_lock_irqsave(&cpbdev->other_state_lock, flags);
	cpbdev->other_state = USB_PROCESS_STATE_IDLE;
	spin_unlock_irqrestore(&cpbdev->other_state_lock, flags);

	return ;
}

// Timer callback. This runs in soft interrupt context. 
// 
// The call to restock can blow chow (actually when it calls cp_lkm_schedule_data_process)
//   if an unlink or unplug happens while we are still in the call.
// 
// Unlink or plug can happen during this call on multi core platforms with kernel preemption enabled.
// This timer is scheduled if we ran into some unexpected USB error and want
//   to give the USB endpoint some time before trying to reschedule recv urbs on it.
// 
// The whole purpose of this function is to pump the system if it is otherwise idle. If 
// it isn't idle, we can count on those processes to call cp_lkm_schedule_rx_restock when done. 
static void cp_lkm_usb_delay_timer (unsigned long param)
{
	unsigned long flags;

	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)param;
	spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
	if(cpbdev->processing_state == USB_PROCESS_STATE_IDLE){
		cp_lkm_schedule_rx_restock(cpbdev,NULL);
	}
	spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);
}

#if 0
static void cp_lkm_usb_dbg_memleak_timer (unsigned long param)
{
	printk("+=+=+=+=+=!!!!mem: %d, urb: %d, skb: data: %d, other: %d, xmit: %d, ctrl: %d, unplug:%d, stck_cnt: %d, stck_chk: %d, unlink: %d\n",g_dbg_memalloc_cnt,g_dbg_urballoc_cnt,g_dbg_data_skballoc_cnt,g_dbg_other_skballoc_cnt,g_dbg_xmit_skballoc_cnt,g_dbg_ctrl_skballoc_cnt,g_dbg_unplug_cnt,g_stuck_cnt,g_stuck_chk,g_unlink_cnt);
	mod_timer(&dbg_memleak_timer, jiffies + msecs_to_jiffies(5000));
}
#endif


/*
 * We pause the transmit if there are too many urbs down at the usb layer. 
 * The Broadcom processor's USB block sometimes gets stuck meaning we will never 
 * unpause. This function is used to detect if we are paused because of a stuck and 
 * try to recover it. 
*/
static void cp_lkm_usb_stuck_check(struct cp_lkm_usb_base_dev* cpbdev, int action)
{
	//only broadcom has the stuck problem
	if (cp_lkm_is_broadcom == 0) {
		//printk("Not BRCM!!!!\n");
		return;
	}

	//TODO: it seems like this might work fine with clones. I don't think it hurts to be inited,
	//      started or stopped multiple times??
	//g_stuck_chk++;
	switch(action) {
	case CP_LKM_STUCK_INIT:
		cpbdev->usb_pause_stuck_timer.function = cp_lkm_usb_pause_stuck_timer;
		cpbdev->usb_pause_stuck_timer.data = (unsigned long)cpbdev;
		init_timer(&cpbdev->usb_pause_stuck_timer);
		break;
	case CP_LKM_STUCK_START:
		mod_timer(&cpbdev->usb_pause_stuck_timer, jiffies + msecs_to_jiffies(3000));
		cpbdev->tx_proc_cnt_at_pause = cpbdev->tx_proc_cnt;
		break;
	case CP_LKM_STUCK_STOP:
	case CP_LKM_STUCK_DEINIT:
		del_timer_sync(&cpbdev->usb_pause_stuck_timer);
		break;
	}
}

// Broadcom has a problem in the EHCI controller where if it gets a NAK on an out packet
// it occassionally doesn't update the status of the URB and retry it. This results in the endpoint getting stuck.
// If we detect that it is stuck (if the tx has been paused for more than 3 seconds) then we cancel the
// struck urb and this gets things going again. The cancelled urb results in a dropped packet which is undesirable,
// but preferrable to being stuck.
static void cp_lkm_usb_pause_stuck_timer (unsigned long param)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)param;
	struct skb_data *entry;
	struct sk_buff *skb;
	struct urb *urb = NULL;
	unsigned long flags;

	spin_lock_irqsave(&cpbdev->out_q.lock, flags);
	if (cpbdev->tx_paused) {
		// cancel stuck urb?
		skb = skb_peek(&cpbdev->out_q);
		if (skb) {
			entry = (struct skb_data *) skb->cb;
			if (entry) {
				if(cpbdev->tx_proc_cnt_at_pause == cpbdev->tx_proc_cnt){
					//printk("\n!!!!!!Canceling stuck URB, cnt at stuck: %d, cnt at unstick: %d!!!!!!!!!!!!!!!!!!!!!!!!!\n", cpbdev->tx_proc_cnt_at_pause, cpbdev->tx_proc_cnt);
					urb = entry->urb;
					usb_get_urb(urb);
				}
				//else{
					//some pkts were transmitted successfully while waiting, though not enough to unpause us.
					//this means the tx is not stuck, so don't need to cancel anything
					//printk("\n!!!!!!Restarting stuck URB timer, cnt at stuck: %d, cnt at unstick: %d!!!!!!!!!!!!!!!!!!!!!!!!!\n",cpbdev->tx_proc_cnt_at_pause, cpbdev->tx_proc_cnt);
				//}
				// restart just in case this doesn't unpause tx
				cp_lkm_usb_stuck_check(cpbdev, CP_LKM_STUCK_START);
				//g_stuck_cnt++;
			}
		}
	}
	spin_unlock_irqrestore(&cpbdev->out_q.lock, flags);
	if (urb) {
		//printk("\n!!!!!!Canceling stuck URB!!!!!!!!!!\n");
		//cpbdev->dbg_total_stuck_cnt++;
		usb_unlink_urb (urb);
		usb_put_urb(urb);
	}
}

#if 0
static void cp_lkm_usb_dbg_timer (unsigned long param)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev *)param;
	struct cp_lkm_usb_base_dev* cpbdev = cpdev->cpbdev;
	printk("!!!!cpdev: %p, clone: %d, id: 0x%x, q_cnt: %d, p: %d, stuck_cnt: %d, tx done: %d, ip_copies: %d!!!!!!!\n",cpdev, cpdev->clone_num,cpdev->mux_id,cpbdev->tx_usb_q_count,cpbdev->tx_paused, cpbdev->dbg_total_stuck_cnt, cpbdev->tx_proc_cnt,num_ip_copies);

	//printk("!!!!Stuck urb count: %d, total_pause: %d, cpdev: %p, is_brcm: %d!!!!!!!\n",cpdev->dbg_total_stuck_cnt,cpdev->dbg_total_pause,cpdev,cp_lkm_is_broadcom);
	//printk("!!!!!!!!!!!\n");
	#if 0
	int txa;
	int rxa;
	int drql;
	int dtql;
	//int ab;
	int tx,rx;
	int pkt_avg;
	//int epqc, in_q;

	cpdev->dbg_total_rx_qlen += cpdev->data_rx_done.qlen;
	cpdev->dbg_total_tx_qlen += cpdev->data_tx_done.qlen;

	//ab = cpdev->dbg_total_budget/(cpdev->dbg_total_d_done+1);
	txa = cpdev->dbg_total_tx_proc/(cpdev->dbg_total_d_done+1);
	rxa = cpdev->dbg_total_rx_proc/(cpdev->dbg_total_d_done+1);
	drql = cpdev->dbg_total_rx_qlen/(cpdev->dbg_total_d_done+1);
	dtql = cpdev->dbg_total_tx_qlen/(cpdev->dbg_total_d_done+1);
	//epqc = cpdev->in_eps[CP_LKM_DATA_INDEX].q_cnt;
	//in_q = cpdev->in_q.qlen;
	tx = cpdev->dbg_total_tx_irq;
	rx = cpdev->dbg_total_rx_irq;
	pkt_avg = (tx+rx)/5; 
	printk("tot: %d, tx: %d, rx: %d, pa: %d, dones: %d, p: %d\n", tx+rx, tx, rx, pkt_avg, cpdev->dbg_total_d_done, cpdev->dbg_total_pause);
	printk("resch: %d, d_c: %d, sch_n: %d, sch_t: %d, sch_wq: %d, sch_sk: %d, ds: %d\n", cpdev->dbg_total_d_resched, cpdev->dbg_total_d_comp, cpdev->dbg_total_napi_sched,cpdev->dbg_total_tasklet_sched, cpdev->dbg_total_wq_sched,cpdev->dbg_total_sch_sk, cpdev->data_state);
	printk("txa: %d, rxa: %d, to: %d, HZ:%d \n", txa , rxa, cpdev->dbg_total_timeout, HZ);
	printk("nrm_t: %d, blk_t: %d, nrm: %d, blk: %d, ntmrs: %d \n", cpdev->dbg_total_num_normal_t,cpdev->dbg_total_num_hybrid_t,cpdev->dbg_total_num_normal,cpdev->dbg_total_num_hybrid, cpdev->dbg_total_num_d_timers);
	printk("psd: %d, tuqc: %d, schd: %d, dql: %d, rql: %d, tql: %d, toq: %d\n",cpdev->tx_paused,cpdev->tx_usb_q_count,cpdev->scheduled,cpdev->data_q_len,cpdev->data_rx_done.qlen,cpdev->data_tx_done.qlen,cpdev->out_q.qlen);
	printk("txirq: %d, txprc: %d\n",cpdev->dbg_total_tx_irq, cpdev->dbg_total_tx_proc);

	//printk("ipqc: %d, in_q: %d\n", epqc, in_q);
	//printk("d0: %p,d1: %p,d2: %p,d3: %p,d4: %p\n", devs[0],devs[1],devs[2],devs[3],devs[4]);
	cpdev->dbg_total_d_done = cpdev->dbg_total_d_resched = cpdev->dbg_total_d_comp = 0;
	cpdev->dbg_total_pause = cpdev->dbg_total_max_work = cpdev->dbg_total_budget = 0;
	cpdev->dbg_total_tx_irq = cpdev->dbg_total_rx_irq = 0;
	cpdev->dbg_total_tx_proc = cpdev->dbg_total_rx_proc = 0;
	cpdev->dbg_total_rx_qlen =  cpdev->dbg_total_tx_qlen = 0;
	cpdev->dbg_total_napi_sched=cpdev->dbg_total_tasklet_sched=cpdev->dbg_total_wq_sched=0;
	cpdev->dbg_total_num_normal_t=cpdev->dbg_total_num_hybrid_t=cpdev->dbg_total_num_normal=cpdev->dbg_total_num_hybrid=cpdev->dbg_total_num_d_timers = 0;
	#endif

	mod_timer(&cpdev->dbg_timer, jiffies + msecs_to_jiffies(5000));

}
#endif


//Caller must have the data_q_lock before calling
static int cp_lkm_usb_have_data(struct cp_lkm_usb_base_dev *cpbdev)
{
	//return the amount of work to be done if it exceeds the threshold, else return 0
	if(cpbdev->data_rx_done.qlen >= cpbdev->rx_schedule_threshold || cpbdev->data_tx_done.qlen >= cpbdev->tx_schedule_threshold){
		return cpbdev->data_rx_done.qlen + cpbdev->data_tx_done.qlen;
	}
	return 0;
}


#if 1
static int cp_lkm_usb_process_data_done(struct cp_lkm_usb_base_dev *cpbdev, int budget)
{
	struct sk_buff  	*skb;
	struct skb_data 	*entry;
	struct cp_lkm_usb_dev* cpdev __attribute__((unused));
	unsigned long time_limit = jiffies + 3;
	int retval;
	int restock = 0;
	unsigned long flags;
	int rx_work_done = 0;
	int tx_work_done = 0;
	int work_done = 0;
	int can_restock = 1;
	int i;
	int loop;
	int num_proc;
	int actual_budget;
	int num_rx;
	int num_tx;
	struct sk_buff_head done_q;
	bool paused;

	skb_queue_head_init (&done_q);

	//cpdev->dbg_total_d_done++;
	//cpdev->dbg_total_budget += budget;
	//cpdev->dbg_total_rx_qlen += cpdev->data_rx_done.qlen;
	//cpdev->dbg_total_tx_qlen += cpdev->data_tx_done.qlen;

	// if the delay timer is running, we aren't supposed to send any more recv urbs to the usb layer.
	// if the device has detached, we need to finish processing done pkts, but don't resubmit any new urbs
	if (timer_pending(&cpbdev->rx_delay) || !cp_lkm_usb_is_base_attached(cpbdev)) {
		//printk("%s(), cpdev delaying or no longer attached\n", __FUNCTION__);
		can_restock = 0;
	}

	paused = cpbdev->tx_paused;

	actual_budget = CP_LKM_USB_NAPI_MAX_WORK;
	for(loop=0;loop<CP_LKM_USB_PROCESS_DIVISOR;loop++) {
		if(time_after_eq(jiffies, time_limit)) {
			//ran out of time, process this one and then bail
			work_done = budget;
			//cpdev->dbg_total_timeout++;
			break;
		}
		//keep restocking the q until we max out the budget or timeout or runout
		if(rx_work_done >= actual_budget || (paused && tx_work_done >= actual_budget)) {
			work_done = budget;
			break;
		}
		spin_lock_irqsave(&cpbdev->data_q_lock, flags);
		num_rx = cpbdev->data_rx_done.qlen;
		num_tx = cpbdev->data_tx_done.qlen;
		num_proc = max(num_rx,num_tx);
		num_proc = min(num_proc,actual_budget/CP_LKM_USB_PROCESS_DIVISOR); //grab 1/divisor of remaining budget each time
		// Note: A unit of work for the shim is either a lone tx, a lone rx or a combo of a rx and a tx.
		//       Here we calculate how much work to do on this poll. If there was work left over from last time
		//       finish processing it.
		for(i = 0; i < num_proc; i++) {
			skb = __skb_dequeue (&cpbdev->data_rx_done);
			if(skb){
				cpbdev->data_q_len--;
				__skb_queue_tail(&done_q, skb);
			}
			skb = __skb_dequeue (&cpbdev->data_tx_done);
			if(skb){
				cpbdev->data_q_len--;
				__skb_queue_tail(&done_q, skb);
			}
		}
		spin_unlock_irqrestore(&cpbdev->data_q_lock, flags);

		//nothing in the q, we are done
		if(done_q.qlen == 0) {
			break;
		}

		while((skb = __skb_dequeue(&done_q))){
			entry = (struct skb_data *) skb->cb;
			//cp_lkm_usb_cnts(entry->state,-1);
			switch (entry->state) {
				case in_data_done:
					//cpdev->dbg_total_rx_proc++;
					entry->bep->q_cnt--;
					restock++;
					rx_work_done++;
					work_done++;
					if(can_restock && restock == CP_LKM_USB_RESTOCK_MULTIPLE) {
						restock = 0;

						retval = cp_lkm_usb_submit_recv (cpbdev, entry->urb, GFP_ATOMIC, entry->bep, true);
						if (retval < 0) {
							//printk("%s(), can't resubmit\n", __FUNCTION__);
							//cp_lkm_usb_urb_cnt(-1);
							usb_free_urb (entry->urb);
							can_restock = 0;
						}
					}
					else{
						//cp_lkm_usb_urb_cnt(-1);
						usb_free_urb (entry->urb);
					}
					cp_lkm_usb_data_recv_process(cpbdev, skb);
					break;
				case out_done:
					work_done++;
					tx_work_done++;
					//fall through on purpose
				case in_data_cleanup:
					if(entry->urb) {
						//cp_lkm_usb_urb_cnt(-1);
						usb_free_urb (entry->urb);
					}
					dev_kfree_skb_any(skb);
					break;
	   
				case unlink_start:
				default:
					//printk("!!data: unknown skb state: %d\n",entry->state);
					break;
			}
		}
	}

	//restock recv urbs to usb layer if we processed any
	if(can_restock) {
		cp_lkm_usb_rx_data_restock(cpbdev);
	}

	//see if we need to resume the tx side
	if(tx_work_done) {
		spin_lock_irqsave (&cpbdev->out_q.lock, flags);
		cpbdev->tx_proc_cnt += tx_work_done;

		if(tx_work_done > cpbdev->tx_usb_q_count) {
			cpbdev->tx_usb_q_count = 0;
		}
		else{
			cpbdev->tx_usb_q_count -= tx_work_done;
		}
		if(cpbdev->tx_usb_q_count <= cpbdev->tx_resume_threshold) {
			if(cpbdev->tx_paused){
				//unpause all cpdevs
				cp_lkm_usb_dev_pause(cpbdev, false);
				// cancel usb_pause_stuck_timer
				cp_lkm_usb_stuck_check(cpbdev, CP_LKM_STUCK_STOP);
			}

		}
		spin_unlock_irqrestore (&cpbdev->out_q.lock, flags);
	}

	//if(work_done > cpdev->dbg_total_max_work){
	//	cpdev->dbg_total_max_work = work_done;
	//}

	//can't return greater than the passed in budget
	if(work_done > budget) {
		work_done = budget;
	}

	return work_done; 
	//return 1;
}
#endif

static int cp_lkm_usb_common_process_data_done(struct cp_lkm_usb_base_dev* cpbdev, int budget)
{
	unsigned long flags;
	int work_done = -1;
	bool rescheduled;
	bool ran_data_done = false;
	if(NULL == cpbdev) {
		//printk("%s() !!!!!!!!!!!!!!!!no ctxt\n", __FUNCTION__);
		return work_done;
	}

	spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
	if(cpbdev->processing_state == USB_PROCESS_STATE_IDLE){
		cpbdev->processing_state = USB_PROCESS_STATE_ACTIVE;
		spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);
		work_done = cp_lkm_usb_process_data_done(cpbdev, budget);
		spin_lock_irqsave(&cpbdev->processing_state_lock, flags);
		ran_data_done = true;
		cpbdev->processing_state = USB_PROCESS_STATE_IDLE;
	}
	spin_unlock_irqrestore(&cpbdev->processing_state_lock, flags);
	if (ran_data_done) {
		rescheduled = cp_lkm_schedule_data_process(cpbdev,true,true,false);
		if (rescheduled) {
			work_done = budget;
			//cpdev->dbg_total_d_resched++;
		}
		else if(work_done){
			work_done--;
			//cpdev->dbg_total_d_comp++;
		}
	}
	else{
		//cpdev->dbg_total_sch_sk++;
	}
	return work_done;
}


static void cp_lkm_usb_process_data_done_tasklet (unsigned long param)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)param;

	cp_lkm_usb_common_process_data_done(cpbdev, CP_LKM_PM_NAPI_WEIGHT);
}


static void cp_lkm_usb_rx_data_restock (struct cp_lkm_usb_base_dev* cpbdev)
{
	//struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev *)param;
	//int cur_token;
	struct urb  *urb;
	//int     ep_index;
	int q_len;
	struct cp_lkm_base_ep* bep;
	int retval;
	int q_cnt;

	// timer_pending means we had an error and are waiting for a recovery period before submitting any more rx urbs
	if (timer_pending(&cpbdev->rx_delay)) {
		return;
	}

	// restock the recv queues on any ep's that are listening 
	bep = cp_lkm_usb_get_bep(cpbdev, cpbdev->data_in_bep_num);
	if(!(bep->con_flags & CP_LKM_USB_LISTEN) && !(bep->con_flags & CP_LKM_USB_RECV)) {
		return;
	}
	if(test_bit (EVENT_RX_HALT, &bep->err_flags)){
		return;
	}

	if(bep->con_flags & CP_LKM_USB_RECV) {
		//only post 1 for recv's
		q_len = 1;
	}
	else{
		//its a listen
		q_len = CP_LKM_USB_MAX_RX_QLEN;
	}

	// Try to q up to q_len recv buffs with usb. We may not be able to get to that amount if
	// there is a problem with usb, so only try up to q_len times to insert them.
	retval = 0;
	q_cnt = bep->q_cnt;

	while(q_cnt < q_len) {
		urb = usb_alloc_urb (0, GFP_ATOMIC);
		if (!urb) {
			if (q_cnt == 0) {
				cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_MEMORY);
			}
			break;
		}
		//cp_lkm_usb_urb_cnt(1);
		retval = cp_lkm_usb_submit_recv (cpbdev, urb, GFP_ATOMIC, bep, true);
		if (retval < 0) {
			//cp_lkm_usb_urb_cnt(-1);
			usb_free_urb (urb);
			break;
		}
		q_cnt++;
	}
}

static void cp_lkm_usb_rx_other_restock (struct cp_lkm_usb_base_dev* cpbdev)
{
	struct urb  *urb;
	int q_len;
	struct cp_lkm_base_ep* bep;
	int retval;
	int q_cnt;
	struct list_head *entry, *nxt;

	// timer_pending means we had an error and are waiting for a recovery period before submitting any more rx urbs
	if (timer_pending(&cpbdev->rx_delay)) {
		return;
	}

	// restock the recv queues on any ep's that are listening 
	list_for_each_safe(entry, nxt, &cpbdev->in_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		if(!(bep->con_flags & CP_LKM_USB_LISTEN) && !(bep->con_flags & CP_LKM_USB_RECV)) {
			continue;
		}
		if(test_bit (EVENT_RX_HALT, &bep->err_flags)){
			continue;
		}
		if(bep->ep_num == cpbdev->data_in_bep_num) {
			continue;
		}

		if(bep->con_flags & CP_LKM_USB_RECV) {
			//only post 1 for recv's
			q_len = 1;
		}
		else{
			//its a listen
			q_len = CP_LKM_USB_MAX_OTHER_QLEN;
		}

		// Try to q up to q_len recv buffs with usb. We may not be able to get to that amount if
		// there is a problem with usb, so only try up to q_len times to insert them.
		retval = 0;
		q_cnt = bep->q_cnt;

		while(q_cnt < q_len) {
			urb = usb_alloc_urb (0, GFP_ATOMIC);
			if (!urb) {
				if (q_cnt == 0) {
					cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_MEMORY);
				}
				break;
			}
			//cp_lkm_usb_urb_cnt(1);
			retval = cp_lkm_usb_submit_recv (cpbdev, urb, GFP_ATOMIC, bep, false);
			if (retval < 0) {
				//cp_lkm_usb_urb_cnt(-1);
				usb_free_urb (urb);
				break;
			}
			q_cnt++;
		}
	}
}

//unlink all urbs with the given ep, or all if ep is NULL
static int cp_lkm_usb_unlink_urbs (struct cp_lkm_usb_base_dev *cpbdev, struct sk_buff_head *q, struct cp_lkm_base_ep* bep)
{
	unsigned long   	flags;
	struct sk_buff  	*skb;
	int 		count = 0;

	spin_lock_irqsave (&q->lock, flags);
	while (!skb_queue_empty(q)) {
		struct skb_data 	*entry;
		struct urb  	*urb;
		int 		retval;

		skb_queue_walk(q, skb) {
			entry = (struct skb_data *) skb->cb;
			urb = entry->urb;
			if(urb && (entry->state != unlink_start) && (entry->bep == bep || bep == NULL)) {
				goto found;
			}
		}
		break;
found:
		entry->state = unlink_start;

		/*
		 * Get reference count of the URB to avoid it to be
		 * freed during usb_unlink_urb, which may trigger
		 * use-after-free problem inside usb_unlink_urb since
		 * usb_unlink_urb is always racing with .complete
		 * handler(include defer_bh).
		 */
		usb_get_urb(urb);
		spin_unlock_irqrestore(&q->lock, flags);
		// during some PM-driven resume scenarios,
		// these (async) unlinks complete immediately
		//usb_kill_urb(urb);
		retval = usb_unlink_urb (urb);
		//g_unlink_cnt++;
		if (retval != -EINPROGRESS && retval != 0){
			//netdev_dbg(dev->net, "unlink urb err, %d\n", retval);
		} else{
			count++;
		}
		usb_put_urb(urb);
		spin_lock_irqsave(&q->lock, flags);
	}
	spin_unlock_irqrestore (&q->lock, flags);
	return count;
}


static void cp_lkm_usb_defer_kevent (struct cp_lkm_usb_base_dev* cpbdev, struct cp_lkm_base_ep* bep, int work)
{
	set_bit (work, &bep->err_flags);
	if (!schedule_work (&cpbdev->kevent)) {
		//deverr (dev, "kevent %d may have been dropped", work);
	} else {
		//devdbg (dev, "kevent %d scheduled", work);
	}
}

// Workqueue callback function. This runs in thread context
static void cp_lkm_usb_kevent (struct work_struct *work)
{
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)container_of(work, struct cp_lkm_usb_base_dev, kevent);
	int status;
	struct cp_lkm_base_ep* bep;
	struct list_head *entry, *nxt;


	//grab global lock while testing dev state so it can't change on us.
	spin_lock(&cp_lkm_usb_mgr.lock);
	if(!cp_lkm_usb_is_base_attached(cpbdev)){
		spin_unlock(&cp_lkm_usb_mgr.lock);
		return;
	}

	//don't want to hold global lock while doing this since don't know how long this will take, see next note
	spin_unlock(&cp_lkm_usb_mgr.lock);


	//NOTE: if kernel preemption is enabled and the disconnect gets called right here, bad things could happen if the cpdev->udev
	//  	is released. Fortunately, cp_lkm_usb_disconnect() calls cancel_work_sync() before releasing it. This will either cancel this
	//  	function if it isn't currently running, or will wait until it exits before returning if it is running. This protects us.
	
	list_for_each_safe(entry, nxt, &cpbdev->out_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		/* usb_clear_halt() needs a thread context */
		if (test_bit (EVENT_TX_HALT, &bep->err_flags)) {
			cp_lkm_usb_unlink_urbs (cpbdev, &cpbdev->out_q, bep);
			status = usb_clear_halt (cpbdev->udev, bep->pipe);
			DEBUG_TRACE("%s() EVENT_TX_HALT status:%d", __FUNCTION__, status);
			if (status < 0 && status != -EPIPE && status != -ESHUTDOWN) {
				//if (netif_msg_tx_err (dev))
				//  deverr (dev, "can't clear tx halt, status %d",
				DEBUG_TRACE("%s() failed EVENT_TX_HALT status:%d", __FUNCTION__, status);
				//  	status);
			} else {
				clear_bit (EVENT_TX_HALT, &bep->err_flags);
				//if (status != -ESHUTDOWN)
				//  netif_wake_queue (dev->net);
			}
		}
	}

	list_for_each_safe(entry, nxt, &cpbdev->in_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		if (test_bit (EVENT_RX_HALT, &bep->err_flags)) {
			cp_lkm_usb_unlink_urbs (cpbdev, &cpbdev->in_q, bep);
			status = usb_clear_halt (cpbdev->udev, bep->pipe);
			DEBUG_TRACE("%s() EVENT_RX_HALT status:%d", __FUNCTION__, status);
			if (status < 0 && status != -EPIPE && status != -ESHUTDOWN) {
				DEBUG_TRACE("%s() failed EVENT_RX_HALT status:%d", __FUNCTION__, status);
				//if (netif_msg_rx_err (dev))
				//  deverr (dev, "can't clear rx halt, status %d",
				//  	status);
			} else {
				clear_bit (EVENT_RX_HALT, &bep->err_flags);
				//grab global lock so link/unlink or unplug can't mess up the restock shedule pointers mid scheduling
				spin_lock(&cp_lkm_usb_mgr.lock);
				if (cp_lkm_usb_is_base_attached(cpbdev)){
					cp_lkm_schedule_rx_restock(cpbdev,bep);
				}
				spin_unlock(&cp_lkm_usb_mgr.lock);

			}
		}
	}
	/* tasklet could resubmit itself forever if memory is tight */
	list_for_each_safe(entry, nxt, &cpbdev->in_bep_list) {
		bep = list_entry(entry, struct cp_lkm_base_ep, list);
		if (test_bit (EVENT_RX_MEMORY, &bep->err_flags)) {
			DEBUG_TRACE("%s() EVENT_RX_MEMORY", __FUNCTION__);
	
			clear_bit (EVENT_RX_MEMORY, &bep->err_flags);

			//grab global lock so link/unlink or unplug can't mess up the restock shedule pointers mid scheduling
			spin_lock(&cp_lkm_usb_mgr.lock);
			if (cp_lkm_usb_is_base_attached(cpbdev) && bep->q_cnt == 0){
				cp_lkm_schedule_rx_restock(cpbdev,bep);

			}
			spin_unlock(&cp_lkm_usb_mgr.lock);
		}
	}
	//if (test_bit (EVENT_LINK_RESET, &cpdev->flags)) {
	//  struct driver_info  *info = dev->driver_info;
	//  int 		retval = 0;
	//
	//  clear_bit (EVENT_LINK_RESET, &dev->flags);
	//  if(info->link_reset && (retval = info->link_reset(dev)) < 0) {
	//  	devinfo(dev, "link reset failed (%d) usbnet usb-%s-%s, %s",
	//  		retval,
	//  		dev->udev->bus->bus_name, dev->udev->devpath,
	//  		info->description);
	//  }
	//}

	//if (dev->flags)
	//  devdbg (dev, "kevent done, flags = 0x%lx",
	//  	dev->flags);
}

static void cp_lkm_usb_ctrl_complete(struct urb *urb)
{	
	unsigned long flags;
	struct sk_buff  	*skb = (struct sk_buff *) urb->context;
	struct skb_data 	*entry = (struct skb_data *) skb->cb;
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)entry->cpbdev;
	
	//remove skb from the list first thing so no other code conext looking at the
	//list (such as unlink_urbs) can mess with it. 
	spin_lock_irqsave(&cpbdev->ctrlq.lock, flags);
	__skb_unlink(skb, &cpbdev->ctrlq);
	spin_unlock_irqrestore(&cpbdev->ctrlq.lock,flags);

	skb->len = urb->actual_length;

	//skip status and error checking if the device has unplugged
	if(!cp_lkm_usb_is_base_attached(cpbdev)) {
		urb->status = -ENODEV;
		goto ctrl_done;
	}

	if (urb->status != 0) {
		switch (urb->status) {
			case -EPIPE:
				break;

				/* software-driven interface shutdown */
			case -ECONNRESET:   	// async unlink
			case -ESHUTDOWN:		// hardware gone
				break;

			case -ENODEV:
				//printk("ctrl fail, no dev\n");
				break;

			case -EPROTO:
			case -ETIME:
			case -EILSEQ:
				//CA: decided not to throttle on ctrl channel transfers since they are a different beast
				//if (!timer_pending (&cpdev->rx_delay)) {
				//    mod_timer (&cpdev->rx_delay, jiffies + THROTTLE_JIFFIES);
					//if (netif_msg_link (dev))
					//  devdbg (dev, "tx throttle %d",
					//  		urb->status);
				//}
				//netif_stop_queue (dev->net);
				break;
			default:
				//if (netif_msg_tx_err (dev))
				//  devdbg (dev, "tx err %d", entry->urb->status);
				break;
		}
	}

ctrl_done:
	urb->dev = NULL;
	entry->state = ctrl_done;
	entry->status = urb->status;
	entry->urb = NULL;
	if(urb->setup_packet) {
		kfree(urb->setup_packet);
	}
	//cp_lkm_usb_urb_cnt(-1);
	usb_free_urb (urb);
	cp_lkm_usb_done_and_defer_other(cpbdev, skb);
}


static int cp_lkm_usb_start_ctrl_xmit(void *ctx, struct sk_buff *skb_in)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev *)ctx;
	struct cp_lkm_usb_base_dev* cpbdev;
	int retval = NET_XMIT_SUCCESS;
	struct urb *urb = NULL;
	struct skb_data *entry;
	unsigned long flags;
	int pipe;
	u8* tmp8;
	u16* tmp16;
	struct usb_ctrlrequest *req = NULL;
	
	if(NULL == cpdev || !cp_lkm_usb_is_attached(cpdev) || !cp_lkm_usb_is_base_attached(cpdev->cpbdev)) {
		//printk("%s() no ctxt\n", __FUNCTION__);
		goto ctrl_done;
	}

	cpbdev = cpdev->cpbdev;

	DEBUG_TRACE("%s()", __FUNCTION__);

	if ((urb = usb_alloc_urb(0, GFP_ATOMIC)) == NULL) {
		retval = -ENOMEM;
		goto ctrl_done;
	}
	//cp_lkm_usb_urb_cnt(1);

	if ((req = kmalloc(sizeof(struct usb_ctrlrequest), GFP_ATOMIC)) == NULL) {
		//cp_lkm_usb_urb_cnt(-1);
		usb_free_urb(urb);
		retval = -ENOMEM;
		goto ctrl_done;
	}

	//The upper layer driver put all the ctrl stuff at the end of the buffer (in correct le order)
	//This layer puts it in a separate buffer
	tmp8 = (u8*)skb_in->data;
	req->bRequestType = *tmp8;
	skb_pull(skb_in, 1);

	tmp8 = (u8*)skb_in->data;
	req->bRequest = *tmp8;
	skb_pull(skb_in, 1);

	tmp16 = (u16*)skb_in->data;
	req->wValue = *tmp16;
	skb_pull(skb_in, 2);

	tmp16 = (u16*)skb_in->data;
	req->wIndex = *tmp16;
	skb_pull(skb_in, 2);

	tmp16 = (u16*)skb_in->data;
	req->wLength = *tmp16;
	skb_pull(skb_in, 2);
	//printk("%s() RT:%x, R:%x, V:%x, I:%x, L:%x\n", __FUNCTION__, req->bRequestType, req->bRequest, req->wValue, req->wIndex, req->wLength);

	entry = (struct skb_data *) skb_in->cb;
	entry->urb = urb;
	entry->cpbdev = cpbdev;
	entry->state = ctrl_start;
	entry->status = 0;
	entry->bep = NULL;
	entry->unique_id = cpdev->unique_id;

	if(req->bRequestType & USB_DIR_IN) {
		DEBUG_TRACE("%s() ctrl in len: %d", __FUNCTION__,skb_in->len);
		pipe = usb_rcvctrlpipe(cpbdev->udev, 0);
	}
	else{
		DEBUG_TRACE("%s() ctrl out len: %d", __FUNCTION__,skb_in->len);
		pipe = usb_sndctrlpipe(cpbdev->udev, 0);
	}

	usb_fill_control_urb(urb, cpbdev->udev, pipe,
				 (void *)req, skb_in->data, skb_in->len,
				 cp_lkm_usb_ctrl_complete, skb_in);

	//cp_lkm_usb_cnts(ctrl_start,1);
	spin_lock_irqsave (&cpbdev->ctrlq.lock, flags);
	retval = usb_submit_urb (urb, GFP_ATOMIC);
	switch (retval) {
		case 0:
			//net->trans_start = jiffies;
			//success: queue it
			__skb_queue_tail (&cpbdev->ctrlq, skb_in);
			skb_in = NULL;
			urb = NULL;
			req = NULL;
			break;
		case -ENODEV:
			break;
		case -EPROTO:
		case -EPIPE:
			break;
		default:
			break;
	}
	spin_unlock_irqrestore (&cpbdev->ctrlq.lock, flags);

ctrl_done:
	if(req) {
		kfree(req);
	}
	if(urb) {
		//cp_lkm_usb_urb_cnt(-1);
		usb_free_urb(urb);
	}
	if(skb_in) {
		//cp_lkm_usb_cnts(ctrl_start,-1);
		dev_kfree_skb_any (skb_in);
	}

	DEBUG_TRACE("%s() retval %d", __FUNCTION__, retval);

	return retval;
}


#define THROTTLE_JIFFIES	(HZ/8)
/* 
 * This function runs in a hw interrupt context. Do not put any DEBUG_XX print messages in here. 
*/ 
static void cp_lkm_usb_xmit_complete (struct urb *urb)
{
	unsigned long flags;
	struct sk_buff *skb = (struct sk_buff *) urb->context;
	struct skb_data *entry = (struct skb_data *) skb->cb;
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)entry->cpbdev;
	struct cp_lkm_base_ep* bep = (struct cp_lkm_base_ep*)entry->bep;
	bool is_data = false;
	struct cp_lkm_usb_dev* cpdev;

	//remove skb from the list first thing so no other code context looking at the
	//list (such as unlink_urbs) can mess with it. 
	spin_lock_irqsave(&cpbdev->out_q.lock,flags);
	__skb_unlink(skb, &cpbdev->out_q);
	spin_unlock_irqrestore(&cpbdev->out_q.lock,flags);

	bep->q_cnt--;

	if(bep->ep_num == cpbdev->data_out_bep_num) {
		is_data = true;
	}

	// we save mux id of the cpdev that sent each tx pckt. 
	cpdev = cp_lkm_usb_find_dev(entry->unique_id);

	//skip status and error checking if the device has unplugged
	if(!cp_lkm_usb_is_base_attached(cpbdev)) {
		goto xmit_done;
	}

	if (urb->status != 0) {
		UPDATE_STATS(cpdev->edi->pm_stats64_ctx, tx_errors, 1);
		switch (urb->status) {
			case -EPIPE:
				//don't have to clear halts on ctrl ep
				if (bep->ep_num != 0) {
					cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_TX_HALT);
				}
				break;

				/* software-driven interface shutdown */
			case -ECONNRESET:   	// async unlink
			case -ESHUTDOWN:		// hardware gone
				break;

			case -ENODEV:
				break;

				// like rx, tx gets controller i/o faults during khubd delays
				// and so it uses the same throttling mechanism.
			case -EPROTO:
			case -ETIME:
			case -EILSEQ:
				if (!timer_pending (&cpbdev->rx_delay)) {
					mod_timer (&cpbdev->rx_delay, jiffies + THROTTLE_JIFFIES);
					//if (netif_msg_link (dev))
					//  devdbg (dev, "tx throttle %d",
					//  		urb->status);
				}
				//netif_stop_queue (dev->net);
				break;
			default:
				//if (netif_msg_tx_err (dev))
				//  devdbg (dev, "tx err %d", entry->urb->status);
				break;
		}
	}

xmit_done:
	entry->state = out_done;

	if(is_data) {
		//cpdev->dbg_total_tx_irq++;
		cp_lkm_usb_done_and_defer_data(cpbdev, skb, DATA_SRC_TX);
	}
	else{
		cp_lkm_usb_done_and_defer_other(cpbdev, skb);
	}
}

static int cp_lkm_usb_start_xmit_common(void *ctx, struct sk_buff *skb_in, int src, struct cp_lkm_ep* ep)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev *)ctx;
	struct cp_lkm_usb_base_dev* cpbdev;
	struct cp_lkm_base_ep* bep;
	int length;
	int retval = NET_XMIT_SUCCESS;
	struct urb *urb = NULL;
	struct skb_data *entry;
	unsigned long flags;
	struct sk_buff* skb_out = NULL;
	int wres;

	if(NULL == cpdev || !cp_lkm_usb_is_attached(cpdev) || !cp_lkm_usb_is_base_attached(cpdev->cpbdev)) {
		//printk("%s() no ctxt\n", __FUNCTION__);
		dev_kfree_skb_any(skb_in);
		return -1;
	}

	cpbdev = cpdev->cpbdev;
	
	//the network doesn't have a pointer to the ep readily available so he passes in NULL for ep so we can
	//fetch the well known ep for the data out ep
	length = 0;
	if(src == CP_LKM_WRAPPER_SRC_DATA && ep == NULL){
		ep = cp_lkm_usb_get_ep(cpdev,cpdev->data_out_ep_num);
		length = skb_in->len;
	}
	bep = ep->bep;

	while(1) {
		skb_out = NULL;
		urb = NULL;
		retval = NET_XMIT_SUCCESS;

		//DEBUG_ERROR("%s() wrap it skb_in:%p", __FUNCTION__, skb_in);

		//only use wrappers on the data endpoint
		if(ep->ep_num == cpdev->data_out_ep_num) {
			//DEBUG_ERROR("%s() wrap it", __FUNCTION__);
			//spin_lock_irqsave (&cp_lkm_usb_mgr.lock, flags);
			wres = cp_lkm_wrapper_send(cpbdev->wrapper_ctxt, src, cpdev->mux_id, skb_in, &skb_out); 
			skb_in = NULL; //we no longer own skb so null its pointer for future call if we loop
			//spin_unlock_irqrestore (&cp_lkm_usb_mgr.lock, flags);
			if (wres == CP_LKM_WRAPPER_RES_ERROR) {
				DEBUG_ERROR("%s() wrapper error wres:0x%x, skb_out:%p", __FUNCTION__, wres, skb_out);
				UPDATE_STATS(cpdev->edi->pm_stats64_ctx, tx_dropped, 1);
				retval = -ENOMEM;
				goto xmit_done;
			}
		}
		else{
			//Not a data ep, send the skb and then we are done
			skb_out = skb_in;
			skb_in = NULL;
			wres = CP_LKM_WRAPPER_RES_DONE;
		}
	
		//If we get here, send returned either done or again. skb_out can be NULL if there is nothing to
		//send, so check that first
		if(NULL == skb_out) {
//  		  DEBUG_INFO("%s() no wrapped data", __FUNCTION__);
			goto xmit_done;
		}
   
		if(cp_lkm_is_broadcom && ((uintptr_t)(skb_out->data) & 0x3)) {
			//broadcom unaligned packets that are multiples of 512 plus 3,4 or 5 bytes (515,516,517,1027,1028,1029,etc)
			//are corrupted for some reason, so need to copy into an aligned buffer
			int r = skb_out->len & 0x000001FF; //poor man's mod
			if (r >= 3 && r <= 5) {
				struct sk_buff* skb_new = skb_copy_expand(skb_out, 0, 0, GFP_ATOMIC);
				if(!skb_new) {
					retval = -ENOMEM;
					goto xmit_done;
				}
				//printk("%s() unaligned: %p, aligned: %p, len: %d, r: %d\n",__FUNCTION__,skb_out->data, skb_new->data, skb_out->len, r);
				dev_kfree_skb_any(skb_out);
				skb_out=skb_new;
			}
		}

		if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
			//if (netif_msg_tx_err (dev))
			//  devdbg (dev, "no urb");
			DEBUG_ERROR("%s() urb alloc failed", __FUNCTION__);
			UPDATE_STATS(cpdev->edi->pm_stats64_ctx, tx_dropped, 1);
			retval = -ENOMEM;
			goto xmit_done;
		}
		//cp_lkm_usb_urb_cnt(1);
		entry = (struct skb_data *) skb_out->cb; 
		entry->urb = urb;
		entry->cpbdev = cpbdev;
		entry->bep = bep;
		entry->state = out_start;
		entry->unique_id = cpdev->unique_id;
		//cp_lkm_usb_cnts(out_start,1);
	
		if(bep->type == UE_BULK) {
			usb_fill_bulk_urb (urb, cpbdev->udev, bep->pipe, skb_out->data, 
							   skb_out->len, cp_lkm_usb_xmit_complete, skb_out);
		}
		else{
			usb_fill_int_urb (urb, cpbdev->udev, bep->pipe, skb_out->data, skb_out->len, 
							  cp_lkm_usb_xmit_complete, skb_out, bep->interval);
		}

		if (!(cpbdev->feature_flags & CP_LKM_FEATURE_NO_ZERO_PACKETS)) {
			urb->transfer_flags |= URB_ZERO_PACKET;
		}
		
	//    DEBUG_INFO("%s()", __FUNCTION__);
	//    DEBUG_INFO("%s() send to ep: 0x%x type:%d, pipe:0x%x", __FUNCTION__, ep->ep_num, ep->type, ep->pipe);
	
		spin_lock_irqsave (&cpbdev->out_q.lock, flags);
		retval = usb_submit_urb (urb, GFP_ATOMIC);
		switch (retval) {
			case 0:
				//net->trans_start = jiffies;
				//success: queue it
				__skb_queue_tail (&cpbdev->out_q, skb_out);
				bep->q_cnt++;
				skb_out = NULL;
				urb = NULL;
				if(ep->ep_num == cpdev->data_out_ep_num) {
					cpbdev->tx_usb_q_count++;
					if(cpbdev->tx_usb_q_count >= CP_LKM_USB_TX_PAUSE_Q_PKTS){
						if(!cpbdev->tx_paused) {
							//pause all cpdevs
							cp_lkm_usb_dev_pause(cpbdev, true);
							cp_lkm_usb_stuck_check(cpbdev, CP_LKM_STUCK_START);
						}
					}
				}
				break;
			case -EPIPE:
				UPDATE_STATS(cpdev->edi->pm_stats64_ctx, tx_errors, 1);
				//don't clear halts on ctrl ep
				if(ep->ep_num != 0) {
					cp_lkm_usb_defer_kevent(cpbdev, bep, EVENT_TX_HALT);
				}
				break;
			case -ENODEV:
				break;
			case -EPROTO:
			default:
				//if (netif_msg_tx_err (dev))
				UPDATE_STATS(cpdev->edi->pm_stats64_ctx, tx_errors, 1);
				//  devdbg (dev, "tx: submit urb err %d", retval);
				break;
		}
		spin_unlock_irqrestore (&cpbdev->out_q.lock, flags);

xmit_done:
		if (retval) {
			DEBUG_TRACE("%s() failed to send: %d", __FUNCTION__, retval);
			//cp_lkm_usb_cnts(out_start,-1);
		}

		//if these are non null then they weren't sent so free them
		if (skb_out){
			dev_kfree_skb_any (skb_out);
		}
		if(urb) {
			//cp_lkm_usb_urb_cnt(-1);
			usb_free_urb (urb);
		}

		//Bail out of while loop unless the wrapper asked to be called again
		if(wres != CP_LKM_WRAPPER_RES_AGAIN) {
			break; 
		}

		length = 0;

	}
	return retval;
}

static int cp_lkm_usb_start_xmit (void *ctx, struct sk_buff *skb)
{
	struct cp_lkm_usb_dev* cpdev = (struct cp_lkm_usb_dev *)ctx;
	struct cp_lkm_usb_base_dev* cpbdev;
	int res;

	if(NULL == cpdev){
		DEBUG_TRACE("%s() no ctxt", __FUNCTION__);
		dev_kfree_skb_any(skb);
		return -1;
	}
	cpbdev = cpdev->cpbdev;
	if(cpbdev->tx_paused || CP_LKM_USB_ACTIVE != cpdev->state) {
		DEBUG_TRACE("%s() no ctxt", __FUNCTION__);
		dev_kfree_skb_any(skb);
		return -1;
	}
	res = cp_lkm_usb_start_xmit_common(ctx, skb, CP_LKM_WRAPPER_SRC_DATA, NULL);
	return res;
}

static int cp_lkm_usb_to_cplkm_status(int usb_status)
{
	int cplkm_status;
	switch(usb_status) {
		case 0:
			cplkm_status = CP_LKM_STATUS_OK;
			break;
		default:
			//printk("usb err: %d\n", usb_status);
			cplkm_status = CP_LKM_STATUS_ERROR;
			break;
	}
	return cplkm_status;
}

static void cp_lkm_usb_other_recv_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb_in)
{
	struct skb_data *entry;
	struct cp_lkm_msg_hdr hdr;
	int status;
	struct cp_lkm_base_ep* bep;
	struct cp_lkm_usb_dev* cpdev = NULL;
	struct list_head *tmp, *nxt;
	struct cp_lkm_ep *ep;

	if(!cp_lkm_usb_is_base_attached(cpbdev)){
		//printk("%s(), cpbdev: %p not attached. state: %d\n",__FUNCTION__,cpbdev,cpbdev->base_state);
		dev_kfree_skb_any (skb_in);
		return;
	}
	entry = (struct skb_data *)skb_in->cb;
	bep = entry->bep;

	//Note: pkts on non-data endpoints when running with clones present a problem because there are no headers on these
	//      pkts to tell us which clone ep to send this to. Fortunately, the modem stack serializes clone instances so
	//      only one can be accessing the non-data endpoints at a time. In order to get any responses from the module
	//      over their endpoint, they must be either listening or have posted a recv.  We use this fact to find the
	//      ep we need to send the recv back on.
	list_for_each_safe(tmp, nxt, &bep->eps) {
		ep = list_entry(tmp, struct cp_lkm_ep, list_bep);
		if (ep->con_flags & (CP_LKM_USB_LISTEN | CP_LKM_USB_RECV)) {
			cpdev = ep->cpdev;
			if (ep->con_flags & CP_LKM_USB_RECV) {
				//can only have one recv pending on non-data endpoints for a given ep number.
				//therefor when the clone is done, the base is done
				ep->con_flags &= ~CP_LKM_USB_RECV;  
				bep->con_flags &= ~CP_LKM_USB_RECV;			
			}
			//printk("%s(), other data cpdev: %p, ep: %p, num: 0x%x, flags: 0x%x\n",__FUNCTION__,cpdev,ep, ep->ep_num,ep->con_flags);
			break;
		}
	}

	if (!cpdev) {
		//printk("%s() no cpdev unexpectedly for unique_id: %d",__FUNCTION__, entry->unique_id);
		dev_kfree_skb_any (skb_in);
		return;
	}

	status = cp_lkm_usb_to_cplkm_status(entry->status);
	//printk("%s() other data uid: %d, ep_num:0x%x, status:%d, len: %d\n", __FUNCTION__, cpdev->unique_id,bep->ep_num, entry->status, skb_in->len);

	memset(&hdr,0,sizeof(hdr));
	hdr.instance_id = cpdev->unique_id;
	hdr.cmd = CP_LKM_USB_CMD_DATA_RECV;
	hdr.status = status;
	hdr.len = skb_in?skb_in->len:0;
	hdr.arg1 = bep->ep_num;
	cp_lkm_post_message(&cp_lkm_usb_mgr.common, &hdr, skb_in); 

	return;
}


static void cp_lkm_usb_ctrl_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb_in)
{
	struct skb_data *entry;
	struct cp_lkm_msg_hdr hdr;
	int status;
	static struct cp_lkm_usb_dev* cpdev = NULL;

	DEBUG_TRACE("%s()", __FUNCTION__);
	if(!cp_lkm_usb_is_base_attached(cpbdev)){
		dev_kfree_skb_any (skb_in);
		return;
	}

	entry = (struct skb_data *)skb_in->cb;
	cpdev = cp_lkm_usb_find_dev(entry->unique_id);
	if (!cpdev) {
		//printk("%s() no cpdev unexpectedly for unique_id: %d",__FUNCTION__, entry->unique_id);
		dev_kfree_skb_any (skb_in);
		return;
	}

	status = cp_lkm_usb_to_cplkm_status(entry->status);
	memset(&hdr,0,sizeof(hdr));
	hdr.instance_id = cpdev->unique_id;
	hdr.cmd = CP_LKM_USB_CMD_CTRL_RECV;
	hdr.status = status;
	hdr.len = skb_in?skb_in->len:0;
	hdr.arg1 = 0;  //ctrl channel ep is always 0

	cp_lkm_post_message(&cp_lkm_usb_mgr.common, &hdr, skb_in); 
	DEBUG_TRACE("%s() ctrl response status:%d", __FUNCTION__, entry->status);

	return;
}


//This function runs in an interrupt context so it can't be preempted. This means cpdev can't
//be deleted out from under
static void cp_lkm_usb_data_recv_process (struct cp_lkm_usb_base_dev* cpbdev, struct sk_buff *skb_in)
{
	struct sk_buff *skb_out;
	int res;
	int dst;
	struct skb_data *entry;
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_base_ep* bep;
	int ep_num;
	int mux_id;

	// WARNING: The memory this pointer points to will be freed by the wrapper, so copy everything you need 
	//  		out of it here before going into the while loop
	entry = (struct skb_data *)skb_in->cb;
	bep = entry->bep;
	ep_num = bep->ep_num;

	//printk("%s() cpbdev: %p, bep: %p base_state: %d\n", __FUNCTION__, cpbdev, bep, cpbdev->base_state);

	if(!cp_lkm_usb_is_base_attached(cpbdev)){
		dev_kfree_skb_any (skb_in);
		return;
	}

	while(1) {
		skb_out = NULL;

		mux_id = 0;

		res = cp_lkm_wrapper_recv(cpbdev->wrapper_ctxt, &dst, &mux_id, skb_in, &skb_out);

		if (dst != CP_LKM_WRAPPER_DST_CTRL && dst != CP_LKM_WRAPPER_DST_DATA) {
			// this is something other than data that we don't know what to do with, so drop it.
			goto recv_done;
		}

		cpdev = cp_lkm_usb_find_muxed_dev(cpbdev, mux_id);

		skb_in = NULL;
	
		if (NULL == cpdev) {
			//LOG("%s(), no cpdev found for mux_id: 0x%x, or base_id: %d", __FUNCTION__,mux_id,cpbdev->base_id);
			DEBUG_WARN("%s(), no cpdev found for mux_id: 0x%x, or base_id: %d", __FUNCTION__,mux_id,cpbdev->base_id);
			goto recv_done;
		}

		if(res == CP_LKM_WRAPPER_RES_ERROR) {
			UPDATE_STATS(cpdev->edi->pm_stats64_ctx, rx_dropped, 1);
			goto recv_done;
		}

		//printk("%s() cpdev: %p, ep_num: 0x%x, dst: %d, mux_id: %d, state: %d, res: %d\n", __FUNCTION__, cpdev, ep_num, dst, mux_id, cpdev->state, res);

		//DEBUG_INFO("%s() while() - skb_out:%p, dst:%d, res:%d", __FUNCTION__, skb_out, dst, res);

		//if nothing to send, see if we can bail or if need to call again
		if(NULL == skb_out){
			goto recv_done;
		}
	
		if(dst == CP_LKM_WRAPPER_DST_CTRL) {
			//printk("%s() ctrl pkt cpdev: %p\n", __FUNCTION__, cpdev);
			if (skb_out->len) { // watch for 0 length short packets
				struct cp_lkm_msg_hdr hdr;

				DEBUG_TRACE("%s() recv app pkt", __FUNCTION__);
				memset(&hdr,0,sizeof(hdr));
				hdr.instance_id = cpdev->unique_id;
				hdr.cmd = CP_LKM_USB_CMD_DATA_RECV;
				hdr.status = CP_LKM_STATUS_OK;
				hdr.len = skb_out->len;
				hdr.arg1 = ep_num;

				cp_lkm_post_message(&cp_lkm_usb_mgr.common, &hdr, skb_out); 
				skb_out = NULL;
			}
		}
		//dst == CP_LKM_WRAPPER_DST_DATA
		else{ 
			//printk("%s() data pkt cpdev: %p\n", __FUNCTION__, cpdev);
			if (skb_out->len && cpdev->edi->pm_recv){   			 
				//printk("%s() data pkt send to pm cpdev: %p, first byte: 0x%x\n", __FUNCTION__, cpdev, skb_out->data[0]);
				cpdev->edi->pm_recv(cpdev->edi->pm_recv_ctx, skb_out);
				skb_out = NULL;
			}
		}

recv_done:
		if(skb_out) {
			dev_kfree_skb_any(skb_out);
		}

		//if wrapper didn't ask to be called back, then done
		if(res != CP_LKM_WRAPPER_RES_AGAIN) {
			break;
		}

	}

	return;
}

/* 
 * This function runs in a hw interrupt context. Do not put any DEBUG_XX print messages in here. 
*/ 
static void cp_lkm_usb_recv_complete (struct urb *urb)
{
	unsigned long flags;
	struct sk_buff *skb = (struct sk_buff *) urb->context;
	struct skb_data *entry = (struct skb_data *) skb->cb;
	struct cp_lkm_usb_base_dev* cpbdev = (struct cp_lkm_usb_base_dev *)entry->cpbdev;
	struct cp_lkm_usb_dev* cpdev_stats_only;
	int urb_status = urb->status;
	struct cp_lkm_base_ep* bep = entry->bep;
	bool is_data = false;
	//if(urb->status) {
	//  printk("recv_done: status: %d, len:%d\n", urb->status, urb->actual_length);
	//}

	// we don't know what cpdev recv packets are destined for when running muxed clones, so report all errors
	// to the base device (for non cloned cases, this will always be the correct cpdev)
	cpdev_stats_only = cp_lkm_usb_find_dev(cpbdev->base_id);

	//remove skb from the list first thing so no other code conext looking at the
	//list (such as unlink_urbs) can mess with it. 
	spin_lock_irqsave(&cpbdev->in_q.lock,flags);
	__skb_unlink(skb, &cpbdev->in_q);
	spin_unlock_irqrestore(&cpbdev->in_q.lock,flags);

	skb_put (skb, urb->actual_length);
	if(bep->ep_num == cpbdev->data_in_bep_num) {
		is_data = true;
		entry->state = in_data_done;
		//note we don't decrement the data ep cnt until we process the pkt
	} else{
		bep->q_cnt--;
		entry->state = in_other_done;
	}
	entry->status = urb->status;

	//skip status and error checking if the device has unplugged
	if(!cp_lkm_usb_is_base_attached(cpbdev)) {
		entry->status = -ENODEV;
		goto recv_done;
	}

	switch (urb_status) {
		// success
		case 0:
			break;

			// stalls need manual reset. this is rare ... except that
			// when going through USB 2.0 TTs, unplug appears this way.
			// we avoid the highspeed version of the ETIMEOUT/EILSEQ
			// storm, recovering as needed.
		case -EPIPE:
			UPDATE_STATS(cpdev_stats_only->edi->pm_stats64_ctx, rx_errors, 1);
			//don't clear halts on ctrl ep
			if(bep->ep_num != 0) {
				cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_HALT);
			}
			goto block;

			// software-driven interface shutdown
		case -ECONNRESET:   	// async unlink
		case -ESHUTDOWN:		// hardware gone
			goto block;

		case -ENODEV:
			//printk("recv_done nodev:%d\n", ENODEV);
			goto block;

			// we get controller i/o faults during khubd disconnect() delays.
			// throttle down resubmits, to avoid log floods; just temporarily,
			// so we still recover when the fault isn't a khubd delay.
		case -EPROTO:
		case -ETIME:
		case -EILSEQ:
			UPDATE_STATS(cpdev_stats_only->edi->pm_stats64_ctx, rx_errors, 1);
			if (!timer_pending (&cpbdev->rx_delay)) {
				mod_timer (&cpbdev->rx_delay, jiffies + THROTTLE_JIFFIES);
			}
block:
			if(bep->ep_num == cpbdev->data_in_bep_num) {
				bep->q_cnt--;
				entry->state = in_data_cleanup;
			}
			else{
				entry->state = in_other_cleanup;
			}

			break;

			// data overrun ... flush fifo?
		case -EOVERFLOW:
			UPDATE_STATS(cpdev_stats_only->edi->pm_stats64_ctx, rx_over_errors, 1);

			// FALLTHROUGH

		default:
			if(bep->ep_num == cpbdev->data_in_bep_num) {
				bep->q_cnt--;
				entry->state = in_data_cleanup;
			}
			else{
				entry->state = in_other_cleanup;
			}
			UPDATE_STATS(cpdev_stats_only->edi->pm_stats64_ctx, rx_errors, 1);
			break;
	}

	// on responses to a requested recv from the app driver, we need to always return something even on error so force it here
	if(bep->con_flags & CP_LKM_USB_RECV) {
		if(is_data){
			entry->state = in_data_done; //this should never happen, data endpoints always listen, they don't post recv's
		}
		else{
			entry->state = in_other_done;
		}
	}

recv_done:
	//do not use the 'entry' struct after this call. It is part of the skb and the skb will be freed when the _bh function runs.
	//if you need something from it save it off before calling this
	if(is_data) {
		//cpdev->dbg_total_rx_irq++;
		//printk("%s(), got data on cpbdev: %p, bep: %p, id: %d\n",__FUNCTION__, cpbdev, entry->bep, cpbdev->base_id);
		cp_lkm_usb_done_and_defer_data(cpbdev, skb, DATA_SRC_RX);
	}
	else{
		//printk("%s(), got other data on cpbdev: %p, bep: %p, id: %d\n",__FUNCTION__, cpbdev, entry->bep, cpbdev->base_id);
		cp_lkm_usb_done_and_defer_other(cpbdev, skb);
	}
}

//static int g_num_adjusts = 0;
//static int g_num_recv_pkts = 0;
//static int g_num_iters = 0;
static int cp_lkm_usb_submit_recv(struct cp_lkm_usb_base_dev* cpbdev , struct urb *urb, gfp_t flags, struct cp_lkm_base_ep* bep, bool data)
{
	struct sk_buff  *skb;
	struct skb_data *entry;
	int 			retval = 0;
	unsigned long   lockflags;
	size_t size;
	int hdr_size = 0;
	int hdr_offset = 0;
	int pad = 0;  //some platforms require alignment override. pad takes care of that.

	//g_num_recv_pkts++;
	//g_num_iters++;
	//if(g_num_iters > 10000){
	//	printk("%s() num pkts: %d, num adjusts: %d\n",__FUNCTION__,g_num_recv_pkts,g_num_adjusts);
	//	g_num_iters = 0; 
	//}
	size = bep->max_transfer_size;
	if (data) {
		hdr_size = cpbdev->pm_hdr_size;
		hdr_offset = cpbdev->pm_hdr_offset;
	}

	if(cp_lkm_is_broadcom && (hdr_offset & 0x3)) {
		//Jira issue FW-14929: On broadcom, we have to keep the buffers four byte aligned else the USB block 
		//corrupts the data (no idea why).
		//Round up the hdr_offset to nearest 4 byte boundary. This means pkts may not be aligned as expected,
		//so recieve function will need to either realign with a copy, or send up to the stack unaligned 
		// See cp_lkm_pm_net_recv() to see how we decided to deal with it (subject to change).
		pad = 4 - (hdr_offset&0x3);
		//g_num_adjusts++;
	}

	if ((skb = alloc_skb (size+hdr_size+pad, flags)) == NULL) {
		//if (netif_msg_rx_err (dev))
		//    devdbg (dev, "no rx skb");
		cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_MEMORY);
		return -ENOMEM;
	}
	if (data) {
		skb_reserve(skb, hdr_offset+pad);
		//printk("%s(), data: %p, len: %d, whs:%d, hs:%d, ho:%d\n",__FUNCTION__,skb->data,skb->len,wrapper_hdr_size,hdr_size,hdr_offset);
	}
	entry = (struct skb_data *) skb->cb;
	entry->urb = urb;
	entry->cpbdev = cpbdev;
	if(data) {
		entry->state = in_data_start;
	}
	else{
		entry->state = in_other_start;
	}

	entry->status = 0;
	entry->bep = bep;

	if(bep->type == UE_BULK) {
		usb_fill_bulk_urb (urb, cpbdev->udev, bep->pipe, skb->data, size, 
						   cp_lkm_usb_recv_complete, skb);
	}
	else{
		usb_fill_int_urb (urb, cpbdev->udev, bep->pipe, skb->data, size, 
						  cp_lkm_usb_recv_complete, skb, bep->interval);
	}
	//cp_lkm_usb_cnts(entry->state,1);
	spin_lock_irqsave (&cpbdev->in_q.lock, lockflags);
	if (cp_lkm_usb_is_base_attached(cpbdev) && !test_bit (EVENT_RX_HALT, &bep->err_flags)) {
		DEBUG_TRACE("%s() ep:0x%x, size:%d, type:%d, pipe:0x%x",__FUNCTION__, bep->ep_num, size, bep->type, bep->pipe);
		retval = usb_submit_urb (urb, GFP_ATOMIC);
		switch (retval) {
			case -EPIPE:
				//don't clear halts on ctrl ep
				if(bep->ep_num != 0) {
					cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_HALT);
				}
				break;
			case -ENOMEM:
				cp_lkm_usb_defer_kevent (cpbdev, bep, EVENT_RX_MEMORY);
				break;
			case -ENODEV:
				//if (netif_msg_ifdown (dev))
				//  devdbg (dev, "device gone");
				//netif_device_detach (dev->net);
				break;
			case -EPROTO:
			default:
				//if (netif_msg_rx_err (dev))
				//  devdbg (dev, "rx submit, %d", retval);
				cp_lkm_schedule_rx_restock(cpbdev,bep);
				break;
			case 0:
				__skb_queue_tail (&cpbdev->in_q, skb);
				bep->q_cnt++;
				//if(cpdev->in_q.qlen == 1 && ep->index == CP_LKM_DATA_INDEX){
				//  printk("rx q empty\n");
				//}

		}
	} else {
		//if (netif_msg_ifdown (dev))
		//  devdbg (dev, "rx: stopped");
		retval = -ENOLINK;
	}
	spin_unlock_irqrestore (&cpbdev->in_q.lock, lockflags);
	if (retval) {
		DEBUG_TRACE("%s() FAILED ep_num:0x%x ep_type:%d, retval: %d",__FUNCTION__, bep->ep_num, bep->type, retval);
		//cp_lkm_usb_cnts(entry->state,-1);
		dev_kfree_skb_any (skb);
	}

	return retval;
}


static int cp_lkm_usb_init(void)
{
	DEBUG_TRACE("%s()", __FUNCTION__);
	memset(&cp_lkm_usb_mgr, 0x00, sizeof(struct cp_lkm_usb_ctx));
	cp_lkm_usb_mgr.common.open = cp_lkm_usb_open;
	cp_lkm_usb_mgr.common.close = cp_lkm_usb_close;
	cp_lkm_usb_mgr.common.handle_msg = cp_lkm_usb_handle_msg;
	cp_lkm_usb_mgr.common.handle_ioctl = cp_lkm_usb_handle_ioctl;
	INIT_LIST_HEAD(&cp_lkm_usb_mgr.dev_list);

	cp_lkm_common_ctx_init(&cp_lkm_usb_mgr.common);

	spin_lock_init(&cp_lkm_usb_mgr.lock);
	//sema_init(&cp_lkm_usb_mgr.thread_sem, 1);

	if(!strcmp(PRODUCT_PLATFORM, "brcm_arm")) {
		LOG("cp_lkm: Broadcom platform");
		cp_lkm_is_broadcom = 1;
	}

	LOG("cp_lkm: Product chipset %s",PRODUCT_INFO_CHIPSET);
	LOG("cp_lkm: Product platform %s",PRODUCT_PLATFORM);

	//Things work better if the napi weight here matchs the global weight set in service_manager/services/firewall.py
	//This is even true if we don't use napi here since ethernet on some platforms use it
	if ((strcmp(PRODUCT_PLATFORM,"ramips")==0) && (strcmp(PRODUCT_INFO_CHIPSET, "3883")!=0)){
		//all ralink (mediatek) platforms except for 3883 use the low settings
		//use_high = false;
		CP_LKM_PM_NAPI_WEIGHT = 32;
	}
	else{
		//use_high = true;
		CP_LKM_PM_NAPI_WEIGHT = 64;
	}

	//set up default settings for all platforms
	CP_LKM_USB_NAPI_MAX_WORK = CP_LKM_PM_NAPI_WEIGHT;
	CP_LKM_USB_MAX_RX_QLEN = CP_LKM_USB_NAPI_MAX_WORK;
	CP_LKM_USB_MAX_OTHER_QLEN = 2;
	CP_LKM_USB_TX_PAUSE_Q_PKTS = CP_LKM_USB_NAPI_MAX_WORK;   
	CP_LKM_USB_TX_RESUME_Q_PKTS = CP_LKM_USB_TX_PAUSE_Q_PKTS/4;
	CP_LKM_USB_TX_SCHED_CNT = 1;
	CP_LKM_USB_RX_SCHED_CNT = 1;  
	CP_LKM_USB_RESTOCK_MULTIPLE = 1; //restock rx as we process them
	CP_LKM_USB_TASKLET_CNT = 10;
	CP_LKM_USB_WORKQUEUE_CNT = 5;
	CP_LKM_USB_PROCESS_DIVISOR = 4;

	LOG("cp_lkm: Processor: %s, Max work: %d, NAPI budget: %d, QLEN: %d.",PRODUCT_INFO_CHIPSET, CP_LKM_USB_NAPI_MAX_WORK, CP_LKM_PM_NAPI_WEIGHT, CP_LKM_USB_MAX_RX_QLEN);

	return 0;

}

static int cp_lkm_usb_cleanup(void)
{
	//module is unloading, clean up everything
	// empty pending posted messages
	cp_lkm_cleanup_msg_list(&cp_lkm_usb_mgr.common);
	
	cp_lkm_usb_close(&cp_lkm_usb_mgr.common);
	return 0;
}

static int cp_lkm_usb_open(struct cp_lkm_common_ctx *ctx)
{
	//struct cp_lkm_usb_ctx* mgr;

	DEBUG_TRACE("%s()", __FUNCTION__);
	//mgr = (struct cp_lkm_usb_ctx*)ctx;

	return 0;
}

static int cp_lkm_usb_close(struct cp_lkm_common_ctx *ctx)
{
	//unsigned long flags;
	//struct cp_lkm_usb_dev* cpdev;
	//struct cp_lkm_usb_close_intf ci;
	//struct cp_lkm_usb_unplug_intf ui;
	LOG("%s() called unexpectedly.", __FUNCTION__);

	//NOTE: catkin 10/11/2019 - Close is only called in our system if the modem stack crashes. This means
	//                          things are in a bad state and the router will be rebooting. We decided not 
	//                          to clean things up here because this code got into an infinite loop in 
	//                          certain fail situations, which prevented the router from rebooting. 
	//                          Revisit if close ever becomes a normal event.

	/*
	while(1) {
		spin_lock(&cp_lkm_usb_mgr.lock);

		cpdev = cp_lkm_usb_get_head_dev();

		spin_unlock(&cp_lkm_usb_mgr.lock);
		if(!cpdev) {
			return 0;
		}

		//TODO - when this closed we have a modem plugged, we will be deleting the top half of the driver while the bottom half is 
		//  	 still plugged. Figure out how to force the driver to disconnect the modem
		ci.unique_id = cpdev->unique_id;
		cp_lkm_usb_close_intf(&ci);

		//the unplug removes the device from the list which prevents us from infinite looping here
		ui.unique_id = cpdev->unique_id;
		cp_lkm_usb_unplug_intf(&ui);
	}

	cp_lkm_cleanup_msg_list(ctx);
	*/
	return 0;
}

static int cp_lkm_usb_handle_msg(struct cp_lkm_common_ctx *ctx, struct cp_lkm_msg_hdr *hdr, struct sk_buff *skb)
{
	int retval = -1;
	struct cp_lkm_ep* ep;
	struct cp_lkm_usb_dev* cpdev;
	struct cp_lkm_usb_base_dev* cpbdev;

	//grab lock to protect global device list before searching (don't want to search it if another thread is adding or removing a cpdev)
	spin_lock(&cp_lkm_usb_mgr.lock);
	cpdev = cp_lkm_usb_find_dev(hdr->instance_id);

	//grab thread semaphore so disconnect can't run and delete the cpdev while we are running here
	if(!cpdev || !cp_lkm_usb_is_attached(cpdev) || !cp_lkm_usb_is_base_attached(cpdev->cpbdev)) {
		spin_unlock(&cp_lkm_usb_mgr.lock);
		dev_kfree_skb_any (skb);
		//printk("%s() no device or no probe yet\n", __FUNCTION__);
		return 0;
	}
	cpbdev = cpdev->cpbdev;
	switch(hdr->cmd) {
		case CP_LKM_USB_CMD_DATA_SEND:
			{
				ep = cp_lkm_usb_get_ep(cpdev, hdr->arg1);
				if(ep) {
					//printk("%s(), send other data cpbdev: %p, cpdev: %p, bep: %p, ep: %p, num: 0x%x\n",__FUNCTION__,cpdev->cpbdev,cpdev,ep->bep,ep,ep->ep_num);
					retval = cp_lkm_usb_start_xmit_common(cpdev, skb, CP_LKM_WRAPPER_SRC_CTRL, ep);
					skb = NULL;
				}
				else{
					DEBUG_TRACE("%s() Invalid EP number 0x%x", __FUNCTION__, hdr->arg1);
					retval = -1;
				}
			}
			break;
		case CP_LKM_USB_CMD_CTRL_SEND:
			{
				retval = cp_lkm_usb_start_ctrl_xmit(cpdev, skb);
				skb = NULL;
			}
			break;
	}

	spin_unlock(&cp_lkm_usb_mgr.lock);

	if(skb) {
		dev_kfree_skb_any (skb);
	}
	return retval;
}

static int cp_lkm_usb_handle_ioctl(struct cp_lkm_common_ctx *ctx, int cmd, void *k_argp)
{
	int retval = -1;
	//printk("%s(), cmd:0x%x\n", __FUNCTION__, _IOC_NR(cmd));

	switch(cmd) {
	case CP_LKM_IOCTL_USB_PLUG_INTF:
		{
			struct cp_lkm_usb_plug_intf* pi = (struct cp_lkm_usb_plug_intf*)k_argp;
			retval = cp_lkm_usb_plug_intf(pi);
		}
		break;
	case CP_LKM_IOCTL_USB_SET_WRAPPER:
		{
			struct cp_lkm_usb_set_wrapper* sw = (struct cp_lkm_usb_set_wrapper*)k_argp;
			retval = cp_lkm_usb_set_wrapper(sw);
		}
		break;
	case CP_LKM_IOCTL_USB_SET_MUX_ID:
		{
			struct cp_lkm_usb_set_mux_id* smi = (struct cp_lkm_usb_set_mux_id*)k_argp;
			retval = cp_lkm_usb_set_mux_id(smi);
		}
		break;
	case CP_LKM_IOCTL_USB_OPEN_INTF:
		{
			struct cp_lkm_usb_open_intf* oi = (struct cp_lkm_usb_open_intf*)k_argp;
			retval = cp_lkm_usb_open_intf(oi);
		}
		break;
	case CP_LKM_IOCTL_USB_CLOSE_INTF:
		{
			struct cp_lkm_usb_close_intf* ci = (struct cp_lkm_usb_close_intf*)k_argp;
			retval = cp_lkm_usb_close_intf(ci);
		}
		break;
	case CP_LKM_IOCTL_USB_UNPLUG_INTF:
		{
			struct cp_lkm_usb_unplug_intf* ui = (struct cp_lkm_usb_unplug_intf*)k_argp;
			retval = cp_lkm_usb_unplug_intf(ui);
		}
		break;
	case CP_LKM_IOCTL_USB_EP_ACTION:
		{
			struct cp_lkm_usb_ep_action* ea = (struct cp_lkm_usb_ep_action*)k_argp;
			retval = cp_lkm_usb_ep_action(ea);
		}
		break;
	case CP_LKM_IOCTL_USB_PM_LINK:
		{
			struct cp_lkm_usb_pm_link *upl = (struct cp_lkm_usb_pm_link *)k_argp;
			retval = cp_lkm_usb_pm_link(upl);
		}
		break;
	case CP_LKM_IOCTL_USB_IS_ALIVE_INTF:
		{
			struct cp_lkm_usb_is_alive_intf* alivei = (struct cp_lkm_usb_is_alive_intf*)k_argp;
			retval = cp_lkm_usb_is_alive_intf(alivei);
		}
	}

	return retval;
}


/*******************************  kernel module PM instance functionality **********************************/
struct cp_lkm_pm_ctx {
	struct cp_lkm_common_ctx common;
	struct list_head pm_list;
	spinlock_t pm_list_lock;
};

struct cp_lkm_pm_ctx cp_lkm_pm_mgr;


static void cp_lkm_pm_filter_empty_list(struct cp_lkm_pm_common *pm)
{

	struct cp_lkm_pm_filter *filter;
	struct list_head *entry, *tmp;

	list_for_each_safe(entry, tmp, &pm->filter_list) {
		filter = list_entry(entry, struct cp_lkm_pm_filter, list);
		list_del(&filter->list);
		kfree(filter);
	}
}

static bool cp_lkm_pm_filter_ok(struct cp_lkm_pm_common *pm, unsigned char *buf, unsigned int buf_len)
{
	bool allow = true; // default allow the egress packet

	struct list_head *pos;

	struct in_device *in_dev;
	struct in_ifaddr *ifa;
	struct iphdr *ipv4_hdr;
	u32 ipv4_src_addr = 0;
	u32 ipv4_net_addr = 0;
	u32 ipv4_net_mask = 0;

	ipv4_hdr = (struct iphdr *)buf;

	// these are the include filters (white list) - exclude filters (black list) are not currently supported
	// exclude filters may need to be processed in another loop through the filters
	list_for_each(pos, &pm->filter_list) {
		struct cp_lkm_pm_filter *filter = list_entry(pos, struct cp_lkm_pm_filter, list);
		switch(filter->type) {
		case CP_LKM_PM_FILTER_TYPE_IP_SRC_WAN_SUBNET_INCLUDE:
			if (4 == ipv4_hdr->version) {
				// ipv4
				allow = false;
				ipv4_src_addr = __be32_to_cpu(ipv4_hdr->saddr);
				if(ipv4_src_addr == 0){
					//DHCP rebind packets may have a src addr of 0.0.0.0 and we want to let those through.
					allow = true;
				}
				else{
					// get network device IP address and check against src packet ip address
					rcu_read_lock();
					in_dev = rcu_dereference(pm->net_dev->ip_ptr);
					// in_dev has a list of IP addresses (because an interface can have multiple - check them all)
					for (ifa = in_dev->ifa_list; ifa != NULL; ifa = ifa->ifa_next) {
						ipv4_net_addr = __be32_to_cpu(ifa->ifa_local);
						ipv4_net_mask = __be32_to_cpu(ifa->ifa_mask);
						if ((ipv4_net_addr & ipv4_net_mask) == (ipv4_src_addr & ipv4_net_mask)) {
							// allow the packet
							allow = true;
							break;
						}
					}
					rcu_read_unlock();
				}
			}/* benk needs to be tested before ok to execute
			 else if (6 == ipv4_hdr->version) {
				struct in6_addr *addr = (struct in6_addr *)&buf[2 * sizeof(u32)];
				if (ipv6_chk_prefix(addr, pm->net_dev)) {
					allow = true;
				}
			} */
			break;
		case CP_LKM_PM_FILTER_TYPE_IP_SRC_SUBNET_INCLUDE:
			if (4 == ipv4_hdr->version) {
				// ipv4
				allow = false;
				ipv4_src_addr = __be32_to_cpu(ipv4_hdr->saddr);
				if(ipv4_src_addr == 0){
					//DHCP rebind packets may have a src addr of 0.0.0.0 and we want to let those through.
					allow = true;
				}
				else if ((filter->subnet.ipv4_addr & filter->subnet.ipv4_mask) == (ipv4_src_addr & filter->subnet.ipv4_mask)) {
					allow = true;
				}
			}
	
		default:
			break;
		}

		if (allow) {
			break;
		}
	}
	
	if (!allow) {
		DEBUG_WARN("%s() dropping packet - src:0x%x\n", __FUNCTION__, ipv4_src_addr);
	} 

	return allow;
}
/*******************************  kernel module pm common functionality **********************************/
int cp_lkm_common_init(struct cp_lkm_pm_common *pmc)
{
	// allocate stats struct
	pmc->pcpu_stats64 = netdev_alloc_pcpu_stats(struct cp_lkm_pm_stats64);
	if (!pmc->pcpu_stats64) {
		return -ENOMEM;
	}


	pmc->pm_link_count = 0;
	spin_lock_init(&pmc->pm_link_lock);
	INIT_LIST_HEAD(&pmc->filter_list);

	return 0;
}

void cp_lkm_common_deinit(struct cp_lkm_pm_common *pmc)
{
	if (!pmc->pcpu_stats64) {
		return;
	}
	free_percpu(pmc->pcpu_stats64);
	pmc->pcpu_stats64 = NULL;
}
// The pm_link_lock is used to coordinate activity between xmit, poll, and link/unlink
// It is okay to poll and xmit at the same time, but we don't want to do either if we are linking or unlinking.
// link/unlink sets the pm_link_count negative to block both poll and xmit. If pm_link_count is not negative then
// both poll and xmit are free to grab the link at any time and at the same time.
//retval: 
//  0 = you have the token, proceed
// -1 = you don't have the token, do not pass go 
int cp_lkm_common_inc_link_lock(struct cp_lkm_pm_common* pmc)
{
	unsigned long flags;
	int retval = 0;
	spin_lock_irqsave(&pmc->pm_link_lock, flags);
	if(pmc->pm_link_count < 0) {
		retval = -1;
	}
	else{
		pmc->pm_link_count++;
	}
	spin_unlock_irqrestore(&pmc->pm_link_lock, flags);
	return retval;
}

int cp_lkm_common_dec_link_lock(struct cp_lkm_pm_common* pmc)
{
	unsigned long flags;
	int retval = 0;
	spin_lock_irqsave(&pmc->pm_link_lock, flags);
	if(pmc->pm_link_count > 0) {
		pmc->pm_link_count--;
	}
	else{
		//should never hit this
		retval = -1;
	}
	spin_unlock_irqrestore(&pmc->pm_link_lock, flags);
	return retval;
}

/*******************************  kernel module net PM functionality **********************************/

// common structure for ethernet and IP protocol managers
struct cp_lkm_pm_net {
	struct cp_lkm_pm_common common;
	struct ethhdr eth_hdr;

};

static struct rtnl_link_stats64 *cp_lkm_pm_get_stats64(struct net_device *netdev, struct rtnl_link_stats64 *stats)
{
	struct cp_lkm_pm_net *pm_net;
	int i;
	struct cp_lkm_pm_stats64 *pstats;

	pm_net = netdev_priv(netdev);

	for_each_possible_cpu(i) {
		u64 rx_packets, rx_bytes, rx_errors, rx_dropped, rx_over_errors;
		u64 tx_packets, tx_bytes, tx_errors, tx_dropped;
		unsigned int start;
		pstats = per_cpu_ptr(pm_net->common.pcpu_stats64, i);
		do {
			start = u64_stats_fetch_begin_irq(&pstats->syncp);
			rx_packets = pstats->rx_packets;
			tx_packets = pstats->tx_packets;
			rx_bytes = pstats->rx_bytes;
			tx_bytes = pstats->tx_bytes;
			rx_errors = pstats->rx_errors;
			tx_errors = pstats->tx_errors;
			rx_dropped = pstats->rx_dropped;
			tx_dropped = pstats->tx_dropped;
			rx_over_errors = pstats->rx_over_errors;
		} while (u64_stats_fetch_retry_irq(&pstats->syncp, start));

		stats->rx_packets += rx_packets;
		stats->tx_packets += tx_packets;
		stats->rx_bytes += rx_bytes;
		stats->tx_bytes += tx_bytes;
		stats->rx_errors += rx_errors;
		stats->tx_errors += tx_errors;
		stats->rx_dropped += rx_dropped;
		stats->tx_dropped += tx_dropped;
		stats->rx_over_errors += rx_over_errors;
	}

	return stats;
}

static int cp_lkm_pm_net_open(struct net_device *dev)
{
	struct cp_lkm_pm_net *pm_net;

	DEBUG_TRACE("%s()", __FUNCTION__);

	pm_net = netdev_priv(dev);
	netif_start_queue(dev);

	// is this link up?
	return 0;
}

static int cp_lkm_pm_net_close(struct net_device *dev)
{
	struct cp_lkm_pm_net *pm_net = netdev_priv(dev);
	struct cp_lkm_msg_hdr hdr;

	DEBUG_TRACE("%s()", __FUNCTION__);

	// link change
	netif_stop_queue(dev);

	// post message to indicate link down
	memset(&hdr,0,sizeof(hdr));
	hdr.instance_id = pm_net->common.unique_id;
	hdr.cmd = CP_LKM_PM_LINK_DOWN;
	hdr.status = CP_LKM_STATUS_OK;
	cp_lkm_post_message(&cp_lkm_pm_mgr.common, &hdr, NULL);
	LOG("Link Down indicated - id:%d\n", hdr.instance_id);


	return 0;
}

static int cp_lkm_pm_net_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct cp_lkm_pm_net *pm_net = netdev_priv(dev);
	bool filter_ok = true;
	int link_res;

	//see if we can grab the link lock, if not, we are either bringing up or taking down the link between USB and PM, so not safe to proceed
	link_res = cp_lkm_common_inc_link_lock(&pm_net->common);
	if(link_res < 0) {
		dev_kfree_skb_any(skb);
		return NETDEV_TX_OK;
	}

	if (!pm_net->common.edi) {
		// cannot do anything without edi
		dev_kfree_skb_any(skb);
		goto net_xmit_done;
	}

	//DEBUG_INFO("%s() - %s len:%d", __FUNCTION__, pm_net->common.net_dev->name, skb->len);
	UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, tx_bytes, (skb->len - sizeof(struct ethhdr)));
	UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, tx_packets, 1);
	/* Drop packet if interface is not attached */
	if (0 == pm_net->common.attached)
		goto drop;

	if (!pm_net->common.edi->usb_send) {
		goto drop;
	}

	filter_ok = cp_lkm_pm_filter_ok(&pm_net->common, skb->data + sizeof(struct ethhdr), skb->len - sizeof(struct ethhdr));
	if (!filter_ok) {
		pm_net->common.filter_drop_cnt++;
		DEBUG_WARN("%s() filter dropped packet cnt:%u", __FUNCTION__, pm_net->common.filter_drop_cnt);
		goto drop;
	}
	
	switch(pm_net->common.type) {
	case CP_LKM_PM_TYPE_IP_DHCP:
	case CP_LKM_PM_TYPE_IP_STATIC:
		skb_pull(skb, sizeof(struct ethhdr)); // strip off the ethernet header
		break;
	default:
		break;
	}
 
	// send data to USB module
	pm_net->common.edi->usb_send(pm_net->common.edi->usb_send_ctx, skb);
	goto net_xmit_done;

drop:
	DEBUG_INFO("%s() - dropped", __FUNCTION__);
	UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, tx_dropped, 1);
	dev_kfree_skb_any(skb);

net_xmit_done:
	cp_lkm_common_dec_link_lock(&pm_net->common);
	return NETDEV_TX_OK;
}


#if 0
static u8 cp_lkm_pm_test_find(u8* pkt, u32 pkt_len, u8* pattern, u32 pattern_len)
{
	s32 i;
	for(i = 0; i < (pkt_len - pattern_len); i++) {
		if (memcmp(&pkt[i],pattern,pattern_len) == 0) {
			return 1;
		}
	}
	return 0;
}

static int cp_lkm_pm_test(struct sk_buff *skb)
{
static u8 first_pkt = 1;
static u8 started = 0;
static unsigned long total_data = 0;
static unsigned long start_time = 0;
static unsigned long stop_time = 0;

static unsigned long invalid_pkts = 0;
static unsigned long total_pkts = 0;

	int drop = 0;
	unsigned char *ptr = skb->data;
	u32 pkt_len = skb->len;
	u8 prot;
	//u8 type;
	u16 udp_len;
	u16 dst_port;

	if (pkt_len < 20) {
		return 0;
	}
	//function is set up to parse IP pkts, may be called with ether framed pkts as well.
	//auto detect ether hdr and remove it
	if (ptr[0] != 0x45) {
		//ether header
		if(ptr[14] == 0x45){
			ptr+=14;
			pkt_len -= 14;
		}
		//vlan hdr
		else if (ptr[12] == 0x81 && ptr[18] == 0x45) {
			ptr+=18;
			pkt_len -=18;
		}
	}

	if (ptr[0] != 0x45) {
		invalid_pkts++;
	}

	//printk("0x%x %x %x %x %x %x %x %x %x %x %x %x %x %x %x %x len: %d \n",ptr[0],ptr[1],ptr[2],ptr[3],ptr[4],ptr[5],ptr[6],ptr[7],ptr[8],ptr[9],ptr[10],ptr[11],ptr[12],ptr[13],ptr[14],ptr[15],pkt_len);
	//printk("0x%x %x %x %x %x %x %x %x %x %x %x %x %x %x %x %x len: %d \n",ptr[0],ptr[1],ptr[2],ptr[3],ptr[4],ptr[5],ptr[6],ptr[7],ptr[8],ptr[9],ptr[10],ptr[11],ptr[12],ptr[13],ptr[14],ptr[15],pkt_len);
	if (pkt_len >= 28) {
		prot = ptr[9];
		if (prot == 0x11) {
			ptr += 20; //skip ip header
			pkt_len -= 20;
			dst_port = ntohs(*((u16*)(&ptr[2])));
			udp_len = ntohs(*((u16*)(&ptr[4])));
			//printk("Got UDP pkt\n");
			if (started && dst_port == 5001) {
				drop = 1;
				if (first_pkt == 1) {
					first_pkt = 0;
					total_data = 0;
					start_time = jiffies;
					invalid_pkts = 0;
					total_pkts = 0;
				}
				total_data += (udp_len+34); //add ip and ether hdrs
				stop_time = jiffies;
				total_pkts++;
			}
			else if(dst_port == 5002) {
				drop = 1;
				ptr += 8; //skip udp header
				printk("SHIM START PORT len: %d data: 0x%x, start=%x, stop=%x\n",udp_len, ptr[0], start_time, stop_time);
				if(cp_lkm_pm_test_find(ptr, udp_len, "START", 5)){
					printk("Got IPERF START\n");
					first_pkt = 1;
					started = 1;
					cp_lkm_wrapper_start_debug();
				}
				else if (cp_lkm_pm_test_find(ptr, udp_len, "STOP", 4)) {
					u32 delta_time = (stop_time - start_time)*1000/HZ;
					u32 bits_per_sec = (total_data/delta_time)*8000; //in bytes per milisecond, need bits per second
					delta_time -= 2; //iperf has 2 second delay waiting for an ack we won't send
					started = 0;
					printk("Got IPERF STOP: Total data: %u, Total pkts: %u, Total invalid: %u, Total time: %u msec, BitsPerSec: %u\n",total_data, total_pkts, invalid_pkts, delta_time,bits_per_sec);
					cp_lkm_wrapper_stop_debug();
				}
			}
		}
	}
	return drop;
}
#endif

// called in soft interrupt context - otherwise some protection around pm_net is required
//int num_ip_copies = 0;
//int num_eth_copies = 0;
//int num_pkts = 0;
//int num_iters = 0;
//int num_unaligned = 0;
static int cp_lkm_pm_net_recv(void *ctx, struct sk_buff *skb)
{
	struct cp_lkm_pm_net *pm_net;
	int err;
	int recv_bytes;
	struct sk_buff *skb_new;
	int align = 0;  //set to 1 to always send 4 byte aligned IP pkts to network stack
	int pad = 20;   //number of bytes to put on front of new skbs

	//DEBUG_INFO("%s()", __FUNCTION__);
	if(NULL == ctx) {
		dev_kfree_skb_any(skb);
		return 0;
	}

	//num_pkts++;
	//num_iters++;
	pm_net = (struct cp_lkm_pm_net *)ctx;

	//printk("%s() pm_net: %p\n", __FUNCTION__, pm_net);


	skb->dev = pm_net->common.net_dev;

	switch(pm_net->common.type) {
		case CP_LKM_PM_TYPE_ETHERNET_DHCP:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
			//this strips the ether header off the packet
			skb->protocol = eth_type_trans(skb, pm_net->common.net_dev);
			//Need IP hdr aligned for IP stack to avoid unaligned access interrupts
			if(align && ((uintptr_t)(skb->data) & 0x3)) {
				//num_eth_copies++;
				skb_new = skb_copy_expand(skb, pad, 0, GFP_ATOMIC);
				dev_kfree_skb_any(skb);
				skb=skb_new;
			}
			if (!skb) {
				// packet dropped
				UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, rx_dropped, 1);
				return -ENOMEM;
			}
			break;

		case CP_LKM_PM_TYPE_IP_DHCP:
		case CP_LKM_PM_TYPE_IP_STATIC:
			// Need to add ether header first for processing, then remove it. Need IP hdr aligned when done.
			// 
			// Note: avoid the temptation to skip adding the ether header and doing manually what the call 
			//       to eth_type_trans() does. We did that and it bit us (see Jira issue FW-16149)
			//       The kernel expects the ether header to be present in the skb buff even though the data ptr 
			//       has been moved past it. Also, if the skb has been cloned, then we are dealing with an 
			//       aggregated modem protocol (multiple pkts per skb), so we have to make a copy to guarantee
			//       our tmp ether header isn't written into the data space of the previous pkt from the set.
			//  	 
			if((align && ((uintptr_t)(skb->data) & 0x3)) || (skb_headroom(skb) < ETH_HLEN) || skb_cloned(skb)){
				//printk("copy: align: %d, head: %d, cloned: %d, len: %d\n", ((uintptr_t)(skb->data) & 0x3), skb_headroom(skb), skb_cloned(skb), skb->len);
				//num_ip_copies++;
				skb_new = skb_copy_expand(skb, 16+pad, 0, GFP_ATOMIC);
				dev_kfree_skb_any(skb);
				skb=skb_new;
			}

			if (!skb) {
				// packet dropped
				UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, rx_dropped, 1);
				return -ENOMEM;
			}

			if (0x60 == (skb->data[0] & 0xF0)) {  //mask off version bits of first byte of IP packet to check for ip version
				// set the hdr protocol type to IPV6
				pm_net->eth_hdr.h_proto = __constant_htons(ETH_P_IPV6);
			} else { 
				// probably ipv4, but not explicitly checking
				// set the hdr protocol type to IPV4
				pm_net->eth_hdr.h_proto = __constant_htons(ETH_P_IP);
			}
			memcpy(skb_push(skb, sizeof(struct ethhdr)), (unsigned char *)&pm_net->eth_hdr, sizeof(struct ethhdr));
			//this strips the ether hdr off the packet
			skb->protocol = eth_type_trans(skb, pm_net->common.net_dev);
			break;

		default:
			DEBUG_INFO("%s() invalid protocol type: %d", __FUNCTION__, pm_net->common.type);
			// packet dropped
			UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, rx_errors, 1);
			kfree(skb);
			return NET_RX_DROP;
	}

	recv_bytes = skb->len;

	//if (cp_lkm_pm_test(skb) == 1) {
	//  dev_kfree_skb_any(skb);
	//  return NET_RX_SUCCESS;
	//}

	//if((int)(skb->data) & 0x3){
		//printk("Unaligned IP pkt!!!!!!!!!!!!\n");
		//num_unaligned++;
	//}


	//if(num_iters >= 10000) {
	//  num_iters = 0;
	//  printk("num_ip_copies: %d, num_eth_copies: %d, num_unaligned: %d, num_pkts: %d\n",num_ip_copies,num_eth_copies,num_unaligned,num_pkts);
	//}

	netif_rx(skb);
	err = NET_RX_SUCCESS;

	UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, rx_packets, 1);
	UPDATE_STATS(pm_net->common.edi->pm_stats64_ctx, rx_bytes, recv_bytes);

	return 0;
}


static void cp_lkm_pm_net_get_hdr_size(void *ctx, int wrapper_hdr_size, int* hdr_size, int* hdr_offset)
{
	struct cp_lkm_pm_net *pm_net;
	int pad;
	int tmp_size;
	int pm_hdr = ETH_HLEN;
	int pm_extra = 6;

	*hdr_size = 0;
	*hdr_offset = 0;

	pm_net = (struct cp_lkm_pm_net *)ctx;
	if(!pm_net) {
		return;
	}
	//temp return here
	//return;

	//calculate how much header space there is before the IP hdr.
	//this is needed to align the IP hdr properly for optimal performance
	switch(pm_net->common.type) {
		case CP_LKM_PM_TYPE_ETHERNET_DHCP:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
			//pkts will need room for the wrapper header and the ether hdr.
			//both headers will be present at the same time.
			tmp_size = wrapper_hdr_size + pm_hdr + pm_extra;
			pad = ((~tmp_size)+1)&0x3; //calculate padding needed for 4 byte boundary on alloc
			*hdr_size = tmp_size + pad;
			*hdr_offset = pad+pm_extra;
			break;

		case CP_LKM_PM_TYPE_IP_DHCP:
		case CP_LKM_PM_TYPE_IP_STATIC:
			//pkts will need room for the wrapper header or the ether hdr
			//both headers won't be present at the same time. The wrapper is present
			//up through the USB side of the shim. We (the pm) add a temp ether header
			//for processing after the wrapper header is removed
			tmp_size = max(wrapper_hdr_size, pm_hdr+pm_extra);
			pad = ((~tmp_size)+1)&0x3; //calculate padding needed for 4 byte boundary on alloc
			*hdr_size = tmp_size + pad;
			*hdr_offset = *hdr_size - wrapper_hdr_size;
			break;
		default:
			break;
	}
}


static u32 cp_lkm_pm_net_get_link(struct net_device *dev)
{
	struct cp_lkm_pm_net *pm_net;

	DEBUG_TRACE("%s()", __FUNCTION__);
	pm_net = netdev_priv(dev);
	if(!pm_net) {
		return 0;
	}
	return pm_net->common.attached;
}


#ifndef KERNEL_2_6_21
static const struct net_device_ops cp_lkm_pm_net_device_ops = {
	.ndo_open = cp_lkm_pm_net_open,
	.ndo_start_xmit = cp_lkm_pm_net_xmit,
	.ndo_stop = cp_lkm_pm_net_close,
	.ndo_get_stats64 = cp_lkm_pm_get_stats64
};
#endif

static const struct ethtool_ops cp_lkm_pm_net_ethtool_ops = {
	.get_link = cp_lkm_pm_net_get_link,
};

static void cp_lkm_pm_net_setup(struct net_device *net_dev)
{
	struct cp_lkm_pm_net *pm_net;

	DEBUG_INFO("%s()", __FUNCTION__);
	pm_net = netdev_priv(net_dev);
	ether_setup(net_dev);

#ifdef KERNEL_2_6_21
	net_dev->open = cp_lkm_pm_net_open;
	net_dev->hard_start_xmit = cp_lkm_pm_net_xmit;
	net_dev->stop = cp_lkm_pm_net_close;
#else
	net_dev->netdev_ops = &cp_lkm_pm_net_device_ops;
	net_dev->needed_headroom = 48; 
	net_dev->needed_tailroom = 8;
#endif

	net_dev->ethtool_ops = &cp_lkm_pm_net_ethtool_ops;
 
}

static int cp_lkm_pm_net_attach(struct cp_lkm_pm_ctx *mgr, cp_lkm_pm_type_t type, int uid, char *name, unsigned char *mac)
{
	int err;
	struct cp_lkm_pm_net *pm_net;
	struct net_device *net_dev;
	unsigned long flags;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 17,0)
	net_dev = alloc_netdev(sizeof(struct cp_lkm_pm_net), name, NET_NAME_UNKNOWN, cp_lkm_pm_net_setup);
#else
	net_dev = alloc_netdev(sizeof(struct cp_lkm_pm_net), name, cp_lkm_pm_net_setup);
#endif
	if (!net_dev) {
		DEBUG_INFO("%s() alloc failed: %s", __FUNCTION__, name);
		return -ENOMEM;
	}

	pm_net= netdev_priv(net_dev);

	err = cp_lkm_common_init(&pm_net->common);
	if (err) {
		free_netdev(net_dev);
		return err;
	}

	pm_net->common.net_dev = net_dev;
	pm_net->common.unique_id = uid;
	pm_net->common.type = type;
	pm_net->common.edi = NULL;

	//printk("%s(%p) pm-uid: %d, pm_net: %p\n", __FUNCTION__, mgr, uid, pm_net);

	switch (type) {
		case CP_LKM_PM_TYPE_ETHERNET_DHCP:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC:
        case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
			if(!memcmp(mac, "\x00\x00\x00\x00\x00\x00", ETH_ALEN)) {
				random_ether_addr(net_dev->dev_addr);
			} else {
				memcpy (net_dev->dev_addr, mac, ETH_ALEN);
			}

            /////////////////////////Need to only do if driver says so.
            if (type == CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP) {
                net_dev->flags |= IFF_NOARP; 
            }
			break;
		case CP_LKM_PM_TYPE_IP_DHCP:
		case CP_LKM_PM_TYPE_IP_STATIC:
			// random addr for DHCP functionality
			if(!memcmp(mac, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) || !memcmp(mac, "\x00\x30\x44\x00\x00\x00", ETH_ALEN)) {
				random_ether_addr(net_dev->dev_addr);
			} else {
				memcpy (net_dev->dev_addr, mac, ETH_ALEN);
			}

			net_dev->flags |= IFF_NOARP; 
			memcpy(pm_net->eth_hdr.h_dest, net_dev->dev_addr, ETH_ALEN);
			random_ether_addr(pm_net->eth_hdr.h_source);
			break;
		default:
			DEBUG_INFO("%s() invalid protocol type: %d", __FUNCTION__, type);
			cp_lkm_common_deinit(&pm_net->common);
			free_netdev(net_dev);
			return -EINVAL;
	}

	DEBUG_INFO("%s register netdev", __FUNCTION__);
	err = register_netdev(net_dev);
	if (err < 0) {
		DEBUG_INFO("%s netdev registration error", __FUNCTION__);
		cp_lkm_common_deinit(&pm_net->common);
		free_netdev(net_dev);
		return err;
	}

	netif_device_attach(pm_net->common.net_dev);

	netif_stop_queue(pm_net->common.net_dev);

	pm_net->common.attached = 1;

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_add(&pm_net->common.list, &mgr->pm_list);
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	return 0;
}
 
static int cp_lkm_pm_net_detach(struct cp_lkm_pm_ctx *mgr, int uid)
{

	// find the object in the list
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	unsigned long flags;

	DEBUG_TRACE("%s(%p)", __FUNCTION__, mgr);

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &mgr->pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == uid) {
			pm = pm_tmp;
			break;
		}
	}

	if (!pm) {
		// already detached
		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		DEBUG_INFO("%s() already detached", __FUNCTION__);
		return 0;
	}

	// remove the object
	list_del(&pm->list);
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	if (pm->attached) {
		DEBUG_INFO("%s() detaching", __FUNCTION__);
		netif_device_detach(pm->net_dev);
		pm->attached = 0;
	}

	unregister_netdev(pm->net_dev);

	// clean the filter list
	cp_lkm_pm_filter_empty_list(pm);

	cp_lkm_common_deinit(pm);
	free_netdev(pm->net_dev); // this also frees the pm since it was allocated as part of the net_dev

	return 0;
}

static int cp_lkm_pm_net_activate(struct cp_lkm_pm_ctx *mgr, int uid, bool activate)
{
	// find the object in the list
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	unsigned long flags;
	//printk("%s(%p) activate: %d\n", __FUNCTION__, mgr, activate);

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &mgr->pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == uid) {
			pm = pm_tmp;
			break;
		}
	}

	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	if (!pm) {
		// couldn't find object - already unplugged
		DEBUG_INFO("%s() already unplugged", __FUNCTION__);
		return 0;
	}
	
	if (activate) {
		//netif_start_queue(pm->net_dev);
		if (pm->edi) {
			pm->edi->pm_recv_ctx = pm;
		}
		netif_wake_queue(pm->net_dev);
	} else {
		netif_stop_queue(pm->net_dev);
		if (pm->edi) {
			pm->edi->pm_recv_ctx = NULL;
			//printk("pm_recv_ctx null\n");
		}

		// remove the filters - will be added back in before activate
		cp_lkm_pm_filter_empty_list(pm);
	}

	return 0;
}

int cp_lkm_pm_net_pause(void *ctx)
{
	struct cp_lkm_pm_common* pm = (struct cp_lkm_pm_common *)ctx;
	if(!ctx) {
		return 0;
	}
	netif_stop_queue(pm->net_dev);
	return 0;

}
int cp_lkm_pm_net_resume(void *ctx)
{
	struct cp_lkm_pm_common* pm = (struct cp_lkm_pm_common *)ctx;
	if(!ctx) {
		return 0;
	}
	//netif_start_queue(pm->net_dev);
	netif_wake_queue(pm->net_dev);
	return 0;
}


/*******************************  kernel module PPP/tty PM functionality **********************************/
struct cp_lkm_pm_ppp {
	struct cp_lkm_pm_common common;
	u8 *no_carrier_ptr;
	bool in_frame;

	struct tty_struct *tty; // pointer to the tty for this device
	int minor;
	int open_count;
};

#define CP_TTY_MINORS 10
#define CP_TTY_DEVICE_NAME "ttyCP"

#define PPP_MGR_NO_CARRIER "NO CARRIER"
#define PPP_FLAG 0x7E

static struct cp_lkm_pm_ppp *cp_lkm_pm_ppp_table[CP_TTY_MINORS];
static struct tty_driver *cp_lkm_pm_tty_driver = NULL;
static struct tty_port cp_lkm_pm_tty_port[CP_TTY_MINORS];

static void cp_lkm_pm_ppp_finalize(void *arg)
{
	struct cp_lkm_pm_ppp *pm_ppp = (struct cp_lkm_pm_ppp *)arg;
	tty_unregister_device(cp_lkm_pm_tty_driver, pm_ppp->minor);
	cp_lkm_pm_ppp_table[pm_ppp->minor] = NULL;
	if (pm_ppp->common.edi) {
		pm_ppp->common.edi = NULL;
	}
	// clean the filter list
	cp_lkm_pm_filter_empty_list(&pm_ppp->common);
}

static int cp_lkm_pm_ppp_attach(struct cp_lkm_pm_ctx *mgr, cp_lkm_pm_type_t type, int uid, char *name)
{
	int minor;
	int err;
	unsigned long flags;
	struct cp_lkm_pm_ppp *pm_ppp;

	DEBUG_INFO("%s(%p)", __FUNCTION__, mgr);

	//printk("%s() uid: %d, type: %d\n", __FUNCTION__, uid, type);

	// find an empty minor device slot and register
	for (minor = 0; minor < CP_TTY_MINORS && cp_lkm_pm_ppp_table[minor]; minor++);

	if (minor == CP_TTY_MINORS) {
		DEBUG_WARN("%s(%p) - out of devices", __FUNCTION__, mgr);
		return -ENODEV;
	}
 
	if (!(pm_ppp = memref_alloc_and_zero(sizeof(struct cp_lkm_pm_ppp), cp_lkm_pm_ppp_finalize))) {
		DEBUG_WARN("%s(%p) - no memory", __FUNCTION__, mgr);
		return -ENOMEM;
	}
 
	err = cp_lkm_common_init(&pm_ppp->common);
	if (err) {
		return -ENOMEM;
	}
	pm_ppp->common.type = type;
	pm_ppp->common.unique_id = uid;

	pm_ppp->no_carrier_ptr = PPP_MGR_NO_CARRIER;

	pm_ppp->minor = minor;

	cp_lkm_pm_ppp_table[minor] = pm_ppp;
	sprintf(name, "%s%d", CP_TTY_DEVICE_NAME, minor);

	//printk("%s(%p) attached\n", __FUNCTION__, &pm_ppp->common);
	pm_ppp->common.attached = 1;
	pm_ppp->open_count = 0;

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_add(&pm_ppp->common.list, &mgr->pm_list);
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	tty_port_register_device(&cp_lkm_pm_tty_port[minor], cp_lkm_pm_tty_driver, minor, NULL);

	return 0;
}
 
static int cp_lkm_pm_ppp_detach(struct cp_lkm_pm_ctx *mgr, int uid)
{

	// find the object in the list
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	struct cp_lkm_pm_ppp *pm_ppp;
	unsigned long flags;

	DEBUG_INFO("%s(%p)", __FUNCTION__, mgr);
	//printk("%s() uid: %d\n", __FUNCTION__, uid);

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &mgr->pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == uid) {
			pm = pm_tmp;
			break;
		}
	}

	if (!pm) {
		// already detached
		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		DEBUG_INFO("%s() already detached", __FUNCTION__);
		return 0;
	}

	// remove the object
	list_del(&pm->list);

	pm_ppp = (struct cp_lkm_pm_ppp *)pm;

	//printk("%s() !attached\n", __FUNCTION__);
	pm->attached = 0;

	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	// clean the filter list
	cp_lkm_pm_filter_empty_list(pm);

	cp_lkm_common_deinit(pm);

	memref_deref(pm_ppp);

	return 0;
}

static int cp_lkm_pm_ppp_activate(struct cp_lkm_pm_ctx *mgr, int uid, bool activate)
{
	// find the object in the list
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	unsigned long flags;

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &mgr->pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == uid) {
			pm = pm_tmp;
			break;
		}
	}

	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	if (!pm) {
		// already detached
		DEBUG_INFO("%s() already detached", __FUNCTION__);
		return 0;
	}
	//printk("%s(%p) activate: %d, attached: %d\n", __FUNCTION__, pm, activate, pm->attached);

	if (activate) {
		if (pm->edi) {
			pm->edi->pm_recv_ctx = pm;
		}
	} else {
		if (pm->edi) {
			pm->edi->pm_recv_ctx = NULL;
			//printk("pm_recv_ctx null\n");
		}
		// clean the filter list
		cp_lkm_pm_filter_empty_list(pm);
	}

	return 0;
}


static int cp_lkm_pm_tty_open(struct tty_struct * tty, struct file * filp)
{
	struct cp_lkm_pm_ppp *pm_ppp;
	int index;
	unsigned long flags;

	DEBUG_INFO("%s()", __FUNCTION__);

	index = tty->index;

	// get the pm_ppp associated with this tty pointer 
	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	pm_ppp = cp_lkm_pm_ppp_table[index];
	if (!pm_ppp /*|| tty->driver_data */|| !pm_ppp->common.attached) {
		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		return -EINVAL;
	}

	if (pm_ppp->open_count++) {
		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		return 0;
	}

	memref_ref(pm_ppp);
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	// save our structure within the tty structure 
	tty->driver_data = pm_ppp;
	pm_ppp->tty = tty; 
 
	// XXX 3.10 hack
	//tty->low_latency = 0;

	return 0;
}

static void cp_lkm_pm_tty_close(struct tty_struct * tty, struct file * filp)
{
	struct cp_lkm_pm_ppp *pm_ppp;
	unsigned long flags;

	DEBUG_INFO("%s()", __FUNCTION__);
	
	pm_ppp = tty->driver_data;
	if(!pm_ppp) {
		return;
	}

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	if (--pm_ppp->open_count) {
		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		return;
	}
	tty->driver_data = NULL;
	pm_ppp->tty = NULL;
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
	memref_deref(pm_ppp);
}
static bool cp_lkm_pm_ppp_check_match(struct cp_lkm_pm_ppp *pm_ppp, u8 ch)
{
	if (*(pm_ppp->no_carrier_ptr) == ch) {
		// character match - advance to next character
		pm_ppp->no_carrier_ptr++;
		if (! *(pm_ppp->no_carrier_ptr)) {
			// end of no carrier string - found oob no carrier
			return true;
		}
		return false;
	}
	// characters don't match
	if (pm_ppp->no_carrier_ptr != (u8 *)PPP_MGR_NO_CARRIER) {
		// characters don't match - start over
		pm_ppp->no_carrier_ptr = (u8 *)PPP_MGR_NO_CARRIER;
		// check not matching character against first character of no carrier - 1 level of recursion
		return cp_lkm_pm_ppp_check_match(pm_ppp, ch);
	} 

	return false;
}

static bool cp_lkm_pm_ppp_is_no_carrier(struct cp_lkm_pm_ppp *pm_ppp, struct sk_buff *skb)
{
	// search thru skb for data between frame markers for NO CARRIER
	bool no_carrier = false;
	unsigned int len = skb->len;
	u8 *pos = skb->data;

	DEBUG_TRACE("%s()", __FUNCTION__);

	while (len--) {
		if (PPP_FLAG == (*pos)) {
			pm_ppp->in_frame = !pm_ppp->in_frame;
		} else if (!pm_ppp->in_frame) {
			// look for match
			no_carrier = cp_lkm_pm_ppp_check_match(pm_ppp, *pos);
			if (no_carrier) {
				DEBUG_INFO("%s() found no carrier", __FUNCTION__);
				return true;
			}
		} else {
			pm_ppp->no_carrier_ptr = PPP_MGR_NO_CARRIER;
		}

		pos++;
	}

	return false;
}

static void cp_lkm_pm_ppp_get_hdr_size(void *ctx, int wrapper_hdr_size, int* hdr_size, int* hdr_offset)
{
	*hdr_size = 0;
	*hdr_offset = 0;
}

// called in soft interrupt context
static int cp_lkm_pm_ppp_recv(void *ctx, struct sk_buff *skb)
{
#ifdef KERNEL_2_6_21
	int size;
#endif
	struct cp_lkm_pm_ppp *pm_ppp;
	bool oob_no_carrier;

	if(NULL == ctx || !skb->len) {
		DEBUG_INFO("%s() - null ctx - dropped", __FUNCTION__);
		goto done;
	}

	pm_ppp = (struct cp_lkm_pm_ppp *)ctx;

	if (!pm_ppp) {
		DEBUG_INFO("%s() - NULL pm_ppp - dropped", __FUNCTION__);
		goto done;
	}

	// check for OOB NO CARRIER - signal up through file descriptor
	oob_no_carrier = cp_lkm_pm_ppp_is_no_carrier(pm_ppp, skb);
	if (oob_no_carrier) {
		struct cp_lkm_msg_hdr hdr;

		DEBUG_INFO("%s() - posting no carrier", __FUNCTION__);
		memset(&hdr,0,sizeof(hdr));
		hdr.instance_id = pm_ppp->common.unique_id;
		hdr.cmd = CP_LKM_PM_LINK_DOWN;
		hdr.status = CP_LKM_STATUS_OK;
		hdr.len = 0;

		LOG("Received NO CARRIER\n");
		DEBUG_INFO("%s() - posting link down", __FUNCTION__);
		cp_lkm_post_message(&cp_lkm_pm_mgr.common, &hdr, NULL);

		goto done;
	}

	if (!pm_ppp->tty || !pm_ppp->tty->driver_data) {
		DEBUG_INFO("%s() - not setup - dropped", __FUNCTION__);
		goto done;
	}

#ifdef KERNEL_2_6_21
	size = tty_buffer_request_room(pm_ppp->tty, skb->len);
	if(size < skb->len) {
		// dropped data - or we need to queue for later
		DEBUG_WARN("%s() - dropping network data", __FUNCTION__);
		goto done;
	}
#endif

	tty_insert_flip_string(pm_ppp->tty->port, skb->data, skb->len);
	tty_flip_buffer_push(pm_ppp->tty->port);

done:
	dev_kfree_skb_any(skb);
	return 0;
}

// this can be called from interrupt thread or normal kernel thread
static int cp_lkm_pm_tty_write(struct tty_struct * tty, const unsigned char *buf, int count)
{
	struct cp_lkm_pm_ppp *pm_ppp;
	struct sk_buff *skb;
	int link_res;
	int retval = count;

	if (!count) {
		//printk("%s() !count \n", __FUNCTION__);
		return 0;
	}

	pm_ppp = (struct cp_lkm_pm_ppp *)tty->driver_data;

	if (!pm_ppp) {
		//printk("%s() !pm_ppp \n", __FUNCTION__);
		return -EINVAL;
	}

	//printk("%s(%p) id:%d, attached: %d\n", __FUNCTION__, &pm_ppp->common, pm_ppp->common.unique_id, pm_ppp->common.attached);

	//see if we can grab the link lock, if not, we are either bringing up or taking down the link between USB and PM, so not safe to proceed
	link_res = cp_lkm_common_inc_link_lock(&pm_ppp->common);
	if(link_res < 0) {
		//printk("%s() !link \n", __FUNCTION__);
		return 0;
	}

	/* Drop packet if interface is not attached */
	if (!pm_ppp->common.attached){
		retval = 0;
		//printk("%s() !attached: %d \n", __FUNCTION__, pm_ppp->common.attached);
		goto drop;
	}

	if (!(pm_ppp->common.edi) || !(pm_ppp->common.edi->usb_send) || !(pm_ppp->common.edi->usb_send_ctx)) {
		retval = 0;
		//printk("%s() !edi \n", __FUNCTION__);
		goto drop;
	}

	//benk check for enabled filter - send in buffer pointer to ip header

	// alloc skb to send
	if ((skb = alloc_skb (count, GFP_ATOMIC)) == NULL) {
		retval = -ENOMEM;
		goto pm_tty_write_done;
	}
	
	memcpy(skb->data, buf, count);
	skb->len = count;
	skb_set_tail_pointer(skb, skb->len);

	// send data to USB module
	pm_ppp->common.edi->usb_send(pm_ppp->common.edi->usb_send_ctx, skb);
	retval = count;
	goto pm_tty_write_done;

drop:
pm_tty_write_done:
	cp_lkm_common_dec_link_lock(&pm_ppp->common);
	//printk("%s() done\n", __FUNCTION__);

	return retval;
}

static int cp_lkm_pm_tty_write_room(struct tty_struct *tty)
{
	struct cp_lkm_pm_ppp *pm_ppp;

	DEBUG_INFO("%s()", __FUNCTION__);

	pm_ppp = (struct cp_lkm_pm_ppp *)tty->driver_data;

	if (!pm_ppp) {
		return -EINVAL;
	}

	return 2048;
}

static int cp_lkm_pm_tty_chars_in_buffer(struct tty_struct *tty)
{
	struct cp_lkm_pm_ppp *pm_ppp;

	DEBUG_INFO("%s()", __FUNCTION__);

	pm_ppp = (struct cp_lkm_pm_ppp *)tty->driver_data;

	if (!pm_ppp) {
		return -EINVAL;
	}

	return 0;
}

static void cp_lkm_pm_tty_set_termios(struct tty_struct *tty, struct ktermios * old)
{
	DEBUG_INFO("%s()", __FUNCTION__);

}

#ifdef KERNEL_2_6_21
static int cp_lkm_pm_tty_ioctl(struct tty_struct *tty, struct file * file, unsigned int cmd, unsigned long arg)
#else
static int cp_lkm_pm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
#endif
{
	struct cp_lkm_pm_ppp *pm_ppp;

	DEBUG_TRACE("%s(%x)", __FUNCTION__, cmd);

	pm_ppp = (struct cp_lkm_pm_ppp *)tty->driver_data;

	if (!pm_ppp) {
		return -EINVAL;
	}

	return -ENOIOCTLCMD;
}

static struct tty_operations cp_lkm_pm_tty_ops = {
.open = cp_lkm_pm_tty_open,
.close = cp_lkm_pm_tty_close,
.write = cp_lkm_pm_tty_write,
.write_room = cp_lkm_pm_tty_write_room,
.chars_in_buffer = cp_lkm_pm_tty_chars_in_buffer,
.set_termios = cp_lkm_pm_tty_set_termios,
.ioctl = cp_lkm_pm_tty_ioctl

/* 
.throttle = 	acm_tty_throttle,
.unthrottle =   	acm_tty_unthrottle,
*/  
};

static int cp_lkm_pm_tty_init(void)
{
	int retval;
	int i;

	for(i = 0; i < CP_TTY_MINORS; i++) {
		tty_port_init(&cp_lkm_pm_tty_port[i]);
	}

	cp_lkm_pm_tty_driver = alloc_tty_driver(CP_TTY_MINORS);
	if (!cp_lkm_pm_tty_driver) {
		return -ENOMEM;
	}

	// initialize the tty driver
	cp_lkm_pm_tty_driver->owner = THIS_MODULE;
	cp_lkm_pm_tty_driver->driver_name = "cptty";
	cp_lkm_pm_tty_driver->name = CP_TTY_DEVICE_NAME;
	cp_lkm_pm_tty_driver->major = 0; // dynamically assign major number
	cp_lkm_pm_tty_driver->minor_start = 0,
	cp_lkm_pm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
	cp_lkm_pm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
	cp_lkm_pm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
	cp_lkm_pm_tty_driver->init_termios = tty_std_termios;
	tty_set_operations(cp_lkm_pm_tty_driver, &cp_lkm_pm_tty_ops);

	retval = tty_register_driver(cp_lkm_pm_tty_driver);
	if (retval) {
		DEBUG_ERROR("%s() failed to register cp tty driver", __FUNCTION__);
		put_tty_driver(cp_lkm_pm_tty_driver);
		for(i = 0; i < CP_TTY_MINORS; i++) {
			tty_port_destroy(&cp_lkm_pm_tty_port[i]);
		}
	}
	return retval;

}

static void cp_lkm_pm_tty_cleanup(void)
{
	int i;
	if (cp_lkm_pm_tty_driver) {
		tty_unregister_driver(cp_lkm_pm_tty_driver);
		put_tty_driver(cp_lkm_pm_tty_driver);
		for(i = 0; i < CP_TTY_MINORS; i++) {
			tty_port_destroy(&cp_lkm_pm_tty_port[i]);
		}
		cp_lkm_pm_tty_driver = NULL;
	}
}

/*******************************  kernel module PM mgr functionality **********************************/


static int cp_lkm_pm_open(struct cp_lkm_common_ctx *ctx);
static int cp_lkm_pm_close(struct cp_lkm_common_ctx *ctx);
static int cp_lkm_pm_handle_msg(struct cp_lkm_common_ctx *ctx, struct cp_lkm_msg_hdr *hdr, struct sk_buff *skb);
static int cp_lkm_pm_handle_ioctl(struct cp_lkm_common_ctx *ctx, int cmd, void *k_argp);


static int cp_lkm_pm_init(void)
{
	DEBUG_INFO("%s()", __FUNCTION__);

	memset(&cp_lkm_pm_mgr, 0x00, sizeof(struct cp_lkm_pm_ctx));
	cp_lkm_pm_mgr.common.open = cp_lkm_pm_open;
	cp_lkm_pm_mgr.common.close = cp_lkm_pm_close;
	cp_lkm_pm_mgr.common.handle_msg = cp_lkm_pm_handle_msg;
	cp_lkm_pm_mgr.common.handle_ioctl = cp_lkm_pm_handle_ioctl;
	INIT_LIST_HEAD(&cp_lkm_pm_mgr.pm_list);
	spin_lock_init(&cp_lkm_pm_mgr.pm_list_lock);

	cp_lkm_common_ctx_init(&cp_lkm_pm_mgr.common);

	return 0;
}

static int cp_lkm_pm_cleanup(void)
{
	struct cp_lkm_pm_common *pmi;
	struct list_head *entry, *tmp;
	unsigned long flags;

	DEBUG_INFO("%s()", __FUNCTION__);

	// clean up msg list
	cp_lkm_cleanup_msg_list(&cp_lkm_pm_mgr.common);
	
	// cleanup any PM in list
	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);

	list_for_each_safe(entry, tmp, &cp_lkm_pm_mgr.pm_list) {
		pmi = list_entry(entry, struct cp_lkm_pm_common, list);
		if (pmi->edi) {
			pmi->edi->pm_recv_ctx = NULL;
			//printk("pm_recv_ctx null\n");
			pmi->edi->pm_stats64_ctx = NULL;
			pmi->edi = NULL;
		}
		list_del(&pmi->list);
		// clean the filter list
		cp_lkm_pm_filter_empty_list(pmi);

		spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);
		if (pmi->net_dev) {
			// network device
			cp_lkm_common_deinit(pmi);
			unregister_netdev(pmi->net_dev);
			free_netdev(pmi->net_dev); // this also frees the pmi since it was allocated as part of the net_dev
		} else {
			// tty device
			memref_deref(pmi);
		}

		spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	}
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	return 0;
}

static int cp_lkm_pm_open(struct cp_lkm_common_ctx *ctx)
{
//  struct cp_lkm_pm_ctx *pm_mgr;

	DEBUG_INFO("%s(%p)", __FUNCTION__, ctx);

//  pm_mgr = (struct cp_lkm_pm_ctx *)ctx;

	return 0;
}

static int cp_lkm_pm_close(struct cp_lkm_common_ctx *ctx)
{
	//struct cp_lkm_pm_ctx *pm_mgr = (struct cp_lkm_pm_ctx *)ctx;
	//struct cp_lkm_pm_common *pm_tmp = NULL;
	//struct list_head *entry, *tmp;
	//unsigned long flags;

	LOG("%s() called unexpectedly.", __FUNCTION__);

	//NOTE: catkin 10/11/2019 - Close is only called in our system if the modem stack crashes. This means
	//                          things are in a bad state and the router will be rebooting. We decided not 
	//                          to clean things up here because close code on usb side got into an infinite loop
	//                          and prevented the router from rebooting. Revisit if close ever becomes a normal event.

	/*
	spin_lock_irqsave(&pm_mgr->pm_list_lock, flags);

	list_for_each_safe(entry, tmp, &pm_mgr->pm_list) {
		pm_tmp = list_entry(entry, struct cp_lkm_pm_common, list);
		spin_unlock_irqrestore(&pm_mgr->pm_list_lock, flags);

		// call detach to clean up network interface
		if (CP_LKM_PM_TYPE_PPP_CLIENT == pm_tmp->type || CP_LKM_PM_TYPE_PPP_SERVER == pm_tmp->type) {
			cp_lkm_pm_ppp_detach(pm_mgr, pm_tmp->unique_id);
		} else {
			cp_lkm_pm_net_detach(pm_mgr, pm_tmp->unique_id);
		}
	}

	spin_unlock_irqrestore(&pm_mgr->pm_list_lock, flags);

	cp_lkm_cleanup_msg_list(ctx);
	*/
	return 0;
}

static int cp_lkm_pm_handle_msg(struct cp_lkm_common_ctx *ctx, struct cp_lkm_msg_hdr *hdr, struct sk_buff *skb)
{
	struct cp_lkm_pm_ctx *pm_mgr;

	//printk("%s(%p)\n", __FUNCTION__, ctx);

	pm_mgr = (struct cp_lkm_pm_ctx *)ctx;


	// how to write back response with common function?
	if (skb) {
		kfree(skb);
	}

	return 0;
}

static int cp_lkm_pm_add_filter(struct cp_lkm_pm_ctx *mgr, int uid, struct cp_lkm_pm_filter *filter)
{
	// find the object in the list
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	unsigned long flags;
	struct cp_lkm_pm_filter *new_filter;

	DEBUG_TRACE("%s(%p)", __FUNCTION__, mgr);

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &mgr->pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == uid) {
			pm = pm_tmp;
			break;
		}
	}

	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	if (!pm) {
		DEBUG_WARN("%s() pm not attached", __FUNCTION__);
		return -ENODEV;
	}

	new_filter = kmalloc(sizeof(struct cp_lkm_pm_filter), GFP_ATOMIC);
	if (!new_filter) {
		DEBUG_WARN("%s() - failed to alloc filter\n", __FUNCTION__);
		return -1;
	}

	memcpy(new_filter, filter, sizeof(struct cp_lkm_pm_filter));
	INIT_LIST_HEAD(&new_filter->list);

	list_add_tail(&new_filter->list, &pm->filter_list);

	return 0;
}

static int cp_lkm_pm_handle_ioctl(struct cp_lkm_common_ctx *ctx, int cmd, void *k_argp)
{
	struct cp_lkm_pm_ctx *pm_mgr;
	int result = 0;
	struct cp_lkm_pm_attach_ioctl *attach_params;
	struct cp_lkm_pm_detach_ioctl *detach_params;
	struct cp_lkm_pm_activate_deactivate_ioctl *activate_params;
	struct cp_lkm_pm_add_filter_ioctl *filter_params;

	char name[CP_LKM_MAX_IF_NAME];
	unsigned long not_copied;

	//printk("%s(%p) cmd:%d\n", __FUNCTION__, ctx, _IOC_NR(cmd));

	pm_mgr = (struct cp_lkm_pm_ctx *)ctx;

	switch (cmd) {
		case CP_LKM_IOCTL_PM_ATTACH:
			attach_params = (struct cp_lkm_pm_attach_ioctl *)k_argp;
			not_copied = copy_from_user(name, attach_params->name, CP_LKM_MAX_IF_NAME);
			if (not_copied) {
				return -ENOMEM;
			}
			DEBUG_INFO("%s(%s) attach", __FUNCTION__, name);
			switch(attach_params->type) {
				case CP_LKM_PM_TYPE_PPP_CLIENT:
				case CP_LKM_PM_TYPE_PPP_SERVER:
					result = cp_lkm_pm_ppp_attach(pm_mgr, attach_params->type, attach_params->uid, name);
					if (!result) {
						not_copied = copy_to_user(attach_params->name, name, CP_LKM_MAX_IF_NAME);
						if (not_copied) {
							return -ENOMEM;
						}
					}
					break;
				case CP_LKM_PM_TYPE_ETHERNET_DHCP:
				case CP_LKM_PM_TYPE_ETHERNET_STATIC:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
                case CP_LKM_PM_TYPE_IP_STATIC:
				case CP_LKM_PM_TYPE_IP_DHCP:
					result = cp_lkm_pm_net_attach(pm_mgr, attach_params->type, attach_params->uid, name, attach_params->mac);
					break;
				default:
					result = -ENOTSUPP;
					break;
			}
			break;
		case CP_LKM_IOCTL_PM_DETACH:
			detach_params = (struct cp_lkm_pm_detach_ioctl *)k_argp;
			DEBUG_INFO("%s() detach uid:%d", __FUNCTION__, detach_params->uid);
			switch(detach_params->type) {
				case CP_LKM_PM_TYPE_PPP_CLIENT:
				case CP_LKM_PM_TYPE_PPP_SERVER:
					result = cp_lkm_pm_ppp_detach(pm_mgr, detach_params->uid);
					break;
				case CP_LKM_PM_TYPE_ETHERNET_DHCP:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
				case CP_LKM_PM_TYPE_IP_STATIC:
				case CP_LKM_PM_TYPE_IP_DHCP:
					result = cp_lkm_pm_net_detach(pm_mgr, detach_params->uid);
					break;
				default:
					result = -ENOTSUPP;
					break;
			}
			break;
		case CP_LKM_IOCTL_PM_ACTIVATE:
			activate_params = (struct cp_lkm_pm_activate_deactivate_ioctl *)k_argp;
			switch(activate_params->type) {
				case CP_LKM_PM_TYPE_PPP_CLIENT:
				case CP_LKM_PM_TYPE_PPP_SERVER:
					result = cp_lkm_pm_ppp_activate(pm_mgr, activate_params->uid, true);
					break;
				case CP_LKM_PM_TYPE_ETHERNET_DHCP:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
				case CP_LKM_PM_TYPE_IP_STATIC:
				case CP_LKM_PM_TYPE_IP_DHCP:
					result = cp_lkm_pm_net_activate(pm_mgr, activate_params->uid, true);
					break;
				default:
					result = -ENOTSUPP;
					break;
			}
			break;
		case CP_LKM_IOCTL_PM_DEACTIVATE:
			activate_params = (struct cp_lkm_pm_activate_deactivate_ioctl *)k_argp;
			switch(activate_params->type) {
				case CP_LKM_PM_TYPE_PPP_CLIENT:
				case CP_LKM_PM_TYPE_PPP_SERVER:
					result = cp_lkm_pm_ppp_activate(pm_mgr, activate_params->uid, false);
					break;
				case CP_LKM_PM_TYPE_ETHERNET_DHCP:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC:
                case CP_LKM_PM_TYPE_ETHERNET_STATIC_NOARP:
				case CP_LKM_PM_TYPE_IP_STATIC:
				case CP_LKM_PM_TYPE_IP_DHCP:
					result = cp_lkm_pm_net_activate(pm_mgr, activate_params->uid, false);
					break;
				default:
					result = -ENOTSUPP;
					break;
			}
			break;
		case CP_LKM_IOCTL_PM_ADD_FILTER:
			filter_params = (struct cp_lkm_pm_add_filter_ioctl *)k_argp;
			result = cp_lkm_pm_add_filter(pm_mgr, filter_params->uid, &filter_params->filter);
			break;
		default: 
			break;
	}

	return result;
}

static bool cp_lkm_pm_usb_do_link_lock(void* ctx1, void* ctx2)
{
	struct cp_lkm_pm_common *pm = (struct cp_lkm_pm_common*)ctx1;
	bool done = false;
	unsigned long flags;
	// grab the lock and set the link_count. The link_count is used to keep send and poll from
	// being called over to the USB layer while we are mucking with the send and poll pointers
	spin_lock_irqsave(&pm->pm_link_lock, flags);
	if(pm->pm_link_count <= 0) {
		pm->pm_link_count = -1;
		done = true;
	}
	spin_unlock_irqrestore(&pm->pm_link_lock, flags);

	return done;
}

// This function changes the shared edi pointers. 
// !!!It is the only function in the pm that is permitted to change edi function pointers!!!
// Other functions can change the ctxt pointers
static int cp_lkm_pm_usb_link(struct cp_lkm_edi *edi, int pm_unique_id, int link)
{
	struct list_head *pos;
	struct cp_lkm_pm_common *pm = NULL;
	unsigned long flags;
	struct cp_lkm_edi *tmp_edi;

	spin_lock_irqsave(&cp_lkm_pm_mgr.pm_list_lock, flags);
	list_for_each(pos, &cp_lkm_pm_mgr.pm_list){
		struct cp_lkm_pm_common *pm_tmp = list_entry(pos, struct cp_lkm_pm_common, list);
		if(pm_tmp->unique_id == pm_unique_id) {
			pm = pm_tmp;
			break;
		}
	}
	spin_unlock_irqrestore(&cp_lkm_pm_mgr.pm_list_lock, flags);

	if (!pm) {
		// couldn't find object
		//printk("%s() unable to find protocol manager with id:%d\n", __FUNCTION__, pm_unique_id);
		return -EINVAL;
	}

	//printk("%s() pm_net: %p\n", __FUNCTION__, pm);

	// grab the lock and set the link_count. The link_count is used to keep send and poll from
	// being called over to the USB layer while we are mucking with the send and poll pointers
	cp_lkm_do_or_die(pm, NULL, cp_lkm_pm_usb_do_link_lock, CP_LKM_TIMEOUT_MS, CP_LKM_ITER, "Failed to grab cp pm lock");

	//printk("%s() pm: %p, attached: %d, pm_type: %d\n", __FUNCTION__, pm, pm->attached,pm->type);
	tmp_edi = pm->edi;
	pm->edi = NULL;
	if (link) {
		if (tmp_edi) {
			// already linked - unlink from previous edi
			// just a precaution, should never happen
			tmp_edi->pm_recv = NULL;
			tmp_edi->pm_recv_ctx = NULL;
			tmp_edi->pm_get_hdr_size = NULL;

			//printk("pm_recv_ctx null\n");
			tmp_edi->pm_send_pause = NULL;
			tmp_edi->pm_send_resume = NULL;

			tmp_edi->pm_stats64_ctx = NULL;

			//pm->edi = NULL;
		}

		tmp_edi = edi;
		tmp_edi->pm_recv_ctx = pm;

		switch(pm->type) {
		case CP_LKM_PM_TYPE_PPP_CLIENT:
		case CP_LKM_PM_TYPE_PPP_SERVER:
			tmp_edi->pm_recv = cp_lkm_pm_ppp_recv;
			tmp_edi->pm_get_hdr_size = cp_lkm_pm_ppp_get_hdr_size;
			tmp_edi->pm_stats64_ctx = NULL;
			break;
		default:
			tmp_edi->pm_recv = cp_lkm_pm_net_recv;
			tmp_edi->pm_get_hdr_size = cp_lkm_pm_net_get_hdr_size;
			tmp_edi->pm_send_pause = cp_lkm_pm_net_pause;
			tmp_edi->pm_send_resume = cp_lkm_pm_net_resume;
			tmp_edi->pm_stats64_ctx = pm;
			break;
		}

		pm->edi = tmp_edi;

		// release the link_count on link so things can start flowing.
		// don't release it on unlink since we don't want things to flow when unlinked
		spin_lock_irqsave(&pm->pm_link_lock, flags);
		pm->pm_link_count = 0;
		spin_unlock_irqrestore(&pm->pm_link_lock, flags);

	} else {
		if (tmp_edi) {
			tmp_edi->pm_recv = NULL;
			tmp_edi->pm_recv_ctx = NULL;
			tmp_edi->pm_get_hdr_size = NULL;

			//printk("pm_recv_ctx null\n");
			tmp_edi->pm_send_pause = NULL;
			tmp_edi->pm_send_resume = NULL;
			tmp_edi->pm_stats64_ctx = NULL;

			//pm->edi = NULL;
		}
	}

	return 0;

}

/******************** common user/kernel communication functions **************/

static void cp_lkm_common_ctx_init(struct cp_lkm_common_ctx *common)
{
	DEBUG_WARN("%s()", __FUNCTION__);

	INIT_LIST_HEAD(&common->read_list);
	spin_lock_init(&common->read_list_lock);

	init_waitqueue_head(&common->inq);
	common->open_cnt = 0;
	common->reading_data = false;
	common->write_skb = NULL;
}

static void cp_lkm_cleanup_msg_list(struct cp_lkm_common_ctx *common)
{
	struct cp_lkm_read_msg *msg;
	unsigned long flags;
	struct list_head *entry, *tmp;

	spin_lock_irqsave(&common->read_list_lock, flags);

	list_for_each_safe(entry, tmp, &common->read_list) {
		msg = list_entry(entry, struct cp_lkm_read_msg, list);
		list_del(&msg->list);
		dev_kfree_skb_any(msg->skb);
		kfree(msg);
	}
	spin_unlock_irqrestore(&common->read_list_lock, flags);
}

// this may be called from soft interrupt context or normal kernel thread context
static int cp_lkm_post_message(struct cp_lkm_common_ctx *mgr, struct cp_lkm_msg_hdr* hdr, struct sk_buff *skb)
{

	struct cp_lkm_read_msg *msg;
	unsigned long flags;

	msg = kmalloc(sizeof(struct cp_lkm_read_msg), GFP_ATOMIC);
	if (!msg) {
		if (skb) {
			dev_kfree_skb_any(skb);
		}
		return -ENOMEM;
	}

	msg->skb = skb;
	memcpy(&msg->hdr, hdr, sizeof(struct cp_lkm_msg_hdr));

	spin_lock_irqsave(&mgr->read_list_lock, flags);
	list_add_tail(&msg->list, &mgr->read_list);
	spin_unlock_irqrestore(&mgr->read_list_lock, flags);

	mgr->q_waiting = false;

	// signal poll
	wake_up_interruptible(&mgr->inq);

	return 0;
}

int cp_lkm_open(struct inode *inode, struct file *filp)
{

	int result = 0;
	struct cp_lkm_common_ctx *common;

	DEBUG_TRACE("%s()", __FUNCTION__);

	try_module_get(THIS_MODULE);

	// set private data
	if (iminor(inode) == CP_LKM_USB_MGR_MINOR) {
		filp->private_data = &cp_lkm_usb_mgr;
		common = &cp_lkm_usb_mgr.common;
		DEBUG_INFO("%s() open usb manager", __FUNCTION__);
	} else if (iminor(inode) == CP_LKM_PM_MGR_MINOR) {
		filp->private_data = &cp_lkm_pm_mgr;
		common = &cp_lkm_pm_mgr.common;
		DEBUG_INFO("%s() open pm manager", __FUNCTION__);
	} else {
		return -ENOENT;
	}

	if (common->open_cnt) {
		return -EBUSY;
	}

	common->open_cnt++;

	if (common->open) {
		result = common->open(common);
	}

	return result;
}

int cp_lkm_release(struct inode *inode, struct file *filp)
{

	int result = 0;
	struct cp_lkm_common_ctx *common;
	common = (struct cp_lkm_common_ctx *)filp->private_data;

	DEBUG_TRACE("%s() release", __FUNCTION__);

	if (0 == common->open_cnt) {
		return 0;
	}

	if (common->close) {
		result = common->close(common);
	}

	module_put(THIS_MODULE);

	common->open_cnt--;

	return result;
}

// first read is the header
// second read is the data.  If no data, then no second read
// if error in either stage, negative value is returned and next read will be for header
// messages are not removed until successfully read header and data (if any)
ssize_t cp_lkm_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos)
{

	struct cp_lkm_common_ctx *common;
	ssize_t result;
	struct cp_lkm_read_msg *msg;
	unsigned long flags;
	unsigned long not_copied;

//  DEBUG_INFO("%s() reading %d bytes", __FUNCTION__, count);
	common = (struct cp_lkm_common_ctx *)filp->private_data;

	spin_lock_irqsave(&common->read_list_lock, flags);
	if (list_empty(&common->read_list)) {
		spin_unlock_irqrestore(&common->read_list_lock, flags);
		return -EAGAIN;
	}
	msg = list_first_entry(&common->read_list, struct cp_lkm_read_msg, list);
	spin_unlock_irqrestore(&common->read_list_lock, flags);

	if (!common->reading_data) { // header mode
		// read header
		if (sizeof(struct cp_lkm_msg_hdr) != count) {
			return -EINVAL;
		}

		not_copied = copy_to_user(buf, &msg->hdr, sizeof(struct cp_lkm_msg_hdr));
		if (not_copied) {
			return -ENOMEM;
		}

		if (!msg->hdr.len) {
			result = count;
			goto read_free;
		}

		// switch to data mode
		common->reading_data = !common->reading_data;
		return count;
	}

	// switch to header mode
	common->reading_data = !common->reading_data;

	// data mode - handle the data transfer
	if (msg->hdr.len != count) {
		return -EINVAL;
	}
	
	not_copied = copy_to_user(buf, msg->skb->data, msg->hdr.len);

	if (not_copied) {
		return -ENOMEM;
	}

	result = count;

read_free:
	spin_lock_irqsave(&common->read_list_lock, flags);
	list_del(&msg->list);
	spin_unlock_irqrestore(&common->read_list_lock, flags);

	if (msg->skb) {
		dev_kfree_skb_any(msg->skb);
	}
	kfree(msg);

	return result;
}
// the user must write the header first
// then the user must write the data equivalent to the hdr.len
// on error, a negative value is returned and the entire message is lost
// on error, the next write must be header
ssize_t cp_lkm_write(struct file *filp, const char __user *buf, size_t count, loff_t *f_pos)
{
	struct cp_lkm_common_ctx *common;
	unsigned long not_copied;
	int result;
	struct sk_buff *skb = NULL;
	struct cp_lkm_msg_hdr hdr;
	struct cp_lkm_msg_hdr *hdrp;

//  DEBUG_INFO("%s() writing %d bytes", __FUNCTION__, count);

	common = (struct cp_lkm_common_ctx *)filp->private_data;

	if (!common->write_skb) {
		// handle the header
		if (count != sizeof(struct cp_lkm_msg_hdr)) {
			return -EINVAL;
		}
		not_copied = copy_from_user(&hdr, buf, count);
		if (not_copied) {
			return -ENOMEM;
		}

		if ((skb = alloc_skb (count + hdr.len, GFP_KERNEL)) == NULL) {
			return -ENOMEM;
		}

		memcpy(skb->data, &hdr, count);

		// setup skb pointers - skb->data points to message data with header immediately before skb->data
		skb->len = hdr.len;
		skb->data += sizeof(struct cp_lkm_msg_hdr);
		skb_set_tail_pointer(skb, hdr.len);

		if (!hdr.len) {
			goto send_msg;
		}

		// save until we get the data
		common->write_skb = skb;

		return count;
	}

	// handle the data
	skb = common->write_skb;
	common->write_skb = NULL;

	hdrp = (struct cp_lkm_msg_hdr *)(skb->data) - 1;
	if (count != hdrp->len) {
		dev_kfree_skb_any(skb);
		return -EINVAL;
	}

	not_copied = copy_from_user(skb->data, buf, count);
	if (not_copied) {
		dev_kfree_skb_any(skb);
		return -ENOMEM;
	}


send_msg:
	if (common->handle_msg) {
		result = common->handle_msg(common, (struct cp_lkm_msg_hdr *)(skb->data) - 1, skb);
		if (result) {
			return result;
		}
	}

	return count;
}

unsigned int cp_lkm_poll(struct file *filp, struct poll_table_struct *wait)
{
	unsigned long flags;
	unsigned int mask = 0;
	struct cp_lkm_common_ctx *common;

	common = (struct cp_lkm_common_ctx *)filp->private_data;

	poll_wait(filp, &common->inq, wait);

	spin_lock_irqsave(&common->read_list_lock, flags);

	if (!list_empty(&common->read_list)) {
		mask = POLLIN | POLLRDNORM; // readable
	}

	spin_unlock_irqrestore(&common->read_list_lock, flags);

	return mask;
}

#ifdef KERNEL_2_6_21
int cp_lkm_ioctl (struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg)
#else
long cp_lkm_ioctl (struct file *filp, unsigned int cmd, unsigned long arg)
#endif
{
	int result = -EINVAL;

	void __user *uargp = (void __user *)arg;
	void *kargp = NULL;
	struct cp_lkm_common_ctx *common = (struct cp_lkm_common_ctx *)filp->private_data;

	DEBUG_TRACE("%s(%p) - cmd:%d", __FUNCTION__, filp, _IOC_NR(cmd));

	switch(cmd) {
	case CP_LKM_IOCTL_SET_LOG_LEVEL:
		cp_lkm_log_level = (uintptr_t)uargp;
		LOG("Setting debug log level:%d", cp_lkm_log_level);
		cp_lkm_wrapper_set_log_level(cp_lkm_log_level);
		return 0;
	default:
		if (_IOC_SIZE(cmd)) {
			kargp = kmalloc(_IOC_SIZE(cmd), GFP_ATOMIC);
			if (!kargp) {
				result = -ENOMEM;
				goto done;
			}
			if (copy_from_user(kargp, uargp, _IOC_SIZE(cmd))) {
				result = -EFAULT;
				goto done;
			}
		}
	}

	if (common->handle_ioctl) {
		result = common->handle_ioctl(common, cmd, kargp);
	}


	if (_IOC_DIR(cmd) & _IOC_READ) {
		if (copy_to_user(uargp, kargp, _IOC_SIZE(cmd))) {
			result = -EFAULT;
			goto done;
		}
	}

done:
	if (kargp) {
		kfree(kargp);
	}

	return result;
}


static int __init cp_lkm_start(void)
{
	int err;

	//printk("%s() Initializing module...\n", __FUNCTION__);

	// initialize global structures

	err = cp_lkm_pm_tty_init();
	if (err) {
		return err;
	}

	cp_lkm_usb_init();
	
	cp_lkm_pm_init();

	// Allocating memory for the buffer
	if ((major = register_chrdev(0, "cp_lkm", &cp_lkm_fops)) < 0) {
		DEBUG_INFO("%s() failed dynamic registration", __FUNCTION__);
		cp_lkm_pm_tty_cleanup();
		return major;
	}

	cp_lkm_class = class_create(THIS_MODULE, "cp_lkm");
	if (IS_ERR(cp_lkm_class)) {
		DEBUG_INFO("%s() failed class create", __FUNCTION__);
		unregister_chrdev(major, "cp_lkm");
		cp_lkm_pm_tty_cleanup();
		return -ENODEV;
	}
#ifdef KERNEL_2_6_21
	cp_lkm_dev[0] = device_create(cp_lkm_class, NULL, MKDEV(major, CP_LKM_USB_MGR_MINOR), "cp_lkm_usb");
#else
	cp_lkm_dev[0] = device_create(cp_lkm_class, NULL, MKDEV(major, CP_LKM_USB_MGR_MINOR), NULL, "cp_lkm_usb");
#endif
	if (IS_ERR(cp_lkm_dev[0])){
		DEBUG_INFO("%s() failed device create: i", __FUNCTION__);
		// clean up previous devices
		class_destroy(cp_lkm_class);
		unregister_chrdev(major, "cp_lkm");
		cp_lkm_pm_tty_cleanup();
		return -ENODEV;
	}

#ifdef KERNEL_2_6_21
	cp_lkm_dev[1] = device_create(cp_lkm_class, NULL, MKDEV(major, CP_LKM_PM_MGR_MINOR), "cp_lkm_pm");
#else
	cp_lkm_dev[1] = device_create(cp_lkm_class, NULL, MKDEV(major, CP_LKM_PM_MGR_MINOR), NULL, "cp_lkm_pm");
#endif
	if (IS_ERR(cp_lkm_dev[1])){
		DEBUG_INFO("%s() failed device create: i", __FUNCTION__);
		// clean up previous devices
		device_destroy(cp_lkm_class,  MKDEV(major, 0));
		class_destroy(cp_lkm_class);
		unregister_chrdev(major, "cp_lkm");
		cp_lkm_pm_tty_cleanup();
		return -ENODEV;
	}

	LOG("cp_lkm: Inserting kernel module"); 

	return 0;
}

static void __exit cp_lkm_end(void)
{
	int i;

	//TODO remove
	//del_timer_sync (&dbg_memleak_timer);


	cp_lkm_pm_cleanup();
	cp_lkm_usb_cleanup();

	for (i = 0; i < 2; i++) {
		device_destroy(cp_lkm_class,  MKDEV(major, i));
	}
	class_destroy(cp_lkm_class);
	unregister_chrdev(major, "cp_lkm");

	cp_lkm_pm_tty_cleanup();

	LOG("cp_lkm: Removing kernel module");
}

module_init(cp_lkm_start);
module_exit(cp_lkm_end);
MODULE_LICENSE("GPL");