summaryrefslogtreecommitdiff
path: root/packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff
diff options
context:
space:
mode:
Diffstat (limited to 'packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff')
-rw-r--r--packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff30831
1 files changed, 30831 insertions, 0 deletions
diff --git a/packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff b/packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff
index e69de29bb2..38e7e24dab 100644
--- a/packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff
+++ b/packages/linux/openzaurus-sa-2.4.18-rmk7-pxa3-embedix20030509/bluetooth-patch-2.4.18-mh9.diff
@@ -0,0 +1,30831 @@
+diff -urN linux-2.4.18/CREDITS linux-2.4.18-mh9/CREDITS
+--- linux-2.4.18/CREDITS Mon Feb 25 20:37:50 2002
++++ linux-2.4.18-mh9/CREDITS Mon Aug 25 18:38:09 2003
+@@ -1317,6 +1317,14 @@
+ S: Provo, Utah 84606-5607
+ S: USA
+
++N: Marcel Holtmann
++E: marcel@holtmann.org
++W: http://www.holtmann.org
++D: Author and maintainer of the various Bluetooth HCI drivers
++D: Author and maintainer of the CAPI message transport protocol driver
++D: Various other Bluetooth related patches, cleanups and fixes
++S: Germany
++
+ N: Rob W. W. Hooft
+ E: hooft@EMBL-Heidelberg.DE
+ D: Shared libs for graphics-tools and for the f2c compiler
+diff -urN linux-2.4.18/Documentation/Configure.help linux-2.4.18-mh9/Documentation/Configure.help
+--- linux-2.4.18/Documentation/Configure.help Mon Feb 25 20:37:51 2002
++++ linux-2.4.18-mh9/Documentation/Configure.help Mon Aug 25 18:38:10 2003
+@@ -2824,14 +2824,6 @@
+
+ If unsure, say N.
+
+-HCI EMU (virtual device) driver
+-CONFIG_BLUEZ_HCIEMU
+- Bluetooth Virtual HCI device driver.
+- This driver is required if you want to use HCI Emulation software.
+-
+- Say Y here to compile support for Virtual HCI devices into the
+- kernel or say M to compile it as module (hci_usb.o).
+-
+ # Choice: alphatype
+ Alpha system type
+ CONFIG_ALPHA_GENERIC
+@@ -11037,6 +11029,12 @@
+
+ If unsure, say N.
+
++Hotplug firmware loading support (EXPERIMENTAL)
++CONFIG_FW_LOADER
++ This option is provided for the case where no in-kernel-tree modules require
++ hotplug firmware loading support, but a module built outside the kernel tree
++ does.
++
+ Use PCI shared memory for NIC registers
+ CONFIG_TULIP_MMIO
+ Use PCI shared memory for the NIC registers, rather than going through
+@@ -19870,11 +19868,15 @@
+ Bluetooth can be found at <http://www.bluetooth.com/>.
+
+ Linux Bluetooth subsystem consist of several layers:
+- HCI Core (device and connection manager, scheduler)
++ BlueZ Core (HCI device and connection manager, scheduler)
+ HCI Device drivers (interface to the hardware)
+ L2CAP Module (L2CAP protocol)
++ SCO Module (SCO links)
++ RFCOMM Module (RFCOMM protocol)
++ BNEP Module (BNEP protocol)
++ CMTP Module (CMTP protocol)
+
+- Say Y here to enable Linux Bluetooth support and to build HCI Core
++ Say Y here to enable Linux Bluetooth support and to build BlueZ Core
+ layer.
+
+ To use Linux Bluetooth subsystem, you will need several user-space
+@@ -19882,7 +19884,7 @@
+ Bluetooth kernel modules are provided in the BlueZ package.
+ For more information, see <http://bluez.sourceforge.net/>.
+
+- If you want to compile HCI Core as module (hci.o) say M here.
++ If you want to compile BlueZ Core as module (bluez.o) say M here.
+
+ L2CAP protocol support
+ CONFIG_BLUEZ_L2CAP
+@@ -19893,15 +19895,91 @@
+ Say Y here to compile L2CAP support into the kernel or say M to
+ compile it as module (l2cap.o).
+
++SCO links support
++CONFIG_BLUEZ_SCO
++ SCO link provides voice transport over Bluetooth. SCO support is
++ required for voice applications like Headset and Audio.
++
++ Say Y here to compile SCO support into the kernel or say M to
++ compile it as module (sco.o).
++
++RFCOMM protocol support
++CONFIG_BLUEZ_RFCOMM
++ RFCOMM provides connection oriented stream transport. RFCOMM
++ support is required for Dialup Networking, OBEX and other Bluetooth
++ applications.
++
++ Say Y here to compile RFCOMM support into the kernel or say M to
++ compile it as module (rfcomm.o).
++
++RFCOMM TTY emulation support
++CONFIG_BLUEZ_RFCOMM_TTY
++ This option enables TTY emulation support for RFCOMM channels.
++
++BNEP protocol support
++CONFIG_BLUEZ_BNEP
++ BNEP (Bluetooth Network Encapsulation Protocol) is Ethernet
++ emulation layer on top of Bluetooth. BNEP is required for Bluetooth
++ PAN (Personal Area Network).
++
++ To use BNEP, you will need user-space utilities provided in the
++ BlueZ-PAN package.
++ For more information, see <http://bluez.sourceforge.net>.
++
++ Say Y here to compile BNEP support into the kernel or say M to
++ compile it as module (bnep.o).
++
++CMTP protocol support
++CONFIG_BLUEZ_CMTP
++ CMTP (CAPI Message Transport Protocol) is a transport layer
++ for CAPI messages. CMTP is required for the Bluetooth Common
++ ISDN Access Profile.
++
++ Say Y here to compile CMTP support into the kernel or say M to
++ compile it as module (cmtp.o).
++
++BNEP multicast filter support
++CONFIG_BLUEZ_BNEP_MC_FILTER
++ This option enables the multicast filter support for BNEP.
++
++BNEP protocol filter support
++CONFIG_BLUEZ_BNEP_PROTO_FILTER
++ This option enables the protocol filter support for BNEP.
++
+ HCI UART driver
+ CONFIG_BLUEZ_HCIUART
+ Bluetooth HCI UART driver.
+ This driver is required if you want to use Bluetooth devices with
+- serial port interface.
++ serial port interface. You will also need this driver if you have
++ UART based Bluetooth PCMCIA and CF devices like Xircom Credit Card
++ adapter and BrainBoxes Bluetooth PC Card.
+
+ Say Y here to compile support for Bluetooth UART devices into the
+ kernel or say M to compile it as module (hci_uart.o).
+
++HCI UART (H4) protocol support
++CONFIG_BLUEZ_HCIUART_H4
++ UART (H4) is serial protocol for communication between Bluetooth
++ device and host. This protocol is required for most Bluetooth devices
++ with UART interface, including PCMCIA and CF cards.
++
++ Say Y here to compile support for HCI UART (H4) protocol.
++
++HCI BCSP protocol support
++CONFIG_BLUEZ_HCIUART_BCSP
++ BCSP (BlueCore Serial Protocol) is serial protocol for communication
++ between Bluetooth device and host. This protocol is required for non
++ USB Bluetooth devices based on CSR BlueCore chip, including PCMCIA and
++ CF cards.
++
++ Say Y here to compile support for HCI BCSP protocol.
++
++HCI BCSP transmit CRC with every BCSP packet
++CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ If you say Y here, a 16-bit CRC checksum will be transmitted along with
++ every BCSP (BlueCore Serial Protocol) packet sent to the Bluetooth chip.
++ This increases reliability, but slightly reduces efficiency.
++
+ HCI USB driver
+ CONFIG_BLUEZ_HCIUSB
+ Bluetooth HCI USB driver.
+@@ -19911,13 +19989,90 @@
+ Say Y here to compile support for Bluetooth USB devices into the
+ kernel or say M to compile it as module (hci_usb.o).
+
+-HCI VHCI virtual HCI device driver
++HCI USB SCO (voice) support
++CONFIG_BLUEZ_USB_SCO
++ This option enables the SCO support in the HCI USB driver. You need this
++ to transmit voice data with your Bluetooth USB device. And your device
++ must also support sending SCO data over the HCI layer, because some of
++ them sends the SCO data to an internal PCM adapter.
++
++ Say Y here to compile support for HCI SCO data.
++
++HCI USB zero packet support
++CONFIG_BLUEZ_USB_ZERO_PACKET
++ This option is provided only as a work around for buggy Bluetooth USB
++ devices. Do NOT enable it unless you know for sure that your device
++ requires zero packets.
++
++ Most people should say N here.
++
++HCI VHCI Virtual HCI device driver
+ CONFIG_BLUEZ_HCIVHCI
+ Bluetooth Virtual HCI device driver.
+ This driver is required if you want to use HCI Emulation software.
+
+ Say Y here to compile support for virtual HCI devices into the
+ kernel or say M to compile it as module (hci_vhci.o).
++
++HCI BFUSB device driver
++CONFIG_BLUEZ_HCIBFUSB
++ Bluetooth HCI BlueFRITZ! USB driver.
++ This driver provides support for Bluetooth USB devices with AVM
++ interface:
++ AVM BlueFRITZ! USB
++
++ Say Y here to compile support for HCI BFUSB devices into the
++ kernel or say M to compile it as module (bfusb.o).
++
++HCI DTL1 (PC Card) device driver
++CONFIG_BLUEZ_HCIDTL1
++ Bluetooth HCI DTL1 (PC Card) driver.
++ This driver provides support for Bluetooth PCMCIA devices with
++ Nokia DTL1 interface:
++ Nokia Bluetooth Card
++ Socket Bluetooth CF Card
++
++ Say Y here to compile support for HCI DTL1 devices into the
++ kernel or say M to compile it as module (dtl1_cs.o).
++
++HCI BT3C (PC Card) device driver
++CONFIG_BLUEZ_HCIBT3C
++ Bluetooth HCI BT3C (PC Card) driver.
++ This driver provides support for Bluetooth PCMCIA devices with
++ 3Com BT3C interface:
++ 3Com Bluetooth Card (3CRWB6096)
++ HP Bluetooth Card
++
++ The HCI BT3C driver uses external firmware loader program provided in
++ the BlueFW package. For more information, see <http://bluez.sf.net>.
++
++ Say Y here to compile support for HCI BT3C devices into the
++ kernel or say M to compile it as module (bt3c_cs.o).
++
++HCI BlueCard (PC Card) device driver
++CONFIG_BLUEZ_HCIBLUECARD
++ Bluetooth HCI BlueCard (PC Card) driver.
++ This driver provides support for Bluetooth PCMCIA devices with
++ Anycom BlueCard interface:
++ Anycom Bluetooth PC Card
++ Anycom Bluetooth CF Card
++
++ Say Y here to compile support for HCI BlueCard devices into the
++ kernel or say M to compile it as module (bluecard_cs.o).
++
++HCI UART (PC Card) device driver
++CONFIG_BLUEZ_HCIBTUART
++ Bluetooth HCI UART (PC Card) driver.
++ This driver provides support for Bluetooth PCMCIA devices with
++ an UART interface:
++ Xircom CreditCard Bluetooth Adapter
++ Xircom RealPort2 Bluetooth Adapter
++ Sphinx PICO Card
++ H-Soft blue+Card
++ Cyber-blue Compact Flash Card
++
++ Say Y here to compile support for HCI UART devices into the
++ kernel or say M to compile it as module (btuart_cs.o).
+
+ # The following options are for Linux when running on the Hitachi
+ # SuperH family of RISC microprocessors.
+diff -urN linux-2.4.18/Documentation/firmware_class/README linux-2.4.18-mh9/Documentation/firmware_class/README
+--- linux-2.4.18/Documentation/firmware_class/README Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/Documentation/firmware_class/README Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,58 @@
++
++ request_firmware() hotplug interface:
++ ------------------------------------
++ Copyright (C) 2003 Manuel Estrada Sainz <ranty@debian.org>
++
++ Why:
++ ---
++
++ Today, the most extended way to use firmware in the Linux kernel is linking
++ it statically in a header file. Which has political and technical issues:
++
++ 1) Some firmware is not legal to redistribute.
++ 2) The firmware occupies memory permanently, even though it often is just
++ used once.
++ 3) Some people, like the Debian crowd, don't consider some firmware free
++ enough and remove entire drivers (e.g.: keyspan).
++
++ about in-kernel persistence:
++ ---------------------------
++ Under some circumstances, as explained below, it would be interesting to keep
++ firmware images in non-swappable kernel memory or even in the kernel image
++ (probably within initramfs).
++
++ Note that this functionality has not been implemented.
++
++ - Why OPTIONAL in-kernel persistence may be a good idea sometimes:
++
++ - If the device that needs the firmware is needed to access the
++ filesystem. When upon some error the device has to be reset and the
++ firmware reloaded, it won't be possible to get it from userspace.
++ e.g.:
++ - A diskless client with a network card that needs firmware.
++ - The filesystem is stored in a disk behind an scsi device
++ that needs firmware.
++ - Replacing buggy DSDT/SSDT ACPI tables on boot.
++ Note: this would require the persistent objects to be included
++ within the kernel image, probably within initramfs.
++
++ And the same device can be needed to access the filesystem or not depending
++ on the setup, so I think that the choice on what firmware to make
++ persistent should be left to userspace.
++
++ - Why register_firmware()+__init can be useful:
++ - For boot devices needing firmware.
++ - To make the transition easier:
++ The firmware can be declared __init and register_firmware()
++ called on module_init. Then the firmware is warranted to be
++ there even if "firmware hotplug userspace" is not there yet or
++ it doesn't yet provide the needed firmware.
++ Once the firmware is widely available in userspace, it can be
++ removed from the kernel. Or made optional (CONFIG_.*_FIRMWARE).
++
++ In either case, if firmware hotplug support is there, it can move the
++ firmware out of kernel memory into the real filesystem for later
++ usage.
++
++ Note: If persistence is implemented on top of initramfs,
++ register_firmware() may not be appropriate.
+diff -urN linux-2.4.18/Documentation/firmware_class/firmware_sample_driver.c linux-2.4.18-mh9/Documentation/firmware_class/firmware_sample_driver.c
+--- linux-2.4.18/Documentation/firmware_class/firmware_sample_driver.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/Documentation/firmware_class/firmware_sample_driver.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,121 @@
++/*
++ * firmware_sample_driver.c -
++ *
++ * Copyright (c) 2003 Manuel Estrada Sainz <ranty@debian.org>
++ *
++ * Sample code on how to use request_firmware() from drivers.
++ *
++ * Note that register_firmware() is currently useless.
++ *
++ */
++
++#include <linux/module.h>
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/string.h>
++
++#include "linux/firmware.h"
++
++#define WE_CAN_NEED_FIRMWARE_BEFORE_USERSPACE_IS_AVAILABLE
++#ifdef WE_CAN_NEED_FIRMWARE_BEFORE_USERSPACE_IS_AVAILABLE
++char __init inkernel_firmware[] = "let's say that this is firmware\n";
++#endif
++
++static char ghost_device[] = "ghost0";
++
++static void sample_firmware_load(char *firmware, int size)
++{
++ u8 buf[size+1];
++ memcpy(buf, firmware, size);
++ buf[size] = '\0';
++ printk("firmware_sample_driver: firmware: %s\n", buf);
++}
++
++static void sample_probe_default(void)
++{
++ /* uses the default method to get the firmware */
++ const struct firmware *fw_entry;
++ printk("firmware_sample_driver: a ghost device got inserted :)\n");
++
++ if(request_firmware(&fw_entry, "sample_driver_fw", ghost_device)!=0)
++ {
++ printk(KERN_ERR
++ "firmware_sample_driver: Firmware not available\n");
++ return;
++ }
++
++ sample_firmware_load(fw_entry->data, fw_entry->size);
++
++ release_firmware(fw_entry);
++
++ /* finish setting up the device */
++}
++static void sample_probe_specific(void)
++{
++ /* Uses some specific hotplug support to get the firmware from
++ * userspace directly into the hardware, or via some sysfs file */
++
++ /* NOTE: This currently doesn't work */
++
++ printk("firmware_sample_driver: a ghost device got inserted :)\n");
++
++ if(request_firmware(NULL, "sample_driver_fw", ghost_device)!=0)
++ {
++ printk(KERN_ERR
++ "firmware_sample_driver: Firmware load failed\n");
++ return;
++ }
++
++ /* request_firmware blocks until userspace finished, so at
++ * this point the firmware should be already in the device */
++
++ /* finish setting up the device */
++}
++static void sample_probe_async_cont(const struct firmware *fw, void *context)
++{
++ if(!fw){
++ printk(KERN_ERR
++ "firmware_sample_driver: firmware load failed\n");
++ return;
++ }
++
++ printk("firmware_sample_driver: device pointer \"%s\"\n",
++ (char *)context);
++ sample_firmware_load(fw->data, fw->size);
++}
++static void sample_probe_async(void)
++{
++ /* Let's say that I can't sleep */
++ int error;
++ error = request_firmware_nowait (THIS_MODULE,
++ "sample_driver_fw", ghost_device,
++ "my device pointer",
++ sample_probe_async_cont);
++ if(error){
++ printk(KERN_ERR
++ "firmware_sample_driver:"
++ " request_firmware_nowait failed\n");
++ }
++}
++
++static int sample_init(void)
++{
++#ifdef WE_CAN_NEED_FIRMWARE_BEFORE_USERSPACE_IS_AVAILABLE
++ register_firmware("sample_driver_fw", inkernel_firmware,
++ sizeof(inkernel_firmware));
++#endif
++ /* since there is no real hardware insertion I just call the
++ * sample probe functions here */
++ sample_probe_specific();
++ sample_probe_default();
++ sample_probe_async();
++ return 0;
++}
++static void __exit sample_exit(void)
++{
++}
++
++module_init (sample_init);
++module_exit (sample_exit);
++
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/Documentation/firmware_class/hotplug-script linux-2.4.18-mh9/Documentation/firmware_class/hotplug-script
+--- linux-2.4.18/Documentation/firmware_class/hotplug-script Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/Documentation/firmware_class/hotplug-script Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,16 @@
++#!/bin/sh
++
++# Simple hotplug script sample:
++#
++# Both $DEVPATH and $FIRMWARE are already provided in the environment.
++
++HOTPLUG_FW_DIR=/usr/lib/hotplug/firmware/
++
++echo 1 > /sysfs/$DEVPATH/loading
++cat $HOTPLUG_FW_DIR/$FIRMWARE > /sysfs/$DEVPATH/data
++echo 0 > /sysfs/$DEVPATH/loading
++
++# To cancel the load in case of error:
++#
++# echo -1 > /sysfs/$DEVPATH/loading
++#
+diff -urN linux-2.4.18/MAINTAINERS linux-2.4.18-mh9/MAINTAINERS
+--- linux-2.4.18/MAINTAINERS Mon Feb 25 20:37:52 2002
++++ linux-2.4.18-mh9/MAINTAINERS Mon Aug 25 18:38:10 2003
+@@ -252,7 +252,73 @@
+ L: linux-kernel@vger.kernel.org
+ S: Maintained
+
+-BLUETOOTH SUBSYSTEM (BlueZ)
++BLUETOOTH SUBSYSTEM
++P: Maxim Krasnyansky
++M: maxk@qualcomm.com
++W: http://bluez.sf.net
++S: Maintained
++
++BLUETOOTH RFCOMM LAYER
++P: Maxim Krasnyansky
++M: maxk@qualcomm.com
++W: http://bluez.sf.net
++S: Maintained
++
++BLUETOOTH BNEP LAYER
++P: Maxim Krasnyansky
++M: maxk@qualcomm.com
++W: http://bluez.sf.net
++S: Maintained
++
++BLUETOOTH CMTP LAYER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI USB DRIVER
++P: Maxim Krasnyansky
++M: maxk@qualcomm.com
++W: http://bluez.sf.net
++S: Maintained
++
++BLUETOOTH HCI UART DRIVER
++P: Maxim Krasnyansky
++M: maxk@qualcomm.com
++W: http://bluez.sf.net
++S: Maintained
++
++BLUETOOTH HCI BFUSB DRIVER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI DTL1 DRIVER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI BLUECARD DRIVER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI BT3C DRIVER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI BTUART DRIVER
++P: Marcel Holtmann
++M: marcel@holtmann.org
++W: http://www.holtmann.org/linux/bluetooth/
++S: Maintained
++
++BLUETOOTH HCI VHCI DRIVER
+ P: Maxim Krasnyansky
+ M: maxk@qualcomm.com
+ W: http://bluez.sf.net
+diff -urN linux-2.4.18/arch/alpha/config.in linux-2.4.18-mh9/arch/alpha/config.in
+--- linux-2.4.18/arch/alpha/config.in Wed Nov 21 00:49:31 2001
++++ linux-2.4.18-mh9/arch/alpha/config.in Mon Aug 25 18:38:10 2003
+@@ -371,9 +371,7 @@
+ source drivers/usb/Config.in
+ source drivers/input/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Kernel hacking'
+diff -urN linux-2.4.18/arch/arm/config.in linux-2.4.18-mh9/arch/arm/config.in
+--- linux-2.4.18/arch/arm/config.in Fri Nov 9 22:58:02 2001
++++ linux-2.4.18-mh9/arch/arm/config.in Mon Aug 25 18:38:10 2003
+@@ -584,9 +584,7 @@
+
+ source drivers/usb/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Kernel hacking'
+diff -urN linux-2.4.18/arch/i386/config.in linux-2.4.18-mh9/arch/i386/config.in
+--- linux-2.4.18/arch/i386/config.in Mon Feb 25 20:37:52 2002
++++ linux-2.4.18-mh9/arch/i386/config.in Mon Aug 25 18:38:10 2003
+@@ -407,9 +407,7 @@
+
+ source drivers/usb/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Kernel hacking'
+diff -urN linux-2.4.18/arch/ppc/config.in linux-2.4.18-mh9/arch/ppc/config.in
+--- linux-2.4.18/arch/ppc/config.in Mon Feb 25 20:37:55 2002
++++ linux-2.4.18-mh9/arch/ppc/config.in Mon Aug 25 18:38:10 2003
+@@ -389,9 +389,7 @@
+
+ source drivers/usb/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Kernel hacking'
+diff -urN linux-2.4.18/arch/sparc/config.in linux-2.4.18-mh9/arch/sparc/config.in
+--- linux-2.4.18/arch/sparc/config.in Tue Jun 12 04:15:27 2001
++++ linux-2.4.18-mh9/arch/sparc/config.in Mon Aug 25 18:38:10 2003
+@@ -251,9 +251,7 @@
+
+ source fs/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Watchdog'
+diff -urN linux-2.4.18/arch/sparc64/config.in linux-2.4.18-mh9/arch/sparc64/config.in
+--- linux-2.4.18/arch/sparc64/config.in Fri Dec 21 18:41:53 2001
++++ linux-2.4.18-mh9/arch/sparc64/config.in Mon Aug 25 18:38:10 2003
+@@ -283,9 +283,7 @@
+
+ source drivers/usb/Config.in
+
+-if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+- source net/bluetooth/Config.in
+-fi
++source net/bluetooth/Config.in
+
+ mainmenu_option next_comment
+ comment 'Watchdog'
+diff -urN linux-2.4.18/arch/sparc64/kernel/ioctl32.c linux-2.4.18-mh9/arch/sparc64/kernel/ioctl32.c
+--- linux-2.4.18/arch/sparc64/kernel/ioctl32.c Mon Feb 25 20:37:56 2002
++++ linux-2.4.18-mh9/arch/sparc64/kernel/ioctl32.c Mon Aug 25 18:38:10 2003
+@@ -92,6 +92,7 @@
+
+ #include <net/bluetooth/bluetooth.h>
+ #include <net/bluetooth/hci.h>
++#include <net/bluetooth/rfcomm.h>
+
+ #include <linux/usb.h>
+ #include <linux/usbdevice_fs.h>
+@@ -3822,6 +3823,15 @@
+ return err;
+ }
+
++/* Bluetooth ioctls */
++#define HCIUARTSETPROTO _IOW('U', 200, int)
++#define HCIUARTGETPROTO _IOR('U', 201, int)
++
++#define BNEPCONNADD _IOW('B', 200, int)
++#define BNEPCONNDEL _IOW('B', 201, int)
++#define BNEPGETCONNLIST _IOR('B', 210, int)
++#define BNEPGETCONNINFO _IOR('B', 211, int)
++
+ struct mtd_oob_buf32 {
+ u32 start;
+ u32 length;
+@@ -3878,6 +3888,11 @@
+ return ((0 == ret) ? 0 : -EFAULT);
+ }
+
++#define CMTPCONNADD _IOW('C', 200, int)
++#define CMTPCONNDEL _IOW('C', 201, int)
++#define CMTPGETCONNLIST _IOR('C', 210, int)
++#define CMTPGETCONNINFO _IOR('C', 211, int)
++
+ struct ioctl_trans {
+ unsigned int cmd;
+ unsigned int handler;
+@@ -4540,6 +4555,21 @@
+ COMPATIBLE_IOCTL(HCISETSCAN)
+ COMPATIBLE_IOCTL(HCISETAUTH)
+ COMPATIBLE_IOCTL(HCIINQUIRY)
++COMPATIBLE_IOCTL(HCIUARTSETPROTO)
++COMPATIBLE_IOCTL(HCIUARTGETPROTO)
++COMPATIBLE_IOCTL(RFCOMMCREATEDEV)
++COMPATIBLE_IOCTL(RFCOMMRELEASEDEV)
++COMPATIBLE_IOCTL(RFCOMMGETDEVLIST)
++COMPATIBLE_IOCTL(RFCOMMGETDEVINFO)
++COMPATIBLE_IOCTL(RFCOMMSTEALDLC)
++COMPATIBLE_IOCTL(BNEPCONNADD)
++COMPATIBLE_IOCTL(BNEPCONNDEL)
++COMPATIBLE_IOCTL(BNEPGETCONNLIST)
++COMPATIBLE_IOCTL(BNEPGETCONNINFO)
++COMPATIBLE_IOCTL(CMTPCONNADD)
++COMPATIBLE_IOCTL(CMTPCONNDEL)
++COMPATIBLE_IOCTL(CMTPGETCONNLIST)
++COMPATIBLE_IOCTL(CMTPGETCONNINFO)
+ /* Misc. */
+ COMPATIBLE_IOCTL(0x41545900) /* ATYIO_CLKR */
+ COMPATIBLE_IOCTL(0x41545901) /* ATYIO_CLKW */
+diff -urN linux-2.4.18/drivers/bluetooth/Config.in linux-2.4.18-mh9/drivers/bluetooth/Config.in
+--- linux-2.4.18/drivers/bluetooth/Config.in Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/drivers/bluetooth/Config.in Mon Aug 25 18:38:10 2003
+@@ -1,8 +1,34 @@
++#
++# Bluetooth HCI device drivers configuration
++#
++
+ mainmenu_option next_comment
+ comment 'Bluetooth device drivers'
+
+ dep_tristate 'HCI USB driver' CONFIG_BLUEZ_HCIUSB $CONFIG_BLUEZ $CONFIG_USB
++if [ "$CONFIG_BLUEZ_HCIUSB" != "n" ]; then
++ bool ' SCO (voice) support' CONFIG_BLUEZ_USB_SCO
++ bool ' USB zero packet support' CONFIG_BLUEZ_USB_ZERO_PACKET
++fi
++
+ dep_tristate 'HCI UART driver' CONFIG_BLUEZ_HCIUART $CONFIG_BLUEZ
+-dep_tristate 'HCI VHCI virtual HCI device driver' CONFIG_BLUEZ_HCIVHCI $CONFIG_BLUEZ
++if [ "$CONFIG_BLUEZ_HCIUART" != "n" ]; then
++ bool ' UART (H4) protocol support' CONFIG_BLUEZ_HCIUART_H4
++ bool ' BCSP protocol support' CONFIG_BLUEZ_HCIUART_BCSP
++ dep_bool ' Transmit CRC with every BCSP packet' CONFIG_BLUEZ_HCIUART_BCSP_TXCRC $CONFIG_BLUEZ_HCIUART_BCSP
++fi
++
++dep_tristate 'HCI BlueFRITZ! USB driver' CONFIG_BLUEZ_HCIBFUSB $CONFIG_BLUEZ $CONFIG_USB
++
++dep_tristate 'HCI DTL1 (PC Card) driver' CONFIG_BLUEZ_HCIDTL1 $CONFIG_PCMCIA $CONFIG_BLUEZ
++
++dep_tristate 'HCI BT3C (PC Card) driver' CONFIG_BLUEZ_HCIBT3C $CONFIG_PCMCIA $CONFIG_BLUEZ
++
++dep_tristate 'HCI BlueCard (PC Card) driver' CONFIG_BLUEZ_HCIBLUECARD $CONFIG_PCMCIA $CONFIG_BLUEZ
++
++dep_tristate 'HCI UART (PC Card) driver' CONFIG_BLUEZ_HCIBTUART $CONFIG_PCMCIA $CONFIG_BLUEZ
++
++dep_tristate 'HCI VHCI (Virtual HCI device) driver' CONFIG_BLUEZ_HCIVHCI $CONFIG_BLUEZ
+
+ endmenu
++
+diff -urN linux-2.4.18/drivers/bluetooth/Makefile linux-2.4.18-mh9/drivers/bluetooth/Makefile
+--- linux-2.4.18/drivers/bluetooth/Makefile Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/drivers/bluetooth/Makefile Mon Aug 25 18:38:10 2003
+@@ -1,11 +1,27 @@
+ #
+-# Makefile for Bluetooth HCI device drivers.
++# Makefile for the Linux Bluetooth HCI device drivers
+ #
+
+ O_TARGET := bluetooth.o
+
++list-multi := hci_uart.o
++
+ obj-$(CONFIG_BLUEZ_HCIUSB) += hci_usb.o
+-obj-$(CONFIG_BLUEZ_HCIUART) += hci_uart.o
+ obj-$(CONFIG_BLUEZ_HCIVHCI) += hci_vhci.o
+
++obj-$(CONFIG_BLUEZ_HCIUART) += hci_uart.o
++uart-y := hci_ldisc.o
++uart-$(CONFIG_BLUEZ_HCIUART_H4) += hci_h4.o
++uart-$(CONFIG_BLUEZ_HCIUART_BCSP) += hci_bcsp.o
++
++obj-$(CONFIG_BLUEZ_HCIBFUSB) += bfusb.o
++
++obj-$(CONFIG_BLUEZ_HCIDTL1) += dtl1_cs.o
++obj-$(CONFIG_BLUEZ_HCIBT3C) += bt3c_cs.o
++obj-$(CONFIG_BLUEZ_HCIBLUECARD) += bluecard_cs.o
++obj-$(CONFIG_BLUEZ_HCIBTUART) += btuart_cs.o
++
+ include $(TOPDIR)/Rules.make
++
++hci_uart.o: $(uart-y)
++ $(LD) -r -o $@ $(uart-y)
+diff -urN linux-2.4.18/drivers/bluetooth/Makefile.lib linux-2.4.18-mh9/drivers/bluetooth/Makefile.lib
+--- linux-2.4.18/drivers/bluetooth/Makefile.lib Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/Makefile.lib Mon Aug 25 18:38:10 2003
+@@ -0,0 +1 @@
++obj-$(CONFIG_BLUEZ_HCIBFUSB) += firmware_class.o
+diff -urN linux-2.4.18/drivers/bluetooth/bfusb.c linux-2.4.18-mh9/drivers/bluetooth/bfusb.c
+--- linux-2.4.18/drivers/bluetooth/bfusb.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/bfusb.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,781 @@
++/*
++ *
++ * AVM BlueFRITZ! USB driver
++ *
++ * Copyright (C) 2003 Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/errno.h>
++#include <linux/skbuff.h>
++
++#include <linux/firmware.h>
++#include <linux/usb.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++#ifndef CONFIG_BLUEZ_HCIBFUSB_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++#define VERSION "1.1"
++
++static struct usb_device_id bfusb_table[] = {
++ /* AVM BlueFRITZ! USB */
++ { USB_DEVICE(0x057c, 0x2200) },
++
++ { } /* Terminating entry */
++};
++
++MODULE_DEVICE_TABLE(usb, bfusb_table);
++
++
++#define BFUSB_MAX_BLOCK_SIZE 256
++
++#define BFUSB_BLOCK_TIMEOUT (HZ * 3)
++
++#define BFUSB_TX_PROCESS 1
++#define BFUSB_TX_WAKEUP 2
++
++#define BFUSB_MAX_BULK_TX 1
++#define BFUSB_MAX_BULK_RX 1
++
++struct bfusb {
++ struct hci_dev hdev;
++
++ unsigned long state;
++
++ struct usb_device *udev;
++
++ unsigned int bulk_in_ep;
++ unsigned int bulk_out_ep;
++ unsigned int bulk_pkt_size;
++
++ rwlock_t lock;
++
++ struct sk_buff_head transmit_q;
++
++ struct sk_buff *reassembly;
++
++ atomic_t pending_tx;
++ struct sk_buff_head pending_q;
++ struct sk_buff_head completed_q;
++};
++
++struct bfusb_scb {
++ struct urb *urb;
++};
++
++static void bfusb_tx_complete(struct urb *urb);
++static void bfusb_rx_complete(struct urb *urb);
++
++static struct urb *bfusb_get_completed(struct bfusb *bfusb)
++{
++ struct sk_buff *skb;
++ struct urb *urb = NULL;
++
++ BT_DBG("bfusb %p", bfusb);
++
++ skb = skb_dequeue(&bfusb->completed_q);
++ if (skb) {
++ urb = ((struct bfusb_scb *) skb->cb)->urb;
++ kfree_skb(skb);
++ }
++
++ return urb;
++}
++
++static inline void bfusb_unlink_urbs(struct bfusb *bfusb)
++{
++ struct sk_buff *skb;
++ struct urb *urb;
++
++ BT_DBG("bfusb %p", bfusb);
++
++ while ((skb = skb_dequeue(&bfusb->pending_q))) {
++ urb = ((struct bfusb_scb *) skb->cb)->urb;
++ usb_unlink_urb(urb);
++ skb_queue_tail(&bfusb->completed_q, skb);
++ }
++
++ while ((urb = bfusb_get_completed(bfusb)))
++ usb_free_urb(urb);
++}
++
++
++static int bfusb_send_bulk(struct bfusb *bfusb, struct sk_buff *skb)
++{
++ struct bfusb_scb *scb = (void *) skb->cb;
++ struct urb *urb = bfusb_get_completed(bfusb);
++ int err, pipe;
++
++ BT_DBG("bfusb %p skb %p len %d", bfusb, skb, skb->len);
++
++ if (!urb && !(urb = usb_alloc_urb(0)))
++ return -ENOMEM;
++
++ pipe = usb_sndbulkpipe(bfusb->udev, bfusb->bulk_out_ep);
++
++ FILL_BULK_URB(urb, bfusb->udev, pipe, skb->data, skb->len,
++ bfusb_tx_complete, skb);
++
++ urb->transfer_flags = USB_QUEUE_BULK;
++
++ scb->urb = urb;
++
++ skb_queue_tail(&bfusb->pending_q, skb);
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s bulk tx submit failed urb %p err %d",
++ bfusb->hdev.name, urb, err);
++ skb_unlink(skb);
++ usb_free_urb(urb);
++ } else
++ atomic_inc(&bfusb->pending_tx);
++
++ return err;
++}
++
++static void bfusb_tx_wakeup(struct bfusb *bfusb)
++{
++ struct sk_buff *skb;
++
++ BT_DBG("bfusb %p", bfusb);
++
++ if (test_and_set_bit(BFUSB_TX_PROCESS, &bfusb->state)) {
++ set_bit(BFUSB_TX_WAKEUP, &bfusb->state);
++ return;
++ }
++
++ do {
++ clear_bit(BFUSB_TX_WAKEUP, &bfusb->state);
++
++ while ((atomic_read(&bfusb->pending_tx) < BFUSB_MAX_BULK_TX) &&
++ (skb = skb_dequeue(&bfusb->transmit_q))) {
++ if (bfusb_send_bulk(bfusb, skb) < 0) {
++ skb_queue_head(&bfusb->transmit_q, skb);
++ break;
++ }
++ }
++
++ } while (test_bit(BFUSB_TX_WAKEUP, &bfusb->state));
++
++ clear_bit(BFUSB_TX_PROCESS, &bfusb->state);
++}
++
++static void bfusb_tx_complete(struct urb *urb)
++{
++ struct sk_buff *skb = (struct sk_buff *) urb->context;
++ struct bfusb *bfusb = (struct bfusb *) skb->dev;
++
++ BT_DBG("bfusb %p urb %p skb %p len %d", bfusb, urb, skb, skb->len);
++
++ atomic_dec(&bfusb->pending_tx);
++
++ if (!test_bit(HCI_RUNNING, &bfusb->hdev.flags))
++ return;
++
++ if (!urb->status)
++ bfusb->hdev.stat.byte_tx += skb->len;
++ else
++ bfusb->hdev.stat.err_tx++;
++
++ read_lock(&bfusb->lock);
++
++ skb_unlink(skb);
++ skb_queue_tail(&bfusb->completed_q, skb);
++
++ bfusb_tx_wakeup(bfusb);
++
++ read_unlock(&bfusb->lock);
++}
++
++
++static int bfusb_rx_submit(struct bfusb *bfusb, struct urb *urb)
++{
++ struct bfusb_scb *scb;
++ struct sk_buff *skb;
++ int err, pipe, size = HCI_MAX_FRAME_SIZE + 32;
++
++ BT_DBG("bfusb %p urb %p", bfusb, urb);
++
++ if (!urb && !(urb = usb_alloc_urb(0)))
++ return -ENOMEM;
++
++ if (!(skb = bluez_skb_alloc(size, GFP_ATOMIC))) {
++ usb_free_urb(urb);
++ return -ENOMEM;
++ }
++
++ skb->dev = (void *) bfusb;
++
++ scb = (struct bfusb_scb *) skb->cb;
++ scb->urb = urb;
++
++ pipe = usb_rcvbulkpipe(bfusb->udev, bfusb->bulk_in_ep);
++
++ FILL_BULK_URB(urb, bfusb->udev, pipe, skb->data, size,
++ bfusb_rx_complete, skb);
++
++ urb->transfer_flags = USB_QUEUE_BULK;
++
++ skb_queue_tail(&bfusb->pending_q, skb);
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s bulk rx submit failed urb %p err %d",
++ bfusb->hdev.name, urb, err);
++ skb_unlink(skb);
++ kfree_skb(skb);
++ usb_free_urb(urb);
++ }
++
++ return err;
++}
++
++static inline int bfusb_recv_block(struct bfusb *bfusb, int hdr, unsigned char *data, int len)
++{
++ BT_DBG("bfusb %p hdr 0x%02x data %p len %d", bfusb, hdr, data, len);
++
++ if (hdr & 0x10) {
++ BT_ERR("%s error in block", bfusb->hdev.name);
++ if (bfusb->reassembly)
++ kfree_skb(bfusb->reassembly);
++ bfusb->reassembly = NULL;
++ return -EIO;
++ }
++
++ if (hdr & 0x04) {
++ struct sk_buff *skb;
++ unsigned char pkt_type;
++ int pkt_len = 0;
++
++ if (bfusb->reassembly) {
++ BT_ERR("%s unexpected start block", bfusb->hdev.name);
++ kfree_skb(bfusb->reassembly);
++ bfusb->reassembly = NULL;
++ }
++
++ if (len < 1) {
++ BT_ERR("%s no packet type found", bfusb->hdev.name);
++ return -EPROTO;
++ }
++
++ pkt_type = *data++; len--;
++
++ switch (pkt_type) {
++ case HCI_EVENT_PKT:
++ if (len >= HCI_EVENT_HDR_SIZE) {
++ hci_event_hdr *hdr = (hci_event_hdr *) data;
++ pkt_len = HCI_EVENT_HDR_SIZE + hdr->plen;
++ } else {
++ BT_ERR("%s event block is too short", bfusb->hdev.name);
++ return -EILSEQ;
++ }
++ break;
++
++ case HCI_ACLDATA_PKT:
++ if (len >= HCI_ACL_HDR_SIZE) {
++ hci_acl_hdr *hdr = (hci_acl_hdr *) data;
++ pkt_len = HCI_ACL_HDR_SIZE + __le16_to_cpu(hdr->dlen);
++ } else {
++ BT_ERR("%s data block is too short", bfusb->hdev.name);
++ return -EILSEQ;
++ }
++ break;
++
++ case HCI_SCODATA_PKT:
++ if (len >= HCI_SCO_HDR_SIZE) {
++ hci_sco_hdr *hdr = (hci_sco_hdr *) data;
++ pkt_len = HCI_SCO_HDR_SIZE + hdr->dlen;
++ } else {
++ BT_ERR("%s audio block is too short", bfusb->hdev.name);
++ return -EILSEQ;
++ }
++ break;
++ }
++
++ skb = bluez_skb_alloc(pkt_len, GFP_ATOMIC);
++ if (!skb) {
++ BT_ERR("%s no memory for the packet", bfusb->hdev.name);
++ return -ENOMEM;
++ }
++
++ skb->dev = (void *) &bfusb->hdev;
++ skb->pkt_type = pkt_type;
++
++ bfusb->reassembly = skb;
++ } else {
++ if (!bfusb->reassembly) {
++ BT_ERR("%s unexpected continuation block", bfusb->hdev.name);
++ return -EIO;
++ }
++ }
++
++ if (len > 0)
++ memcpy(skb_put(bfusb->reassembly, len), data, len);
++
++ if (hdr & 0x08) {
++ hci_recv_frame(bfusb->reassembly);
++ bfusb->reassembly = NULL;
++ }
++
++ return 0;
++}
++
++static void bfusb_rx_complete(struct urb *urb)
++{
++ struct sk_buff *skb = (struct sk_buff *) urb->context;
++ struct bfusb *bfusb = (struct bfusb *) skb->dev;
++ unsigned char *buf = urb->transfer_buffer;
++ int count = urb->actual_length;
++ int err, hdr, len;
++
++ BT_DBG("bfusb %p urb %p skb %p len %d", bfusb, urb, skb, skb->len);
++
++ if (!test_bit(HCI_RUNNING, &bfusb->hdev.flags))
++ return;
++
++ read_lock(&bfusb->lock);
++
++ if (urb->status || !count)
++ goto resubmit;
++
++ bfusb->hdev.stat.byte_rx += count;
++
++ skb_put(skb, count);
++
++ while (count) {
++ hdr = buf[0] | (buf[1] << 8);
++
++ if (hdr & 0x4000) {
++ len = 0;
++ count -= 2;
++ buf += 2;
++ } else {
++ len = (buf[2] == 0) ? 256 : buf[2];
++ count -= 3;
++ buf += 3;
++ }
++
++ if (count < len) {
++ BT_ERR("%s block extends over URB buffer ranges",
++ bfusb->hdev.name);
++ }
++
++ if ((hdr & 0xe1) == 0xc1)
++ bfusb_recv_block(bfusb, hdr, buf, len);
++
++ count -= len;
++ buf += len;
++ }
++
++ skb_unlink(skb);
++ kfree_skb(skb);
++
++ bfusb_rx_submit(bfusb, urb);
++
++ read_unlock(&bfusb->lock);
++
++ return;
++
++resubmit:
++ urb->dev = bfusb->udev;
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s bulk resubmit failed urb %p err %d",
++ bfusb->hdev.name, urb, err);
++ }
++
++ read_unlock(&bfusb->lock);
++}
++
++
++static int bfusb_open(struct hci_dev *hdev)
++{
++ struct bfusb *bfusb = (struct bfusb *) hdev->driver_data;
++ unsigned long flags;
++ int i, err;
++
++ BT_DBG("hdev %p bfusb %p", hdev, bfusb);
++
++ if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
++ return 0;
++
++ MOD_INC_USE_COUNT;
++
++ write_lock_irqsave(&bfusb->lock, flags);
++
++ err = bfusb_rx_submit(bfusb, NULL);
++ if (!err) {
++ for (i = 1; i < BFUSB_MAX_BULK_RX; i++)
++ bfusb_rx_submit(bfusb, NULL);
++ } else {
++ clear_bit(HCI_RUNNING, &hdev->flags);
++ MOD_DEC_USE_COUNT;
++ }
++
++ write_unlock_irqrestore(&bfusb->lock, flags);
++
++ return err;
++}
++
++static int bfusb_flush(struct hci_dev *hdev)
++{
++ struct bfusb *bfusb = (struct bfusb *) hdev->driver_data;
++
++ BT_DBG("hdev %p bfusb %p", hdev, bfusb);
++
++ skb_queue_purge(&bfusb->transmit_q);
++
++ return 0;
++}
++
++static int bfusb_close(struct hci_dev *hdev)
++{
++ struct bfusb *bfusb = (struct bfusb *) hdev->driver_data;
++ unsigned long flags;
++
++ BT_DBG("hdev %p bfusb %p", hdev, bfusb);
++
++ if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
++ return 0;
++
++ write_lock_irqsave(&bfusb->lock, flags);
++
++ bfusb_unlink_urbs(bfusb);
++ bfusb_flush(hdev);
++
++ write_unlock_irqrestore(&bfusb->lock, flags);
++
++ MOD_DEC_USE_COUNT;
++
++ return 0;
++}
++
++static int bfusb_send_frame(struct sk_buff *skb)
++{
++ struct hci_dev *hdev = (struct hci_dev *) skb->dev;
++ struct bfusb *bfusb;
++ struct sk_buff *nskb;
++ unsigned char buf[3];
++ int sent = 0, size, count;
++
++ BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, skb->pkt_type, skb->len);
++
++ if (!hdev) {
++ BT_ERR("Frame for unknown HCI device (hdev=NULL)");
++ return -ENODEV;
++ }
++
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
++ return -EBUSY;
++
++ bfusb = (struct bfusb *) hdev->driver_data;
++
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ break;
++ };
++
++ /* Prepend skb with frame type */
++ memcpy(skb_push(skb, 1), &(skb->pkt_type), 1);
++
++ count = skb->len;
++
++ /* Max HCI frame size seems to be 1511 + 1 */
++ if (!(nskb = bluez_skb_alloc(count + 32, GFP_ATOMIC))) {
++ BT_ERR("Can't allocate memory for new packet");
++ return -ENOMEM;
++ }
++
++ nskb->dev = (void *) bfusb;
++
++ while (count) {
++ size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE);
++
++ buf[0] = 0xc1 | ((sent == 0) ? 0x04 : 0) | ((count == size) ? 0x08 : 0);
++ buf[1] = 0x00;
++ buf[2] = (size == BFUSB_MAX_BLOCK_SIZE) ? 0 : size;
++
++ memcpy(skb_put(nskb, 3), buf, 3);
++ memcpy(skb_put(nskb, size), skb->data + sent, size);
++
++ sent += size;
++ count -= size;
++ }
++
++ /* Don't send frame with multiple size of bulk max packet */
++ if ((nskb->len % bfusb->bulk_pkt_size) == 0) {
++ buf[0] = 0xdd;
++ buf[1] = 0x00;
++ memcpy(skb_put(nskb, 2), buf, 2);
++ }
++
++ read_lock(&bfusb->lock);
++
++ skb_queue_tail(&bfusb->transmit_q, nskb);
++ bfusb_tx_wakeup(bfusb);
++
++ read_unlock(&bfusb->lock);
++
++ kfree_skb(skb);
++
++ return 0;
++}
++
++static void bfusb_destruct(struct hci_dev *hdev)
++{
++ struct bfusb *bfusb = (struct bfusb *) hdev->driver_data;
++
++ BT_DBG("hdev %p bfusb %p", hdev, bfusb);
++
++ kfree(bfusb);
++}
++
++static int bfusb_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
++{
++ return -ENOIOCTLCMD;
++}
++
++
++static int bfusb_load_firmware(struct bfusb *bfusb, unsigned char *firmware, int count)
++{
++ unsigned char *buf;
++ int err, pipe, len, size, sent = 0;
++
++ BT_DBG("bfusb %p udev %p firmware %p count %d", bfusb, bfusb->udev, firmware, count);
++
++ BT_INFO("BlueFRITZ! USB loading firmware");
++
++ if (usb_set_configuration(bfusb->udev, 1) < 0) {
++ BT_ERR("Can't change to loading configuration");
++ return -EBUSY;
++ }
++
++ buf = kmalloc(BFUSB_MAX_BLOCK_SIZE + 3, GFP_ATOMIC);
++ if (!buf) {
++ BT_ERR("Can't allocate memory chunk for firmware");
++ return -ENOMEM;
++ }
++
++ pipe = usb_sndbulkpipe(bfusb->udev, bfusb->bulk_out_ep);
++
++ while (count) {
++ size = min_t(uint, count, BFUSB_MAX_BLOCK_SIZE + 3);
++
++ memcpy(buf, firmware + sent, size);
++
++ err = usb_bulk_msg(bfusb->udev, pipe, buf, size,
++ &len, BFUSB_BLOCK_TIMEOUT);
++
++ if (err || (len != size)) {
++ BT_ERR("Error in firmware loading");
++ goto error;
++ }
++
++ sent += size;
++ count -= size;
++ }
++
++ if ((err = usb_bulk_msg(bfusb->udev, pipe, NULL, 0,
++ &len, BFUSB_BLOCK_TIMEOUT)) < 0) {
++ BT_ERR("Error in null packet request");
++ goto error;
++ }
++
++ if ((err = usb_set_configuration(bfusb->udev, 2)) < 0) {
++ BT_ERR("Can't change to running configuration");
++ goto error;
++ }
++
++ BT_INFO("BlueFRITZ! USB device ready");
++
++ kfree(buf);
++ return 0;
++
++error:
++ kfree(buf);
++
++ pipe = usb_sndctrlpipe(bfusb->udev, 0);
++
++ usb_control_msg(bfusb->udev, pipe, USB_REQ_SET_CONFIGURATION,
++ 0, 0, 0, NULL, 0, BFUSB_BLOCK_TIMEOUT);
++
++ return err;
++}
++
++static void *bfusb_probe(struct usb_device *udev, unsigned int ifnum, const struct usb_device_id *id)
++{
++ const struct firmware *firmware;
++ char device[16];
++ struct usb_interface *iface;
++ struct usb_interface_descriptor *iface_desc;
++ struct usb_endpoint_descriptor *bulk_out_ep;
++ struct usb_endpoint_descriptor *bulk_in_ep;
++ struct hci_dev *hdev;
++ struct bfusb *bfusb;
++
++ BT_DBG("udev %p ifnum %d id %p", udev, ifnum, id);
++
++ /* Check number of endpoints */
++ iface = &udev->actconfig->interface[0];
++ iface_desc = &iface->altsetting[0];
++
++ if (iface_desc->bNumEndpoints < 2)
++ return NULL;
++
++ bulk_out_ep = &iface_desc->endpoint[0];
++ bulk_in_ep = &iface_desc->endpoint[1];
++
++ if (!bulk_out_ep || !bulk_in_ep) {
++ BT_ERR("Bulk endpoints not found");
++ goto done;
++ }
++
++ /* Initialize control structure and load firmware */
++ if (!(bfusb = kmalloc(sizeof(struct bfusb), GFP_KERNEL))) {
++ BT_ERR("Can't allocate memory for control structure");
++ goto done;
++ }
++
++ memset(bfusb, 0, sizeof(struct bfusb));
++
++ bfusb->udev = udev;
++ bfusb->bulk_in_ep = bulk_in_ep->bEndpointAddress;
++ bfusb->bulk_out_ep = bulk_out_ep->bEndpointAddress;
++ bfusb->bulk_pkt_size = bulk_out_ep->wMaxPacketSize;
++
++ bfusb->lock = RW_LOCK_UNLOCKED;
++
++ bfusb->reassembly = NULL;
++
++ skb_queue_head_init(&bfusb->transmit_q);
++ skb_queue_head_init(&bfusb->pending_q);
++ skb_queue_head_init(&bfusb->completed_q);
++
++ snprintf(device, sizeof(device), "bfusb%3.3d%3.3d", udev->bus->busnum, udev->devnum);
++
++ if (request_firmware(&firmware, "bfubase.frm", device) < 0) {
++ BT_ERR("Firmware request failed");
++ goto error;
++ }
++
++ if (bfusb_load_firmware(bfusb, firmware->data, firmware->size) < 0) {
++ BT_ERR("Firmware loading failed");
++ goto release;
++ }
++
++ release_firmware(firmware);
++
++ /* Initialize and register HCI device */
++ hdev = &bfusb->hdev;
++
++ hdev->type = HCI_USB;
++ hdev->driver_data = bfusb;
++
++ hdev->open = bfusb_open;
++ hdev->close = bfusb_close;
++ hdev->flush = bfusb_flush;
++ hdev->send = bfusb_send_frame;
++ hdev->destruct = bfusb_destruct;
++ hdev->ioctl = bfusb_ioctl;
++
++ if (hci_register_dev(hdev) < 0) {
++ BT_ERR("Can't register HCI device");
++ goto error;
++ }
++
++ return bfusb;
++
++release:
++ release_firmware(firmware);
++
++error:
++ kfree(bfusb);
++
++done:
++ return NULL;
++}
++
++static void bfusb_disconnect(struct usb_device *udev, void *ptr)
++{
++ struct bfusb *bfusb = (struct bfusb *) ptr;
++ struct hci_dev *hdev = &bfusb->hdev;
++
++ BT_DBG("udev %p ptr %p", udev, ptr);
++
++ if (!hdev)
++ return;
++
++ bfusb_close(hdev);
++
++ if (hci_unregister_dev(hdev) < 0)
++ BT_ERR("Can't unregister HCI device %s", hdev->name);
++}
++
++static struct usb_driver bfusb_driver = {
++ name: "bfusb",
++ probe: bfusb_probe,
++ disconnect: bfusb_disconnect,
++ id_table: bfusb_table,
++};
++
++static int __init bfusb_init(void)
++{
++ int err;
++
++ BT_INFO("BlueFRITZ! USB driver ver %s", VERSION);
++ BT_INFO("Copyright (C) 2003 Marcel Holtmann <marcel@holtmann.org>");
++
++ if ((err = usb_register(&bfusb_driver)) < 0)
++ BT_ERR("Failed to register BlueFRITZ! USB driver");
++
++ return err;
++}
++
++static void __exit bfusb_cleanup(void)
++{
++ usb_deregister(&bfusb_driver);
++}
++
++module_init(bfusb_init);
++module_exit(bfusb_cleanup);
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueFRITZ! USB driver ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/drivers/bluetooth/bluecard_cs.c linux-2.4.18-mh9/drivers/bluetooth/bluecard_cs.c
+--- linux-2.4.18/drivers/bluetooth/bluecard_cs.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/bluecard_cs.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,1113 @@
++/*
++ *
++ * Bluetooth driver for the Anycom BlueCard (LSE039/LSE041)
++ *
++ * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation;
++ *
++ * Software distributed under the License is distributed on an "AS
++ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
++ * implied. See the License for the specific language governing
++ * rights and limitations under the License.
++ *
++ * The initial developer of the original code is David A. Hinds
++ * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
++ * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/timer.h>
++#include <linux/errno.h>
++#include <linux/ptrace.h>
++#include <linux/ioport.h>
++#include <linux/spinlock.h>
++#include <linux/skbuff.h>
++#include <asm/io.h>
++
++#include <pcmcia/version.h>
++#include <pcmcia/cs_types.h>
++#include <pcmcia/cs.h>
++#include <pcmcia/cistpl.h>
++#include <pcmcia/ciscode.h>
++#include <pcmcia/ds.h>
++#include <pcmcia/cisreg.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++
++
++/* ======================== Module parameters ======================== */
++
++
++/* Bit map of interrupts to choose from */
++static u_int irq_mask = 0x86bc;
++static int irq_list[4] = { -1 };
++
++MODULE_PARM(irq_mask, "i");
++MODULE_PARM(irq_list, "1-4i");
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueZ driver for the Anycom BlueCard (LSE039/LSE041)");
++MODULE_LICENSE("GPL");
++
++
++
++/* ======================== Local structures ======================== */
++
++
++typedef struct bluecard_info_t {
++ dev_link_t link;
++ dev_node_t node;
++
++ struct hci_dev hdev;
++
++ spinlock_t lock; /* For serializing operations */
++ struct timer_list timer; /* For LED control */
++
++ struct sk_buff_head txq;
++ unsigned long tx_state;
++
++ unsigned long rx_state;
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++
++ unsigned char ctrl_reg;
++ unsigned long hw_state; /* Status of the hardware and LED control */
++} bluecard_info_t;
++
++
++void bluecard_config(dev_link_t *link);
++void bluecard_release(u_long arg);
++int bluecard_event(event_t event, int priority, event_callback_args_t *args);
++
++static dev_info_t dev_info = "bluecard_cs";
++
++dev_link_t *bluecard_attach(void);
++void bluecard_detach(dev_link_t *);
++
++static dev_link_t *dev_list = NULL;
++
++
++/* Default baud rate: 57600, 115200, 230400 or 460800 */
++#define DEFAULT_BAUD_RATE 230400
++
++
++/* Hardware states */
++#define CARD_READY 1
++#define CARD_HAS_PCCARD_ID 4
++#define CARD_HAS_POWER_LED 5
++#define CARD_HAS_ACTIVITY_LED 6
++
++/* Transmit states */
++#define XMIT_SENDING 1
++#define XMIT_WAKEUP 2
++#define XMIT_BUFFER_NUMBER 5 /* unset = buffer one, set = buffer two */
++#define XMIT_BUF_ONE_READY 6
++#define XMIT_BUF_TWO_READY 7
++#define XMIT_SENDING_READY 8
++
++/* Receiver states */
++#define RECV_WAIT_PACKET_TYPE 0
++#define RECV_WAIT_EVENT_HEADER 1
++#define RECV_WAIT_ACL_HEADER 2
++#define RECV_WAIT_SCO_HEADER 3
++#define RECV_WAIT_DATA 4
++
++/* Special packet types */
++#define PKT_BAUD_RATE_57600 0x80
++#define PKT_BAUD_RATE_115200 0x81
++#define PKT_BAUD_RATE_230400 0x82
++#define PKT_BAUD_RATE_460800 0x83
++
++
++/* These are the register offsets */
++#define REG_COMMAND 0x20
++#define REG_INTERRUPT 0x21
++#define REG_CONTROL 0x22
++#define REG_RX_CONTROL 0x24
++#define REG_CARD_RESET 0x30
++#define REG_LED_CTRL 0x30
++
++/* REG_COMMAND */
++#define REG_COMMAND_TX_BUF_ONE 0x01
++#define REG_COMMAND_TX_BUF_TWO 0x02
++#define REG_COMMAND_RX_BUF_ONE 0x04
++#define REG_COMMAND_RX_BUF_TWO 0x08
++#define REG_COMMAND_RX_WIN_ONE 0x00
++#define REG_COMMAND_RX_WIN_TWO 0x10
++
++/* REG_CONTROL */
++#define REG_CONTROL_BAUD_RATE_57600 0x00
++#define REG_CONTROL_BAUD_RATE_115200 0x01
++#define REG_CONTROL_BAUD_RATE_230400 0x02
++#define REG_CONTROL_BAUD_RATE_460800 0x03
++#define REG_CONTROL_RTS 0x04
++#define REG_CONTROL_BT_ON 0x08
++#define REG_CONTROL_BT_RESET 0x10
++#define REG_CONTROL_BT_RES_PU 0x20
++#define REG_CONTROL_INTERRUPT 0x40
++#define REG_CONTROL_CARD_RESET 0x80
++
++/* REG_RX_CONTROL */
++#define RTS_LEVEL_SHIFT_BITS 0x02
++
++
++
++/* ======================== LED handling routines ======================== */
++
++
++void bluecard_activity_led_timeout(u_long arg)
++{
++ bluecard_info_t *info = (bluecard_info_t *)arg;
++ unsigned int iobase = info->link.io.BasePort1;
++
++ if (test_bit(CARD_HAS_ACTIVITY_LED, &(info->hw_state))) {
++ /* Disable activity LED */
++ outb(0x08 | 0x20, iobase + 0x30);
++ } else {
++ /* Disable power LED */
++ outb(0x00, iobase + 0x30);
++ }
++}
++
++
++static void bluecard_enable_activity_led(bluecard_info_t *info)
++{
++ unsigned int iobase = info->link.io.BasePort1;
++
++ if (test_bit(CARD_HAS_ACTIVITY_LED, &(info->hw_state))) {
++ /* Enable activity LED */
++ outb(0x10 | 0x40, iobase + 0x30);
++
++ /* Stop the LED after HZ/4 */
++ mod_timer(&(info->timer), jiffies + HZ / 4);
++ } else {
++ /* Enable power LED */
++ outb(0x08 | 0x20, iobase + 0x30);
++
++ /* Stop the LED after HZ/2 */
++ mod_timer(&(info->timer), jiffies + HZ / 2);
++ }
++}
++
++
++
++/* ======================== Interrupt handling ======================== */
++
++
++static int bluecard_write(unsigned int iobase, unsigned int offset, __u8 *buf, int len)
++{
++ int i, actual;
++
++ actual = (len > 15) ? 15 : len;
++
++ outb_p(actual, iobase + offset);
++
++ for (i = 0; i < actual; i++)
++ outb_p(buf[i], iobase + offset + i + 1);
++
++ return actual;
++}
++
++
++static void bluecard_write_wakeup(bluecard_info_t *info)
++{
++ if (!info) {
++ printk(KERN_WARNING "bluecard_cs: Call of write_wakeup for unknown device.\n");
++ return;
++ }
++
++ if (!test_bit(XMIT_SENDING_READY, &(info->tx_state)))
++ return;
++
++ if (test_and_set_bit(XMIT_SENDING, &(info->tx_state))) {
++ set_bit(XMIT_WAKEUP, &(info->tx_state));
++ return;
++ }
++
++ do {
++ register unsigned int iobase = info->link.io.BasePort1;
++ register unsigned int offset;
++ register unsigned char command;
++ register unsigned long ready_bit;
++ register struct sk_buff *skb;
++ register int len;
++
++ clear_bit(XMIT_WAKEUP, &(info->tx_state));
++
++ if (!(info->link.state & DEV_PRESENT))
++ return;
++
++ if (test_bit(XMIT_BUFFER_NUMBER, &(info->tx_state))) {
++ if (!test_bit(XMIT_BUF_TWO_READY, &(info->tx_state)))
++ break;
++ offset = 0x10;
++ command = REG_COMMAND_TX_BUF_TWO;
++ ready_bit = XMIT_BUF_TWO_READY;
++ } else {
++ if (!test_bit(XMIT_BUF_ONE_READY, &(info->tx_state)))
++ break;
++ offset = 0x00;
++ command = REG_COMMAND_TX_BUF_ONE;
++ ready_bit = XMIT_BUF_ONE_READY;
++ }
++
++ if (!(skb = skb_dequeue(&(info->txq))))
++ break;
++
++ if (skb->pkt_type & 0x80) {
++ /* Disable RTS */
++ info->ctrl_reg |= REG_CONTROL_RTS;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++ }
++
++ /* Activate LED */
++ bluecard_enable_activity_led(info);
++
++ /* Send frame */
++ len = bluecard_write(iobase, offset, skb->data, skb->len);
++
++ /* Tell the FPGA to send the data */
++ outb_p(command, iobase + REG_COMMAND);
++
++ /* Mark the buffer as dirty */
++ clear_bit(ready_bit, &(info->tx_state));
++
++ if (skb->pkt_type & 0x80) {
++
++ wait_queue_head_t wait;
++ unsigned char baud_reg;
++
++ switch (skb->pkt_type) {
++ case PKT_BAUD_RATE_460800:
++ baud_reg = REG_CONTROL_BAUD_RATE_460800;
++ break;
++ case PKT_BAUD_RATE_230400:
++ baud_reg = REG_CONTROL_BAUD_RATE_230400;
++ break;
++ case PKT_BAUD_RATE_115200:
++ baud_reg = REG_CONTROL_BAUD_RATE_115200;
++ break;
++ case PKT_BAUD_RATE_57600:
++ /* Fall through... */
++ default:
++ baud_reg = REG_CONTROL_BAUD_RATE_57600;
++ break;
++ }
++
++ /* Wait until the command reaches the baseband */
++ init_waitqueue_head(&wait);
++ interruptible_sleep_on_timeout(&wait, HZ / 10);
++
++ /* Set baud on baseband */
++ info->ctrl_reg &= ~0x03;
++ info->ctrl_reg |= baud_reg;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Enable RTS */
++ info->ctrl_reg &= ~REG_CONTROL_RTS;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Wait before the next HCI packet can be send */
++ interruptible_sleep_on_timeout(&wait, HZ);
++
++ }
++
++ if (len == skb->len) {
++ kfree_skb(skb);
++ } else {
++ skb_pull(skb, len);
++ skb_queue_head(&(info->txq), skb);
++ }
++
++ info->hdev.stat.byte_tx += len;
++
++ /* Change buffer */
++ change_bit(XMIT_BUFFER_NUMBER, &(info->tx_state));
++
++ } while (test_bit(XMIT_WAKEUP, &(info->tx_state)));
++
++ clear_bit(XMIT_SENDING, &(info->tx_state));
++}
++
++
++static int bluecard_read(unsigned int iobase, unsigned int offset, __u8 *buf, int size)
++{
++ int i, n, len;
++
++ outb(REG_COMMAND_RX_WIN_ONE, iobase + REG_COMMAND);
++
++ len = inb(iobase + offset);
++ n = 0;
++ i = 1;
++
++ while (n < len) {
++
++ if (i == 16) {
++ outb(REG_COMMAND_RX_WIN_TWO, iobase + REG_COMMAND);
++ i = 0;
++ }
++
++ buf[n] = inb(iobase + offset + i);
++
++ n++;
++ i++;
++
++ }
++
++ return len;
++}
++
++
++static void bluecard_receive(bluecard_info_t *info, unsigned int offset)
++{
++ unsigned int iobase;
++ unsigned char buf[31];
++ int i, len;
++
++ if (!info) {
++ printk(KERN_WARNING "bluecard_cs: Call of receive for unknown device.\n");
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ if (test_bit(XMIT_SENDING_READY, &(info->tx_state)))
++ bluecard_enable_activity_led(info);
++
++ len = bluecard_read(iobase, offset, buf, sizeof(buf));
++
++ for (i = 0; i < len; i++) {
++
++ /* Allocate packet */
++ if (info->rx_skb == NULL) {
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ if (!(info->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
++ printk(KERN_WARNING "bluecard_cs: Can't allocate mem for new packet.\n");
++ return;
++ }
++ }
++
++ if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
++
++ info->rx_skb->dev = (void *)&(info->hdev);
++ info->rx_skb->pkt_type = buf[i];
++
++ switch (info->rx_skb->pkt_type) {
++
++ case 0x00:
++ /* init packet */
++ if (offset != 0x00) {
++ set_bit(XMIT_BUF_ONE_READY, &(info->tx_state));
++ set_bit(XMIT_BUF_TWO_READY, &(info->tx_state));
++ set_bit(XMIT_SENDING_READY, &(info->tx_state));
++ bluecard_write_wakeup(info);
++ }
++
++ kfree_skb(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ case HCI_EVENT_PKT:
++ info->rx_state = RECV_WAIT_EVENT_HEADER;
++ info->rx_count = HCI_EVENT_HDR_SIZE;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ info->rx_state = RECV_WAIT_ACL_HEADER;
++ info->rx_count = HCI_ACL_HDR_SIZE;
++ break;
++
++ case HCI_SCODATA_PKT:
++ info->rx_state = RECV_WAIT_SCO_HEADER;
++ info->rx_count = HCI_SCO_HDR_SIZE;
++ break;
++
++ default:
++ /* unknown packet */
++ printk(KERN_WARNING "bluecard_cs: Unknown HCI packet with type 0x%02x received.\n", info->rx_skb->pkt_type);
++ info->hdev.stat.err_rx++;
++
++ kfree_skb(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ } else {
++
++ *skb_put(info->rx_skb, 1) = buf[i];
++ info->rx_count--;
++
++ if (info->rx_count == 0) {
++
++ int dlen;
++ hci_event_hdr *eh;
++ hci_acl_hdr *ah;
++ hci_sco_hdr *sh;
++
++ switch (info->rx_state) {
++
++ case RECV_WAIT_EVENT_HEADER:
++ eh = (hci_event_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = eh->plen;
++ break;
++
++ case RECV_WAIT_ACL_HEADER:
++ ah = (hci_acl_hdr *)(info->rx_skb->data);
++ dlen = __le16_to_cpu(ah->dlen);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = dlen;
++ break;
++
++ case RECV_WAIT_SCO_HEADER:
++ sh = (hci_sco_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = sh->dlen;
++ break;
++
++ case RECV_WAIT_DATA:
++ hci_recv_frame(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ }
++
++ }
++
++
++ }
++
++ info->hdev.stat.byte_rx += len;
++}
++
++
++void bluecard_interrupt(int irq, void *dev_inst, struct pt_regs *regs)
++{
++ bluecard_info_t *info = dev_inst;
++ unsigned int iobase;
++ unsigned char reg;
++
++ if (!info) {
++ printk(KERN_WARNING "bluecard_cs: Call of irq %d for unknown device.\n", irq);
++ return;
++ }
++
++ if (!test_bit(CARD_READY, &(info->hw_state)))
++ return;
++
++ iobase = info->link.io.BasePort1;
++
++ spin_lock(&(info->lock));
++
++ /* Disable interrupt */
++ info->ctrl_reg &= ~REG_CONTROL_INTERRUPT;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ reg = inb(iobase + REG_INTERRUPT);
++
++ if ((reg != 0x00) && (reg != 0xff)) {
++
++ if (reg & 0x04) {
++ bluecard_receive(info, 0x00);
++ outb(0x04, iobase + REG_INTERRUPT);
++ outb(REG_COMMAND_RX_BUF_ONE, iobase + REG_COMMAND);
++ }
++
++ if (reg & 0x08) {
++ bluecard_receive(info, 0x10);
++ outb(0x08, iobase + REG_INTERRUPT);
++ outb(REG_COMMAND_RX_BUF_TWO, iobase + REG_COMMAND);
++ }
++
++ if (reg & 0x01) {
++ set_bit(XMIT_BUF_ONE_READY, &(info->tx_state));
++ outb(0x01, iobase + REG_INTERRUPT);
++ bluecard_write_wakeup(info);
++ }
++
++ if (reg & 0x02) {
++ set_bit(XMIT_BUF_TWO_READY, &(info->tx_state));
++ outb(0x02, iobase + REG_INTERRUPT);
++ bluecard_write_wakeup(info);
++ }
++
++ }
++
++ /* Enable interrupt */
++ info->ctrl_reg |= REG_CONTROL_INTERRUPT;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ spin_unlock(&(info->lock));
++}
++
++
++
++/* ======================== Device specific HCI commands ======================== */
++
++
++static int bluecard_hci_set_baud_rate(struct hci_dev *hdev, int baud)
++{
++ bluecard_info_t *info = (bluecard_info_t *)(hdev->driver_data);
++ struct sk_buff *skb;
++
++ /* Ericsson baud rate command */
++ unsigned char cmd[] = { HCI_COMMAND_PKT, 0x09, 0xfc, 0x01, 0x03 };
++
++ if (!(skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
++ printk(KERN_WARNING "bluecard_cs: Can't allocate mem for new packet.\n");
++ return -1;
++ }
++
++ switch (baud) {
++ case 460800:
++ cmd[4] = 0x00;
++ skb->pkt_type = PKT_BAUD_RATE_460800;
++ break;
++ case 230400:
++ cmd[4] = 0x01;
++ skb->pkt_type = PKT_BAUD_RATE_230400;
++ break;
++ case 115200:
++ cmd[4] = 0x02;
++ skb->pkt_type = PKT_BAUD_RATE_115200;
++ break;
++ case 57600:
++ /* Fall through... */
++ default:
++ cmd[4] = 0x03;
++ skb->pkt_type = PKT_BAUD_RATE_57600;
++ break;
++ }
++
++ memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd));
++
++ skb_queue_tail(&(info->txq), skb);
++
++ bluecard_write_wakeup(info);
++
++ return 0;
++}
++
++
++
++/* ======================== HCI interface ======================== */
++
++
++static int bluecard_hci_flush(struct hci_dev *hdev)
++{
++ bluecard_info_t *info = (bluecard_info_t *)(hdev->driver_data);
++
++ /* Drop TX queue */
++ skb_queue_purge(&(info->txq));
++
++ return 0;
++}
++
++
++static int bluecard_hci_open(struct hci_dev *hdev)
++{
++ bluecard_info_t *info = (bluecard_info_t *)(hdev->driver_data);
++ unsigned int iobase = info->link.io.BasePort1;
++
++ bluecard_hci_set_baud_rate(hdev, DEFAULT_BAUD_RATE);
++
++ if (test_and_set_bit(HCI_RUNNING, &(hdev->flags)))
++ return 0;
++
++ /* Enable LED */
++ outb(0x08 | 0x20, iobase + 0x30);
++
++ return 0;
++}
++
++
++static int bluecard_hci_close(struct hci_dev *hdev)
++{
++ bluecard_info_t *info = (bluecard_info_t *)(hdev->driver_data);
++ unsigned int iobase = info->link.io.BasePort1;
++
++ if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
++ return 0;
++
++ bluecard_hci_flush(hdev);
++
++ /* Disable LED */
++ outb(0x00, iobase + 0x30);
++
++ return 0;
++}
++
++
++static int bluecard_hci_send_frame(struct sk_buff *skb)
++{
++ bluecard_info_t *info;
++ struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
++
++ if (!hdev) {
++ printk(KERN_WARNING "bluecard_cs: Frame for unknown HCI device (hdev=NULL).");
++ return -ENODEV;
++ }
++
++ info = (bluecard_info_t *)(hdev->driver_data);
++
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ break;
++ };
++
++ /* Prepend skb with frame type */
++ memcpy(skb_push(skb, 1), &(skb->pkt_type), 1);
++ skb_queue_tail(&(info->txq), skb);
++
++ bluecard_write_wakeup(info);
++
++ return 0;
++}
++
++
++static void bluecard_hci_destruct(struct hci_dev *hdev)
++{
++}
++
++
++static int bluecard_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
++{
++ return -ENOIOCTLCMD;
++}
++
++
++
++/* ======================== Card services HCI interaction ======================== */
++
++
++int bluecard_open(bluecard_info_t *info)
++{
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev;
++ unsigned char id;
++
++ spin_lock_init(&(info->lock));
++
++ init_timer(&(info->timer));
++ info->timer.function = &bluecard_activity_led_timeout;
++ info->timer.data = (u_long)info;
++
++ skb_queue_head_init(&(info->txq));
++
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ info->rx_skb = NULL;
++
++ id = inb(iobase + 0x30);
++
++ if ((id & 0x0f) == 0x02)
++ set_bit(CARD_HAS_PCCARD_ID, &(info->hw_state));
++
++ if (id & 0x10)
++ set_bit(CARD_HAS_POWER_LED, &(info->hw_state));
++
++ if (id & 0x20)
++ set_bit(CARD_HAS_ACTIVITY_LED, &(info->hw_state));
++
++ /* Reset card */
++ info->ctrl_reg = REG_CONTROL_BT_RESET | REG_CONTROL_CARD_RESET;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Turn FPGA off */
++ outb(0x80, iobase + 0x30);
++
++ /* Wait some time */
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule_timeout(HZ / 100);
++
++ /* Turn FPGA on */
++ outb(0x00, iobase + 0x30);
++
++ /* Activate card */
++ info->ctrl_reg = REG_CONTROL_BT_ON | REG_CONTROL_BT_RES_PU;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Enable interrupt */
++ outb(0xff, iobase + REG_INTERRUPT);
++ info->ctrl_reg |= REG_CONTROL_INTERRUPT;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Start the RX buffers */
++ outb(REG_COMMAND_RX_BUF_ONE, iobase + REG_COMMAND);
++ outb(REG_COMMAND_RX_BUF_TWO, iobase + REG_COMMAND);
++
++ /* Signal that the hardware is ready */
++ set_bit(CARD_READY, &(info->hw_state));
++
++ /* Drop TX queue */
++ skb_queue_purge(&(info->txq));
++
++ /* Control the point at which RTS is enabled */
++ outb((0x0f << RTS_LEVEL_SHIFT_BITS) | 1, iobase + REG_RX_CONTROL);
++
++ /* Timeout before it is safe to send the first HCI packet */
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule_timeout((HZ * 5) / 4); // or set it to 3/2
++
++
++ /* Initialize and register HCI device */
++
++ hdev = &(info->hdev);
++
++ hdev->type = HCI_PCCARD;
++ hdev->driver_data = info;
++
++ hdev->open = bluecard_hci_open;
++ hdev->close = bluecard_hci_close;
++ hdev->flush = bluecard_hci_flush;
++ hdev->send = bluecard_hci_send_frame;
++ hdev->destruct = bluecard_hci_destruct;
++ hdev->ioctl = bluecard_hci_ioctl;
++
++ if (hci_register_dev(hdev) < 0) {
++ printk(KERN_WARNING "bluecard_cs: Can't register HCI device %s.\n", hdev->name);
++ return -ENODEV;
++ }
++
++ return 0;
++}
++
++
++int bluecard_close(bluecard_info_t *info)
++{
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev = &(info->hdev);
++
++ bluecard_hci_close(hdev);
++
++ clear_bit(CARD_READY, &(info->hw_state));
++
++ /* Reset card */
++ info->ctrl_reg = REG_CONTROL_BT_RESET | REG_CONTROL_CARD_RESET;
++ outb(info->ctrl_reg, iobase + REG_CONTROL);
++
++ /* Turn FPGA off */
++ outb(0x80, iobase + 0x30);
++
++ if (hci_unregister_dev(hdev) < 0)
++ printk(KERN_WARNING "bluecard_cs: Can't unregister HCI device %s.\n", hdev->name);
++
++ return 0;
++}
++
++
++
++/* ======================== Card services ======================== */
++
++
++static void cs_error(client_handle_t handle, int func, int ret)
++{
++ error_info_t err = { func, ret };
++
++ CardServices(ReportError, handle, &err);
++}
++
++
++dev_link_t *bluecard_attach(void)
++{
++ bluecard_info_t *info;
++ client_reg_t client_reg;
++ dev_link_t *link;
++ int i, ret;
++
++ /* Create new info device */
++ info = kmalloc(sizeof(*info), GFP_KERNEL);
++ if (!info)
++ return NULL;
++ memset(info, 0, sizeof(*info));
++
++ link = &info->link;
++ link->priv = info;
++
++ link->release.function = &bluecard_release;
++ link->release.data = (u_long)link;
++ link->io.Attributes1 = IO_DATA_PATH_WIDTH_8;
++ link->io.NumPorts1 = 8;
++ link->irq.Attributes = IRQ_TYPE_EXCLUSIVE | IRQ_HANDLE_PRESENT;
++ link->irq.IRQInfo1 = IRQ_INFO2_VALID | IRQ_LEVEL_ID;
++
++ if (irq_list[0] == -1)
++ link->irq.IRQInfo2 = irq_mask;
++ else
++ for (i = 0; i < 4; i++)
++ link->irq.IRQInfo2 |= 1 << irq_list[i];
++
++ link->irq.Handler = bluecard_interrupt;
++ link->irq.Instance = info;
++
++ link->conf.Attributes = CONF_ENABLE_IRQ;
++ link->conf.Vcc = 50;
++ link->conf.IntType = INT_MEMORY_AND_IO;
++
++ /* Register with Card Services */
++ link->next = dev_list;
++ dev_list = link;
++ client_reg.dev_info = &dev_info;
++ client_reg.Attributes = INFO_IO_CLIENT | INFO_CARD_SHARE;
++ client_reg.EventMask =
++ CS_EVENT_CARD_INSERTION | CS_EVENT_CARD_REMOVAL |
++ CS_EVENT_RESET_PHYSICAL | CS_EVENT_CARD_RESET |
++ CS_EVENT_PM_SUSPEND | CS_EVENT_PM_RESUME;
++ client_reg.event_handler = &bluecard_event;
++ client_reg.Version = 0x0210;
++ client_reg.event_callback_args.client_data = link;
++
++ ret = CardServices(RegisterClient, &link->handle, &client_reg);
++ if (ret != CS_SUCCESS) {
++ cs_error(link->handle, RegisterClient, ret);
++ bluecard_detach(link);
++ return NULL;
++ }
++
++ return link;
++}
++
++
++void bluecard_detach(dev_link_t *link)
++{
++ bluecard_info_t *info = link->priv;
++ dev_link_t **linkp;
++ int ret;
++
++ /* Locate device structure */
++ for (linkp = &dev_list; *linkp; linkp = &(*linkp)->next)
++ if (*linkp == link)
++ break;
++
++ if (*linkp == NULL)
++ return;
++
++ del_timer(&link->release);
++ if (link->state & DEV_CONFIG)
++ bluecard_release((u_long)link);
++
++ if (link->handle) {
++ ret = CardServices(DeregisterClient, link->handle);
++ if (ret != CS_SUCCESS)
++ cs_error(link->handle, DeregisterClient, ret);
++ }
++
++ /* Unlink device structure, free bits */
++ *linkp = link->next;
++
++ kfree(info);
++}
++
++
++static int get_tuple(int fn, client_handle_t handle, tuple_t *tuple, cisparse_t *parse)
++{
++ int i;
++
++ i = CardServices(fn, handle, tuple);
++ if (i != CS_SUCCESS)
++ return CS_NO_MORE_ITEMS;
++
++ i = CardServices(GetTupleData, handle, tuple);
++ if (i != CS_SUCCESS)
++ return i;
++
++ return CardServices(ParseTuple, handle, tuple, parse);
++}
++
++
++#define first_tuple(a, b, c) get_tuple(GetFirstTuple, a, b, c)
++#define next_tuple(a, b, c) get_tuple(GetNextTuple, a, b, c)
++
++void bluecard_config(dev_link_t *link)
++{
++ client_handle_t handle = link->handle;
++ bluecard_info_t *info = link->priv;
++ tuple_t tuple;
++ u_short buf[256];
++ cisparse_t parse;
++ config_info_t config;
++ int i, n, last_ret, last_fn;
++
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++
++ /* Get configuration register information */
++ tuple.DesiredTuple = CISTPL_CONFIG;
++ last_ret = first_tuple(handle, &tuple, &parse);
++ if (last_ret != CS_SUCCESS) {
++ last_fn = ParseTuple;
++ goto cs_failed;
++ }
++ link->conf.ConfigBase = parse.config.base;
++ link->conf.Present = parse.config.rmask[0];
++
++ /* Configure card */
++ link->state |= DEV_CONFIG;
++ i = CardServices(GetConfigurationInfo, handle, &config);
++ link->conf.Vcc = config.Vcc;
++
++ link->conf.ConfigIndex = 0x20;
++ link->io.NumPorts1 = 64;
++ link->io.IOAddrLines = 6;
++
++ for (n = 0; n < 0x400; n += 0x40) {
++ link->io.BasePort1 = n ^ 0x300;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ break;
++ }
++
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIO, i);
++ goto failed;
++ }
++
++ i = CardServices(RequestIRQ, link->handle, &link->irq);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIRQ, i);
++ link->irq.AssignedIRQ = 0;
++ }
++
++ i = CardServices(RequestConfiguration, link->handle, &link->conf);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestConfiguration, i);
++ goto failed;
++ }
++
++ MOD_INC_USE_COUNT;
++
++ if (bluecard_open(info) != 0)
++ goto failed;
++
++ strcpy(info->node.dev_name, info->hdev.name);
++ link->dev = &info->node;
++ link->state &= ~DEV_CONFIG_PENDING;
++
++ return;
++
++cs_failed:
++ cs_error(link->handle, last_fn, last_ret);
++
++failed:
++ bluecard_release((u_long)link);
++}
++
++
++void bluecard_release(u_long arg)
++{
++ dev_link_t *link = (dev_link_t *)arg;
++ bluecard_info_t *info = link->priv;
++
++ if (link->state & DEV_PRESENT)
++ bluecard_close(info);
++
++ MOD_DEC_USE_COUNT;
++
++ link->dev = NULL;
++
++ CardServices(ReleaseConfiguration, link->handle);
++ CardServices(ReleaseIO, link->handle, &link->io);
++ CardServices(ReleaseIRQ, link->handle, &link->irq);
++
++ link->state &= ~DEV_CONFIG;
++}
++
++
++int bluecard_event(event_t event, int priority, event_callback_args_t *args)
++{
++ dev_link_t *link = args->client_data;
++ bluecard_info_t *info = link->priv;
++
++ switch (event) {
++ case CS_EVENT_CARD_REMOVAL:
++ link->state &= ~DEV_PRESENT;
++ if (link->state & DEV_CONFIG) {
++ bluecard_close(info);
++ mod_timer(&link->release, jiffies + HZ / 20);
++ }
++ break;
++ case CS_EVENT_CARD_INSERTION:
++ link->state |= DEV_PRESENT | DEV_CONFIG_PENDING;
++ bluecard_config(link);
++ break;
++ case CS_EVENT_PM_SUSPEND:
++ link->state |= DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_RESET_PHYSICAL:
++ if (link->state & DEV_CONFIG)
++ CardServices(ReleaseConfiguration, link->handle);
++ break;
++ case CS_EVENT_PM_RESUME:
++ link->state &= ~DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_CARD_RESET:
++ if (DEV_OK(link))
++ CardServices(RequestConfiguration, link->handle, &link->conf);
++ break;
++ }
++
++ return 0;
++}
++
++
++
++/* ======================== Module initialization ======================== */
++
++
++int __init init_bluecard_cs(void)
++{
++ servinfo_t serv;
++ int err;
++
++ CardServices(GetCardServicesInfo, &serv);
++ if (serv.Revision != CS_RELEASE_CODE) {
++ printk(KERN_NOTICE "bluecard_cs: Card Services release does not match!\n");
++ return -1;
++ }
++
++ err = register_pccard_driver(&dev_info, &bluecard_attach, &bluecard_detach);
++
++ return err;
++}
++
++
++void __exit exit_bluecard_cs(void)
++{
++ unregister_pccard_driver(&dev_info);
++
++ while (dev_list != NULL)
++ bluecard_detach(dev_list);
++}
++
++
++module_init(init_bluecard_cs);
++module_exit(exit_bluecard_cs);
++
++EXPORT_NO_SYMBOLS;
+diff -urN linux-2.4.18/drivers/bluetooth/bt3c_cs.c linux-2.4.18-mh9/drivers/bluetooth/bt3c_cs.c
+--- linux-2.4.18/drivers/bluetooth/bt3c_cs.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/bt3c_cs.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,946 @@
++/*
++ *
++ * Driver for the 3Com Bluetooth PCMCIA card
++ *
++ * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
++ * Jose Orlando Pereira <jop@di.uminho.pt>
++ *
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation;
++ *
++ * Software distributed under the License is distributed on an "AS
++ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
++ * implied. See the License for the specific language governing
++ * rights and limitations under the License.
++ *
++ * The initial developer of the original code is David A. Hinds
++ * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
++ * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#define __KERNEL_SYSCALLS__
++
++#include <linux/kernel.h>
++#include <linux/kmod.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/delay.h>
++#include <linux/timer.h>
++#include <linux/errno.h>
++#include <linux/unistd.h>
++#include <linux/ptrace.h>
++#include <linux/ioport.h>
++#include <linux/spinlock.h>
++
++#include <linux/skbuff.h>
++#include <linux/string.h>
++#include <linux/serial.h>
++#include <linux/serial_reg.h>
++#include <asm/system.h>
++#include <asm/bitops.h>
++#include <asm/io.h>
++
++#include <pcmcia/version.h>
++#include <pcmcia/cs_types.h>
++#include <pcmcia/cs.h>
++#include <pcmcia/cistpl.h>
++#include <pcmcia/ciscode.h>
++#include <pcmcia/ds.h>
++#include <pcmcia/cisreg.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++
++
++/* ======================== Module parameters ======================== */
++
++
++/* Bit map of interrupts to choose from */
++static u_int irq_mask = 0xffff;
++static int irq_list[4] = { -1 };
++
++MODULE_PARM(irq_mask, "i");
++MODULE_PARM(irq_list, "1-4i");
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>, Jose Orlando Pereira <jop@di.uminho.pt>");
++MODULE_DESCRIPTION("BlueZ driver for the 3Com Bluetooth PCMCIA card");
++MODULE_LICENSE("GPL");
++
++
++
++/* ======================== Local structures ======================== */
++
++
++typedef struct bt3c_info_t {
++ dev_link_t link;
++ dev_node_t node;
++
++ struct hci_dev hdev;
++
++ spinlock_t lock; /* For serializing operations */
++
++ struct sk_buff_head txq;
++ unsigned long tx_state;
++
++ unsigned long rx_state;
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++} bt3c_info_t;
++
++
++void bt3c_config(dev_link_t *link);
++void bt3c_release(u_long arg);
++int bt3c_event(event_t event, int priority, event_callback_args_t *args);
++
++static dev_info_t dev_info = "bt3c_cs";
++
++dev_link_t *bt3c_attach(void);
++void bt3c_detach(dev_link_t *);
++
++static dev_link_t *dev_list = NULL;
++
++
++/* Transmit states */
++#define XMIT_SENDING 1
++#define XMIT_WAKEUP 2
++#define XMIT_WAITING 8
++
++/* Receiver states */
++#define RECV_WAIT_PACKET_TYPE 0
++#define RECV_WAIT_EVENT_HEADER 1
++#define RECV_WAIT_ACL_HEADER 2
++#define RECV_WAIT_SCO_HEADER 3
++#define RECV_WAIT_DATA 4
++
++
++
++/* ======================== Special I/O functions ======================== */
++
++
++#define DATA_L 0
++#define DATA_H 1
++#define ADDR_L 2
++#define ADDR_H 3
++#define CONTROL 4
++
++
++inline void bt3c_address(unsigned int iobase, unsigned short addr)
++{
++ outb(addr & 0xff, iobase + ADDR_L);
++ outb((addr >> 8) & 0xff, iobase + ADDR_H);
++}
++
++
++inline void bt3c_put(unsigned int iobase, unsigned short value)
++{
++ outb(value & 0xff, iobase + DATA_L);
++ outb((value >> 8) & 0xff, iobase + DATA_H);
++}
++
++
++inline void bt3c_io_write(unsigned int iobase, unsigned short addr, unsigned short value)
++{
++ bt3c_address(iobase, addr);
++ bt3c_put(iobase, value);
++}
++
++
++inline unsigned short bt3c_get(unsigned int iobase)
++{
++ unsigned short value = inb(iobase + DATA_L);
++
++ value |= inb(iobase + DATA_H) << 8;
++
++ return value;
++}
++
++
++inline unsigned short bt3c_read(unsigned int iobase, unsigned short addr)
++{
++ bt3c_address(iobase, addr);
++
++ return bt3c_get(iobase);
++}
++
++
++
++/* ======================== Interrupt handling ======================== */
++
++
++static int bt3c_write(unsigned int iobase, int fifo_size, __u8 *buf, int len)
++{
++ int actual = 0;
++
++ bt3c_address(iobase, 0x7080);
++
++ /* Fill FIFO with current frame */
++ while (actual < len) {
++ /* Transmit next byte */
++ bt3c_put(iobase, buf[actual]);
++ actual++;
++ }
++
++ bt3c_io_write(iobase, 0x7005, actual);
++
++ return actual;
++}
++
++
++static void bt3c_write_wakeup(bt3c_info_t *info, int from)
++{
++ unsigned long flags;
++
++ if (!info) {
++ printk(KERN_WARNING "bt3c_cs: Call of write_wakeup for unknown device.\n");
++ return;
++ }
++
++ if (test_and_set_bit(XMIT_SENDING, &(info->tx_state)))
++ return;
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ do {
++ register unsigned int iobase = info->link.io.BasePort1;
++ register struct sk_buff *skb;
++ register int len;
++
++ if (!(info->link.state & DEV_PRESENT))
++ break;
++
++
++ if (!(skb = skb_dequeue(&(info->txq)))) {
++ clear_bit(XMIT_SENDING, &(info->tx_state));
++ break;
++ }
++
++ /* Send frame */
++ len = bt3c_write(iobase, 256, skb->data, skb->len);
++
++ if (len != skb->len) {
++ printk(KERN_WARNING "bt3c_cs: very strange\n");
++ }
++
++ kfree_skb(skb);
++
++ info->hdev.stat.byte_tx += len;
++
++ } while (0);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++}
++
++
++static void bt3c_receive(bt3c_info_t *info)
++{
++ unsigned int iobase;
++ int size = 0, avail;
++
++ if (!info) {
++ printk(KERN_WARNING "bt3c_cs: Call of receive for unknown device.\n");
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ avail = bt3c_read(iobase, 0x7006);
++ //printk("bt3c_cs: receiving %d bytes\n", avail);
++
++ bt3c_address(iobase, 0x7480);
++ while (size < avail) {
++ size++;
++ info->hdev.stat.byte_rx++;
++
++ /* Allocate packet */
++ if (info->rx_skb == NULL) {
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ if (!(info->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
++ printk(KERN_WARNING "bt3c_cs: Can't allocate mem for new packet.\n");
++ return;
++ }
++ }
++
++
++ if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
++
++ info->rx_skb->dev = (void *)&(info->hdev);
++ info->rx_skb->pkt_type = inb(iobase + DATA_L);
++ inb(iobase + DATA_H);
++ //printk("bt3c: PACKET_TYPE=%02x\n", info->rx_skb->pkt_type);
++
++ switch (info->rx_skb->pkt_type) {
++
++ case HCI_EVENT_PKT:
++ info->rx_state = RECV_WAIT_EVENT_HEADER;
++ info->rx_count = HCI_EVENT_HDR_SIZE;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ info->rx_state = RECV_WAIT_ACL_HEADER;
++ info->rx_count = HCI_ACL_HDR_SIZE;
++ break;
++
++ case HCI_SCODATA_PKT:
++ info->rx_state = RECV_WAIT_SCO_HEADER;
++ info->rx_count = HCI_SCO_HDR_SIZE;
++ break;
++
++ default:
++ /* Unknown packet */
++ printk(KERN_WARNING "bt3c_cs: Unknown HCI packet with type 0x%02x received.\n", info->rx_skb->pkt_type);
++ info->hdev.stat.err_rx++;
++ clear_bit(HCI_RUNNING, &(info->hdev.flags));
++
++ kfree_skb(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ } else {
++
++ __u8 x = inb(iobase + DATA_L);
++
++ *skb_put(info->rx_skb, 1) = x;
++ inb(iobase + DATA_H);
++ info->rx_count--;
++
++ if (info->rx_count == 0) {
++
++ int dlen;
++ hci_event_hdr *eh;
++ hci_acl_hdr *ah;
++ hci_sco_hdr *sh;
++
++ switch (info->rx_state) {
++
++ case RECV_WAIT_EVENT_HEADER:
++ eh = (hci_event_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = eh->plen;
++ break;
++
++ case RECV_WAIT_ACL_HEADER:
++ ah = (hci_acl_hdr *)(info->rx_skb->data);
++ dlen = __le16_to_cpu(ah->dlen);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = dlen;
++ break;
++
++ case RECV_WAIT_SCO_HEADER:
++ sh = (hci_sco_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = sh->dlen;
++ break;
++
++ case RECV_WAIT_DATA:
++ hci_recv_frame(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ }
++
++ }
++
++ }
++
++ bt3c_io_write(iobase, 0x7006, 0x0000);
++}
++
++
++void bt3c_interrupt(int irq, void *dev_inst, struct pt_regs *regs)
++{
++ bt3c_info_t *info = dev_inst;
++ unsigned int iobase;
++ int iir;
++
++ if (!info) {
++ printk(KERN_WARNING "bt3c_cs: Call of irq %d for unknown device.\n", irq);
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ spin_lock(&(info->lock));
++
++ iir = inb(iobase + CONTROL);
++ if (iir & 0x80) {
++ int stat = bt3c_read(iobase, 0x7001);
++
++ if ((stat & 0xff) == 0x7f) {
++ printk(KERN_WARNING "bt3c_cs: STRANGE stat=%04x\n", stat);
++ } else if ((stat & 0xff) != 0xff) {
++ if (stat & 0x0020) {
++ int stat = bt3c_read(iobase, 0x7002) & 0x10;
++ printk(KERN_WARNING "bt3c_cs: antena %s\n", stat ? "OUT" : "IN");
++ }
++ if (stat & 0x0001)
++ bt3c_receive(info);
++ if (stat & 0x0002) {
++ //printk("bt3c_cs: ACK %04x\n", stat);
++ clear_bit(XMIT_SENDING, &(info->tx_state));
++ bt3c_write_wakeup(info, 1);
++ }
++
++ bt3c_io_write(iobase, 0x7001, 0x0000);
++
++ outb(iir, iobase + CONTROL);
++ }
++ }
++
++ spin_unlock(&(info->lock));
++}
++
++
++
++
++/* ======================== HCI interface ======================== */
++
++
++static int bt3c_hci_flush(struct hci_dev *hdev)
++{
++ bt3c_info_t *info = (bt3c_info_t *)(hdev->driver_data);
++
++ /* Drop TX queue */
++ skb_queue_purge(&(info->txq));
++
++ return 0;
++}
++
++
++static int bt3c_hci_open(struct hci_dev *hdev)
++{
++ set_bit(HCI_RUNNING, &(hdev->flags));
++
++ return 0;
++}
++
++
++static int bt3c_hci_close(struct hci_dev *hdev)
++{
++ if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
++ return 0;
++
++ bt3c_hci_flush(hdev);
++
++ return 0;
++}
++
++
++static int bt3c_hci_send_frame(struct sk_buff *skb)
++{
++ bt3c_info_t *info;
++ struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
++
++ if (!hdev) {
++ printk(KERN_WARNING "bt3c_cs: Frame for unknown HCI device (hdev=NULL).");
++ return -ENODEV;
++ }
++
++ info = (bt3c_info_t *) (hdev->driver_data);
++
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ break;
++ };
++
++ /* Prepend skb with frame type */
++ memcpy(skb_push(skb, 1), &(skb->pkt_type), 1);
++ skb_queue_tail(&(info->txq), skb);
++
++ bt3c_write_wakeup(info, 0);
++
++ return 0;
++}
++
++
++static void bt3c_hci_destruct(struct hci_dev *hdev)
++{
++}
++
++
++static int bt3c_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
++{
++ return -ENOIOCTLCMD;
++}
++
++
++
++/* ======================== User mode firmware loader ======================== */
++
++
++#define FW_LOADER "/sbin/bluefw"
++static int errno;
++
++
++static int bt3c_fw_loader_exec(void *dev)
++{
++ char *argv[] = { FW_LOADER, "pccard", dev, NULL };
++ char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
++ int err;
++
++ err = exec_usermodehelper(FW_LOADER, argv, envp);
++ if (err)
++ printk(KERN_WARNING "bt3c_cs: Failed to exec \"%s pccard %s\".\n", FW_LOADER, (char *)dev);
++
++ return err;
++}
++
++
++static int bt3c_firmware_load(bt3c_info_t *info)
++{
++ sigset_t tmpsig;
++ char dev[16];
++ pid_t pid;
++ int result;
++
++ /* Check if root fs is mounted */
++ if (!current->fs->root) {
++ printk(KERN_WARNING "bt3c_cs: Root filesystem is not mounted.\n");
++ return -EPERM;
++ }
++
++ sprintf(dev, "%04x", info->link.io.BasePort1);
++
++ pid = kernel_thread(bt3c_fw_loader_exec, (void *)dev, 0);
++ if (pid < 0) {
++ printk(KERN_WARNING "bt3c_cs: Forking of kernel thread failed (errno=%d).\n", -pid);
++ return pid;
++ }
++
++ /* Block signals, everything but SIGKILL/SIGSTOP */
++ spin_lock_irq(&current->sigmask_lock);
++ tmpsig = current->blocked;
++ siginitsetinv(&current->blocked, sigmask(SIGKILL) | sigmask(SIGSTOP));
++ recalc_sigpending(current);
++ spin_unlock_irq(&current->sigmask_lock);
++
++ result = waitpid(pid, NULL, __WCLONE);
++
++ /* Allow signals again */
++ spin_lock_irq(&current->sigmask_lock);
++ current->blocked = tmpsig;
++ recalc_sigpending(current);
++ spin_unlock_irq(&current->sigmask_lock);
++
++ if (result != pid) {
++ printk(KERN_WARNING "bt3c_cs: Waiting for pid %d failed (errno=%d).\n", pid, -result);
++ return -result;
++ }
++
++ return 0;
++}
++
++
++
++/* ======================== Card services HCI interaction ======================== */
++
++
++int bt3c_open(bt3c_info_t *info)
++{
++ struct hci_dev *hdev;
++ int err;
++
++ spin_lock_init(&(info->lock));
++
++ skb_queue_head_init(&(info->txq));
++
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ info->rx_skb = NULL;
++
++ /* Load firmware */
++
++ if ((err = bt3c_firmware_load(info)) < 0)
++ return err;
++
++ /* Timeout before it is safe to send the first HCI packet */
++
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule_timeout(HZ);
++
++
++ /* Initialize and register HCI device */
++
++ hdev = &(info->hdev);
++
++ hdev->type = HCI_PCCARD;
++ hdev->driver_data = info;
++
++ hdev->open = bt3c_hci_open;
++ hdev->close = bt3c_hci_close;
++ hdev->flush = bt3c_hci_flush;
++ hdev->send = bt3c_hci_send_frame;
++ hdev->destruct = bt3c_hci_destruct;
++ hdev->ioctl = bt3c_hci_ioctl;
++
++ if (hci_register_dev(hdev) < 0) {
++ printk(KERN_WARNING "bt3c_cs: Can't register HCI device %s.\n", hdev->name);
++ return -ENODEV;
++ }
++
++ return 0;
++}
++
++
++int bt3c_close(bt3c_info_t *info)
++{
++ struct hci_dev *hdev = &(info->hdev);
++
++ bt3c_hci_close(hdev);
++
++ if (hci_unregister_dev(hdev) < 0)
++ printk(KERN_WARNING "bt3c_cs: Can't unregister HCI device %s.\n", hdev->name);
++
++ return 0;
++}
++
++
++
++/* ======================== Card services ======================== */
++
++
++static void cs_error(client_handle_t handle, int func, int ret)
++{
++ error_info_t err = { func, ret };
++
++ CardServices(ReportError, handle, &err);
++}
++
++
++dev_link_t *bt3c_attach(void)
++{
++ bt3c_info_t *info;
++ client_reg_t client_reg;
++ dev_link_t *link;
++ int i, ret;
++
++ /* Create new info device */
++ info = kmalloc(sizeof(*info), GFP_KERNEL);
++ if (!info)
++ return NULL;
++ memset(info, 0, sizeof(*info));
++
++ link = &info->link;
++ link->priv = info;
++
++ link->release.function = &bt3c_release;
++ link->release.data = (u_long)link;
++ link->io.Attributes1 = IO_DATA_PATH_WIDTH_8;
++ link->io.NumPorts1 = 8;
++ link->irq.Attributes = IRQ_TYPE_EXCLUSIVE | IRQ_HANDLE_PRESENT;
++ link->irq.IRQInfo1 = IRQ_INFO2_VALID | IRQ_LEVEL_ID;
++
++ if (irq_list[0] == -1)
++ link->irq.IRQInfo2 = irq_mask;
++ else
++ for (i = 0; i < 4; i++)
++ link->irq.IRQInfo2 |= 1 << irq_list[i];
++
++ link->irq.Handler = bt3c_interrupt;
++ link->irq.Instance = info;
++
++ link->conf.Attributes = CONF_ENABLE_IRQ;
++ link->conf.Vcc = 50;
++ link->conf.IntType = INT_MEMORY_AND_IO;
++
++ /* Register with Card Services */
++ link->next = dev_list;
++ dev_list = link;
++ client_reg.dev_info = &dev_info;
++ client_reg.Attributes = INFO_IO_CLIENT | INFO_CARD_SHARE;
++ client_reg.EventMask =
++ CS_EVENT_CARD_INSERTION | CS_EVENT_CARD_REMOVAL |
++ CS_EVENT_RESET_PHYSICAL | CS_EVENT_CARD_RESET |
++ CS_EVENT_PM_SUSPEND | CS_EVENT_PM_RESUME;
++ client_reg.event_handler = &bt3c_event;
++ client_reg.Version = 0x0210;
++ client_reg.event_callback_args.client_data = link;
++
++ ret = CardServices(RegisterClient, &link->handle, &client_reg);
++ if (ret != CS_SUCCESS) {
++ cs_error(link->handle, RegisterClient, ret);
++ bt3c_detach(link);
++ return NULL;
++ }
++
++ return link;
++}
++
++
++void bt3c_detach(dev_link_t *link)
++{
++ bt3c_info_t *info = link->priv;
++ dev_link_t **linkp;
++ int ret;
++
++ /* Locate device structure */
++ for (linkp = &dev_list; *linkp; linkp = &(*linkp)->next)
++ if (*linkp == link)
++ break;
++
++ if (*linkp == NULL)
++ return;
++
++ del_timer(&link->release);
++
++ if (link->state & DEV_CONFIG)
++ bt3c_release((u_long)link);
++
++ if (link->handle) {
++ ret = CardServices(DeregisterClient, link->handle);
++ if (ret != CS_SUCCESS)
++ cs_error(link->handle, DeregisterClient, ret);
++ }
++
++ /* Unlink device structure, free bits */
++ *linkp = link->next;
++
++ kfree(info);
++}
++
++
++static int get_tuple(int fn, client_handle_t handle, tuple_t *tuple, cisparse_t *parse)
++{
++ int i;
++
++ i = CardServices(fn, handle, tuple);
++ if (i != CS_SUCCESS)
++ return CS_NO_MORE_ITEMS;
++
++ i = CardServices(GetTupleData, handle, tuple);
++ if (i != CS_SUCCESS)
++ return i;
++
++ return CardServices(ParseTuple, handle, tuple, parse);
++}
++
++
++#define first_tuple(a, b, c) get_tuple(GetFirstTuple, a, b, c)
++#define next_tuple(a, b, c) get_tuple(GetNextTuple, a, b, c)
++
++void bt3c_config(dev_link_t *link)
++{
++ static ioaddr_t base[5] = { 0x3f8, 0x2f8, 0x3e8, 0x2e8, 0x0 };
++ client_handle_t handle = link->handle;
++ bt3c_info_t *info = link->priv;
++ tuple_t tuple;
++ u_short buf[256];
++ cisparse_t parse;
++ cistpl_cftable_entry_t *cf = &parse.cftable_entry;
++ config_info_t config;
++ int i, j, try, last_ret, last_fn;
++
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++
++ /* Get configuration register information */
++ tuple.DesiredTuple = CISTPL_CONFIG;
++ last_ret = first_tuple(handle, &tuple, &parse);
++ if (last_ret != CS_SUCCESS) {
++ last_fn = ParseTuple;
++ goto cs_failed;
++ }
++ link->conf.ConfigBase = parse.config.base;
++ link->conf.Present = parse.config.rmask[0];
++
++ /* Configure card */
++ link->state |= DEV_CONFIG;
++ i = CardServices(GetConfigurationInfo, handle, &config);
++ link->conf.Vcc = config.Vcc;
++
++ /* First pass: look for a config entry that looks normal. */
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++ tuple.DesiredTuple = CISTPL_CFTABLE_ENTRY;
++ /* Two tries: without IO aliases, then with aliases */
++ for (try = 0; try < 2; try++) {
++ i = first_tuple(handle, &tuple, &parse);
++ while (i != CS_NO_MORE_ITEMS) {
++ if (i != CS_SUCCESS)
++ goto next_entry;
++ if (cf->vpp1.present & (1 << CISTPL_POWER_VNOM))
++ link->conf.Vpp1 = link->conf.Vpp2 = cf->vpp1.param[CISTPL_POWER_VNOM] / 10000;
++ if ((cf->io.nwin > 0) && (cf->io.win[0].len == 8) && (cf->io.win[0].base != 0)) {
++ link->conf.ConfigIndex = cf->index;
++ link->io.BasePort1 = cf->io.win[0].base;
++ link->io.IOAddrLines = (try == 0) ? 16 : cf->io.flags & CISTPL_IO_LINES_MASK;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ goto found_port;
++ }
++next_entry:
++ i = next_tuple(handle, &tuple, &parse);
++ }
++ }
++
++ /* Second pass: try to find an entry that isn't picky about
++ its base address, then try to grab any standard serial port
++ address, and finally try to get any free port. */
++ i = first_tuple(handle, &tuple, &parse);
++ while (i != CS_NO_MORE_ITEMS) {
++ if ((i == CS_SUCCESS) && (cf->io.nwin > 0) && ((cf->io.flags & CISTPL_IO_LINES_MASK) <= 3)) {
++ link->conf.ConfigIndex = cf->index;
++ for (j = 0; j < 5; j++) {
++ link->io.BasePort1 = base[j];
++ link->io.IOAddrLines = base[j] ? 16 : 3;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ goto found_port;
++ }
++ }
++ i = next_tuple(handle, &tuple, &parse);
++ }
++
++found_port:
++ if (i != CS_SUCCESS) {
++ printk(KERN_NOTICE "bt3c_cs: No usable port range found. Giving up.\n");
++ cs_error(link->handle, RequestIO, i);
++ goto failed;
++ }
++
++ i = CardServices(RequestIRQ, link->handle, &link->irq);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIRQ, i);
++ link->irq.AssignedIRQ = 0;
++ }
++
++ i = CardServices(RequestConfiguration, link->handle, &link->conf);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestConfiguration, i);
++ goto failed;
++ }
++
++ MOD_INC_USE_COUNT;
++
++ if (bt3c_open(info) != 0)
++ goto failed;
++
++ strcpy(info->node.dev_name, info->hdev.name);
++ link->dev = &info->node;
++ link->state &= ~DEV_CONFIG_PENDING;
++
++ return;
++
++cs_failed:
++ cs_error(link->handle, last_fn, last_ret);
++
++failed:
++ bt3c_release((u_long)link);
++}
++
++
++void bt3c_release(u_long arg)
++{
++ dev_link_t *link = (dev_link_t *)arg;
++ bt3c_info_t *info = link->priv;
++
++ if (link->state & DEV_PRESENT)
++ bt3c_close(info);
++
++ MOD_DEC_USE_COUNT;
++
++ link->dev = NULL;
++
++ CardServices(ReleaseConfiguration, link->handle);
++ CardServices(ReleaseIO, link->handle, &link->io);
++ CardServices(ReleaseIRQ, link->handle, &link->irq);
++
++ link->state &= ~DEV_CONFIG;
++}
++
++
++int bt3c_event(event_t event, int priority, event_callback_args_t *args)
++{
++ dev_link_t *link = args->client_data;
++ bt3c_info_t *info = link->priv;
++
++ switch (event) {
++ case CS_EVENT_CARD_REMOVAL:
++ link->state &= ~DEV_PRESENT;
++ if (link->state & DEV_CONFIG) {
++ bt3c_close(info);
++ mod_timer(&link->release, jiffies + HZ / 20);
++ }
++ break;
++ case CS_EVENT_CARD_INSERTION:
++ link->state |= DEV_PRESENT | DEV_CONFIG_PENDING;
++ bt3c_config(link);
++ break;
++ case CS_EVENT_PM_SUSPEND:
++ link->state |= DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_RESET_PHYSICAL:
++ if (link->state & DEV_CONFIG)
++ CardServices(ReleaseConfiguration, link->handle);
++ break;
++ case CS_EVENT_PM_RESUME:
++ link->state &= ~DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_CARD_RESET:
++ if (DEV_OK(link))
++ CardServices(RequestConfiguration, link->handle, &link->conf);
++ break;
++ }
++
++ return 0;
++}
++
++
++
++/* ======================== Module initialization ======================== */
++
++
++int __init init_bt3c_cs(void)
++{
++ servinfo_t serv;
++ int err;
++
++ CardServices(GetCardServicesInfo, &serv);
++ if (serv.Revision != CS_RELEASE_CODE) {
++ printk(KERN_NOTICE "bt3c_cs: Card Services release does not match!\n");
++ return -1;
++ }
++
++ err = register_pccard_driver(&dev_info, &bt3c_attach, &bt3c_detach);
++
++ return err;
++}
++
++
++void __exit exit_bt3c_cs(void)
++{
++ unregister_pccard_driver(&dev_info);
++
++ while (dev_list != NULL)
++ bt3c_detach(dev_list);
++}
++
++
++module_init(init_bt3c_cs);
++module_exit(exit_bt3c_cs);
++
++EXPORT_NO_SYMBOLS;
+diff -urN linux-2.4.18/drivers/bluetooth/btuart_cs.c linux-2.4.18-mh9/drivers/bluetooth/btuart_cs.c
+--- linux-2.4.18/drivers/bluetooth/btuart_cs.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/btuart_cs.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,906 @@
++/*
++ *
++ * Driver for Bluetooth PCMCIA cards with HCI UART interface
++ *
++ * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation;
++ *
++ * Software distributed under the License is distributed on an "AS
++ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
++ * implied. See the License for the specific language governing
++ * rights and limitations under the License.
++ *
++ * The initial developer of the original code is David A. Hinds
++ * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
++ * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/timer.h>
++#include <linux/errno.h>
++#include <linux/ptrace.h>
++#include <linux/ioport.h>
++#include <linux/spinlock.h>
++
++#include <linux/skbuff.h>
++#include <linux/string.h>
++#include <linux/serial.h>
++#include <linux/serial_reg.h>
++#include <asm/system.h>
++#include <asm/bitops.h>
++#include <asm/io.h>
++
++#include <pcmcia/version.h>
++#include <pcmcia/cs_types.h>
++#include <pcmcia/cs.h>
++#include <pcmcia/cistpl.h>
++#include <pcmcia/ciscode.h>
++#include <pcmcia/ds.h>
++#include <pcmcia/cisreg.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++
++
++/* ======================== Module parameters ======================== */
++
++
++/* Bit map of interrupts to choose from */
++static u_int irq_mask = 0xffff;
++static int irq_list[4] = { -1 };
++
++MODULE_PARM(irq_mask, "i");
++MODULE_PARM(irq_list, "1-4i");
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueZ driver for Bluetooth PCMCIA cards with HCI UART interface");
++MODULE_LICENSE("GPL");
++
++
++
++/* ======================== Local structures ======================== */
++
++
++typedef struct btuart_info_t {
++ dev_link_t link;
++ dev_node_t node;
++
++ struct hci_dev hdev;
++
++ spinlock_t lock; /* For serializing operations */
++
++ struct sk_buff_head txq;
++ unsigned long tx_state;
++
++ unsigned long rx_state;
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++} btuart_info_t;
++
++
++void btuart_config(dev_link_t *link);
++void btuart_release(u_long arg);
++int btuart_event(event_t event, int priority, event_callback_args_t *args);
++
++static dev_info_t dev_info = "btuart_cs";
++
++dev_link_t *btuart_attach(void);
++void btuart_detach(dev_link_t *);
++
++static dev_link_t *dev_list = NULL;
++
++
++/* Maximum baud rate */
++#define SPEED_MAX 115200
++
++/* Default baud rate: 57600, 115200, 230400 or 460800 */
++#define DEFAULT_BAUD_RATE 115200
++
++
++/* Transmit states */
++#define XMIT_SENDING 1
++#define XMIT_WAKEUP 2
++#define XMIT_WAITING 8
++
++/* Receiver states */
++#define RECV_WAIT_PACKET_TYPE 0
++#define RECV_WAIT_EVENT_HEADER 1
++#define RECV_WAIT_ACL_HEADER 2
++#define RECV_WAIT_SCO_HEADER 3
++#define RECV_WAIT_DATA 4
++
++
++
++/* ======================== Interrupt handling ======================== */
++
++
++static int btuart_write(unsigned int iobase, int fifo_size, __u8 *buf, int len)
++{
++ int actual = 0;
++
++ /* Tx FIFO should be empty */
++ if (!(inb(iobase + UART_LSR) & UART_LSR_THRE))
++ return 0;
++
++ /* Fill FIFO with current frame */
++ while ((fifo_size-- > 0) && (actual < len)) {
++ /* Transmit next byte */
++ outb(buf[actual], iobase + UART_TX);
++ actual++;
++ }
++
++ return actual;
++}
++
++
++static void btuart_write_wakeup(btuart_info_t *info)
++{
++ if (!info) {
++ printk(KERN_WARNING "btuart_cs: Call of write_wakeup for unknown device.\n");
++ return;
++ }
++
++ if (test_and_set_bit(XMIT_SENDING, &(info->tx_state))) {
++ set_bit(XMIT_WAKEUP, &(info->tx_state));
++ return;
++ }
++
++ do {
++ register unsigned int iobase = info->link.io.BasePort1;
++ register struct sk_buff *skb;
++ register int len;
++
++ clear_bit(XMIT_WAKEUP, &(info->tx_state));
++
++ if (!(info->link.state & DEV_PRESENT))
++ return;
++
++ if (!(skb = skb_dequeue(&(info->txq))))
++ break;
++
++ /* Send frame */
++ len = btuart_write(iobase, 16, skb->data, skb->len);
++ set_bit(XMIT_WAKEUP, &(info->tx_state));
++
++ if (len == skb->len) {
++ kfree_skb(skb);
++ } else {
++ skb_pull(skb, len);
++ skb_queue_head(&(info->txq), skb);
++ }
++
++ info->hdev.stat.byte_tx += len;
++
++ } while (test_bit(XMIT_WAKEUP, &(info->tx_state)));
++
++ clear_bit(XMIT_SENDING, &(info->tx_state));
++}
++
++
++static void btuart_receive(btuart_info_t *info)
++{
++ unsigned int iobase;
++ int boguscount = 0;
++
++ if (!info) {
++ printk(KERN_WARNING "btuart_cs: Call of receive for unknown device.\n");
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ do {
++ info->hdev.stat.byte_rx++;
++
++ /* Allocate packet */
++ if (info->rx_skb == NULL) {
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ if (!(info->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
++ printk(KERN_WARNING "btuart_cs: Can't allocate mem for new packet.\n");
++ return;
++ }
++ }
++
++ if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
++
++ info->rx_skb->dev = (void *)&(info->hdev);
++ info->rx_skb->pkt_type = inb(iobase + UART_RX);
++
++ switch (info->rx_skb->pkt_type) {
++
++ case HCI_EVENT_PKT:
++ info->rx_state = RECV_WAIT_EVENT_HEADER;
++ info->rx_count = HCI_EVENT_HDR_SIZE;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ info->rx_state = RECV_WAIT_ACL_HEADER;
++ info->rx_count = HCI_ACL_HDR_SIZE;
++ break;
++
++ case HCI_SCODATA_PKT:
++ info->rx_state = RECV_WAIT_SCO_HEADER;
++ info->rx_count = HCI_SCO_HDR_SIZE;
++ break;
++
++ default:
++ /* Unknown packet */
++ printk(KERN_WARNING "btuart_cs: Unknown HCI packet with type 0x%02x received.\n", info->rx_skb->pkt_type);
++ info->hdev.stat.err_rx++;
++ clear_bit(HCI_RUNNING, &(info->hdev.flags));
++
++ kfree_skb(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ } else {
++
++ *skb_put(info->rx_skb, 1) = inb(iobase + UART_RX);
++ info->rx_count--;
++
++ if (info->rx_count == 0) {
++
++ int dlen;
++ hci_event_hdr *eh;
++ hci_acl_hdr *ah;
++ hci_sco_hdr *sh;
++
++
++ switch (info->rx_state) {
++
++ case RECV_WAIT_EVENT_HEADER:
++ eh = (hci_event_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = eh->plen;
++ break;
++
++ case RECV_WAIT_ACL_HEADER:
++ ah = (hci_acl_hdr *)(info->rx_skb->data);
++ dlen = __le16_to_cpu(ah->dlen);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = dlen;
++ break;
++
++ case RECV_WAIT_SCO_HEADER:
++ sh = (hci_sco_hdr *)(info->rx_skb->data);
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = sh->dlen;
++ break;
++
++ case RECV_WAIT_DATA:
++ hci_recv_frame(info->rx_skb);
++ info->rx_skb = NULL;
++ break;
++
++ }
++
++ }
++
++ }
++
++ /* Make sure we don't stay here to long */
++ if (boguscount++ > 16)
++ break;
++
++ } while (inb(iobase + UART_LSR) & UART_LSR_DR);
++}
++
++
++void btuart_interrupt(int irq, void *dev_inst, struct pt_regs *regs)
++{
++ btuart_info_t *info = dev_inst;
++ unsigned int iobase;
++ int boguscount = 0;
++ int iir, lsr;
++
++ if (!info) {
++ printk(KERN_WARNING "btuart_cs: Call of irq %d for unknown device.\n", irq);
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ spin_lock(&(info->lock));
++
++ iir = inb(iobase + UART_IIR) & UART_IIR_ID;
++ while (iir) {
++
++ /* Clear interrupt */
++ lsr = inb(iobase + UART_LSR);
++
++ switch (iir) {
++ case UART_IIR_RLSI:
++ printk(KERN_NOTICE "btuart_cs: RLSI\n");
++ break;
++ case UART_IIR_RDI:
++ /* Receive interrupt */
++ btuart_receive(info);
++ break;
++ case UART_IIR_THRI:
++ if (lsr & UART_LSR_THRE) {
++ /* Transmitter ready for data */
++ btuart_write_wakeup(info);
++ }
++ break;
++ default:
++ printk(KERN_NOTICE "btuart_cs: Unhandled IIR=%#x\n", iir);
++ break;
++ }
++
++ /* Make sure we don't stay here to long */
++ if (boguscount++ > 100)
++ break;
++
++ iir = inb(iobase + UART_IIR) & UART_IIR_ID;
++
++ }
++
++ spin_unlock(&(info->lock));
++}
++
++
++static void btuart_change_speed(btuart_info_t *info, unsigned int speed)
++{
++ unsigned long flags;
++ unsigned int iobase;
++ int fcr; /* FIFO control reg */
++ int lcr; /* Line control reg */
++ int divisor;
++
++ if (!info) {
++ printk(KERN_WARNING "btuart_cs: Call of change speed for unknown device.\n");
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ /* Turn off interrupts */
++ outb(0, iobase + UART_IER);
++
++ divisor = SPEED_MAX / speed;
++
++ fcr = UART_FCR_ENABLE_FIFO | UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT;
++
++ /*
++ * Use trigger level 1 to avoid 3 ms. timeout delay at 9600 bps, and
++ * almost 1,7 ms at 19200 bps. At speeds above that we can just forget
++ * about this timeout since it will always be fast enough.
++ */
++
++ if (speed < 38400)
++ fcr |= UART_FCR_TRIGGER_1;
++ else
++ fcr |= UART_FCR_TRIGGER_14;
++
++ /* Bluetooth cards use 8N1 */
++ lcr = UART_LCR_WLEN8;
++
++ outb(UART_LCR_DLAB | lcr, iobase + UART_LCR); /* Set DLAB */
++ outb(divisor & 0xff, iobase + UART_DLL); /* Set speed */
++ outb(divisor >> 8, iobase + UART_DLM);
++ outb(lcr, iobase + UART_LCR); /* Set 8N1 */
++ outb(fcr, iobase + UART_FCR); /* Enable FIFO's */
++
++ /* Turn on interrups */
++ outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++}
++
++
++
++/* ======================== HCI interface ======================== */
++
++
++static int btuart_hci_flush(struct hci_dev *hdev)
++{
++ btuart_info_t *info = (btuart_info_t *)(hdev->driver_data);
++
++ /* Drop TX queue */
++ skb_queue_purge(&(info->txq));
++
++ return 0;
++}
++
++
++static int btuart_hci_open(struct hci_dev *hdev)
++{
++ set_bit(HCI_RUNNING, &(hdev->flags));
++
++ return 0;
++}
++
++
++static int btuart_hci_close(struct hci_dev *hdev)
++{
++ if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
++ return 0;
++
++ btuart_hci_flush(hdev);
++
++ return 0;
++}
++
++
++static int btuart_hci_send_frame(struct sk_buff *skb)
++{
++ btuart_info_t *info;
++ struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
++
++ if (!hdev) {
++ printk(KERN_WARNING "btuart_cs: Frame for unknown HCI device (hdev=NULL).");
++ return -ENODEV;
++ }
++
++ info = (btuart_info_t *)(hdev->driver_data);
++
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ break;
++ };
++
++ /* Prepend skb with frame type */
++ memcpy(skb_push(skb, 1), &(skb->pkt_type), 1);
++ skb_queue_tail(&(info->txq), skb);
++
++ btuart_write_wakeup(info);
++
++ return 0;
++}
++
++
++static void btuart_hci_destruct(struct hci_dev *hdev)
++{
++}
++
++
++static int btuart_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
++{
++ return -ENOIOCTLCMD;
++}
++
++
++
++/* ======================== Card services HCI interaction ======================== */
++
++
++int btuart_open(btuart_info_t *info)
++{
++ unsigned long flags;
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev;
++
++ spin_lock_init(&(info->lock));
++
++ skb_queue_head_init(&(info->txq));
++
++ info->rx_state = RECV_WAIT_PACKET_TYPE;
++ info->rx_count = 0;
++ info->rx_skb = NULL;
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ /* Reset UART */
++ outb(0, iobase + UART_MCR);
++
++ /* Turn off interrupts */
++ outb(0, iobase + UART_IER);
++
++ /* Initialize UART */
++ outb(UART_LCR_WLEN8, iobase + UART_LCR); /* Reset DLAB */
++ outb((UART_MCR_DTR | UART_MCR_RTS | UART_MCR_OUT2), iobase + UART_MCR);
++
++ /* Turn on interrupts */
++ // outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++
++ btuart_change_speed(info, DEFAULT_BAUD_RATE);
++
++ /* Timeout before it is safe to send the first HCI packet */
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule_timeout(HZ);
++
++
++ /* Initialize and register HCI device */
++
++ hdev = &(info->hdev);
++
++ hdev->type = HCI_PCCARD;
++ hdev->driver_data = info;
++
++ hdev->open = btuart_hci_open;
++ hdev->close = btuart_hci_close;
++ hdev->flush = btuart_hci_flush;
++ hdev->send = btuart_hci_send_frame;
++ hdev->destruct = btuart_hci_destruct;
++ hdev->ioctl = btuart_hci_ioctl;
++
++ if (hci_register_dev(hdev) < 0) {
++ printk(KERN_WARNING "btuart_cs: Can't register HCI device %s.\n", hdev->name);
++ return -ENODEV;
++ }
++
++ return 0;
++}
++
++
++int btuart_close(btuart_info_t *info)
++{
++ unsigned long flags;
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev = &(info->hdev);
++
++ btuart_hci_close(hdev);
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ /* Reset UART */
++ outb(0, iobase + UART_MCR);
++
++ /* Turn off interrupts */
++ outb(0, iobase + UART_IER);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++
++ if (hci_unregister_dev(hdev) < 0)
++ printk(KERN_WARNING "btuart_cs: Can't unregister HCI device %s.\n", hdev->name);
++
++ return 0;
++}
++
++
++
++/* ======================== Card services ======================== */
++
++
++static void cs_error(client_handle_t handle, int func, int ret)
++{
++ error_info_t err = { func, ret };
++
++ CardServices(ReportError, handle, &err);
++}
++
++
++dev_link_t *btuart_attach(void)
++{
++ btuart_info_t *info;
++ client_reg_t client_reg;
++ dev_link_t *link;
++ int i, ret;
++
++ /* Create new info device */
++ info = kmalloc(sizeof(*info), GFP_KERNEL);
++ if (!info)
++ return NULL;
++ memset(info, 0, sizeof(*info));
++
++ link = &info->link;
++ link->priv = info;
++
++ link->release.function = &btuart_release;
++ link->release.data = (u_long)link;
++ link->io.Attributes1 = IO_DATA_PATH_WIDTH_8;
++ link->io.NumPorts1 = 8;
++ link->irq.Attributes = IRQ_TYPE_EXCLUSIVE | IRQ_HANDLE_PRESENT;
++ link->irq.IRQInfo1 = IRQ_INFO2_VALID | IRQ_LEVEL_ID;
++
++ if (irq_list[0] == -1)
++ link->irq.IRQInfo2 = irq_mask;
++ else
++ for (i = 0; i < 4; i++)
++ link->irq.IRQInfo2 |= 1 << irq_list[i];
++
++ link->irq.Handler = btuart_interrupt;
++ link->irq.Instance = info;
++
++ link->conf.Attributes = CONF_ENABLE_IRQ;
++ link->conf.Vcc = 50;
++ link->conf.IntType = INT_MEMORY_AND_IO;
++
++ /* Register with Card Services */
++ link->next = dev_list;
++ dev_list = link;
++ client_reg.dev_info = &dev_info;
++ client_reg.Attributes = INFO_IO_CLIENT | INFO_CARD_SHARE;
++ client_reg.EventMask =
++ CS_EVENT_CARD_INSERTION | CS_EVENT_CARD_REMOVAL |
++ CS_EVENT_RESET_PHYSICAL | CS_EVENT_CARD_RESET |
++ CS_EVENT_PM_SUSPEND | CS_EVENT_PM_RESUME;
++ client_reg.event_handler = &btuart_event;
++ client_reg.Version = 0x0210;
++ client_reg.event_callback_args.client_data = link;
++
++ ret = CardServices(RegisterClient, &link->handle, &client_reg);
++ if (ret != CS_SUCCESS) {
++ cs_error(link->handle, RegisterClient, ret);
++ btuart_detach(link);
++ return NULL;
++ }
++
++ return link;
++}
++
++
++void btuart_detach(dev_link_t *link)
++{
++ btuart_info_t *info = link->priv;
++ dev_link_t **linkp;
++ int ret;
++
++ /* Locate device structure */
++ for (linkp = &dev_list; *linkp; linkp = &(*linkp)->next)
++ if (*linkp == link)
++ break;
++
++ if (*linkp == NULL)
++ return;
++
++ del_timer(&link->release);
++ if (link->state & DEV_CONFIG)
++ btuart_release((u_long)link);
++
++ if (link->handle) {
++ ret = CardServices(DeregisterClient, link->handle);
++ if (ret != CS_SUCCESS)
++ cs_error(link->handle, DeregisterClient, ret);
++ }
++
++ /* Unlink device structure, free bits */
++ *linkp = link->next;
++
++ kfree(info);
++}
++
++
++static int get_tuple(int fn, client_handle_t handle, tuple_t *tuple, cisparse_t *parse)
++{
++ int i;
++
++ i = CardServices(fn, handle, tuple);
++ if (i != CS_SUCCESS)
++ return CS_NO_MORE_ITEMS;
++
++ i = CardServices(GetTupleData, handle, tuple);
++ if (i != CS_SUCCESS)
++ return i;
++
++ return CardServices(ParseTuple, handle, tuple, parse);
++}
++
++
++#define first_tuple(a, b, c) get_tuple(GetFirstTuple, a, b, c)
++#define next_tuple(a, b, c) get_tuple(GetNextTuple, a, b, c)
++
++void btuart_config(dev_link_t *link)
++{
++ static ioaddr_t base[5] = { 0x3f8, 0x2f8, 0x3e8, 0x2e8, 0x0 };
++ client_handle_t handle = link->handle;
++ btuart_info_t *info = link->priv;
++ tuple_t tuple;
++ u_short buf[256];
++ cisparse_t parse;
++ cistpl_cftable_entry_t *cf = &parse.cftable_entry;
++ config_info_t config;
++ int i, j, try, last_ret, last_fn;
++
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++
++ /* Get configuration register information */
++ tuple.DesiredTuple = CISTPL_CONFIG;
++ last_ret = first_tuple(handle, &tuple, &parse);
++ if (last_ret != CS_SUCCESS) {
++ last_fn = ParseTuple;
++ goto cs_failed;
++ }
++ link->conf.ConfigBase = parse.config.base;
++ link->conf.Present = parse.config.rmask[0];
++
++ /* Configure card */
++ link->state |= DEV_CONFIG;
++ i = CardServices(GetConfigurationInfo, handle, &config);
++ link->conf.Vcc = config.Vcc;
++
++ /* First pass: look for a config entry that looks normal. */
++ tuple.TupleData = (cisdata_t *) buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++ tuple.DesiredTuple = CISTPL_CFTABLE_ENTRY;
++ /* Two tries: without IO aliases, then with aliases */
++ for (try = 0; try < 2; try++) {
++ i = first_tuple(handle, &tuple, &parse);
++ while (i != CS_NO_MORE_ITEMS) {
++ if (i != CS_SUCCESS)
++ goto next_entry;
++ if (cf->vpp1.present & (1 << CISTPL_POWER_VNOM))
++ link->conf.Vpp1 = link->conf.Vpp2 = cf->vpp1.param[CISTPL_POWER_VNOM] / 10000;
++ if ((cf->io.nwin > 0) && (cf->io.win[0].len == 8) && (cf->io.win[0].base != 0)) {
++ link->conf.ConfigIndex = cf->index;
++ link->io.BasePort1 = cf->io.win[0].base;
++ link->io.IOAddrLines = (try == 0) ? 16 : cf->io.flags & CISTPL_IO_LINES_MASK;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ goto found_port;
++ }
++next_entry:
++ i = next_tuple(handle, &tuple, &parse);
++ }
++ }
++
++ /* Second pass: try to find an entry that isn't picky about
++ its base address, then try to grab any standard serial port
++ address, and finally try to get any free port. */
++ i = first_tuple(handle, &tuple, &parse);
++ while (i != CS_NO_MORE_ITEMS) {
++ if ((i == CS_SUCCESS) && (cf->io.nwin > 0)
++ && ((cf->io.flags & CISTPL_IO_LINES_MASK) <= 3)) {
++ link->conf.ConfigIndex = cf->index;
++ for (j = 0; j < 5; j++) {
++ link->io.BasePort1 = base[j];
++ link->io.IOAddrLines = base[j] ? 16 : 3;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ goto found_port;
++ }
++ }
++ i = next_tuple(handle, &tuple, &parse);
++ }
++
++found_port:
++ if (i != CS_SUCCESS) {
++ printk(KERN_NOTICE "btuart_cs: No usable port range found. Giving up.\n");
++ cs_error(link->handle, RequestIO, i);
++ goto failed;
++ }
++
++ i = CardServices(RequestIRQ, link->handle, &link->irq);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIRQ, i);
++ link->irq.AssignedIRQ = 0;
++ }
++
++ i = CardServices(RequestConfiguration, link->handle, &link->conf);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestConfiguration, i);
++ goto failed;
++ }
++
++ MOD_INC_USE_COUNT;
++
++ if (btuart_open(info) != 0)
++ goto failed;
++
++ strcpy(info->node.dev_name, info->hdev.name);
++ link->dev = &info->node;
++ link->state &= ~DEV_CONFIG_PENDING;
++
++ return;
++
++cs_failed:
++ cs_error(link->handle, last_fn, last_ret);
++
++failed:
++ btuart_release((u_long) link);
++}
++
++
++void btuart_release(u_long arg)
++{
++ dev_link_t *link = (dev_link_t *)arg;
++ btuart_info_t *info = link->priv;
++
++ if (link->state & DEV_PRESENT)
++ btuart_close(info);
++
++ MOD_DEC_USE_COUNT;
++
++ link->dev = NULL;
++
++ CardServices(ReleaseConfiguration, link->handle);
++ CardServices(ReleaseIO, link->handle, &link->io);
++ CardServices(ReleaseIRQ, link->handle, &link->irq);
++
++ link->state &= ~DEV_CONFIG;
++}
++
++
++int btuart_event(event_t event, int priority, event_callback_args_t *args)
++{
++ dev_link_t *link = args->client_data;
++ btuart_info_t *info = link->priv;
++
++ switch (event) {
++ case CS_EVENT_CARD_REMOVAL:
++ link->state &= ~DEV_PRESENT;
++ if (link->state & DEV_CONFIG) {
++ btuart_close(info);
++ mod_timer(&link->release, jiffies + HZ / 20);
++ }
++ break;
++ case CS_EVENT_CARD_INSERTION:
++ link->state |= DEV_PRESENT | DEV_CONFIG_PENDING;
++ btuart_config(link);
++ break;
++ case CS_EVENT_PM_SUSPEND:
++ link->state |= DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_RESET_PHYSICAL:
++ if (link->state & DEV_CONFIG)
++ CardServices(ReleaseConfiguration, link->handle);
++ break;
++ case CS_EVENT_PM_RESUME:
++ link->state &= ~DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_CARD_RESET:
++ if (DEV_OK(link))
++ CardServices(RequestConfiguration, link->handle, &link->conf);
++ break;
++ }
++
++ return 0;
++}
++
++
++
++/* ======================== Module initialization ======================== */
++
++
++int __init init_btuart_cs(void)
++{
++ servinfo_t serv;
++ int err;
++
++ CardServices(GetCardServicesInfo, &serv);
++ if (serv.Revision != CS_RELEASE_CODE) {
++ printk(KERN_NOTICE "btuart_cs: Card Services release does not match!\n");
++ return -1;
++ }
++
++ err = register_pccard_driver(&dev_info, &btuart_attach, &btuart_detach);
++
++ return err;
++}
++
++
++void __exit exit_btuart_cs(void)
++{
++ unregister_pccard_driver(&dev_info);
++
++ while (dev_list != NULL)
++ btuart_detach(dev_list);
++}
++
++
++module_init(init_btuart_cs);
++module_exit(exit_btuart_cs);
++
++EXPORT_NO_SYMBOLS;
+diff -urN linux-2.4.18/drivers/bluetooth/dtl1_cs.c linux-2.4.18-mh9/drivers/bluetooth/dtl1_cs.c
+--- linux-2.4.18/drivers/bluetooth/dtl1_cs.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/dtl1_cs.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,858 @@
++/*
++ *
++ * A driver for Nokia Connectivity Card DTL-1 devices
++ *
++ * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
++ *
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation;
++ *
++ * Software distributed under the License is distributed on an "AS
++ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
++ * implied. See the License for the specific language governing
++ * rights and limitations under the License.
++ *
++ * The initial developer of the original code is David A. Hinds
++ * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
++ * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/timer.h>
++#include <linux/errno.h>
++#include <linux/ptrace.h>
++#include <linux/ioport.h>
++#include <linux/spinlock.h>
++
++#include <linux/skbuff.h>
++#include <linux/string.h>
++#include <linux/serial.h>
++#include <linux/serial_reg.h>
++#include <asm/system.h>
++#include <asm/bitops.h>
++#include <asm/io.h>
++
++#include <pcmcia/version.h>
++#include <pcmcia/cs_types.h>
++#include <pcmcia/cs.h>
++#include <pcmcia/cistpl.h>
++#include <pcmcia/ciscode.h>
++#include <pcmcia/ds.h>
++#include <pcmcia/cisreg.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++
++
++/* ======================== Module parameters ======================== */
++
++
++/* Bit map of interrupts to choose from */
++static u_int irq_mask = 0xffff;
++static int irq_list[4] = { -1 };
++
++MODULE_PARM(irq_mask, "i");
++MODULE_PARM(irq_list, "1-4i");
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueZ driver for Nokia Connectivity Card DTL-1");
++MODULE_LICENSE("GPL");
++
++
++
++/* ======================== Local structures ======================== */
++
++
++typedef struct dtl1_info_t {
++ dev_link_t link;
++ dev_node_t node;
++
++ struct hci_dev hdev;
++
++ spinlock_t lock; /* For serializing operations */
++
++ unsigned long flowmask; /* HCI flow mask */
++ int ri_latch;
++
++ struct sk_buff_head txq;
++ unsigned long tx_state;
++
++ unsigned long rx_state;
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++} dtl1_info_t;
++
++
++void dtl1_config(dev_link_t *link);
++void dtl1_release(u_long arg);
++int dtl1_event(event_t event, int priority, event_callback_args_t *args);
++
++static dev_info_t dev_info = "dtl1_cs";
++
++dev_link_t *dtl1_attach(void);
++void dtl1_detach(dev_link_t *);
++
++static dev_link_t *dev_list = NULL;
++
++
++/* Transmit states */
++#define XMIT_SENDING 1
++#define XMIT_WAKEUP 2
++#define XMIT_WAITING 8
++
++/* Receiver States */
++#define RECV_WAIT_NSH 0
++#define RECV_WAIT_DATA 1
++
++
++typedef struct {
++ u8 type;
++ u8 zero;
++ u16 len;
++} __attribute__ ((packed)) nsh_t; /* Nokia Specific Header */
++
++#define NSHL 4 /* Nokia Specific Header Length */
++
++
++
++/* ======================== Interrupt handling ======================== */
++
++
++static int dtl1_write(unsigned int iobase, int fifo_size, __u8 *buf, int len)
++{
++ int actual = 0;
++
++ /* Tx FIFO should be empty */
++ if (!(inb(iobase + UART_LSR) & UART_LSR_THRE))
++ return 0;
++
++ /* Fill FIFO with current frame */
++ while ((fifo_size-- > 0) && (actual < len)) {
++ /* Transmit next byte */
++ outb(buf[actual], iobase + UART_TX);
++ actual++;
++ }
++
++ return actual;
++}
++
++
++static void dtl1_write_wakeup(dtl1_info_t *info)
++{
++ if (!info) {
++ printk(KERN_WARNING "dtl1_cs: Call of write_wakeup for unknown device.\n");
++ return;
++ }
++
++ if (test_bit(XMIT_WAITING, &(info->tx_state))) {
++ set_bit(XMIT_WAKEUP, &(info->tx_state));
++ return;
++ }
++
++ if (test_and_set_bit(XMIT_SENDING, &(info->tx_state))) {
++ set_bit(XMIT_WAKEUP, &(info->tx_state));
++ return;
++ }
++
++ do {
++ register unsigned int iobase = info->link.io.BasePort1;
++ register struct sk_buff *skb;
++ register int len;
++
++ clear_bit(XMIT_WAKEUP, &(info->tx_state));
++
++ if (!(info->link.state & DEV_PRESENT))
++ return;
++
++ if (!(skb = skb_dequeue(&(info->txq))))
++ break;
++
++ /* Send frame */
++ len = dtl1_write(iobase, 32, skb->data, skb->len);
++
++ if (len == skb->len) {
++ set_bit(XMIT_WAITING, &(info->tx_state));
++ kfree_skb(skb);
++ } else {
++ skb_pull(skb, len);
++ skb_queue_head(&(info->txq), skb);
++ }
++
++ info->hdev.stat.byte_tx += len;
++
++ } while (test_bit(XMIT_WAKEUP, &(info->tx_state)));
++
++ clear_bit(XMIT_SENDING, &(info->tx_state));
++}
++
++
++static void dtl1_control(dtl1_info_t *info, struct sk_buff *skb)
++{
++ u8 flowmask = *(u8 *)skb->data;
++ int i;
++
++ printk(KERN_INFO "dtl1_cs: Nokia control data = ");
++ for (i = 0; i < skb->len; i++) {
++ printk("%02x ", skb->data[i]);
++ }
++ printk("\n");
++
++ /* transition to active state */
++ if (((info->flowmask & 0x07) == 0) && ((flowmask & 0x07) != 0)) {
++ clear_bit(XMIT_WAITING, &(info->tx_state));
++ dtl1_write_wakeup(info);
++ }
++
++ info->flowmask = flowmask;
++
++ kfree_skb(skb);
++}
++
++
++static void dtl1_receive(dtl1_info_t *info)
++{
++ unsigned int iobase;
++ nsh_t *nsh;
++ int boguscount = 0;
++
++ if (!info) {
++ printk(KERN_WARNING "dtl1_cs: Call of receive for unknown device.\n");
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ do {
++ info->hdev.stat.byte_rx++;
++
++ /* Allocate packet */
++ if (info->rx_skb == NULL)
++ if (!(info->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
++ printk(KERN_WARNING "dtl1_cs: Can't allocate mem for new packet.\n");
++ info->rx_state = RECV_WAIT_NSH;
++ info->rx_count = NSHL;
++ return;
++ }
++
++ *skb_put(info->rx_skb, 1) = inb(iobase + UART_RX);
++ nsh = (nsh_t *)info->rx_skb->data;
++
++ info->rx_count--;
++
++ if (info->rx_count == 0) {
++
++ switch (info->rx_state) {
++ case RECV_WAIT_NSH:
++ info->rx_state = RECV_WAIT_DATA;
++ info->rx_count = nsh->len + (nsh->len & 0x0001);
++ break;
++ case RECV_WAIT_DATA:
++ info->rx_skb->pkt_type = nsh->type;
++
++ /* remove PAD byte if it exists */
++ if (nsh->len & 0x0001) {
++ info->rx_skb->tail--;
++ info->rx_skb->len--;
++ }
++
++ /* remove NSH */
++ skb_pull(info->rx_skb, NSHL);
++
++ switch (info->rx_skb->pkt_type) {
++ case 0x80:
++ /* control data for the Nokia Card */
++ dtl1_control(info, info->rx_skb);
++ break;
++ case 0x82:
++ case 0x83:
++ case 0x84:
++ /* send frame to the HCI layer */
++ info->rx_skb->dev = (void *)&(info->hdev);
++ info->rx_skb->pkt_type &= 0x0f;
++ hci_recv_frame(info->rx_skb);
++ break;
++ default:
++ /* unknown packet */
++ printk(KERN_WARNING "dtl1_cs: Unknown HCI packet with type 0x%02x received.\n", info->rx_skb->pkt_type);
++ kfree_skb(info->rx_skb);
++ break;
++ }
++
++ info->rx_state = RECV_WAIT_NSH;
++ info->rx_count = NSHL;
++ info->rx_skb = NULL;
++ break;
++ }
++
++ }
++
++ /* Make sure we don't stay here to long */
++ if (boguscount++ > 32)
++ break;
++
++ } while (inb(iobase + UART_LSR) & UART_LSR_DR);
++}
++
++
++void dtl1_interrupt(int irq, void *dev_inst, struct pt_regs *regs)
++{
++ dtl1_info_t *info = dev_inst;
++ unsigned int iobase;
++ unsigned char msr;
++ int boguscount = 0;
++ int iir, lsr;
++
++ if (!info) {
++ printk(KERN_WARNING "dtl1_cs: Call of irq %d for unknown device.\n", irq);
++ return;
++ }
++
++ iobase = info->link.io.BasePort1;
++
++ spin_lock(&(info->lock));
++
++ iir = inb(iobase + UART_IIR) & UART_IIR_ID;
++ while (iir) {
++
++ /* Clear interrupt */
++ lsr = inb(iobase + UART_LSR);
++
++ switch (iir) {
++ case UART_IIR_RLSI:
++ printk(KERN_NOTICE "dtl1_cs: RLSI\n");
++ break;
++ case UART_IIR_RDI:
++ /* Receive interrupt */
++ dtl1_receive(info);
++ break;
++ case UART_IIR_THRI:
++ if (lsr & UART_LSR_THRE) {
++ /* Transmitter ready for data */
++ dtl1_write_wakeup(info);
++ }
++ break;
++ default:
++ printk(KERN_NOTICE "dtl1_cs: Unhandled IIR=%#x\n", iir);
++ break;
++ }
++
++ /* Make sure we don't stay here to long */
++ if (boguscount++ > 100)
++ break;
++
++ iir = inb(iobase + UART_IIR) & UART_IIR_ID;
++
++ }
++
++ msr = inb(iobase + UART_MSR);
++
++ if (info->ri_latch ^ (msr & UART_MSR_RI)) {
++ info->ri_latch = msr & UART_MSR_RI;
++ clear_bit(XMIT_WAITING, &(info->tx_state));
++ dtl1_write_wakeup(info);
++ }
++
++ spin_unlock(&(info->lock));
++}
++
++
++
++/* ======================== HCI interface ======================== */
++
++
++static int dtl1_hci_open(struct hci_dev *hdev)
++{
++ set_bit(HCI_RUNNING, &(hdev->flags));
++
++ return 0;
++}
++
++
++static int dtl1_hci_flush(struct hci_dev *hdev)
++{
++ dtl1_info_t *info = (dtl1_info_t *)(hdev->driver_data);
++
++ /* Drop TX queue */
++ skb_queue_purge(&(info->txq));
++
++ return 0;
++}
++
++
++static int dtl1_hci_close(struct hci_dev *hdev)
++{
++ if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
++ return 0;
++
++ dtl1_hci_flush(hdev);
++
++ return 0;
++}
++
++
++static int dtl1_hci_send_frame(struct sk_buff *skb)
++{
++ dtl1_info_t *info;
++ struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
++ struct sk_buff *s;
++ nsh_t nsh;
++
++ if (!hdev) {
++ printk(KERN_WARNING "dtl1_cs: Frame for unknown HCI device (hdev=NULL).");
++ return -ENODEV;
++ }
++
++ info = (dtl1_info_t *)(hdev->driver_data);
++
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ nsh.type = 0x81;
++ break;
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ nsh.type = 0x82;
++ break;
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ nsh.type = 0x83;
++ break;
++ };
++
++ nsh.zero = 0;
++ nsh.len = skb->len;
++
++ s = bluez_skb_alloc(NSHL + skb->len + 1, GFP_ATOMIC);
++ skb_reserve(s, NSHL);
++ memcpy(skb_put(s, skb->len), skb->data, skb->len);
++ if (skb->len & 0x0001)
++ *skb_put(s, 1) = 0; /* PAD */
++
++ /* Prepend skb with Nokia frame header and queue */
++ memcpy(skb_push(s, NSHL), &nsh, NSHL);
++ skb_queue_tail(&(info->txq), s);
++
++ dtl1_write_wakeup(info);
++
++ kfree_skb(skb);
++
++ return 0;
++}
++
++
++static void dtl1_hci_destruct(struct hci_dev *hdev)
++{
++}
++
++
++static int dtl1_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
++{
++ return -ENOIOCTLCMD;
++}
++
++
++
++/* ======================== Card services HCI interaction ======================== */
++
++
++int dtl1_open(dtl1_info_t *info)
++{
++ unsigned long flags;
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev;
++
++ spin_lock_init(&(info->lock));
++
++ skb_queue_head_init(&(info->txq));
++
++ info->rx_state = RECV_WAIT_NSH;
++ info->rx_count = NSHL;
++ info->rx_skb = NULL;
++
++ set_bit(XMIT_WAITING, &(info->tx_state));
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ /* Reset UART */
++ outb(0, iobase + UART_MCR);
++
++ /* Turn off interrupts */
++ outb(0, iobase + UART_IER);
++
++ /* Initialize UART */
++ outb(UART_LCR_WLEN8, iobase + UART_LCR); /* Reset DLAB */
++ outb((UART_MCR_DTR | UART_MCR_RTS | UART_MCR_OUT2), iobase + UART_MCR);
++
++ info->ri_latch = inb(info->link.io.BasePort1 + UART_MSR) & UART_MSR_RI;
++
++ /* Turn on interrupts */
++ outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++
++ /* Timeout before it is safe to send the first HCI packet */
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule_timeout(HZ * 2);
++
++
++ /* Initialize and register HCI device */
++
++ hdev = &(info->hdev);
++
++ hdev->type = HCI_PCCARD;
++ hdev->driver_data = info;
++
++ hdev->open = dtl1_hci_open;
++ hdev->close = dtl1_hci_close;
++ hdev->flush = dtl1_hci_flush;
++ hdev->send = dtl1_hci_send_frame;
++ hdev->destruct = dtl1_hci_destruct;
++ hdev->ioctl = dtl1_hci_ioctl;
++
++ if (hci_register_dev(hdev) < 0) {
++ printk(KERN_WARNING "dtl1_cs: Can't register HCI device %s.\n", hdev->name);
++ return -ENODEV;
++ }
++
++ return 0;
++}
++
++
++int dtl1_close(dtl1_info_t *info)
++{
++ unsigned long flags;
++ unsigned int iobase = info->link.io.BasePort1;
++ struct hci_dev *hdev = &(info->hdev);
++
++ dtl1_hci_close(hdev);
++
++ spin_lock_irqsave(&(info->lock), flags);
++
++ /* Reset UART */
++ outb(0, iobase + UART_MCR);
++
++ /* Turn off interrupts */
++ outb(0, iobase + UART_IER);
++
++ spin_unlock_irqrestore(&(info->lock), flags);
++
++ if (hci_unregister_dev(hdev) < 0)
++ printk(KERN_WARNING "dtl1_cs: Can't unregister HCI device %s.\n", hdev->name);
++
++ return 0;
++}
++
++
++
++/* ======================== Card services ======================== */
++
++
++static void cs_error(client_handle_t handle, int func, int ret)
++{
++ error_info_t err = { func, ret };
++
++ CardServices(ReportError, handle, &err);
++}
++
++
++dev_link_t *dtl1_attach(void)
++{
++ dtl1_info_t *info;
++ client_reg_t client_reg;
++ dev_link_t *link;
++ int i, ret;
++
++ /* Create new info device */
++ info = kmalloc(sizeof(*info), GFP_KERNEL);
++ if (!info)
++ return NULL;
++ memset(info, 0, sizeof(*info));
++
++ link = &info->link;
++ link->priv = info;
++
++ link->release.function = &dtl1_release;
++ link->release.data = (u_long)link;
++ link->io.Attributes1 = IO_DATA_PATH_WIDTH_8;
++ link->io.NumPorts1 = 8;
++ link->irq.Attributes = IRQ_TYPE_EXCLUSIVE | IRQ_HANDLE_PRESENT;
++ link->irq.IRQInfo1 = IRQ_INFO2_VALID | IRQ_LEVEL_ID;
++
++ if (irq_list[0] == -1)
++ link->irq.IRQInfo2 = irq_mask;
++ else
++ for (i = 0; i < 4; i++)
++ link->irq.IRQInfo2 |= 1 << irq_list[i];
++
++ link->irq.Handler = dtl1_interrupt;
++ link->irq.Instance = info;
++
++ link->conf.Attributes = CONF_ENABLE_IRQ;
++ link->conf.Vcc = 50;
++ link->conf.IntType = INT_MEMORY_AND_IO;
++
++ /* Register with Card Services */
++ link->next = dev_list;
++ dev_list = link;
++ client_reg.dev_info = &dev_info;
++ client_reg.Attributes = INFO_IO_CLIENT | INFO_CARD_SHARE;
++ client_reg.EventMask =
++ CS_EVENT_CARD_INSERTION | CS_EVENT_CARD_REMOVAL |
++ CS_EVENT_RESET_PHYSICAL | CS_EVENT_CARD_RESET |
++ CS_EVENT_PM_SUSPEND | CS_EVENT_PM_RESUME;
++ client_reg.event_handler = &dtl1_event;
++ client_reg.Version = 0x0210;
++ client_reg.event_callback_args.client_data = link;
++
++ ret = CardServices(RegisterClient, &link->handle, &client_reg);
++ if (ret != CS_SUCCESS) {
++ cs_error(link->handle, RegisterClient, ret);
++ dtl1_detach(link);
++ return NULL;
++ }
++
++ return link;
++}
++
++
++void dtl1_detach(dev_link_t *link)
++{
++ dtl1_info_t *info = link->priv;
++ dev_link_t **linkp;
++ int ret;
++
++ /* Locate device structure */
++ for (linkp = &dev_list; *linkp; linkp = &(*linkp)->next)
++ if (*linkp == link)
++ break;
++
++ if (*linkp == NULL)
++ return;
++
++ del_timer(&link->release);
++ if (link->state & DEV_CONFIG)
++ dtl1_release((u_long)link);
++
++ if (link->handle) {
++ ret = CardServices(DeregisterClient, link->handle);
++ if (ret != CS_SUCCESS)
++ cs_error(link->handle, DeregisterClient, ret);
++ }
++
++ /* Unlink device structure, free bits */
++ *linkp = link->next;
++
++ kfree(info);
++}
++
++
++static int get_tuple(int fn, client_handle_t handle, tuple_t *tuple, cisparse_t *parse)
++{
++ int i;
++
++ i = CardServices(fn, handle, tuple);
++ if (i != CS_SUCCESS)
++ return CS_NO_MORE_ITEMS;
++
++ i = CardServices(GetTupleData, handle, tuple);
++ if (i != CS_SUCCESS)
++ return i;
++
++ return CardServices(ParseTuple, handle, tuple, parse);
++}
++
++
++#define first_tuple(a, b, c) get_tuple(GetFirstTuple, a, b, c)
++#define next_tuple(a, b, c) get_tuple(GetNextTuple, a, b, c)
++
++void dtl1_config(dev_link_t *link)
++{
++ client_handle_t handle = link->handle;
++ dtl1_info_t *info = link->priv;
++ tuple_t tuple;
++ u_short buf[256];
++ cisparse_t parse;
++ cistpl_cftable_entry_t *cf = &parse.cftable_entry;
++ config_info_t config;
++ int i, last_ret, last_fn;
++
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++
++ /* Get configuration register information */
++ tuple.DesiredTuple = CISTPL_CONFIG;
++ last_ret = first_tuple(handle, &tuple, &parse);
++ if (last_ret != CS_SUCCESS) {
++ last_fn = ParseTuple;
++ goto cs_failed;
++ }
++ link->conf.ConfigBase = parse.config.base;
++ link->conf.Present = parse.config.rmask[0];
++
++ /* Configure card */
++ link->state |= DEV_CONFIG;
++ i = CardServices(GetConfigurationInfo, handle, &config);
++ link->conf.Vcc = config.Vcc;
++
++ tuple.TupleData = (cisdata_t *)buf;
++ tuple.TupleOffset = 0;
++ tuple.TupleDataMax = 255;
++ tuple.Attributes = 0;
++ tuple.DesiredTuple = CISTPL_CFTABLE_ENTRY;
++
++ /* Look for a generic full-sized window */
++ link->io.NumPorts1 = 8;
++ i = first_tuple(handle, &tuple, &parse);
++ while (i != CS_NO_MORE_ITEMS) {
++ if ((i == CS_SUCCESS) && (cf->io.nwin == 1) && (cf->io.win[0].len > 8)) {
++ link->conf.ConfigIndex = cf->index;
++ link->io.BasePort1 = cf->io.win[0].base;
++ link->io.NumPorts1 = cf->io.win[0].len; /*yo */
++ link->io.IOAddrLines = cf->io.flags & CISTPL_IO_LINES_MASK;
++ i = CardServices(RequestIO, link->handle, &link->io);
++ if (i == CS_SUCCESS)
++ break;
++ }
++ i = next_tuple(handle, &tuple, &parse);
++ }
++
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIO, i);
++ goto failed;
++ }
++
++ i = CardServices(RequestIRQ, link->handle, &link->irq);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestIRQ, i);
++ link->irq.AssignedIRQ = 0;
++ }
++
++ i = CardServices(RequestConfiguration, link->handle, &link->conf);
++ if (i != CS_SUCCESS) {
++ cs_error(link->handle, RequestConfiguration, i);
++ goto failed;
++ }
++
++ MOD_INC_USE_COUNT;
++
++ if (dtl1_open(info) != 0)
++ goto failed;
++
++ strcpy(info->node.dev_name, info->hdev.name);
++ link->dev = &info->node;
++ link->state &= ~DEV_CONFIG_PENDING;
++
++ return;
++
++cs_failed:
++ cs_error(link->handle, last_fn, last_ret);
++
++failed:
++ dtl1_release((u_long)link);
++}
++
++
++void dtl1_release(u_long arg)
++{
++ dev_link_t *link = (dev_link_t *)arg;
++ dtl1_info_t *info = link->priv;
++
++ if (link->state & DEV_PRESENT)
++ dtl1_close(info);
++
++ MOD_DEC_USE_COUNT;
++
++ link->dev = NULL;
++
++ CardServices(ReleaseConfiguration, link->handle);
++ CardServices(ReleaseIO, link->handle, &link->io);
++ CardServices(ReleaseIRQ, link->handle, &link->irq);
++
++ link->state &= ~DEV_CONFIG;
++}
++
++
++int dtl1_event(event_t event, int priority, event_callback_args_t *args)
++{
++ dev_link_t *link = args->client_data;
++ dtl1_info_t *info = link->priv;
++
++ switch (event) {
++ case CS_EVENT_CARD_REMOVAL:
++ link->state &= ~DEV_PRESENT;
++ if (link->state & DEV_CONFIG) {
++ dtl1_close(info);
++ mod_timer(&link->release, jiffies + HZ / 20);
++ }
++ break;
++ case CS_EVENT_CARD_INSERTION:
++ link->state |= DEV_PRESENT | DEV_CONFIG_PENDING;
++ dtl1_config(link);
++ break;
++ case CS_EVENT_PM_SUSPEND:
++ link->state |= DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_RESET_PHYSICAL:
++ if (link->state & DEV_CONFIG)
++ CardServices(ReleaseConfiguration, link->handle);
++ break;
++ case CS_EVENT_PM_RESUME:
++ link->state &= ~DEV_SUSPEND;
++ /* Fall through... */
++ case CS_EVENT_CARD_RESET:
++ if (DEV_OK(link))
++ CardServices(RequestConfiguration, link->handle, &link->conf);
++ break;
++ }
++
++ return 0;
++}
++
++
++
++/* ======================== Module initialization ======================== */
++
++
++int __init init_dtl1_cs(void)
++{
++ servinfo_t serv;
++ int err;
++
++ CardServices(GetCardServicesInfo, &serv);
++ if (serv.Revision != CS_RELEASE_CODE) {
++ printk(KERN_NOTICE "dtl1_cs: Card Services release does not match!\n");
++ return -1;
++ }
++
++ err = register_pccard_driver(&dev_info, &dtl1_attach, &dtl1_detach);
++
++ return err;
++}
++
++
++void __exit exit_dtl1_cs(void)
++{
++ unregister_pccard_driver(&dev_info);
++
++ while (dev_list != NULL)
++ dtl1_detach(dev_list);
++}
++
++
++module_init(init_dtl1_cs);
++module_exit(exit_dtl1_cs);
++
++EXPORT_NO_SYMBOLS;
+diff -urN linux-2.4.18/drivers/bluetooth/hci_bcsp.c linux-2.4.18-mh9/drivers/bluetooth/hci_bcsp.c
+--- linux-2.4.18/drivers/bluetooth/hci_bcsp.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_bcsp.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,710 @@
++/*
++ BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ).
++ Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com>
++
++ Based on
++ hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com>
++ ABCSP by Carl Orsborn <cjo@csr.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_bcsp.c,v 1.2 2002/09/26 05:05:14 maxk Exp $
++ */
++
++#define VERSION "0.1"
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/version.h>
++#include <linux/config.h>
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/sched.h>
++#include <linux/types.h>
++#include <linux/fcntl.h>
++#include <linux/interrupt.h>
++#include <linux/ptrace.h>
++#include <linux/poll.h>
++
++#include <linux/slab.h>
++#include <linux/tty.h>
++#include <linux/errno.h>
++#include <linux/string.h>
++#include <linux/signal.h>
++#include <linux/ioctl.h>
++#include <linux/skbuff.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include "hci_uart.h"
++#include "hci_bcsp.h"
++
++#ifndef HCI_UART_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#undef BT_DMP
++#define BT_DMP( A... )
++#endif
++
++/* ---- BCSP CRC calculation ---- */
++
++/* Table for calculating CRC for polynomial 0x1021, LSB processed first,
++initial value 0xffff, bits shifted in reverse order. */
++
++static const u16 crc_table[] = {
++ 0x0000, 0x1081, 0x2102, 0x3183,
++ 0x4204, 0x5285, 0x6306, 0x7387,
++ 0x8408, 0x9489, 0xa50a, 0xb58b,
++ 0xc60c, 0xd68d, 0xe70e, 0xf78f
++};
++
++/* Initialise the crc calculator */
++#define BCSP_CRC_INIT(x) x = 0xffff
++
++/*
++ Update crc with next data byte
++
++ Implementation note
++ The data byte is treated as two nibbles. The crc is generated
++ in reverse, i.e., bits are fed into the register from the top.
++*/
++static void bcsp_crc_update(u16 *crc, u8 d)
++{
++ u16 reg = *crc;
++
++ reg = (reg >> 4) ^ crc_table[(reg ^ d) & 0x000f];
++ reg = (reg >> 4) ^ crc_table[(reg ^ (d >> 4)) & 0x000f];
++
++ *crc = reg;
++}
++
++/*
++ Get reverse of generated crc
++
++ Implementation note
++ The crc generator (bcsp_crc_init() and bcsp_crc_update())
++ creates a reversed crc, so it needs to be swapped back before
++ being passed on.
++*/
++static u16 bcsp_crc_reverse(u16 crc)
++{
++ u16 b, rev;
++
++ for (b = 0, rev = 0; b < 16; b++) {
++ rev = rev << 1;
++ rev |= (crc & 1);
++ crc = crc >> 1;
++ }
++ return (rev);
++}
++
++/* ---- BCSP core ---- */
++
++static void bcsp_slip_msgdelim(struct sk_buff *skb)
++{
++ const char pkt_delim = 0xc0;
++ memcpy(skb_put(skb, 1), &pkt_delim, 1);
++}
++
++static void bcsp_slip_one_byte(struct sk_buff *skb, u8 c)
++{
++ const char esc_c0[2] = { 0xdb, 0xdc };
++ const char esc_db[2] = { 0xdb, 0xdd };
++
++ switch (c) {
++ case 0xc0:
++ memcpy(skb_put(skb, 2), &esc_c0, 2);
++ break;
++ case 0xdb:
++ memcpy(skb_put(skb, 2), &esc_db, 2);
++ break;
++ default:
++ memcpy(skb_put(skb, 1), &c, 1);
++ }
++}
++
++static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
++{
++ struct bcsp_struct *bcsp = hu->priv;
++
++ if (skb->len > 0xFFF) {
++ BT_ERR("Packet too long");
++ kfree_skb(skb);
++ return 0;
++ }
++
++ switch (skb->pkt_type) {
++ case HCI_ACLDATA_PKT:
++ case HCI_COMMAND_PKT:
++ skb_queue_tail(&bcsp->rel, skb);
++ break;
++
++ case HCI_SCODATA_PKT:
++ skb_queue_tail(&bcsp->unrel, skb);
++ break;
++
++ default:
++ BT_ERR("Unknown packet type");
++ kfree_skb(skb);
++ break;
++ }
++ return 0;
++}
++
++static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
++ int len, int pkt_type)
++{
++ struct sk_buff *nskb;
++ u8 hdr[4], chan;
++ int rel, i;
++
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ u16 BCSP_CRC_INIT(bcsp_txmsg_crc);
++#endif
++
++ switch (pkt_type) {
++ case HCI_ACLDATA_PKT:
++ chan = 6; /* BCSP ACL channel */
++ rel = 1; /* reliable channel */
++ break;
++ case HCI_COMMAND_PKT:
++ chan = 5; /* BCSP cmd/evt channel */
++ rel = 1; /* reliable channel */
++ break;
++ case HCI_SCODATA_PKT:
++ chan = 7; /* BCSP SCO channel */
++ rel = 0; /* unreliable channel */
++ break;
++ case BCSP_LE_PKT:
++ chan = 1; /* BCSP LE channel */
++ rel = 0; /* unreliable channel */
++ break;
++ case BCSP_ACK_PKT:
++ chan = 0; /* BCSP internal channel */
++ rel = 0; /* unreliable channel */
++ break;
++ default:
++ BT_ERR("Unknown packet type");
++ return NULL;
++ }
++
++ /* Max len of packet: (original len +4(bcsp hdr) +2(crc))*2
++ (because bytes 0xc0 and 0xdb are escaped, worst case is
++ when the packet is all made of 0xc0 and 0xdb :) )
++ + 2 (0xc0 delimiters at start and end). */
++
++ nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
++ if (!nskb)
++ return NULL;
++
++ nskb->pkt_type = pkt_type;
++
++ bcsp_slip_msgdelim(nskb);
++
++ hdr[0] = bcsp->rxseq_txack << 3;
++ bcsp->txack_req = 0;
++ BT_DBG("We request packet no %u to card", bcsp->rxseq_txack);
++
++ if (rel) {
++ hdr[0] |= 0x80 + bcsp->msgq_txseq;
++ BT_DBG("Sending packet with seqno %u", bcsp->msgq_txseq);
++ bcsp->msgq_txseq = ++(bcsp->msgq_txseq) & 0x07;
++ }
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ hdr[0] |= 0x40;
++#endif
++
++ hdr[1] = (len << 4) & 0xFF;
++ hdr[1] |= chan;
++ hdr[2] = len >> 4;
++ hdr[3] = ~(hdr[0] + hdr[1] + hdr[2]);
++
++ /* Put BCSP header */
++ for (i = 0; i < 4; i++) {
++ bcsp_slip_one_byte(nskb, hdr[i]);
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ bcsp_crc_update(&bcsp_txmsg_crc, hdr[i]);
++#endif
++ }
++
++ /* Put payload */
++ for (i = 0; i < len; i++) {
++ bcsp_slip_one_byte(nskb, data[i]);
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ bcsp_crc_update(&bcsp_txmsg_crc, data[i]);
++#endif
++ }
++
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP_TXCRC
++ /* Put CRC */
++ bcsp_txmsg_crc = bcsp_crc_reverse(bcsp_txmsg_crc);
++ bcsp_slip_one_byte(nskb, (u8) ((bcsp_txmsg_crc >> 8) & 0x00ff));
++ bcsp_slip_one_byte(nskb, (u8) (bcsp_txmsg_crc & 0x00ff));
++#endif
++
++ bcsp_slip_msgdelim(nskb);
++ return nskb;
++}
++
++/* This is a rewrite of pkt_avail in ABCSP */
++static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
++{
++ struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
++ unsigned long flags;
++ struct sk_buff *skb;
++
++ /* First of all, check for unreliable messages in the queue,
++ since they have priority */
++
++ if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
++ struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
++ if (nskb) {
++ kfree_skb(skb);
++ return nskb;
++ } else {
++ skb_queue_head(&bcsp->unrel, skb);
++ BT_ERR("Could not dequeue pkt because alloc_skb failed");
++ }
++ }
++
++ /* Now, try to send a reliable pkt. We can only send a
++ reliable packet if the number of packets sent but not yet ack'ed
++ is < than the winsize */
++
++ spin_lock_irqsave(&bcsp->unack.lock, flags);
++
++ if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
++ struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type);
++ if (nskb) {
++ __skb_queue_tail(&bcsp->unack, skb);
++ mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
++ spin_unlock_irqrestore(&bcsp->unack.lock, flags);
++ return nskb;
++ } else {
++ skb_queue_head(&bcsp->rel, skb);
++ BT_ERR("Could not dequeue pkt because alloc_skb failed");
++ }
++ }
++
++ spin_unlock_irqrestore(&bcsp->unack.lock, flags);
++
++
++ /* We could not send a reliable packet, either because there are
++ none or because there are too many unack'ed pkts. Did we receive
++ any packets we have not acknowledged yet ? */
++
++ if (bcsp->txack_req) {
++ /* if so, craft an empty ACK pkt and send it on BCSP unreliable
++ channel 0 */
++ struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, NULL, 0, BCSP_ACK_PKT);
++ return nskb;
++ }
++
++ /* We have nothing to send */
++ return NULL;
++}
++
++static int bcsp_flush(struct hci_uart *hu)
++{
++ BT_DBG("hu %p", hu);
++ return 0;
++}
++
++/* Remove ack'ed packets */
++static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
++{
++ unsigned long flags;
++ struct sk_buff *skb;
++ int i, pkts_to_be_removed;
++ u8 seqno;
++
++ spin_lock_irqsave(&bcsp->unack.lock, flags);
++
++ pkts_to_be_removed = bcsp->unack.qlen;
++ seqno = bcsp->msgq_txseq;
++
++ while (pkts_to_be_removed) {
++ if (bcsp->rxack == seqno)
++ break;
++ pkts_to_be_removed--;
++ seqno = (seqno - 1) & 0x07;
++ }
++
++ if (bcsp->rxack != seqno)
++ BT_ERR("Peer acked invalid packet");
++
++ BT_DBG("Removing %u pkts out of %u, up to seqno %u",
++ pkts_to_be_removed, bcsp->unack.qlen, (seqno - 1) & 0x07);
++
++ for (i = 0, skb = ((struct sk_buff *) &bcsp->unack)->next; i < pkts_to_be_removed
++ && skb != (struct sk_buff *) &bcsp->unack; i++) {
++ struct sk_buff *nskb;
++
++ nskb = skb->next;
++ __skb_unlink(skb, &bcsp->unack);
++ kfree_skb(skb);
++ skb = nskb;
++ }
++ if (bcsp->unack.qlen == 0)
++ del_timer(&bcsp->tbcsp);
++ spin_unlock_irqrestore(&bcsp->unack.lock, flags);
++
++ if (i != pkts_to_be_removed)
++ BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
++}
++
++/* Handle BCSP link-establishment packets. When we
++ detect a "sync" packet, symptom that the BT module has reset,
++ we do nothing :) (yet) */
++static void bcsp_handle_le_pkt(struct hci_uart *hu)
++{
++ struct bcsp_struct *bcsp = hu->priv;
++ u8 conf_pkt[4] = { 0xad, 0xef, 0xac, 0xed };
++ u8 conf_rsp_pkt[4] = { 0xde, 0xad, 0xd0, 0xd0 };
++ u8 sync_pkt[4] = { 0xda, 0xdc, 0xed, 0xed };
++
++ /* spot "conf" pkts and reply with a "conf rsp" pkt */
++ if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
++ !memcmp(&bcsp->rx_skb->data[4], conf_pkt, 4)) {
++ struct sk_buff *nskb = alloc_skb(4, GFP_ATOMIC);
++
++ BT_DBG("Found a LE conf pkt");
++ if (!nskb)
++ return;
++ memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
++ nskb->pkt_type = BCSP_LE_PKT;
++
++ skb_queue_head(&bcsp->unrel, nskb);
++ hci_uart_tx_wakeup(hu);
++ }
++ /* Spot "sync" pkts. If we find one...disaster! */
++ else if (bcsp->rx_skb->data[1] >> 4 == 4 && bcsp->rx_skb->data[2] == 0 &&
++ !memcmp(&bcsp->rx_skb->data[4], sync_pkt, 4)) {
++ BT_ERR("Found a LE sync pkt, card has reset");
++ }
++}
++
++static inline void bcsp_unslip_one_byte(struct bcsp_struct *bcsp, unsigned char byte)
++{
++ const u8 c0 = 0xc0, db = 0xdb;
++
++ switch (bcsp->rx_esc_state) {
++ case BCSP_ESCSTATE_NOESC:
++ switch (byte) {
++ case 0xdb:
++ bcsp->rx_esc_state = BCSP_ESCSTATE_ESC;
++ break;
++ default:
++ memcpy(skb_put(bcsp->rx_skb, 1), &byte, 1);
++ if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
++ bcsp->rx_state != BCSP_W4_CRC)
++ bcsp_crc_update(&bcsp->message_crc, byte);
++ bcsp->rx_count--;
++ }
++ break;
++
++ case BCSP_ESCSTATE_ESC:
++ switch (byte) {
++ case 0xdc:
++ memcpy(skb_put(bcsp->rx_skb, 1), &c0, 1);
++ if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
++ bcsp->rx_state != BCSP_W4_CRC)
++ bcsp_crc_update(&bcsp-> message_crc, 0xc0);
++ bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
++ bcsp->rx_count--;
++ break;
++
++ case 0xdd:
++ memcpy(skb_put(bcsp->rx_skb, 1), &db, 1);
++ if ((bcsp->rx_skb-> data[0] & 0x40) != 0 &&
++ bcsp->rx_state != BCSP_W4_CRC)
++ bcsp_crc_update(&bcsp-> message_crc, 0xdb);
++ bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
++ bcsp->rx_count--;
++ break;
++
++ default:
++ BT_ERR ("Invalid byte %02x after esc byte", byte);
++ kfree_skb(bcsp->rx_skb);
++ bcsp->rx_skb = NULL;
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_count = 0;
++ }
++ }
++}
++
++static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
++{
++ struct bcsp_struct *bcsp = hu->priv;
++ int pass_up;
++
++ if (bcsp->rx_skb->data[0] & 0x80) { /* reliable pkt */
++ BT_DBG("Received seqno %u from card", bcsp->rxseq_txack);
++ bcsp->rxseq_txack++;
++ bcsp->rxseq_txack %= 0x8;
++ bcsp->txack_req = 1;
++
++ /* If needed, transmit an ack pkt */
++ hci_uart_tx_wakeup(hu);
++ }
++
++ bcsp->rxack = (bcsp->rx_skb->data[0] >> 3) & 0x07;
++ BT_DBG("Request for pkt %u from card", bcsp->rxack);
++
++ bcsp_pkt_cull(bcsp);
++ if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
++ bcsp->rx_skb->data[0] & 0x80) {
++ bcsp->rx_skb->pkt_type = HCI_ACLDATA_PKT;
++ pass_up = 1;
++ } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
++ bcsp->rx_skb->data[0] & 0x80) {
++ bcsp->rx_skb->pkt_type = HCI_EVENT_PKT;
++ pass_up = 1;
++ } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
++ bcsp->rx_skb->pkt_type = HCI_SCODATA_PKT;
++ pass_up = 1;
++ } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
++ !(bcsp->rx_skb->data[0] & 0x80)) {
++ bcsp_handle_le_pkt(hu);
++ pass_up = 0;
++ } else
++ pass_up = 0;
++
++ if (!pass_up) {
++ if ((bcsp->rx_skb->data[1] & 0x0f) != 0 &&
++ (bcsp->rx_skb->data[1] & 0x0f) != 1) {
++ BT_ERR ("Packet for unknown channel (%u %s)",
++ bcsp->rx_skb->data[1] & 0x0f,
++ bcsp->rx_skb->data[0] & 0x80 ?
++ "reliable" : "unreliable");
++ }
++ kfree_skb(bcsp->rx_skb);
++ } else {
++ /* Pull out BCSP hdr */
++ skb_pull(bcsp->rx_skb, 4);
++
++ hci_recv_frame(bcsp->rx_skb);
++ }
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_skb = NULL;
++}
++
++/* Recv data */
++static int bcsp_recv(struct hci_uart *hu, void *data, int count)
++{
++ struct bcsp_struct *bcsp = hu->priv;
++ register unsigned char *ptr;
++
++ BT_DBG("hu %p count %d rx_state %ld rx_count %ld",
++ hu, count, bcsp->rx_state, bcsp->rx_count);
++
++ ptr = data;
++ while (count) {
++ if (bcsp->rx_count) {
++ if (*ptr == 0xc0) {
++ BT_ERR("Short BCSP packet");
++ kfree_skb(bcsp->rx_skb);
++ bcsp->rx_state = BCSP_W4_PKT_START;
++ bcsp->rx_count = 0;
++ } else
++ bcsp_unslip_one_byte(bcsp, *ptr);
++
++ ptr++; count--;
++ continue;
++ }
++
++ switch (bcsp->rx_state) {
++ case BCSP_W4_BCSP_HDR:
++ if ((0xff & (u8) ~ (bcsp->rx_skb->data[0] + bcsp->rx_skb->data[1] +
++ bcsp->rx_skb->data[2])) != bcsp->rx_skb->data[3]) {
++ BT_ERR("Error in BCSP hdr checksum");
++ kfree_skb(bcsp->rx_skb);
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_count = 0;
++ continue;
++ }
++ if (bcsp->rx_skb->data[0] & 0x80 /* reliable pkt */
++ && (bcsp->rx_skb->data[0] & 0x07) != bcsp->rxseq_txack) {
++ BT_ERR ("Out-of-order packet arrived, got %u expected %u",
++ bcsp->rx_skb->data[0] & 0x07, bcsp->rxseq_txack);
++
++ kfree_skb(bcsp->rx_skb);
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_count = 0;
++ continue;
++ }
++ bcsp->rx_state = BCSP_W4_DATA;
++ bcsp->rx_count = (bcsp->rx_skb->data[1] >> 4) +
++ (bcsp->rx_skb->data[2] << 4); /* May be 0 */
++ continue;
++
++ case BCSP_W4_DATA:
++ if (bcsp->rx_skb->data[0] & 0x40) { /* pkt with crc */
++ bcsp->rx_state = BCSP_W4_CRC;
++ bcsp->rx_count = 2;
++ } else
++ bcsp_complete_rx_pkt(hu);
++ continue;
++
++ case BCSP_W4_CRC:
++ if (bcsp_crc_reverse(bcsp->message_crc) !=
++ (bcsp->rx_skb->data[bcsp->rx_skb->len - 2] << 8) +
++ bcsp->rx_skb->data[bcsp->rx_skb->len - 1]) {
++
++ BT_ERR ("Checksum failed: computed %04x received %04x",
++ bcsp_crc_reverse(bcsp->message_crc),
++ (bcsp->rx_skb-> data[bcsp->rx_skb->len - 2] << 8) +
++ bcsp->rx_skb->data[bcsp->rx_skb->len - 1]);
++
++ kfree_skb(bcsp->rx_skb);
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_count = 0;
++ continue;
++ }
++ skb_trim(bcsp->rx_skb, bcsp->rx_skb->len - 2);
++ bcsp_complete_rx_pkt(hu);
++ continue;
++
++ case BCSP_W4_PKT_DELIMITER:
++ switch (*ptr) {
++ case 0xc0:
++ bcsp->rx_state = BCSP_W4_PKT_START;
++ break;
++ default:
++ /*BT_ERR("Ignoring byte %02x", *ptr);*/
++ break;
++ }
++ ptr++; count--;
++ break;
++
++ case BCSP_W4_PKT_START:
++ switch (*ptr) {
++ case 0xc0:
++ ptr++; count--;
++ break;
++
++ default:
++ bcsp->rx_state = BCSP_W4_BCSP_HDR;
++ bcsp->rx_count = 4;
++ bcsp->rx_esc_state = BCSP_ESCSTATE_NOESC;
++ BCSP_CRC_INIT(bcsp->message_crc);
++
++ /* Do not increment ptr or decrement count
++ * Allocate packet. Max len of a BCSP pkt=
++ * 0xFFF (payload) +4 (header) +2 (crc) */
++
++ bcsp->rx_skb = bluez_skb_alloc(0x1005, GFP_ATOMIC);
++ if (!bcsp->rx_skb) {
++ BT_ERR("Can't allocate mem for new packet");
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++ bcsp->rx_count = 0;
++ return 0;
++ }
++ bcsp->rx_skb->dev = (void *) &hu->hdev;
++ break;
++ }
++ break;
++ }
++ }
++ return count;
++}
++
++ /* Arrange to retransmit all messages in the relq. */
++static void bcsp_timed_event(unsigned long arg)
++{
++ struct hci_uart *hu = (struct hci_uart *) arg;
++ struct bcsp_struct *bcsp = (struct bcsp_struct *) hu->priv;
++ struct sk_buff *skb;
++ unsigned long flags;
++
++ BT_ERR("Timeout, retransmitting %u pkts", bcsp->unack.qlen);
++ spin_lock_irqsave(&bcsp->unack.lock, flags);
++
++ while ((skb = __skb_dequeue_tail(&bcsp->unack)) != NULL) {
++ bcsp->msgq_txseq = (bcsp->msgq_txseq - 1) & 0x07;
++ skb_queue_head(&bcsp->rel, skb);
++ }
++
++ spin_unlock_irqrestore(&bcsp->unack.lock, flags);
++
++ hci_uart_tx_wakeup(hu);
++}
++
++static int bcsp_open(struct hci_uart *hu)
++{
++ struct bcsp_struct *bcsp;
++
++ BT_DBG("hu %p", hu);
++
++ bcsp = kmalloc(sizeof(*bcsp), GFP_ATOMIC);
++ if (!bcsp)
++ return -ENOMEM;
++ memset(bcsp, 0, sizeof(*bcsp));
++
++ hu->priv = bcsp;
++ skb_queue_head_init(&bcsp->unack);
++ skb_queue_head_init(&bcsp->rel);
++ skb_queue_head_init(&bcsp->unrel);
++
++ init_timer(&bcsp->tbcsp);
++ bcsp->tbcsp.function = bcsp_timed_event;
++ bcsp->tbcsp.data = (u_long) hu;
++
++ bcsp->rx_state = BCSP_W4_PKT_DELIMITER;
++
++ return 0;
++}
++
++static int bcsp_close(struct hci_uart *hu)
++{
++ struct bcsp_struct *bcsp = hu->priv;
++ hu->priv = NULL;
++
++ BT_DBG("hu %p", hu);
++
++ skb_queue_purge(&bcsp->unack);
++ skb_queue_purge(&bcsp->rel);
++ skb_queue_purge(&bcsp->unrel);
++ del_timer(&bcsp->tbcsp);
++
++ kfree(bcsp);
++ return 0;
++}
++
++static struct hci_uart_proto bcsp = {
++ id: HCI_UART_BCSP,
++ open: bcsp_open,
++ close: bcsp_close,
++ enqueue: bcsp_enqueue,
++ dequeue: bcsp_dequeue,
++ recv: bcsp_recv,
++ flush: bcsp_flush
++};
++
++int bcsp_init(void)
++{
++ return hci_uart_register_proto(&bcsp);
++}
++
++int bcsp_deinit(void)
++{
++ return hci_uart_unregister_proto(&bcsp);
++}
+diff -urN linux-2.4.18/drivers/bluetooth/hci_bcsp.h linux-2.4.18-mh9/drivers/bluetooth/hci_bcsp.h
+--- linux-2.4.18/drivers/bluetooth/hci_bcsp.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_bcsp.h Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,70 @@
++/*
++ BlueCore Serial Protocol (BCSP) for Linux Bluetooth stack (BlueZ).
++ Copyright 2002 by Fabrizio Gennari <fabrizio.gennari@philips.com>
++
++ Based on
++ hci_h4.c by Maxim Krasnyansky <maxk@qualcomm.com>
++ ABCSP by Carl Orsborn <cjo@csr.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_bcsp.h,v 1.2 2002/09/26 05:05:14 maxk Exp $
++ */
++
++#ifndef __HCI_BCSP_H__
++#define __HCI_BCSP_H__
++
++#define BCSP_TXWINSIZE 4
++
++#define BCSP_ACK_PKT 0x05
++#define BCSP_LE_PKT 0x06
++
++struct bcsp_struct {
++ struct sk_buff_head unack; /* Unack'ed packets queue */
++ struct sk_buff_head rel; /* Reliable packets queue */
++ struct sk_buff_head unrel; /* Unreliable packets queue */
++
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++ u8 rxseq_txack; /* rxseq == txack. */
++ u8 rxack; /* Last packet sent by us that the peer ack'ed */
++ struct timer_list tbcsp;
++
++ enum {
++ BCSP_W4_PKT_DELIMITER,
++ BCSP_W4_PKT_START,
++ BCSP_W4_BCSP_HDR,
++ BCSP_W4_DATA,
++ BCSP_W4_CRC
++ } rx_state;
++
++ enum {
++ BCSP_ESCSTATE_NOESC,
++ BCSP_ESCSTATE_ESC
++ } rx_esc_state;
++
++ u16 message_crc;
++ u8 txack_req; /* Do we need to send ack's to the peer? */
++
++ /* Reliable packet sequence number - used to assign seq to each rel pkt. */
++ u8 msgq_txseq;
++};
++
++#endif /* __HCI_BCSP_H__ */
+diff -urN linux-2.4.18/drivers/bluetooth/hci_h4.c linux-2.4.18-mh9/drivers/bluetooth/hci_h4.c
+--- linux-2.4.18/drivers/bluetooth/hci_h4.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_h4.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,277 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * BlueZ HCI UART(H4) protocol.
++ *
++ * $Id: hci_h4.c,v 1.3 2002/09/09 01:17:32 maxk Exp $
++ */
++#define VERSION "1.2"
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/version.h>
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/sched.h>
++#include <linux/types.h>
++#include <linux/fcntl.h>
++#include <linux/interrupt.h>
++#include <linux/ptrace.h>
++#include <linux/poll.h>
++
++#include <linux/slab.h>
++#include <linux/tty.h>
++#include <linux/errno.h>
++#include <linux/string.h>
++#include <linux/signal.h>
++#include <linux/ioctl.h>
++#include <linux/skbuff.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include "hci_uart.h"
++#include "hci_h4.h"
++
++#ifndef HCI_UART_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#undef BT_DMP
++#define BT_DMP( A... )
++#endif
++
++/* Initialize protocol */
++static int h4_open(struct hci_uart *hu)
++{
++ struct h4_struct *h4;
++
++ BT_DBG("hu %p", hu);
++
++ h4 = kmalloc(sizeof(*h4), GFP_ATOMIC);
++ if (!h4)
++ return -ENOMEM;
++ memset(h4, 0, sizeof(*h4));
++
++ skb_queue_head_init(&h4->txq);
++
++ hu->priv = h4;
++ return 0;
++}
++
++/* Flush protocol data */
++static int h4_flush(struct hci_uart *hu)
++{
++ struct h4_struct *h4 = hu->priv;
++
++ BT_DBG("hu %p", hu);
++ skb_queue_purge(&h4->txq);
++ return 0;
++}
++
++/* Close protocol */
++static int h4_close(struct hci_uart *hu)
++{
++ struct h4_struct *h4 = hu->priv;
++ hu->priv = NULL;
++
++ BT_DBG("hu %p", hu);
++
++ skb_queue_purge(&h4->txq);
++ if (h4->rx_skb)
++ kfree_skb(h4->rx_skb);
++
++ hu->priv = NULL;
++ kfree(h4);
++ return 0;
++}
++
++/* Enqueue frame for transmittion (padding, crc, etc) */
++static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb)
++{
++ struct h4_struct *h4 = hu->priv;
++
++ BT_DBG("hu %p skb %p", hu, skb);
++
++ /* Prepend skb with frame type */
++ memcpy(skb_push(skb, 1), &skb->pkt_type, 1);
++ skb_queue_tail(&h4->txq, skb);
++ return 0;
++}
++
++static inline int h4_check_data_len(struct h4_struct *h4, int len)
++{
++ register int room = skb_tailroom(h4->rx_skb);
++
++ BT_DBG("len %d room %d", len, room);
++ if (!len) {
++ BT_DMP(h4->rx_skb->data, h4->rx_skb->len);
++ hci_recv_frame(h4->rx_skb);
++ } else if (len > room) {
++ BT_ERR("Data length is too large");
++ kfree_skb(h4->rx_skb);
++ } else {
++ h4->rx_state = H4_W4_DATA;
++ h4->rx_count = len;
++ return len;
++ }
++
++ h4->rx_state = H4_W4_PACKET_TYPE;
++ h4->rx_skb = NULL;
++ h4->rx_count = 0;
++ return 0;
++}
++
++/* Recv data */
++static int h4_recv(struct hci_uart *hu, void *data, int count)
++{
++ struct h4_struct *h4 = hu->priv;
++ register char *ptr;
++ hci_event_hdr *eh;
++ hci_acl_hdr *ah;
++ hci_sco_hdr *sh;
++ register int len, type, dlen;
++
++ BT_DBG("hu %p count %d rx_state %ld rx_count %ld",
++ hu, count, h4->rx_state, h4->rx_count);
++
++ ptr = data;
++ while (count) {
++ if (h4->rx_count) {
++ len = MIN(h4->rx_count, count);
++ memcpy(skb_put(h4->rx_skb, len), ptr, len);
++ h4->rx_count -= len; count -= len; ptr += len;
++
++ if (h4->rx_count)
++ continue;
++
++ switch (h4->rx_state) {
++ case H4_W4_DATA:
++ BT_DBG("Complete data");
++
++ BT_DMP(h4->rx_skb->data, h4->rx_skb->len);
++
++ hci_recv_frame(h4->rx_skb);
++
++ h4->rx_state = H4_W4_PACKET_TYPE;
++ h4->rx_skb = NULL;
++ continue;
++
++ case H4_W4_EVENT_HDR:
++ eh = (hci_event_hdr *) h4->rx_skb->data;
++
++ BT_DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen);
++
++ h4_check_data_len(h4, eh->plen);
++ continue;
++
++ case H4_W4_ACL_HDR:
++ ah = (hci_acl_hdr *) h4->rx_skb->data;
++ dlen = __le16_to_cpu(ah->dlen);
++
++ BT_DBG("ACL header: dlen %d", dlen);
++
++ h4_check_data_len(h4, dlen);
++ continue;
++
++ case H4_W4_SCO_HDR:
++ sh = (hci_sco_hdr *) h4->rx_skb->data;
++
++ BT_DBG("SCO header: dlen %d", sh->dlen);
++
++ h4_check_data_len(h4, sh->dlen);
++ continue;
++ }
++ }
++
++ /* H4_W4_PACKET_TYPE */
++ switch (*ptr) {
++ case HCI_EVENT_PKT:
++ BT_DBG("Event packet");
++ h4->rx_state = H4_W4_EVENT_HDR;
++ h4->rx_count = HCI_EVENT_HDR_SIZE;
++ type = HCI_EVENT_PKT;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ BT_DBG("ACL packet");
++ h4->rx_state = H4_W4_ACL_HDR;
++ h4->rx_count = HCI_ACL_HDR_SIZE;
++ type = HCI_ACLDATA_PKT;
++ break;
++
++ case HCI_SCODATA_PKT:
++ BT_DBG("SCO packet");
++ h4->rx_state = H4_W4_SCO_HDR;
++ h4->rx_count = HCI_SCO_HDR_SIZE;
++ type = HCI_SCODATA_PKT;
++ break;
++
++ default:
++ BT_ERR("Unknown HCI packet type %2.2x", (__u8)*ptr);
++ hu->hdev.stat.err_rx++;
++ ptr++; count--;
++ continue;
++ };
++ ptr++; count--;
++
++ /* Allocate packet */
++ h4->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
++ if (!h4->rx_skb) {
++ BT_ERR("Can't allocate mem for new packet");
++ h4->rx_state = H4_W4_PACKET_TYPE;
++ h4->rx_count = 0;
++ return 0;
++ }
++ h4->rx_skb->dev = (void *) &hu->hdev;
++ h4->rx_skb->pkt_type = type;
++ }
++ return count;
++}
++
++static struct sk_buff *h4_dequeue(struct hci_uart *hu)
++{
++ struct h4_struct *h4 = hu->priv;
++ return skb_dequeue(&h4->txq);
++}
++
++static struct hci_uart_proto h4p = {
++ id: HCI_UART_H4,
++ open: h4_open,
++ close: h4_close,
++ recv: h4_recv,
++ enqueue: h4_enqueue,
++ dequeue: h4_dequeue,
++ flush: h4_flush,
++};
++
++int h4_init(void)
++{
++ return hci_uart_register_proto(&h4p);
++}
++
++int h4_deinit(void)
++{
++ return hci_uart_unregister_proto(&h4p);
++}
+diff -urN linux-2.4.18/drivers/bluetooth/hci_h4.h linux-2.4.18-mh9/drivers/bluetooth/hci_h4.h
+--- linux-2.4.18/drivers/bluetooth/hci_h4.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_h4.h Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,44 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_h4.h,v 1.2 2002/09/09 01:17:32 maxk Exp $
++ */
++
++#ifdef __KERNEL__
++struct h4_struct {
++ unsigned long rx_state;
++ unsigned long rx_count;
++ struct sk_buff *rx_skb;
++ struct sk_buff_head txq;
++};
++
++/* H4 receiver States */
++#define H4_W4_PACKET_TYPE 0
++#define H4_W4_EVENT_HDR 1
++#define H4_W4_ACL_HDR 2
++#define H4_W4_SCO_HDR 3
++#define H4_W4_DATA 4
++
++#endif /* __KERNEL__ */
+diff -urN linux-2.4.18/drivers/bluetooth/hci_ldisc.c linux-2.4.18-mh9/drivers/bluetooth/hci_ldisc.c
+--- linux-2.4.18/drivers/bluetooth/hci_ldisc.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_ldisc.c Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,580 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * BlueZ HCI UART driver.
++ *
++ * $Id: hci_ldisc.c,v 1.5 2002/10/02 18:37:20 maxk Exp $
++ */
++#define VERSION "2.1"
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/version.h>
++#include <linux/config.h>
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/sched.h>
++#include <linux/types.h>
++#include <linux/fcntl.h>
++#include <linux/interrupt.h>
++#include <linux/ptrace.h>
++#include <linux/poll.h>
++
++#include <linux/slab.h>
++#include <linux/tty.h>
++#include <linux/errno.h>
++#include <linux/string.h>
++#include <linux/signal.h>
++#include <linux/ioctl.h>
++#include <linux/skbuff.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include "hci_uart.h"
++
++#ifndef HCI_UART_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#undef BT_DMP
++#define BT_DMP( A... )
++#endif
++
++static struct hci_uart_proto *hup[HCI_UART_MAX_PROTO];
++
++int hci_uart_register_proto(struct hci_uart_proto *p)
++{
++ if (p->id >= HCI_UART_MAX_PROTO)
++ return -EINVAL;
++
++ if (hup[p->id])
++ return -EEXIST;
++
++ hup[p->id] = p;
++ return 0;
++}
++
++int hci_uart_unregister_proto(struct hci_uart_proto *p)
++{
++ if (p->id >= HCI_UART_MAX_PROTO)
++ return -EINVAL;
++
++ if (!hup[p->id])
++ return -EINVAL;
++
++ hup[p->id] = NULL;
++ return 0;
++}
++
++static struct hci_uart_proto *hci_uart_get_proto(unsigned int id)
++{
++ if (id >= HCI_UART_MAX_PROTO)
++ return NULL;
++ return hup[id];
++}
++
++static inline void hci_uart_tx_complete(struct hci_uart *hu, int pkt_type)
++{
++ struct hci_dev *hdev = &hu->hdev;
++
++ /* Update HCI stat counters */
++ switch (pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++
++ case HCI_SCODATA_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++ }
++}
++
++static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu)
++{
++ struct sk_buff *skb = hu->tx_skb;
++ if (!skb)
++ skb = hu->proto->dequeue(hu);
++ else
++ hu->tx_skb = NULL;
++ return skb;
++}
++
++int hci_uart_tx_wakeup(struct hci_uart *hu)
++{
++ struct tty_struct *tty = hu->tty;
++ struct hci_dev *hdev = &hu->hdev;
++ struct sk_buff *skb;
++
++ if (test_and_set_bit(HCI_UART_SENDING, &hu->tx_state)) {
++ set_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
++ return 0;
++ }
++
++ BT_DBG("");
++
++restart:
++ clear_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
++
++ while ((skb = hci_uart_dequeue(hu))) {
++ int len;
++
++ set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
++ len = tty->driver.write(tty, 0, skb->data, skb->len);
++ hdev->stat.byte_tx += len;
++
++ skb_pull(skb, len);
++ if (skb->len) {
++ hu->tx_skb = skb;
++ break;
++ }
++
++ hci_uart_tx_complete(hu, skb->pkt_type);
++ kfree_skb(skb);
++ }
++
++ if (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state))
++ goto restart;
++
++ clear_bit(HCI_UART_SENDING, &hu->tx_state);
++ return 0;
++}
++
++/* ------- Interface to HCI layer ------ */
++/* Initialize device */
++static int hci_uart_open(struct hci_dev *hdev)
++{
++ BT_DBG("%s %p", hdev->name, hdev);
++
++ /* Nothing to do for UART driver */
++
++ set_bit(HCI_RUNNING, &hdev->flags);
++ return 0;
++}
++
++/* Reset device */
++static int hci_uart_flush(struct hci_dev *hdev)
++{
++ struct hci_uart *hu = (struct hci_uart *) hdev->driver_data;
++ struct tty_struct *tty = hu->tty;
++
++ BT_DBG("hdev %p tty %p", hdev, tty);
++
++ if (hu->tx_skb) {
++ kfree_skb(hu->tx_skb); hu->tx_skb = NULL;
++ }
++
++ /* Flush any pending characters in the driver and discipline. */
++ if (tty->ldisc.flush_buffer)
++ tty->ldisc.flush_buffer(tty);
++
++ if (tty->driver.flush_buffer)
++ tty->driver.flush_buffer(tty);
++
++ if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
++ hu->proto->flush(hu);
++
++ return 0;
++}
++
++/* Close device */
++static int hci_uart_close(struct hci_dev *hdev)
++{
++ BT_DBG("hdev %p", hdev);
++
++ if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
++ return 0;
++
++ hci_uart_flush(hdev);
++ return 0;
++}
++
++/* Send frames from HCI layer */
++static int hci_uart_send_frame(struct sk_buff *skb)
++{
++ struct hci_dev* hdev = (struct hci_dev *) skb->dev;
++ struct tty_struct *tty;
++ struct hci_uart *hu;
++
++ if (!hdev) {
++ BT_ERR("Frame for uknown device (hdev=NULL)");
++ return -ENODEV;
++ }
++
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
++ return -EBUSY;
++
++ hu = (struct hci_uart *) hdev->driver_data;
++ tty = hu->tty;
++
++ BT_DBG("%s: type %d len %d", hdev->name, skb->pkt_type, skb->len);
++
++ hu->proto->enqueue(hu, skb);
++
++ hci_uart_tx_wakeup(hu);
++ return 0;
++}
++
++static void hci_uart_destruct(struct hci_dev *hdev)
++{
++ struct hci_uart *hu;
++
++ if (!hdev) return;
++
++ BT_DBG("%s", hdev->name);
++
++ hu = (struct hci_uart *) hdev->driver_data;
++ kfree(hu);
++
++ MOD_DEC_USE_COUNT;
++}
++
++/* ------ LDISC part ------ */
++/* hci_uart_tty_open
++ *
++ * Called when line discipline changed to HCI_UART.
++ *
++ * Arguments:
++ * tty pointer to tty info structure
++ * Return Value:
++ * 0 if success, otherwise error code
++ */
++static int hci_uart_tty_open(struct tty_struct *tty)
++{
++ struct hci_uart *hu = (void *) tty->disc_data;
++
++ BT_DBG("tty %p", tty);
++
++ if (hu)
++ return -EEXIST;
++
++ if (!(hu = kmalloc(sizeof(struct hci_uart), GFP_KERNEL))) {
++ BT_ERR("Can't allocate controll structure");
++ return -ENFILE;
++ }
++ memset(hu, 0, sizeof(struct hci_uart));
++
++ tty->disc_data = hu;
++ hu->tty = tty;
++
++ spin_lock_init(&hu->rx_lock);
++
++ /* Flush any pending characters in the driver and line discipline */
++ if (tty->ldisc.flush_buffer)
++ tty->ldisc.flush_buffer(tty);
++
++ if (tty->driver.flush_buffer)
++ tty->driver.flush_buffer(tty);
++
++ MOD_INC_USE_COUNT;
++ return 0;
++}
++
++/* hci_uart_tty_close()
++ *
++ * Called when the line discipline is changed to something
++ * else, the tty is closed, or the tty detects a hangup.
++ */
++static void hci_uart_tty_close(struct tty_struct *tty)
++{
++ struct hci_uart *hu = (void *)tty->disc_data;
++
++ BT_DBG("tty %p", tty);
++
++ /* Detach from the tty */
++ tty->disc_data = NULL;
++
++ if (hu) {
++ struct hci_dev *hdev = &hu->hdev;
++ hci_uart_close(hdev);
++
++ if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {
++ hu->proto->close(hu);
++ hci_unregister_dev(hdev);
++ }
++
++ MOD_DEC_USE_COUNT;
++ }
++}
++
++/* hci_uart_tty_wakeup()
++ *
++ * Callback for transmit wakeup. Called when low level
++ * device driver can accept more send data.
++ *
++ * Arguments: tty pointer to associated tty instance data
++ * Return Value: None
++ */
++static void hci_uart_tty_wakeup(struct tty_struct *tty)
++{
++ struct hci_uart *hu = (void *)tty->disc_data;
++
++ BT_DBG("");
++
++ if (!hu)
++ return;
++
++ clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
++
++ if (tty != hu->tty)
++ return;
++
++ if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
++ hci_uart_tx_wakeup(hu);
++}
++
++/* hci_uart_tty_room()
++ *
++ * Callback function from tty driver. Return the amount of
++ * space left in the receiver's buffer to decide if remote
++ * transmitter is to be throttled.
++ *
++ * Arguments: tty pointer to associated tty instance data
++ * Return Value: number of bytes left in receive buffer
++ */
++static int hci_uart_tty_room (struct tty_struct *tty)
++{
++ return 65536;
++}
++
++/* hci_uart_tty_receive()
++ *
++ * Called by tty low level driver when receive data is
++ * available.
++ *
++ * Arguments: tty pointer to tty isntance data
++ * data pointer to received data
++ * flags pointer to flags for data
++ * count count of received data in bytes
++ *
++ * Return Value: None
++ */
++static void hci_uart_tty_receive(struct tty_struct *tty, const __u8 *data, char *flags, int count)
++{
++ struct hci_uart *hu = (void *)tty->disc_data;
++
++ if (!hu || tty != hu->tty)
++ return;
++
++ if (!test_bit(HCI_UART_PROTO_SET, &hu->flags))
++ return;
++
++ spin_lock(&hu->rx_lock);
++ hu->proto->recv(hu, (void *) data, count);
++ hu->hdev.stat.byte_rx += count;
++ spin_unlock(&hu->rx_lock);
++
++ if (test_and_clear_bit(TTY_THROTTLED,&tty->flags) && tty->driver.unthrottle)
++ tty->driver.unthrottle(tty);
++}
++
++static int hci_uart_register_dev(struct hci_uart *hu)
++{
++ struct hci_dev *hdev;
++
++ BT_DBG("");
++
++ /* Initialize and register HCI device */
++ hdev = &hu->hdev;
++
++ hdev->type = HCI_UART;
++ hdev->driver_data = hu;
++
++ hdev->open = hci_uart_open;
++ hdev->close = hci_uart_close;
++ hdev->flush = hci_uart_flush;
++ hdev->send = hci_uart_send_frame;
++ hdev->destruct = hci_uart_destruct;
++
++ if (hci_register_dev(hdev) < 0) {
++ BT_ERR("Can't register HCI device %s", hdev->name);
++ return -ENODEV;
++ }
++ MOD_INC_USE_COUNT;
++ return 0;
++}
++
++static int hci_uart_set_proto(struct hci_uart *hu, int id)
++{
++ struct hci_uart_proto *p;
++ int err;
++
++ p = hci_uart_get_proto(id);
++ if (!p)
++ return -EPROTONOSUPPORT;
++
++ err = p->open(hu);
++ if (err)
++ return err;
++
++ hu->proto = p;
++
++ err = hci_uart_register_dev(hu);
++ if (err) {
++ p->close(hu);
++ return err;
++ }
++ return 0;
++}
++
++/* hci_uart_tty_ioctl()
++ *
++ * Process IOCTL system call for the tty device.
++ *
++ * Arguments:
++ *
++ * tty pointer to tty instance data
++ * file pointer to open file object for device
++ * cmd IOCTL command code
++ * arg argument for IOCTL call (cmd dependent)
++ *
++ * Return Value: Command dependent
++ */
++static int hci_uart_tty_ioctl(struct tty_struct *tty, struct file * file,
++ unsigned int cmd, unsigned long arg)
++{
++ struct hci_uart *hu = (void *)tty->disc_data;
++ int err = 0;
++
++ BT_DBG("");
++
++ /* Verify the status of the device */
++ if (!hu)
++ return -EBADF;
++
++ switch (cmd) {
++ case HCIUARTSETPROTO:
++ if (!test_and_set_bit(HCI_UART_PROTO_SET, &hu->flags)) {
++ err = hci_uart_set_proto(hu, arg);
++ if (err) {
++ clear_bit(HCI_UART_PROTO_SET, &hu->flags);
++ return err;
++ }
++ tty->low_latency = 1;
++ } else
++ return -EBUSY;
++
++ case HCIUARTGETPROTO:
++ if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
++ return hu->proto->id;
++ return -EUNATCH;
++
++ default:
++ err = n_tty_ioctl(tty, file, cmd, arg);
++ break;
++ };
++
++ return err;
++}
++
++/*
++ * We don't provide read/write/poll interface for user space.
++ */
++static ssize_t hci_uart_tty_read(struct tty_struct *tty, struct file *file, unsigned char *buf, size_t nr)
++{
++ return 0;
++}
++static ssize_t hci_uart_tty_write(struct tty_struct *tty, struct file *file, const unsigned char *data, size_t count)
++{
++ return 0;
++}
++static unsigned int hci_uart_tty_poll(struct tty_struct *tty, struct file *filp, poll_table *wait)
++{
++ return 0;
++}
++
++#ifdef CONFIG_BLUEZ_HCIUART_H4
++int h4_init(void);
++int h4_deinit(void);
++#endif
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP
++int bcsp_init(void);
++int bcsp_deinit(void);
++#endif
++
++int __init hci_uart_init(void)
++{
++ static struct tty_ldisc hci_uart_ldisc;
++ int err;
++
++ BT_INFO("BlueZ HCI UART driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
++ VERSION);
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++
++ /* Register the tty discipline */
++
++ memset(&hci_uart_ldisc, 0, sizeof (hci_uart_ldisc));
++ hci_uart_ldisc.magic = TTY_LDISC_MAGIC;
++ hci_uart_ldisc.name = "n_hci";
++ hci_uart_ldisc.open = hci_uart_tty_open;
++ hci_uart_ldisc.close = hci_uart_tty_close;
++ hci_uart_ldisc.read = hci_uart_tty_read;
++ hci_uart_ldisc.write = hci_uart_tty_write;
++ hci_uart_ldisc.ioctl = hci_uart_tty_ioctl;
++ hci_uart_ldisc.poll = hci_uart_tty_poll;
++ hci_uart_ldisc.receive_room= hci_uart_tty_room;
++ hci_uart_ldisc.receive_buf = hci_uart_tty_receive;
++ hci_uart_ldisc.write_wakeup= hci_uart_tty_wakeup;
++
++ if ((err = tty_register_ldisc(N_HCI, &hci_uart_ldisc))) {
++ BT_ERR("Can't register HCI line discipline (%d)", err);
++ return err;
++ }
++
++#ifdef CONFIG_BLUEZ_HCIUART_H4
++ h4_init();
++#endif
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP
++ bcsp_init();
++#endif
++
++ return 0;
++}
++
++void hci_uart_cleanup(void)
++{
++ int err;
++
++#ifdef CONFIG_BLUEZ_HCIUART_H4
++ h4_deinit();
++#endif
++#ifdef CONFIG_BLUEZ_HCIUART_BCSP
++ bcsp_deinit();
++#endif
++
++ /* Release tty registration of line discipline */
++ if ((err = tty_register_ldisc(N_HCI, NULL)))
++ BT_ERR("Can't unregister HCI line discipline (%d)", err);
++}
++
++module_init(hci_uart_init);
++module_exit(hci_uart_cleanup);
++
++MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
++MODULE_DESCRIPTION("BlueZ HCI UART driver ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/drivers/bluetooth/hci_uart.c linux-2.4.18-mh9/drivers/bluetooth/hci_uart.c
+--- linux-2.4.18/drivers/bluetooth/hci_uart.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_uart.c Thu Jan 1 01:00:00 1970
+@@ -1,580 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * BlueZ HCI UART driver.
+- *
+- * $Id: hci_uart.c,v 1.5 2001/07/05 18:42:44 maxk Exp $
+- */
+-#define VERSION "1.0"
+-
+-#include <linux/config.h>
+-#include <linux/module.h>
+-
+-#include <linux/version.h>
+-#include <linux/config.h>
+-#include <linux/kernel.h>
+-#include <linux/init.h>
+-#include <linux/sched.h>
+-#include <linux/types.h>
+-#include <linux/fcntl.h>
+-#include <linux/interrupt.h>
+-#include <linux/ptrace.h>
+-#include <linux/poll.h>
+-
+-#include <linux/slab.h>
+-#include <linux/tty.h>
+-#include <linux/errno.h>
+-#include <linux/string.h>
+-#include <linux/signal.h>
+-#include <linux/ioctl.h>
+-#include <linux/skbuff.h>
+-
+-#include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+-#include <net/bluetooth/hci_core.h>
+-#include <net/bluetooth/hci_uart.h>
+-
+-#ifndef HCI_UART_DEBUG
+-#undef DBG
+-#define DBG( A... )
+-#undef DMP
+-#define DMP( A... )
+-#endif
+-
+-/* ------- Interface to HCI layer ------ */
+-/* Initialize device */
+-int n_hci_open(struct hci_dev *hdev)
+-{
+- DBG("%s %p", hdev->name, hdev);
+-
+- /* Nothing to do for UART driver */
+-
+- hdev->flags |= HCI_RUNNING;
+-
+- return 0;
+-}
+-
+-/* Reset device */
+-int n_hci_flush(struct hci_dev *hdev)
+-{
+- struct n_hci *n_hci = (struct n_hci *) hdev->driver_data;
+- struct tty_struct *tty = n_hci->tty;
+-
+- DBG("hdev %p tty %p", hdev, tty);
+-
+- /* Drop TX queue */
+- skb_queue_purge(&n_hci->txq);
+-
+- /* Flush any pending characters in the driver and discipline. */
+- if (tty->ldisc.flush_buffer)
+- tty->ldisc.flush_buffer(tty);
+-
+- if (tty->driver.flush_buffer)
+- tty->driver.flush_buffer(tty);
+-
+- return 0;
+-}
+-
+-/* Close device */
+-int n_hci_close(struct hci_dev *hdev)
+-{
+- DBG("hdev %p", hdev);
+-
+- hdev->flags &= ~HCI_RUNNING;
+-
+- n_hci_flush(hdev);
+-
+- return 0;
+-}
+-
+-int n_hci_tx_wakeup(struct n_hci *n_hci)
+-{
+- register struct tty_struct *tty = n_hci->tty;
+-
+- if (test_and_set_bit(TRANS_SENDING, &n_hci->tx_state)) {
+- set_bit(TRANS_WAKEUP, &n_hci->tx_state);
+- return 0;
+- }
+-
+- DBG("");
+- do {
+- register struct sk_buff *skb;
+- register int len;
+-
+- clear_bit(TRANS_WAKEUP, &n_hci->tx_state);
+-
+- if (!(skb = skb_dequeue(&n_hci->txq)))
+- break;
+-
+- DMP(skb->data, skb->len);
+-
+- /* Send frame to TTY driver */
+- tty->flags |= (1 << TTY_DO_WRITE_WAKEUP);
+- len = tty->driver.write(tty, 0, skb->data, skb->len);
+-
+- n_hci->hdev.stat.byte_tx += len;
+-
+- DBG("sent %d", len);
+-
+- if (len == skb->len) {
+- /* Full frame was sent */
+- kfree_skb(skb);
+- } else {
+- /* Subtract sent part and requeue */
+- skb_pull(skb, len);
+- skb_queue_head(&n_hci->txq, skb);
+- }
+- } while (test_bit(TRANS_WAKEUP, &n_hci->tx_state));
+- clear_bit(TRANS_SENDING, &n_hci->tx_state);
+-
+- return 0;
+-}
+-
+-/* Send frames from HCI layer */
+-int n_hci_send_frame(struct sk_buff *skb)
+-{
+- struct hci_dev* hdev = (struct hci_dev *) skb->dev;
+- struct tty_struct *tty;
+- struct n_hci *n_hci;
+-
+- if (!hdev) {
+- ERR("Frame for uknown device (hdev=NULL)");
+- return -ENODEV;
+- }
+-
+- if (!(hdev->flags & HCI_RUNNING))
+- return -EBUSY;
+-
+- n_hci = (struct n_hci *) hdev->driver_data;
+- tty = n_hci2tty(n_hci);
+-
+- DBG("%s: type %d len %d", hdev->name, skb->pkt_type, skb->len);
+-
+- switch (skb->pkt_type) {
+- case HCI_COMMAND_PKT:
+- hdev->stat.cmd_tx++;
+- break;
+-
+- case HCI_ACLDATA_PKT:
+- hdev->stat.acl_tx++;
+- break;
+-
+- case HCI_SCODATA_PKT:
+- hdev->stat.cmd_tx++;
+- break;
+- };
+-
+- /* Prepend skb with frame type and queue */
+- memcpy(skb_push(skb, 1), &skb->pkt_type, 1);
+- skb_queue_tail(&n_hci->txq, skb);
+-
+- n_hci_tx_wakeup(n_hci);
+-
+- return 0;
+-}
+-
+-/* ------ LDISC part ------ */
+-
+-/* n_hci_tty_open
+- *
+- * Called when line discipline changed to N_HCI.
+- *
+- * Arguments:
+- * tty pointer to tty info structure
+- * Return Value:
+- * 0 if success, otherwise error code
+- */
+-static int n_hci_tty_open(struct tty_struct *tty)
+-{
+- struct n_hci *n_hci = tty2n_hci(tty);
+- struct hci_dev *hdev;
+-
+- DBG("tty %p", tty);
+-
+- if (n_hci)
+- return -EEXIST;
+-
+- if (!(n_hci = kmalloc(sizeof(struct n_hci), GFP_KERNEL))) {
+- ERR("Can't allocate controll structure");
+- return -ENFILE;
+- }
+- memset(n_hci, 0, sizeof(struct n_hci));
+-
+- /* Initialize and register HCI device */
+- hdev = &n_hci->hdev;
+-
+- hdev->type = HCI_UART;
+- hdev->driver_data = n_hci;
+-
+- hdev->open = n_hci_open;
+- hdev->close = n_hci_close;
+- hdev->flush = n_hci_flush;
+- hdev->send = n_hci_send_frame;
+-
+- if (hci_register_dev(hdev) < 0) {
+- ERR("Can't register HCI device %s", hdev->name);
+- kfree(n_hci);
+- return -ENODEV;
+- }
+-
+- tty->disc_data = n_hci;
+- n_hci->tty = tty;
+-
+- spin_lock_init(&n_hci->rx_lock);
+- n_hci->rx_state = WAIT_PACKET_TYPE;
+-
+- skb_queue_head_init(&n_hci->txq);
+-
+- MOD_INC_USE_COUNT;
+-
+- /* Flush any pending characters in the driver and discipline. */
+- if (tty->ldisc.flush_buffer)
+- tty->ldisc.flush_buffer(tty);
+-
+- if (tty->driver.flush_buffer)
+- tty->driver.flush_buffer(tty);
+-
+- return 0;
+-}
+-
+-/* n_hci_tty_close()
+- *
+- * Called when the line discipline is changed to something
+- * else, the tty is closed, or the tty detects a hangup.
+- */
+-static void n_hci_tty_close(struct tty_struct *tty)
+-{
+- struct n_hci *n_hci = tty2n_hci(tty);
+- struct hci_dev *hdev = &n_hci->hdev;
+-
+- DBG("tty %p hdev %p", tty, hdev);
+-
+- if (n_hci != NULL) {
+- n_hci_close(hdev);
+-
+- if (hci_unregister_dev(hdev) < 0) {
+- ERR("Can't unregister HCI device %s",hdev->name);
+- }
+-
+- hdev->driver_data = NULL;
+- tty->disc_data = NULL;
+- kfree(n_hci);
+-
+- MOD_DEC_USE_COUNT;
+- }
+-}
+-
+-/* n_hci_tty_wakeup()
+- *
+- * Callback for transmit wakeup. Called when low level
+- * device driver can accept more send data.
+- *
+- * Arguments: tty pointer to associated tty instance data
+- * Return Value: None
+- */
+-static void n_hci_tty_wakeup( struct tty_struct *tty )
+-{
+- struct n_hci *n_hci = tty2n_hci(tty);
+-
+- DBG("");
+-
+- if (!n_hci)
+- return;
+-
+- tty->flags &= ~(1 << TTY_DO_WRITE_WAKEUP);
+-
+- if (tty != n_hci->tty)
+- return;
+-
+- n_hci_tx_wakeup(n_hci);
+-}
+-
+-/* n_hci_tty_room()
+- *
+- * Callback function from tty driver. Return the amount of
+- * space left in the receiver's buffer to decide if remote
+- * transmitter is to be throttled.
+- *
+- * Arguments: tty pointer to associated tty instance data
+- * Return Value: number of bytes left in receive buffer
+- */
+-static int n_hci_tty_room (struct tty_struct *tty)
+-{
+- return 65536;
+-}
+-
+-static inline int n_hci_check_data_len(struct n_hci *n_hci, int len)
+-{
+- register int room = skb_tailroom(n_hci->rx_skb);
+-
+- DBG("len %d room %d", len, room);
+- if (!len) {
+- DMP(n_hci->rx_skb->data, n_hci->rx_skb->len);
+- hci_recv_frame(n_hci->rx_skb);
+- } else if (len > room) {
+- ERR("Data length is to large");
+- kfree_skb(n_hci->rx_skb);
+- n_hci->hdev.stat.err_rx++;
+- } else {
+- n_hci->rx_state = WAIT_DATA;
+- n_hci->rx_count = len;
+- return len;
+- }
+-
+- n_hci->rx_state = WAIT_PACKET_TYPE;
+- n_hci->rx_skb = NULL;
+- n_hci->rx_count = 0;
+- return 0;
+-}
+-
+-static inline void n_hci_rx(struct n_hci *n_hci, const __u8 * data, char *flags, int count)
+-{
+- register const char *ptr;
+- hci_event_hdr *eh;
+- hci_acl_hdr *ah;
+- hci_sco_hdr *sh;
+- register int len, type, dlen;
+-
+- DBG("count %d state %ld rx_count %ld", count, n_hci->rx_state, n_hci->rx_count);
+-
+- n_hci->hdev.stat.byte_rx += count;
+-
+- ptr = data;
+- while (count) {
+- if (n_hci->rx_count) {
+- len = MIN(n_hci->rx_count, count);
+- memcpy(skb_put(n_hci->rx_skb, len), ptr, len);
+- n_hci->rx_count -= len; count -= len; ptr += len;
+-
+- if (n_hci->rx_count)
+- continue;
+-
+- switch (n_hci->rx_state) {
+- case WAIT_DATA:
+- DBG("Complete data");
+-
+- DMP(n_hci->rx_skb->data, n_hci->rx_skb->len);
+-
+- hci_recv_frame(n_hci->rx_skb);
+-
+- n_hci->rx_state = WAIT_PACKET_TYPE;
+- n_hci->rx_skb = NULL;
+- continue;
+-
+- case WAIT_EVENT_HDR:
+- eh = (hci_event_hdr *) n_hci->rx_skb->data;
+-
+- DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen);
+-
+- n_hci_check_data_len(n_hci, eh->plen);
+- continue;
+-
+- case WAIT_ACL_HDR:
+- ah = (hci_acl_hdr *) n_hci->rx_skb->data;
+- dlen = __le16_to_cpu(ah->dlen);
+-
+- DBG("ACL header: dlen %d", dlen);
+-
+- n_hci_check_data_len(n_hci, dlen);
+- continue;
+-
+- case WAIT_SCO_HDR:
+- sh = (hci_sco_hdr *) n_hci->rx_skb->data;
+-
+- DBG("SCO header: dlen %d", sh->dlen);
+-
+- n_hci_check_data_len(n_hci, sh->dlen);
+- continue;
+- };
+- }
+-
+- /* WAIT_PACKET_TYPE */
+- switch (*ptr) {
+- case HCI_EVENT_PKT:
+- DBG("Event packet");
+- n_hci->rx_state = WAIT_EVENT_HDR;
+- n_hci->rx_count = HCI_EVENT_HDR_SIZE;
+- type = HCI_EVENT_PKT;
+- break;
+-
+- case HCI_ACLDATA_PKT:
+- DBG("ACL packet");
+- n_hci->rx_state = WAIT_ACL_HDR;
+- n_hci->rx_count = HCI_ACL_HDR_SIZE;
+- type = HCI_ACLDATA_PKT;
+- break;
+-
+- case HCI_SCODATA_PKT:
+- DBG("SCO packet");
+- n_hci->rx_state = WAIT_SCO_HDR;
+- n_hci->rx_count = HCI_SCO_HDR_SIZE;
+- type = HCI_SCODATA_PKT;
+- break;
+-
+- default:
+- ERR("Unknown HCI packet type %2.2x", (__u8)*ptr);
+- n_hci->hdev.stat.err_rx++;
+- ptr++; count--;
+- continue;
+- };
+- ptr++; count--;
+-
+- /* Allocate packet */
+- if (!(n_hci->rx_skb = bluez_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
+- ERR("Can't allocate mem for new packet");
+-
+- n_hci->rx_state = WAIT_PACKET_TYPE;
+- n_hci->rx_count = 0;
+- return;
+- }
+- n_hci->rx_skb->dev = (void *) &n_hci->hdev;
+- n_hci->rx_skb->pkt_type = type;
+- }
+-}
+-
+-/* n_hci_tty_receive()
+- *
+- * Called by tty low level driver when receive data is
+- * available.
+- *
+- * Arguments: tty pointer to tty isntance data
+- * data pointer to received data
+- * flags pointer to flags for data
+- * count count of received data in bytes
+- *
+- * Return Value: None
+- */
+-static void n_hci_tty_receive(struct tty_struct *tty, const __u8 * data, char *flags, int count)
+-{
+- struct n_hci *n_hci = tty2n_hci(tty);
+-
+- if (!n_hci || tty != n_hci->tty)
+- return;
+-
+- spin_lock(&n_hci->rx_lock);
+- n_hci_rx(n_hci, data, flags, count);
+- spin_unlock(&n_hci->rx_lock);
+-
+- if (test_and_clear_bit(TTY_THROTTLED,&tty->flags) && tty->driver.unthrottle)
+- tty->driver.unthrottle(tty);
+-}
+-
+-/* n_hci_tty_ioctl()
+- *
+- * Process IOCTL system call for the tty device.
+- *
+- * Arguments:
+- *
+- * tty pointer to tty instance data
+- * file pointer to open file object for device
+- * cmd IOCTL command code
+- * arg argument for IOCTL call (cmd dependent)
+- *
+- * Return Value: Command dependent
+- */
+-static int n_hci_tty_ioctl (struct tty_struct *tty, struct file * file,
+- unsigned int cmd, unsigned long arg)
+-{
+- struct n_hci *n_hci = tty2n_hci(tty);
+- int error = 0;
+-
+- DBG("");
+-
+- /* Verify the status of the device */
+- if (!n_hci)
+- return -EBADF;
+-
+- switch (cmd) {
+- default:
+- error = n_tty_ioctl(tty, file, cmd, arg);
+- break;
+- };
+-
+- return error;
+-}
+-
+-/*
+- * We don't provide read/write/poll interface for user space.
+- */
+-static ssize_t n_hci_tty_read(struct tty_struct *tty, struct file *file, unsigned char *buf, size_t nr)
+-{
+- return 0;
+-}
+-static ssize_t n_hci_tty_write(struct tty_struct *tty, struct file *file, const unsigned char *data, size_t count)
+-{
+- return 0;
+-}
+-static unsigned int n_hci_tty_poll(struct tty_struct *tty, struct file *filp, poll_table *wait)
+-{
+- return 0;
+-}
+-
+-int __init n_hci_init(void)
+-{
+- static struct tty_ldisc n_hci_ldisc;
+- int err;
+-
+- INF("BlueZ HCI UART driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
+- VERSION);
+- INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
+-
+- /* Register the tty discipline */
+-
+- memset(&n_hci_ldisc, 0, sizeof (n_hci_ldisc));
+- n_hci_ldisc.magic = TTY_LDISC_MAGIC;
+- n_hci_ldisc.name = "n_hci";
+- n_hci_ldisc.open = n_hci_tty_open;
+- n_hci_ldisc.close = n_hci_tty_close;
+- n_hci_ldisc.read = n_hci_tty_read;
+- n_hci_ldisc.write = n_hci_tty_write;
+- n_hci_ldisc.ioctl = n_hci_tty_ioctl;
+- n_hci_ldisc.poll = n_hci_tty_poll;
+- n_hci_ldisc.receive_room= n_hci_tty_room;
+- n_hci_ldisc.receive_buf = n_hci_tty_receive;
+- n_hci_ldisc.write_wakeup= n_hci_tty_wakeup;
+-
+- if ((err = tty_register_ldisc(N_HCI, &n_hci_ldisc))) {
+- ERR("Can't register HCI line discipline (%d)", err);
+- return err;
+- }
+-
+- return 0;
+-}
+-
+-void n_hci_cleanup(void)
+-{
+- int err;
+-
+- /* Release tty registration of line discipline */
+- if ((err = tty_register_ldisc(N_HCI, NULL)))
+- ERR("Can't unregister HCI line discipline (%d)", err);
+-}
+-
+-module_init(n_hci_init);
+-module_exit(n_hci_cleanup);
+-
+-MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
+-MODULE_DESCRIPTION("BlueZ HCI UART driver ver " VERSION);
+-MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/drivers/bluetooth/hci_uart.h linux-2.4.18-mh9/drivers/bluetooth/hci_uart.h
+--- linux-2.4.18/drivers/bluetooth/hci_uart.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_uart.h Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,81 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_uart.h,v 1.2 2002/09/09 01:17:32 maxk Exp $
++ */
++
++#ifndef N_HCI
++#define N_HCI 15
++#endif
++
++/* Ioctls */
++#define HCIUARTSETPROTO _IOW('U', 200, int)
++#define HCIUARTGETPROTO _IOR('U', 201, int)
++
++/* UART protocols */
++#define HCI_UART_MAX_PROTO 3
++
++#define HCI_UART_H4 0
++#define HCI_UART_BCSP 1
++#define HCI_UART_NCSP 2
++
++#ifdef __KERNEL__
++struct hci_uart;
++
++struct hci_uart_proto {
++ unsigned int id;
++ int (*open)(struct hci_uart *hu);
++ int (*close)(struct hci_uart *hu);
++ int (*flush)(struct hci_uart *hu);
++ int (*recv)(struct hci_uart *hu, void *data, int len);
++ int (*enqueue)(struct hci_uart *hu, struct sk_buff *skb);
++ struct sk_buff *(*dequeue)(struct hci_uart *hu);
++};
++
++struct hci_uart {
++ struct tty_struct *tty;
++ struct hci_dev hdev;
++ unsigned long flags;
++
++ struct hci_uart_proto *proto;
++ void *priv;
++
++ struct sk_buff *tx_skb;
++ unsigned long tx_state;
++ spinlock_t rx_lock;
++};
++
++/* HCI_UART flag bits */
++#define HCI_UART_PROTO_SET 0
++
++/* TX states */
++#define HCI_UART_SENDING 1
++#define HCI_UART_TX_WAKEUP 2
++
++int hci_uart_register_proto(struct hci_uart_proto *p);
++int hci_uart_unregister_proto(struct hci_uart_proto *p);
++int hci_uart_tx_wakeup(struct hci_uart *hu);
++
++#endif /* __KERNEL__ */
+diff -urN linux-2.4.18/drivers/bluetooth/hci_usb.c linux-2.4.18-mh9/drivers/bluetooth/hci_usb.c
+--- linux-2.4.18/drivers/bluetooth/hci_usb.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_usb.c Mon Aug 25 18:38:12 2003
+@@ -1,9 +1,10 @@
+ /*
+- BlueZ - Bluetooth protocol stack for Linux
++ HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
+ Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+
++ Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
++
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 as
+ published by the Free Software Foundation;
+@@ -23,598 +24,901 @@
+ */
+
+ /*
+- * BlueZ HCI USB driver.
+ * Based on original USB Bluetooth driver for Linux kernel
+ * Copyright (c) 2000 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (c) 2000 Mark Douglas Corner <mcorner@umich.edu>
+ *
+- * $Id: hci_usb.c,v 1.5 2001/07/05 18:42:44 maxk Exp $
++ * $Id: hci_usb.c,v 1.8 2002/07/18 17:23:09 maxk Exp $
+ */
+-#define VERSION "1.0"
++#define VERSION "2.4"
+
+ #include <linux/config.h>
+ #include <linux/module.h>
+
+ #include <linux/version.h>
+-#include <linux/config.h>
+ #include <linux/kernel.h>
+ #include <linux/init.h>
+ #include <linux/sched.h>
++#include <linux/unistd.h>
+ #include <linux/types.h>
+-#include <linux/fcntl.h>
+ #include <linux/interrupt.h>
+-#include <linux/ptrace.h>
+-#include <linux/poll.h>
+
+ #include <linux/slab.h>
+-#include <linux/tty.h>
+ #include <linux/errno.h>
+ #include <linux/string.h>
+-#include <linux/signal.h>
+-#include <linux/ioctl.h>
+ #include <linux/skbuff.h>
+
+ #include <linux/usb.h>
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+ #include <net/bluetooth/hci_core.h>
+-#include <net/bluetooth/hci_usb.h>
++
++#include "hci_usb.h"
+
+ #ifndef HCI_USB_DEBUG
+-#undef DBG
+-#define DBG( A... )
+-#undef DMP
+-#define DMP( A... )
++#undef BT_DBG
++#define BT_DBG( A... )
++#undef BT_DMP
++#define BT_DMP( A... )
+ #endif
+
+-static struct usb_device_id usb_bluetooth_ids [] = {
++#ifndef CONFIG_BLUEZ_USB_ZERO_PACKET
++#undef USB_ZERO_PACKET
++#define USB_ZERO_PACKET 0
++#endif
++
++static struct usb_driver hci_usb_driver;
++
++static struct usb_device_id bluetooth_ids[] = {
++ /* Generic Bluetooth USB device */
+ { USB_DEVICE_INFO(HCI_DEV_CLASS, HCI_DEV_SUBCLASS, HCI_DEV_PROTOCOL) },
++
++ /* Ericsson with non-standard id */
++ { USB_DEVICE(0x0bdb, 0x1002) },
++
++ /* Bluetooth Ultraport Module from IBM */
++ { USB_DEVICE(0x04bf, 0x030a) },
++
+ { } /* Terminating entry */
+ };
+
+-MODULE_DEVICE_TABLE (usb, usb_bluetooth_ids);
++MODULE_DEVICE_TABLE (usb, bluetooth_ids);
+
+-static int hci_usb_ctrl_msg(struct hci_usb *husb, struct sk_buff *skb);
+-static int hci_usb_write_msg(struct hci_usb *husb, struct sk_buff *skb);
++static struct usb_device_id ignore_ids[] = {
++ /* Broadcom BCM2033 without firmware */
++ { USB_DEVICE(0x0a5c, 0x2033) },
+
+-static void hci_usb_unlink_urbs(struct hci_usb *husb)
+-{
+- usb_unlink_urb(husb->read_urb);
+- usb_unlink_urb(husb->intr_urb);
+- usb_unlink_urb(husb->ctrl_urb);
+- usb_unlink_urb(husb->write_urb);
+-}
++ { } /* Terminating entry */
++};
+
+-static void hci_usb_free_bufs(struct hci_usb *husb)
++struct _urb *_urb_alloc(int isoc, int gfp)
+ {
+- if (husb->read_urb) {
+- if (husb->read_urb->transfer_buffer)
+- kfree(husb->read_urb->transfer_buffer);
+- usb_free_urb(husb->read_urb);
+- }
+-
+- if (husb->intr_urb) {
+- if (husb->intr_urb->transfer_buffer)
+- kfree(husb->intr_urb->transfer_buffer);
+- usb_free_urb(husb->intr_urb);
++ struct _urb *_urb = kmalloc(sizeof(struct _urb) +
++ sizeof(iso_packet_descriptor_t) * isoc, gfp);
++ if (_urb) {
++ memset(_urb, 0, sizeof(*_urb));
++ spin_lock_init(&_urb->urb.lock);
++ }
++ return _urb;
++}
++
++struct _urb *_urb_dequeue(struct _urb_queue *q)
++{
++ struct _urb *_urb = NULL;
++ unsigned long flags;
++ spin_lock_irqsave(&q->lock, flags);
++ {
++ struct list_head *head = &q->head;
++ struct list_head *next = head->next;
++ if (next != head) {
++ _urb = list_entry(next, struct _urb, list);
++ list_del(next); _urb->queue = NULL;
++ }
+ }
++ spin_unlock_irqrestore(&q->lock, flags);
++ return _urb;
++}
+
+- if (husb->ctrl_urb)
+- usb_free_urb(husb->ctrl_urb);
++static void hci_usb_rx_complete(struct urb *urb);
++static void hci_usb_tx_complete(struct urb *urb);
+
+- if (husb->write_urb)
+- usb_free_urb(husb->write_urb);
++#define __pending_tx(husb, type) (&husb->pending_tx[type-1])
++#define __pending_q(husb, type) (&husb->pending_q[type-1])
++#define __completed_q(husb, type) (&husb->completed_q[type-1])
++#define __transmit_q(husb, type) (&husb->transmit_q[type-1])
++#define __reassembly(husb, type) (husb->reassembly[type-1])
+
+- if (husb->intr_skb)
+- kfree_skb(husb->intr_skb);
++static inline struct _urb *__get_completed(struct hci_usb *husb, int type)
++{
++ return _urb_dequeue(__completed_q(husb, type));
+ }
+
+-/* ------- Interface to HCI layer ------ */
+-/* Initialize device */
+-int hci_usb_open(struct hci_dev *hdev)
++static void __fill_isoc_desc(struct urb *urb, int len, int mtu)
+ {
+- struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
+- int status;
+-
+- DBG("%s", hdev->name);
+-
+- husb->read_urb->dev = husb->udev;
+- if ((status = usb_submit_urb(husb->read_urb)))
+- DBG("read submit failed. %d", status);
++ int offset = 0, i;
+
+- husb->intr_urb->dev = husb->udev;
+- if ((status = usb_submit_urb(husb->intr_urb)))
+- DBG("interrupt submit failed. %d", status);
++ BT_DBG("len %d mtu %d", len, mtu);
+
+- hdev->flags |= HCI_RUNNING;
+-
+- return 0;
++ for (i=0; i < HCI_MAX_ISOC_FRAMES && len >= mtu; i++, offset += mtu, len -= mtu) {
++ urb->iso_frame_desc[i].offset = offset;
++ urb->iso_frame_desc[i].length = mtu;
++ BT_DBG("desc %d offset %d len %d", i, offset, mtu);
++ }
++ if (len && i < HCI_MAX_ISOC_FRAMES) {
++ urb->iso_frame_desc[i].offset = offset;
++ urb->iso_frame_desc[i].length = len;
++ BT_DBG("desc %d offset %d len %d", i, offset, len);
++ i++;
++ }
++ urb->number_of_packets = i;
+ }
+
+-/* Reset device */
+-int hci_usb_flush(struct hci_dev *hdev)
++static int hci_usb_intr_rx_submit(struct hci_usb *husb)
+ {
+- struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
++ struct _urb *_urb;
++ struct urb *urb;
++ int err, pipe, interval, size;
++ void *buf;
+
+- DBG("%s", hdev->name);
++ BT_DBG("%s", husb->hdev.name);
+
+- /* Drop TX queues */
+- skb_queue_purge(&husb->tx_ctrl_q);
+- skb_queue_purge(&husb->tx_write_q);
++ size = husb->intr_in_ep->wMaxPacketSize;
+
+- return 0;
++ buf = kmalloc(size, GFP_ATOMIC);
++ if (!buf)
++ return -ENOMEM;
++
++ _urb = _urb_alloc(0, GFP_ATOMIC);
++ if (!_urb) {
++ kfree(buf);
++ return -ENOMEM;
++ }
++ _urb->type = HCI_EVENT_PKT;
++ _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
++
++ urb = &_urb->urb;
++ pipe = usb_rcvintpipe(husb->udev, husb->intr_in_ep->bEndpointAddress);
++ interval = husb->intr_in_ep->bInterval;
++ FILL_INT_URB(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb, interval);
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s intr rx submit failed urb %p err %d",
++ husb->hdev.name, urb, err);
++ _urb_unlink(_urb);
++ _urb_free(_urb);
++ kfree(buf);
++ }
++ return err;
+ }
+
+-/* Close device */
+-int hci_usb_close(struct hci_dev *hdev)
++static int hci_usb_bulk_rx_submit(struct hci_usb *husb)
+ {
+- struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
++ struct _urb *_urb;
++ struct urb *urb;
++ int err, pipe, size = HCI_MAX_FRAME_SIZE;
++ void *buf;
+
+- DBG("%s", hdev->name);
++ buf = kmalloc(size, GFP_ATOMIC);
++ if (!buf)
++ return -ENOMEM;
+
+- hdev->flags &= ~HCI_RUNNING;
+- hci_usb_unlink_urbs(husb);
++ _urb = _urb_alloc(0, GFP_ATOMIC);
++ if (!_urb) {
++ kfree(buf);
++ return -ENOMEM;
++ }
++ _urb->type = HCI_ACLDATA_PKT;
++ _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
+
+- hci_usb_flush(hdev);
++ urb = &_urb->urb;
++ pipe = usb_rcvbulkpipe(husb->udev, husb->bulk_in_ep->bEndpointAddress);
++ FILL_BULK_URB(urb, husb->udev, pipe, buf, size, hci_usb_rx_complete, husb);
++ urb->transfer_flags = USB_QUEUE_BULK;
+
+- return 0;
++ BT_DBG("%s urb %p", husb->hdev.name, urb);
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s bulk rx submit failed urb %p err %d",
++ husb->hdev.name, urb, err);
++ _urb_unlink(_urb);
++ _urb_free(_urb);
++ kfree(buf);
++ }
++ return err;
+ }
+
+-void hci_usb_ctrl_wakeup(struct hci_usb *husb)
++#ifdef CONFIG_BLUEZ_USB_SCO
++static int hci_usb_isoc_rx_submit(struct hci_usb *husb)
+ {
+- struct sk_buff *skb;
+-
+- if (test_and_set_bit(HCI_TX_CTRL, &husb->tx_state))
+- return;
++ struct _urb *_urb;
++ struct urb *urb;
++ int err, mtu, size;
++ void *buf;
+
+- DBG("%s", husb->hdev.name);
++ mtu = husb->isoc_in_ep->wMaxPacketSize;
++ size = mtu * HCI_MAX_ISOC_FRAMES;
+
+- if (!(skb = skb_dequeue(&husb->tx_ctrl_q)))
+- goto done;
++ buf = kmalloc(size, GFP_ATOMIC);
++ if (!buf)
++ return -ENOMEM;
+
+- if (hci_usb_ctrl_msg(husb, skb)){
+- kfree_skb(skb);
+- goto done;
++ _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
++ if (!_urb) {
++ kfree(buf);
++ return -ENOMEM;
+ }
++ _urb->type = HCI_SCODATA_PKT;
++ _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
+
+- DMP(skb->data, skb->len);
++ urb = &_urb->urb;
+
+- husb->hdev.stat.byte_tx += skb->len;
+- return;
++ urb->context = husb;
++ urb->dev = husb->udev;
++ urb->pipe = usb_rcvisocpipe(husb->udev, husb->isoc_in_ep->bEndpointAddress);
++ urb->complete = hci_usb_rx_complete;
+
+-done:
+- clear_bit(HCI_TX_CTRL, &husb->tx_state);
+- return;
++ urb->transfer_buffer_length = size;
++ urb->transfer_buffer = buf;
++ urb->transfer_flags = USB_ISO_ASAP;
++
++ __fill_isoc_desc(urb, size, mtu);
++
++ BT_DBG("%s urb %p", husb->hdev.name, urb);
++
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s isoc rx submit failed urb %p err %d",
++ husb->hdev.name, urb, err);
++ _urb_unlink(_urb);
++ _urb_free(_urb);
++ kfree(buf);
++ }
++ return err;
+ }
++#endif
+
+-void hci_usb_write_wakeup(struct hci_usb *husb)
++/* Initialize device */
++static int hci_usb_open(struct hci_dev *hdev)
+ {
+- struct sk_buff *skb;
++ struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
++ int i, err;
++ unsigned long flags;
+
+- if (test_and_set_bit(HCI_TX_WRITE, &husb->tx_state))
+- return;
++ BT_DBG("%s", hdev->name);
+
+- DBG("%s", husb->hdev.name);
++ if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
++ return 0;
+
+- if (!(skb = skb_dequeue(&husb->tx_write_q)))
+- goto done;
++ MOD_INC_USE_COUNT;
+
+- if (hci_usb_write_msg(husb, skb)) {
+- skb_queue_head(&husb->tx_write_q, skb);
+- goto done;
++ write_lock_irqsave(&husb->completion_lock, flags);
++
++ err = hci_usb_intr_rx_submit(husb);
++ if (!err) {
++ for (i = 0; i < HCI_MAX_BULK_RX; i++)
++ hci_usb_bulk_rx_submit(husb);
++
++#ifdef CONFIG_BLUEZ_USB_SCO
++ if (husb->isoc_iface)
++ for (i = 0; i < HCI_MAX_ISOC_RX; i++)
++ hci_usb_isoc_rx_submit(husb);
++#endif
++ } else {
++ clear_bit(HCI_RUNNING, &hdev->flags);
++ MOD_DEC_USE_COUNT;
+ }
+
+- DMP(skb->data, skb->len);
++ write_unlock_irqrestore(&husb->completion_lock, flags);
++ return err;
++}
++
++/* Reset device */
++static int hci_usb_flush(struct hci_dev *hdev)
++{
++ struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
++ int i;
+
+- husb->hdev.stat.byte_tx += skb->len;
+- return;
++ BT_DBG("%s", hdev->name);
+
+-done:
+- clear_bit(HCI_TX_WRITE, &husb->tx_state);
+- return;
++ for (i=0; i < 4; i++)
++ skb_queue_purge(&husb->transmit_q[i]);
++ return 0;
+ }
+
+-/* Send frames from HCI layer */
+-int hci_usb_send_frame(struct sk_buff *skb)
++static void hci_usb_unlink_urbs(struct hci_usb *husb)
+ {
+- struct hci_dev *hdev = (struct hci_dev *) skb->dev;
+- struct hci_usb *husb;
++ int i;
+
+- if (!hdev) {
+- ERR("frame for uknown device (hdev=NULL)");
+- return -ENODEV;
++ BT_DBG("%s", husb->hdev.name);
++
++ for (i=0; i < 4; i++) {
++ struct _urb *_urb;
++ struct urb *urb;
++
++ /* Kill pending requests */
++ while ((_urb = _urb_dequeue(&husb->pending_q[i]))) {
++ urb = &_urb->urb;
++ BT_DBG("%s unlinking _urb %p type %d urb %p",
++ husb->hdev.name, _urb, _urb->type, urb);
++ usb_unlink_urb(urb);
++ _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
++ }
++
++ /* Release completed requests */
++ while ((_urb = _urb_dequeue(&husb->completed_q[i]))) {
++ urb = &_urb->urb;
++ BT_DBG("%s freeing _urb %p type %d urb %p",
++ husb->hdev.name, _urb, _urb->type, urb);
++ if (urb->setup_packet)
++ kfree(urb->setup_packet);
++ if (urb->transfer_buffer)
++ kfree(urb->transfer_buffer);
++ _urb_free(_urb);
++ }
++
++ /* Release reassembly buffers */
++ if (husb->reassembly[i]) {
++ kfree_skb(husb->reassembly[i]);
++ husb->reassembly[i] = NULL;
++ }
+ }
++}
+
+- if (!(hdev->flags & HCI_RUNNING))
++/* Close device */
++static int hci_usb_close(struct hci_dev *hdev)
++{
++ struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
++ unsigned long flags;
++
++ if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
+ return 0;
+
+- husb = (struct hci_usb *) hdev->driver_data;
++ BT_DBG("%s", hdev->name);
+
+- DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
++ write_lock_irqsave(&husb->completion_lock, flags);
++
++ hci_usb_unlink_urbs(husb);
++ hci_usb_flush(hdev);
+
+- switch (skb->pkt_type) {
+- case HCI_COMMAND_PKT:
+- skb_queue_tail(&husb->tx_ctrl_q, skb);
+- hci_usb_ctrl_wakeup(husb);
+- hdev->stat.cmd_tx++;
+- return 0;
+-
+- case HCI_ACLDATA_PKT:
+- skb_queue_tail(&husb->tx_write_q, skb);
+- hci_usb_write_wakeup(husb);
+- hdev->stat.acl_tx++;
+- return 0;
+-
+- case HCI_SCODATA_PKT:
+- return -EOPNOTSUPP;
+- };
++ write_unlock_irqrestore(&husb->completion_lock, flags);
+
++ MOD_DEC_USE_COUNT;
+ return 0;
+ }
+
+-/* ---------- USB ------------- */
+-
+-static void hci_usb_ctrl(struct urb *urb)
++static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
+ {
+- struct sk_buff *skb = (struct sk_buff *) urb->context;
+- struct hci_dev *hdev;
+- struct hci_usb *husb;
+-
+- if (!skb)
+- return;
+- hdev = (struct hci_dev *) skb->dev;
+- husb = (struct hci_usb *) hdev->driver_data;
++ struct urb *urb = &_urb->urb;
++ int err;
+
+- DBG("%s", hdev->name);
++ BT_DBG("%s urb %p type %d", husb->hdev.name, urb, _urb->type);
++
++ _urb_queue_tail(__pending_q(husb, _urb->type), _urb);
++ err = usb_submit_urb(urb);
++ if (err) {
++ BT_ERR("%s tx submit failed urb %p type %d err %d",
++ husb->hdev.name, urb, _urb->type, err);
++ _urb_unlink(_urb);
++ _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
++ } else
++ atomic_inc(__pending_tx(husb, _urb->type));
++
++ return err;
++}
++
++static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
++{
++ struct _urb *_urb = __get_completed(husb, skb->pkt_type);
++ devrequest *dr;
++ struct urb *urb;
++
++ if (!_urb) {
++ _urb = _urb_alloc(0, GFP_ATOMIC);
++ if (!_urb)
++ return -ENOMEM;
++ _urb->type = skb->pkt_type;
++
++ dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
++ if (!dr) {
++ _urb_free(_urb);
++ return -ENOMEM;
++ }
++ } else
++ dr = (void *) _urb->urb.setup_packet;
+
+- if (urb->status)
+- DBG("%s ctrl status: %d", hdev->name, urb->status);
++ dr->requesttype = HCI_CTRL_REQ;
++ dr->request = 0;
++ dr->index = 0;
++ dr->value = 0;
++ dr->length = __cpu_to_le16(skb->len);
+
+- clear_bit(HCI_TX_CTRL, &husb->tx_state);
+- kfree_skb(skb);
++ urb = &_urb->urb;
++ FILL_CONTROL_URB(urb, husb->udev, usb_sndctrlpipe(husb->udev, 0),
++ (void *) dr, skb->data, skb->len, hci_usb_tx_complete, husb);
+
+- /* Wake up device */
+- hci_usb_ctrl_wakeup(husb);
++ BT_DBG("%s skb %p len %d", husb->hdev.name, skb, skb->len);
++
++ _urb->priv = skb;
++ return __tx_submit(husb, _urb);
+ }
+
+-static void hci_usb_bulk_write(struct urb *urb)
++static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
+ {
+- struct sk_buff *skb = (struct sk_buff *) urb->context;
+- struct hci_dev *hdev;
+- struct hci_usb *husb;
+-
+- if (!skb)
+- return;
+- hdev = (struct hci_dev *) skb->dev;
+- husb = (struct hci_usb *) hdev->driver_data;
++ struct _urb *_urb = __get_completed(husb, skb->pkt_type);
++ struct urb *urb;
++ int pipe;
+
+- DBG("%s", hdev->name);
+-
+- if (urb->status)
+- DBG("%s bulk write status: %d", hdev->name, urb->status);
++ if (!_urb) {
++ _urb = _urb_alloc(0, GFP_ATOMIC);
++ if (!_urb)
++ return -ENOMEM;
++ _urb->type = skb->pkt_type;
++ }
+
+- clear_bit(HCI_TX_WRITE, &husb->tx_state);
+- kfree_skb(skb);
++ urb = &_urb->urb;
++ pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep->bEndpointAddress);
++ FILL_BULK_URB(urb, husb->udev, pipe, skb->data, skb->len,
++ hci_usb_tx_complete, husb);
++ urb->transfer_flags = USB_QUEUE_BULK | USB_ZERO_PACKET;
+
+- /* Wake up device */
+- hci_usb_write_wakeup(husb);
++ BT_DBG("%s skb %p len %d", husb->hdev.name, skb, skb->len);
+
+- return;
++ _urb->priv = skb;
++ return __tx_submit(husb, _urb);
+ }
+
+-static void hci_usb_intr(struct urb *urb)
++#ifdef CONFIG_BLUEZ_USB_SCO
++static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
+ {
+- struct hci_usb *husb = (struct hci_usb *) urb->context;
+- unsigned char *data = urb->transfer_buffer;
+- register int count = urb->actual_length;
+- register struct sk_buff *skb = husb->intr_skb;
+- hci_event_hdr *eh;
+- register int len;
++ struct _urb *_urb = __get_completed(husb, skb->pkt_type);
++ struct urb *urb;
++
++ if (!_urb) {
++ _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
++ if (!_urb)
++ return -ENOMEM;
++ _urb->type = skb->pkt_type;
++ }
+
+- if (!husb)
+- return;
++ BT_DBG("%s skb %p len %d", husb->hdev.name, skb, skb->len);
+
+- DBG("%s count %d", husb->hdev.name, count);
++ urb = &_urb->urb;
++
++ urb->context = husb;
++ urb->dev = husb->udev;
++ urb->pipe = usb_sndisocpipe(husb->udev, husb->isoc_out_ep->bEndpointAddress);
++ urb->complete = hci_usb_tx_complete;
++ urb->transfer_flags = USB_ISO_ASAP;
+
+- if (urb->status || !count) {
+- DBG("%s intr status %d, count %d", husb->hdev.name, urb->status, count);
+- return;
+- }
++ urb->transfer_buffer = skb->data;
++ urb->transfer_buffer_length = skb->len;
++
++ __fill_isoc_desc(urb, skb->len, husb->isoc_out_ep->wMaxPacketSize);
+
+- /* Do we really have to handle continuations here ? */
+- if (!skb) {
+- /* New frame */
+- if (count < HCI_EVENT_HDR_SIZE) {
+- DBG("%s bad frame len %d", husb->hdev.name, count);
+- return;
+- }
++ _urb->priv = skb;
++ return __tx_submit(husb, _urb);
++}
++#endif
++
++static void hci_usb_tx_process(struct hci_usb *husb)
++{
++ struct sk_buff_head *q;
++ struct sk_buff *skb;
+
+- eh = (hci_event_hdr *) data;
+- len = eh->plen + HCI_EVENT_HDR_SIZE;
++ BT_DBG("%s", husb->hdev.name);
+
+- if (count > len) {
+- DBG("%s corrupted frame, len %d", husb->hdev.name, count);
+- return;
++ do {
++ clear_bit(HCI_USB_TX_WAKEUP, &husb->state);
++
++ /* Process command queue */
++ q = __transmit_q(husb, HCI_COMMAND_PKT);
++ if (!atomic_read(__pending_tx(husb, HCI_COMMAND_PKT)) &&
++ (skb = skb_dequeue(q))) {
++ if (hci_usb_send_ctrl(husb, skb) < 0)
++ skb_queue_head(q, skb);
+ }
+
+- /* Allocate skb */
+- if (!(skb = bluez_skb_alloc(len, GFP_ATOMIC))) {
+- ERR("Can't allocate mem for new packet");
+- return;
++#ifdef CONFIG_BLUEZ_USB_SCO
++ /* Process SCO queue */
++ q = __transmit_q(husb, HCI_SCODATA_PKT);
++ if (atomic_read(__pending_tx(husb, HCI_SCODATA_PKT)) < HCI_MAX_ISOC_TX &&
++ (skb = skb_dequeue(q))) {
++ if (hci_usb_send_isoc(husb, skb) < 0)
++ skb_queue_head(q, skb);
++ }
++#endif
++
++ /* Process ACL queue */
++ q = __transmit_q(husb, HCI_ACLDATA_PKT);
++ while (atomic_read(__pending_tx(husb, HCI_ACLDATA_PKT)) < HCI_MAX_BULK_TX &&
++ (skb = skb_dequeue(q))) {
++ if (hci_usb_send_bulk(husb, skb) < 0) {
++ skb_queue_head(q, skb);
++ break;
++ }
+ }
+- skb->dev = (void *) &husb->hdev;
+- skb->pkt_type = HCI_EVENT_PKT;
++ } while(test_bit(HCI_USB_TX_WAKEUP, &husb->state));
++}
+
+- husb->intr_skb = skb;
+- husb->intr_count = len;
+- } else {
+- /* Continuation */
+- if (count > husb->intr_count) {
+- ERR("%s bad frame len %d (expected %d)", husb->hdev.name, count, husb->intr_count);
++static inline void hci_usb_tx_wakeup(struct hci_usb *husb)
++{
++ /* Serialize TX queue processing to avoid data reordering */
++ if (!test_and_set_bit(HCI_USB_TX_PROCESS, &husb->state)) {
++ hci_usb_tx_process(husb);
++ clear_bit(HCI_USB_TX_PROCESS, &husb->state);
++ } else
++ set_bit(HCI_USB_TX_WAKEUP, &husb->state);
++}
+
+- kfree_skb(skb);
+- husb->intr_skb = NULL;
+- husb->intr_count = 0;
+- return;
+- }
++/* Send frames from HCI layer */
++static int hci_usb_send_frame(struct sk_buff *skb)
++{
++ struct hci_dev *hdev = (struct hci_dev *) skb->dev;
++ struct hci_usb *husb;
++
++ if (!hdev) {
++ BT_ERR("frame for uknown device (hdev=NULL)");
++ return -ENODEV;
+ }
+
+- memcpy(skb_put(skb, count), data, count);
+- husb->intr_count -= count;
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
++ return -EBUSY;
+
+- DMP(data, count);
++ BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
+
+- if (!husb->intr_count) {
+- /* Got complete frame */
++ husb = (struct hci_usb *) hdev->driver_data;
+
+- husb->hdev.stat.byte_rx += skb->len;
+- hci_recv_frame(skb);
++ switch (skb->pkt_type) {
++ case HCI_COMMAND_PKT:
++ hdev->stat.cmd_tx++;
++ break;
++
++ case HCI_ACLDATA_PKT:
++ hdev->stat.acl_tx++;
++ break;
++
++#ifdef CONFIG_BLUEZ_USB_SCO
++ case HCI_SCODATA_PKT:
++ hdev->stat.sco_tx++;
++ break;
++#endif
+
+- husb->intr_skb = NULL;
++ default:
++ kfree_skb(skb);
++ return 0;
+ }
++
++ read_lock(&husb->completion_lock);
++
++ skb_queue_tail(__transmit_q(husb, skb->pkt_type), skb);
++ hci_usb_tx_wakeup(husb);
++
++ read_unlock(&husb->completion_lock);
++ return 0;
+ }
+
+-static void hci_usb_bulk_read(struct urb *urb)
++static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int count)
+ {
+- struct hci_usb *husb = (struct hci_usb *) urb->context;
+- unsigned char *data = urb->transfer_buffer;
+- int count = urb->actual_length, status;
+- struct sk_buff *skb;
+- hci_acl_hdr *ah;
+- register __u16 dlen;
+-
+- if (!husb)
+- return;
++ BT_DBG("%s type %d data %p count %d", husb->hdev.name, type, data, count);
+
+- DBG("%s status %d, count %d, flags %x", husb->hdev.name, urb->status, count, urb->transfer_flags);
++ husb->hdev.stat.byte_rx += count;
+
+- if (urb->status) {
+- /* Do not re-submit URB on critical errors */
+- switch (urb->status) {
+- case -ENOENT:
+- return;
+- default:
+- goto resubmit;
+- };
+- }
+- if (!count)
+- goto resubmit;
++ while (count) {
++ struct sk_buff *skb = __reassembly(husb, type);
++ struct { int expect; } *scb;
++ int len = 0;
++
++ if (!skb) {
++ /* Start of the frame */
++
++ switch (type) {
++ case HCI_EVENT_PKT:
++ if (count >= HCI_EVENT_HDR_SIZE) {
++ hci_event_hdr *h = data;
++ len = HCI_EVENT_HDR_SIZE + h->plen;
++ } else
++ return -EILSEQ;
++ break;
+
+- DMP(data, count);
++ case HCI_ACLDATA_PKT:
++ if (count >= HCI_ACL_HDR_SIZE) {
++ hci_acl_hdr *h = data;
++ len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen);
++ } else
++ return -EILSEQ;
++ break;
++#ifdef CONFIG_BLUEZ_USB_SCO
++ case HCI_SCODATA_PKT:
++ if (count >= HCI_SCO_HDR_SIZE) {
++ hci_sco_hdr *h = data;
++ len = HCI_SCO_HDR_SIZE + h->dlen;
++ } else
++ return -EILSEQ;
++ break;
++#endif
++ }
++ BT_DBG("new packet len %d", len);
++
++ skb = bluez_skb_alloc(len, GFP_ATOMIC);
++ if (!skb) {
++ BT_ERR("%s no memory for the packet", husb->hdev.name);
++ return -ENOMEM;
++ }
++ skb->dev = (void *) &husb->hdev;
++ skb->pkt_type = type;
++
++ __reassembly(husb, type) = skb;
++
++ scb = (void *) skb->cb;
++ scb->expect = len;
++ } else {
++ /* Continuation */
++ scb = (void *) skb->cb;
++ len = scb->expect;
++ }
+
+- ah = (hci_acl_hdr *) data;
+- dlen = le16_to_cpu(ah->dlen);
++ len = min(len, count);
++
++ memcpy(skb_put(skb, len), data, len);
++
++ scb->expect -= len;
++ if (!scb->expect) {
++ /* Complete frame */
++ __reassembly(husb, type) = NULL;
++ hci_recv_frame(skb);
++ }
+
+- /* Verify frame len and completeness */
+- if ((count - HCI_ACL_HDR_SIZE) != dlen) {
+- ERR("%s corrupted ACL packet: count %d, plen %d", husb->hdev.name, count, dlen);
+- goto resubmit;
++ count -= len; data += len;
+ }
++ return 0;
++}
+
+- /* Allocate packet */
+- if (!(skb = bluez_skb_alloc(count, GFP_ATOMIC))) {
+- ERR("Can't allocate mem for new packet");
+- goto resubmit;
+- }
++static void hci_usb_rx_complete(struct urb *urb)
++{
++ struct _urb *_urb = container_of(urb, struct _urb, urb);
++ struct hci_usb *husb = (void *) urb->context;
++ struct hci_dev *hdev = &husb->hdev;
++ int err, count = urb->actual_length;
+
+- memcpy(skb_put(skb, count), data, count);
+- skb->dev = (void *) &husb->hdev;
+- skb->pkt_type = HCI_ACLDATA_PKT;
++ BT_DBG("%s urb %p type %d status %d count %d flags %x", hdev->name, urb,
++ _urb->type, urb->status, count, urb->transfer_flags);
+
+- husb->hdev.stat.byte_rx += skb->len;
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
++ return;
+
+- hci_recv_frame(skb);
++ read_lock(&husb->completion_lock);
+
+-resubmit:
+- husb->read_urb->dev = husb->udev;
+- if ((status = usb_submit_urb(husb->read_urb)))
+- DBG("%s read URB submit failed %d", husb->hdev.name, status);
++ if (urb->status || !count)
++ goto resubmit;
++
++ if (_urb->type == HCI_SCODATA_PKT) {
++#ifdef CONFIG_BLUEZ_USB_SCO
++ int i;
++ for (i=0; i < urb->number_of_packets; i++) {
++ BT_DBG("desc %d status %d offset %d len %d", i,
++ urb->iso_frame_desc[i].status,
++ urb->iso_frame_desc[i].offset,
++ urb->iso_frame_desc[i].actual_length);
++
++ if (!urb->iso_frame_desc[i].status)
++ __recv_frame(husb, _urb->type,
++ urb->transfer_buffer + urb->iso_frame_desc[i].offset,
++ urb->iso_frame_desc[i].actual_length);
++ }
++#else
++ ;
++#endif
++ } else {
++ err = __recv_frame(husb, _urb->type, urb->transfer_buffer, count);
++ if (err < 0) {
++ BT_ERR("%s corrupted packet: type %d count %d",
++ husb->hdev.name, _urb->type, count);
++ hdev->stat.err_rx++;
++ }
++ }
+
+- DBG("%s read URB re-submited", husb->hdev.name);
++resubmit:
++ if (_urb->type != HCI_EVENT_PKT) {
++ urb->dev = husb->udev;
++ err = usb_submit_urb(urb);
++ BT_DBG("%s urb %p type %d resubmit status %d", hdev->name, urb,
++ _urb->type, err);
++ }
++ read_unlock(&husb->completion_lock);
+ }
+
+-static int hci_usb_ctrl_msg(struct hci_usb *husb, struct sk_buff *skb)
++static void hci_usb_tx_complete(struct urb *urb)
+ {
+- struct urb *urb = husb->ctrl_urb;
+- devrequest *dr = &husb->dev_req;
+- int pipe, status;
++ struct _urb *_urb = container_of(urb, struct _urb, urb);
++ struct hci_usb *husb = (void *) urb->context;
++ struct hci_dev *hdev = &husb->hdev;
+
+- DBG("%s len %d", husb->hdev.name, skb->len);
++ BT_DBG("%s urb %p status %d flags %x", hdev->name, urb,
++ urb->status, urb->transfer_flags);
+
+- pipe = usb_sndctrlpipe(husb->udev, 0);
++ atomic_dec(__pending_tx(husb, _urb->type));
+
+- dr->requesttype = HCI_CTRL_REQ;
+- dr->request = 0;
+- dr->index = 0;
+- dr->value = 0;
+- dr->length = cpu_to_le16(skb->len);
++ urb->transfer_buffer = NULL;
++ kfree_skb((struct sk_buff *) _urb->priv);
+
+- FILL_CONTROL_URB(urb, husb->udev, pipe, (void*)dr, skb->data, skb->len,
+- hci_usb_ctrl, skb);
+-
+- if ((status = usb_submit_urb(urb))) {
+- DBG("%s control URB submit failed %d", husb->hdev.name, status);
+- return status;
+- }
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
++ return;
+
+- return 0;
+-}
++ if (!urb->status)
++ hdev->stat.byte_tx += urb->transfer_buffer_length;
++ else
++ hdev->stat.err_tx++;
+
+-static int hci_usb_write_msg(struct hci_usb *husb, struct sk_buff *skb)
+-{
+- struct urb *urb = husb->write_urb;
+- int pipe, status;
++ read_lock(&husb->completion_lock);
+
+- DBG("%s len %d", husb->hdev.name, skb->len);
++ _urb_unlink(_urb);
++ _urb_queue_tail(__completed_q(husb, _urb->type), _urb);
+
+- pipe = usb_sndbulkpipe(husb->udev, husb->bulk_out_ep_addr);
++ hci_usb_tx_wakeup(husb);
++
++ read_unlock(&husb->completion_lock);
++}
+
+- FILL_BULK_URB(urb, husb->udev, pipe, skb->data, skb->len,
+- hci_usb_bulk_write, skb);
+- urb->transfer_flags |= USB_QUEUE_BULK;
++static void hci_usb_destruct(struct hci_dev *hdev)
++{
++ struct hci_usb *husb = (struct hci_usb *) hdev->driver_data;
+
+- if ((status = usb_submit_urb(urb))) {
+- DBG("%s write URB submit failed %d", husb->hdev.name, status);
+- return status;
+- }
++ BT_DBG("%s", hdev->name);
+
+- return 0;
++ kfree(husb);
+ }
+
+-static void * hci_usb_probe(struct usb_device *udev, unsigned int ifnum, const struct usb_device_id *id)
++static void *hci_usb_probe(struct usb_device *udev, unsigned int ifnum, const struct usb_device_id *id)
+ {
+- struct usb_endpoint_descriptor *bulk_out_ep, *intr_in_ep, *bulk_in_ep;
++ struct usb_endpoint_descriptor *bulk_out_ep[HCI_MAX_IFACE_NUM];
++ struct usb_endpoint_descriptor *isoc_out_ep[HCI_MAX_IFACE_NUM];
++ struct usb_endpoint_descriptor *bulk_in_ep[HCI_MAX_IFACE_NUM];
++ struct usb_endpoint_descriptor *isoc_in_ep[HCI_MAX_IFACE_NUM];
++ struct usb_endpoint_descriptor *intr_in_ep[HCI_MAX_IFACE_NUM];
+ struct usb_interface_descriptor *uif;
+ struct usb_endpoint_descriptor *ep;
++ struct usb_interface *iface, *isoc_iface;
+ struct hci_usb *husb;
+ struct hci_dev *hdev;
+- int i, size, pipe;
+- __u8 * buf;
++ int i, a, e, size, ifn, isoc_ifnum, isoc_alts;
+
+- DBG("udev %p ifnum %d", udev, ifnum);
+-
+- /* Check device signature */
+- if ((udev->descriptor.bDeviceClass != HCI_DEV_CLASS) ||
+- (udev->descriptor.bDeviceSubClass != HCI_DEV_SUBCLASS)||
+- (udev->descriptor.bDeviceProtocol != HCI_DEV_PROTOCOL) )
+- return NULL;
+-
+- MOD_INC_USE_COUNT;
++ BT_DBG("udev %p ifnum %d", udev, ifnum);
+
+- uif = &udev->actconfig->interface[ifnum].altsetting[0];
++ iface = &udev->actconfig->interface[0];
+
+- if (uif->bNumEndpoints != 3) {
+- DBG("Wrong number of endpoints %d", uif->bNumEndpoints);
+- MOD_DEC_USE_COUNT;
++ /* Check our black list */
++ if (usb_match_id(udev, iface, ignore_ids))
+ return NULL;
+- }
+
+- bulk_out_ep = intr_in_ep = bulk_in_ep = NULL;
++ /* Check number of endpoints */
++ if (udev->actconfig->interface[ifnum].altsetting[0].bNumEndpoints < 3)
++ return NULL;
+
++ memset(bulk_out_ep, 0, sizeof(bulk_out_ep));
++ memset(isoc_out_ep, 0, sizeof(isoc_out_ep));
++ memset(bulk_in_ep, 0, sizeof(bulk_in_ep));
++ memset(isoc_in_ep, 0, sizeof(isoc_in_ep));
++ memset(intr_in_ep, 0, sizeof(intr_in_ep));
++
++ size = 0;
++ isoc_iface = NULL;
++ isoc_alts = isoc_ifnum = 0;
++
+ /* Find endpoints that we need */
+- for ( i = 0; i < uif->bNumEndpoints; ++i) {
+- ep = &uif->endpoint[i];
+
+- switch (ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
+- case USB_ENDPOINT_XFER_BULK:
+- if (ep->bEndpointAddress & USB_DIR_IN)
+- bulk_in_ep = ep;
+- else
+- bulk_out_ep = ep;
+- break;
++ ifn = MIN(udev->actconfig->bNumInterfaces, HCI_MAX_IFACE_NUM);
++ for (i = 0; i < ifn; i++) {
++ iface = &udev->actconfig->interface[i];
++ for (a = 0; a < iface->num_altsetting; a++) {
++ uif = &iface->altsetting[a];
++ for (e = 0; e < uif->bNumEndpoints; e++) {
++ ep = &uif->endpoint[e];
++
++ switch (ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
++ case USB_ENDPOINT_XFER_INT:
++ if (ep->bEndpointAddress & USB_DIR_IN)
++ intr_in_ep[i] = ep;
++ break;
++
++ case USB_ENDPOINT_XFER_BULK:
++ if (ep->bEndpointAddress & USB_DIR_IN)
++ bulk_in_ep[i] = ep;
++ else
++ bulk_out_ep[i] = ep;
++ break;
++
++#ifdef CONFIG_BLUEZ_USB_SCO
++ case USB_ENDPOINT_XFER_ISOC:
++ if (ep->wMaxPacketSize < size || a > 2)
++ break;
++ size = ep->wMaxPacketSize;
++
++ isoc_iface = iface;
++ isoc_alts = a;
++ isoc_ifnum = i;
++
++ if (ep->bEndpointAddress & USB_DIR_IN)
++ isoc_in_ep[i] = ep;
++ else
++ isoc_out_ep[i] = ep;
++ break;
++#endif
++ }
++ }
++ }
++ }
+
+- case USB_ENDPOINT_XFER_INT:
+- intr_in_ep = ep;
+- break;
+- };
++ if (!bulk_in_ep[0] || !bulk_out_ep[0] || !intr_in_ep[0]) {
++ BT_DBG("Bulk endpoints not found");
++ goto done;
+ }
+
+- if (!bulk_in_ep || !bulk_out_ep || !intr_in_ep) {
+- DBG("Endpoints not found: %p %p %p", bulk_in_ep, bulk_out_ep, intr_in_ep);
+- MOD_DEC_USE_COUNT;
+- return NULL;
++#ifdef CONFIG_BLUEZ_USB_SCO
++ if (!isoc_in_ep[1] || !isoc_out_ep[1]) {
++ BT_DBG("Isoc endpoints not found");
++ isoc_iface = NULL;
+ }
++#endif
+
+ if (!(husb = kmalloc(sizeof(struct hci_usb), GFP_KERNEL))) {
+- ERR("Can't allocate: control structure");
+- MOD_DEC_USE_COUNT;
+- return NULL;
++ BT_ERR("Can't allocate: control structure");
++ goto done;
+ }
+
+ memset(husb, 0, sizeof(struct hci_usb));
+
+ husb->udev = udev;
+- husb->bulk_out_ep_addr = bulk_out_ep->bEndpointAddress;
+-
+- if (!(husb->ctrl_urb = usb_alloc_urb(0))) {
+- ERR("Can't allocate: control URB");
+- goto probe_error;
+- }
+-
+- if (!(husb->write_urb = usb_alloc_urb(0))) {
+- ERR("Can't allocate: write URB");
+- goto probe_error;
+- }
+-
+- if (!(husb->read_urb = usb_alloc_urb(0))) {
+- ERR("Can't allocate: read URB");
+- goto probe_error;
+- }
+-
+- ep = bulk_in_ep;
+- pipe = usb_rcvbulkpipe(udev, ep->bEndpointAddress);
+- size = HCI_MAX_FRAME_SIZE;
+-
+- if (!(buf = kmalloc(size, GFP_KERNEL))) {
+- ERR("Can't allocate: read buffer");
+- goto probe_error;
+- }
+-
+- FILL_BULK_URB(husb->read_urb, udev, pipe, buf, size, hci_usb_bulk_read, husb);
+- husb->read_urb->transfer_flags |= USB_QUEUE_BULK;
+-
+- ep = intr_in_ep;
+- pipe = usb_rcvintpipe(udev, ep->bEndpointAddress);
+- size = usb_maxpacket(udev, pipe, usb_pipeout(pipe));
+-
+- if (!(husb->intr_urb = usb_alloc_urb(0))) {
+- ERR("Can't allocate: interrupt URB");
+- goto probe_error;
++ husb->bulk_out_ep = bulk_out_ep[0];
++ husb->bulk_in_ep = bulk_in_ep[0];
++ husb->intr_in_ep = intr_in_ep[0];
++
++#ifdef CONFIG_BLUEZ_USB_SCO
++ if (isoc_iface) {
++ BT_DBG("isoc ifnum %d alts %d", isoc_ifnum, isoc_alts);
++ if (usb_set_interface(udev, isoc_ifnum, isoc_alts)) {
++ BT_ERR("Can't set isoc interface settings");
++ isoc_iface = NULL;
++ }
++ usb_driver_claim_interface(&hci_usb_driver, isoc_iface, husb);
++ husb->isoc_iface = isoc_iface;
++ husb->isoc_in_ep = isoc_in_ep[isoc_ifnum];
++ husb->isoc_out_ep = isoc_out_ep[isoc_ifnum];
+ }
++#endif
++
++ husb->completion_lock = RW_LOCK_UNLOCKED;
+
+- if (!(buf = kmalloc(size, GFP_KERNEL))) {
+- ERR("Can't allocate: interrupt buffer");
+- goto probe_error;
++ for (i = 0; i < 4; i++) {
++ skb_queue_head_init(&husb->transmit_q[i]);
++ _urb_queue_init(&husb->pending_q[i]);
++ _urb_queue_init(&husb->completed_q[i]);
+ }
+
+- FILL_INT_URB(husb->intr_urb, udev, pipe, buf, size, hci_usb_intr, husb, ep->bInterval);
+-
+- skb_queue_head_init(&husb->tx_ctrl_q);
+- skb_queue_head_init(&husb->tx_write_q);
+-
+ /* Initialize and register HCI device */
+ hdev = &husb->hdev;
+
+- hdev->type = HCI_USB;
++ hdev->type = HCI_USB;
+ hdev->driver_data = husb;
+
+ hdev->open = hci_usb_open;
+ hdev->close = hci_usb_close;
+ hdev->flush = hci_usb_flush;
+- hdev->send = hci_usb_send_frame;
++ hdev->send = hci_usb_send_frame;
++ hdev->destruct = hci_usb_destruct;
+
+ if (hci_register_dev(hdev) < 0) {
+- ERR("Can't register HCI device %s", hdev->name);
++ BT_ERR("Can't register HCI device");
+ goto probe_error;
+ }
+
+ return husb;
+
+ probe_error:
+- hci_usb_free_bufs(husb);
+ kfree(husb);
+- MOD_DEC_USE_COUNT;
++
++done:
+ return NULL;
+ }
+
+@@ -626,38 +930,34 @@
+ if (!husb)
+ return;
+
+- DBG("%s", hdev->name);
++ BT_DBG("%s", hdev->name);
+
+ hci_usb_close(hdev);
+
+- if (hci_unregister_dev(hdev) < 0) {
+- ERR("Can't unregister HCI device %s", hdev->name);
+- }
++ if (husb->isoc_iface)
++ usb_driver_release_interface(&hci_usb_driver, husb->isoc_iface);
+
+- hci_usb_free_bufs(husb);
+- kfree(husb);
+-
+- MOD_DEC_USE_COUNT;
++ if (hci_unregister_dev(hdev) < 0)
++ BT_ERR("Can't unregister HCI device %s", hdev->name);
+ }
+
+-static struct usb_driver hci_usb_driver =
+-{
++static struct usb_driver hci_usb_driver = {
+ name: "hci_usb",
+ probe: hci_usb_probe,
+ disconnect: hci_usb_disconnect,
+- id_table: usb_bluetooth_ids,
++ id_table: bluetooth_ids,
+ };
+
+ int hci_usb_init(void)
+ {
+ int err;
+
+- INF("BlueZ HCI USB driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
++ BT_INFO("BlueZ HCI USB driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
+ VERSION);
+- INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
+
+ if ((err = usb_register(&hci_usb_driver)) < 0)
+- ERR("Failed to register HCI USB driver");
++ BT_ERR("Failed to register HCI USB driver");
+
+ return err;
+ }
+diff -urN linux-2.4.18/drivers/bluetooth/hci_usb.h linux-2.4.18-mh9/drivers/bluetooth/hci_usb.h
+--- linux-2.4.18/drivers/bluetooth/hci_usb.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_usb.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,139 @@
++/*
++ HCI USB driver for Linux Bluetooth protocol stack (BlueZ)
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ Copyright (C) 2003 Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_usb.h,v 1.2 2002/03/18 19:10:04 maxk Exp $
++ */
++
++#ifdef __KERNEL__
++
++/* Class, SubClass, and Protocol codes that describe a Bluetooth device */
++#define HCI_DEV_CLASS 0xe0 /* Wireless class */
++#define HCI_DEV_SUBCLASS 0x01 /* RF subclass */
++#define HCI_DEV_PROTOCOL 0x01 /* Bluetooth programming protocol */
++
++#define HCI_CTRL_REQ 0x20
++
++#define HCI_MAX_IFACE_NUM 3
++
++#define HCI_MAX_BULK_TX 4
++#define HCI_MAX_BULK_RX 1
++
++#define HCI_MAX_ISOC_RX 2
++#define HCI_MAX_ISOC_TX 2
++
++#define HCI_MAX_ISOC_FRAMES 10
++
++struct _urb_queue {
++ struct list_head head;
++ spinlock_t lock;
++};
++
++struct _urb {
++ struct list_head list;
++ struct _urb_queue *queue;
++ int type;
++ void *priv;
++ struct urb urb;
++};
++
++struct _urb *_urb_alloc(int isoc, int gfp);
++
++static inline void _urb_free(struct _urb *_urb)
++{
++ kfree(_urb);
++}
++
++static inline void _urb_queue_init(struct _urb_queue *q)
++{
++ INIT_LIST_HEAD(&q->head);
++ spin_lock_init(&q->lock);
++}
++
++static inline void _urb_queue_head(struct _urb_queue *q, struct _urb *_urb)
++{
++ unsigned long flags;
++ spin_lock_irqsave(&q->lock, flags);
++ list_add(&_urb->list, &q->head); _urb->queue = q;
++ spin_unlock_irqrestore(&q->lock, flags);
++}
++
++static inline void _urb_queue_tail(struct _urb_queue *q, struct _urb *_urb)
++{
++ unsigned long flags;
++ spin_lock_irqsave(&q->lock, flags);
++ list_add_tail(&_urb->list, &q->head); _urb->queue = q;
++ spin_unlock_irqrestore(&q->lock, flags);
++}
++
++static inline void _urb_unlink(struct _urb *_urb)
++{
++ struct _urb_queue *q = _urb->queue;
++ unsigned long flags;
++ if (q) {
++ spin_lock_irqsave(&q->lock, flags);
++ list_del(&_urb->list); _urb->queue = NULL;
++ spin_unlock_irqrestore(&q->lock, flags);
++ }
++}
++
++struct _urb *_urb_dequeue(struct _urb_queue *q);
++
++#ifndef container_of
++#define container_of(ptr, type, member) ({ \
++ const typeof( ((type *)0)->member ) *__mptr = (ptr); \
++ (type *)( (char *)__mptr - offsetof(type,member) );})
++#endif
++
++struct hci_usb {
++ struct hci_dev hdev;
++
++ unsigned long state;
++
++ struct usb_device *udev;
++
++ struct usb_endpoint_descriptor *bulk_in_ep;
++ struct usb_endpoint_descriptor *bulk_out_ep;
++ struct usb_endpoint_descriptor *intr_in_ep;
++
++ struct usb_interface *isoc_iface;
++ struct usb_endpoint_descriptor *isoc_out_ep;
++ struct usb_endpoint_descriptor *isoc_in_ep;
++
++ struct sk_buff_head transmit_q[4];
++ struct sk_buff *reassembly[4]; // Reassembly buffers
++
++ rwlock_t completion_lock;
++
++ atomic_t pending_tx[4]; // Number of pending requests
++ struct _urb_queue pending_q[4]; // Pending requests
++ struct _urb_queue completed_q[4]; // Completed requests
++};
++
++/* States */
++#define HCI_USB_TX_PROCESS 1
++#define HCI_USB_TX_WAKEUP 2
++
++#endif /* __KERNEL__ */
+diff -urN linux-2.4.18/drivers/bluetooth/hci_vhci.c linux-2.4.18-mh9/drivers/bluetooth/hci_vhci.c
+--- linux-2.4.18/drivers/bluetooth/hci_vhci.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_vhci.c Mon Aug 25 18:38:10 2003
+@@ -25,9 +25,9 @@
+ /*
+ * BlueZ HCI virtual device driver.
+ *
+- * $Id: hci_vhci.c,v 1.3 2001/08/03 04:19:50 maxk Exp $
++ * $Id: hci_vhci.c,v 1.3 2002/04/17 17:37:20 maxk Exp $
+ */
+-#define VERSION "1.0"
++#define VERSION "1.1"
+
+ #include <linux/config.h>
+ #include <linux/module.h>
+@@ -49,43 +49,56 @@
+ #include <asm/uaccess.h>
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+ #include <net/bluetooth/hci_core.h>
+-#include <net/bluetooth/hci_vhci.h>
++#include "hci_vhci.h"
+
+ /* HCI device part */
+
+-int hci_vhci_open(struct hci_dev *hdev)
++static int hci_vhci_open(struct hci_dev *hdev)
+ {
+- hdev->flags |= HCI_RUNNING;
++ set_bit(HCI_RUNNING, &hdev->flags);
+ return 0;
+ }
+
+-int hci_vhci_flush(struct hci_dev *hdev)
++static int hci_vhci_flush(struct hci_dev *hdev)
+ {
+ struct hci_vhci_struct *hci_vhci = (struct hci_vhci_struct *) hdev->driver_data;
+ skb_queue_purge(&hci_vhci->readq);
+ return 0;
+ }
+
+-int hci_vhci_close(struct hci_dev *hdev)
++static int hci_vhci_close(struct hci_dev *hdev)
+ {
+- hdev->flags &= ~HCI_RUNNING;
++ if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
++ return 0;
++
+ hci_vhci_flush(hdev);
+ return 0;
+ }
+
+-int hci_vhci_send_frame(struct sk_buff *skb)
++static void hci_vhci_destruct(struct hci_dev *hdev)
++{
++ struct hci_vhci_struct *vhci;
++
++ if (!hdev) return;
++
++ vhci = (struct hci_vhci_struct *) hdev->driver_data;
++ kfree(vhci);
++
++ MOD_DEC_USE_COUNT;
++}
++
++static int hci_vhci_send_frame(struct sk_buff *skb)
+ {
+ struct hci_dev* hdev = (struct hci_dev *) skb->dev;
+ struct hci_vhci_struct *hci_vhci;
+
+ if (!hdev) {
+- ERR("Frame for uknown device (hdev=NULL)");
++ BT_ERR("Frame for uknown device (hdev=NULL)");
+ return -ENODEV;
+ }
+
+- if (!(hdev->flags & HCI_RUNNING))
++ if (!test_bit(HCI_RUNNING, &hdev->flags))
+ return -EBUSY;
+
+ hci_vhci = (struct hci_vhci_struct *) hdev->driver_data;
+@@ -188,7 +201,7 @@
+
+ add_wait_queue(&hci_vhci->read_wait, &wait);
+ while (count) {
+- current->state = TASK_INTERRUPTIBLE;
++ set_current_state(TASK_INTERRUPTIBLE);
+
+ /* Read frames from device queue */
+ if (!(skb = skb_dequeue(&hci_vhci->readq))) {
+@@ -214,8 +227,7 @@
+ kfree_skb(skb);
+ break;
+ }
+-
+- current->state = TASK_RUNNING;
++ set_current_state(TASK_RUNNING);
+ remove_wait_queue(&hci_vhci->read_wait, &wait);
+
+ return ret;
+@@ -270,11 +282,13 @@
+ hdev->close = hci_vhci_close;
+ hdev->flush = hci_vhci_flush;
+ hdev->send = hci_vhci_send_frame;
++ hdev->destruct = hci_vhci_destruct;
+
+ if (hci_register_dev(hdev) < 0) {
+ kfree(hci_vhci);
+ return -EBUSY;
+ }
++ MOD_INC_USE_COUNT;
+
+ file->private_data = hci_vhci;
+ return 0;
+@@ -285,12 +299,10 @@
+ struct hci_vhci_struct *hci_vhci = (struct hci_vhci_struct *) file->private_data;
+
+ if (hci_unregister_dev(&hci_vhci->hdev) < 0) {
+- ERR("Can't unregister HCI device %s", hci_vhci->hdev.name);
++ BT_ERR("Can't unregister HCI device %s", hci_vhci->hdev.name);
+ }
+
+- kfree(hci_vhci);
+ file->private_data = NULL;
+-
+ return 0;
+ }
+
+@@ -315,12 +327,12 @@
+
+ int __init hci_vhci_init(void)
+ {
+- INF("BlueZ VHCI driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
++ BT_INFO("BlueZ VHCI driver ver %s Copyright (C) 2000,2001 Qualcomm Inc",
+ VERSION);
+- INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
+
+ if (misc_register(&hci_vhci_miscdev)) {
+- ERR("Can't register misc device %d\n", VHCI_MINOR);
++ BT_ERR("Can't register misc device %d\n", VHCI_MINOR);
+ return -EIO;
+ }
+
+@@ -337,4 +349,4 @@
+
+ MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
+ MODULE_DESCRIPTION("BlueZ VHCI driver ver " VERSION);
+-MODULE_LICENSE("GPL");
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/drivers/bluetooth/hci_vhci.h linux-2.4.18-mh9/drivers/bluetooth/hci_vhci.h
+--- linux-2.4.18/drivers/bluetooth/hci_vhci.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/drivers/bluetooth/hci_vhci.h Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,50 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: hci_vhci.h,v 1.1.1.1 2002/03/08 21:03:15 maxk Exp $
++ */
++
++#ifndef __HCI_VHCI_H
++#define __HCI_VHCI_H
++
++#ifdef __KERNEL__
++
++struct hci_vhci_struct {
++ struct hci_dev hdev;
++ __u32 flags;
++ wait_queue_head_t read_wait;
++ struct sk_buff_head readq;
++ struct fasync_struct *fasync;
++};
++
++/* VHCI device flags */
++#define VHCI_FASYNC 0x0010
++
++#endif /* __KERNEL__ */
++
++#define VHCI_DEV "/dev/vhci"
++#define VHCI_MINOR 250
++
++#endif /* __HCI_VHCI_H */
+diff -urN linux-2.4.18/drivers/char/pcmcia/serial_cs.c linux-2.4.18-mh9/drivers/char/pcmcia/serial_cs.c
+--- linux-2.4.18/drivers/char/pcmcia/serial_cs.c Fri Dec 21 18:41:54 2001
++++ linux-2.4.18-mh9/drivers/char/pcmcia/serial_cs.c Mon Aug 25 18:38:10 2003
+@@ -2,7 +2,7 @@
+
+ A driver for PCMCIA serial devices
+
+- serial_cs.c 1.128 2001/10/18 12:18:35
++ serial_cs.c 1.138 2002/10/25 06:24:52
+
+ The contents of this file are subject to the Mozilla Public
+ License Version 1.1 (the "License"); you may not use this file
+@@ -28,7 +28,7 @@
+ and other provisions required by the GPL. If you do not delete
+ the provisions above, a recipient may use your version of this
+ file under either the MPL or the GPL.
+-
++
+ ======================================================================*/
+
+ #include <linux/module.h>
+@@ -69,14 +69,14 @@
+ static int irq_list[4] = { -1 };
+ MODULE_PARM(irq_list, "1-4i");
+
+-/* Enable the speaker? */
+-INT_MODULE_PARM(do_sound, 1);
++INT_MODULE_PARM(do_sound, 1); /* Enable the speaker? */
++INT_MODULE_PARM(buggy_uart, 0); /* Skip strict UART tests? */
+
+ #ifdef PCMCIA_DEBUG
+ INT_MODULE_PARM(pc_debug, PCMCIA_DEBUG);
+ #define DEBUG(n, args...) if (pc_debug>(n)) printk(KERN_DEBUG args)
+ static char *version =
+-"serial_cs.c 1.128 2001/10/18 12:18:35 (David Hinds)";
++"serial_cs.c 1.138 2002/10/25 06:24:52 (David Hinds)";
+ #else
+ #define DEBUG(n, args...)
+ #endif
+@@ -95,6 +95,7 @@
+ { MANFID_OMEGA, PRODID_OMEGA_QSP_100, 4 },
+ { MANFID_QUATECH, PRODID_QUATECH_DUAL_RS232, 2 },
+ { MANFID_QUATECH, PRODID_QUATECH_DUAL_RS232_D1, 2 },
++ { MANFID_QUATECH, PRODID_QUATECH_DUAL_RS232_D2, 2 },
+ { MANFID_QUATECH, PRODID_QUATECH_QUAD_RS232, 4 },
+ { MANFID_QUATECH, PRODID_QUATECH_DUAL_RS422, 2 },
+ { MANFID_QUATECH, PRODID_QUATECH_QUAD_RS422, 4 },
+@@ -148,7 +149,7 @@
+ client_reg_t client_reg;
+ dev_link_t *link;
+ int i, ret;
+-
++
+ DEBUG(0, "serial_attach()\n");
+
+ /* Create new serial device */
+@@ -160,7 +161,7 @@
+ link->release.function = &serial_release;
+ link->release.data = (u_long)link;
+ link->io.Attributes1 = IO_DATA_PATH_WIDTH_8;
+- link->io.NumPorts1 = 8;
++ link->io.Attributes2 = IO_DATA_PATH_WIDTH_8;
+ link->irq.Attributes = IRQ_TYPE_EXCLUSIVE;
+ link->irq.IRQInfo1 = IRQ_INFO2_VALID|IRQ_LEVEL_ID;
+ if (irq_list[0] == -1)
+@@ -169,13 +170,12 @@
+ for (i = 0; i < 4; i++)
+ link->irq.IRQInfo2 |= 1 << irq_list[i];
+ link->conf.Attributes = CONF_ENABLE_IRQ;
+- link->conf.Vcc = 50;
+ if (do_sound) {
+ link->conf.Attributes |= CONF_ENABLE_SPKR;
+ link->conf.Status = CCSR_AUDIO_ENA;
+ }
+ link->conf.IntType = INT_MEMORY_AND_IO;
+-
++
+ /* Register with Card Services */
+ link->next = dev_list;
+ dev_list = link;
+@@ -194,7 +194,7 @@
+ serial_detach(link);
+ return NULL;
+ }
+-
++
+ return link;
+ } /* serial_attach */
+
+@@ -214,7 +214,7 @@
+ int ret;
+
+ DEBUG(0, "serial_detach(0x%p)\n", link);
+-
++
+ /* Locate device structure */
+ for (linkp = &dev_list; *linkp; linkp = &(*linkp)->next)
+ if (*linkp == link) break;
+@@ -224,17 +224,17 @@
+ del_timer(&link->release);
+ if (link->state & DEV_CONFIG)
+ serial_release((u_long)link);
+-
++
+ if (link->handle) {
+ ret = CardServices(DeregisterClient, link->handle);
+ if (ret != CS_SUCCESS)
+ cs_error(link->handle, DeregisterClient, ret);
+ }
+-
++
+ /* Unlink device structure, free bits */
+ *linkp = link->next;
+ kfree(info);
+-
++
+ } /* serial_detach */
+
+ /*====================================================================*/
+@@ -243,18 +243,20 @@
+ {
+ struct serial_struct serial;
+ int line;
+-
++
+ memset(&serial, 0, sizeof(serial));
+ serial.port = port;
+ serial.irq = irq;
+ serial.flags = ASYNC_SKIP_TEST | ASYNC_SHARE_IRQ;
++ if (buggy_uart)
++ serial.flags |= ASYNC_BUGGY_UART;
+ line = register_serial(&serial);
+ if (line < 0) {
+ printk(KERN_NOTICE "serial_cs: register_serial() at 0x%04lx,"
+ " irq %d failed\n", (u_long)serial.port, serial.irq);
+ return -1;
+ }
+-
++
+ info->line[info->ndev] = line;
+ sprintf(info->node[info->ndev].dev_name, "ttyS%d", line);
+ info->node[info->ndev].major = TTY_MAJOR;
+@@ -262,7 +264,7 @@
+ if (info->ndev > 0)
+ info->node[info->ndev-1].next = &info->node[info->ndev];
+ info->ndev++;
+-
++
+ return 0;
+ }
+
+@@ -313,7 +315,10 @@
+ return setup_serial(info, port, config.AssignedIRQ);
+ }
+ link->conf.Vcc = config.Vcc;
+-
++
++ link->io.NumPorts1 = 8;
++ link->io.NumPorts2 = 0;
++
+ /* First pass: look for a config entry that looks normal. */
+ tuple.TupleData = (cisdata_t *)buf;
+ tuple.TupleOffset = 0; tuple.TupleDataMax = 255;
+@@ -340,7 +345,7 @@
+ i = next_tuple(handle, &tuple, &parse);
+ }
+ }
+-
++
+ /* Second pass: try to find an entry that isn't picky about
+ its base address, then try to grab any standard serial port
+ address, and finally try to get any free port. */
+@@ -352,8 +357,7 @@
+ for (j = 0; j < 5; j++) {
+ link->io.BasePort1 = base[j];
+ link->io.IOAddrLines = base[j] ? 16 : 3;
+- i = CardServices(RequestIO, link->handle,
+- &link->io);
++ i = CardServices(RequestIO, link->handle, &link->io);
+ if (i == CS_SUCCESS) goto found_port;
+ }
+ }
+@@ -365,7 +369,7 @@
+ cs_error(link->handle, RequestIO, i);
+ return -1;
+ }
+-
++
+ i = CardServices(RequestIRQ, link->handle, &link->irq);
+ if (i != CS_SUCCESS) {
+ cs_error(link->handle, RequestIRQ, i);
+@@ -390,8 +394,12 @@
+ u_char buf[256];
+ cisparse_t parse;
+ cistpl_cftable_entry_t *cf = &parse.cftable_entry;
++ config_info_t config;
+ int i, base2 = 0;
+
++ CardServices(GetConfigurationInfo, handle, &config);
++ link->conf.Vcc = config.Vcc;
++
+ tuple.TupleData = (cisdata_t *)buf;
+ tuple.TupleOffset = 0; tuple.TupleDataMax = 255;
+ tuple.Attributes = 0;
+@@ -433,12 +441,12 @@
+ i = next_tuple(handle, &tuple, &parse);
+ }
+ }
+-
++
+ if (i != CS_SUCCESS) {
+- cs_error(link->handle, RequestIO, i);
+- return -1;
++ /* At worst, try to configure as a single port */
++ return simple_config(link);
+ }
+-
++
+ i = CardServices(RequestIRQ, link->handle, &link->irq);
+ if (i != CS_SUCCESS) {
+ cs_error(link->handle, RequestIRQ, i);
+@@ -454,14 +462,27 @@
+ cs_error(link->handle, RequestConfiguration, i);
+ return -1;
+ }
+-
++
++ /* The Oxford Semiconductor OXCF950 cards are in fact single-port:
++ 8 registers are for the UART, the others are extra registers */
++ if (info->manfid == MANFID_OXSEMI) {
++ if (cf->index == 1 || cf->index == 3) {
++ setup_serial(info, base2, link->irq.AssignedIRQ);
++ outb(12,link->io.BasePort1+1);
++ } else {
++ setup_serial(info, link->io.BasePort1, link->irq.AssignedIRQ);
++ outb(12,base2+1);
++ }
++ return 0;
++ }
++
+ setup_serial(info, link->io.BasePort1, link->irq.AssignedIRQ);
+ /* The Nokia cards are not really multiport cards */
+ if (info->manfid == MANFID_NOKIA)
+ return 0;
+ for (i = 0; i < info->multi-1; i++)
+ setup_serial(info, base2+(8*i), link->irq.AssignedIRQ);
+-
++
+ return 0;
+ }
+
+@@ -487,7 +508,7 @@
+ int i, last_ret, last_fn;
+
+ DEBUG(0, "serial_config(0x%p)\n", link);
+-
++
+ tuple.TupleData = (cisdata_t *)buf;
+ tuple.TupleOffset = 0; tuple.TupleDataMax = 255;
+ tuple.Attributes = 0;
+@@ -500,7 +521,7 @@
+ }
+ link->conf.ConfigBase = parse.config.base;
+ link->conf.Present = parse.config.rmask[0];
+-
++
+ /* Configure card */
+ link->state |= DEV_CONFIG;
+
+@@ -508,8 +529,8 @@
+ tuple.DesiredTuple = CISTPL_LONGLINK_MFC;
+ tuple.Attributes = TUPLE_RETURN_COMMON | TUPLE_RETURN_LINK;
+ info->multi = (first_tuple(handle, &tuple, &parse) == CS_SUCCESS);
+-
+- /* Is this a multiport card? */
++
++ /* Scan list of known multiport card ID's */
+ tuple.DesiredTuple = CISTPL_MANFID;
+ if (first_tuple(handle, &tuple, &parse) == CS_SUCCESS) {
+ info->manfid = le16_to_cpu(buf[0]);
+@@ -537,15 +558,15 @@
+ info->multi = 2;
+ }
+ }
+-
++
+ if (info->multi > 1)
+ multi_config(link);
+ else
+ simple_config(link);
+-
++
+ if (info->ndev == 0)
+ goto failed;
+-
++
+ if (info->manfid == MANFID_IBM) {
+ conf_reg_t reg = { 0, CS_READ, 0x800, 0 };
+ CS_CHECK(AccessConfigurationRegister, link->handle, &reg);
+@@ -562,6 +583,7 @@
+ cs_error(link->handle, last_fn, last_ret);
+ failed:
+ serial_release((u_long)link);
++ link->state &= ~DEV_CONFIG_PENDING;
+
+ } /* serial_config */
+
+@@ -569,7 +591,7 @@
+
+ After a card is removed, serial_release() will unregister the net
+ device, and release the PCMCIA configuration.
+-
++
+ ======================================================================*/
+
+ void serial_release(u_long arg)
+@@ -577,7 +599,7 @@
+ dev_link_t *link = (dev_link_t *)arg;
+ serial_info_t *info = link->priv;
+ int i;
+-
++
+ DEBUG(0, "serial_release(0x%p)\n", link);
+
+ for (i = 0; i < info->ndev; i++) {
+@@ -590,7 +612,7 @@
+ CardServices(ReleaseIO, link->handle, &link->io);
+ CardServices(ReleaseIRQ, link->handle, &link->irq);
+ }
+-
++
+ link->state &= ~DEV_CONFIG;
+
+ } /* serial_release */
+@@ -601,7 +623,7 @@
+ stuff to run after an event is received. A CARD_REMOVAL event
+ also sets some flags to discourage the serial drivers from
+ talking to the ports.
+-
++
+ ======================================================================*/
+
+ static int serial_event(event_t event, int priority,
+@@ -609,9 +631,9 @@
+ {
+ dev_link_t *link = args->client_data;
+ serial_info_t *info = link->priv;
+-
++
+ DEBUG(1, "serial_event(0x%06x)\n", event);
+-
++
+ switch (event) {
+ case CS_EVENT_CARD_REMOVAL:
+ link->state &= ~DEV_PRESENT;
+@@ -650,7 +672,7 @@
+ if (serv.Revision != CS_RELEASE_CODE) {
+ printk(KERN_NOTICE "serial_cs: Card Services release "
+ "does not match!\n");
+- return -1;
++ return -EINVAL;
+ }
+ register_pccard_driver(&dev_info, &serial_attach, &serial_detach);
+ return 0;
+diff -urN linux-2.4.18/drivers/usb/Config.in linux-2.4.18-mh9/drivers/usb/Config.in
+--- linux-2.4.18/drivers/usb/Config.in Mon Feb 25 20:38:07 2002
++++ linux-2.4.18-mh9/drivers/usb/Config.in Mon Aug 25 18:38:10 2003
+@@ -31,7 +31,13 @@
+
+ comment 'USB Device Class drivers'
+ dep_tristate ' USB Audio support' CONFIG_USB_AUDIO $CONFIG_USB $CONFIG_SOUND
+-dep_tristate ' USB Bluetooth support (EXPERIMENTAL)' CONFIG_USB_BLUETOOTH $CONFIG_USB $CONFIG_EXPERIMENTAL
++if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
++ if [ "$CONFIG_BLUEZ" = "n" ]; then
++ dep_tristate ' USB Bluetooth support (EXPERIMENTAL)' CONFIG_USB_BLUETOOTH $CONFIG_USB
++ else
++ comment ' USB Bluetooth can only be used with disabled Bluetooth subsystem'
++ fi
++fi
+ if [ "$CONFIG_SCSI" = "n" ]; then
+ comment ' SCSI support is needed for USB Storage'
+ fi
+diff -urN linux-2.4.18/include/linux/firmware.h linux-2.4.18-mh9/include/linux/firmware.h
+--- linux-2.4.18/include/linux/firmware.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/include/linux/firmware.h Mon Aug 25 18:38:10 2003
+@@ -0,0 +1,20 @@
++#ifndef _LINUX_FIRMWARE_H
++#define _LINUX_FIRMWARE_H
++#include <linux/module.h>
++#include <linux/types.h>
++#define FIRMWARE_NAME_MAX 30
++struct firmware {
++ size_t size;
++ u8 *data;
++};
++int request_firmware (const struct firmware **fw, const char *name,
++ const char *device);
++int request_firmware_nowait (
++ struct module *module,
++ const char *name, const char *device, void *context,
++ void (*cont)(const struct firmware *fw, void *context));
++/* On 2.5 'device' is 'struct device *' */
++
++void release_firmware (const struct firmware *fw);
++void register_firmware (const char *name, const u8 *data, size_t size);
++#endif
+diff -urN linux-2.4.18/include/linux/kernel.h linux-2.4.18-mh9/include/linux/kernel.h
+--- linux-2.4.18/include/linux/kernel.h Mon Feb 25 20:38:13 2002
++++ linux-2.4.18-mh9/include/linux/kernel.h Mon Aug 25 18:38:11 2003
+@@ -11,6 +11,7 @@
+ #include <linux/linkage.h>
+ #include <linux/stddef.h>
+ #include <linux/types.h>
++#include <linux/compiler.h>
+
+ /* Optimization barrier */
+ /* The "volatile" is due to gcc bugs */
+@@ -181,4 +182,6 @@
+ char _f[20-2*sizeof(long)-sizeof(int)]; /* Padding: libc5 uses this.. */
+ };
+
+-#endif
++#define BUG_ON(condition) do { if (unlikely((condition)!=0)) BUG(); } while(0)
++
++#endif /* _LINUX_KERNEL_H */
+diff -urN linux-2.4.18/include/net/bluetooth/bluetooth.h linux-2.4.18-mh9/include/net/bluetooth/bluetooth.h
+--- linux-2.4.18/include/net/bluetooth/bluetooth.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/bluetooth.h Mon Aug 25 18:38:11 2003
+@@ -23,7 +23,7 @@
+ */
+
+ /*
+- * $Id: bluetooth.h,v 1.6 2001/08/03 04:19:49 maxk Exp $
++ * $Id: bluetooth.h,v 1.9 2002/05/06 21:11:55 maxk Exp $
+ */
+
+ #ifndef __BLUETOOTH_H
+@@ -31,17 +31,63 @@
+
+ #include <asm/types.h>
+ #include <asm/byteorder.h>
++#include <linux/poll.h>
++#include <net/sock.h>
+
+ #ifndef AF_BLUETOOTH
+ #define AF_BLUETOOTH 31
+ #define PF_BLUETOOTH AF_BLUETOOTH
+ #endif
+
++/* Reserv for core and drivers use */
++#define BLUEZ_SKB_RESERVE 8
++
++#ifndef MIN
++#define MIN(a,b) ((a) < (b) ? (a) : (b))
++#endif
++
+ #define BTPROTO_L2CAP 0
+ #define BTPROTO_HCI 1
++#define BTPROTO_SCO 2
++#define BTPROTO_RFCOMM 3
++#define BTPROTO_BNEP 4
++#define BTPROTO_CMTP 5
+
+ #define SOL_HCI 0
+ #define SOL_L2CAP 6
++#define SOL_SCO 17
++#define SOL_RFCOMM 18
++
++/* Debugging */
++#ifdef CONFIG_BLUEZ_DEBUG
++
++#define HCI_CORE_DEBUG 1
++#define HCI_SOCK_DEBUG 1
++#define HCI_UART_DEBUG 1
++#define HCI_USB_DEBUG 1
++//#define HCI_DATA_DUMP 1
++
++#define L2CAP_DEBUG 1
++#define SCO_DEBUG 1
++#define AF_BLUETOOTH_DEBUG 1
++
++#endif /* CONFIG_BLUEZ_DEBUG */
++
++extern void bluez_dump(char *pref, __u8 *buf, int count);
++
++#if __GNUC__ <= 2 && __GNUC_MINOR__ < 95
++#define __func__ __FUNCTION__
++#endif
++
++#define BT_INFO(fmt, arg...) printk(KERN_INFO fmt "\n" , ## arg)
++#define BT_DBG(fmt, arg...) printk(KERN_INFO "%s: " fmt "\n" , __func__ , ## arg)
++#define BT_ERR(fmt, arg...) printk(KERN_ERR "%s: " fmt "\n" , __func__ , ## arg)
++
++#ifdef HCI_DATA_DUMP
++#define BT_DMP(buf, len) bluez_dump(__func__, buf, len)
++#else
++#define BT_DMP(D...)
++#endif
+
+ /* Connection and socket states */
+ enum {
+@@ -50,6 +96,7 @@
+ BT_BOUND,
+ BT_LISTEN,
+ BT_CONNECT,
++ BT_CONNECT2,
+ BT_CONFIG,
+ BT_DISCONN,
+ BT_CLOSED
+@@ -66,7 +113,8 @@
+ __u8 b[6];
+ } __attribute__((packed)) bdaddr_t;
+
+-#define BDADDR_ANY ((bdaddr_t *)"\000\000\000\000\000")
++#define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}})
++#define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff}})
+
+ /* Copy, swap, convert BD Address */
+ static inline int bacmp(bdaddr_t *ba1, bdaddr_t *ba2)
+@@ -82,6 +130,91 @@
+ char *batostr(bdaddr_t *ba);
+ bdaddr_t *strtoba(char *str);
+
++/* Common socket structures and functions */
++
++#define bluez_pi(sk) ((struct bluez_pinfo *) &sk->protinfo)
++#define bluez_sk(pi) ((struct sock *) \
++ ((void *)pi - (unsigned long)(&((struct sock *)0)->protinfo)))
++
++struct bluez_pinfo {
++ bdaddr_t src;
++ bdaddr_t dst;
++
++ struct list_head accept_q;
++ struct sock *parent;
++};
++
++struct bluez_sock_list {
++ struct sock *head;
++ rwlock_t lock;
++};
++
++int bluez_sock_register(int proto, struct net_proto_family *ops);
++int bluez_sock_unregister(int proto);
++void bluez_sock_init(struct socket *sock, struct sock *sk);
++void bluez_sock_link(struct bluez_sock_list *l, struct sock *s);
++void bluez_sock_unlink(struct bluez_sock_list *l, struct sock *s);
++int bluez_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm);
++uint bluez_sock_poll(struct file * file, struct socket *sock, poll_table *wait);
++int bluez_sock_wait_state(struct sock *sk, int state, unsigned long timeo);
++
++void bluez_accept_enqueue(struct sock *parent, struct sock *sk);
++struct sock * bluez_accept_dequeue(struct sock *parent, struct socket *newsock);
++
++/* Skb helpers */
++struct bluez_skb_cb {
++ int incomming;
++};
++#define bluez_cb(skb) ((struct bluez_skb_cb *)(skb->cb))
++
++static inline struct sk_buff *bluez_skb_alloc(unsigned int len, int how)
++{
++ struct sk_buff *skb;
++
++ if ((skb = alloc_skb(len + BLUEZ_SKB_RESERVE, how))) {
++ skb_reserve(skb, BLUEZ_SKB_RESERVE);
++ bluez_cb(skb)->incomming = 0;
++ }
++ return skb;
++}
++
++static inline struct sk_buff *bluez_skb_send_alloc(struct sock *sk, unsigned long len,
++ int nb, int *err)
++{
++ struct sk_buff *skb;
++
++ if ((skb = sock_alloc_send_skb(sk, len + BLUEZ_SKB_RESERVE, nb, err))) {
++ skb_reserve(skb, BLUEZ_SKB_RESERVE);
++ bluez_cb(skb)->incomming = 0;
++ }
++
++ return skb;
++}
++
++static inline int skb_frags_no(struct sk_buff *skb)
++{
++ register struct sk_buff *frag = skb_shinfo(skb)->frag_list;
++ register int n = 1;
++
++ for (; frag; frag=frag->next, n++);
++ return n;
++}
++
++int hci_core_init(void);
++int hci_core_cleanup(void);
++int hci_sock_init(void);
++int hci_sock_cleanup(void);
++
+ int bterr(__u16 code);
++
++#ifndef MODULE_LICENSE
++#define MODULE_LICENSE(x)
++#endif
++
++#ifndef list_for_each_safe
++#define list_for_each_safe(pos, n, head) \
++ for (pos = (head)->next, n = pos->next; pos != (head); \
++ pos = n, n = pos->next)
++#endif
+
+ #endif /* __BLUETOOTH_H */
+diff -urN linux-2.4.18/include/net/bluetooth/bluez.h linux-2.4.18-mh9/include/net/bluetooth/bluez.h
+--- linux-2.4.18/include/net/bluetooth/bluez.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/bluez.h Thu Jan 1 01:00:00 1970
+@@ -1,124 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * $Id: bluez.h,v 1.4 2001/08/03 04:19:49 maxk Exp $
+- */
+-
+-#ifndef __IF_BLUEZ_H
+-#define __IF_BLUEZ_H
+-
+-#include <net/sock.h>
+-
+-#define BLUEZ_MAX_PROTO 2
+-
+-/* Reserv for core and drivers use */
+-#define BLUEZ_SKB_RESERVE 8
+-
+-#ifndef MIN
+-#define MIN(a,b) ((a) < (b) ? (a) : (b))
+-#endif
+-
+-/* Debugging */
+-#ifdef BLUEZ_DEBUG
+-
+-#define HCI_CORE_DEBUG 1
+-#define HCI_SOCK_DEBUG 1
+-#define HCI_UART_DEBUG 1
+-#define HCI_USB_DEBUG 1
+-//#define HCI_DATA_DUMP 1
+-
+-#define L2CAP_DEBUG 1
+-
+-#endif /* BLUEZ_DEBUG */
+-
+-extern void bluez_dump(char *pref, __u8 *buf, int count);
+-
+-#define INF(fmt, arg...) printk(KERN_INFO fmt "\n" , ## arg)
+-#define DBG(fmt, arg...) printk(KERN_INFO __FUNCTION__ ": " fmt "\n" , ## arg)
+-#define ERR(fmt, arg...) printk(KERN_ERR __FUNCTION__ ": " fmt "\n" , ## arg)
+-
+-#ifdef HCI_DATA_DUMP
+-#define DMP(buf, len) bluez_dump(__FUNCTION__, buf, len)
+-#else
+-#define DMP(D...)
+-#endif
+-
+-/* ----- Sockets ------ */
+-struct bluez_sock_list {
+- struct sock *head;
+- rwlock_t lock;
+-};
+-
+-extern int bluez_sock_register(int proto, struct net_proto_family *ops);
+-extern int bluez_sock_unregister(int proto);
+-
+-extern void bluez_sock_link(struct bluez_sock_list *l, struct sock *s);
+-extern void bluez_sock_unlink(struct bluez_sock_list *l, struct sock *s);
+-
+-/* ----- SKB helpers ----- */
+-struct bluez_skb_cb {
+- int incomming;
+-};
+-#define bluez_cb(skb) ((struct bluez_skb_cb *)(skb->cb))
+-
+-static inline struct sk_buff *bluez_skb_alloc(unsigned int len, int how)
+-{
+- struct sk_buff *skb;
+-
+- if ((skb = alloc_skb(len + BLUEZ_SKB_RESERVE, how))) {
+- skb_reserve(skb, BLUEZ_SKB_RESERVE);
+- bluez_cb(skb)->incomming = 0;
+- }
+- return skb;
+-}
+-
+-static inline struct sk_buff *bluez_skb_send_alloc(struct sock *sk, unsigned long len,
+- int nb, int *err)
+-{
+- struct sk_buff *skb;
+-
+- if ((skb = sock_alloc_send_skb(sk, len + BLUEZ_SKB_RESERVE, nb, err))) {
+- skb_reserve(skb, BLUEZ_SKB_RESERVE);
+- bluez_cb(skb)->incomming = 0;
+- }
+-
+- return skb;
+-}
+-
+-static inline int skb_frags_no(struct sk_buff *skb)
+-{
+- register struct sk_buff *frag = skb_shinfo(skb)->frag_list;
+- register int n = 1;
+-
+- for (; frag; frag=frag->next, n++);
+- return n;
+-}
+-
+-extern int hci_core_init(void);
+-extern int hci_core_cleanup(void);
+-extern int hci_sock_init(void);
+-extern int hci_sock_cleanup(void);
+-
+-#endif /* __IF_BLUEZ_H */
+diff -urN linux-2.4.18/include/net/bluetooth/hci.h linux-2.4.18-mh9/include/net/bluetooth/hci.h
+--- linux-2.4.18/include/net/bluetooth/hci.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/hci.h Mon Aug 25 18:38:12 2003
+@@ -23,59 +23,80 @@
+ */
+
+ /*
+- * $Id: hci.h,v 1.15 2001/08/05 06:02:15 maxk Exp $
++ * $Id: hci.h,v 1.5 2002/06/27 17:29:30 maxk Exp $
+ */
+
+ #ifndef __HCI_H
+ #define __HCI_H
+
+-#include <asm/byteorder.h>
+-
+-#define HCI_MAX_DEV 8
+-#define HCI_MAX_FRAME_SIZE 2048
++#define HCI_MAX_ACL_SIZE 1024
++#define HCI_MAX_SCO_SIZE 255
++#define HCI_MAX_EVENT_SIZE 260
++#define HCI_MAX_FRAME_SIZE (HCI_MAX_ACL_SIZE + 4)
+
+ /* HCI dev events */
+ #define HCI_DEV_REG 1
+ #define HCI_DEV_UNREG 2
+ #define HCI_DEV_UP 3
+ #define HCI_DEV_DOWN 4
++#define HCI_DEV_SUSPEND 5
++#define HCI_DEV_RESUME 6
++
++/* HCI notify events */
++#define HCI_NOTIFY_CONN_ADD 1
++#define HCI_NOTIFY_CONN_DEL 2
++#define HCI_NOTIFY_VOICE_SETTING 3
+
+ /* HCI device types */
+-#define HCI_UART 0
++#define HCI_VHCI 0
+ #define HCI_USB 1
+-#define HCI_VHCI 2
+-
+-/* HCI device modes */
+-#define HCI_NORMAL 0x0001
+-#define HCI_RAW 0x0002
+-#define HCI_MODE_MASK (HCI_NORMAL | HCI_RAW)
+-#define HCI_SOCK 0x1000
+-
+-/* HCI device states */
+-#define HCI_INIT 0x0010
+-#define HCI_UP 0x0020
+-#define HCI_RUNNING 0x0040
++#define HCI_PCCARD 2
++#define HCI_UART 3
++#define HCI_RS232 4
++#define HCI_PCI 5
+
+ /* HCI device flags */
+-#define HCI_PSCAN 0x0100
+-#define HCI_ISCAN 0x0200
+-#define HCI_AUTH 0x0400
++enum {
++ HCI_UP,
++ HCI_INIT,
++ HCI_RUNNING,
++
++ HCI_PSCAN,
++ HCI_ISCAN,
++ HCI_AUTH,
++ HCI_ENCRYPT,
++ HCI_INQUIRY,
++
++ HCI_RAW
++};
+
+-/* HCI Ioctl defines */
++/* HCI ioctl defines */
+ #define HCIDEVUP _IOW('H', 201, int)
+ #define HCIDEVDOWN _IOW('H', 202, int)
+ #define HCIDEVRESET _IOW('H', 203, int)
+-#define HCIRESETSTAT _IOW('H', 204, int)
+-#define HCIGETINFO _IOR('H', 205, int)
+-#define HCIGETDEVLIST _IOR('H', 206, int)
+-#define HCISETRAW _IOW('H', 207, int)
+-#define HCISETSCAN _IOW('H', 208, int)
+-#define HCISETAUTH _IOW('H', 209, int)
+-#define HCIINQUIRY _IOR('H', 210, int)
+-#define HCISETPTYPE _IOW('H', 211, int)
++#define HCIDEVRESTAT _IOW('H', 204, int)
++
++#define HCIGETDEVLIST _IOR('H', 210, int)
++#define HCIGETDEVINFO _IOR('H', 211, int)
+ #define HCIGETCONNLIST _IOR('H', 212, int)
++#define HCIGETCONNINFO _IOR('H', 213, int)
+
+-#ifndef __NO_HCI_DEFS
++#define HCISETRAW _IOW('H', 220, int)
++#define HCISETSCAN _IOW('H', 221, int)
++#define HCISETAUTH _IOW('H', 222, int)
++#define HCISETENCRYPT _IOW('H', 223, int)
++#define HCISETPTYPE _IOW('H', 224, int)
++#define HCISETLINKPOL _IOW('H', 225, int)
++#define HCISETLINKMODE _IOW('H', 226, int)
++#define HCISETACLMTU _IOW('H', 227, int)
++#define HCISETSCOMTU _IOW('H', 228, int)
++
++#define HCIINQUIRY _IOR('H', 240, int)
++
++/* HCI timeouts */
++#define HCI_CONN_TIMEOUT (HZ * 40)
++#define HCI_DISCONN_TIMEOUT (HZ * 2)
++#define HCI_CONN_IDLE_TIMEOUT (HZ * 60)
+
+ /* HCI Packet types */
+ #define HCI_COMMAND_PKT 0x01
+@@ -92,11 +113,18 @@
+ #define HCI_DH3 0x0800
+ #define HCI_DH5 0x8000
+
++#define HCI_HV1 0x0020
++#define HCI_HV2 0x0040
++#define HCI_HV3 0x0080
++
++#define SCO_PTYPE_MASK (HCI_HV1 | HCI_HV2 | HCI_HV3)
++#define ACL_PTYPE_MASK (~SCO_PTYPE_MASK)
++
+ /* ACL flags */
+-#define ACL_CONT 0x0001
+-#define ACL_START 0x0002
+-#define ACL_ACTIVE_BCAST 0x0010
+-#define ACL_PICO_BCAST 0x0020
++#define ACL_CONT 0x01
++#define ACL_START 0x02
++#define ACL_ACTIVE_BCAST 0x04
++#define ACL_PICO_BCAST 0x08
+
+ /* Baseband links */
+ #define SCO_LINK 0x00
+@@ -125,6 +153,20 @@
+ #define LMP_PSCHEME 0x02
+ #define LMP_PCONTROL 0x04
+
++/* Link policies */
++#define HCI_LP_RSWITCH 0x0001
++#define HCI_LP_HOLD 0x0002
++#define HCI_LP_SNIFF 0x0004
++#define HCI_LP_PARK 0x0008
++
++/* Link mode */
++#define HCI_LM_ACCEPT 0x8000
++#define HCI_LM_MASTER 0x0001
++#define HCI_LM_AUTH 0x0002
++#define HCI_LM_ENCRYPT 0x0004
++#define HCI_LM_TRUSTED 0x0008
++#define HCI_LM_RELIABLE 0x0010
++
+ /* ----- HCI Commands ----- */
+ /* OGF & OCF values */
+
+@@ -137,9 +179,10 @@
+ __u8 hci_ver;
+ __u16 hci_rev;
+ __u8 lmp_ver;
+- __u16 man_name;
+- __u16 lmp_sub;
++ __u16 manufacturer;
++ __u16 lmp_subver;
+ } __attribute__ ((packed)) read_local_version_rp;
++#define READ_LOCAL_VERSION_RP_SIZE 9
+
+ #define OCF_READ_LOCAL_FEATURES 0x0003
+ typedef struct {
+@@ -165,18 +208,24 @@
+ /* Host Controller and Baseband */
+ #define OGF_HOST_CTL 0x03
+ #define OCF_RESET 0x0003
++#define OCF_READ_AUTH_ENABLE 0x001F
+ #define OCF_WRITE_AUTH_ENABLE 0x0020
+- #define AUTH_DISABLED 0x00
+- #define AUTH_ENABLED 0x01
++ #define AUTH_DISABLED 0x00
++ #define AUTH_ENABLED 0x01
++
++#define OCF_READ_ENCRYPT_MODE 0x0021
++#define OCF_WRITE_ENCRYPT_MODE 0x0022
++ #define ENCRYPT_DISABLED 0x00
++ #define ENCRYPT_P2P 0x01
++ #define ENCRYPT_BOTH 0x02
+
+ #define OCF_WRITE_CA_TIMEOUT 0x0016
+ #define OCF_WRITE_PG_TIMEOUT 0x0018
+
+ #define OCF_WRITE_SCAN_ENABLE 0x001A
+- #define SCANS_DISABLED 0x00
+- #define IS_ENA_PS_DIS 0x01
+- #define IS_DIS_PS_ENA 0x02
+- #define IS_ENA_PS_ENA 0x03
++ #define SCAN_DISABLED 0x00
++ #define SCAN_INQUIRY 0x01
++ #define SCAN_PAGE 0x02
+
+ #define OCF_SET_EVENT_FLT 0x0005
+ typedef struct {
+@@ -226,9 +275,31 @@
+ } __attribute__ ((packed)) write_class_of_dev_cp;
+ #define WRITE_CLASS_OF_DEV_CP_SIZE 3
+
++#define OCF_READ_VOICE_SETTING 0x0025
++typedef struct {
++ __u8 status;
++ __u16 voice_setting;
++} __attribute__ ((packed)) read_voice_setting_rp;
++#define READ_VOICE_SETTING_RP_SIZE 3
++
++#define OCF_WRITE_VOICE_SETTING 0x0026
++typedef struct {
++ __u16 voice_setting;
++} __attribute__ ((packed)) write_voice_setting_cp;
++#define WRITE_VOICE_SETTING_CP_SIZE 2
++
++#define OCF_HOST_BUFFER_SIZE 0x0033
++typedef struct {
++ __u16 acl_mtu;
++ __u8 sco_mtu;
++ __u16 acl_max_pkt;
++ __u16 sco_max_pkt;
++} __attribute__ ((packed)) host_buffer_size_cp;
++#define HOST_BUFFER_SIZE_CP_SIZE 7
++
+ /* Link Control */
+ #define OGF_LINK_CTL 0x01
+-#define OCF_CREATE_CONN 0x0005
++#define OCF_CREATE_CONN 0x0005
+ typedef struct {
+ bdaddr_t bdaddr;
+ __u16 pkt_type;
+@@ -246,6 +317,13 @@
+ } __attribute__ ((packed)) accept_conn_req_cp;
+ #define ACCEPT_CONN_REQ_CP_SIZE 7
+
++#define OCF_REJECT_CONN_REQ 0x000a
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 reason;
++} __attribute__ ((packed)) reject_conn_req_cp;
++#define REJECT_CONN_REQ_CP_SIZE 7
++
+ #define OCF_DISCONNECT 0x0006
+ typedef struct {
+ __u16 handle;
+@@ -253,17 +331,142 @@
+ } __attribute__ ((packed)) disconnect_cp;
+ #define DISCONNECT_CP_SIZE 3
+
++#define OCF_ADD_SCO 0x0007
++typedef struct {
++ __u16 handle;
++ __u16 pkt_type;
++} __attribute__ ((packed)) add_sco_cp;
++#define ADD_SCO_CP_SIZE 4
++
+ #define OCF_INQUIRY 0x0001
+ typedef struct {
+ __u8 lap[3];
+- __u8 lenght;
++ __u8 length;
+ __u8 num_rsp;
+ } __attribute__ ((packed)) inquiry_cp;
+ #define INQUIRY_CP_SIZE 5
+
+-#define OGF_LINK_POLICY 0x02 /* Link Policy */
++typedef struct {
++ __u8 status;
++ bdaddr_t bdaddr;
++} __attribute__ ((packed)) status_bdaddr_rp;
++#define STATUS_BDADDR_RP_SIZE 7
++
++#define OCF_INQUIRY_CANCEL 0x0002
++
++#define OCF_LINK_KEY_REPLY 0x000B
++#define OCF_LINK_KEY_NEG_REPLY 0x000C
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 link_key[16];
++} __attribute__ ((packed)) link_key_reply_cp;
++#define LINK_KEY_REPLY_CP_SIZE 22
++
++#define OCF_PIN_CODE_REPLY 0x000D
++#define OCF_PIN_CODE_NEG_REPLY 0x000E
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 pin_len;
++ __u8 pin_code[16];
++} __attribute__ ((packed)) pin_code_reply_cp;
++#define PIN_CODE_REPLY_CP_SIZE 23
++
++#define OCF_CHANGE_CONN_PTYPE 0x000F
++typedef struct {
++ __u16 handle;
++ __u16 pkt_type;
++} __attribute__ ((packed)) change_conn_ptype_cp;
++#define CHANGE_CONN_PTYPE_CP_SIZE 4
++
++#define OCF_AUTH_REQUESTED 0x0011
++typedef struct {
++ __u16 handle;
++} __attribute__ ((packed)) auth_requested_cp;
++#define AUTH_REQUESTED_CP_SIZE 2
++
++#define OCF_SET_CONN_ENCRYPT 0x0013
++typedef struct {
++ __u16 handle;
++ __u8 encrypt;
++} __attribute__ ((packed)) set_conn_encrypt_cp;
++#define SET_CONN_ENCRYPT_CP_SIZE 3
++
++#define OCF_REMOTE_NAME_REQ 0x0019
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 pscan_rep_mode;
++ __u8 pscan_mode;
++ __u16 clock_offset;
++} __attribute__ ((packed)) remote_name_req_cp;
++#define REMOTE_NAME_REQ_CP_SIZE 10
++
++#define OCF_READ_REMOTE_FEATURES 0x001B
++typedef struct {
++ __u16 handle;
++} __attribute__ ((packed)) read_remote_features_cp;
++#define READ_REMOTE_FEATURES_CP_SIZE 2
++
++#define OCF_READ_REMOTE_VERSION 0x001D
++typedef struct {
++ __u16 handle;
++} __attribute__ ((packed)) read_remote_version_cp;
++#define READ_REMOTE_VERSION_CP_SIZE 2
++
++/* Link Policy */
++#define OGF_LINK_POLICY 0x02
++#define OCF_ROLE_DISCOVERY 0x0009
++typedef struct {
++ __u16 handle;
++} __attribute__ ((packed)) role_discovery_cp;
++#define ROLE_DISCOVERY_CP_SIZE 2
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ __u8 role;
++} __attribute__ ((packed)) role_discovery_rp;
++#define ROLE_DISCOVERY_RP_SIZE 4
+
+-/* --------- HCI Events --------- */
++#define OCF_READ_LINK_POLICY 0x000C
++typedef struct {
++ __u16 handle;
++} __attribute__ ((packed)) read_link_policy_cp;
++#define READ_LINK_POLICY_CP_SIZE 2
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ __u16 policy;
++} __attribute__ ((packed)) read_link_policy_rp;
++#define READ_LINK_POLICY_RP_SIZE 5
++
++#define OCF_SWITCH_ROLE 0x000B
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 role;
++} __attribute__ ((packed)) switch_role_cp;
++#define SWITCH_ROLE_CP_SIZE 7
++
++#define OCF_WRITE_LINK_POLICY 0x000D
++typedef struct {
++ __u16 handle;
++ __u16 policy;
++} __attribute__ ((packed)) write_link_policy_cp;
++#define WRITE_LINK_POLICY_CP_SIZE 4
++typedef struct {
++ __u8 status;
++ __u16 handle;
++} __attribute__ ((packed)) write_link_policy_rp;
++#define WRITE_LINK_POLICY_RP_SIZE 3
++
++/* Status params */
++#define OGF_STATUS_PARAM 0x05
++
++/* Testing commands */
++#define OGF_TESTING_CMD 0x3e
++
++/* Vendor specific commands */
++#define OGF_VENDOR_CMD 0x3f
++
++/* ---- HCI Events ---- */
+ #define EVT_INQUIRY_COMPLETE 0x01
+
+ #define EVT_INQUIRY_RESULT 0x02
+@@ -272,7 +475,7 @@
+ __u8 pscan_rep_mode;
+ __u8 pscan_period_mode;
+ __u8 pscan_mode;
+- __u8 class[3];
++ __u8 dev_class[3];
+ __u16 clock_offset;
+ } __attribute__ ((packed)) inquiry_info;
+ #define INQUIRY_INFO_SIZE 14
+@@ -303,6 +506,44 @@
+ } __attribute__ ((packed)) evt_disconn_complete;
+ #define EVT_DISCONN_COMPLETE_SIZE 4
+
++#define EVT_AUTH_COMPLETE 0x06
++typedef struct {
++ __u8 status;
++ __u16 handle;
++} __attribute__ ((packed)) evt_auth_complete;
++#define EVT_AUTH_COMPLETE_SIZE 3
++
++#define EVT_REMOTE_NAME_REQ_COMPLETE 0x07
++typedef struct {
++ __u8 status;
++ bdaddr_t bdaddr;
++ __u8 name[248];
++} __attribute__ ((packed)) evt_remote_name_req_complete;
++#define EVT_REMOTE_NAME_REQ_COMPLETE_SIZE 255
++
++#define EVT_ENCRYPT_CHANGE 0x08
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ __u8 encrypt;
++} __attribute__ ((packed)) evt_encrypt_change;
++#define EVT_ENCRYPT_CHANGE_SIZE 5
++
++#define EVT_QOS_SETUP_COMPLETE 0x0D
++typedef struct {
++ __u8 service_type;
++ __u32 token_rate;
++ __u32 peak_bandwidth;
++ __u32 latency;
++ __u32 delay_variation;
++} __attribute__ ((packed)) hci_qos;
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ hci_qos qos;
++} __attribute__ ((packed)) evt_qos_setup_complete;
++#define EVT_QOS_SETUP_COMPLETE_SIZE 20
++
+ #define EVT_CMD_COMPLETE 0x0e
+ typedef struct {
+ __u8 ncmd;
+@@ -321,16 +562,78 @@
+ #define EVT_NUM_COMP_PKTS 0x13
+ typedef struct {
+ __u8 num_hndl;
+- /* variable lenght part */
++ /* variable length part */
+ } __attribute__ ((packed)) evt_num_comp_pkts;
+ #define EVT_NUM_COMP_PKTS_SIZE 1
+
+-#define EVT_HCI_DEV_EVENT 0xfd
++#define EVT_ROLE_CHANGE 0x12
++typedef struct {
++ __u8 status;
++ bdaddr_t bdaddr;
++ __u8 role;
++} __attribute__ ((packed)) evt_role_change;
++#define EVT_ROLE_CHANGE_SIZE 8
++
++#define EVT_PIN_CODE_REQ 0x16
++typedef struct {
++ bdaddr_t bdaddr;
++} __attribute__ ((packed)) evt_pin_code_req;
++#define EVT_PIN_CODE_REQ_SIZE 6
++
++#define EVT_LINK_KEY_REQ 0x17
++typedef struct {
++ bdaddr_t bdaddr;
++} __attribute__ ((packed)) evt_link_key_req;
++#define EVT_LINK_KEY_REQ_SIZE 6
++
++#define EVT_LINK_KEY_NOTIFY 0x18
++typedef struct {
++ bdaddr_t bdaddr;
++ __u8 link_key[16];
++ __u8 key_type;
++} __attribute__ ((packed)) evt_link_key_notify;
++#define EVT_LINK_KEY_NOTIFY_SIZE 23
++
++#define EVT_READ_REMOTE_FEATURES_COMPLETE 0x0B
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ __u8 features[8];
++} __attribute__ ((packed)) evt_read_remote_features_complete;
++#define EVT_READ_REMOTE_FEATURES_COMPLETE_SIZE 11
++
++#define EVT_READ_REMOTE_VERSION_COMPLETE 0x0C
++typedef struct {
++ __u8 status;
++ __u16 handle;
++ __u8 lmp_ver;
++ __u16 manufacturer;
++ __u16 lmp_subver;
++} __attribute__ ((packed)) evt_read_remote_version_complete;
++#define EVT_READ_REMOTE_VERSION_COMPLETE_SIZE 8
++
++/* Internal events generated by BlueZ stack */
++#define EVT_STACK_INTERNAL 0xfd
++typedef struct {
++ __u16 type;
++ __u8 data[0];
++} __attribute__ ((packed)) evt_stack_internal;
++#define EVT_STACK_INTERNAL_SIZE 2
++
++#define EVT_SI_DEVICE 0x01
++typedef struct {
++ __u16 event;
++ __u16 dev_id;
++} __attribute__ ((packed)) evt_si_device;
++#define EVT_SI_DEVICE_SIZE 4
++
++#define EVT_SI_SECURITY 0x02
+ typedef struct {
+ __u16 event;
+- __u16 param;
+-} __attribute__ ((packed)) evt_hci_dev_event;
+-#define EVT_HCI_DEV_EVENT_SIZE 4
++ __u16 proto;
++ __u16 subproto;
++ __u8 incomming;
++} __attribute__ ((packed)) evt_si_security;
+
+ /* -------- HCI Packet structures -------- */
+ #define HCI_TYPE_LEN 1
+@@ -369,14 +672,14 @@
+ #define acl_handle(h) (h & 0x0fff)
+ #define acl_flags(h) (h >> 12)
+
+-#endif /* _NO_HCI_DEFS */
+-
+ /* HCI Socket options */
+-#define HCI_DATA_DIR 0x0001
+-#define HCI_FILTER 0x0002
++#define HCI_DATA_DIR 1
++#define HCI_FILTER 2
++#define HCI_TIME_STAMP 3
+
+ /* HCI CMSG flags */
+ #define HCI_CMSG_DIR 0x0001
++#define HCI_CMSG_TSTAMP 0x0002
+
+ struct sockaddr_hci {
+ sa_family_t hci_family;
+@@ -387,27 +690,29 @@
+ struct hci_filter {
+ __u32 type_mask;
+ __u32 event_mask[2];
++ __u16 opcode;
+ };
+
+-struct hci_dev_req {
+- __u16 dev_id;
+- __u32 dev_opt;
+-};
+-
+-struct hci_dev_list_req {
+- __u16 dev_num;
+- struct hci_dev_req dev_req[0]; /* hci_dev_req structures */
+-};
+-
+-struct hci_inquiry_req {
+- __u16 dev_id;
+- __u16 flags;
+- __u8 lap[3];
+- __u8 length;
+- __u8 num_rsp;
+-};
+-#define IREQ_CACHE_FLUSH 0x0001
++#define HCI_FLT_TYPE_BITS 31
++#define HCI_FLT_EVENT_BITS 63
++#define HCI_FLT_OGF_BITS 63
++#define HCI_FLT_OCF_BITS 127
++
++#if BITS_PER_LONG == 64
++static inline void hci_set_bit(int nr, void *addr)
++{
++ *((__u32 *) addr + (nr >> 5)) |= ((__u32) 1 << (nr & 31));
++}
++static inline int hci_test_bit(int nr, void *addr)
++{
++ return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
++}
++#else
++#define hci_set_bit set_bit
++#define hci_test_bit test_bit
++#endif
+
++/* Ioctl requests structures */
+ struct hci_dev_stats {
+ __u32 err_rx;
+ __u32 err_tx;
+@@ -433,11 +738,13 @@
+ __u8 features[8];
+
+ __u32 pkt_type;
++ __u32 link_policy;
++ __u32 link_mode;
+
+ __u16 acl_mtu;
+- __u16 acl_max;
++ __u16 acl_pkts;
+ __u16 sco_mtu;
+- __u16 sco_max;
++ __u16 sco_pkts;
+
+ struct hci_dev_stats stat;
+ };
+@@ -445,12 +752,48 @@
+ struct hci_conn_info {
+ __u16 handle;
+ bdaddr_t bdaddr;
++ __u8 type;
++ __u8 out;
++ __u16 state;
++ __u32 link_mode;
++};
++
++struct hci_dev_req {
++ __u16 dev_id;
++ __u32 dev_opt;
++};
++
++struct hci_dev_list_req {
++ __u16 dev_num;
++ struct hci_dev_req dev_req[0]; /* hci_dev_req structures */
+ };
+
+ struct hci_conn_list_req {
+ __u16 dev_id;
+ __u16 conn_num;
+ struct hci_conn_info conn_info[0];
++};
++
++struct hci_conn_info_req {
++ bdaddr_t bdaddr;
++ __u8 type;
++ struct hci_conn_info conn_info[0];
++};
++
++struct hci_inquiry_req {
++ __u16 dev_id;
++ __u16 flags;
++ __u8 lap[3];
++ __u8 length;
++ __u8 num_rsp;
++};
++#define IREQ_CACHE_FLUSH 0x0001
++
++struct hci_remotename_req {
++ __u16 dev_id;
++ __u16 flags;
++ bdaddr_t bdaddr;
++ __u8 name[248];
+ };
+
+ #endif /* __HCI_H */
+diff -urN linux-2.4.18/include/net/bluetooth/hci_core.h linux-2.4.18-mh9/include/net/bluetooth/hci_core.h
+--- linux-2.4.18/include/net/bluetooth/hci_core.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/hci_core.h Mon Aug 25 18:38:12 2003
+@@ -23,7 +23,7 @@
+ */
+
+ /*
+- * $Id: hci_core.h,v 1.11 2001/08/05 06:02:15 maxk Exp $
++ * $Id: hci_core.h,v 1.5 2002/06/27 04:56:30 maxk Exp $
+ */
+
+ #ifndef __HCI_CORE_H
+@@ -32,14 +32,12 @@
+ #include <net/bluetooth/hci.h>
+
+ /* HCI upper protocols */
+-#define HCI_MAX_PROTO 1
+ #define HCI_PROTO_L2CAP 0
++#define HCI_PROTO_SCO 1
+
+ #define HCI_INIT_TIMEOUT (HZ * 10)
+
+-/* ----- Inquiry cache ----- */
+-#define INQUIRY_CACHE_AGE_MAX (HZ*5) // 5 seconds
+-#define INQUIRY_ENTRY_AGE_MAX (HZ*60) // 60 seconds
++/* HCI Core structures */
+
+ struct inquiry_entry {
+ struct inquiry_entry *next;
+@@ -53,111 +51,182 @@
+ struct inquiry_entry *list;
+ };
+
+-static inline void inquiry_cache_init(struct inquiry_cache *cache)
+-{
+- spin_lock_init(&cache->lock);
+- cache->list = NULL;
+-}
++struct conn_hash {
++ struct list_head list;
++ spinlock_t lock;
++ unsigned int num;
++};
+
+-static inline void inquiry_cache_lock(struct inquiry_cache *cache)
+-{
+- spin_lock(&cache->lock);
+-}
++struct hci_dev {
++ struct list_head list;
++ spinlock_t lock;
++ atomic_t refcnt;
+
+-static inline void inquiry_cache_unlock(struct inquiry_cache *cache)
+-{
+- spin_unlock(&cache->lock);
+-}
++ char name[8];
++ unsigned long flags;
++ __u16 id;
++ __u8 type;
++ bdaddr_t bdaddr;
++ __u8 features[8];
++ __u16 voice_setting;
+
+-static inline void inquiry_cache_lock_bh(struct inquiry_cache *cache)
+-{
+- spin_lock_bh(&cache->lock);
+-}
++ __u16 pkt_type;
++ __u16 link_policy;
++ __u16 link_mode;
+
+-static inline void inquiry_cache_unlock_bh(struct inquiry_cache *cache)
+-{
+- spin_unlock_bh(&cache->lock);
+-}
++ atomic_t cmd_cnt;
++ unsigned int acl_cnt;
++ unsigned int sco_cnt;
+
+-static inline long inquiry_cache_age(struct inquiry_cache *cache)
+-{
+- return jiffies - cache->timestamp;
+-}
++ unsigned int acl_mtu;
++ unsigned int sco_mtu;
++ unsigned int acl_pkts;
++ unsigned int sco_pkts;
+
+-static inline long inquiry_entry_age(struct inquiry_entry *e)
+-{
+- return jiffies - e->timestamp;
+-}
+-extern void inquiry_cache_flush(struct inquiry_cache *cache);
++ unsigned long cmd_last_tx;
++ unsigned long acl_last_tx;
++ unsigned long sco_last_tx;
++
++ struct tasklet_struct cmd_task;
++ struct tasklet_struct rx_task;
++ struct tasklet_struct tx_task;
+
+-struct hci_dev;
++ struct sk_buff_head rx_q;
++ struct sk_buff_head raw_q;
++ struct sk_buff_head cmd_q;
++
++ struct sk_buff *sent_cmd;
++
++ struct semaphore req_lock;
++ wait_queue_head_t req_wait_q;
++ __u32 req_status;
++ __u32 req_result;
++
++ struct inquiry_cache inq_cache;
++ struct conn_hash conn_hash;
++
++ struct hci_dev_stats stat;
++
++ void *driver_data;
++ void *core_data;
++
++ atomic_t promisc;
++
++ int (*open)(struct hci_dev *hdev);
++ int (*close)(struct hci_dev *hdev);
++ int (*flush)(struct hci_dev *hdev);
++ int (*send)(struct sk_buff *skb);
++ void (*destruct)(struct hci_dev *hdev);
++ void (*notify)(struct hci_dev *hdev, unsigned int evt, unsigned long arg);
++ int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg);
++};
+
+-/* ----- HCI Connections ----- */
+ struct hci_conn {
+ struct list_head list;
++
++ atomic_t refcnt;
++ spinlock_t lock;
++
+ bdaddr_t dst;
+ __u16 handle;
++ __u16 state;
+ __u8 type;
+- unsigned int sent;
++ __u8 out;
++ __u32 link_mode;
++ unsigned long pend;
++
++ unsigned int sent;
++
++ struct sk_buff_head data_q;
+
++ struct timer_list timer;
++
+ struct hci_dev *hdev;
+ void *l2cap_data;
++ void *sco_data;
+ void *priv;
+
+- struct sk_buff_head data_q;
++ struct hci_conn *link;
+ };
+
+-struct conn_hash {
+- struct list_head list;
+- spinlock_t lock;
+- unsigned int num;
+-};
++extern struct hci_proto *hci_proto[];
++extern struct list_head hdev_list;
++extern rwlock_t hdev_list_lock;
++
++/* ----- Inquiry cache ----- */
++#define INQUIRY_CACHE_AGE_MAX (HZ*30) // 30 seconds
++#define INQUIRY_ENTRY_AGE_MAX (HZ*60) // 60 seconds
++
++#define inquiry_cache_lock(c) spin_lock(&c->lock)
++#define inquiry_cache_unlock(c) spin_unlock(&c->lock)
++#define inquiry_cache_lock_bh(c) spin_lock_bh(&c->lock)
++#define inquiry_cache_unlock_bh(c) spin_unlock_bh(&c->lock)
+
+-static inline void conn_hash_init(struct conn_hash *h)
++static inline void inquiry_cache_init(struct hci_dev *hdev)
+ {
+- INIT_LIST_HEAD(&h->list);
+- spin_lock_init(&h->lock);
+- h->num = 0;
++ struct inquiry_cache *c = &hdev->inq_cache;
++ spin_lock_init(&c->lock);
++ c->list = NULL;
+ }
+
+-static inline void conn_hash_lock(struct conn_hash *h)
++static inline long inquiry_cache_age(struct hci_dev *hdev)
+ {
+- spin_lock(&h->lock);
++ struct inquiry_cache *c = &hdev->inq_cache;
++ return jiffies - c->timestamp;
+ }
+
+-static inline void conn_hash_unlock(struct conn_hash *h)
++static inline long inquiry_entry_age(struct inquiry_entry *e)
+ {
+- spin_unlock(&h->lock);
++ return jiffies - e->timestamp;
+ }
+
+-static inline void __conn_hash_add(struct conn_hash *h, __u16 handle, struct hci_conn *c)
++struct inquiry_entry *inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr);
++void inquiry_cache_update(struct hci_dev *hdev, inquiry_info *info);
++void inquiry_cache_flush(struct hci_dev *hdev);
++int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf);
++
++/* ----- HCI Connections ----- */
++enum {
++ HCI_CONN_AUTH_PEND,
++ HCI_CONN_ENCRYPT_PEND
++};
++
++#define hci_conn_lock(c) spin_lock(&c->lock)
++#define hci_conn_unlock(c) spin_unlock(&c->lock)
++#define hci_conn_lock_bh(c) spin_lock_bh(&c->lock)
++#define hci_conn_unlock_bh(c) spin_unlock_bh(&c->lock)
++
++#define conn_hash_lock(d) spin_lock(&d->conn_hash->lock)
++#define conn_hash_unlock(d) spin_unlock(&d->conn_hash->lock)
++#define conn_hash_lock_bh(d) spin_lock_bh(&d->conn_hash->lock)
++#define conn_hash_unlock_bh(d) spin_unlock_bh(&d->conn_hash->lock)
++
++static inline void conn_hash_init(struct hci_dev *hdev)
+ {
+- list_add(&c->list, &h->list);
+- h->num++;
++ struct conn_hash *h = &hdev->conn_hash;
++ INIT_LIST_HEAD(&h->list);
++ spin_lock_init(&h->lock);
++ h->num = 0;
+ }
+
+-static inline void conn_hash_add(struct conn_hash *h, __u16 handle, struct hci_conn *c)
++static inline void conn_hash_add(struct hci_dev *hdev, struct hci_conn *c)
+ {
+- conn_hash_lock(h);
+- __conn_hash_add(h, handle, c);
+- conn_hash_unlock(h);
++ struct conn_hash *h = &hdev->conn_hash;
++ list_add(&c->list, &h->list);
++ h->num++;
+ }
+
+-static inline void __conn_hash_del(struct conn_hash *h, struct hci_conn *c)
++static inline void conn_hash_del(struct hci_dev *hdev, struct hci_conn *c)
+ {
++ struct conn_hash *h = &hdev->conn_hash;
+ list_del(&c->list);
+ h->num--;
+ }
+
+-static inline void conn_hash_del(struct conn_hash *h, struct hci_conn *c)
+-{
+- conn_hash_lock(h);
+- __conn_hash_del(h, c);
+- conn_hash_unlock(h);
+-}
+-
+-static inline struct hci_conn *__conn_hash_lookup(struct conn_hash *h, __u16 handle)
++static inline struct hci_conn *conn_hash_lookup_handle(struct hci_dev *hdev,
++ __u16 handle)
+ {
++ register struct conn_hash *h = &hdev->conn_hash;
+ register struct list_head *p;
+ register struct hci_conn *c;
+
+@@ -169,101 +238,95 @@
+ return NULL;
+ }
+
+-static inline struct hci_conn *conn_hash_lookup(struct conn_hash *h, __u16 handle)
++static inline struct hci_conn *conn_hash_lookup_ba(struct hci_dev *hdev,
++ __u8 type, bdaddr_t *ba)
+ {
+- struct hci_conn *conn;
++ register struct conn_hash *h = &hdev->conn_hash;
++ register struct list_head *p;
++ register struct hci_conn *c;
+
+- conn_hash_lock(h);
+- conn = __conn_hash_lookup(h, handle);
+- conn_hash_unlock(h);
+- return conn;
++ list_for_each(p, &h->list) {
++ c = list_entry(p, struct hci_conn, list);
++ if (c->type == type && !bacmp(&c->dst, ba))
++ return c;
++ }
++ return NULL;
+ }
+
+-/* ----- HCI Devices ----- */
+-struct hci_dev {
+- atomic_t refcnt;
+-
+- char name[8];
+- __u32 flags;
+- __u16 id;
+- __u8 type;
+- bdaddr_t bdaddr;
+- __u8 features[8];
+-
+- __u16 pkt_type;
+-
+- atomic_t cmd_cnt;
+- unsigned int acl_cnt;
+- unsigned int sco_cnt;
+-
+- unsigned int acl_mtu;
+- unsigned int sco_mtu;
+- unsigned int acl_max;
+- unsigned int sco_max;
+-
+- void *driver_data;
+- void *l2cap_data;
+- void *priv;
+-
+- struct tasklet_struct cmd_task;
+- struct tasklet_struct rx_task;
+- struct tasklet_struct tx_task;
+-
+- struct sk_buff_head rx_q;
+- struct sk_buff_head raw_q;
+- struct sk_buff_head cmd_q;
+-
+- struct sk_buff *sent_cmd;
+-
+- struct semaphore req_lock;
+- wait_queue_head_t req_wait_q;
+- __u32 req_status;
+- __u32 req_result;
+-
+- struct inquiry_cache inq_cache;
++void hci_acl_connect(struct hci_conn *conn);
++void hci_acl_disconn(struct hci_conn *conn, __u8 reason);
++void hci_add_sco(struct hci_conn *conn, __u16 handle);
+
+- struct conn_hash conn_hash;
++struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst);
++int hci_conn_del(struct hci_conn *conn);
++void hci_conn_hash_flush(struct hci_dev *hdev);
+
+- struct hci_dev_stats stat;
++struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *src);
++int hci_conn_auth(struct hci_conn *conn);
++int hci_conn_encrypt(struct hci_conn *conn);
+
+- int (*open)(struct hci_dev *hdev);
+- int (*close)(struct hci_dev *hdev);
+- int (*flush)(struct hci_dev *hdev);
+- int (*send)(struct sk_buff *skb);
+-};
++static inline void hci_conn_set_timer(struct hci_conn *conn, long timeout)
++{
++ mod_timer(&conn->timer, jiffies + timeout);
++}
+
+-static inline void hci_dev_hold(struct hci_dev *hdev)
++static inline void hci_conn_del_timer(struct hci_conn *conn)
+ {
+- atomic_inc(&hdev->refcnt);
++ del_timer(&conn->timer);
+ }
+
+-static inline void hci_dev_put(struct hci_dev *hdev)
++static inline void hci_conn_hold(struct hci_conn *conn)
+ {
+- atomic_dec(&hdev->refcnt);
++ atomic_inc(&conn->refcnt);
++ hci_conn_del_timer(conn);
+ }
+
+-extern struct hci_dev *hci_dev_get(int index);
+-extern int hci_register_dev(struct hci_dev *hdev);
+-extern int hci_unregister_dev(struct hci_dev *hdev);
+-extern int hci_dev_open(__u16 dev);
+-extern int hci_dev_close(__u16 dev);
+-extern int hci_dev_reset(__u16 dev);
+-extern int hci_dev_reset_stat(__u16 dev);
+-extern int hci_dev_info(unsigned long arg);
+-extern int hci_dev_list(unsigned long arg);
+-extern int hci_dev_setscan(unsigned long arg);
+-extern int hci_dev_setauth(unsigned long arg);
+-extern int hci_dev_setptype(unsigned long arg);
+-extern int hci_conn_list(unsigned long arg);
+-extern int hci_inquiry(unsigned long arg);
++static inline void hci_conn_put(struct hci_conn *conn)
++{
++ if (atomic_dec_and_test(&conn->refcnt)) {
++ if (conn->type == SCO_LINK)
++ hci_conn_set_timer(conn, HZ / 100);
++ else if (conn->out)
++ hci_conn_set_timer(conn, HCI_DISCONN_TIMEOUT);
++ }
++}
+
+-extern __u32 hci_dev_setmode(struct hci_dev *hdev, __u32 mode);
+-extern __u32 hci_dev_getmode(struct hci_dev *hdev);
++/* ----- HCI Devices ----- */
++static inline void hci_dev_put(struct hci_dev *d)
++{
++ if (atomic_dec_and_test(&d->refcnt))
++ d->destruct(d);
++}
++#define hci_dev_hold(d) atomic_inc(&d->refcnt)
++
++#define hci_dev_lock(d) spin_lock(&d->lock)
++#define hci_dev_unlock(d) spin_unlock(&d->lock)
++#define hci_dev_lock_bh(d) spin_lock_bh(&d->lock)
++#define hci_dev_unlock_bh(d) spin_unlock_bh(&d->lock)
++
++struct hci_dev *hci_dev_get(int index);
++struct hci_dev *hci_get_route(bdaddr_t *src, bdaddr_t *dst);
++int hci_register_dev(struct hci_dev *hdev);
++int hci_unregister_dev(struct hci_dev *hdev);
++int hci_suspend_dev(struct hci_dev *hdev);
++int hci_resume_dev(struct hci_dev *hdev);
++int hci_dev_open(__u16 dev);
++int hci_dev_close(__u16 dev);
++int hci_dev_reset(__u16 dev);
++int hci_dev_reset_stat(__u16 dev);
++int hci_dev_cmd(unsigned int cmd, unsigned long arg);
++int hci_get_dev_list(unsigned long arg);
++int hci_get_dev_info(unsigned long arg);
++int hci_get_conn_list(unsigned long arg);
++int hci_get_conn_info(struct hci_dev *hdev, unsigned long arg);
++int hci_inquiry(unsigned long arg);
+
+-extern int hci_recv_frame(struct sk_buff *skb);
++int hci_recv_frame(struct sk_buff *skb);
++void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb);
+
+ /* ----- LMP capabilities ----- */
+ #define lmp_rswitch_capable(dev) (dev->features[0] & LMP_RSWITCH)
++#define lmp_encrypt_capable(dev) (dev->features[0] & LMP_ENCRYPT)
+
+ /* ----- HCI tasks ----- */
+ static inline void hci_sched_cmd(struct hci_dev *hdev)
+@@ -284,43 +347,130 @@
+ /* ----- HCI protocols ----- */
+ struct hci_proto {
+ char *name;
+- __u32 id;
+- __u32 flags;
++ unsigned int id;
++ unsigned long flags;
+
+ void *priv;
+
+- int (*connect_ind) (struct hci_dev *hdev, bdaddr_t *bdaddr);
+- int (*connect_cfm) (struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 status, struct hci_conn *conn);
++ int (*connect_ind) (struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type);
++ int (*connect_cfm) (struct hci_conn *conn, __u8 status);
+ int (*disconn_ind) (struct hci_conn *conn, __u8 reason);
+- int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb , __u16 flags);
++ int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb, __u16 flags);
+ int (*recv_scodata) (struct hci_conn *conn, struct sk_buff *skb);
++ int (*auth_cfm) (struct hci_conn *conn, __u8 status);
++ int (*encrypt_cfm) (struct hci_conn *conn, __u8 status);
+ };
+
+-extern int hci_register_proto(struct hci_proto *hproto);
+-extern int hci_unregister_proto(struct hci_proto *hproto);
+-extern int hci_register_notifier(struct notifier_block *nb);
+-extern int hci_unregister_notifier(struct notifier_block *nb);
+-extern int hci_connect(struct hci_dev * hdev, bdaddr_t * bdaddr);
+-extern int hci_disconnect(struct hci_conn *conn, __u8 reason);
+-extern int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void * param);
+-extern int hci_send_raw(struct sk_buff *skb);
+-extern int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags);
+-extern int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb);
++static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
++{
++ register struct hci_proto *hp;
++ int mask = 0;
++
++ hp = hci_proto[HCI_PROTO_L2CAP];
++ if (hp && hp->connect_ind)
++ mask |= hp->connect_ind(hdev, bdaddr, type);
++
++ hp = hci_proto[HCI_PROTO_SCO];
++ if (hp && hp->connect_ind)
++ mask |= hp->connect_ind(hdev, bdaddr, type);
++
++ return mask;
++}
++
++static inline void hci_proto_connect_cfm(struct hci_conn *conn, __u8 status)
++{
++ register struct hci_proto *hp;
++
++ hp = hci_proto[HCI_PROTO_L2CAP];
++ if (hp && hp->connect_cfm)
++ hp->connect_cfm(conn, status);
++
++ hp = hci_proto[HCI_PROTO_SCO];
++ if (hp && hp->connect_cfm)
++ hp->connect_cfm(conn, status);
++}
++
++static inline void hci_proto_disconn_ind(struct hci_conn *conn, __u8 reason)
++{
++ register struct hci_proto *hp;
++
++ hp = hci_proto[HCI_PROTO_L2CAP];
++ if (hp && hp->disconn_ind)
++ hp->disconn_ind(conn, reason);
++
++ hp = hci_proto[HCI_PROTO_SCO];
++ if (hp && hp->disconn_ind)
++ hp->disconn_ind(conn, reason);
++}
++
++static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status)
++{
++ register struct hci_proto *hp;
++
++ hp = hci_proto[HCI_PROTO_L2CAP];
++ if (hp && hp->auth_cfm)
++ hp->auth_cfm(conn, status);
++
++ hp = hci_proto[HCI_PROTO_SCO];
++ if (hp && hp->auth_cfm)
++ hp->auth_cfm(conn, status);
++}
++
++static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status)
++{
++ register struct hci_proto *hp;
++
++ hp = hci_proto[HCI_PROTO_L2CAP];
++ if (hp && hp->encrypt_cfm)
++ hp->encrypt_cfm(conn, status);
++
++ hp = hci_proto[HCI_PROTO_SCO];
++ if (hp && hp->encrypt_cfm)
++ hp->encrypt_cfm(conn, status);
++}
++
++int hci_register_proto(struct hci_proto *hproto);
++int hci_unregister_proto(struct hci_proto *hproto);
++int hci_register_notifier(struct notifier_block *nb);
++int hci_unregister_notifier(struct notifier_block *nb);
++
++int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void *param);
++int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags);
++int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb);
++
++void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 ogf, __u16 ocf);
++
++void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data);
+
+ /* ----- HCI Sockets ----- */
+-extern void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb);
++void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb);
+
+ /* HCI info for socket */
+-#define hci_pi(sk) ((struct hci_pinfo *) &sk->protinfo)
++#define hci_pi(sk) ((struct hci_pinfo *) &sk->tp_pinfo)
+ struct hci_pinfo {
+ struct hci_dev *hdev;
+ struct hci_filter filter;
+ __u32 cmsg_mask;
+ };
+
++/* HCI security filter */
++#define HCI_SFLT_MAX_OGF 5
++
++struct hci_sec_filter {
++ __u32 type_mask;
++ __u32 event_mask[2];
++ __u32 ocf_mask[HCI_SFLT_MAX_OGF + 1][4];
++};
++
+ /* ----- HCI requests ----- */
+ #define HCI_REQ_DONE 0
+ #define HCI_REQ_PEND 1
+ #define HCI_REQ_CANCELED 2
++
++#define hci_req_lock(d) down(&d->req_lock)
++#define hci_req_unlock(d) up(&d->req_lock)
++
++void hci_req_complete(struct hci_dev *hdev, int result);
++void hci_req_cancel(struct hci_dev *hdev, int err);
+
+ #endif /* __HCI_CORE_H */
+diff -urN linux-2.4.18/include/net/bluetooth/hci_uart.h linux-2.4.18-mh9/include/net/bluetooth/hci_uart.h
+--- linux-2.4.18/include/net/bluetooth/hci_uart.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/hci_uart.h Thu Jan 1 01:00:00 1970
+@@ -1,62 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * $Id: hci_uart.h,v 1.2 2001/06/02 01:40:08 maxk Exp $
+- */
+-
+-#ifndef N_HCI
+-#define N_HCI 15
+-#endif
+-
+-#ifdef __KERNEL__
+-
+-#define tty2n_hci(tty) ((struct n_hci *)((tty)->disc_data))
+-#define n_hci2tty(n_hci) ((n_hci)->tty)
+-
+-struct n_hci {
+- struct tty_struct *tty;
+- struct hci_dev hdev;
+-
+- struct sk_buff_head txq;
+- unsigned long tx_state;
+-
+- spinlock_t rx_lock;
+- unsigned long rx_state;
+- unsigned long rx_count;
+- struct sk_buff *rx_skb;
+-};
+-
+-/* Transmit states */
+-#define TRANS_SENDING 1
+-#define TRANS_WAKEUP 2
+-
+-/* Receiver States */
+-#define WAIT_PACKET_TYPE 0
+-#define WAIT_EVENT_HDR 1
+-#define WAIT_ACL_HDR 2
+-#define WAIT_SCO_HDR 3
+-#define WAIT_DATA 4
+-
+-#endif /* __KERNEL__ */
+diff -urN linux-2.4.18/include/net/bluetooth/hci_usb.h linux-2.4.18-mh9/include/net/bluetooth/hci_usb.h
+--- linux-2.4.18/include/net/bluetooth/hci_usb.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/hci_usb.h Thu Jan 1 01:00:00 1970
+@@ -1,68 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * $Id: hci_usb.h,v 1.3 2001/06/02 01:40:08 maxk Exp $
+- */
+-
+-#ifdef __KERNEL__
+-
+-/* Class, SubClass, and Protocol codes that describe a Bluetooth device */
+-#define HCI_DEV_CLASS 0xe0 /* Wireless class */
+-#define HCI_DEV_SUBCLASS 0x01 /* RF subclass */
+-#define HCI_DEV_PROTOCOL 0x01 /* Bluetooth programming protocol */
+-
+-#define HCI_CTRL_REQ 0x20
+-
+-struct hci_usb {
+- struct usb_device *udev;
+-
+- devrequest dev_req;
+- struct urb *ctrl_urb;
+- struct urb *intr_urb;
+- struct urb *read_urb;
+- struct urb *write_urb;
+-
+- __u8 *read_buf;
+- __u8 *intr_buf;
+- struct sk_buff *intr_skb;
+- int intr_count;
+-
+- __u8 bulk_out_ep_addr;
+- __u8 bulk_in_ep_addr;
+- __u8 intr_in_ep_addr;
+- __u8 intr_in_interval;
+-
+- struct hci_dev hdev;
+-
+- unsigned long tx_state;
+- struct sk_buff_head tx_ctrl_q;
+- struct sk_buff_head tx_write_q;
+-};
+-
+-/* Transmit states */
+-#define HCI_TX_CTRL 1
+-#define HCI_TX_WRITE 2
+-
+-#endif /* __KERNEL__ */
+diff -urN linux-2.4.18/include/net/bluetooth/hci_vhci.h linux-2.4.18-mh9/include/net/bluetooth/hci_vhci.h
+--- linux-2.4.18/include/net/bluetooth/hci_vhci.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/hci_vhci.h Thu Jan 1 01:00:00 1970
+@@ -1,50 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * $Id: hci_vhci.h,v 1.2 2001/08/01 01:02:20 maxk Exp $
+- */
+-
+-#ifndef __HCI_VHCI_H
+-#define __HCI_VHCI_H
+-
+-#ifdef __KERNEL__
+-
+-struct hci_vhci_struct {
+- struct hci_dev hdev;
+- __u32 flags;
+- wait_queue_head_t read_wait;
+- struct sk_buff_head readq;
+- struct fasync_struct *fasync;
+-};
+-
+-/* VHCI device flags */
+-#define VHCI_FASYNC 0x0010
+-
+-#endif /* __KERNEL__ */
+-
+-#define VHCI_DEV "/dev/vhci"
+-#define VHCI_MINOR 250
+-
+-#endif /* __HCI_VHCI_H */
+diff -urN linux-2.4.18/include/net/bluetooth/l2cap.h linux-2.4.18-mh9/include/net/bluetooth/l2cap.h
+--- linux-2.4.18/include/net/bluetooth/l2cap.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/l2cap.h Mon Aug 25 18:38:12 2003
+@@ -23,22 +23,17 @@
+ */
+
+ /*
+- * $Id: l2cap.h,v 1.5 2001/06/14 21:28:26 maxk Exp $
++ * $Id: l2cap.h,v 1.1.1.1 2002/03/08 21:03:15 maxk Exp $
+ */
+
+ #ifndef __L2CAP_H
+ #define __L2CAP_H
+
+-#include <asm/types.h>
+-#include <asm/byteorder.h>
+-
+ /* L2CAP defaults */
+ #define L2CAP_DEFAULT_MTU 672
+ #define L2CAP_DEFAULT_FLUSH_TO 0xFFFF
+
+ #define L2CAP_CONN_TIMEOUT (HZ * 40)
+-#define L2CAP_DISCONN_TIMEOUT (HZ * 2)
+-#define L2CAP_CONN_IDLE_TIMEOUT (HZ * 60)
+
+ /* L2CAP socket address */
+ struct sockaddr_l2 {
+@@ -47,17 +42,12 @@
+ bdaddr_t l2_bdaddr;
+ };
+
+-/* set/get sockopt defines */
+-#define L2CAP_OPTIONS 0x01
++/* Socket options */
++#define L2CAP_OPTIONS 0x01
+ struct l2cap_options {
+ __u16 omtu;
+ __u16 imtu;
+ __u16 flush_to;
+- __u32 token_rate;
+- __u32 bucket_size;
+- __u32 pick_band;
+- __u32 latency;
+- __u32 delay_var;
+ };
+
+ #define L2CAP_CONNINFO 0x02
+@@ -65,6 +55,27 @@
+ __u16 hci_handle;
+ };
+
++#define L2CAP_LM 0x03
++#define L2CAP_LM_MASTER 0x0001
++#define L2CAP_LM_AUTH 0x0002
++#define L2CAP_LM_ENCRYPT 0x0004
++#define L2CAP_LM_TRUSTED 0x0008
++#define L2CAP_LM_RELIABLE 0x0010
++
++#define L2CAP_QOS 0x04
++struct l2cap_qos {
++ __u16 service_type;
++ __u32 token_rate;
++ __u32 token_bucket_size;
++ __u32 peak_bandwidth;
++ __u32 latency;
++ __u32 delay_variation;
++};
++
++#define L2CAP_SERV_NO_TRAFFIC 0x00
++#define L2CAP_SERV_BEST_EFFORT 0x01
++#define L2CAP_SERV_GUARANTEED 0x02
++
+ /* L2CAP command codes */
+ #define L2CAP_COMMAND_REJ 0x01
+ #define L2CAP_CONN_REQ 0x02
+@@ -79,7 +90,6 @@
+ #define L2CAP_INFO_RSP 0x0b
+
+ /* L2CAP structures */
+-
+ typedef struct {
+ __u16 len;
+ __u16 cid;
+@@ -112,11 +122,17 @@
+ } __attribute__ ((packed)) l2cap_conn_rsp;
+ #define L2CAP_CONN_RSP_SIZE 8
+
+-#define L2CAP_CONN_SUCCESS 0x0000
+-#define L2CAP_CONN_PEND 0x0001
+-#define L2CAP_CONN_BAD_PSM 0x0002
+-#define L2CAP_CONN_SEC_BLOCK 0x0003
+-#define L2CAP_CONN_NO_MEM 0x0004
++/* connect result */
++#define L2CAP_CR_SUCCESS 0x0000
++#define L2CAP_CR_PEND 0x0001
++#define L2CAP_CR_BAD_PSM 0x0002
++#define L2CAP_CR_SEC_BLOCK 0x0003
++#define L2CAP_CR_NO_MEM 0x0004
++
++/* connect status */
++#define L2CAP_CS_NO_INFO 0x0000
++#define L2CAP_CS_AUTHEN_PEND 0x0001
++#define L2CAP_CS_AUTHOR_PEND 0x0002
+
+ typedef struct {
+ __u16 dcid;
+@@ -147,6 +163,8 @@
+ #define L2CAP_CONF_FLUSH_TO 0x02
+ #define L2CAP_CONF_QOS 0x03
+
++#define L2CAP_CONF_MAX_SIZE 22
++
+ typedef struct {
+ __u16 dcid;
+ __u16 scid;
+@@ -158,5 +176,75 @@
+ __u16 scid;
+ } __attribute__ ((packed)) l2cap_disconn_rsp;
+ #define L2CAP_DISCONN_RSP_SIZE 4
++
++typedef struct {
++ __u16 type;
++ __u8 data[0];
++} __attribute__ ((packed)) l2cap_info_req;
++#define L2CAP_INFO_REQ_SIZE 2
++
++typedef struct {
++ __u16 type;
++ __u16 result;
++ __u8 data[0];
++} __attribute__ ((packed)) l2cap_info_rsp;
++#define L2CAP_INFO_RSP_SIZE 4
++
++/* ----- L2CAP connections ----- */
++struct l2cap_chan_list {
++ struct sock *head;
++ rwlock_t lock;
++ long num;
++};
++
++struct l2cap_conn {
++ struct hci_conn *hcon;
++
++ bdaddr_t *dst;
++ bdaddr_t *src;
++
++ unsigned int mtu;
++
++ spinlock_t lock;
++
++ struct sk_buff *rx_skb;
++ __u32 rx_len;
++ __u8 rx_ident;
++ __u8 tx_ident;
++
++ struct l2cap_chan_list chan_list;
++};
++
++/* ----- L2CAP channel and socket info ----- */
++#define l2cap_pi(sk) ((struct l2cap_pinfo *) &sk->tp_pinfo)
++
++struct l2cap_pinfo {
++ __u16 psm;
++ __u16 dcid;
++ __u16 scid;
++
++ __u16 imtu;
++ __u16 omtu;
++ __u16 flush_to;
++
++ __u32 link_mode;
++
++ __u8 conf_state;
++ __u8 conf_retry;
++ __u16 conf_mtu;
++
++ __u8 ident;
++
++ struct l2cap_conn *conn;
++ struct sock *next_c;
++ struct sock *prev_c;
++};
++
++#define L2CAP_CONF_REQ_SENT 0x01
++#define L2CAP_CONF_INPUT_DONE 0x02
++#define L2CAP_CONF_OUTPUT_DONE 0x04
++#define L2CAP_CONF_MAX_RETRIES 2
++
++void l2cap_load(void);
+
+ #endif /* __L2CAP_H */
+diff -urN linux-2.4.18/include/net/bluetooth/l2cap_core.h linux-2.4.18-mh9/include/net/bluetooth/l2cap_core.h
+--- linux-2.4.18/include/net/bluetooth/l2cap_core.h Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/include/net/bluetooth/l2cap_core.h Thu Jan 1 01:00:00 1970
+@@ -1,144 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * $Id: l2cap_core.h,v 1.6 2001/08/03 04:19:49 maxk Exp $
+- */
+-
+-#ifndef __L2CAP_CORE_H
+-#define __L2CAP_CORE_H
+-
+-#ifdef __KERNEL__
+-
+-/* ----- L2CAP interface ----- */
+-struct l2cap_iff {
+- struct list_head list;
+- struct hci_dev *hdev;
+- bdaddr_t *bdaddr;
+- __u16 mtu;
+- spinlock_t lock;
+- struct list_head conn_list;
+-};
+-
+-static inline void l2cap_iff_lock(struct l2cap_iff *iff)
+-{
+- spin_lock(&iff->lock);
+-}
+-
+-static inline void l2cap_iff_unlock(struct l2cap_iff *iff)
+-{
+- spin_unlock(&iff->lock);
+-}
+-
+-/* ----- L2CAP connections ----- */
+-struct l2cap_chan_list {
+- struct sock *head;
+- rwlock_t lock;
+- long num;
+-};
+-
+-struct l2cap_conn {
+- struct l2cap_iff *iff;
+- struct list_head list;
+-
+- struct hci_conn *hconn;
+-
+- __u16 state;
+- __u8 out;
+- bdaddr_t src;
+- bdaddr_t dst;
+-
+- spinlock_t lock;
+- atomic_t refcnt;
+-
+- struct sk_buff *rx_skb;
+- __u32 rx_len;
+- __u8 rx_ident;
+- __u8 tx_ident;
+-
+- struct l2cap_chan_list chan_list;
+-
+- struct timer_list timer;
+-};
+-
+-static inline void __l2cap_conn_link(struct l2cap_iff *iff, struct l2cap_conn *c)
+-{
+- list_add(&c->list, &iff->conn_list);
+-}
+-
+-static inline void __l2cap_conn_unlink(struct l2cap_iff *iff, struct l2cap_conn *c)
+-{
+- list_del(&c->list);
+-}
+-
+-/* ----- L2CAP channel and socket info ----- */
+-#define l2cap_pi(sk) ((struct l2cap_pinfo *) &sk->protinfo)
+-
+-struct l2cap_accept_q {
+- struct sock *head;
+- struct sock *tail;
+-};
+-
+-struct l2cap_pinfo {
+- bdaddr_t src;
+- bdaddr_t dst;
+- __u16 psm;
+- __u16 dcid;
+- __u16 scid;
+- __u32 flags;
+-
+- __u16 imtu;
+- __u16 omtu;
+- __u16 flush_to;
+-
+- __u8 conf_state;
+- __u16 conf_mtu;
+-
+- __u8 ident;
+-
+- struct l2cap_conn *conn;
+- struct sock *next_c;
+- struct sock *prev_c;
+-
+- struct sock *parent;
+- struct sock *next_q;
+- struct sock *prev_q;
+-
+- struct l2cap_accept_q accept_q;
+-};
+-
+-#define CONF_REQ_SENT 0x01
+-#define CONF_INPUT_DONE 0x02
+-#define CONF_OUTPUT_DONE 0x04
+-
+-extern struct bluez_sock_list l2cap_sk_list;
+-extern struct list_head l2cap_iff_list;
+-extern rwlock_t l2cap_rt_lock;
+-
+-extern void l2cap_register_proc(void);
+-extern void l2cap_unregister_proc(void);
+-
+-#endif /* __KERNEL__ */
+-
+-#endif /* __L2CAP_CORE_H */
+diff -urN linux-2.4.18/include/net/bluetooth/rfcomm.h linux-2.4.18-mh9/include/net/bluetooth/rfcomm.h
+--- linux-2.4.18/include/net/bluetooth/rfcomm.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/include/net/bluetooth/rfcomm.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,356 @@
++/*
++ RFCOMM implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++ Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ RPN support - Dirk Husemann <hud@zurich.ibm.com>
++*/
++
++/*
++ * $Id: rfcomm.h,v 1.31 2002/10/18 20:12:11 maxk Exp $
++ */
++
++#ifndef __RFCOMM_H
++#define __RFCOMM_H
++
++#define RFCOMM_PSM 3
++
++#define RFCOMM_CONN_TIMEOUT (HZ * 30)
++#define RFCOMM_DISC_TIMEOUT (HZ * 20)
++
++#define RFCOMM_DEFAULT_MTU 127
++#define RFCOMM_DEFAULT_CREDITS 7
++
++#define RFCOMM_MAX_L2CAP_MTU 1024
++#define RFCOMM_MAX_CREDITS 40
++
++#define RFCOMM_SKB_HEAD_RESERVE 8
++#define RFCOMM_SKB_TAIL_RESERVE 2
++#define RFCOMM_SKB_RESERVE (RFCOMM_SKB_HEAD_RESERVE + RFCOMM_SKB_TAIL_RESERVE)
++
++#define RFCOMM_SABM 0x2f
++#define RFCOMM_DISC 0x43
++#define RFCOMM_UA 0x63
++#define RFCOMM_DM 0x0f
++#define RFCOMM_UIH 0xef
++
++#define RFCOMM_TEST 0x08
++#define RFCOMM_FCON 0x28
++#define RFCOMM_FCOFF 0x18
++#define RFCOMM_MSC 0x38
++#define RFCOMM_RPN 0x24
++#define RFCOMM_RLS 0x14
++#define RFCOMM_PN 0x20
++#define RFCOMM_NSC 0x04
++
++#define RFCOMM_V24_FC 0x02
++#define RFCOMM_V24_RTC 0x04
++#define RFCOMM_V24_RTR 0x08
++#define RFCOMM_V24_IC 0x40
++#define RFCOMM_V24_DV 0x80
++
++#define RFCOMM_RPN_BR_2400 0x0
++#define RFCOMM_RPN_BR_4800 0x1
++#define RFCOMM_RPN_BR_7200 0x2
++#define RFCOMM_RPN_BR_9600 0x3
++#define RFCOMM_RPN_BR_19200 0x4
++#define RFCOMM_RPN_BR_38400 0x5
++#define RFCOMM_RPN_BR_57600 0x6
++#define RFCOMM_RPN_BR_115200 0x7
++#define RFCOMM_RPN_BR_230400 0x8
++
++#define RFCOMM_RPN_DATA_5 0x0
++#define RFCOMM_RPN_DATA_6 0x1
++#define RFCOMM_RPN_DATA_7 0x2
++#define RFCOMM_RPN_DATA_8 0x3
++
++#define RFCOMM_RPN_STOP_1 0
++#define RFCOMM_RPN_STOP_15 1
++
++#define RFCOMM_RPN_PARITY_NONE 0x0
++#define RFCOMM_RPN_PARITY_ODD 0x4
++#define RFCOMM_RPN_PARITY_EVEN 0x5
++#define RFCOMM_RPN_PARITY_MARK 0x6
++#define RFCOMM_RPN_PARITY_SPACE 0x7
++
++#define RFCOMM_RPN_FLOW_NONE 0x00
++
++#define RFCOMM_RPN_XON_CHAR 0x11
++#define RFCOMM_RPN_XOFF_CHAR 0x13
++
++#define RFCOMM_RPN_PM_BITRATE 0x0001
++#define RFCOMM_RPN_PM_DATA 0x0002
++#define RFCOMM_RPN_PM_STOP 0x0004
++#define RFCOMM_RPN_PM_PARITY 0x0008
++#define RFCOMM_RPN_PM_PARITY_TYPE 0x0010
++#define RFCOMM_RPN_PM_XON 0x0020
++#define RFCOMM_RPN_PM_XOFF 0x0040
++#define RFCOMM_RPN_PM_FLOW 0x3F00
++
++#define RFCOMM_RPN_PM_ALL 0x3F7F
++
++struct rfcomm_hdr {
++ u8 addr;
++ u8 ctrl;
++ u8 len; // Actual size can be 2 bytes
++} __attribute__ ((packed));
++
++struct rfcomm_cmd {
++ u8 addr;
++ u8 ctrl;
++ u8 len;
++ u8 fcs;
++} __attribute__ ((packed));
++
++struct rfcomm_mcc {
++ u8 type;
++ u8 len;
++} __attribute__ ((packed));
++
++struct rfcomm_pn {
++ u8 dlci;
++ u8 flow_ctrl;
++ u8 priority;
++ u8 ack_timer;
++ u16 mtu;
++ u8 max_retrans;
++ u8 credits;
++} __attribute__ ((packed));
++
++struct rfcomm_rpn {
++ u8 dlci;
++ u8 bit_rate;
++ u8 line_settings;
++ u8 flow_ctrl;
++ u8 xon_char;
++ u8 xoff_char;
++ u16 param_mask;
++} __attribute__ ((packed));
++
++struct rfcomm_rls {
++ u8 dlci;
++ u8 status;
++} __attribute__ ((packed));
++
++struct rfcomm_msc {
++ u8 dlci;
++ u8 v24_sig;
++} __attribute__ ((packed));
++
++/* ---- Core structures, flags etc ---- */
++
++struct rfcomm_session {
++ struct list_head list;
++ struct socket *sock;
++ unsigned long state;
++ unsigned long flags;
++ atomic_t refcnt;
++ int initiator;
++
++ /* Default DLC parameters */
++ uint mtu;
++ uint credits;
++
++ struct list_head dlcs;
++};
++
++struct rfcomm_dlc {
++ struct list_head list;
++ struct rfcomm_session *session;
++ struct sk_buff_head tx_queue;
++ struct timer_list timer;
++
++ spinlock_t lock;
++ unsigned long state;
++ unsigned long flags;
++ atomic_t refcnt;
++ u8 dlci;
++ u8 addr;
++ u8 priority;
++ u8 v24_sig;
++ u8 mscex;
++
++ uint mtu;
++ uint credits;
++ uint rx_credits;
++ uint tx_credits;
++
++ void *owner;
++
++ void (*data_ready)(struct rfcomm_dlc *d, struct sk_buff *skb);
++ void (*state_change)(struct rfcomm_dlc *d, int err);
++ void (*modem_status)(struct rfcomm_dlc *d, u8 v24_sig);
++};
++
++/* DLC and session flags */
++#define RFCOMM_RX_THROTTLED 0
++#define RFCOMM_TX_THROTTLED 1
++#define RFCOMM_MSC_PENDING 2
++#define RFCOMM_TIMED_OUT 3
++
++/* Scheduling flags and events */
++#define RFCOMM_SCHED_STATE 0
++#define RFCOMM_SCHED_RX 1
++#define RFCOMM_SCHED_TX 2
++#define RFCOMM_SCHED_TIMEO 3
++#define RFCOMM_SCHED_WAKEUP 31
++
++/* MSC exchange flags */
++#define RFCOMM_MSCEX_TX 1
++#define RFCOMM_MSCEX_RX 2
++#define RFCOMM_MSCEX_OK (RFCOMM_MSCEX_TX + RFCOMM_MSCEX_RX)
++
++extern struct task_struct *rfcomm_thread;
++extern unsigned long rfcomm_event;
++
++static inline void rfcomm_schedule(uint event)
++{
++ if (!rfcomm_thread)
++ return;
++ set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
++ wake_up_process(rfcomm_thread);
++}
++
++extern struct semaphore rfcomm_sem;
++#define rfcomm_lock() down(&rfcomm_sem);
++#define rfcomm_unlock() up(&rfcomm_sem);
++
++/* ---- RFCOMM DLCs (channels) ---- */
++struct rfcomm_dlc *rfcomm_dlc_alloc(int prio);
++void rfcomm_dlc_free(struct rfcomm_dlc *d);
++int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel);
++int rfcomm_dlc_close(struct rfcomm_dlc *d, int reason);
++int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb);
++int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig);
++int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig);
++
++#define rfcomm_dlc_lock(d) spin_lock(&d->lock)
++#define rfcomm_dlc_unlock(d) spin_unlock(&d->lock)
++
++static inline void rfcomm_dlc_hold(struct rfcomm_dlc *d)
++{
++ atomic_inc(&d->refcnt);
++}
++
++static inline void rfcomm_dlc_put(struct rfcomm_dlc *d)
++{
++ if (atomic_dec_and_test(&d->refcnt))
++ rfcomm_dlc_free(d);
++}
++
++extern void FASTCALL(__rfcomm_dlc_throttle(struct rfcomm_dlc *d));
++extern void FASTCALL(__rfcomm_dlc_unthrottle(struct rfcomm_dlc *d));
++
++static inline void rfcomm_dlc_throttle(struct rfcomm_dlc *d)
++{
++ if (!test_and_set_bit(RFCOMM_RX_THROTTLED, &d->flags))
++ __rfcomm_dlc_throttle(d);
++}
++
++static inline void rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
++{
++ if (test_and_clear_bit(RFCOMM_RX_THROTTLED, &d->flags))
++ __rfcomm_dlc_unthrottle(d);
++}
++
++/* ---- RFCOMM sessions ---- */
++struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state);
++struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
++struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
++void rfcomm_session_del(struct rfcomm_session *s);
++void rfcomm_session_close(struct rfcomm_session *s, int err);
++void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst);
++
++static inline void rfcomm_session_hold(struct rfcomm_session *s)
++{
++ atomic_inc(&s->refcnt);
++}
++
++static inline void rfcomm_session_put(struct rfcomm_session *s)
++{
++ if (atomic_dec_and_test(&s->refcnt))
++ rfcomm_session_del(s);
++}
++
++/* ---- RFCOMM chechsum ---- */
++extern u8 rfcomm_crc_table[];
++
++/* ---- RFCOMM sockets ---- */
++struct sockaddr_rc {
++ sa_family_t rc_family;
++ bdaddr_t rc_bdaddr;
++ u8 rc_channel;
++};
++
++#define rfcomm_pi(sk) ((struct rfcomm_pinfo *) &sk->tp_pinfo)
++
++struct rfcomm_pinfo {
++ struct rfcomm_dlc *dlc;
++ u8 channel;
++};
++
++int rfcomm_init_sockets(void);
++void rfcomm_cleanup_sockets(void);
++
++int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d);
++
++/* ---- RFCOMM TTY ---- */
++#define RFCOMM_MAX_DEV 256
++
++#define RFCOMMCREATEDEV _IOW('R', 200, int)
++#define RFCOMMRELEASEDEV _IOW('R', 201, int)
++#define RFCOMMGETDEVLIST _IOR('R', 210, int)
++#define RFCOMMGETDEVINFO _IOR('R', 211, int)
++#define RFCOMMSTEALDLC _IOW('R', 220, int)
++
++#define RFCOMM_REUSE_DLC 0
++#define RFCOMM_RELEASE_ONHUP 1
++#define RFCOMM_HANGUP_NOW 2
++#define RFCOMM_TTY_ATTACHED 3
++
++struct rfcomm_dev_req {
++ s16 dev_id;
++ u32 flags;
++ bdaddr_t src;
++ bdaddr_t dst;
++ u8 channel;
++};
++
++struct rfcomm_dev_info {
++ s16 id;
++ u32 flags;
++ u16 state;
++ bdaddr_t src;
++ bdaddr_t dst;
++ u8 channel;
++};
++
++struct rfcomm_dev_list_req {
++ u16 dev_num;
++ struct rfcomm_dev_info dev_info[0];
++};
++
++int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg);
++int rfcomm_init_ttys(void);
++void rfcomm_cleanup_ttys(void);
++
++#endif /* __RFCOMM_H */
+diff -urN linux-2.4.18/include/net/bluetooth/sco.h linux-2.4.18-mh9/include/net/bluetooth/sco.h
+--- linux-2.4.18/include/net/bluetooth/sco.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/include/net/bluetooth/sco.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,81 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: sco.h,v 1.1.1.1 2002/03/08 21:03:15 maxk Exp $
++ */
++
++#ifndef __SCO_H
++#define __SCO_H
++
++/* SCO defaults */
++#define SCO_DEFAULT_MTU 500
++#define SCO_DEFAULT_FLUSH_TO 0xFFFF
++
++#define SCO_CONN_TIMEOUT (HZ * 40)
++#define SCO_DISCONN_TIMEOUT (HZ * 2)
++#define SCO_CONN_IDLE_TIMEOUT (HZ * 60)
++
++/* SCO socket address */
++struct sockaddr_sco {
++ sa_family_t sco_family;
++ bdaddr_t sco_bdaddr;
++};
++
++/* set/get sockopt defines */
++#define SCO_OPTIONS 0x01
++struct sco_options {
++ __u16 mtu;
++};
++
++#define SCO_CONNINFO 0x02
++struct sco_conninfo {
++ __u16 hci_handle;
++};
++
++/* ---- SCO connections ---- */
++struct sco_conn {
++ struct hci_conn *hcon;
++
++ bdaddr_t *dst;
++ bdaddr_t *src;
++
++ spinlock_t lock;
++ struct sock *sk;
++
++ unsigned int mtu;
++};
++
++#define sco_conn_lock(c) spin_lock(&c->lock);
++#define sco_conn_unlock(c) spin_unlock(&c->lock);
++
++/* ----- SCO socket info ----- */
++#define sco_pi(sk) ((struct sco_pinfo *) &sk->tp_pinfo)
++
++struct sco_pinfo {
++ __u32 flags;
++ struct sco_conn *conn;
++};
++
++#endif /* __SCO_H */
+diff -urN linux-2.4.18/include/pcmcia/ciscode.h linux-2.4.18-mh9/include/pcmcia/ciscode.h
+--- linux-2.4.18/include/pcmcia/ciscode.h Fri Dec 21 18:42:04 2001
++++ linux-2.4.18-mh9/include/pcmcia/ciscode.h Mon Aug 25 18:38:12 2003
+@@ -1,5 +1,5 @@
+ /*
+- * ciscode.h 1.48 2001/08/24 12:16:12
++ * ciscode.h 1.57 2002/11/03 20:38:14
+ *
+ * The contents of this file are subject to the Mozilla Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+@@ -60,6 +60,10 @@
+ #define PRODID_INTEL_DUAL_RS232 0x0301
+ #define PRODID_INTEL_2PLUS 0x8422
+
++#define MANFID_KME 0x0032
++#define PRODID_KME_KXLC005_A 0x0704
++#define PRODID_KME_KXLC005_B 0x2904
++
+ #define MANFID_LINKSYS 0x0143
+ #define PRODID_LINKSYS_PCMLM28 0xc0ab
+ #define PRODID_LINKSYS_3400 0x3341
+@@ -94,6 +98,8 @@
+ #define PRODID_OSITECH_JACK_336 0x0007
+ #define PRODID_OSITECH_SEVEN 0x0008
+
++#define MANFID_OXSEMI 0x0279
++
+ #define MANFID_PIONEER 0x000b
+
+ #define MANFID_PSION 0x016c
+@@ -103,6 +109,7 @@
+ #define PRODID_QUATECH_SPP100 0x0003
+ #define PRODID_QUATECH_DUAL_RS232 0x0012
+ #define PRODID_QUATECH_DUAL_RS232_D1 0x0007
++#define PRODID_QUATECH_DUAL_RS232_D2 0x0052
+ #define PRODID_QUATECH_QUAD_RS232 0x001b
+ #define PRODID_QUATECH_DUAL_RS422 0x000e
+ #define PRODID_QUATECH_QUAD_RS422 0x0045
+@@ -120,8 +127,11 @@
+
+ #define MANFID_TDK 0x0105
+ #define PRODID_TDK_CF010 0x0900
++#define PRODID_TDK_GN3410 0x4815
+
+ #define MANFID_TOSHIBA 0x0098
++
++#define MANFID_UNGERMANN 0x02c0
+
+ #define MANFID_XIRCOM 0x0105
+
+diff -urN linux-2.4.18/lib/Config.in linux-2.4.18-mh9/lib/Config.in
+--- linux-2.4.18/lib/Config.in Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/lib/Config.in Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,12 @@
++#
++# Library configuration
++#
++mainmenu_option next_comment
++comment 'Library routines'
++
++if [ "$CONFIG_EXPERIMENTAL" = "y" -a \
++ "$CONFIG_HOTPLUG" = "y" ]; then
++ tristate 'Hotplug firmware loading support (EXPERIMENTAL)' CONFIG_FW_LOADER
++fi
++
++endmenu
+diff -urN linux-2.4.18/lib/Makefile linux-2.4.18-mh9/lib/Makefile
+--- linux-2.4.18/lib/Makefile Tue Sep 18 00:31:15 2001
++++ linux-2.4.18-mh9/lib/Makefile Mon Aug 25 18:38:12 2003
+@@ -8,12 +8,16 @@
+
+ L_TARGET := lib.a
+
+-export-objs := cmdline.o dec_and_lock.o rwsem-spinlock.o rwsem.o
++export-objs := cmdline.o dec_and_lock.o rwsem-spinlock.o rwsem.o \
++ firmware_class.o
+
+ obj-y := errno.o ctype.o string.o vsprintf.o brlock.o cmdline.o bust_spinlocks.o rbtree.o
+
++obj-$(CONFIG_FW_LOADER) += firmware_class.o
+ obj-$(CONFIG_RWSEM_GENERIC_SPINLOCK) += rwsem-spinlock.o
+ obj-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += rwsem.o
++
++include $(TOPDIR)/drivers/bluetooth/Makefile.lib
+
+ ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
+ obj-y += dec_and_lock.o
+diff -urN linux-2.4.18/lib/firmware_class.c linux-2.4.18-mh9/lib/firmware_class.c
+--- linux-2.4.18/lib/firmware_class.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/lib/firmware_class.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,571 @@
++/*
++ * firmware_class.c - Multi purpose firmware loading support
++ *
++ * Copyright (c) 2003 Manuel Estrada Sainz <ranty@debian.org>
++ *
++ * Please see Documentation/firmware_class/ for more information.
++ *
++ */
++/*
++ * Based on kernel/kmod.c and drivers/usb/usb.c
++ */
++/*
++ kernel/kmod.c
++ Kirk Petersen
++
++ Reorganized not to be a daemon by Adam Richter, with guidance
++ from Greg Zornetzer.
++
++ Modified to avoid chroot and file sharing problems.
++ Mikael Pettersson
++
++ Limit the concurrent number of kmod modprobes to catch loops from
++ "modprobe needs a service that is in a module".
++ Keith Owens <kaos@ocs.com.au> December 1999
++
++ Unblock all signals when we exec a usermode process.
++ Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
++*/
++/*
++ * drivers/usb/usb.c
++ *
++ * (C) Copyright Linus Torvalds 1999
++ * (C) Copyright Johannes Erdfelt 1999-2001
++ * (C) Copyright Andreas Gal 1999
++ * (C) Copyright Gregory P. Smith 1999
++ * (C) Copyright Deti Fliegl 1999 (new USB architecture)
++ * (C) Copyright Randy Dunlap 2000
++ * (C) Copyright David Brownell 2000 (kernel hotplug, usb_device_id)
++ * (C) Copyright Yggdrasil Computing, Inc. 2000
++ * (usb_device_id matching changes by Adam J. Richter)
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++#include <linux/string.h>
++#include <linux/types.h>
++#include <linux/init.h>
++#include <linux/slab.h>
++#include <linux/kmod.h>
++#include <linux/proc_fs.h>
++#include <linux/vmalloc.h>
++#include <asm/hardirq.h>
++
++#include "linux/firmware.h"
++
++MODULE_AUTHOR("Manuel Estrada Sainz <ranty@debian.org>");
++MODULE_DESCRIPTION("Multi purpose firmware loading support");
++MODULE_LICENSE("GPL");
++
++#define err(format, arg...) \
++ printk(KERN_ERR "%s:%s: " format "\n",__FILE__, __FUNCTION__ , ## arg)
++#define warn(format, arg...) \
++ printk(KERN_WARNING "%s:%s: " format "\n",__FILE__, __FUNCTION__ , ## arg)
++#define dbg(format, arg...) \
++ printk(KERN_DEBUG "%s:%s: " format "\n",__FILE__, __FUNCTION__ , ## arg)
++
++static int loading_timeout = 10; /* In seconds */
++static struct proc_dir_entry *proc_dir_timeout;
++static struct proc_dir_entry *proc_dir;
++
++#ifdef CONFIG_HOTPLUG
++
++static int
++call_helper(char *verb, const char *name, const char *device)
++{
++ char *argv[3], **envp, *buf, *scratch;
++ int i = 0;
++
++ int retval = 0;
++
++ if (!hotplug_path[0])
++ return -ENOENT;
++ if (in_interrupt()) {
++ err("in_interrupt");
++ return -EFAULT;
++ }
++ if (!current->fs->root) {
++ warn("call_policy %s -- no FS yet", verb);
++ return -EPERM;
++ }
++
++ if (!(envp = (char **) kmalloc(20 * sizeof (char *), GFP_KERNEL))) {
++ err("unable to allocate envp");
++ return -ENOMEM;
++ }
++ if (!(buf = kmalloc(256, GFP_KERNEL))) {
++ kfree(envp);
++ err("unable to allocate buf");
++ return -ENOMEM;
++ }
++
++ /* only one standardized param to hotplug command: type */
++ argv[0] = hotplug_path;
++ argv[1] = "firmware";
++ argv[2] = 0;
++
++ /* minimal command environment */
++ envp[i++] = "HOME=/";
++ envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
++
++#ifdef DEBUG
++ /* hint that policy agent should enter no-stdout debug mode */
++ envp[i++] = "DEBUG=kernel";
++#endif
++ scratch = buf;
++
++ if (device) {
++ envp[i++] = scratch;
++ scratch += snprintf(scratch, FIRMWARE_NAME_MAX+25,
++ "DEVPATH=/driver/firmware/%s", device) + 1;
++ }
++
++ envp[i++] = scratch;
++ scratch += sprintf(scratch, "ACTION=%s", verb) + 1;
++
++ envp[i++] = scratch;
++ scratch += snprintf(scratch, FIRMWARE_NAME_MAX,
++ "FIRMWARE=%s", name) + 1;
++
++ envp[i++] = 0;
++
++#ifdef DEBUG
++ dbg("firmware: %s %s %s", argv[0], argv[1], verb);
++#endif
++
++ retval = call_usermodehelper(argv[0], argv, envp);
++ if (retval) {
++ printk("call_usermodehelper return %d\n", retval);
++ }
++
++ kfree(buf);
++ kfree(envp);
++ return retval;
++}
++#else
++
++static inline int
++call_helper(char *verb, const char *name, const char *device)
++{
++ return -ENOENT;
++}
++
++#endif /* CONFIG_HOTPLUG */
++
++struct firmware_priv {
++ struct completion completion;
++ struct proc_dir_entry *proc_dir;
++ struct proc_dir_entry *attr_data;
++ struct proc_dir_entry *attr_loading;
++ struct firmware *fw;
++ int loading;
++ int abort;
++ int alloc_size;
++ struct timer_list timeout;
++};
++
++static int
++firmware_timeout_show(char *buf, char **start, off_t off,
++ int count, int *eof, void *data)
++{
++ return sprintf(buf, "%d\n", loading_timeout);
++}
++
++/**
++ * firmware_timeout_store:
++ * Description:
++ * Sets the number of seconds to wait for the firmware. Once
++ * this expires an error will be return to the driver and no
++ * firmware will be provided.
++ *
++ * Note: zero means 'wait for ever'
++ *
++ **/
++static int
++firmware_timeout_store(struct file *file, const char *buf,
++ unsigned long count, void *data)
++{
++ loading_timeout = simple_strtol(buf, NULL, 10);
++ return count;
++}
++
++static int
++firmware_loading_show(char *buf, char **start, off_t off,
++ int count, int *eof, void *data)
++{
++ struct firmware_priv *fw_priv = data;
++ return sprintf(buf, "%d\n", fw_priv->loading);
++}
++
++/**
++ * firmware_loading_store: - loading control file
++ * Description:
++ * The relevant values are:
++ *
++ * 1: Start a load, discarding any previous partial load.
++ * 0: Conclude the load and handle the data to the driver code.
++ * -1: Conclude the load with an error and discard any written data.
++ **/
++static int
++firmware_loading_store(struct file *file, const char *buf,
++ unsigned long count, void *data)
++{
++ struct firmware_priv *fw_priv = data;
++ int prev_loading = fw_priv->loading;
++
++ fw_priv->loading = simple_strtol(buf, NULL, 10);
++
++ switch (fw_priv->loading) {
++ case -1:
++ fw_priv->abort = 1;
++ wmb();
++ complete(&fw_priv->completion);
++ break;
++ case 1:
++ kfree(fw_priv->fw->data);
++ fw_priv->fw->data = NULL;
++ fw_priv->fw->size = 0;
++ fw_priv->alloc_size = 0;
++ break;
++ case 0:
++ if (prev_loading == 1)
++ complete(&fw_priv->completion);
++ break;
++ }
++
++ return count;
++}
++
++static int
++firmware_data_read(char *buffer, char **start, off_t offset,
++ int count, int *eof, void *data)
++{
++ struct firmware_priv *fw_priv = data;
++ struct firmware *fw = fw_priv->fw;
++
++ if (offset > fw->size)
++ return 0;
++ if (offset + count > fw->size)
++ count = fw->size - offset;
++
++ memcpy(buffer, fw->data + offset, count);
++ *start = (void *) ((long) count);
++ return count;
++}
++static int
++fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
++{
++ u8 *new_data;
++ int new_size;
++
++ if (min_size <= fw_priv->alloc_size)
++ return 0;
++ if((min_size % PAGE_SIZE) == 0)
++ new_size = min_size;
++ else
++ new_size = (min_size + PAGE_SIZE) & PAGE_MASK;
++ new_data = vmalloc(new_size);
++ if (!new_data) {
++ printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__);
++ /* Make sure that we don't keep incomplete data */
++ fw_priv->abort = 1;
++ return -ENOMEM;
++ }
++ fw_priv->alloc_size = new_size;
++ if (fw_priv->fw->data) {
++ memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size);
++ vfree(fw_priv->fw->data);
++ }
++ fw_priv->fw->data = new_data;
++ BUG_ON(min_size > fw_priv->alloc_size);
++ return 0;
++}
++
++/**
++ * firmware_data_write:
++ *
++ * Description:
++ *
++ * Data written to the 'data' attribute will be later handled to
++ * the driver as a firmware image.
++ **/
++static int
++firmware_data_write(struct file *file, const char *buffer,
++ unsigned long count, void *data)
++{
++ struct firmware_priv *fw_priv = data;
++ struct firmware *fw = fw_priv->fw;
++ int offset = file->f_pos;
++ int retval;
++
++ retval = fw_realloc_buffer(fw_priv, offset + count);
++ if (retval) {
++ printk("%s: retval:%d\n", __FUNCTION__, retval);
++ return retval;
++ }
++
++ memcpy(fw->data + offset, buffer, count);
++
++ fw->size = max_t(size_t, offset + count, fw->size);
++ file->f_pos += count;
++ return count;
++}
++
++static void
++firmware_class_timeout(u_long data)
++{
++ struct firmware_priv *fw_priv = (struct firmware_priv *) data;
++ fw_priv->abort = 1;
++ wmb();
++ complete(&fw_priv->completion);
++}
++static int
++fw_setup_class_device(struct firmware_priv **fw_priv_p,
++ const char *fw_name, const char *device)
++{
++ int retval;
++ struct firmware_priv *fw_priv = kmalloc(sizeof (struct firmware_priv),
++ GFP_KERNEL);
++ *fw_priv_p = fw_priv;
++ if (!fw_priv) {
++ retval = -ENOMEM;
++ goto out;
++ }
++ memset(fw_priv, 0, sizeof (*fw_priv));
++
++ init_completion(&fw_priv->completion);
++
++ fw_priv->timeout.function = firmware_class_timeout;
++ fw_priv->timeout.data = (u_long) fw_priv;
++ init_timer(&fw_priv->timeout);
++
++ retval = -EAGAIN;
++ fw_priv->proc_dir = create_proc_entry(device, 0644 | S_IFDIR, proc_dir);
++ if (!fw_priv->proc_dir)
++ goto err_free_fw_priv;
++
++ fw_priv->attr_data = create_proc_entry("data", 0644 | S_IFREG,
++ fw_priv->proc_dir);
++ if (!fw_priv->attr_data)
++ goto err_remove_dir;
++
++ fw_priv->attr_data->read_proc = firmware_data_read;
++ fw_priv->attr_data->write_proc = firmware_data_write;
++ fw_priv->attr_data->data = fw_priv;
++
++ fw_priv->attr_loading = create_proc_entry("loading", 0644 | S_IFREG,
++ fw_priv->proc_dir);
++ if (!fw_priv->attr_loading)
++ goto err_remove_data;
++
++ fw_priv->attr_loading->read_proc = firmware_loading_show;
++ fw_priv->attr_loading->write_proc = firmware_loading_store;
++ fw_priv->attr_loading->data = fw_priv;
++
++ retval = 0;
++ fw_priv->fw = kmalloc(sizeof (struct firmware), GFP_KERNEL);
++ if (!fw_priv->fw) {
++ printk(KERN_ERR "%s: kmalloc(struct firmware) failed\n",
++ __FUNCTION__);
++ retval = -ENOMEM;
++ goto err_remove_loading;
++ }
++ memset(fw_priv->fw, 0, sizeof (*fw_priv->fw));
++
++ goto out;
++
++err_remove_loading:
++ remove_proc_entry("loading", fw_priv->proc_dir);
++err_remove_data:
++ remove_proc_entry("data", fw_priv->proc_dir);
++err_remove_dir:
++ remove_proc_entry(device, proc_dir);
++err_free_fw_priv:
++ kfree(fw_priv);
++out:
++ return retval;
++}
++static void
++fw_remove_class_device(struct firmware_priv *fw_priv)
++{
++ remove_proc_entry("loading", fw_priv->proc_dir);
++ remove_proc_entry("data", fw_priv->proc_dir);
++ remove_proc_entry(fw_priv->proc_dir->name, proc_dir);
++}
++
++/**
++ * request_firmware: - request firmware to hotplug and wait for it
++ * Description:
++ * @firmware will be used to return a firmware image by the name
++ * of @name for device @device.
++ *
++ * Should be called from user context where sleeping is allowed.
++ *
++ * @name will be use as $FIRMWARE in the hotplug environment and
++ * should be distinctive enough not to be confused with any other
++ * firmware image for this or any other device.
++ **/
++int
++request_firmware(const struct firmware **firmware, const char *name,
++ const char *device)
++{
++ struct firmware_priv *fw_priv;
++ int retval;
++
++ if (!firmware) {
++ retval = -EINVAL;
++ goto out;
++ }
++ *firmware = NULL;
++
++ retval = fw_setup_class_device(&fw_priv, name, device);
++ if (retval)
++ goto out;
++
++ retval = call_helper("add", name, device);
++ if (retval)
++ goto out;
++ if (loading_timeout) {
++ fw_priv->timeout.expires = jiffies + loading_timeout * HZ;
++ add_timer(&fw_priv->timeout);
++ }
++
++ wait_for_completion(&fw_priv->completion);
++
++ del_timer(&fw_priv->timeout);
++ fw_remove_class_device(fw_priv);
++
++ if (fw_priv->fw->size && !fw_priv->abort) {
++ *firmware = fw_priv->fw;
++ } else {
++ retval = -ENOENT;
++ vfree(fw_priv->fw->data);
++ kfree(fw_priv->fw);
++ }
++out:
++ kfree(fw_priv);
++ return retval;
++}
++
++void
++release_firmware(const struct firmware *fw)
++{
++ if (fw) {
++ vfree(fw->data);
++ kfree(fw);
++ }
++}
++
++/**
++ * register_firmware: - provide a firmware image for later usage
++ *
++ * Description:
++ * Make sure that @data will be available by requesting firmware @name.
++ *
++ * Note: This will not be possible until some kind of persistence
++ * is available.
++ **/
++void
++register_firmware(const char *name, const u8 *data, size_t size)
++{
++ /* This is meaningless without firmware caching, so until we
++ * decide if firmware caching is reasonable just leave it as a
++ * noop */
++}
++
++/* Async support */
++struct firmware_work {
++ struct tq_struct work;
++ struct module *module;
++ const char *name;
++ const char *device;
++ void *context;
++ void (*cont)(const struct firmware *fw, void *context);
++};
++
++static void
++request_firmware_work_func(void *arg)
++{
++ struct firmware_work *fw_work = arg;
++ const struct firmware *fw;
++ if (!arg)
++ return;
++ request_firmware(&fw, fw_work->name, fw_work->device);
++ fw_work->cont(fw, fw_work->context);
++ release_firmware(fw);
++ __MOD_DEC_USE_COUNT(fw_work->module);
++ kfree(fw_work);
++}
++
++/**
++ * request_firmware_nowait:
++ *
++ * Description:
++ * Asynchronous variant of request_firmware() for contexts where
++ * it is not possible to sleep.
++ *
++ * @cont will be called asynchronously when the firmware request is over.
++ *
++ * @context will be passed over to @cont.
++ *
++ * @fw may be %NULL if firmware request fails.
++ *
++ **/
++int
++request_firmware_nowait(
++ struct module *module,
++ const char *name, const char *device, void *context,
++ void (*cont)(const struct firmware *fw, void *context))
++{
++ struct firmware_work *fw_work = kmalloc(sizeof (struct firmware_work),
++ GFP_ATOMIC);
++ if (!fw_work)
++ return -ENOMEM;
++ if (!try_inc_mod_count(module)) {
++ kfree(fw_work);
++ return -EFAULT;
++ }
++
++ *fw_work = (struct firmware_work) {
++ .module = module,
++ .name = name,
++ .device = device,
++ .context = context,
++ .cont = cont,
++ };
++ INIT_TQUEUE(&fw_work->work, request_firmware_work_func, fw_work);
++
++ schedule_task(&fw_work->work);
++ return 0;
++}
++
++static int __init
++firmware_class_init(void)
++{
++ proc_dir = create_proc_entry("driver/firmware", 0755 | S_IFDIR, NULL);
++ if (!proc_dir)
++ return -EAGAIN;
++ proc_dir_timeout = create_proc_entry("timeout",
++ 0644 | S_IFREG, proc_dir);
++ if (!proc_dir_timeout) {
++ remove_proc_entry("driver/firmware", NULL);
++ return -EAGAIN;
++ }
++ proc_dir_timeout->read_proc = firmware_timeout_show;
++ proc_dir_timeout->write_proc = firmware_timeout_store;
++ return 0;
++}
++static void __exit
++firmware_class_exit(void)
++{
++ remove_proc_entry("timeout", proc_dir);
++ remove_proc_entry("driver/firmware", NULL);
++}
++
++module_init(firmware_class_init);
++module_exit(firmware_class_exit);
++
++EXPORT_SYMBOL(release_firmware);
++EXPORT_SYMBOL(request_firmware);
++EXPORT_SYMBOL(request_firmware_nowait);
++EXPORT_SYMBOL(register_firmware);
+diff -urN linux-2.4.18/net/bluetooth/Config.in linux-2.4.18-mh9/net/bluetooth/Config.in
+--- linux-2.4.18/net/bluetooth/Config.in Tue Jun 12 04:15:27 2001
++++ linux-2.4.18-mh9/net/bluetooth/Config.in Mon Aug 25 18:38:12 2003
+@@ -1,16 +1,22 @@
+ #
+-# Bluetooth configuration
++# Bluetooth subsystem configuration
+ #
+
+ if [ "$CONFIG_NET" != "n" ]; then
++
+ mainmenu_option next_comment
+ comment 'Bluetooth support'
+ dep_tristate 'Bluetooth subsystem support' CONFIG_BLUEZ $CONFIG_NET
+
+ if [ "$CONFIG_BLUEZ" != "n" ]; then
+ dep_tristate 'L2CAP protocol support' CONFIG_BLUEZ_L2CAP $CONFIG_BLUEZ
++ dep_tristate 'SCO links support' CONFIG_BLUEZ_SCO $CONFIG_BLUEZ
++ source net/bluetooth/rfcomm/Config.in
++ source net/bluetooth/bnep/Config.in
++ source net/bluetooth/cmtp/Config.in
+ source drivers/bluetooth/Config.in
+ fi
++
+ endmenu
+ fi
+
+diff -urN linux-2.4.18/net/bluetooth/Makefile linux-2.4.18-mh9/net/bluetooth/Makefile
+--- linux-2.4.18/net/bluetooth/Makefile Tue Jun 12 04:15:27 2001
++++ linux-2.4.18-mh9/net/bluetooth/Makefile Mon Aug 25 18:38:12 2003
+@@ -1,20 +1,31 @@
+ #
+-# Makefile for the Bluetooth subsystem
++# Makefile for the Linux Bluetooth subsystem
+ #
+-O_TARGET := bluetooth.o
+
+-list-multi := hci.o l2cap.o
+-export-objs := syms.o
+-hci-objs := af_bluetooth.o hci_core.o hci_sock.o lib.o syms.o
+-l2cap-objs := l2cap_core.o l2cap_proc.o
++O_TARGET := bluetooth.o
+
+-obj-$(CONFIG_BLUEZ) += hci.o
++list-multi := bluez.o
++export-objs := syms.o l2cap.o
++
++bluez-objs := af_bluetooth.o hci_core.o hci_conn.o hci_event.o hci_sock.o lib.o syms.o
++
++obj-$(CONFIG_BLUEZ) += bluez.o
+ obj-$(CONFIG_BLUEZ_L2CAP) += l2cap.o
++obj-$(CONFIG_BLUEZ_SCO) += sco.o
+
+-include $(TOPDIR)/Rules.make
++subdir-$(CONFIG_BLUEZ_RFCOMM) += rfcomm
++subdir-$(CONFIG_BLUEZ_BNEP) += bnep
++subdir-$(CONFIG_BLUEZ_CMTP) += cmtp
+
+-hci.o: $(hci-objs)
+- $(LD) -r -o $@ $(hci-objs)
++ifeq ($(CONFIG_BLUEZ_RFCOMM),y)
++obj-y += rfcomm/rfcomm.o
++endif
++
++ifeq ($(CONFIG_BLUEZ_BNEP),y)
++obj-y += bnep/bnep.o
++endif
++
++include $(TOPDIR)/Rules.make
+
+-l2cap.o: $(l2cap-objs)
+- $(LD) -r -o $@ $(l2cap-objs)
++bluez.o: $(bluez-objs)
++ $(LD) -r -o $@ $(bluez-objs)
+diff -urN linux-2.4.18/net/bluetooth/af_bluetooth.c linux-2.4.18-mh9/net/bluetooth/af_bluetooth.c
+--- linux-2.4.18/net/bluetooth/af_bluetooth.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/net/bluetooth/af_bluetooth.c Mon Aug 25 18:38:12 2003
+@@ -25,14 +25,15 @@
+ /*
+ * BlueZ Bluetooth address family and sockets.
+ *
+- * $Id: af_bluetooth.c,v 1.4 2001/07/05 18:42:44 maxk Exp $
++ * $Id: af_bluetooth.c,v 1.8 2002/07/22 20:32:54 maxk Exp $
+ */
+-#define VERSION "1.1"
++#define VERSION "2.4"
+
+ #include <linux/config.h>
+ #include <linux/module.h>
+
+ #include <linux/types.h>
++#include <linux/list.h>
+ #include <linux/errno.h>
+ #include <linux/kernel.h>
+ #include <linux/major.h>
+@@ -40,6 +41,7 @@
+ #include <linux/slab.h>
+ #include <linux/skbuff.h>
+ #include <linux/init.h>
++#include <linux/poll.h>
+ #include <linux/proc_fs.h>
+ #include <net/sock.h>
+
+@@ -48,70 +50,79 @@
+ #endif
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
++
++#ifndef AF_BLUETOOTH_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
+
+ /* Bluetooth sockets */
+-static struct net_proto_family *bluez_sock[BLUEZ_MAX_PROTO];
++#define BLUEZ_MAX_PROTO 6
++static struct net_proto_family *bluez_proto[BLUEZ_MAX_PROTO];
+
+ int bluez_sock_register(int proto, struct net_proto_family *ops)
+ {
+- if (proto > BLUEZ_MAX_PROTO)
++ if (proto >= BLUEZ_MAX_PROTO)
+ return -EINVAL;
+
+- if (bluez_sock[proto])
++ if (bluez_proto[proto])
+ return -EEXIST;
+
+- bluez_sock[proto] = ops;
++ bluez_proto[proto] = ops;
+ return 0;
+ }
+
+ int bluez_sock_unregister(int proto)
+ {
+- if (proto > BLUEZ_MAX_PROTO)
++ if (proto >= BLUEZ_MAX_PROTO)
+ return -EINVAL;
+
+- if (!bluez_sock[proto])
++ if (!bluez_proto[proto])
+ return -ENOENT;
+
+- bluez_sock[proto] = NULL;
++ bluez_proto[proto] = NULL;
+ return 0;
+ }
+
+ static int bluez_sock_create(struct socket *sock, int proto)
+ {
+- if (proto > BLUEZ_MAX_PROTO)
++ if (proto >= BLUEZ_MAX_PROTO)
+ return -EINVAL;
+
+ #if defined(CONFIG_KMOD)
+- if (!bluez_sock[proto]) {
++ if (!bluez_proto[proto]) {
+ char module_name[30];
+ sprintf(module_name, "bt-proto-%d", proto);
+ request_module(module_name);
+ }
+ #endif
+
+- if (!bluez_sock[proto])
++ if (!bluez_proto[proto])
+ return -ENOENT;
+
+- return bluez_sock[proto]->create(sock, proto);
++ return bluez_proto[proto]->create(sock, proto);
++}
++
++void bluez_sock_init(struct socket *sock, struct sock *sk)
++{
++ sock_init_data(sock, sk);
++ INIT_LIST_HEAD(&bluez_pi(sk)->accept_q);
+ }
+
+ void bluez_sock_link(struct bluez_sock_list *l, struct sock *sk)
+ {
+- write_lock(&l->lock);
+-
++ write_lock_bh(&l->lock);
+ sk->next = l->head;
+ l->head = sk;
+ sock_hold(sk);
+-
+- write_unlock(&l->lock);
++ write_unlock_bh(&l->lock);
+ }
+
+ void bluez_sock_unlink(struct bluez_sock_list *l, struct sock *sk)
+ {
+ struct sock **skp;
+
+- write_lock(&l->lock);
++ write_lock_bh(&l->lock);
+ for (skp = &l->head; *skp; skp = &((*skp)->next)) {
+ if (*skp == sk) {
+ *skp = sk->next;
+@@ -119,7 +130,162 @@
+ break;
+ }
+ }
+- write_unlock(&l->lock);
++ write_unlock_bh(&l->lock);
++}
++
++void bluez_accept_enqueue(struct sock *parent, struct sock *sk)
++{
++ BT_DBG("parent %p, sk %p", parent, sk);
++
++ sock_hold(sk);
++ list_add_tail(&bluez_pi(sk)->accept_q, &bluez_pi(parent)->accept_q);
++ bluez_pi(sk)->parent = parent;
++ parent->ack_backlog++;
++}
++
++static void bluez_accept_unlink(struct sock *sk)
++{
++ BT_DBG("sk %p state %d", sk, sk->state);
++
++ list_del_init(&bluez_pi(sk)->accept_q);
++ bluez_pi(sk)->parent->ack_backlog--;
++ bluez_pi(sk)->parent = NULL;
++ sock_put(sk);
++}
++
++struct sock *bluez_accept_dequeue(struct sock *parent, struct socket *newsock)
++{
++ struct list_head *p, *n;
++ struct bluez_pinfo *pi;
++ struct sock *sk;
++
++ BT_DBG("parent %p", parent);
++
++ list_for_each_safe(p, n, &bluez_pi(parent)->accept_q) {
++ pi = list_entry(p, struct bluez_pinfo, accept_q);
++ sk = bluez_sk(pi);
++
++ lock_sock(sk);
++ if (sk->state == BT_CLOSED) {
++ release_sock(sk);
++ bluez_accept_unlink(sk);
++ continue;
++ }
++
++ if (sk->state == BT_CONNECTED || !newsock) {
++ bluez_accept_unlink(sk);
++ if (newsock)
++ sock_graft(sk, newsock);
++ release_sock(sk);
++ return sk;
++ }
++ release_sock(sk);
++ }
++ return NULL;
++}
++
++int bluez_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm)
++{
++ int noblock = flags & MSG_DONTWAIT;
++ struct sock *sk = sock->sk;
++ struct sk_buff *skb;
++ int copied, err;
++
++ BT_DBG("sock %p sk %p len %d", sock, sk, len);
++
++ if (flags & (MSG_OOB))
++ return -EOPNOTSUPP;
++
++ if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) {
++ if (sk->shutdown & RCV_SHUTDOWN)
++ return 0;
++ return err;
++ }
++
++ msg->msg_namelen = 0;
++
++ copied = skb->len;
++ if (len < copied) {
++ msg->msg_flags |= MSG_TRUNC;
++ copied = len;
++ }
++
++ skb->h.raw = skb->data;
++ err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
++
++ skb_free_datagram(sk, skb);
++
++ return err ? : copied;
++}
++
++unsigned int bluez_sock_poll(struct file * file, struct socket *sock, poll_table *wait)
++{
++ struct sock *sk = sock->sk;
++ unsigned int mask;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ poll_wait(file, sk->sleep, wait);
++ mask = 0;
++
++ if (sk->err || !skb_queue_empty(&sk->error_queue))
++ mask |= POLLERR;
++
++ if (sk->shutdown == SHUTDOWN_MASK)
++ mask |= POLLHUP;
++
++ if (!skb_queue_empty(&sk->receive_queue) ||
++ !list_empty(&bluez_pi(sk)->accept_q) ||
++ (sk->shutdown & RCV_SHUTDOWN))
++ mask |= POLLIN | POLLRDNORM;
++
++ if (sk->state == BT_CLOSED)
++ mask |= POLLHUP;
++
++ if (sk->state == BT_CONNECT || sk->state == BT_CONNECT2)
++ return mask;
++
++ if (sock_writeable(sk))
++ mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
++ else
++ set_bit(SOCK_ASYNC_NOSPACE, &sk->socket->flags);
++
++ return mask;
++}
++
++int bluez_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ int err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ add_wait_queue(sk->sleep, &wait);
++ while (sk->state != state) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (!timeo) {
++ err = -EAGAIN;
++ break;
++ }
++
++ if (signal_pending(current)) {
++ err = sock_intr_errno(timeo);
++ break;
++ }
++
++ release_sock(sk);
++ timeo = schedule_timeout(timeo);
++ lock_sock(sk);
++
++ if (sk->err) {
++ err = sock_error(sk);
++ break;
++ }
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++ return err;
+ }
+
+ struct net_proto_family bluez_sock_family_ops =
+@@ -129,9 +295,9 @@
+
+ int bluez_init(void)
+ {
+- INF("BlueZ HCI Core ver %s Copyright (C) 2000,2001 Qualcomm Inc",
++ BT_INFO("BlueZ Core ver %s Copyright (C) 2000,2001 Qualcomm Inc",
+ VERSION);
+- INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
+
+ proc_mkdir("bluetooth", NULL);
+
+@@ -164,5 +330,6 @@
+ module_exit(bluez_cleanup);
+
+ MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
+-MODULE_DESCRIPTION("BlueZ HCI Core ver " VERSION);
++MODULE_DESCRIPTION("BlueZ Core ver " VERSION);
++MODULE_LICENSE("GPL");
+ #endif
+diff -urN linux-2.4.18/net/bluetooth/bnep/Config.in linux-2.4.18-mh9/net/bluetooth/bnep/Config.in
+--- linux-2.4.18/net/bluetooth/bnep/Config.in Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/Config.in Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,11 @@
++#
++# Bluetooth BNEP layer configuration
++#
++
++dep_tristate 'BNEP protocol support' CONFIG_BLUEZ_BNEP $CONFIG_BLUEZ_L2CAP
++
++if [ "$CONFIG_BLUEZ_BNEP" != "n" ]; then
++ bool ' Multicast filter support' CONFIG_BLUEZ_BNEP_MC_FILTER
++ bool ' Protocol filter support' CONFIG_BLUEZ_BNEP_PROTO_FILTER
++fi
++
+diff -urN linux-2.4.18/net/bluetooth/bnep/Makefile linux-2.4.18-mh9/net/bluetooth/bnep/Makefile
+--- linux-2.4.18/net/bluetooth/bnep/Makefile Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/Makefile Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,10 @@
++#
++# Makefile for the Linux Bluetooth BNEP layer
++#
++
++O_TARGET := bnep.o
++
++obj-y := core.o sock.o netdev.o crc32.o
++obj-m += $(O_TARGET)
++
++include $(TOPDIR)/Rules.make
+diff -urN linux-2.4.18/net/bluetooth/bnep/bnep.h linux-2.4.18-mh9/net/bluetooth/bnep/bnep.h
+--- linux-2.4.18/net/bluetooth/bnep/bnep.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/bnep.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,185 @@
++/*
++ BNEP protocol definition for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License, version 2, as
++ published by the Free Software Foundation.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++*/
++
++/*
++ * $Id: bnep2.h,v 1.9 2002/07/14 07:09:19 maxk Exp $
++ */
++
++#ifndef _BNEP_H
++#define _BNEP_H
++
++#include <linux/types.h>
++#include <net/bluetooth/bluetooth.h>
++
++#include "crc32.h"
++
++// Limits
++#define BNEP_MAX_PROTO_FILTERS 5
++#define BNEP_MAX_MULTICAST_FILTERS 20
++
++// UUIDs
++#define BNEP_BASE_UUID 0x0000000000001000800000805F9B34FB
++#define BNEP_UUID16 0x02
++#define BNEP_UUID32 0x04
++#define BNEP_UUID128 0x16
++
++#define BNEP_SVC_PANU 0x1115
++#define BNEP_SVC_NAP 0x1116
++#define BNEP_SVC_GN 0x1117
++
++// Packet types
++#define BNEP_GENERAL 0x00
++#define BNEP_CONTROL 0x01
++#define BNEP_COMPRESSED 0x02
++#define BNEP_COMPRESSED_SRC_ONLY 0x03
++#define BNEP_COMPRESSED_DST_ONLY 0x04
++
++// Control types
++#define BNEP_CMD_NOT_UNDERSTOOD 0x00
++#define BNEP_SETUP_CONN_REQ 0x01
++#define BNEP_SETUP_CONN_RSP 0x02
++#define BNEP_FILTER_NET_TYPE_SET 0x03
++#define BNEP_FILTER_NET_TYPE_RSP 0x04
++#define BNEP_FILTER_MULTI_ADDR_SET 0x05
++#define BNEP_FILTER_MULTI_ADDR_RSP 0x06
++
++// Extension types
++#define BNEP_EXT_CONTROL 0x00
++
++// Response messages
++#define BNEP_SUCCESS 0x00
++
++#define BNEP_CONN_INVALID_DST 0x01
++#define BNEP_CONN_INVALID_SRC 0x02
++#define BNEP_CONN_INVALID_SVC 0x03
++#define BNEP_CONN_NOT_ALLOWED 0x04
++
++#define BNEP_FILTER_UNSUPPORTED_REQ 0x01
++#define BNEP_FILTER_INVALID_RANGE 0x02
++#define BNEP_FILTER_INVALID_MCADDR 0x02
++#define BNEP_FILTER_LIMIT_REACHED 0x03
++#define BNEP_FILTER_DENIED_SECURITY 0x04
++
++// L2CAP settings
++#define BNEP_MTU 1691
++#define BNEP_PSM 0x0f
++#define BNEP_FLUSH_TO 0xffff
++#define BNEP_CONNECT_TO 15
++#define BNEP_FILTER_TO 15
++
++// Headers
++#define BNEP_TYPE_MASK 0x7f
++#define BNEP_EXT_HEADER 0x80
++
++struct bnep_setup_conn_req {
++ __u8 type;
++ __u8 ctrl;
++ __u8 uuid_size;
++ __u8 service[0];
++} __attribute__((packed));
++
++struct bnep_set_filter_req {
++ __u8 type;
++ __u8 ctrl;
++ __u16 len;
++ __u8 list[0];
++} __attribute__((packed));
++
++struct bnep_control_rsp {
++ __u8 type;
++ __u8 ctrl;
++ __u16 resp;
++} __attribute__((packed));
++
++struct bnep_ext_hdr {
++ __u8 type;
++ __u8 len;
++ __u8 data[0];
++} __attribute__((packed));
++
++/* BNEP ioctl defines */
++#define BNEPCONNADD _IOW('B', 200, int)
++#define BNEPCONNDEL _IOW('B', 201, int)
++#define BNEPGETCONNLIST _IOR('B', 210, int)
++#define BNEPGETCONNINFO _IOR('B', 211, int)
++
++struct bnep_connadd_req {
++ int sock; // Connected socket
++ __u32 flags;
++ __u16 role;
++ char device[16]; // Name of the Ethernet device
++};
++
++struct bnep_conndel_req {
++ __u32 flags;
++ __u8 dst[ETH_ALEN];
++};
++
++struct bnep_conninfo {
++ __u32 flags;
++ __u16 role;
++ __u16 state;
++ __u8 dst[ETH_ALEN];
++ char device[16];
++};
++
++struct bnep_connlist_req {
++ __u32 cnum;
++ struct bnep_conninfo *ci;
++};
++
++struct bnep_proto_filter {
++ __u16 start;
++ __u16 end;
++};
++
++int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock);
++int bnep_del_connection(struct bnep_conndel_req *req);
++int bnep_get_connlist(struct bnep_connlist_req *req);
++int bnep_get_conninfo(struct bnep_conninfo *ci);
++
++// BNEP sessions
++struct bnep_session {
++ struct list_head list;
++
++ unsigned int role;
++ unsigned long state;
++ unsigned long flags;
++ atomic_t killed;
++
++ struct ethhdr eh;
++ struct msghdr msg;
++
++ struct bnep_proto_filter proto_filter[BNEP_MAX_PROTO_FILTERS];
++ u64 mc_filter;
++
++ struct socket *sock;
++ struct net_device dev;
++ struct net_device_stats stats;
++};
++
++int bnep_net_init(struct net_device *dev);
++int bnep_sock_init(void);
++int bnep_sock_cleanup(void);
++
++static inline int bnep_mc_hash(__u8 *addr)
++{
++ return (bnep_crc32(~0, addr, ETH_ALEN) >> 26);
++}
++
++#endif
+diff -urN linux-2.4.18/net/bluetooth/bnep/core.c linux-2.4.18-mh9/net/bluetooth/bnep/core.c
+--- linux-2.4.18/net/bluetooth/bnep/core.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/core.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,708 @@
++/*
++ BNEP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2001-2002 Inventel Systemes
++ Written 2001-2002 by
++ Clément Moreau <clement.moreau@inventel.fr>
++ David Libault <david.libault@inventel.fr>
++
++ Copyright (C) 2002 Maxim Krasnyanskiy <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: core.c,v 1.18 2002/07/14 07:09:19 maxk Exp $
++ */
++
++#define __KERNEL_SYSCALLS__
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/signal.h>
++#include <linux/init.h>
++#include <linux/wait.h>
++#include <linux/errno.h>
++#include <linux/smp_lock.h>
++#include <linux/net.h>
++#include <net/sock.h>
++
++#include <linux/socket.h>
++#include <linux/file.h>
++
++#include <linux/netdevice.h>
++#include <linux/etherdevice.h>
++#include <linux/skbuff.h>
++
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/l2cap.h>
++
++#include "bnep.h"
++
++#ifndef CONFIG_BLUEZ_BNEP_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++#define VERSION "1.1"
++
++static LIST_HEAD(bnep_session_list);
++static DECLARE_RWSEM(bnep_session_sem);
++
++static struct bnep_session *__bnep_get_session(u8 *dst)
++{
++ struct bnep_session *s;
++ struct list_head *p;
++
++ BT_DBG("");
++
++ list_for_each(p, &bnep_session_list) {
++ s = list_entry(p, struct bnep_session, list);
++ if (!memcmp(dst, s->eh.h_source, ETH_ALEN))
++ return s;
++ }
++ return NULL;
++}
++
++static void __bnep_link_session(struct bnep_session *s)
++{
++ MOD_INC_USE_COUNT;
++ list_add(&s->list, &bnep_session_list);
++}
++
++static void __bnep_unlink_session(struct bnep_session *s)
++{
++ list_del(&s->list);
++ MOD_DEC_USE_COUNT;
++}
++
++static int bnep_send(struct bnep_session *s, void *data, size_t len)
++{
++ struct socket *sock = s->sock;
++ struct iovec iv = { data, len };
++ s->msg.msg_iov = &iv;
++ s->msg.msg_iovlen = 1;
++ return sock->ops->sendmsg(sock, &s->msg, len, NULL);
++}
++
++static int bnep_send_rsp(struct bnep_session *s, u8 ctrl, u16 resp)
++{
++ struct bnep_control_rsp rsp;
++ rsp.type = BNEP_CONTROL;
++ rsp.ctrl = ctrl;
++ rsp.resp = htons(resp);
++ return bnep_send(s, &rsp, sizeof(rsp));
++}
++
++static int bnep_ctrl_set_netfilter(struct bnep_session *s, u16 *data, int len)
++{
++ int n;
++
++ if (len < 2)
++ return -EILSEQ;
++
++ n = ntohs(get_unaligned(data));
++ data++; len -= 2;
++
++ if (len < n)
++ return -EILSEQ;
++
++ BT_DBG("filter len %d", n);
++
++#ifdef CONFIG_BLUEZ_BNEP_PROTO_FILTER
++ n /= 4;
++ if (n <= BNEP_MAX_PROTO_FILTERS) {
++ struct bnep_proto_filter *f = s->proto_filter;
++ int i;
++
++ for (i = 0; i < n; i++) {
++ f[i].start = get_unaligned(data++);
++ f[i].end = get_unaligned(data++);
++
++ BT_DBG("proto filter start %d end %d",
++ f[i].start, f[i].end);
++ }
++ if (i < BNEP_MAX_PROTO_FILTERS)
++ memset(f + i, 0, sizeof(*f));
++
++ bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_SUCCESS);
++ } else {
++ bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_FILTER_LIMIT_REACHED);
++ }
++#else
++ bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_FILTER_UNSUPPORTED_REQ);
++#endif
++ return 0;
++}
++
++static int bnep_ctrl_set_mcfilter(struct bnep_session *s, u8 *data, int len)
++{
++ int n;
++
++ if (len < 2)
++ return -EILSEQ;
++
++ n = ntohs(get_unaligned((u16 *) data));
++ data += 2; len -= 2;
++
++ if (len < n)
++ return -EILSEQ;
++
++ BT_DBG("filter len %d", n);
++
++#ifdef CONFIG_BLUEZ_BNEP_MC_FILTER
++ n /= (ETH_ALEN * 2);
++
++ if (n > 0) {
++ s->mc_filter = 0;
++
++ /* Always send broadcast */
++ set_bit(bnep_mc_hash(s->dev.broadcast), &s->mc_filter);
++
++ /* Add address ranges to the multicast hash */
++ for (; n > 0; n--) {
++ u8 a1[6], *a2;
++
++ memcpy(a1, data, ETH_ALEN); data += ETH_ALEN;
++ a2 = data; data += ETH_ALEN;
++
++ BT_DBG("mc filter %s -> %s",
++ batostr((void *) a1), batostr((void *) a2));
++
++ #define INCA(a) { int i = 5; while (i >=0 && ++a[i--] == 0); }
++
++ /* Iterate from a1 to a2 */
++ set_bit(bnep_mc_hash(a1), &s->mc_filter);
++ while (memcmp(a1, a2, 6) < 0 && s->mc_filter != ~0LL) {
++ INCA(a1);
++ set_bit(bnep_mc_hash(a1), &s->mc_filter);
++ }
++ }
++ }
++
++ BT_DBG("mc filter hash 0x%llx", s->mc_filter);
++
++ bnep_send_rsp(s, BNEP_FILTER_MULTI_ADDR_RSP, BNEP_SUCCESS);
++#else
++ bnep_send_rsp(s, BNEP_FILTER_MULTI_ADDR_RSP, BNEP_FILTER_UNSUPPORTED_REQ);
++#endif
++ return 0;
++}
++
++static int bnep_rx_control(struct bnep_session *s, void *data, int len)
++{
++ u8 cmd = *(u8 *)data;
++ int err = 0;
++
++ data++; len--;
++
++ switch (cmd) {
++ case BNEP_CMD_NOT_UNDERSTOOD:
++ case BNEP_SETUP_CONN_REQ:
++ case BNEP_SETUP_CONN_RSP:
++ case BNEP_FILTER_NET_TYPE_RSP:
++ case BNEP_FILTER_MULTI_ADDR_RSP:
++ /* Ignore these for now */
++ break;
++
++ case BNEP_FILTER_NET_TYPE_SET:
++ err = bnep_ctrl_set_netfilter(s, data, len);
++ break;
++
++ case BNEP_FILTER_MULTI_ADDR_SET:
++ err = bnep_ctrl_set_mcfilter(s, data, len);
++ break;
++
++ default: {
++ u8 pkt[3];
++ pkt[0] = BNEP_CONTROL;
++ pkt[1] = BNEP_CMD_NOT_UNDERSTOOD;
++ pkt[2] = cmd;
++ bnep_send(s, pkt, sizeof(pkt));
++ }
++ break;
++ }
++
++ return err;
++}
++
++static int bnep_rx_extension(struct bnep_session *s, struct sk_buff *skb)
++{
++ struct bnep_ext_hdr *h;
++ int err = 0;
++
++ do {
++ h = (void *) skb->data;
++ if (!skb_pull(skb, sizeof(*h))) {
++ err = -EILSEQ;
++ break;
++ }
++
++ BT_DBG("type 0x%x len %d", h->type, h->len);
++
++ switch (h->type & BNEP_TYPE_MASK) {
++ case BNEP_EXT_CONTROL:
++ bnep_rx_control(s, skb->data, skb->len);
++ break;
++
++ default:
++ /* Unknown extension, skip it. */
++ break;
++ }
++
++ if (!skb_pull(skb, h->len)) {
++ err = -EILSEQ;
++ break;
++ }
++ } while (!err && (h->type & BNEP_EXT_HEADER));
++
++ return err;
++}
++
++static u8 __bnep_rx_hlen[] = {
++ ETH_HLEN, /* BNEP_GENERAL */
++ 0, /* BNEP_CONTROL */
++ 2, /* BNEP_COMPRESSED */
++ ETH_ALEN + 2, /* BNEP_COMPRESSED_SRC_ONLY */
++ ETH_ALEN + 2 /* BNEP_COMPRESSED_DST_ONLY */
++};
++#define BNEP_RX_TYPES (sizeof(__bnep_rx_hlen) - 1)
++
++static inline int bnep_rx_frame(struct bnep_session *s, struct sk_buff *skb)
++{
++ struct net_device *dev = &s->dev;
++ struct sk_buff *nskb;
++ u8 type;
++
++ dev->last_rx = jiffies;
++ s->stats.rx_bytes += skb->len;
++
++ type = *(u8 *) skb->data; skb_pull(skb, 1);
++
++ if ((type & BNEP_TYPE_MASK) > BNEP_RX_TYPES)
++ goto badframe;
++
++ if ((type & BNEP_TYPE_MASK) == BNEP_CONTROL) {
++ bnep_rx_control(s, skb->data, skb->len);
++ kfree_skb(skb);
++ return 0;
++ }
++
++ skb->mac.raw = skb->data;
++
++ /* Verify and pull out header */
++ if (!skb_pull(skb, __bnep_rx_hlen[type & BNEP_TYPE_MASK]))
++ goto badframe;
++
++ s->eh.h_proto = get_unaligned((u16 *) (skb->data - 2));
++
++ if (type & BNEP_EXT_HEADER) {
++ if (bnep_rx_extension(s, skb) < 0)
++ goto badframe;
++ }
++
++ /* Strip 802.1p header */
++ if (ntohs(s->eh.h_proto) == 0x8100) {
++ if (!skb_pull(skb, 4))
++ goto badframe;
++ s->eh.h_proto = get_unaligned((u16 *) (skb->data - 2));
++ }
++
++ /* We have to alloc new skb and copy data here :(. Because original skb
++ * may not be modified and because of the alignment requirements. */
++ nskb = alloc_skb(2 + ETH_HLEN + skb->len, GFP_KERNEL);
++ if (!nskb) {
++ s->stats.rx_dropped++;
++ kfree_skb(skb);
++ return -ENOMEM;
++ }
++ skb_reserve(nskb, 2);
++
++ /* Decompress header and construct ether frame */
++ switch (type & BNEP_TYPE_MASK) {
++ case BNEP_COMPRESSED:
++ memcpy(__skb_put(nskb, ETH_HLEN), &s->eh, ETH_HLEN);
++ break;
++
++ case BNEP_COMPRESSED_SRC_ONLY:
++ memcpy(__skb_put(nskb, ETH_ALEN), s->eh.h_dest, ETH_ALEN);
++ memcpy(__skb_put(nskb, ETH_ALEN), skb->mac.raw, ETH_ALEN);
++ put_unaligned(s->eh.h_proto, (u16 *) __skb_put(nskb, 2));
++ break;
++
++ case BNEP_COMPRESSED_DST_ONLY:
++ memcpy(__skb_put(nskb, ETH_ALEN), skb->mac.raw, ETH_ALEN);
++ memcpy(__skb_put(nskb, ETH_ALEN + 2), s->eh.h_source, ETH_ALEN + 2);
++ break;
++
++ case BNEP_GENERAL:
++ memcpy(__skb_put(nskb, ETH_ALEN * 2), skb->mac.raw, ETH_ALEN * 2);
++ put_unaligned(s->eh.h_proto, (u16 *) __skb_put(nskb, 2));
++ break;
++ }
++
++ memcpy(__skb_put(nskb, skb->len), skb->data, skb->len);
++ kfree_skb(skb);
++
++ s->stats.rx_packets++;
++ nskb->dev = dev;
++ nskb->ip_summed = CHECKSUM_UNNECESSARY;
++ nskb->protocol = eth_type_trans(nskb, dev);
++ netif_rx_ni(nskb);
++ return 0;
++
++badframe:
++ s->stats.rx_errors++;
++ kfree_skb(skb);
++ return 0;
++}
++
++static u8 __bnep_tx_types[] = {
++ BNEP_GENERAL,
++ BNEP_COMPRESSED_SRC_ONLY,
++ BNEP_COMPRESSED_DST_ONLY,
++ BNEP_COMPRESSED
++};
++
++static inline int bnep_tx_frame(struct bnep_session *s, struct sk_buff *skb)
++{
++ struct ethhdr *eh = (void *) skb->data;
++ struct socket *sock = s->sock;
++ struct iovec iv[3];
++ int len = 0, il = 0;
++ u8 type = 0;
++
++ BT_DBG("skb %p dev %p type %d", skb, skb->dev, skb->pkt_type);
++
++ if (!skb->dev) {
++ /* Control frame sent by us */
++ goto send;
++ }
++
++ iv[il++] = (struct iovec) { &type, 1 };
++ len++;
++
++ if (!memcmp(eh->h_dest, s->eh.h_source, ETH_ALEN))
++ type |= 0x01;
++
++ if (!memcmp(eh->h_source, s->eh.h_dest, ETH_ALEN))
++ type |= 0x02;
++
++ if (type)
++ skb_pull(skb, ETH_ALEN * 2);
++
++ type = __bnep_tx_types[type];
++ switch (type) {
++ case BNEP_COMPRESSED_SRC_ONLY:
++ iv[il++] = (struct iovec) { eh->h_source, ETH_ALEN };
++ len += ETH_ALEN;
++ break;
++
++ case BNEP_COMPRESSED_DST_ONLY:
++ iv[il++] = (struct iovec) { eh->h_dest, ETH_ALEN };
++ len += ETH_ALEN;
++ break;
++ }
++
++send:
++ iv[il++] = (struct iovec) { skb->data, skb->len };
++ len += skb->len;
++
++ /* FIXME: linearize skb */
++
++ s->msg.msg_iov = iv;
++ s->msg.msg_iovlen = il;
++ len = sock->ops->sendmsg(sock, &s->msg, len, NULL);
++ kfree_skb(skb);
++
++ if (len > 0) {
++ s->stats.tx_bytes += len;
++ s->stats.tx_packets++;
++ return 0;
++ }
++
++ return len;
++}
++
++static int bnep_session(void *arg)
++{
++ struct bnep_session *s = arg;
++ struct net_device *dev = &s->dev;
++ struct sock *sk = s->sock->sk;
++ struct sk_buff *skb;
++ wait_queue_t wait;
++
++ BT_DBG("");
++
++ daemonize(); reparent_to_init();
++
++ sprintf(current->comm, "kbnepd %s", dev->name);
++
++ sigfillset(&current->blocked);
++ flush_signals(current);
++
++ current->nice = -15;
++
++ set_fs(KERNEL_DS);
++
++ init_waitqueue_entry(&wait, current);
++ add_wait_queue(sk->sleep, &wait);
++ while (!atomic_read(&s->killed)) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ // RX
++ while ((skb = skb_dequeue(&sk->receive_queue))) {
++ skb_orphan(skb);
++ bnep_rx_frame(s, skb);
++ }
++
++ if (sk->state != BT_CONNECTED)
++ break;
++
++ // TX
++ while ((skb = skb_dequeue(&sk->write_queue)))
++ if (bnep_tx_frame(s, skb))
++ break;
++ netif_wake_queue(dev);
++
++ schedule();
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++
++ /* Cleanup session */
++ down_write(&bnep_session_sem);
++
++ /* Delete network device */
++ unregister_netdev(dev);
++
++ /* Release the socket */
++ fput(s->sock->file);
++
++ __bnep_unlink_session(s);
++
++ up_write(&bnep_session_sem);
++ kfree(s);
++ return 0;
++}
++
++int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
++{
++ struct net_device *dev;
++ struct bnep_session *s, *ss;
++ u8 dst[ETH_ALEN], src[ETH_ALEN];
++ int err;
++
++ BT_DBG("");
++
++ baswap((void *) dst, &bluez_pi(sock->sk)->dst);
++ baswap((void *) src, &bluez_pi(sock->sk)->src);
++
++ s = kmalloc(sizeof(struct bnep_session), GFP_KERNEL);
++ if (!s)
++ return -ENOMEM;
++ memset(s, 0, sizeof(struct bnep_session));
++
++ down_write(&bnep_session_sem);
++
++ ss = __bnep_get_session(dst);
++ if (ss && ss->state == BT_CONNECTED) {
++ err = -EEXIST;
++ goto failed;
++ }
++
++ dev = &s->dev;
++
++ if (*req->device)
++ strcpy(dev->name, req->device);
++ else
++ strcpy(dev->name, "bnep%d");
++
++ memset(dev->broadcast, 0xff, ETH_ALEN);
++
++ /* This is rx header therefor addresses are swaped.
++ * ie eh.h_dest is our local address. */
++ memcpy(s->eh.h_dest, &src, ETH_ALEN);
++ memcpy(s->eh.h_source, &dst, ETH_ALEN);
++
++ s->sock = sock;
++ s->role = req->role;
++ s->state = BT_CONNECTED;
++
++ s->msg.msg_flags = MSG_NOSIGNAL;
++
++#ifdef CONFIG_BLUEZ_BNEP_MC_FILTER
++ /* Set default mc filter */
++ set_bit(bnep_mc_hash(dev->broadcast), &s->mc_filter);
++#endif
++
++#ifdef CONFIG_BLUEZ_BNEP_PROTO_FILTER
++ /* Set default protocol filter */
++
++ /* (IPv4, ARP) */
++ s->proto_filter[0].start = htons(0x0800);
++ s->proto_filter[0].end = htons(0x0806);
++ /* (RARP, AppleTalk) */
++ s->proto_filter[1].start = htons(0x8035);
++ s->proto_filter[1].end = htons(0x80F3);
++ /* (IPX, IPv6) */
++ s->proto_filter[2].start = htons(0x8137);
++ s->proto_filter[2].end = htons(0x86DD);
++#endif
++
++ dev->init = bnep_net_init;
++ dev->priv = s;
++ err = register_netdev(dev);
++ if (err) {
++ goto failed;
++ }
++
++ __bnep_link_session(s);
++
++ err = kernel_thread(bnep_session, s, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
++ if (err < 0) {
++ /* Session thread start failed, gotta cleanup. */
++ unregister_netdev(dev);
++ __bnep_unlink_session(s);
++ goto failed;
++ }
++
++ up_write(&bnep_session_sem);
++ strcpy(req->device, dev->name);
++ return 0;
++
++failed:
++ up_write(&bnep_session_sem);
++ kfree(s);
++ return err;
++}
++
++int bnep_del_connection(struct bnep_conndel_req *req)
++{
++ struct bnep_session *s;
++ int err = 0;
++
++ BT_DBG("");
++
++ down_read(&bnep_session_sem);
++
++ s = __bnep_get_session(req->dst);
++ if (s) {
++ /* Wakeup user-space which is polling for socket errors.
++ * This is temporary hack untill we have shutdown in L2CAP */
++ s->sock->sk->err = EUNATCH;
++
++ /* Kill session thread */
++ atomic_inc(&s->killed);
++ wake_up_interruptible(s->sock->sk->sleep);
++ } else
++ err = -ENOENT;
++
++ up_read(&bnep_session_sem);
++ return err;
++}
++
++static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
++{
++ memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
++ strcpy(ci->device, s->dev.name);
++ ci->flags = s->flags;
++ ci->state = s->state;
++ ci->role = s->role;
++}
++
++int bnep_get_connlist(struct bnep_connlist_req *req)
++{
++ struct list_head *p;
++ int err = 0, n = 0;
++
++ down_read(&bnep_session_sem);
++
++ list_for_each(p, &bnep_session_list) {
++ struct bnep_session *s;
++ struct bnep_conninfo ci;
++
++ s = list_entry(p, struct bnep_session, list);
++
++ __bnep_copy_ci(&ci, s);
++
++ if (copy_to_user(req->ci, &ci, sizeof(ci))) {
++ err = -EFAULT;
++ break;
++ }
++
++ if (++n >= req->cnum)
++ break;
++
++ req->ci++;
++ }
++ req->cnum = n;
++
++ up_read(&bnep_session_sem);
++ return err;
++}
++
++int bnep_get_conninfo(struct bnep_conninfo *ci)
++{
++ struct bnep_session *s;
++ int err = 0;
++
++ down_read(&bnep_session_sem);
++
++ s = __bnep_get_session(ci->dst);
++ if (s)
++ __bnep_copy_ci(ci, s);
++ else
++ err = -ENOENT;
++
++ up_read(&bnep_session_sem);
++ return err;
++}
++
++static int __init bnep_init_module(void)
++{
++ l2cap_load();
++
++ bnep_crc32_init();
++ bnep_sock_init();
++
++ BT_INFO("BlueZ BNEP ver %s", VERSION);
++ BT_INFO("Copyright (C) 2001,2002 Inventel Systemes");
++ BT_INFO("Written 2001,2002 by Clement Moreau <clement.moreau@inventel.fr>");
++ BT_INFO("Written 2001,2002 by David Libault <david.libault@inventel.fr>");
++ BT_INFO("Copyright (C) 2002 Maxim Krasnyanskiy <maxk@qualcomm.com>");
++
++ return 0;
++}
++
++static void __exit bnep_cleanup_module(void)
++{
++ bnep_sock_cleanup();
++ bnep_crc32_cleanup();
++}
++
++module_init(bnep_init_module);
++module_exit(bnep_cleanup_module);
++
++MODULE_DESCRIPTION("BlueZ BNEP ver " VERSION);
++MODULE_AUTHOR("David Libault <david.libault@inventel.fr>, Maxim Krasnyanskiy <maxk@qualcomm.com>");
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/bnep/crc32.c linux-2.4.18-mh9/net/bluetooth/bnep/crc32.c
+--- linux-2.4.18/net/bluetooth/bnep/crc32.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/crc32.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,59 @@
++/*
++ * Based on linux-2.5/lib/crc32 by Matt Domsch <Matt_Domsch@dell.com>
++ *
++ * FIXME: Remove in 2.5
++ */
++
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/types.h>
++#include <linux/slab.h>
++#include <linux/init.h>
++#include <asm/atomic.h>
++
++#include "crc32.h"
++
++#define CRCPOLY_BE 0x04c11db7
++#define CRC_BE_BITS 8
++
++static u32 *bnep_crc32_table;
++
++/*
++ * This code is in the public domain; copyright abandoned.
++ * Liability for non-performance of this code is limited to the amount
++ * you paid for it. Since it is distributed for free, your refund will
++ * be very very small. If it breaks, you get to keep both pieces.
++ */
++u32 bnep_crc32(u32 crc, unsigned char const *p, size_t len)
++{
++ while (len--)
++ crc = (crc << 8) ^ bnep_crc32_table[(crc >> 24) ^ *p++];
++
++ return crc;
++}
++
++int __init bnep_crc32_init(void)
++{
++ unsigned i, j;
++ u32 crc = 0x80000000;
++
++ bnep_crc32_table = kmalloc((1 << CRC_BE_BITS) * sizeof(u32), GFP_KERNEL);
++ if (!bnep_crc32_table)
++ return -ENOMEM;
++
++ bnep_crc32_table[0] = 0;
++
++ for (i = 1; i < 1 << CRC_BE_BITS; i <<= 1) {
++ crc = (crc << 1) ^ ((crc & 0x80000000) ? CRCPOLY_BE : 0);
++ for (j = 0; j < i; j++)
++ bnep_crc32_table[i + j] = crc ^ bnep_crc32_table[j];
++ }
++ return 0;
++}
++
++void __exit bnep_crc32_cleanup(void)
++{
++ if (bnep_crc32_table)
++ kfree(bnep_crc32_table);
++ bnep_crc32_table = NULL;
++}
+diff -urN linux-2.4.18/net/bluetooth/bnep/crc32.h linux-2.4.18-mh9/net/bluetooth/bnep/crc32.h
+--- linux-2.4.18/net/bluetooth/bnep/crc32.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/crc32.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,10 @@
++/*
++ * crc32.h
++ * See crc32.c for license and changes
++ *
++ * FIXME: Remove in 2.5
++ */
++
++int bnep_crc32_init(void);
++void bnep_crc32_cleanup(void);
++u32 bnep_crc32(u32 crc, unsigned char const *p, size_t len);
+diff -urN linux-2.4.18/net/bluetooth/bnep/netdev.c linux-2.4.18-mh9/net/bluetooth/bnep/netdev.c
+--- linux-2.4.18/net/bluetooth/bnep/netdev.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/netdev.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,254 @@
++/*
++ BNEP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2001-2002 Inventel Systemes
++ Written 2001-2002 by
++ Clément Moreau <clement.moreau@inventel.fr>
++ David Libault <david.libault@inventel.fr>
++
++ Copyright (C) 2002 Maxim Krasnyanskiy <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: netdev.c,v 1.7 2002/07/14 05:39:26 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/socket.h>
++#include <linux/netdevice.h>
++#include <linux/etherdevice.h>
++#include <linux/skbuff.h>
++#include <linux/wait.h>
++
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include <net/bluetooth/l2cap.h>
++
++#include "bnep.h"
++
++#ifndef CONFIG_BLUEZ_BNEP_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++#define BNEP_TX_QUEUE_LEN 20
++
++static int bnep_net_open(struct net_device *dev)
++{
++ netif_start_queue(dev);
++ return 0;
++}
++
++static int bnep_net_close(struct net_device *dev)
++{
++ netif_stop_queue(dev);
++ return 0;
++}
++
++static struct net_device_stats *bnep_net_get_stats(struct net_device *dev)
++{
++ struct bnep_session *s = dev->priv;
++ return &s->stats;
++}
++
++static void bnep_net_set_mc_list(struct net_device *dev)
++{
++#ifdef CONFIG_BLUEZ_BNEP_MC_FILTER
++ struct bnep_session *s = dev->priv;
++ struct sock *sk = s->sock->sk;
++ struct bnep_set_filter_req *r;
++ struct sk_buff *skb;
++ int size;
++
++ BT_DBG("%s mc_count %d", dev->name, dev->mc_count);
++
++ size = sizeof(*r) + (BNEP_MAX_MULTICAST_FILTERS + 1) * ETH_ALEN * 2;
++ skb = alloc_skb(size, GFP_ATOMIC);
++ if (!skb) {
++ BT_ERR("%s Multicast list allocation failed", dev->name);
++ return;
++ }
++
++ r = (void *) skb->data;
++ __skb_put(skb, sizeof(*r));
++
++ r->type = BNEP_CONTROL;
++ r->ctrl = BNEP_FILTER_MULTI_ADDR_SET;
++
++ if (dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) {
++ u8 start[ETH_ALEN] = { 0x01 };
++
++ /* Request all addresses */
++ memcpy(__skb_put(skb, ETH_ALEN), start, ETH_ALEN);
++ memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
++ r->len = htons(ETH_ALEN * 2);
++ } else {
++ struct dev_mc_list *dmi = dev->mc_list;
++ int i, len = skb->len;
++
++ if (dev->flags & IFF_BROADCAST) {
++ memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
++ memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
++ }
++
++ /* FIXME: We should group addresses here. */
++
++ for (i = 0; i < dev->mc_count && i < BNEP_MAX_MULTICAST_FILTERS; i++) {
++ memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
++ memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
++ dmi = dmi->next;
++ }
++ r->len = htons(skb->len - len);
++ }
++
++ skb_queue_tail(&sk->write_queue, skb);
++ wake_up_interruptible(sk->sleep);
++#endif
++}
++
++static int bnep_net_set_mac_addr(struct net_device *dev, void *arg)
++{
++ BT_DBG("%s", dev->name);
++ return 0;
++}
++
++static void bnep_net_timeout(struct net_device *dev)
++{
++ BT_DBG("net_timeout");
++ netif_wake_queue(dev);
++}
++
++static int bnep_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
++{
++ return -EINVAL;
++}
++
++#ifdef CONFIG_BLUEZ_BNEP_MC_FILTER
++static inline int bnep_net_mc_filter(struct sk_buff *skb, struct bnep_session *s)
++{
++ struct ethhdr *eh = (void *) skb->data;
++
++ if ((eh->h_dest[0] & 1) && !test_bit(bnep_mc_hash(eh->h_dest), &s->mc_filter)) {
++ BT_DBG("BNEP: filtered skb %p, dst %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", skb,
++ eh->h_dest[0], eh->h_dest[1], eh->h_dest[2],
++ eh->h_dest[3], eh->h_dest[4], eh->h_dest[5]);
++ return 1;
++ }
++ return 0;
++}
++#endif
++
++#ifdef CONFIG_BLUEZ_BNEP_PROTO_FILTER
++/* Determine ether protocol. Based on eth_type_trans. */
++static inline u16 bnep_net_eth_proto(struct sk_buff *skb)
++{
++ struct ethhdr *eh = (void *) skb->data;
++
++ if (ntohs(eh->h_proto) >= 1536)
++ return eh->h_proto;
++
++ if (get_unaligned((u16 *) skb->data) == 0xFFFF)
++ return htons(ETH_P_802_3);
++
++ return htons(ETH_P_802_2);
++}
++
++static inline int bnep_net_proto_filter(struct sk_buff *skb, struct bnep_session *s)
++{
++ u16 proto = bnep_net_eth_proto(skb);
++ struct bnep_proto_filter *f = s->proto_filter;
++ int i;
++
++ for (i = 0; i < BNEP_MAX_PROTO_FILTERS && f[i].end; i++) {
++ if (proto >= f[i].start && proto <= f[i].end)
++ return 0;
++ }
++
++ BT_DBG("BNEP: filtered skb %p, proto 0x%.4x", skb, proto);
++ return 1;
++}
++#endif
++
++static int bnep_net_xmit(struct sk_buff *skb, struct net_device *dev)
++{
++ struct bnep_session *s = dev->priv;
++ struct sock *sk = s->sock->sk;
++
++ BT_DBG("skb %p, dev %p", skb, dev);
++
++#ifdef CONFIG_BLUEZ_BNEP_MC_FILTER
++ if (bnep_net_mc_filter(skb, s)) {
++ kfree_skb(skb);
++ return 0;
++ }
++#endif
++
++#ifdef CONFIG_BLUEZ_BNEP_PROTO_FILTER
++ if (bnep_net_proto_filter(skb, s)) {
++ kfree_skb(skb);
++ return 0;
++ }
++#endif
++
++ /*
++ * We cannot send L2CAP packets from here as we are potentially in a bh.
++ * So we have to queue them and wake up session thread which is sleeping
++ * on the sk->sleep.
++ */
++ dev->trans_start = jiffies;
++ skb_queue_tail(&sk->write_queue, skb);
++ wake_up_interruptible(sk->sleep);
++
++ if (skb_queue_len(&sk->write_queue) >= BNEP_TX_QUEUE_LEN) {
++ BT_DBG("tx queue is full");
++
++ /* Stop queuing.
++ * Session thread will do netif_wake_queue() */
++ netif_stop_queue(dev);
++ }
++
++ return 0;
++}
++
++int bnep_net_init(struct net_device *dev)
++{
++ struct bnep_session *s = dev->priv;
++
++ memcpy(dev->dev_addr, s->eh.h_dest, ETH_ALEN);
++ dev->addr_len = ETH_ALEN;
++
++ ether_setup(dev);
++
++ dev->open = bnep_net_open;
++ dev->stop = bnep_net_close;
++ dev->hard_start_xmit = bnep_net_xmit;
++ dev->get_stats = bnep_net_get_stats;
++ dev->do_ioctl = bnep_net_ioctl;
++ dev->set_mac_address = bnep_net_set_mac_addr;
++ dev->set_multicast_list = bnep_net_set_mc_list;
++
++ dev->watchdog_timeo = HZ * 2;
++ dev->tx_timeout = bnep_net_timeout;
++
++ return 0;
++}
+diff -urN linux-2.4.18/net/bluetooth/bnep/sock.c linux-2.4.18-mh9/net/bluetooth/bnep/sock.c
+--- linux-2.4.18/net/bluetooth/bnep/sock.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/bnep/sock.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,238 @@
++/*
++ BNEP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2001-2002 Inventel Systemes
++ Written 2001-2002 by
++ David Libault <david.libault@inventel.fr>
++
++ Copyright (C) 2002 Maxim Krasnyanskiy <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * $Id: sock.c,v 1.3 2002/07/10 22:59:52 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/skbuff.h>
++#include <linux/socket.h>
++#include <linux/ioctl.h>
++#include <linux/file.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++
++#include "bnep.h"
++
++#ifndef CONFIG_BLUEZ_BNEP_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++static inline struct socket *socki_lookup(struct inode *inode)
++{
++ return &inode->u.socket_i;
++}
++
++static struct socket *sockfd_lookup(int fd, int *err)
++{
++ struct file *file;
++ struct inode *inode;
++ struct socket *sock;
++
++ if (!(file = fget(fd))) {
++ *err = -EBADF;
++ return NULL;
++ }
++
++ inode = file->f_dentry->d_inode;
++ if (!inode->i_sock || !(sock = socki_lookup(inode))) {
++ *err = -ENOTSOCK;
++ fput(file);
++ return NULL;
++ }
++
++ if (sock->file != file) {
++ printk(KERN_ERR "socki_lookup: socket file changed!\n");
++ sock->file = file;
++ }
++ return sock;
++}
++
++static int bnep_sock_release(struct socket *sock)
++{
++ struct sock *sk = sock->sk;
++
++ BT_DBG("sock %p sk %p", sock, sk);
++
++ if (!sk)
++ return 0;
++
++ sock_orphan(sk);
++ sock_put(sk);
++
++ MOD_DEC_USE_COUNT;
++ return 0;
++}
++
++static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
++{
++ struct bnep_connlist_req cl;
++ struct bnep_connadd_req ca;
++ struct bnep_conndel_req cd;
++ struct bnep_conninfo ci;
++ struct socket *nsock;
++ int err;
++
++ BT_DBG("cmd %x arg %lx", cmd, arg);
++
++ switch (cmd) {
++ case BNEPCONNADD:
++ if (!capable(CAP_NET_ADMIN))
++ return -EACCES;
++
++ if (copy_from_user(&ca, (void *) arg, sizeof(ca)))
++ return -EFAULT;
++
++ nsock = sockfd_lookup(ca.sock, &err);
++ if (!nsock)
++ return err;
++
++ if (nsock->sk->state != BT_CONNECTED)
++ return -EBADFD;
++
++ err = bnep_add_connection(&ca, nsock);
++ if (!err) {
++ if (copy_to_user((void *) arg, &ca, sizeof(ca)))
++ err = -EFAULT;
++ } else
++ fput(nsock->file);
++
++ return err;
++
++ case BNEPCONNDEL:
++ if (!capable(CAP_NET_ADMIN))
++ return -EACCES;
++
++ if (copy_from_user(&cd, (void *) arg, sizeof(cd)))
++ return -EFAULT;
++
++ return bnep_del_connection(&cd);
++
++ case BNEPGETCONNLIST:
++ if (copy_from_user(&cl, (void *) arg, sizeof(cl)))
++ return -EFAULT;
++
++ if (cl.cnum <= 0)
++ return -EINVAL;
++
++ err = bnep_get_connlist(&cl);
++ if (!err && copy_to_user((void *) arg, &cl, sizeof(cl)))
++ return -EFAULT;
++
++ return err;
++
++ case BNEPGETCONNINFO:
++ if (copy_from_user(&ci, (void *) arg, sizeof(ci)))
++ return -EFAULT;
++
++ err = bnep_get_conninfo(&ci);
++ if (!err && copy_to_user((void *) arg, &ci, sizeof(ci)))
++ return -EFAULT;
++
++ return err;
++
++ default:
++ return -EINVAL;
++ }
++
++ return 0;
++}
++
++static struct proto_ops bnep_sock_ops = {
++ family: PF_BLUETOOTH,
++ release: bnep_sock_release,
++ ioctl: bnep_sock_ioctl,
++ bind: sock_no_bind,
++ getname: sock_no_getname,
++ sendmsg: sock_no_sendmsg,
++ recvmsg: sock_no_recvmsg,
++ poll: sock_no_poll,
++ listen: sock_no_listen,
++ shutdown: sock_no_shutdown,
++ setsockopt: sock_no_setsockopt,
++ getsockopt: sock_no_getsockopt,
++ connect: sock_no_connect,
++ socketpair: sock_no_socketpair,
++ accept: sock_no_accept,
++ mmap: sock_no_mmap
++};
++
++static int bnep_sock_create(struct socket *sock, int protocol)
++{
++ struct sock *sk;
++
++ BT_DBG("sock %p", sock);
++
++ if (sock->type != SOCK_RAW)
++ return -ESOCKTNOSUPPORT;
++
++ sock->ops = &bnep_sock_ops;
++
++ if (!(sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, 1)))
++ return -ENOMEM;
++
++ MOD_INC_USE_COUNT;
++
++ sock->state = SS_UNCONNECTED;
++ sock_init_data(sock, sk);
++
++ sk->destruct = NULL;
++ sk->protocol = protocol;
++
++ return 0;
++}
++
++static struct net_proto_family bnep_sock_family_ops = {
++ family: PF_BLUETOOTH,
++ create: bnep_sock_create
++};
++
++int bnep_sock_init(void)
++{
++ bluez_sock_register(BTPROTO_BNEP, &bnep_sock_family_ops);
++ return 0;
++}
++
++int bnep_sock_cleanup(void)
++{
++ if (bluez_sock_unregister(BTPROTO_BNEP))
++ BT_ERR("Can't unregister BNEP socket");
++ return 0;
++}
+diff -urN linux-2.4.18/net/bluetooth/cmtp/Config.in linux-2.4.18-mh9/net/bluetooth/cmtp/Config.in
+--- linux-2.4.18/net/bluetooth/cmtp/Config.in Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/Config.in Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,7 @@
++#
++# Bluetooth CMTP layer configuration
++#
++
++if [ "$CONFIG_ISDN" = "y" -o "$CONFIG_ISDN" = "m" ]; then
++ dep_tristate 'CMTP protocol support' CONFIG_BLUEZ_CMTP $CONFIG_ISDN_CAPI $CONFIG_BLUEZ_L2CAP
++fi
+diff -urN linux-2.4.18/net/bluetooth/cmtp/Makefile linux-2.4.18-mh9/net/bluetooth/cmtp/Makefile
+--- linux-2.4.18/net/bluetooth/cmtp/Makefile Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/Makefile Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,10 @@
++#
++# Makefile for the Linux Bluetooth CMTP layer
++#
++
++O_TARGET := cmtp.o
++
++obj-y := core.o sock.o capi.o
++obj-m += $(O_TARGET)
++
++include $(TOPDIR)/Rules.make
+diff -urN linux-2.4.18/net/bluetooth/cmtp/capi.c linux-2.4.18-mh9/net/bluetooth/cmtp/capi.c
+--- linux-2.4.18/net/bluetooth/cmtp/capi.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/capi.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,707 @@
++/*
++ CMTP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/skbuff.h>
++#include <linux/socket.h>
++#include <linux/ioctl.h>
++#include <linux/file.h>
++#include <net/sock.h>
++
++#include <linux/capi.h>
++
++#include "../drivers/isdn/avmb1/capilli.h"
++#include "../drivers/isdn/avmb1/capicmd.h"
++#include "../drivers/isdn/avmb1/capiutil.h"
++
++#include "cmtp.h"
++
++#ifndef CONFIG_BLUEZ_CMTP_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++#define REVISION "1.0"
++
++#define CAPI_INTEROPERABILITY 0x20
++
++#define CAPI_INTEROPERABILITY_REQ CAPICMD(CAPI_INTEROPERABILITY, CAPI_REQ)
++#define CAPI_INTEROPERABILITY_CONF CAPICMD(CAPI_INTEROPERABILITY, CAPI_CONF)
++#define CAPI_INTEROPERABILITY_IND CAPICMD(CAPI_INTEROPERABILITY, CAPI_IND)
++#define CAPI_INTEROPERABILITY_RESP CAPICMD(CAPI_INTEROPERABILITY, CAPI_RESP)
++
++#define CAPI_INTEROPERABILITY_REQ_LEN (CAPI_MSG_BASELEN + 2)
++#define CAPI_INTEROPERABILITY_CONF_LEN (CAPI_MSG_BASELEN + 4)
++#define CAPI_INTEROPERABILITY_IND_LEN (CAPI_MSG_BASELEN + 2)
++#define CAPI_INTEROPERABILITY_RESP_LEN (CAPI_MSG_BASELEN + 2)
++
++#define CAPI_FUNCTION_REGISTER 0
++#define CAPI_FUNCTION_RELEASE 1
++#define CAPI_FUNCTION_GET_PROFILE 2
++#define CAPI_FUNCTION_GET_MANUFACTURER 3
++#define CAPI_FUNCTION_GET_VERSION 4
++#define CAPI_FUNCTION_GET_SERIAL_NUMBER 5
++#define CAPI_FUNCTION_MANUFACTURER 6
++#define CAPI_FUNCTION_LOOPBACK 7
++
++static struct capi_driver_interface *di;
++
++
++#define CMTP_MSGNUM 1
++#define CMTP_APPLID 2
++#define CMTP_MAPPING 3
++
++static struct cmtp_application *cmtp_application_add(struct cmtp_session *session, __u16 appl)
++{
++ struct cmtp_application *app = kmalloc(sizeof(*app), GFP_KERNEL);
++
++ BT_DBG("session %p application %p appl %d", session, app, appl);
++
++ if (!app)
++ return NULL;
++
++ memset(app, 0, sizeof(*app));
++
++ app->state = BT_OPEN;
++ app->appl = appl;
++
++ list_add_tail(&app->list, &session->applications);
++
++ return app;
++}
++
++static void cmtp_application_del(struct cmtp_session *session, struct cmtp_application *app)
++{
++ BT_DBG("session %p application %p", session, app);
++
++ if (app) {
++ list_del(&app->list);
++ kfree(app);
++ }
++}
++
++static struct cmtp_application *cmtp_application_get(struct cmtp_session *session, int pattern, __u16 value)
++{
++ struct cmtp_application *app;
++ struct list_head *p, *n;
++
++ list_for_each_safe(p, n, &session->applications) {
++ app = list_entry(p, struct cmtp_application, list);
++ switch (pattern) {
++ case CMTP_MSGNUM:
++ if (app->msgnum == value)
++ return app;
++ break;
++ case CMTP_APPLID:
++ if (app->appl == value)
++ return app;
++ break;
++ case CMTP_MAPPING:
++ if (app->mapping == value)
++ return app;
++ break;
++ }
++ }
++
++ return NULL;
++}
++
++static int cmtp_msgnum_get(struct cmtp_session *session)
++{
++ session->msgnum++;
++
++ if ((session->msgnum & 0xff) > 200)
++ session->msgnum = CMTP_INITIAL_MSGNUM + 1;
++
++ return session->msgnum;
++}
++
++
++static void cmtp_send_interopmsg(struct cmtp_session *session,
++ __u8 subcmd, __u16 appl, __u16 msgnum,
++ __u16 function, unsigned char *buf, int len)
++{
++ struct sk_buff *skb;
++ unsigned char *s;
++
++ BT_DBG("session %p subcmd 0x%02x appl %d msgnum %d", session, subcmd, appl, msgnum);
++
++ if (!(skb = alloc_skb(CAPI_MSG_BASELEN + 6 + len, GFP_ATOMIC))) {
++ BT_ERR("Can't allocate memory for interoperability packet");
++ return;
++ }
++
++ s = skb_put(skb, CAPI_MSG_BASELEN + 6 + len);
++
++ capimsg_setu16(s, 0, CAPI_MSG_BASELEN + 6 + len);
++ capimsg_setu16(s, 2, appl);
++ capimsg_setu8 (s, 4, CAPI_INTEROPERABILITY);
++ capimsg_setu8 (s, 5, subcmd);
++ capimsg_setu16(s, 6, msgnum);
++
++ /* Interoperability selector (Bluetooth Device Management) */
++ capimsg_setu16(s, 8, 0x0001);
++
++ capimsg_setu8 (s, 10, 3 + len);
++ capimsg_setu16(s, 11, function);
++ capimsg_setu8 (s, 13, len);
++
++ if (len > 0)
++ memcpy(s + 14, buf, len);
++
++ cmtp_send_capimsg(session, skb);
++}
++
++static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *skb)
++{
++ struct capi_ctr *ctrl = session->ctrl;
++ struct cmtp_application *application;
++ __u16 appl, msgnum, func, info;
++ __u32 controller;
++
++ BT_DBG("session %p skb %p len %d", session, skb, skb->len);
++
++ switch (CAPIMSG_SUBCOMMAND(skb->data)) {
++ case CAPI_CONF:
++ func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
++ info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
++
++ switch (func) {
++ case CAPI_FUNCTION_REGISTER:
++ msgnum = CAPIMSG_MSGID(skb->data);
++
++ application = cmtp_application_get(session, CMTP_MSGNUM, msgnum);
++ if (application) {
++ application->state = BT_CONNECTED;
++ application->msgnum = 0;
++ application->mapping = CAPIMSG_APPID(skb->data);
++ wake_up_interruptible(&session->wait);
++ }
++
++ break;
++
++ case CAPI_FUNCTION_RELEASE:
++ appl = CAPIMSG_APPID(skb->data);
++
++ application = cmtp_application_get(session, CMTP_MAPPING, appl);
++ if (application) {
++ application->state = BT_CLOSED;
++ application->msgnum = 0;
++ wake_up_interruptible(&session->wait);
++ }
++
++ break;
++
++ case CAPI_FUNCTION_GET_PROFILE:
++ controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
++ msgnum = CAPIMSG_MSGID(skb->data);
++
++ if (!info && (msgnum == CMTP_INITIAL_MSGNUM)) {
++ session->ncontroller = controller;
++ wake_up_interruptible(&session->wait);
++ break;
++ }
++
++ if (!info && ctrl) {
++ memcpy(&ctrl->profile,
++ skb->data + CAPI_MSG_BASELEN + 11,
++ sizeof(capi_profile));
++ session->state = BT_CONNECTED;
++ ctrl->ready(ctrl);
++ }
++
++ break;
++
++ case CAPI_FUNCTION_GET_MANUFACTURER:
++ controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
++
++ if (!info && ctrl) {
++ strncpy(ctrl->manu,
++ skb->data + CAPI_MSG_BASELEN + 15,
++ skb->data[CAPI_MSG_BASELEN + 14]);
++ }
++
++ break;
++
++ case CAPI_FUNCTION_GET_VERSION:
++ controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
++
++ if (!info && ctrl) {
++ ctrl->version.majorversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 16);
++ ctrl->version.minorversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 20);
++ ctrl->version.majormanuversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 24);
++ ctrl->version.minormanuversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 28);
++ }
++
++ break;
++
++ case CAPI_FUNCTION_GET_SERIAL_NUMBER:
++ controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
++
++ if (!info && ctrl) {
++ memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
++ strncpy(ctrl->serial,
++ skb->data + CAPI_MSG_BASELEN + 17,
++ skb->data[CAPI_MSG_BASELEN + 16]);
++ }
++
++ break;
++ }
++
++ break;
++
++ case CAPI_IND:
++ func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
++
++ if (func == CAPI_FUNCTION_LOOPBACK) {
++ appl = CAPIMSG_APPID(skb->data);
++ msgnum = CAPIMSG_MSGID(skb->data);
++ cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
++ skb->data + CAPI_MSG_BASELEN + 6,
++ skb->data[CAPI_MSG_BASELEN + 5]);
++ }
++
++ break;
++ }
++
++ kfree_skb(skb);
++}
++
++void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb)
++{
++ struct capi_ctr *ctrl = session->ctrl;
++ struct cmtp_application *application;
++ __u16 cmd, appl, info;
++ __u32 ncci, contr;
++
++ BT_DBG("session %p skb %p len %d", session, skb, skb->len);
++
++ if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
++ cmtp_recv_interopmsg(session, skb);
++ return;
++ }
++
++ if (session->flags & (1 << CMTP_LOOPBACK)) {
++ kfree_skb(skb);
++ return;
++ }
++
++ cmd = CAPICMD(CAPIMSG_COMMAND(skb->data), CAPIMSG_SUBCOMMAND(skb->data));
++ appl = CAPIMSG_APPID(skb->data);
++ contr = CAPIMSG_CONTROL(skb->data);
++
++ application = cmtp_application_get(session, CMTP_MAPPING, appl);
++ if (application) {
++ appl = application->appl;
++ CAPIMSG_SETAPPID(skb->data, appl);
++ } else {
++ BT_ERR("Can't find application with id %d", appl);
++ kfree_skb(skb);
++ return;
++ }
++
++ if ((contr & 0x7f) == 0x01) {
++ contr = (contr & 0xffffff80) | session->num;
++ CAPIMSG_SETCONTROL(skb->data, contr);
++ }
++
++ if (!ctrl) {
++ BT_ERR("Can't find controller %d for message", session->num);
++ kfree_skb(skb);
++ return;
++ }
++
++ switch (cmd) {
++ case CAPI_CONNECT_B3_CONF:
++ ncci = CAPIMSG_NCCI(skb->data);
++ info = CAPIMSG_U16(skb->data, 12);
++
++ BT_DBG("CONNECT_B3_CONF ncci 0x%02x info 0x%02x", ncci, info);
++
++ if (info == 0)
++ ctrl->new_ncci(ctrl, appl, ncci, 8);
++
++ ctrl->handle_capimsg(ctrl, appl, skb);
++ break;
++
++ case CAPI_CONNECT_B3_IND:
++ ncci = CAPIMSG_NCCI(skb->data);
++
++ BT_DBG("CONNECT_B3_IND ncci 0x%02x", ncci);
++
++ ctrl->new_ncci(ctrl, appl, ncci, 8);
++ ctrl->handle_capimsg(ctrl, appl, skb);
++ break;
++
++ case CAPI_DISCONNECT_B3_IND:
++ ncci = CAPIMSG_NCCI(skb->data);
++
++ BT_DBG("DISCONNECT_B3_IND ncci 0x%02x", ncci);
++
++ if (ncci == 0xffffffff)
++ BT_ERR("DISCONNECT_B3_IND with ncci 0xffffffff");
++
++ ctrl->handle_capimsg(ctrl, appl, skb);
++ ctrl->free_ncci(ctrl, appl, ncci);
++ break;
++
++ default:
++ ctrl->handle_capimsg(ctrl, appl, skb);
++ break;
++ }
++}
++
++void cmtp_send_capimsg(struct cmtp_session *session, struct sk_buff *skb)
++{
++ struct cmtp_scb *scb = (void *) skb->cb;
++
++ BT_DBG("session %p skb %p len %d", session, skb, skb->len);
++
++ scb->id = -1;
++ scb->data = (CAPIMSG_COMMAND(skb->data) == CAPI_DATA_B3);
++
++ skb_queue_tail(&session->transmit, skb);
++
++ cmtp_schedule(session);
++}
++
++
++static int cmtp_load_firmware(struct capi_ctr *ctrl, capiloaddata *data)
++{
++ BT_DBG("ctrl %p data %p", ctrl, data);
++
++ return -EIO;
++}
++
++static void cmtp_reset_ctr(struct capi_ctr *ctrl)
++{
++ BT_DBG("ctrl %p", ctrl);
++
++ ctrl->reseted(ctrl);
++}
++
++static void cmtp_remove_ctr(struct capi_ctr *ctrl)
++{
++ struct cmtp_session *session = ctrl->driverdata;
++
++ BT_DBG("ctrl %p", ctrl);
++
++ ctrl->suspend_output(ctrl);
++
++ atomic_inc(&session->terminate);
++ cmtp_schedule(session);
++}
++
++static void cmtp_register_appl(struct capi_ctr *ctrl, __u16 appl, capi_register_params *rp)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct cmtp_session *session = ctrl->driverdata;
++ struct cmtp_application *application;
++ unsigned long timeo = CMTP_INTEROP_TIMEOUT;
++ unsigned char buf[8];
++ int err = 0, nconn, want = rp->level3cnt;
++
++ BT_DBG("ctrl %p appl %d level3cnt %d datablkcnt %d datablklen %d",
++ ctrl, appl, rp->level3cnt, rp->datablkcnt, rp->datablklen);
++
++ application = cmtp_application_add(session, appl);
++ if (!application) {
++ BT_ERR("Can't allocate memory for new application");
++ ctrl->appl_released(ctrl, appl);
++ return;
++ }
++
++ if (want < 0)
++ nconn = ctrl->profile.nbchannel * -want;
++ else
++ nconn = want;
++
++ if (nconn == 0)
++ nconn = ctrl->profile.nbchannel;
++
++ capimsg_setu16(buf, 0, nconn);
++ capimsg_setu16(buf, 2, rp->datablkcnt);
++ capimsg_setu16(buf, 4, rp->datablklen);
++
++ application->state = BT_CONFIG;
++ application->msgnum = cmtp_msgnum_get(session);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0x0000, application->msgnum,
++ CAPI_FUNCTION_REGISTER, buf, 6);
++
++ add_wait_queue(&session->wait, &wait);
++ while (1) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (!timeo) {
++ err = -EAGAIN;
++ break;
++ }
++
++ if (application->state == BT_CLOSED) {
++ err = -application->err;
++ break;
++ }
++
++ if (application->state == BT_CONNECTED)
++ break;
++
++ if (signal_pending(current)) {
++ err = -EINTR;
++ break;
++ }
++
++ timeo = schedule_timeout(timeo);
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(&session->wait, &wait);
++
++ if (err) {
++ ctrl->appl_released(ctrl, appl);
++ cmtp_application_del(session, application);
++ return;
++ }
++
++ ctrl->appl_registered(ctrl, appl);
++}
++
++static void cmtp_release_appl(struct capi_ctr *ctrl, __u16 appl)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct cmtp_session *session = ctrl->driverdata;
++ struct cmtp_application *application;
++ unsigned long timeo = CMTP_INTEROP_TIMEOUT;
++
++ BT_DBG("ctrl %p appl %d", ctrl, appl);
++
++ application = cmtp_application_get(session, CMTP_APPLID, appl);
++ if (!application) {
++ BT_ERR("Can't find application");
++ return;
++ }
++
++ application->msgnum = cmtp_msgnum_get(session);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, application->mapping, application->msgnum,
++ CAPI_FUNCTION_RELEASE, NULL, 0);
++
++ add_wait_queue(&session->wait, &wait);
++ while (timeo) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (application->state == BT_CLOSED)
++ break;
++
++ if (signal_pending(current))
++ break;
++
++ timeo = schedule_timeout(timeo);
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(&session->wait, &wait);
++
++ cmtp_application_del(session, application);
++ ctrl->appl_released(ctrl, appl);
++}
++
++static void cmtp_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
++{
++ struct cmtp_session *session = ctrl->driverdata;
++ struct cmtp_application *application;
++ __u16 appl;
++ __u32 contr;
++
++ BT_DBG("ctrl %p skb %p", ctrl, skb);
++
++ appl = CAPIMSG_APPID(skb->data);
++ contr = CAPIMSG_CONTROL(skb->data);
++
++ application = cmtp_application_get(session, CMTP_APPLID, appl);
++ if ((!application) || (application->state != BT_CONNECTED)) {
++ BT_ERR("Can't find application with id %d", appl);
++ kfree_skb(skb);
++ return;
++ }
++
++ CAPIMSG_SETAPPID(skb->data, application->mapping);
++
++ if ((contr & 0x7f) == session->num) {
++ contr = (contr & 0xffffff80) | 0x01;
++ CAPIMSG_SETCONTROL(skb->data, contr);
++ }
++
++ cmtp_send_capimsg(session, skb);
++}
++
++static char *cmtp_procinfo(struct capi_ctr *ctrl)
++{
++ return "CAPI Message Transport Protocol";
++}
++
++static int cmtp_ctr_read_proc(char *page, char **start, off_t off, int count, int *eof, struct capi_ctr *ctrl)
++{
++ struct cmtp_session *session = ctrl->driverdata;
++ struct cmtp_application *app;
++ struct list_head *p, *n;
++ int len = 0;
++
++ len += sprintf(page + len, "%s (Revision %s)\n\n", cmtp_procinfo(ctrl), REVISION);
++ len += sprintf(page + len, "addr %s\n", session->name);
++ len += sprintf(page + len, "ctrl %d\n", session->num);
++
++ list_for_each_safe(p, n, &session->applications) {
++ app = list_entry(p, struct cmtp_application, list);
++ len += sprintf(page + len, "appl %d -> %d\n", app->appl, app->mapping);
++ }
++
++ if (off + count >= len)
++ *eof = 1;
++
++ if (len < off)
++ return 0;
++
++ *start = page + off;
++
++ return ((count < len - off) ? count : len - off);
++}
++
++static struct capi_driver cmtp_driver = {
++ name: "cmtp",
++ revision: REVISION,
++ load_firmware: cmtp_load_firmware,
++ reset_ctr: cmtp_reset_ctr,
++ remove_ctr: cmtp_remove_ctr,
++ register_appl: cmtp_register_appl,
++ release_appl: cmtp_release_appl,
++ send_message: cmtp_send_message,
++ procinfo: cmtp_procinfo,
++ ctr_read_proc: cmtp_ctr_read_proc,
++
++ driver_read_proc: 0,
++ add_card: 0,
++};
++
++
++int cmtp_attach_device(struct cmtp_session *session)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ unsigned long timeo = CMTP_INTEROP_TIMEOUT;
++ unsigned char buf[4];
++
++ BT_DBG("session %p", session);
++
++ capimsg_setu32(buf, 0, 0);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, CMTP_INITIAL_MSGNUM,
++ CAPI_FUNCTION_GET_PROFILE, buf, 4);
++
++ add_wait_queue(&session->wait, &wait);
++ while (timeo) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (session->ncontroller)
++ break;
++
++ if (signal_pending(current))
++ break;
++
++ timeo = schedule_timeout(timeo);
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(&session->wait, &wait);
++
++ BT_INFO("Found %d CAPI controller(s) on device %s", session->ncontroller, session->name);
++
++ if (!timeo)
++ return -ETIMEDOUT;
++
++ if (!session->ncontroller)
++ return -ENODEV;
++
++
++ if (session->ncontroller > 1)
++ BT_INFO("Setting up only CAPI controller 1");
++
++ if (!(session->ctrl = di->attach_ctr(&cmtp_driver, session->name, session))) {
++ BT_ERR("Can't attach new controller");
++ return -EBUSY;
++ }
++
++ session->num = session->ctrl->cnr;
++
++ BT_DBG("session %p ctrl %p num %d", session, session->ctrl, session->num);
++
++ capimsg_setu32(buf, 0, 1);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
++ CAPI_FUNCTION_GET_MANUFACTURER, buf, 4);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
++ CAPI_FUNCTION_GET_VERSION, buf, 4);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
++ CAPI_FUNCTION_GET_SERIAL_NUMBER, buf, 4);
++
++ cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
++ CAPI_FUNCTION_GET_PROFILE, buf, 4);
++
++ return 0;
++}
++
++void cmtp_detach_device(struct cmtp_session *session)
++{
++ struct capi_ctr *ctrl = session->ctrl;
++
++ BT_DBG("session %p ctrl %p", session, ctrl);
++
++ if (!ctrl)
++ return;
++
++ ctrl->reseted(ctrl);
++
++ di->detach_ctr(ctrl);
++}
++
++int cmtp_init_capi(void)
++{
++ if (!(di = attach_capi_driver(&cmtp_driver))) {
++ BT_ERR("Can't attach CAPI driver");
++ return -EIO;
++ }
++
++ return 0;
++}
++
++void cmtp_cleanup_capi(void)
++{
++ detach_capi_driver(&cmtp_driver);
++}
+diff -urN linux-2.4.18/net/bluetooth/cmtp/cmtp.h linux-2.4.18-mh9/net/bluetooth/cmtp/cmtp.h
+--- linux-2.4.18/net/bluetooth/cmtp/cmtp.h Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/cmtp.h Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,138 @@
++/*
++ CMTP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++#ifndef __CMTP_H
++#define __CMTP_H
++
++#include <linux/types.h>
++#include <net/bluetooth/bluetooth.h>
++
++#define BTNAMSIZ 18
++
++/* CMTP ioctl defines */
++#define CMTPCONNADD _IOW('C', 200, int)
++#define CMTPCONNDEL _IOW('C', 201, int)
++#define CMTPGETCONNLIST _IOR('C', 210, int)
++#define CMTPGETCONNINFO _IOR('C', 211, int)
++
++#define CMTP_LOOPBACK 0
++
++struct cmtp_connadd_req {
++ int sock; // Connected socket
++ __u32 flags;
++};
++
++struct cmtp_conndel_req {
++ bdaddr_t bdaddr;
++ __u32 flags;
++};
++
++struct cmtp_conninfo {
++ bdaddr_t bdaddr;
++ __u32 flags;
++ __u16 state;
++ int num;
++};
++
++struct cmtp_connlist_req {
++ __u32 cnum;
++ struct cmtp_conninfo *ci;
++};
++
++int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock);
++int cmtp_del_connection(struct cmtp_conndel_req *req);
++int cmtp_get_connlist(struct cmtp_connlist_req *req);
++int cmtp_get_conninfo(struct cmtp_conninfo *ci);
++
++/* CMTP session defines */
++#define CMTP_INTEROP_TIMEOUT (HZ * 5)
++#define CMTP_INITIAL_MSGNUM 0xff00
++
++struct cmtp_session {
++ struct list_head list;
++
++ struct socket *sock;
++
++ bdaddr_t bdaddr;
++
++ unsigned long state;
++ unsigned long flags;
++
++ uint mtu;
++
++ char name[BTNAMSIZ];
++
++ atomic_t terminate;
++
++ wait_queue_head_t wait;
++
++ int ncontroller;
++ int num;
++ struct capi_ctr *ctrl;
++
++ struct list_head applications;
++
++ unsigned long blockids;
++ int msgnum;
++
++ struct sk_buff_head transmit;
++
++ struct sk_buff *reassembly[16];
++};
++
++struct cmtp_application {
++ struct list_head list;
++
++ unsigned long state;
++ int err;
++
++ __u16 appl;
++ __u16 mapping;
++
++ __u16 msgnum;
++};
++
++struct cmtp_scb {
++ int id;
++ int data;
++};
++
++int cmtp_attach_device(struct cmtp_session *session);
++void cmtp_detach_device(struct cmtp_session *session);
++
++void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb);
++void cmtp_send_capimsg(struct cmtp_session *session, struct sk_buff *skb);
++
++static inline void cmtp_schedule(struct cmtp_session *session)
++{
++ struct sock *sk = session->sock->sk;
++
++ wake_up_interruptible(sk->sleep);
++}
++
++/* CMTP init defines */
++int cmtp_init_capi(void);
++int cmtp_init_sockets(void);
++void cmtp_cleanup_capi(void);
++void cmtp_cleanup_sockets(void);
++
++#endif /* __CMTP_H */
+diff -urN linux-2.4.18/net/bluetooth/cmtp/core.c linux-2.4.18-mh9/net/bluetooth/cmtp/core.c
+--- linux-2.4.18/net/bluetooth/cmtp/core.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/core.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,515 @@
++/*
++ CMTP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/skbuff.h>
++#include <linux/socket.h>
++#include <linux/ioctl.h>
++#include <linux/file.h>
++#include <linux/init.h>
++#include <net/sock.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/l2cap.h>
++
++#include "cmtp.h"
++
++#ifndef CONFIG_BLUEZ_CMTP_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++#define VERSION "1.0"
++
++static DECLARE_RWSEM(cmtp_session_sem);
++static LIST_HEAD(cmtp_session_list);
++
++static struct cmtp_session *__cmtp_get_session(bdaddr_t *bdaddr)
++{
++ struct cmtp_session *session;
++ struct list_head *p;
++
++ BT_DBG("");
++
++ list_for_each(p, &cmtp_session_list) {
++ session = list_entry(p, struct cmtp_session, list);
++ if (!bacmp(bdaddr, &session->bdaddr))
++ return session;
++ }
++ return NULL;
++}
++
++static void __cmtp_link_session(struct cmtp_session *session)
++{
++ MOD_INC_USE_COUNT;
++ list_add(&session->list, &cmtp_session_list);
++}
++
++static void __cmtp_unlink_session(struct cmtp_session *session)
++{
++ list_del(&session->list);
++ MOD_DEC_USE_COUNT;
++}
++
++static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
++{
++ bacpy(&ci->bdaddr, &session->bdaddr);
++
++ ci->flags = session->flags;
++ ci->state = session->state;
++
++ ci->num = session->num;
++}
++
++
++static inline int cmtp_alloc_block_id(struct cmtp_session *session)
++{
++ int i, id = -1;
++
++ for (i = 0; i < 16; i++)
++ if (!test_and_set_bit(i, &session->blockids)) {
++ id = i;
++ break;
++ }
++
++ return id;
++}
++
++static inline void cmtp_free_block_id(struct cmtp_session *session, int id)
++{
++ clear_bit(id, &session->blockids);
++}
++
++static inline void cmtp_add_msgpart(struct cmtp_session *session, int id, const unsigned char *buf, int count)
++{
++ struct sk_buff *skb = session->reassembly[id], *nskb;
++ int size;
++
++ BT_DBG("session %p buf %p count %d", session, buf, count);
++
++ size = (skb) ? skb->len + count : count;
++
++ if (!(nskb = alloc_skb(size, GFP_ATOMIC))) {
++ BT_ERR("Can't allocate memory for CAPI message");
++ return;
++ }
++
++ if (skb && (skb->len > 0))
++ memcpy(skb_put(nskb, skb->len), skb->data, skb->len);
++
++ memcpy(skb_put(nskb, count), buf, count);
++
++ session->reassembly[id] = nskb;
++
++ if (skb)
++ kfree_skb(skb);
++}
++
++static inline int cmtp_recv_frame(struct cmtp_session *session, struct sk_buff *skb)
++{
++ __u8 hdr, hdrlen, id;
++ __u16 len;
++
++ BT_DBG("session %p skb %p len %d", session, skb, skb->len);
++
++ while (skb->len > 0) {
++ hdr = skb->data[0];
++
++ switch (hdr & 0xc0) {
++ case 0x40:
++ hdrlen = 2;
++ len = skb->data[1];
++ break;
++ case 0x80:
++ hdrlen = 3;
++ len = skb->data[1] | (skb->data[2] << 8);
++ break;
++ default:
++ hdrlen = 1;
++ len = 0;
++ break;
++ }
++
++ id = (hdr & 0x3c) >> 2;
++
++ BT_DBG("hdr 0x%02x hdrlen %d len %d id %d", hdr, hdrlen, len, id);
++
++ if (hdrlen + len > skb->len) {
++ BT_ERR("Wrong size or header information in CMTP frame");
++ break;
++ }
++
++ if (len == 0) {
++ skb_pull(skb, hdrlen);
++ continue;
++ }
++
++ switch (hdr & 0x03) {
++ case 0x00:
++ cmtp_add_msgpart(session, id, skb->data + hdrlen, len);
++ cmtp_recv_capimsg(session, session->reassembly[id]);
++ session->reassembly[id] = NULL;
++ break;
++ case 0x01:
++ cmtp_add_msgpart(session, id, skb->data + hdrlen, len);
++ break;
++ default:
++ if (session->reassembly[id] != NULL)
++ kfree_skb(session->reassembly[id]);
++ session->reassembly[id] = NULL;
++ break;
++ }
++
++ skb_pull(skb, hdrlen + len);
++ }
++
++ kfree_skb(skb);
++ return 0;
++}
++
++static int cmtp_send_frame(struct cmtp_session *session, unsigned char *data, int len)
++{
++ struct socket *sock = session->sock;
++ struct iovec iv = { data, len };
++ struct msghdr msg;
++ int err;
++
++ BT_DBG("session %p data %p len %d", session, data, len);
++
++ if (!len)
++ return 0;
++
++ memset(&msg, 0, sizeof(msg));
++ msg.msg_iovlen = 1;
++ msg.msg_iov = &iv;
++
++ err = sock->ops->sendmsg(sock, &msg, len, 0);
++ return err;
++}
++
++static int cmtp_process_transmit(struct cmtp_session *session)
++{
++ struct sk_buff *skb, *nskb;
++ unsigned char *hdr;
++ unsigned int size, tail;
++
++ BT_DBG("session %p", session);
++
++ if (!(nskb = alloc_skb(session->mtu, GFP_ATOMIC))) {
++ BT_ERR("Can't allocate memory for new frame");
++ return -ENOMEM;
++ }
++
++ while ((skb = skb_dequeue(&session->transmit))) {
++ struct cmtp_scb *scb = (void *) skb->cb;
++
++ if ((tail = (session->mtu - nskb->len)) < 5) {
++ cmtp_send_frame(session, nskb->data, nskb->len);
++ skb_trim(nskb, 0);
++ tail = session->mtu;
++ }
++
++ size = min_t(uint, ((tail < 258) ? (tail - 2) : (tail - 3)), skb->len);
++
++ if ((scb->id < 0) && ((scb->id = cmtp_alloc_block_id(session)) < 0)) {
++ skb_queue_head(&session->transmit, skb);
++ break;
++ }
++
++ if (size < 256) {
++ hdr = skb_put(nskb, 2);
++ hdr[0] = 0x40
++ | ((scb->id << 2) & 0x3c)
++ | ((skb->len == size) ? 0x00 : 0x01);
++ hdr[1] = size;
++ } else {
++ hdr = skb_put(nskb, 3);
++ hdr[0] = 0x80
++ | ((scb->id << 2) & 0x3c)
++ | ((skb->len == size) ? 0x00 : 0x01);
++ hdr[1] = size & 0xff;
++ hdr[2] = size >> 8;
++ }
++
++ memcpy(skb_put(nskb, size), skb->data, size);
++ skb_pull(skb, size);
++
++ if (skb->len > 0) {
++ skb_queue_head(&session->transmit, skb);
++ } else {
++ cmtp_free_block_id(session, scb->id);
++ if (scb->data) {
++ cmtp_send_frame(session, nskb->data, nskb->len);
++ skb_trim(nskb, 0);
++ }
++ kfree_skb(skb);
++ }
++ }
++
++ cmtp_send_frame(session, nskb->data, nskb->len);
++
++ kfree_skb(nskb);
++
++ return skb_queue_len(&session->transmit);
++}
++
++static int cmtp_session(void *arg)
++{
++ struct cmtp_session *session = arg;
++ struct sock *sk = session->sock->sk;
++ struct sk_buff *skb;
++ wait_queue_t wait;
++
++ BT_DBG("session %p", session);
++
++ daemonize(); reparent_to_init();
++
++ sprintf(current->comm, "kcmtpd_ctr_%d", session->num);
++
++ sigfillset(&current->blocked);
++ flush_signals(current);
++
++ current->nice = -15;
++
++ set_fs(KERNEL_DS);
++
++ init_waitqueue_entry(&wait, current);
++ add_wait_queue(sk->sleep, &wait);
++ while (!atomic_read(&session->terminate)) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (sk->state != BT_CONNECTED)
++ break;
++
++ while ((skb = skb_dequeue(&sk->receive_queue))) {
++ skb_orphan(skb);
++ cmtp_recv_frame(session, skb);
++ }
++
++ cmtp_process_transmit(session);
++
++ schedule();
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++
++ down_write(&cmtp_session_sem);
++
++ if (!(session->flags & (1 << CMTP_LOOPBACK)))
++ cmtp_detach_device(session);
++
++ fput(session->sock->file);
++
++ __cmtp_unlink_session(session);
++
++ up_write(&cmtp_session_sem);
++
++ kfree(session);
++ return 0;
++}
++
++int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
++{
++ struct cmtp_session *session, *s;
++ bdaddr_t src, dst;
++ int i, err;
++
++ BT_DBG("");
++
++ baswap(&src, &bluez_pi(sock->sk)->src);
++ baswap(&dst, &bluez_pi(sock->sk)->dst);
++
++ session = kmalloc(sizeof(struct cmtp_session), GFP_KERNEL);
++ if (!session)
++ return -ENOMEM;
++ memset(session, 0, sizeof(struct cmtp_session));
++
++ down_write(&cmtp_session_sem);
++
++ s = __cmtp_get_session(&bluez_pi(sock->sk)->dst);
++ if (s && s->state == BT_CONNECTED) {
++ err = -EEXIST;
++ goto failed;
++ }
++
++ bacpy(&session->bdaddr, &bluez_pi(sock->sk)->dst);
++
++ session->mtu = min_t(uint, l2cap_pi(sock->sk)->omtu, l2cap_pi(sock->sk)->imtu);
++
++ BT_DBG("mtu %d", session->mtu);
++
++ sprintf(session->name, "%s", batostr(&dst));
++
++ session->sock = sock;
++ session->state = BT_CONFIG;
++
++ init_waitqueue_head(&session->wait);
++
++ session->ctrl = NULL;
++ session->msgnum = CMTP_INITIAL_MSGNUM;
++
++ INIT_LIST_HEAD(&session->applications);
++
++ skb_queue_head_init(&session->transmit);
++
++ for (i = 0; i < 16; i++)
++ session->reassembly[i] = NULL;
++
++ session->flags = req->flags;
++
++ __cmtp_link_session(session);
++
++ err = kernel_thread(cmtp_session, session, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
++ if (err < 0)
++ goto unlink;
++
++ if (!(session->flags & (1 << CMTP_LOOPBACK))) {
++ err = cmtp_attach_device(session);
++ if (err < 0)
++ goto detach;
++ }
++
++ up_write(&cmtp_session_sem);
++ return 0;
++
++detach:
++ cmtp_detach_device(session);
++
++unlink:
++ __cmtp_unlink_session(session);
++
++failed:
++ up_write(&cmtp_session_sem);
++ kfree(session);
++ return err;
++}
++
++int cmtp_del_connection(struct cmtp_conndel_req *req)
++{
++ struct cmtp_session *session;
++ int err = 0;
++
++ BT_DBG("");
++
++ down_read(&cmtp_session_sem);
++
++ session = __cmtp_get_session(&req->bdaddr);
++ if (session) {
++ /* Flush the transmit queue */
++ skb_queue_purge(&session->transmit);
++
++ /* Kill session thread */
++ atomic_inc(&session->terminate);
++ cmtp_schedule(session);
++ } else
++ err = -ENOENT;
++
++ up_read(&cmtp_session_sem);
++ return err;
++}
++
++int cmtp_get_connlist(struct cmtp_connlist_req *req)
++{
++ struct list_head *p;
++ int err = 0, n = 0;
++
++ BT_DBG("");
++
++ down_read(&cmtp_session_sem);
++
++ list_for_each(p, &cmtp_session_list) {
++ struct cmtp_session *session;
++ struct cmtp_conninfo ci;
++
++ session = list_entry(p, struct cmtp_session, list);
++
++ __cmtp_copy_session(session, &ci);
++
++ if (copy_to_user(req->ci, &ci, sizeof(ci))) {
++ err = -EFAULT;
++ break;
++ }
++
++ if (++n >= req->cnum)
++ break;
++
++ req->ci++;
++ }
++ req->cnum = n;
++
++ up_read(&cmtp_session_sem);
++ return err;
++}
++
++int cmtp_get_conninfo(struct cmtp_conninfo *ci)
++{
++ struct cmtp_session *session;
++ int err = 0;
++
++ down_read(&cmtp_session_sem);
++
++ session = __cmtp_get_session(&ci->bdaddr);
++ if (session)
++ __cmtp_copy_session(session, ci);
++ else
++ err = -ENOENT;
++
++ up_read(&cmtp_session_sem);
++ return err;
++}
++
++
++int __init init_cmtp(void)
++{
++ l2cap_load();
++
++ cmtp_init_capi();
++ cmtp_init_sockets();
++
++ BT_INFO("BlueZ CMTP ver %s", VERSION);
++ BT_INFO("Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>");
++
++ return 0;
++}
++
++void __exit exit_cmtp(void)
++{
++ cmtp_cleanup_sockets();
++ cmtp_cleanup_capi();
++}
++
++module_init(init_cmtp);
++module_exit(exit_cmtp);
++
++MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueZ CMTP ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/cmtp/sock.c linux-2.4.18-mh9/net/bluetooth/cmtp/sock.c
+--- linux-2.4.18/net/bluetooth/cmtp/sock.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/cmtp/sock.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,236 @@
++/*
++ CMTP implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/skbuff.h>
++#include <linux/socket.h>
++#include <linux/ioctl.h>
++#include <linux/file.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++
++#include "cmtp.h"
++
++#ifndef CONFIG_BLUEZ_CMTP_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++static inline struct socket *socki_lookup(struct inode *inode)
++{
++ return &inode->u.socket_i;
++}
++
++static struct socket *sockfd_lookup(int fd, int *err)
++{
++ struct file *file;
++ struct inode *inode;
++ struct socket *sock;
++
++ if (!(file = fget(fd))) {
++ *err = -EBADF;
++ return NULL;
++ }
++
++ inode = file->f_dentry->d_inode;
++ if (!inode->i_sock || !(sock = socki_lookup(inode))) {
++ *err = -ENOTSOCK;
++ fput(file);
++ return NULL;
++ }
++
++ if (sock->file != file) {
++ printk(KERN_ERR "socki_lookup: socket file changed!\n");
++ sock->file = file;
++ }
++ return sock;
++}
++
++static int cmtp_sock_release(struct socket *sock)
++{
++ struct sock *sk = sock->sk;
++
++ BT_DBG("sock %p sk %p", sock, sk);
++
++ if (!sk)
++ return 0;
++
++ sock_orphan(sk);
++ sock_put(sk);
++
++ MOD_DEC_USE_COUNT;
++ return 0;
++}
++
++static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
++{
++ struct cmtp_connadd_req ca;
++ struct cmtp_conndel_req cd;
++ struct cmtp_connlist_req cl;
++ struct cmtp_conninfo ci;
++ struct socket *nsock;
++ int err;
++
++ BT_DBG("cmd %x arg %lx", cmd, arg);
++
++ switch (cmd) {
++ case CMTPCONNADD:
++ if (!capable(CAP_NET_ADMIN))
++ return -EACCES;
++
++ if (copy_from_user(&ca, (void *) arg, sizeof(ca)))
++ return -EFAULT;
++
++ nsock = sockfd_lookup(ca.sock, &err);
++ if (!nsock)
++ return err;
++
++ if (nsock->sk->state != BT_CONNECTED)
++ return -EBADFD;
++
++ err = cmtp_add_connection(&ca, nsock);
++ if (!err) {
++ if (copy_to_user((void *) arg, &ca, sizeof(ca)))
++ err = -EFAULT;
++ } else
++ fput(nsock->file);
++
++ return err;
++
++ case CMTPCONNDEL:
++ if (!capable(CAP_NET_ADMIN))
++ return -EACCES;
++
++ if (copy_from_user(&cd, (void *) arg, sizeof(cd)))
++ return -EFAULT;
++
++ return cmtp_del_connection(&cd);
++
++ case CMTPGETCONNLIST:
++ if (copy_from_user(&cl, (void *) arg, sizeof(cl)))
++ return -EFAULT;
++
++ if (cl.cnum <= 0)
++ return -EINVAL;
++
++ err = cmtp_get_connlist(&cl);
++ if (!err && copy_to_user((void *) arg, &cl, sizeof(cl)))
++ return -EFAULT;
++
++ return err;
++
++ case CMTPGETCONNINFO:
++ if (copy_from_user(&ci, (void *) arg, sizeof(ci)))
++ return -EFAULT;
++
++ err = cmtp_get_conninfo(&ci);
++ if (!err && copy_to_user((void *) arg, &ci, sizeof(ci)))
++ return -EFAULT;
++
++ return err;
++ }
++
++ return -EINVAL;
++}
++
++static struct proto_ops cmtp_sock_ops = {
++ family: PF_BLUETOOTH,
++ release: cmtp_sock_release,
++ ioctl: cmtp_sock_ioctl,
++ bind: sock_no_bind,
++ getname: sock_no_getname,
++ sendmsg: sock_no_sendmsg,
++ recvmsg: sock_no_recvmsg,
++ poll: sock_no_poll,
++ listen: sock_no_listen,
++ shutdown: sock_no_shutdown,
++ setsockopt: sock_no_setsockopt,
++ getsockopt: sock_no_getsockopt,
++ connect: sock_no_connect,
++ socketpair: sock_no_socketpair,
++ accept: sock_no_accept,
++ mmap: sock_no_mmap
++};
++
++static int cmtp_sock_create(struct socket *sock, int protocol)
++{
++ struct sock *sk;
++
++ BT_DBG("sock %p", sock);
++
++ if (sock->type != SOCK_RAW)
++ return -ESOCKTNOSUPPORT;
++
++ sock->ops = &cmtp_sock_ops;
++
++ if (!(sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, 1)))
++ return -ENOMEM;
++
++ MOD_INC_USE_COUNT;
++
++ sock->state = SS_UNCONNECTED;
++ sock_init_data(sock, sk);
++
++ sk->destruct = NULL;
++ sk->protocol = protocol;
++
++ return 0;
++}
++
++static struct net_proto_family cmtp_sock_family_ops = {
++ family: PF_BLUETOOTH,
++ create: cmtp_sock_create
++};
++
++int cmtp_init_sockets(void)
++{
++ int err;
++
++ if ((err = bluez_sock_register(BTPROTO_CMTP, &cmtp_sock_family_ops))) {
++ BT_ERR("Can't register CMTP socket layer (%d)", err);
++ return err;
++ }
++
++ return 0;
++}
++
++void cmtp_cleanup_sockets(void)
++{
++ int err;
++
++ if ((err = bluez_sock_unregister(BTPROTO_CMTP)))
++ BT_ERR("Can't unregister CMTP socket layer (%d)", err);
++
++ return;
++}
+diff -urN linux-2.4.18/net/bluetooth/hci_conn.c linux-2.4.18-mh9/net/bluetooth/hci_conn.c
+--- linux-2.4.18/net/bluetooth/hci_conn.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/hci_conn.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,441 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * HCI Connection handling.
++ *
++ * $Id: hci_conn.c,v 1.5 2002/07/17 18:46:25 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/init.h>
++#include <linux/skbuff.h>
++#include <linux/interrupt.h>
++#include <linux/notifier.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++#ifndef HCI_CORE_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++void hci_acl_connect(struct hci_conn *conn)
++{
++ struct hci_dev *hdev = conn->hdev;
++ struct inquiry_entry *ie;
++ create_conn_cp cp;
++
++ BT_DBG("%p", conn);
++
++ conn->state = BT_CONNECT;
++ conn->out = 1;
++ conn->link_mode = HCI_LM_MASTER;
++
++ memset(&cp, 0, sizeof(cp));
++ bacpy(&cp.bdaddr, &conn->dst);
++ cp.pscan_rep_mode = 0x01;
++
++ if ((ie = inquiry_cache_lookup(hdev, &conn->dst)) &&
++ inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
++ cp.pscan_rep_mode = ie->info.pscan_rep_mode;
++ cp.pscan_mode = ie->info.pscan_mode;
++ cp.clock_offset = ie->info.clock_offset | __cpu_to_le16(0x8000);
++ }
++
++ cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
++ if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
++ cp.role_switch = 0x01;
++ else
++ cp.role_switch = 0x00;
++
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN,
++ CREATE_CONN_CP_SIZE, &cp);
++}
++
++void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
++{
++ disconnect_cp cp;
++
++ BT_DBG("%p", conn);
++
++ conn->state = BT_DISCONN;
++
++ cp.handle = __cpu_to_le16(conn->handle);
++ cp.reason = reason;
++ hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT,
++ DISCONNECT_CP_SIZE, &cp);
++}
++
++void hci_add_sco(struct hci_conn *conn, __u16 handle)
++{
++ struct hci_dev *hdev = conn->hdev;
++ add_sco_cp cp;
++
++ BT_DBG("%p", conn);
++
++ conn->state = BT_CONNECT;
++ conn->out = 1;
++
++ cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
++ cp.handle = __cpu_to_le16(handle);
++
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, ADD_SCO_CP_SIZE, &cp);
++}
++
++static void hci_conn_timeout(unsigned long arg)
++{
++ struct hci_conn *conn = (void *)arg;
++ struct hci_dev *hdev = conn->hdev;
++
++ BT_DBG("conn %p state %d", conn, conn->state);
++
++ if (atomic_read(&conn->refcnt))
++ return;
++
++ hci_dev_lock(hdev);
++ if (conn->state == BT_CONNECTED)
++ hci_acl_disconn(conn, 0x13);
++ else
++ conn->state = BT_CLOSED;
++ hci_dev_unlock(hdev);
++ return;
++}
++
++static void hci_conn_init_timer(struct hci_conn *conn)
++{
++ init_timer(&conn->timer);
++ conn->timer.function = hci_conn_timeout;
++ conn->timer.data = (unsigned long)conn;
++}
++
++struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
++{
++ struct hci_conn *conn;
++
++ BT_DBG("%s dst %s", hdev->name, batostr(dst));
++
++ if (!(conn = kmalloc(sizeof(struct hci_conn), GFP_ATOMIC)))
++ return NULL;
++ memset(conn, 0, sizeof(struct hci_conn));
++
++ bacpy(&conn->dst, dst);
++ conn->type = type;
++ conn->hdev = hdev;
++ conn->state = BT_OPEN;
++
++ skb_queue_head_init(&conn->data_q);
++ hci_conn_init_timer(conn);
++
++ atomic_set(&conn->refcnt, 0);
++
++ hci_dev_hold(hdev);
++
++ if (hdev->notify)
++ hdev->notify(hdev, HCI_NOTIFY_CONN_ADD, (unsigned long) conn);
++
++ tasklet_disable(&hdev->tx_task);
++ conn_hash_add(hdev, conn);
++ tasklet_enable(&hdev->tx_task);
++
++ return conn;
++}
++
++int hci_conn_del(struct hci_conn *conn)
++{
++ struct hci_dev *hdev = conn->hdev;
++
++ BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
++
++ hci_conn_del_timer(conn);
++
++ if (conn->type == SCO_LINK) {
++ struct hci_conn *acl = conn->link;
++ if (acl) {
++ acl->link = NULL;
++ hci_conn_put(acl);
++ }
++ } else {
++ struct hci_conn *sco = conn->link;
++ if (sco)
++ sco->link = NULL;
++
++ /* Unacked frames */
++ hdev->acl_cnt += conn->sent;
++ }
++
++ tasklet_disable(&hdev->tx_task);
++ conn_hash_del(hdev, conn);
++ tasklet_enable(&hdev->tx_task);
++
++ skb_queue_purge(&conn->data_q);
++
++ if (hdev->notify)
++ hdev->notify(hdev, HCI_NOTIFY_CONN_DEL, (unsigned long) conn);
++
++ hci_dev_put(hdev);
++
++ kfree(conn);
++ return 0;
++}
++
++struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
++{
++ int use_src = bacmp(src, BDADDR_ANY);
++ struct hci_dev *hdev = NULL;
++ struct list_head *p;
++
++ BT_DBG("%s -> %s", batostr(src), batostr(dst));
++
++ read_lock_bh(&hdev_list_lock);
++
++ list_for_each(p, &hdev_list) {
++ struct hci_dev *d;
++ d = list_entry(p, struct hci_dev, list);
++
++ if (!test_bit(HCI_UP, &d->flags))
++ continue;
++
++ /* Simple routing:
++ * No source address - find interface with bdaddr != dst
++ * Source address - find interface with bdaddr == src
++ */
++
++ if (use_src) {
++ if (!bacmp(&d->bdaddr, src)) {
++ hdev = d; break;
++ }
++ } else {
++ if (bacmp(&d->bdaddr, dst)) {
++ hdev = d; break;
++ }
++ }
++ }
++
++ if (hdev)
++ hci_dev_hold(hdev);
++
++ read_unlock_bh(&hdev_list_lock);
++ return hdev;
++}
++
++/* Create SCO or ACL connection.
++ * Device _must_ be locked */
++struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
++{
++ struct hci_conn *acl;
++
++ BT_DBG("%s dst %s", hdev->name, batostr(dst));
++
++ if (!(acl = conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
++ if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
++ return NULL;
++ }
++
++ hci_conn_hold(acl);
++
++ if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
++ hci_acl_connect(acl);
++
++ if (type == SCO_LINK) {
++ struct hci_conn *sco;
++
++ if (!(sco = conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
++ if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
++ hci_conn_put(acl);
++ return NULL;
++ }
++ }
++ acl->link = sco;
++ sco->link = acl;
++
++ hci_conn_hold(sco);
++
++ if (acl->state == BT_CONNECTED &&
++ (sco->state == BT_OPEN || sco->state == BT_CLOSED))
++ hci_add_sco(sco, acl->handle);
++
++ return sco;
++ } else {
++ return acl;
++ }
++}
++
++/* Authenticate remote device */
++int hci_conn_auth(struct hci_conn *conn)
++{
++ BT_DBG("conn %p", conn);
++
++ if (conn->link_mode & HCI_LM_AUTH)
++ return 1;
++
++ if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
++ auth_requested_cp ar;
++ ar.handle = __cpu_to_le16(conn->handle);
++ hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED,
++ AUTH_REQUESTED_CP_SIZE, &ar);
++ }
++ return 0;
++}
++
++/* Enable encryption */
++int hci_conn_encrypt(struct hci_conn *conn)
++{
++ BT_DBG("conn %p", conn);
++
++ if (conn->link_mode & HCI_LM_ENCRYPT)
++ return 1;
++
++ if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
++ return 0;
++
++ if (hci_conn_auth(conn)) {
++ set_conn_encrypt_cp ce;
++ ce.handle = __cpu_to_le16(conn->handle);
++ ce.encrypt = 1;
++ hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT,
++ SET_CONN_ENCRYPT_CP_SIZE, &ce);
++ }
++ return 0;
++}
++
++/* Drop all connection on the device */
++void hci_conn_hash_flush(struct hci_dev *hdev)
++{
++ struct conn_hash *h = &hdev->conn_hash;
++ struct list_head *p;
++
++ BT_DBG("hdev %s", hdev->name);
++
++ p = h->list.next;
++ while (p != &h->list) {
++ struct hci_conn *c;
++
++ c = list_entry(p, struct hci_conn, list);
++ p = p->next;
++
++ c->state = BT_CLOSED;
++
++ hci_proto_disconn_ind(c, 0x16);
++ hci_conn_del(c);
++ }
++}
++
++int hci_get_conn_list(unsigned long arg)
++{
++ struct hci_conn_list_req req, *cl;
++ struct hci_conn_info *ci;
++ struct hci_dev *hdev;
++ struct list_head *p;
++ int n = 0, size;
++
++ if (copy_from_user(&req, (void *) arg, sizeof(req)))
++ return -EFAULT;
++
++ if (!(hdev = hci_dev_get(req.dev_id)))
++ return -ENODEV;
++
++ size = req.conn_num * sizeof(struct hci_conn_info) + sizeof(req);
++
++ if (verify_area(VERIFY_WRITE, (void *)arg, size))
++ return -EFAULT;
++
++ if (!(cl = (void *) kmalloc(size, GFP_KERNEL)))
++ return -ENOMEM;
++ ci = cl->conn_info;
++
++ hci_dev_lock_bh(hdev);
++ list_for_each(p, &hdev->conn_hash.list) {
++ register struct hci_conn *c;
++ c = list_entry(p, struct hci_conn, list);
++
++ bacpy(&(ci + n)->bdaddr, &c->dst);
++ (ci + n)->handle = c->handle;
++ (ci + n)->type = c->type;
++ (ci + n)->out = c->out;
++ (ci + n)->state = c->state;
++ (ci + n)->link_mode = c->link_mode;
++ n++;
++ }
++ hci_dev_unlock_bh(hdev);
++
++ cl->dev_id = hdev->id;
++ cl->conn_num = n;
++ size = n * sizeof(struct hci_conn_info) + sizeof(req);
++
++ hci_dev_put(hdev);
++
++ copy_to_user((void *) arg, cl, size);
++ kfree(cl);
++
++ return 0;
++}
++
++int hci_get_conn_info(struct hci_dev *hdev, unsigned long arg)
++{
++ struct hci_conn_info_req req;
++ struct hci_conn_info ci;
++ struct hci_conn *conn;
++ char *ptr = (void *) arg + sizeof(req);
++
++ if (copy_from_user(&req, (void *) arg, sizeof(req)))
++ return -EFAULT;
++
++ if (verify_area(VERIFY_WRITE, ptr, sizeof(ci)))
++ return -EFAULT;
++
++ hci_dev_lock_bh(hdev);
++ conn = conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
++ if (conn) {
++ bacpy(&ci.bdaddr, &conn->dst);
++ ci.handle = conn->handle;
++ ci.type = conn->type;
++ ci.out = conn->out;
++ ci.state = conn->state;
++ ci.link_mode = conn->link_mode;
++ }
++ hci_dev_unlock_bh(hdev);
++
++ if (!conn)
++ return -ENOENT;
++
++ copy_to_user(ptr, &ci, sizeof(ci));
++ return 0;
++}
+diff -urN linux-2.4.18/net/bluetooth/hci_core.c linux-2.4.18-mh9/net/bluetooth/hci_core.c
+--- linux-2.4.18/net/bluetooth/hci_core.c Fri Nov 9 23:21:21 2001
++++ linux-2.4.18-mh9/net/bluetooth/hci_core.c Mon Aug 25 18:38:12 2003
+@@ -25,11 +25,12 @@
+ /*
+ * BlueZ HCI Core.
+ *
+- * $Id: hci_core.c,v 1.22 2001/08/03 04:19:50 maxk Exp $
++ * $Id: hci_core.c,v 1.14 2002/08/26 16:57:57 maxk Exp $
+ */
+
+ #include <linux/config.h>
+ #include <linux/module.h>
++#include <linux/kmod.h>
+
+ #include <linux/types.h>
+ #include <linux/errno.h>
+@@ -50,12 +51,11 @@
+ #include <asm/unaligned.h>
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+ #include <net/bluetooth/hci_core.h>
+
+ #ifndef HCI_CORE_DEBUG
+-#undef DBG
+-#define DBG( A... )
++#undef BT_DBG
++#define BT_DBG( A... )
+ #endif
+
+ static void hci_cmd_task(unsigned long arg);
+@@ -63,279 +63,69 @@
+ static void hci_tx_task(unsigned long arg);
+ static void hci_notify(struct hci_dev *hdev, int event);
+
+-static rwlock_t hci_task_lock = RW_LOCK_UNLOCKED;
++rwlock_t hci_task_lock = RW_LOCK_UNLOCKED;
+
+ /* HCI device list */
+-struct hci_dev *hdev_list[HCI_MAX_DEV];
+-spinlock_t hdev_list_lock;
+-#define GET_HDEV(a) (hdev_list[a])
+-
+-/* HCI protocol list */
+-struct hci_proto *hproto_list[HCI_MAX_PROTO];
+-#define GET_HPROTO(a) (hproto_list[a])
++LIST_HEAD(hdev_list);
++rwlock_t hdev_list_lock = RW_LOCK_UNLOCKED;
+
+-/* HCI notifiers list */
+-struct notifier_block *hci_dev_notifier;
+-
+-/* HCI device notifications */
+-int hci_register_notifier(struct notifier_block *nb)
+-{
+- int err, i;
+- struct hci_dev *hdev;
+-
+- if ((err = notifier_chain_register(&hci_dev_notifier, nb)))
+- return err;
+-
+- /* Notify about already registered devices */
+- spin_lock(&hdev_list_lock);
+- for (i = 0; i < HCI_MAX_DEV; i++) {
+- if (!(hdev = GET_HDEV(i)))
+- continue;
+- if (hdev->flags & HCI_UP)
+- (*nb->notifier_call)(nb, HCI_DEV_UP, hdev);
+- }
+- spin_unlock(&hdev_list_lock);
+-
+- return 0;
+-}
+-
+-int hci_unregister_notifier(struct notifier_block *nb)
+-{
+- return notifier_chain_unregister(&hci_dev_notifier, nb);
+-}
+-
+-static inline void hci_notify(struct hci_dev *hdev, int event)
+-{
+- notifier_call_chain(&hci_dev_notifier, event, hdev);
+-}
+-
+-/* Get HCI device by index (device is locked on return)*/
+-struct hci_dev *hci_dev_get(int index)
+-{
+- struct hci_dev *hdev;
+- DBG("%d", index);
+-
+- if (index < 0 || index >= HCI_MAX_DEV)
+- return NULL;
+-
+- spin_lock(&hdev_list_lock);
+- if ((hdev = GET_HDEV(index)))
+- hci_dev_hold(hdev);
+- spin_unlock(&hdev_list_lock);
+-
+- return hdev;
+-}
+-
+-/* Flush inquiry cache */
+-void inquiry_cache_flush(struct inquiry_cache *cache)
+-{
+- struct inquiry_entry *next = cache->list, *e;
+-
+- DBG("cache %p", cache);
+-
+- cache->list = NULL;
+- while ((e = next)) {
+- next = e->next;
+- kfree(e);
+- }
+-}
+-
+-/* Lookup by bdaddr.
+- * Cache must be locked. */
+-static struct inquiry_entry * __inquiry_cache_lookup(struct inquiry_cache *cache, bdaddr_t *bdaddr)
+-{
+- struct inquiry_entry *e;
+-
+- DBG("cache %p, %s", cache, batostr(bdaddr));
+-
+- for (e = cache->list; e; e = e->next)
+- if (!bacmp(&e->info.bdaddr, bdaddr))
+- break;
+-
+- return e;
+-}
+-
+-static void inquiry_cache_update(struct inquiry_cache *cache, inquiry_info *info)
+-{
+- struct inquiry_entry *e;
+-
+- DBG("cache %p, %s", cache, batostr(&info->bdaddr));
+-
+- inquiry_cache_lock(cache);
+-
+- if (!(e = __inquiry_cache_lookup(cache, &info->bdaddr))) {
+- /* Entry not in the cache. Add new one. */
+- if (!(e = kmalloc(sizeof(struct inquiry_entry), GFP_ATOMIC)))
+- goto unlock;
+- memset(e, 0, sizeof(struct inquiry_entry));
+- e->next = cache->list;
+- cache->list = e;
+- }
+-
+- memcpy(&e->info, info, sizeof(inquiry_info));
+- e->timestamp = jiffies;
+- cache->timestamp = jiffies;
+-unlock:
+- inquiry_cache_unlock(cache);
+-}
+-
+-static int inquiry_cache_dump(struct inquiry_cache *cache, int num, __u8 *buf)
+-{
+- inquiry_info *info = (inquiry_info *) buf;
+- struct inquiry_entry *e;
+- int copied = 0;
++/* HCI protocols */
++#define HCI_MAX_PROTO 2
++struct hci_proto *hci_proto[HCI_MAX_PROTO];
+
+- inquiry_cache_lock(cache);
+-
+- for (e = cache->list; e && copied < num; e = e->next, copied++)
+- memcpy(info++, &e->info, sizeof(inquiry_info));
++/* HCI notifiers list */
++static struct notifier_block *hci_notifier;
+
+- inquiry_cache_unlock(cache);
+
+- DBG("cache %p, copied %d", cache, copied);
+- return copied;
+-}
++/* ---- HCI notifications ---- */
+
+-/* --------- BaseBand connections --------- */
+-static struct hci_conn *hci_conn_add(struct hci_dev *hdev, __u16 handle, __u8 type, bdaddr_t *dst)
++int hci_register_notifier(struct notifier_block *nb)
+ {
+- struct hci_conn *conn;
+-
+- DBG("%s handle %d dst %s", hdev->name, handle, batostr(dst));
+-
+- if ( conn_hash_lookup(&hdev->conn_hash, handle)) {
+- ERR("%s handle 0x%x already exists", hdev->name, handle);
+- return NULL;
+- }
+-
+- if (!(conn = kmalloc(sizeof(struct hci_conn), GFP_ATOMIC)))
+- return NULL;
+- memset(conn, 0, sizeof(struct hci_conn));
+-
+- bacpy(&conn->dst, dst);
+- conn->handle = handle;
+- conn->type = type;
+- conn->hdev = hdev;
+-
+- skb_queue_head_init(&conn->data_q);
+-
+- hci_dev_hold(hdev);
+- conn_hash_add(&hdev->conn_hash, handle, conn);
+-
+- return conn;
++ return notifier_chain_register(&hci_notifier, nb);
+ }
+
+-static int hci_conn_del(struct hci_dev *hdev, struct hci_conn *conn)
++int hci_unregister_notifier(struct notifier_block *nb)
+ {
+- DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
+-
+- conn_hash_del(&hdev->conn_hash, conn);
+- hci_dev_put(hdev);
+-
+- /* Unacked frames */
+- hdev->acl_cnt += conn->sent;
+-
+- skb_queue_purge(&conn->data_q);
+-
+- kfree(conn);
+- return 0;
++ return notifier_chain_unregister(&hci_notifier, nb);
+ }
+
+-/* Drop all connection on the device */
+-static void hci_conn_hash_flush(struct hci_dev *hdev)
++void hci_notify(struct hci_dev *hdev, int event)
+ {
+- struct conn_hash *h = &hdev->conn_hash;
+- struct hci_proto *hp;
+- struct list_head *p;
+-
+- DBG("hdev %s", hdev->name);
+-
+- p = h->list.next;
+- while (p != &h->list) {
+- struct hci_conn *c;
+-
+- c = list_entry(p, struct hci_conn, list);
+- p = p->next;
+-
+- if (c->type == ACL_LINK) {
+- /* ACL link notify L2CAP layer */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->disconn_ind)
+- hp->disconn_ind(c, 0x16);
+- } else {
+- /* SCO link (no notification) */
+- }
+-
+- hci_conn_del(hdev, c);
+- }
++ notifier_call_chain(&hci_notifier, event, hdev);
+ }
+
+-int hci_connect(struct hci_dev *hdev, bdaddr_t *bdaddr)
+-{
+- struct inquiry_cache *cache = &hdev->inq_cache;
+- struct inquiry_entry *e;
+- create_conn_cp cc;
+- __u16 clock_offset;
+-
+- DBG("%s bdaddr %s", hdev->name, batostr(bdaddr));
+-
+- if (!(hdev->flags & HCI_UP))
+- return -ENODEV;
+-
+- inquiry_cache_lock_bh(cache);
+-
+- if (!(e = __inquiry_cache_lookup(cache, bdaddr)) || inquiry_entry_age(e) > INQUIRY_ENTRY_AGE_MAX) {
+- cc.pscan_rep_mode = 0;
+- cc.pscan_mode = 0;
+- clock_offset = 0;
+- } else {
+- cc.pscan_rep_mode = e->info.pscan_rep_mode;
+- cc.pscan_mode = e->info.pscan_mode;
+- clock_offset = __le16_to_cpu(e->info.clock_offset) & 0x8000;
+- }
+-
+- inquiry_cache_unlock_bh(cache);
+-
+- bacpy(&cc.bdaddr, bdaddr);
+- cc.pkt_type = __cpu_to_le16(hdev->pkt_type);
+- cc.clock_offset = __cpu_to_le16(clock_offset);
+-
+- if (lmp_rswitch_capable(hdev))
+- cc.role_switch = 0x01;
+- else
+- cc.role_switch = 0x00;
+-
+- hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, CREATE_CONN_CP_SIZE, &cc);
++/* ---- HCI hotplug support ---- */
+
+- return 0;
+-}
++#ifdef CONFIG_HOTPLUG
+
+-int hci_disconnect(struct hci_conn *conn, __u8 reason)
++static int hci_run_hotplug(char *dev, char *action)
+ {
+- disconnect_cp dc;
+-
+- DBG("conn %p handle %d", conn, conn->handle);
++ char *argv[3], *envp[5], dstr[20], astr[32];
+
+- dc.handle = __cpu_to_le16(conn->handle);
+- dc.reason = reason;
+- hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, DISCONNECT_CP_SIZE, &dc);
++ sprintf(dstr, "DEVICE=%s", dev);
++ sprintf(astr, "ACTION=%s", action);
+
+- return 0;
+-}
++ argv[0] = hotplug_path;
++ argv[1] = "bluetooth";
++ argv[2] = NULL;
+
+-/* --------- HCI request handling ------------ */
+-static inline void hci_req_lock(struct hci_dev *hdev)
+-{
+- down(&hdev->req_lock);
++ envp[0] = "HOME=/";
++ envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
++ envp[2] = dstr;
++ envp[3] = astr;
++ envp[4] = NULL;
++
++ return call_usermodehelper(argv[0], argv, envp);
+ }
++#else
++#define hci_run_hotplug(A...)
++#endif
+
+-static inline void hci_req_unlock(struct hci_dev *hdev)
+-{
+- up(&hdev->req_lock);
+-}
++/* ---- HCI requests ---- */
+
+-static inline void hci_req_complete(struct hci_dev *hdev, int result)
++void hci_req_complete(struct hci_dev *hdev, int result)
+ {
+- DBG("%s result 0x%2.2x", hdev->name, result);
++ BT_DBG("%s result 0x%2.2x", hdev->name, result);
+
+ if (hdev->req_status == HCI_REQ_PEND) {
+ hdev->req_result = result;
+@@ -344,9 +134,9 @@
+ }
+ }
+
+-static inline void hci_req_cancel(struct hci_dev *hdev, int err)
++void hci_req_cancel(struct hci_dev *hdev, int err)
+ {
+- DBG("%s err 0x%2.2x", hdev->name, err);
++ BT_DBG("%s err 0x%2.2x", hdev->name, err);
+
+ if (hdev->req_status == HCI_REQ_PEND) {
+ hdev->req_result = err;
+@@ -356,23 +146,22 @@
+ }
+
+ /* Execute request and wait for completion. */
+-static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
+- unsigned long opt, __u32 timeout)
++static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt), unsigned long opt, __u32 timeout)
+ {
+ DECLARE_WAITQUEUE(wait, current);
+ int err = 0;
+
+- DBG("%s start", hdev->name);
++ BT_DBG("%s start", hdev->name);
+
+ hdev->req_status = HCI_REQ_PEND;
+
+ add_wait_queue(&hdev->req_wait_q, &wait);
+- current->state = TASK_INTERRUPTIBLE;
++ set_current_state(TASK_INTERRUPTIBLE);
+
+ req(hdev, opt);
+ schedule_timeout(timeout);
+
+- current->state = TASK_RUNNING;
++ set_current_state(TASK_RUNNING);
+ remove_wait_queue(&hdev->req_wait_q, &wait);
+
+ if (signal_pending(current))
+@@ -394,7 +183,7 @@
+
+ hdev->req_status = hdev->req_result = 0;
+
+- DBG("%s end: err %d", hdev->name, err);
++ BT_DBG("%s end: err %d", hdev->name, err);
+
+ return err;
+ }
+@@ -412,10 +201,9 @@
+ return ret;
+ }
+
+-/* --------- HCI requests ---------- */
+ static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
+ {
+- DBG("%s %ld", hdev->name, opt);
++ BT_DBG("%s %ld", hdev->name, opt);
+
+ /* Reset device */
+ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_RESET, 0, NULL);
+@@ -423,10 +211,10 @@
+
+ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
+ {
+- set_event_flt_cp ec;
++ set_event_flt_cp ef;
+ __u16 param;
+
+- DBG("%s %ld", hdev->name, opt);
++ BT_DBG("%s %ld", hdev->name, opt);
+
+ /* Mandatory initialization */
+
+@@ -436,14 +224,30 @@
+ /* Read Buffer Size (ACL mtu, max pkt, etc.) */
+ hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE, 0, NULL);
+
++#if 0
++ /* Host buffer size */
++ {
++ host_buffer_size_cp bs;
++ bs.acl_mtu = __cpu_to_le16(HCI_MAX_ACL_SIZE);
++ bs.sco_mtu = HCI_MAX_SCO_SIZE;
++ bs.acl_max_pkt = __cpu_to_le16(0xffff);
++ bs.sco_max_pkt = __cpu_to_le16(0xffff);
++ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_HOST_BUFFER_SIZE,
++ HOST_BUFFER_SIZE_CP_SIZE, &bs);
++ }
++#endif
++
+ /* Read BD Address */
+ hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BD_ADDR, 0, NULL);
+
++ /* Read Voice Setting */
++ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_READ_VOICE_SETTING, 0, NULL);
++
+ /* Optional initialization */
+
+ /* Clear Event Filters */
+- ec.flt_type = FLT_CLEAR_ALL;
+- hci_send_cmd(hdev, OGF_HOST_CTL, OCF_SET_EVENT_FLT, 1, &ec);
++ ef.flt_type = FLT_CLEAR_ALL;
++ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_SET_EVENT_FLT, 1, &ef);
+
+ /* Page timeout ~20 secs */
+ param = __cpu_to_le16(0x8000);
+@@ -458,7 +262,7 @@
+ {
+ __u8 scan = opt;
+
+- DBG("%s %x", hdev->name, scan);
++ BT_DBG("%s %x", hdev->name, scan);
+
+ /* Inquiry and Page scans */
+ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 1, &scan);
+@@ -468,116 +272,272 @@
+ {
+ __u8 auth = opt;
+
+- DBG("%s %x", hdev->name, auth);
++ BT_DBG("%s %x", hdev->name, auth);
+
+ /* Authentication */
+ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE, 1, &auth);
+ }
+
+-static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
++static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
+ {
+- struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
+- inquiry_cp ic;
++ __u8 encrypt = opt;
+
+- DBG("%s", hdev->name);
++ BT_DBG("%s %x", hdev->name, encrypt);
+
+- /* Start Inquiry */
+- memcpy(&ic.lap, &ir->lap, 3);
+- ic.lenght = ir->length;
+- ic.num_rsp = ir->num_rsp;
+- hci_send_cmd(hdev, OGF_LINK_CTL, OCF_INQUIRY, INQUIRY_CP_SIZE, &ic);
++ /* Authentication */
++ hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE, 1, &encrypt);
+ }
+
+-/* HCI ioctl helpers */
+-int hci_dev_open(__u16 dev)
++/* Get HCI device by index.
++ * Device is locked on return. */
++struct hci_dev *hci_dev_get(int index)
+ {
+ struct hci_dev *hdev;
+- int ret = 0;
+-
+- if (!(hdev = hci_dev_get(dev)))
+- return -ENODEV;
++ struct list_head *p;
+
+- DBG("%s %p", hdev->name, hdev);
++ BT_DBG("%d", index);
+
+- hci_req_lock(hdev);
++ if (index < 0)
++ return NULL;
+
+- if (hdev->flags & HCI_UP) {
+- ret = -EALREADY;
+- goto done;
++ read_lock(&hdev_list_lock);
++ list_for_each(p, &hdev_list) {
++ hdev = list_entry(p, struct hci_dev, list);
++ if (hdev->id == index) {
++ hci_dev_hold(hdev);
++ goto done;
++ }
+ }
++ hdev = NULL;
++done:
++ read_unlock(&hdev_list_lock);
++ return hdev;
++}
+
+- if (hdev->open(hdev)) {
+- ret = -EIO;
+- goto done;
+- }
++/* ---- Inquiry support ---- */
++void inquiry_cache_flush(struct hci_dev *hdev)
++{
++ struct inquiry_cache *cache = &hdev->inq_cache;
++ struct inquiry_entry *next = cache->list, *e;
+
+- if (hdev->flags & HCI_NORMAL) {
+- atomic_set(&hdev->cmd_cnt, 1);
+- hdev->flags |= HCI_INIT;
++ BT_DBG("cache %p", cache);
+
+- //__hci_request(hdev, hci_reset_req, 0, HZ);
+- ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
+-
+- hdev->flags &= ~HCI_INIT;
++ cache->list = NULL;
++ while ((e = next)) {
++ next = e->next;
++ kfree(e);
+ }
++}
+
+- if (!ret) {
+- hdev->flags |= HCI_UP;
+- hci_notify(hdev, HCI_DEV_UP);
+- } else {
+- /* Init failed, cleanup */
+- tasklet_kill(&hdev->rx_task);
+- tasklet_kill(&hdev->tx_task);
+- tasklet_kill(&hdev->cmd_task);
++struct inquiry_entry *inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
++{
++ struct inquiry_cache *cache = &hdev->inq_cache;
++ struct inquiry_entry *e;
+
+- skb_queue_purge(&hdev->cmd_q);
+- skb_queue_purge(&hdev->rx_q);
++ BT_DBG("cache %p, %s", cache, batostr(bdaddr));
+
+- if (hdev->flush)
+- hdev->flush(hdev);
++ for (e = cache->list; e; e = e->next)
++ if (!bacmp(&e->info.bdaddr, bdaddr))
++ break;
++ return e;
++}
+
+- if (hdev->sent_cmd) {
+- kfree_skb(hdev->sent_cmd);
+- hdev->sent_cmd = NULL;
+- }
++void inquiry_cache_update(struct hci_dev *hdev, inquiry_info *info)
++{
++ struct inquiry_cache *cache = &hdev->inq_cache;
++ struct inquiry_entry *e;
+
+- hdev->close(hdev);
+- }
++ BT_DBG("cache %p, %s", cache, batostr(&info->bdaddr));
+
+-done:
+- hci_req_unlock(hdev);
+- hci_dev_put(hdev);
++ if (!(e = inquiry_cache_lookup(hdev, &info->bdaddr))) {
++ /* Entry not in the cache. Add new one. */
++ if (!(e = kmalloc(sizeof(struct inquiry_entry), GFP_ATOMIC)))
++ return;
++ memset(e, 0, sizeof(struct inquiry_entry));
++ e->next = cache->list;
++ cache->list = e;
++ }
+
+- return ret;
++ memcpy(&e->info, info, sizeof(inquiry_info));
++ e->timestamp = jiffies;
++ cache->timestamp = jiffies;
+ }
+
+-int hci_dev_close(__u16 dev)
++int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
+ {
+- struct hci_dev *hdev;
+-
+- if (!(hdev = hci_dev_get(dev)))
+- return -ENODEV;
++ struct inquiry_cache *cache = &hdev->inq_cache;
++ inquiry_info *info = (inquiry_info *) buf;
++ struct inquiry_entry *e;
++ int copied = 0;
+
+- DBG("%s %p", hdev->name, hdev);
++ for (e = cache->list; e && copied < num; e = e->next, copied++)
++ memcpy(info++, &e->info, sizeof(inquiry_info));
+
+- hci_req_cancel(hdev, ENODEV);
+- hci_req_lock(hdev);
++ BT_DBG("cache %p, copied %d", cache, copied);
++ return copied;
++}
+
+- if (!(hdev->flags & HCI_UP))
+- goto done;
++static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
++{
++ struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
++ inquiry_cp ic;
+
+- /* Kill RX and TX tasks */
+- tasklet_kill(&hdev->rx_task);
+- tasklet_kill(&hdev->tx_task);
++ BT_DBG("%s", hdev->name);
+
+- inquiry_cache_flush(&hdev->inq_cache);
++ if (test_bit(HCI_INQUIRY, &hdev->flags))
++ return;
+
+- hci_conn_hash_flush(hdev);
++ /* Start Inquiry */
++ memcpy(&ic.lap, &ir->lap, 3);
++ ic.length = ir->length;
++ ic.num_rsp = ir->num_rsp;
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_INQUIRY, INQUIRY_CP_SIZE, &ic);
++}
+
+- /* Clear flags */
+- hdev->flags &= HCI_SOCK;
+- hdev->flags |= HCI_NORMAL;
++int hci_inquiry(unsigned long arg)
++{
++ struct hci_inquiry_req ir;
++ struct hci_dev *hdev;
++ int err = 0, do_inquiry = 0, max_rsp;
++ long timeo;
++ __u8 *buf, *ptr;
+
++ ptr = (void *) arg;
++ if (copy_from_user(&ir, ptr, sizeof(ir)))
++ return -EFAULT;
++
++ if (!(hdev = hci_dev_get(ir.dev_id)))
++ return -ENODEV;
++
++ hci_dev_lock_bh(hdev);
++ if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
++ ir.flags & IREQ_CACHE_FLUSH) {
++ inquiry_cache_flush(hdev);
++ do_inquiry = 1;
++ }
++ hci_dev_unlock_bh(hdev);
++
++ timeo = ir.length * 2 * HZ;
++ if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0)
++ goto done;
++
++ /* for unlimited number of responses we will use buffer with 255 entries */
++ max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
++
++ /* cache_dump can't sleep. Therefore we allocate temp buffer and then
++ * copy it to the user space.
++ */
++ if (!(buf = kmalloc(sizeof(inquiry_info) * max_rsp, GFP_KERNEL))) {
++ err = -ENOMEM;
++ goto done;
++ }
++
++ hci_dev_lock_bh(hdev);
++ ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
++ hci_dev_unlock_bh(hdev);
++
++ BT_DBG("num_rsp %d", ir.num_rsp);
++
++ if (!verify_area(VERIFY_WRITE, ptr, sizeof(ir) +
++ (sizeof(inquiry_info) * ir.num_rsp))) {
++ copy_to_user(ptr, &ir, sizeof(ir));
++ ptr += sizeof(ir);
++ copy_to_user(ptr, buf, sizeof(inquiry_info) * ir.num_rsp);
++ } else
++ err = -EFAULT;
++
++ kfree(buf);
++
++done:
++ hci_dev_put(hdev);
++ return err;
++}
++
++/* ---- HCI ioctl helpers ---- */
++
++int hci_dev_open(__u16 dev)
++{
++ struct hci_dev *hdev;
++ int ret = 0;
++
++ if (!(hdev = hci_dev_get(dev)))
++ return -ENODEV;
++
++ BT_DBG("%s %p", hdev->name, hdev);
++
++ hci_req_lock(hdev);
++
++ if (test_bit(HCI_UP, &hdev->flags)) {
++ ret = -EALREADY;
++ goto done;
++ }
++
++ if (hdev->open(hdev)) {
++ ret = -EIO;
++ goto done;
++ }
++
++ if (!test_bit(HCI_RAW, &hdev->flags)) {
++ atomic_set(&hdev->cmd_cnt, 1);
++ set_bit(HCI_INIT, &hdev->flags);
++
++ //__hci_request(hdev, hci_reset_req, 0, HZ);
++ ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
++
++ clear_bit(HCI_INIT, &hdev->flags);
++ }
++
++ if (!ret) {
++ set_bit(HCI_UP, &hdev->flags);
++ hci_notify(hdev, HCI_DEV_UP);
++ } else {
++ /* Init failed, cleanup */
++ tasklet_kill(&hdev->rx_task);
++ tasklet_kill(&hdev->tx_task);
++ tasklet_kill(&hdev->cmd_task);
++
++ skb_queue_purge(&hdev->cmd_q);
++ skb_queue_purge(&hdev->rx_q);
++
++ if (hdev->flush)
++ hdev->flush(hdev);
++
++ if (hdev->sent_cmd) {
++ kfree_skb(hdev->sent_cmd);
++ hdev->sent_cmd = NULL;
++ }
++
++ hdev->close(hdev);
++ hdev->flags = 0;
++ }
++
++done:
++ hci_req_unlock(hdev);
++ hci_dev_put(hdev);
++ return ret;
++}
++
++static int hci_dev_do_close(struct hci_dev *hdev)
++{
++ BT_DBG("%s %p", hdev->name, hdev);
++
++ hci_req_cancel(hdev, ENODEV);
++ hci_req_lock(hdev);
++
++ if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
++ hci_req_unlock(hdev);
++ return 0;
++ }
++
++ /* Kill RX and TX tasks */
++ tasklet_kill(&hdev->rx_task);
++ tasklet_kill(&hdev->tx_task);
++
++ hci_dev_lock_bh(hdev);
++ inquiry_cache_flush(hdev);
++ hci_conn_hash_flush(hdev);
++ hci_dev_unlock_bh(hdev);
++
+ hci_notify(hdev, HCI_DEV_DOWN);
+
+ if (hdev->flush)
+@@ -586,9 +546,9 @@
+ /* Reset device */
+ skb_queue_purge(&hdev->cmd_q);
+ atomic_set(&hdev->cmd_cnt, 1);
+- hdev->flags |= HCI_INIT;
+- __hci_request(hdev, hci_reset_req, 0, HZ);
+- hdev->flags &= ~HCI_INIT;
++ set_bit(HCI_INIT, &hdev->flags);
++ __hci_request(hdev, hci_reset_req, 0, HZ/4);
++ clear_bit(HCI_INIT, &hdev->flags);
+
+ /* Kill cmd task */
+ tasklet_kill(&hdev->cmd_task);
+@@ -605,17 +565,28 @@
+ }
+
+ /* After this point our queues are empty
+- * and no tasks are scheduled.
+- */
++ * and no tasks are scheduled. */
+ hdev->close(hdev);
+
+-done:
+- hci_req_unlock(hdev);
+- hci_dev_put(hdev);
++ /* Clear flags */
++ hdev->flags = 0;
+
++ hci_req_unlock(hdev);
+ return 0;
+ }
+
++int hci_dev_close(__u16 dev)
++{
++ struct hci_dev *hdev;
++ int err;
++
++ if (!(hdev = hci_dev_get(dev)))
++ return -ENODEV;
++ err = hci_dev_do_close(hdev);
++ hci_dev_put(hdev);
++ return err;
++}
++
+ int hci_dev_reset(__u16 dev)
+ {
+ struct hci_dev *hdev;
+@@ -627,16 +598,17 @@
+ hci_req_lock(hdev);
+ tasklet_disable(&hdev->tx_task);
+
+- if (!(hdev->flags & HCI_UP))
++ if (!test_bit(HCI_UP, &hdev->flags))
+ goto done;
+
+ /* Drop queues */
+ skb_queue_purge(&hdev->rx_q);
+ skb_queue_purge(&hdev->cmd_q);
+
+- inquiry_cache_flush(&hdev->inq_cache);
+-
++ hci_dev_lock_bh(hdev);
++ inquiry_cache_flush(hdev);
+ hci_conn_hash_flush(hdev);
++ hci_dev_unlock_bh(hdev);
+
+ if (hdev->flush)
+ hdev->flush(hdev);
+@@ -650,7 +622,6 @@
+ tasklet_enable(&hdev->tx_task);
+ hci_req_unlock(hdev);
+ hci_dev_put(hdev);
+-
+ return ret;
+ }
+
+@@ -669,30 +640,11 @@
+ return ret;
+ }
+
+-int hci_dev_setauth(unsigned long arg)
+-{
+- struct hci_dev *hdev;
+- struct hci_dev_req dr;
+- int ret = 0;
+-
+- if (copy_from_user(&dr, (void *) arg, sizeof(dr)))
+- return -EFAULT;
+-
+- if (!(hdev = hci_dev_get(dr.dev_id)))
+- return -ENODEV;
+-
+- ret = hci_request(hdev, hci_auth_req, dr.dev_opt, HCI_INIT_TIMEOUT);
+-
+- hci_dev_put(hdev);
+-
+- return ret;
+-}
+-
+-int hci_dev_setscan(unsigned long arg)
++int hci_dev_cmd(unsigned int cmd, unsigned long arg)
+ {
+ struct hci_dev *hdev;
+ struct hci_dev_req dr;
+- int ret = 0;
++ int err = 0;
+
+ if (copy_from_user(&dr, (void *) arg, sizeof(dr)))
+ return -EFAULT;
+@@ -700,48 +652,78 @@
+ if (!(hdev = hci_dev_get(dr.dev_id)))
+ return -ENODEV;
+
+- ret = hci_request(hdev, hci_scan_req, dr.dev_opt, HCI_INIT_TIMEOUT);
+-
+- hci_dev_put(hdev);
++ switch (cmd) {
++ case HCISETAUTH:
++ err = hci_request(hdev, hci_auth_req, dr.dev_opt, HCI_INIT_TIMEOUT);
++ break;
+
+- return ret;
+-}
++ case HCISETENCRYPT:
++ if (!lmp_encrypt_capable(hdev)) {
++ err = -EOPNOTSUPP;
++ break;
++ }
+
+-int hci_dev_setptype(unsigned long arg)
+-{
+- struct hci_dev *hdev;
+- struct hci_dev_req dr;
+- int ret = 0;
++ if (!test_bit(HCI_AUTH, &hdev->flags)) {
++ /* Auth must be enabled first */
++ err = hci_request(hdev, hci_auth_req,
++ dr.dev_opt, HCI_INIT_TIMEOUT);
++ if (err)
++ break;
++ }
++
++ err = hci_request(hdev, hci_encrypt_req,
++ dr.dev_opt, HCI_INIT_TIMEOUT);
++ break;
++
++ case HCISETSCAN:
++ err = hci_request(hdev, hci_scan_req, dr.dev_opt, HCI_INIT_TIMEOUT);
++ break;
++
++ case HCISETPTYPE:
++ hdev->pkt_type = (__u16) dr.dev_opt;
++ break;
++
++ case HCISETLINKPOL:
++ hdev->link_policy = (__u16) dr.dev_opt;
++ break;
+
+- if (copy_from_user(&dr, (void *) arg, sizeof(dr)))
+- return -EFAULT;
++ case HCISETLINKMODE:
++ hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT);
++ break;
+
+- if (!(hdev = hci_dev_get(dr.dev_id)))
+- return -ENODEV;
++ case HCISETACLMTU:
++ hdev->acl_mtu = *((__u16 *)&dr.dev_opt + 1);
++ hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0);
++ break;
+
+- hdev->pkt_type = (__u16) dr.dev_opt;
++ case HCISETSCOMTU:
++ hdev->sco_mtu = *((__u16 *)&dr.dev_opt + 1);
++ hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0);
++ break;
+
++ default:
++ err = -EINVAL;
++ break;
++ }
+ hci_dev_put(hdev);
+-
+- return ret;
++ return err;
+ }
+
+-int hci_dev_list(unsigned long arg)
++int hci_get_dev_list(unsigned long arg)
+ {
+ struct hci_dev_list_req *dl;
+ struct hci_dev_req *dr;
+- struct hci_dev *hdev;
+- int i, n, size;
++ struct list_head *p;
++ int n = 0, size;
+ __u16 dev_num;
+
+ if (get_user(dev_num, (__u16 *) arg))
+ return -EFAULT;
+
+- /* Avoid long loop, overflow */
+- if (dev_num > 2048)
++ if (!dev_num)
+ return -EINVAL;
+
+- size = dev_num * sizeof(struct hci_dev_req) + sizeof(__u16);
++ size = dev_num * sizeof(*dr) + sizeof(*dl);
+
+ if (verify_area(VERIFY_WRITE, (void *) arg, size))
+ return -EFAULT;
+@@ -750,25 +732,27 @@
+ return -ENOMEM;
+ dr = dl->dev_req;
+
+- spin_lock_bh(&hdev_list_lock);
+- for (i = 0, n = 0; i < HCI_MAX_DEV && n < dev_num; i++) {
+- if ((hdev = hdev_list[i])) {
+- (dr + n)->dev_id = hdev->id;
+- (dr + n)->dev_opt = hdev->flags;
+- n++;
+- }
++ read_lock_bh(&hdev_list_lock);
++ list_for_each(p, &hdev_list) {
++ struct hci_dev *hdev;
++ hdev = list_entry(p, struct hci_dev, list);
++ (dr + n)->dev_id = hdev->id;
++ (dr + n)->dev_opt = hdev->flags;
++ if (++n >= dev_num)
++ break;
+ }
+- spin_unlock_bh(&hdev_list_lock);
++ read_unlock_bh(&hdev_list_lock);
+
+ dl->dev_num = n;
+- size = n * sizeof(struct hci_dev_req) + sizeof(__u16);
++ size = n * sizeof(*dr) + sizeof(*dl);
+
+ copy_to_user((void *) arg, dl, size);
++ kfree(dl);
+
+ return 0;
+ }
+
+-int hci_dev_info(unsigned long arg)
++int hci_get_dev_info(unsigned long arg)
+ {
+ struct hci_dev *hdev;
+ struct hci_dev_info di;
+@@ -786,9 +770,11 @@
+ di.flags = hdev->flags;
+ di.pkt_type = hdev->pkt_type;
+ di.acl_mtu = hdev->acl_mtu;
+- di.acl_max = hdev->acl_max;
++ di.acl_pkts = hdev->acl_pkts;
+ di.sco_mtu = hdev->sco_mtu;
+- di.sco_max = hdev->sco_max;
++ di.sco_pkts = hdev->sco_pkts;
++ di.link_policy = hdev->link_policy;
++ di.link_mode = hdev->link_mode;
+
+ memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
+ memcpy(&di.features, &hdev->features, sizeof(di.features));
+@@ -801,258 +787,168 @@
+ return err;
+ }
+
+-__u32 hci_dev_setmode(struct hci_dev *hdev, __u32 mode)
+-{
+- __u32 omode = hdev->flags & HCI_MODE_MASK;
+-
+- hdev->flags &= ~HCI_MODE_MASK;
+- hdev->flags |= (mode & HCI_MODE_MASK);
+
+- return omode;
+-}
++/* ---- Interface to HCI drivers ---- */
+
+-__u32 hci_dev_getmode(struct hci_dev *hdev)
++/* Register HCI device */
++int hci_register_dev(struct hci_dev *hdev)
+ {
+- return hdev->flags & HCI_MODE_MASK;
+-}
++ struct list_head *head = &hdev_list, *p;
++ int id = 0;
+
+-int hci_conn_list(unsigned long arg)
+-{
+- struct hci_conn_list_req req, *cl;
+- struct hci_conn_info *ci;
+- struct hci_dev *hdev;
+- struct list_head *p;
+- int n = 0, size;
++ BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
+
+- if (copy_from_user(&req, (void *) arg, sizeof(req)))
+- return -EFAULT;
++ if (!hdev->open || !hdev->close || !hdev->destruct)
++ return -EINVAL;
+
+- if (!(hdev = hci_dev_get(req.dev_id)))
+- return -ENODEV;
++ write_lock_bh(&hdev_list_lock);
+
+- /* Set a limit to avoid overlong loops, and also numeric overflow - AC */
+- if(req.conn_num < 2048)
+- return -EINVAL;
++ /* Find first available device id */
++ list_for_each(p, &hdev_list) {
++ if (list_entry(p, struct hci_dev, list)->id != id)
++ break;
++ head = p; id++;
++ }
+
+- size = req.conn_num * sizeof(struct hci_conn_info) + sizeof(req);
+-
+- if (!(cl = kmalloc(size, GFP_KERNEL)))
+- return -ENOMEM;
+- ci = cl->conn_info;
++ sprintf(hdev->name, "hci%d", id);
++ hdev->id = id;
++ list_add(&hdev->list, head);
+
+- local_bh_disable();
+- conn_hash_lock(&hdev->conn_hash);
+- list_for_each(p, &hdev->conn_hash.list) {
+- register struct hci_conn *c;
+- c = list_entry(p, struct hci_conn, list);
++ atomic_set(&hdev->refcnt, 1);
++ spin_lock_init(&hdev->lock);
++
++ hdev->flags = 0;
++ hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
++ hdev->link_mode = (HCI_LM_ACCEPT);
+
+- (ci + n)->handle = c->handle;
+- bacpy(&(ci + n)->bdaddr, &c->dst);
+- n++;
+- }
+- conn_hash_unlock(&hdev->conn_hash);
+- local_bh_enable();
+-
+- cl->dev_id = hdev->id;
+- cl->conn_num = n;
+- size = n * sizeof(struct hci_conn_info) + sizeof(req);
++ tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev);
++ tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
++ tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
+
+- hci_dev_put(hdev);
++ skb_queue_head_init(&hdev->rx_q);
++ skb_queue_head_init(&hdev->cmd_q);
++ skb_queue_head_init(&hdev->raw_q);
+
+- if(copy_to_user((void *) arg, cl, size))
+- return -EFAULT;
+- return 0;
+-}
++ init_waitqueue_head(&hdev->req_wait_q);
++ init_MUTEX(&hdev->req_lock);
+
+-int hci_inquiry(unsigned long arg)
+-{
+- struct inquiry_cache *cache;
+- struct hci_inquiry_req ir;
+- struct hci_dev *hdev;
+- int err = 0, do_inquiry = 0;
+- long timeo;
+- __u8 *buf, *ptr;
++ inquiry_cache_init(hdev);
+
+- ptr = (void *) arg;
+- if (copy_from_user(&ir, ptr, sizeof(ir)))
+- return -EFAULT;
++ conn_hash_init(hdev);
+
+- if (!(hdev = hci_dev_get(ir.dev_id)))
+- return -ENODEV;
++ memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
+
+- cache = &hdev->inq_cache;
++ atomic_set(&hdev->promisc, 0);
+
+- inquiry_cache_lock(cache);
+- if (inquiry_cache_age(cache) > INQUIRY_CACHE_AGE_MAX || ir.flags & IREQ_CACHE_FLUSH) {
+- inquiry_cache_flush(cache);
+- do_inquiry = 1;
+- }
+- inquiry_cache_unlock(cache);
++ MOD_INC_USE_COUNT;
+
+- /* Limit inquiry time, also avoid overflows */
++ write_unlock_bh(&hdev_list_lock);
+
+- if(ir.length > 2048 || ir.num_rsp > 2048)
+- {
+- err = -EINVAL;
+- goto done;
+- }
++ hci_notify(hdev, HCI_DEV_REG);
++ hci_run_hotplug(hdev->name, "register");
+
+- timeo = ir.length * 2 * HZ;
+- if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0)
+- goto done;
++ return id;
++}
+
+- /* cache_dump can't sleep. Therefore we allocate temp buffer and then
+- * copy it to the user space.
+- */
+- if (!(buf = kmalloc(sizeof(inquiry_info) * ir.num_rsp, GFP_KERNEL))) {
+- err = -ENOMEM;
+- goto done;
+- }
+- ir.num_rsp = inquiry_cache_dump(cache, ir.num_rsp, buf);
++/* Unregister HCI device */
++int hci_unregister_dev(struct hci_dev *hdev)
++{
++ BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
+
+- DBG("num_rsp %d", ir.num_rsp);
++ write_lock_bh(&hdev_list_lock);
++ list_del(&hdev->list);
++ write_unlock_bh(&hdev_list_lock);
+
+- if (!verify_area(VERIFY_WRITE, ptr, sizeof(ir) + (sizeof(inquiry_info) * ir.num_rsp))) {
+- copy_to_user(ptr, &ir, sizeof(ir));
+- ptr += sizeof(ir);
+- copy_to_user(ptr, buf, sizeof(inquiry_info) * ir.num_rsp);
+- } else
+- err = -EFAULT;
++ hci_dev_do_close(hdev);
+
+- kfree(buf);
++ hci_notify(hdev, HCI_DEV_UNREG);
++ hci_run_hotplug(hdev->name, "unregister");
+
+-done:
+ hci_dev_put(hdev);
+
+- return err;
++ MOD_DEC_USE_COUNT;
++ return 0;
+ }
+
+-/* Interface to HCI drivers */
+-
+-/* Register HCI device */
+-int hci_register_dev(struct hci_dev *hdev)
++/* Suspend HCI device */
++int hci_suspend_dev(struct hci_dev *hdev)
+ {
+- int i;
+-
+- DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
+-
+- /* Find free slot */
+- spin_lock_bh(&hdev_list_lock);
+- for (i = 0; i < HCI_MAX_DEV; i++) {
+- if (!hdev_list[i]) {
+- hdev_list[i] = hdev;
++ hci_notify(hdev, HCI_DEV_SUSPEND);
++ hci_run_hotplug(hdev->name, "suspend");
++ return 0;
++}
+
+- sprintf(hdev->name, "hci%d", i);
+- atomic_set(&hdev->refcnt, 0);
+- hdev->id = i;
+- hdev->flags = HCI_NORMAL;
++/* Resume HCI device */
++int hci_resume_dev(struct hci_dev *hdev)
++{
++ hci_notify(hdev, HCI_DEV_RESUME);
++ hci_run_hotplug(hdev->name, "resume");
++ return 0;
++}
+
+- hdev->pkt_type = (HCI_DM1 | HCI_DH1);
+-
+- tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
+- tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
+- tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
+-
+- skb_queue_head_init(&hdev->rx_q);
+- skb_queue_head_init(&hdev->cmd_q);
+- skb_queue_head_init(&hdev->raw_q);
+-
+- init_waitqueue_head(&hdev->req_wait_q);
+- init_MUTEX(&hdev->req_lock);
+-
+- inquiry_cache_init(&hdev->inq_cache);
+-
+- conn_hash_init(&hdev->conn_hash);
+-
+- memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
+-
+- hci_notify(hdev, HCI_DEV_REG);
+-
+- MOD_INC_USE_COUNT;
+- break;
+- }
+- }
+- spin_unlock_bh(&hdev_list_lock);
+-
+- return (i == HCI_MAX_DEV) ? -1 : i;
+-}
+-
+-/* Unregister HCI device */
+-int hci_unregister_dev(struct hci_dev *hdev)
++/* Receive frame from HCI drivers */
++int hci_recv_frame(struct sk_buff *skb)
+ {
+- int i;
+-
+- DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
+-
+- if (hdev->flags & HCI_UP)
+- hci_dev_close(hdev->id);
++ struct hci_dev *hdev = (struct hci_dev *) skb->dev;
+
+- /* Find device slot */
+- spin_lock(&hdev_list_lock);
+- for (i = 0; i < HCI_MAX_DEV; i++) {
+- if (hdev_list[i] == hdev) {
+- hdev_list[i] = NULL;
+- MOD_DEC_USE_COUNT;
+- break;
+- }
++ if (!hdev || (!test_bit(HCI_UP, &hdev->flags) &&
++ !test_bit(HCI_INIT, &hdev->flags)) ) {
++ kfree_skb(skb);
++ return -1;
+ }
+- spin_unlock(&hdev_list_lock);
+-
+- hci_notify(hdev, HCI_DEV_UNREG);
+
+- /* Sleep while device is in use */
+- while (atomic_read(&hdev->refcnt)) {
+- int sleep_cnt = 100;
++ BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
+
+- DBG("%s sleeping on lock %d", hdev->name, atomic_read(&hdev->refcnt));
++ /* Incomming skb */
++ bluez_cb(skb)->incomming = 1;
+
+- sleep_on_timeout(&hdev->req_wait_q, HZ*10);
+- if (!(--sleep_cnt))
+- break;
+- }
++ /* Time stamp */
++ do_gettimeofday(&skb->stamp);
+
++ /* Queue frame for rx task */
++ skb_queue_tail(&hdev->rx_q, skb);
++ hci_sched_rx(hdev);
+ return 0;
+ }
+
+-/* Interface to upper protocols */
++/* ---- Interface to upper protocols ---- */
+
+ /* Register/Unregister protocols.
+- * hci_task_lock is used to ensure that no tasks are running.
+- */
+-int hci_register_proto(struct hci_proto *hproto)
++ * hci_task_lock is used to ensure that no tasks are running. */
++int hci_register_proto(struct hci_proto *hp)
+ {
+ int err = 0;
+
+- DBG("%p name %s", hproto, hproto->name);
++ BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
+
+- if (hproto->id >= HCI_MAX_PROTO)
++ if (hp->id >= HCI_MAX_PROTO)
+ return -EINVAL;
+
+ write_lock_bh(&hci_task_lock);
+
+- if (!hproto_list[hproto->id])
+- hproto_list[hproto->id] = hproto;
++ if (!hci_proto[hp->id])
++ hci_proto[hp->id] = hp;
+ else
+- err = -1;
++ err = -EEXIST;
+
+ write_unlock_bh(&hci_task_lock);
+
+ return err;
+ }
+
+-int hci_unregister_proto(struct hci_proto *hproto)
++int hci_unregister_proto(struct hci_proto *hp)
+ {
+ int err = 0;
+
+- DBG("%p name %s", hproto, hproto->name);
++ BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
+
+- if (hproto->id > HCI_MAX_PROTO)
++ if (hp->id >= HCI_MAX_PROTO)
+ return -EINVAL;
+
+ write_lock_bh(&hci_task_lock);
+
+- if (hproto_list[hproto->id])
+- hproto_list[hproto->id] = NULL;
++ if (hci_proto[hp->id])
++ hci_proto[hp->id] = NULL;
+ else
+ err = -ENOENT;
+
+@@ -1070,10 +966,14 @@
+ return -ENODEV;
+ }
+
+- DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
++ BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
++
++ if (atomic_read(&hdev->promisc)) {
++ /* Time stamp */
++ do_gettimeofday(&skb->stamp);
+
+- if (hdev->flags & HCI_SOCK)
+ hci_send_to_sock(hdev, skb);
++ }
+
+ /* Get rid of skb owner, prior to sending to the driver. */
+ skb_orphan(skb);
+@@ -1081,128 +981,6 @@
+ return hdev->send(skb);
+ }
+
+-/* Connection scheduler */
+-static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
+-{
+- struct conn_hash *h = &hdev->conn_hash;
+- struct hci_conn *conn = NULL;
+- int num = 0, min = 0xffff;
+- struct list_head *p;
+-
+- conn_hash_lock(h);
+- list_for_each(p, &h->list) {
+- register struct hci_conn *c;
+-
+- c = list_entry(p, struct hci_conn, list);
+-
+- if (c->type != type || skb_queue_empty(&c->data_q))
+- continue;
+- num++;
+-
+- if (c->sent < min) {
+- min = c->sent;
+- conn = c;
+- }
+- }
+- conn_hash_unlock(h);
+-
+- if (conn) {
+- int q = hdev->acl_cnt / num;
+- *quote = q ? q : 1;
+- } else
+- *quote = 0;
+-
+- DBG("conn %p quote %d", conn, *quote);
+-
+- return conn;
+-}
+-
+-static inline void hci_sched_acl(struct hci_dev *hdev)
+-{
+- struct hci_conn *conn;
+- struct sk_buff *skb;
+- int quote;
+-
+- DBG("%s", hdev->name);
+-
+- while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) {
+- while (quote && (skb = skb_dequeue(&conn->data_q))) {
+- DBG("skb %p len %d", skb, skb->len);
+-
+- hci_send_frame(skb);
+-
+- conn->sent++;
+- hdev->acl_cnt--;
+- quote--;
+- }
+- }
+-}
+-
+-/* Schedule SCO */
+-static inline void hci_sched_sco(struct hci_dev *hdev)
+-{
+- /* FIXME: For now we queue SCO packets to the raw queue
+-
+- while (hdev->sco_cnt && (skb = skb_dequeue(&conn->data_q))) {
+- hci_send_frame(skb);
+- conn->sco_sent++;
+- hdev->sco_cnt--;
+- }
+- */
+-}
+-
+-/* Get data from the previously sent command */
+-static void * hci_sent_cmd_data(struct hci_dev *hdev, __u16 ogf, __u16 ocf)
+-{
+- hci_command_hdr *hc;
+-
+- if (!hdev->sent_cmd)
+- return NULL;
+-
+- hc = (void *) hdev->sent_cmd->data;
+-
+- if (hc->opcode != __cpu_to_le16(cmd_opcode_pack(ogf, ocf)))
+- return NULL;
+-
+- DBG("%s ogf 0x%x ocf 0x%x", hdev->name, ogf, ocf);
+-
+- return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
+-}
+-
+-/* Send raw HCI frame */
+-int hci_send_raw(struct sk_buff *skb)
+-{
+- struct hci_dev *hdev = (struct hci_dev *) skb->dev;
+-
+- if (!hdev) {
+- kfree_skb(skb);
+- return -ENODEV;
+- }
+-
+- DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
+-
+- if (hdev->flags & HCI_NORMAL) {
+- /* Queue frame according it's type */
+- switch (skb->pkt_type) {
+- case HCI_COMMAND_PKT:
+- skb_queue_tail(&hdev->cmd_q, skb);
+- hci_sched_cmd(hdev);
+- return 0;
+-
+- case HCI_ACLDATA_PKT:
+- case HCI_SCODATA_PKT:
+- /* FIXME:
+- * Check header here and queue to apropriate connection.
+- */
+- break;
+- }
+- }
+-
+- skb_queue_tail(&hdev->raw_q, skb);
+- hci_sched_tx(hdev);
+- return 0;
+-}
+-
+ /* Send HCI command */
+ int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void *param)
+ {
+@@ -1210,10 +988,10 @@
+ hci_command_hdr *hc;
+ struct sk_buff *skb;
+
+- DBG("%s ogf 0x%x ocf 0x%x plen %d", hdev->name, ogf, ocf, plen);
++ BT_DBG("%s ogf 0x%x ocf 0x%x plen %d", hdev->name, ogf, ocf, plen);
+
+ if (!(skb = bluez_skb_alloc(len, GFP_ATOMIC))) {
+- ERR("%s Can't allocate memory for HCI command", hdev->name);
++ BT_ERR("%s Can't allocate memory for HCI command", hdev->name);
+ return -ENOMEM;
+ }
+
+@@ -1224,7 +1002,7 @@
+ if (plen)
+ memcpy(skb_put(skb, plen), param, plen);
+
+- DBG("skb len %d", skb->len);
++ BT_DBG("skb len %d", skb->len);
+
+ skb->pkt_type = HCI_COMMAND_PKT;
+ skb->dev = (void *) hdev;
+@@ -1234,10 +1012,28 @@
+ return 0;
+ }
+
++/* Get data from the previously sent command */
++void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 ogf, __u16 ocf)
++{
++ hci_command_hdr *hc;
++
++ if (!hdev->sent_cmd)
++ return NULL;
++
++ hc = (void *) hdev->sent_cmd->data;
++
++ if (hc->opcode != __cpu_to_le16(cmd_opcode_pack(ogf, ocf)))
++ return NULL;
++
++ BT_DBG("%s ogf 0x%x ocf 0x%x", hdev->name, ogf, ocf);
++
++ return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
++}
++
+ /* Send ACL data */
+ static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
+ {
+- int len = skb->len;
++ int len = skb->len;
+ hci_acl_hdr *ah;
+
+ ah = (hci_acl_hdr *) skb_push(skb, HCI_ACL_HDR_SIZE);
+@@ -1252,7 +1048,7 @@
+ struct hci_dev *hdev = conn->hdev;
+ struct sk_buff *list;
+
+- DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
++ BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
+
+ skb->dev = (void *) hdev;
+ skb->pkt_type = HCI_ACLDATA_PKT;
+@@ -1260,12 +1056,12 @@
+
+ if (!(list = skb_shinfo(skb)->frag_list)) {
+ /* Non fragmented */
+- DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
++ BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
+
+ skb_queue_tail(&conn->data_q, skb);
+ } else {
+ /* Fragmented */
+- DBG("%s frag %p len %d", hdev->name, skb, skb->len);
++ BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
+
+ skb_shinfo(skb)->frag_list = NULL;
+
+@@ -1280,7 +1076,7 @@
+ skb->pkt_type = HCI_ACLDATA_PKT;
+ hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
+
+- DBG("%s frag %p len %d", hdev->name, skb, skb->len);
++ BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
+
+ __skb_queue_tail(&conn->data_q, skb);
+ } while (list);
+@@ -1298,7 +1094,7 @@
+ struct hci_dev *hdev = conn->hdev;
+ hci_sco_hdr hs;
+
+- DBG("%s len %d", hdev->name, skb->len);
++ BT_DBG("%s len %d", hdev->name, skb->len);
+
+ if (skb->len > hdev->sco_mtu) {
+ kfree_skb(skb);
+@@ -1315,544 +1111,136 @@
+ skb->pkt_type = HCI_SCODATA_PKT;
+ skb_queue_tail(&conn->data_q, skb);
+ hci_sched_tx(hdev);
+-
+ return 0;
+ }
+
+-/* Handle HCI Event packets */
+-
+-/* Command Complete OGF LINK_CTL */
+-static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
+-{
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- default:
+- DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Complete OGF LINK_POLICY */
+-static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
+-{
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- default:
+- DBG("%s: Command complete: ogf LINK_POLICY ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Complete OGF HOST_CTL */
+-static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
+-{
+- __u8 status, param;
+- void *sent;
+-
+-
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- case OCF_RESET:
+- status = *((__u8 *) skb->data);
+-
+- hci_req_complete(hdev, status);
+- break;
+-
+- case OCF_SET_EVENT_FLT:
+- status = *((__u8 *) skb->data);
+-
+- if (status) {
+- DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
+- } else {
+- DBG("%s SET_EVENT_FLT succeseful", hdev->name);
+- }
+- break;
+-
+- case OCF_WRITE_AUTH_ENABLE:
+- if (!(sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE)))
+- break;
+-
+- status = *((__u8 *) skb->data);
+- param = *((__u8 *) sent);
++/* ---- HCI TX task (outgoing data) ---- */
+
+- if (!status) {
+- if (param == AUTH_ENABLED)
+- hdev->flags |= HCI_AUTH;
+- else
+- hdev->flags &= ~HCI_AUTH;
+- }
+- hci_req_complete(hdev, status);
+- break;
+-
+- case OCF_WRITE_CA_TIMEOUT:
+- status = *((__u8 *) skb->data);
+-
+- if (status) {
+- DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
+- } else {
+- DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
+- }
+- break;
+-
+- case OCF_WRITE_PG_TIMEOUT:
+- status = *((__u8 *) skb->data);
+-
+- if (status) {
+- DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
+- } else {
+- DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
+- }
+- break;
+-
+- case OCF_WRITE_SCAN_ENABLE:
+- if (!(sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE)))
+- break;
+- status = *((__u8 *) skb->data);
+- param = *((__u8 *) sent);
+-
+- DBG("param 0x%x", param);
+-
+- if (!status) {
+- switch (param) {
+- case IS_ENA_PS_ENA:
+- hdev->flags |= HCI_PSCAN | HCI_ISCAN;
+- break;
+-
+- case IS_ENA_PS_DIS:
+- hdev->flags &= ~HCI_PSCAN;
+- hdev->flags |= HCI_ISCAN;
+- break;
+-
+- case IS_DIS_PS_ENA:
+- hdev->flags &= ~HCI_ISCAN;
+- hdev->flags |= HCI_PSCAN;
+- break;
+-
+- default:
+- hdev->flags &= ~(HCI_ISCAN | HCI_PSCAN);
+- break;
+- };
+- }
+- hci_req_complete(hdev, status);
+- break;
+-
+- default:
+- DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Complete OGF INFO_PARAM */
+-static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
++/* HCI Connection scheduler */
++static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
+ {
+- read_local_features_rp *lf;
+- read_buffer_size_rp *bs;
+- read_bd_addr_rp *ba;
+-
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- case OCF_READ_LOCAL_FEATURES:
+- lf = (read_local_features_rp *) skb->data;
+-
+- if (lf->status) {
+- DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
+- break;
+- }
+-
+- memcpy(hdev->features, lf->features, sizeof(hdev->features));
+-
+- /* Adjust default settings according to features
+- * supported by device. */
+- if (hdev->features[0] & LMP_3SLOT)
+- hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
+-
+- if (hdev->features[0] & LMP_5SLOT)
+- hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
+-
+- DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
+-
+- break;
+-
+- case OCF_READ_BUFFER_SIZE:
+- bs = (read_buffer_size_rp *) skb->data;
+-
+- if (bs->status) {
+- DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
+- break;
+- }
+-
+- hdev->acl_mtu = __le16_to_cpu(bs->acl_mtu);
+- hdev->sco_mtu = bs->sco_mtu;
+- hdev->acl_max = hdev->acl_cnt = __le16_to_cpu(bs->acl_max_pkt);
+- hdev->sco_max = hdev->sco_cnt = __le16_to_cpu(bs->sco_max_pkt);
+-
+- DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
+- hdev->acl_mtu, hdev->sco_mtu, hdev->acl_max, hdev->sco_max);
++ struct conn_hash *h = &hdev->conn_hash;
++ struct hci_conn *conn = NULL;
++ int num = 0, min = ~0;
++ struct list_head *p;
+
+- break;
++ /* We don't have to lock device here. Connections are always
++ * added and removed with TX task disabled. */
++ list_for_each(p, &h->list) {
++ struct hci_conn *c;
++ c = list_entry(p, struct hci_conn, list);
+
+- case OCF_READ_BD_ADDR:
+- ba = (read_bd_addr_rp *) skb->data;
++ if (c->type != type || c->state != BT_CONNECTED
++ || skb_queue_empty(&c->data_q))
++ continue;
++ num++;
+
+- if (!ba->status) {
+- bacpy(&hdev->bdaddr, &ba->bdaddr);
+- } else {
+- DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
++ if (c->sent < min) {
++ min = c->sent;
++ conn = c;
+ }
++ }
+
+- hci_req_complete(hdev, ba->status);
+- break;
++ if (conn) {
++ int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt);
++ int q = cnt / num;
++ *quote = q ? q : 1;
++ } else
++ *quote = 0;
+
+- default:
+- DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
+- break;
+- };
++ BT_DBG("conn %p quote %d", conn, *quote);
++ return conn;
+ }
+
+-/* Command Status OGF LINK_CTL */
+-static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
++static inline void hci_acl_tx_to(struct hci_dev *hdev)
+ {
+- struct hci_proto * hp;
+-
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- case OCF_CREATE_CONN:
+- if (status) {
+- create_conn_cp *cc = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
+-
+- if (!cc)
+- break;
+-
+- DBG("%s Create connection error: status 0x%x %s", hdev->name,
+- status, batostr(&cc->bdaddr));
++ struct conn_hash *h = &hdev->conn_hash;
++ struct list_head *p;
++ struct hci_conn *c;
+
+- /* Notify upper protocols */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->connect_cfm) {
+- tasklet_disable(&hdev->tx_task);
+- hp->connect_cfm(hdev, &cc->bdaddr, status, NULL);
+- tasklet_enable(&hdev->tx_task);
+- }
+- }
+- break;
++ BT_ERR("%s ACL tx timeout", hdev->name);
+
+- case OCF_INQUIRY:
+- if (status) {
+- DBG("%s Inquiry error: status 0x%x", hdev->name, status);
+- hci_req_complete(hdev, status);
++ /* Kill stalled connections */
++ list_for_each(p, &h->list) {
++ c = list_entry(p, struct hci_conn, list);
++ if (c->type == ACL_LINK && c->sent) {
++ BT_ERR("%s killing stalled ACL connection %s",
++ hdev->name, batostr(&c->dst));
++ hci_acl_disconn(c, 0x13);
+ }
+- break;
+-
+- default:
+- DBG("%s Command status: ogf LINK_CTL ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Status OGF LINK_POLICY */
+-static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
+-{
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- default:
+- DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Status OGF HOST_CTL */
+-static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
+-{
+- DBG("%s ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- default:
+- DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Command Status OGF INFO_PARAM */
+-static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
+-{
+- DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
+-
+- switch (ocf) {
+- default:
+- DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
+- break;
+- };
+-}
+-
+-/* Inquiry Complete */
+-static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
+-{
+- __u8 status = *((__u8 *) skb->data);
+-
+- DBG("%s status %d", hdev->name, status);
+-
+- hci_req_complete(hdev, status);
++ }
+ }
+
+-/* Inquiry Result */
+-static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
++static inline void hci_sched_acl(struct hci_dev *hdev)
+ {
+- inquiry_info *info = (inquiry_info *) (skb->data + 1);
+- int num_rsp = *((__u8 *) skb->data);
+-
+- DBG("%s num_rsp %d", hdev->name, num_rsp);
++ struct hci_conn *conn;
++ struct sk_buff *skb;
++ int quote;
+
+- for (; num_rsp; num_rsp--)
+- inquiry_cache_update(&hdev->inq_cache, info++);
+-}
++ BT_DBG("%s", hdev->name);
+
+-/* Connect Request */
+-static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
+-{
+- evt_conn_request *cr = (evt_conn_request *) skb->data;
+- struct hci_proto *hp;
+- accept_conn_req_cp ac;
+- int accept = 0;
++ /* ACL tx timeout must be longer than maximum
++ * link supervision timeout (40.9 seconds) */
++ if (!hdev->acl_cnt && (jiffies - hdev->acl_last_tx) > (HZ * 45))
++ hci_acl_tx_to(hdev);
+
+- DBG("%s Connection request: %s type 0x%x", hdev->name, batostr(&cr->bdaddr), cr->link_type);
++ while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) {
++ while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
++ BT_DBG("skb %p len %d", skb, skb->len);
++ hci_send_frame(skb);
++ hdev->acl_last_tx = jiffies;
+
+- /* Notify upper protocols */
+- if (cr->link_type == ACL_LINK) {
+- /* ACL link notify L2CAP */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->connect_ind) {
+- tasklet_disable(&hdev->tx_task);
+- accept = hp->connect_ind(hdev, &cr->bdaddr);
+- tasklet_enable(&hdev->tx_task);
++ hdev->acl_cnt--;
++ conn->sent++;
+ }
+- } else {
+- /* SCO link (no notification) */
+- /* FIXME: Should be accept it here or let the requester (app) accept it ? */
+- accept = 1;
+- }
+-
+- if (accept) {
+- /* Connection accepted by upper layer */
+- bacpy(&ac.bdaddr, &cr->bdaddr);
+- ac.role = 0x01; /* Remain slave */
+- hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ, ACCEPT_CONN_REQ_CP_SIZE, &ac);
+- } else {
+- /* Connection rejected by upper layer */
+- /* FIXME:
+- * Should we use HCI reject here ?
+- */
+- return;
+ }
+ }
+
+-/* Connect Complete */
+-static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
++/* Schedule SCO */
++static inline void hci_sched_sco(struct hci_dev *hdev)
+ {
+- evt_conn_complete *cc = (evt_conn_complete *) skb->data;
+- struct hci_conn *conn = NULL;
+- struct hci_proto *hp;
+-
+- DBG("%s", hdev->name);
+-
+- tasklet_disable(&hdev->tx_task);
+-
+- if (!cc->status)
+- conn = hci_conn_add(hdev, __le16_to_cpu(cc->handle), cc->link_type, &cc->bdaddr);
++ struct hci_conn *conn;
++ struct sk_buff *skb;
++ int quote;
+
+- /* Notify upper protocols */
+- if (cc->link_type == ACL_LINK) {
+- /* ACL link notify L2CAP layer */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->connect_cfm)
+- hp->connect_cfm(hdev, &cc->bdaddr, cc->status, conn);
+- } else {
+- /* SCO link (no notification) */
+- }
++ BT_DBG("%s", hdev->name);
+
+- tasklet_enable(&hdev->tx_task);
+-}
++ while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
++ while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
++ BT_DBG("skb %p len %d", skb, skb->len);
++ hci_send_frame(skb);
+
+-/* Disconnect Complete */
+-static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
+-{
+- evt_disconn_complete *dc = (evt_disconn_complete *) skb->data;
+- struct hci_conn *conn = NULL;
+- struct hci_proto *hp;
+- __u16 handle = __le16_to_cpu(dc->handle);
+-
+- DBG("%s", hdev->name);
+-
+- if (!dc->status && (conn = conn_hash_lookup(&hdev->conn_hash, handle))) {
+- tasklet_disable(&hdev->tx_task);
+-
+- /* Notify upper protocols */
+- if (conn->type == ACL_LINK) {
+- /* ACL link notify L2CAP layer */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->disconn_ind)
+- hp->disconn_ind(conn, dc->reason);
+- } else {
+- /* SCO link (no notification) */
++ conn->sent++;
++ if (conn->sent == ~0)
++ conn->sent = 0;
+ }
+-
+- hci_conn_del(hdev, conn);
+-
+- tasklet_enable(&hdev->tx_task);
+ }
+ }
+
+-/* Number of completed packets */
+-static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
++static void hci_tx_task(unsigned long arg)
+ {
+- evt_num_comp_pkts *nc = (evt_num_comp_pkts *) skb->data;
+- __u16 *ptr;
+- int i;
+-
+- skb_pull(skb, EVT_NUM_COMP_PKTS_SIZE);
+-
+- DBG("%s num_hndl %d", hdev->name, nc->num_hndl);
++ struct hci_dev *hdev = (struct hci_dev *) arg;
++ struct sk_buff *skb;
+
+- if (skb->len < nc->num_hndl * 4) {
+- DBG("%s bad parameters", hdev->name);
+- return;
+- }
++ read_lock(&hci_task_lock);
+
+- tasklet_disable(&hdev->tx_task);
++ BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
+
+- for (i = 0, ptr = (__u16 *) skb->data; i < nc->num_hndl; i++) {
+- struct hci_conn *conn;
+- __u16 handle, count;
++ /* Schedule queues and send stuff to HCI driver */
+
+- handle = __le16_to_cpu(get_unaligned(ptr++));
+- count = __le16_to_cpu(get_unaligned(ptr++));
++ hci_sched_acl(hdev);
+
+- hdev->acl_cnt += count;
++ hci_sched_sco(hdev);
+
+- if ((conn = conn_hash_lookup(&hdev->conn_hash, handle)))
+- conn->sent -= count;
+- }
++ /* Send next queued raw (unknown type) packet */
++ while ((skb = skb_dequeue(&hdev->raw_q)))
++ hci_send_frame(skb);
+
+- tasklet_enable(&hdev->tx_task);
+-
+- hci_sched_tx(hdev);
++ read_unlock(&hci_task_lock);
+ }
+
+-static inline void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
+-{
+- hci_event_hdr *he = (hci_event_hdr *) skb->data;
+- evt_cmd_status *cs;
+- evt_cmd_complete *ec;
+- __u16 opcode, ocf, ogf;
+-
+- skb_pull(skb, HCI_EVENT_HDR_SIZE);
+-
+- DBG("%s evt 0x%x", hdev->name, he->evt);
+-
+- switch (he->evt) {
+- case EVT_NUM_COMP_PKTS:
+- hci_num_comp_pkts_evt(hdev, skb);
+- break;
+-
+- case EVT_INQUIRY_COMPLETE:
+- hci_inquiry_complete_evt(hdev, skb);
+- break;
+-
+- case EVT_INQUIRY_RESULT:
+- hci_inquiry_result_evt(hdev, skb);
+- break;
+-
+- case EVT_CONN_REQUEST:
+- hci_conn_request_evt(hdev, skb);
+- break;
+-
+- case EVT_CONN_COMPLETE:
+- hci_conn_complete_evt(hdev, skb);
+- break;
+-
+- case EVT_DISCONN_COMPLETE:
+- hci_disconn_complete_evt(hdev, skb);
+- break;
+-
+- case EVT_CMD_STATUS:
+- cs = (evt_cmd_status *) skb->data;
+- skb_pull(skb, EVT_CMD_STATUS_SIZE);
+-
+- opcode = __le16_to_cpu(cs->opcode);
+- ogf = cmd_opcode_ogf(opcode);
+- ocf = cmd_opcode_ocf(opcode);
+-
+- switch (ogf) {
+- case OGF_INFO_PARAM:
+- hci_cs_info_param(hdev, ocf, cs->status);
+- break;
+-
+- case OGF_HOST_CTL:
+- hci_cs_host_ctl(hdev, ocf, cs->status);
+- break;
+-
+- case OGF_LINK_CTL:
+- hci_cs_link_ctl(hdev, ocf, cs->status);
+- break;
+-
+- case OGF_LINK_POLICY:
+- hci_cs_link_policy(hdev, ocf, cs->status);
+- break;
+-
+- default:
+- DBG("%s Command Status OGF %x", hdev->name, ogf);
+- break;
+- };
+-
+- if (cs->ncmd) {
+- atomic_set(&hdev->cmd_cnt, 1);
+- if (!skb_queue_empty(&hdev->cmd_q))
+- hci_sched_cmd(hdev);
+- }
+- break;
+-
+- case EVT_CMD_COMPLETE:
+- ec = (evt_cmd_complete *) skb->data;
+- skb_pull(skb, EVT_CMD_COMPLETE_SIZE);
+-
+- opcode = __le16_to_cpu(ec->opcode);
+- ogf = cmd_opcode_ogf(opcode);
+- ocf = cmd_opcode_ocf(opcode);
+-
+- switch (ogf) {
+- case OGF_INFO_PARAM:
+- hci_cc_info_param(hdev, ocf, skb);
+- break;
+-
+- case OGF_HOST_CTL:
+- hci_cc_host_ctl(hdev, ocf, skb);
+- break;
+-
+- case OGF_LINK_CTL:
+- hci_cc_link_ctl(hdev, ocf, skb);
+- break;
+-
+- case OGF_LINK_POLICY:
+- hci_cc_link_policy(hdev, ocf, skb);
+- break;
+
+- default:
+- DBG("%s Command Completed OGF %x", hdev->name, ogf);
+- break;
+- };
+-
+- if (ec->ncmd) {
+- atomic_set(&hdev->cmd_cnt, 1);
+- if (!skb_queue_empty(&hdev->cmd_q))
+- hci_sched_cmd(hdev);
+- }
+- break;
+- };
+-
+- kfree_skb(skb);
+- hdev->stat.evt_rx++;
+-}
++/* ----- HCI RX task (incomming data proccessing) ----- */
+
+ /* ACL data packet */
+ static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
+@@ -1867,51 +1255,86 @@
+ flags = acl_flags(handle);
+ handle = acl_handle(handle);
+
+- DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
++ BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
++
++ hdev->stat.acl_rx++;
+
+- if ((conn = conn_hash_lookup(&hdev->conn_hash, handle))) {
++ hci_dev_lock(hdev);
++ conn = conn_hash_lookup_handle(hdev, handle);
++ hci_dev_unlock(hdev);
++
++ if (conn) {
+ register struct hci_proto *hp;
+
+ /* Send to upper protocol */
+- if ((hp = GET_HPROTO(HCI_PROTO_L2CAP)) && hp->recv_acldata) {
++ if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) {
+ hp->recv_acldata(conn, skb, flags);
+- goto sent;
++ return;
+ }
+ } else {
+- ERR("%s ACL packet for unknown connection handle %d", hdev->name, handle);
++ BT_ERR("%s ACL packet for unknown connection handle %d",
++ hdev->name, handle);
+ }
+
+ kfree_skb(skb);
+-sent:
+- hdev->stat.acl_rx++;
+ }
+
+ /* SCO data packet */
+ static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
+ {
+- DBG("%s len %d", hdev->name, skb->len);
++ hci_sco_hdr *sh = (void *) skb->data;
++ struct hci_conn *conn;
++ __u16 handle;
++
++ skb_pull(skb, HCI_SCO_HDR_SIZE);
++
++ handle = __le16_to_cpu(sh->handle);
++
++ BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
+
+- kfree_skb(skb);
+ hdev->stat.sco_rx++;
++
++ hci_dev_lock(hdev);
++ conn = conn_hash_lookup_handle(hdev, handle);
++ hci_dev_unlock(hdev);
++
++ if (conn) {
++ register struct hci_proto *hp;
++
++ /* Send to upper protocol */
++ if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) {
++ hp->recv_scodata(conn, skb);
++ return;
++ }
++ } else {
++ BT_ERR("%s SCO packet for unknown connection handle %d",
++ hdev->name, handle);
++ }
++
++ kfree_skb(skb);
+ }
+
+-/* ----- HCI tasks ----- */
+ void hci_rx_task(unsigned long arg)
+ {
+ struct hci_dev *hdev = (struct hci_dev *) arg;
+ struct sk_buff *skb;
+
+- DBG("%s", hdev->name);
++ BT_DBG("%s", hdev->name);
+
+ read_lock(&hci_task_lock);
+
+ while ((skb = skb_dequeue(&hdev->rx_q))) {
+- if (hdev->flags & HCI_SOCK) {
++ if (atomic_read(&hdev->promisc)) {
+ /* Send copy to the sockets */
+ hci_send_to_sock(hdev, skb);
+ }
+
+- if (hdev->flags & HCI_INIT) {
++ if (test_bit(HCI_RAW, &hdev->flags)) {
++ kfree_skb(skb);
++ continue;
++ }
++
++ if (test_bit(HCI_INIT, &hdev->flags)) {
+ /* Don't process data packets in this states. */
+ switch (skb->pkt_type) {
+ case HCI_ACLDATA_PKT:
+@@ -1921,64 +1344,43 @@
+ };
+ }
+
+- if (hdev->flags & HCI_NORMAL) {
+- /* Process frame */
+- switch (skb->pkt_type) {
+- case HCI_EVENT_PKT:
+- hci_event_packet(hdev, skb);
+- break;
++ /* Process frame */
++ switch (skb->pkt_type) {
++ case HCI_EVENT_PKT:
++ hci_event_packet(hdev, skb);
++ break;
+
+- case HCI_ACLDATA_PKT:
+- DBG("%s ACL data packet", hdev->name);
+- hci_acldata_packet(hdev, skb);
+- break;
++ case HCI_ACLDATA_PKT:
++ BT_DBG("%s ACL data packet", hdev->name);
++ hci_acldata_packet(hdev, skb);
++ break;
+
+- case HCI_SCODATA_PKT:
+- DBG("%s SCO data packet", hdev->name);
+- hci_scodata_packet(hdev, skb);
+- break;
++ case HCI_SCODATA_PKT:
++ BT_DBG("%s SCO data packet", hdev->name);
++ hci_scodata_packet(hdev, skb);
++ break;
+
+- default:
+- kfree_skb(skb);
+- break;
+- };
+- } else {
++ default:
+ kfree_skb(skb);
++ break;
+ }
+ }
+
+ read_unlock(&hci_task_lock);
+ }
+
+-static void hci_tx_task(unsigned long arg)
+-{
+- struct hci_dev *hdev = (struct hci_dev *) arg;
+- struct sk_buff *skb;
+-
+- read_lock(&hci_task_lock);
+-
+- DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
+-
+- /* Schedule queues and send stuff to HCI driver */
+-
+- hci_sched_acl(hdev);
+-
+- hci_sched_sco(hdev);
+-
+- /* Send next queued raw (unknown type) packet */
+- while ((skb = skb_dequeue(&hdev->raw_q)))
+- hci_send_frame(skb);
+-
+- read_unlock(&hci_task_lock);
+-}
+-
+ static void hci_cmd_task(unsigned long arg)
+ {
+ struct hci_dev *hdev = (struct hci_dev *) arg;
+ struct sk_buff *skb;
+
+- DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
++ BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
+
++ if (!atomic_read(&hdev->cmd_cnt) && (jiffies - hdev->cmd_last_tx) > HZ) {
++ BT_ERR("%s command tx timeout", hdev->name);
++ atomic_set(&hdev->cmd_cnt, 1);
++ }
++
+ /* Send queued commands */
+ if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
+ if (hdev->sent_cmd)
+@@ -1987,6 +1389,7 @@
+ if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) {
+ atomic_dec(&hdev->cmd_cnt);
+ hci_send_frame(skb);
++ hdev->cmd_last_tx = jiffies;
+ } else {
+ skb_queue_head(&hdev->cmd_q, skb);
+ hci_sched_cmd(hdev);
+@@ -1994,33 +1397,10 @@
+ }
+ }
+
+-/* Receive frame from HCI drivers */
+-int hci_recv_frame(struct sk_buff *skb)
+-{
+- struct hci_dev *hdev = (struct hci_dev *) skb->dev;
+-
+- if (!hdev || !(hdev->flags & (HCI_UP | HCI_INIT))) {
+- kfree_skb(skb);
+- return -1;
+- }
+-
+- DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
+-
+- /* Incomming skb */
+- bluez_cb(skb)->incomming = 1;
+-
+- /* Queue frame for rx task */
+- skb_queue_tail(&hdev->rx_q, skb);
+- hci_sched_rx(hdev);
+-
+- return 0;
+-}
++/* ---- Initialization ---- */
+
+ int hci_core_init(void)
+ {
+- /* Init locks */
+- spin_lock_init(&hdev_list_lock);
+-
+ return 0;
+ }
+
+@@ -2028,5 +1408,3 @@
+ {
+ return 0;
+ }
+-
+-MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/hci_event.c linux-2.4.18-mh9/net/bluetooth/hci_event.c
+--- linux-2.4.18/net/bluetooth/hci_event.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/hci_event.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,927 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * HCI Events.
++ *
++ * $Id: hci_event.c,v 1.4 2002/07/27 18:14:38 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/init.h>
++#include <linux/skbuff.h>
++#include <linux/interrupt.h>
++#include <linux/notifier.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++
++#ifndef HCI_CORE_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++/* Handle HCI Event packets */
++
++/* Command Complete OGF LINK_CTL */
++static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
++{
++ __u8 status;
++
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ case OCF_INQUIRY_CANCEL:
++ status = *((__u8 *) skb->data);
++
++ if (status) {
++ BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
++ } else {
++ clear_bit(HCI_INQUIRY, &hdev->flags);
++ hci_req_complete(hdev, status);
++ }
++ break;
++
++ default:
++ BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Complete OGF LINK_POLICY */
++static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
++{
++ struct hci_conn *conn;
++ role_discovery_rp *rd;
++
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ case OCF_ROLE_DISCOVERY:
++ rd = (void *) skb->data;
++
++ if (rd->status)
++ break;
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
++ if (conn) {
++ if (rd->role)
++ conn->link_mode &= ~HCI_LM_MASTER;
++ else
++ conn->link_mode |= HCI_LM_MASTER;
++ }
++
++ hci_dev_unlock(hdev);
++ break;
++
++ default:
++ BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x",
++ hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Complete OGF HOST_CTL */
++static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
++{
++ __u8 status, param;
++ __u16 setting;
++ read_voice_setting_rp *vs;
++ void *sent;
++
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ case OCF_RESET:
++ status = *((__u8 *) skb->data);
++ hci_req_complete(hdev, status);
++ break;
++
++ case OCF_SET_EVENT_FLT:
++ status = *((__u8 *) skb->data);
++ if (status) {
++ BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
++ } else {
++ BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
++ }
++ break;
++
++ case OCF_WRITE_AUTH_ENABLE:
++ sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
++ if (!sent)
++ break;
++
++ status = *((__u8 *) skb->data);
++ param = *((__u8 *) sent);
++
++ if (!status) {
++ if (param == AUTH_ENABLED)
++ set_bit(HCI_AUTH, &hdev->flags);
++ else
++ clear_bit(HCI_AUTH, &hdev->flags);
++ }
++ hci_req_complete(hdev, status);
++ break;
++
++ case OCF_WRITE_ENCRYPT_MODE:
++ sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
++ if (!sent)
++ break;
++
++ status = *((__u8 *) skb->data);
++ param = *((__u8 *) sent);
++
++ if (!status) {
++ if (param)
++ set_bit(HCI_ENCRYPT, &hdev->flags);
++ else
++ clear_bit(HCI_ENCRYPT, &hdev->flags);
++ }
++ hci_req_complete(hdev, status);
++ break;
++
++ case OCF_WRITE_CA_TIMEOUT:
++ status = *((__u8 *) skb->data);
++ if (status) {
++ BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
++ } else {
++ BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
++ }
++ break;
++
++ case OCF_WRITE_PG_TIMEOUT:
++ status = *((__u8 *) skb->data);
++ if (status) {
++ BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
++ } else {
++ BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
++ }
++ break;
++
++ case OCF_WRITE_SCAN_ENABLE:
++ sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
++ if (!sent)
++ break;
++
++ status = *((__u8 *) skb->data);
++ param = *((__u8 *) sent);
++
++ BT_DBG("param 0x%x", param);
++
++ if (!status) {
++ clear_bit(HCI_PSCAN, &hdev->flags);
++ clear_bit(HCI_ISCAN, &hdev->flags);
++ if (param & SCAN_INQUIRY)
++ set_bit(HCI_ISCAN, &hdev->flags);
++
++ if (param & SCAN_PAGE)
++ set_bit(HCI_PSCAN, &hdev->flags);
++ }
++ hci_req_complete(hdev, status);
++ break;
++
++ case OCF_READ_VOICE_SETTING:
++ vs = (read_voice_setting_rp *) skb->data;
++
++ if (vs->status) {
++ BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vc->status);
++ break;
++ }
++
++ setting = __le16_to_cpu(vs->voice_setting);
++
++ if (hdev->voice_setting != setting ) {
++ hdev->voice_setting = setting;
++
++ BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
++
++ if (hdev->notify)
++ hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING, 0);
++ }
++
++ break;
++
++ case OCF_WRITE_VOICE_SETTING:
++ sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
++ if (!sent)
++ break;
++
++ status = *((__u8 *) skb->data);
++ setting = __le16_to_cpu(get_unaligned((__u16 *) sent));
++
++ if (!status && hdev->voice_setting != setting) {
++ hdev->voice_setting = setting;
++
++ BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
++
++ if (hdev->notify)
++ hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING, 0);
++ }
++ hci_req_complete(hdev, status);
++ break;
++
++ case OCF_HOST_BUFFER_SIZE:
++ status = *((__u8 *) skb->data);
++ if (status) {
++ BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
++ hci_req_complete(hdev, status);
++ }
++ break;
++
++ default:
++ BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Complete OGF INFO_PARAM */
++static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
++{
++ read_local_features_rp *lf;
++ read_buffer_size_rp *bs;
++ read_bd_addr_rp *ba;
++
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ case OCF_READ_LOCAL_FEATURES:
++ lf = (read_local_features_rp *) skb->data;
++
++ if (lf->status) {
++ BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
++ break;
++ }
++
++ memcpy(hdev->features, lf->features, sizeof(hdev->features));
++
++ /* Adjust default settings according to features
++ * supported by device. */
++ if (hdev->features[0] & LMP_3SLOT)
++ hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
++
++ if (hdev->features[0] & LMP_5SLOT)
++ hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
++
++ if (hdev->features[1] & LMP_HV2)
++ hdev->pkt_type |= (HCI_HV2);
++
++ if (hdev->features[1] & LMP_HV3)
++ hdev->pkt_type |= (HCI_HV3);
++
++ BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
++
++ break;
++
++ case OCF_READ_BUFFER_SIZE:
++ bs = (read_buffer_size_rp *) skb->data;
++
++ if (bs->status) {
++ BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
++ hci_req_complete(hdev, bs->status);
++ break;
++ }
++
++ hdev->acl_mtu = __le16_to_cpu(bs->acl_mtu);
++ hdev->sco_mtu = bs->sco_mtu ? bs->sco_mtu : 64;
++ hdev->acl_pkts = hdev->acl_cnt = __le16_to_cpu(bs->acl_max_pkt);
++ hdev->sco_pkts = hdev->sco_cnt = __le16_to_cpu(bs->sco_max_pkt);
++
++ BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
++ hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
++
++ break;
++
++ case OCF_READ_BD_ADDR:
++ ba = (read_bd_addr_rp *) skb->data;
++
++ if (!ba->status) {
++ bacpy(&hdev->bdaddr, &ba->bdaddr);
++ } else {
++ BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
++ }
++
++ hci_req_complete(hdev, ba->status);
++ break;
++
++ default:
++ BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Status OGF LINK_CTL */
++static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
++{
++ struct hci_conn *conn;
++ create_conn_cp *cc = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
++
++ if (!cc)
++ return;
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_ba(hdev, ACL_LINK, &cc->bdaddr);
++
++ BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
++ status, batostr(&cc->bdaddr), conn);
++
++ if (status) {
++ if (conn) {
++ conn->state = BT_CLOSED;
++ hci_proto_connect_cfm(conn, status);
++ hci_conn_del(conn);
++ }
++ } else {
++ if (!conn) {
++ conn = hci_conn_add(hdev, ACL_LINK, &cc->bdaddr);
++ if (conn) {
++ conn->out = 1;
++ conn->link_mode |= HCI_LM_MASTER;
++ } else
++ BT_ERR("No memmory for new connection");
++ }
++ }
++
++ hci_dev_unlock(hdev);
++}
++
++static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
++{
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ case OCF_CREATE_CONN:
++ hci_cs_create_conn(hdev, status);
++ break;
++
++ case OCF_ADD_SCO:
++ if (status) {
++ struct hci_conn *acl, *sco;
++ add_sco_cp *cp = hci_sent_cmd_data(hdev,
++ OGF_LINK_CTL, OCF_ADD_SCO);
++ __u16 handle;
++
++ if (!cp)
++ break;
++
++ handle = __le16_to_cpu(cp->handle);
++
++ BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
++
++ hci_dev_lock(hdev);
++
++ acl = conn_hash_lookup_handle(hdev, handle);
++ if (acl && (sco = acl->link)) {
++ sco->state = BT_CLOSED;
++ hci_proto_connect_cfm(sco, status);
++ hci_conn_del(sco);
++ }
++
++ hci_dev_unlock(hdev);
++ }
++ break;
++
++ case OCF_INQUIRY:
++ if (status) {
++ BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
++ hci_req_complete(hdev, status);
++ } else {
++ set_bit(HCI_INQUIRY, &hdev->flags);
++ }
++ break;
++
++ default:
++ BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d",
++ hdev->name, ocf, status);
++ break;
++ };
++}
++
++/* Command Status OGF LINK_POLICY */
++static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
++{
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ default:
++ BT_DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Status OGF HOST_CTL */
++static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
++{
++ BT_DBG("%s ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ default:
++ BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Command Status OGF INFO_PARAM */
++static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
++{
++ BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
++
++ switch (ocf) {
++ default:
++ BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
++ break;
++ };
++}
++
++/* Inquiry Complete */
++static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ __u8 status = *((__u8 *) skb->data);
++
++ BT_DBG("%s status %d", hdev->name, status);
++
++ clear_bit(HCI_INQUIRY, &hdev->flags);
++ hci_req_complete(hdev, status);
++}
++
++/* Inquiry Result */
++static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ inquiry_info *info = (inquiry_info *) (skb->data + 1);
++ int num_rsp = *((__u8 *) skb->data);
++
++ BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
++
++ hci_dev_lock(hdev);
++ for (; num_rsp; num_rsp--)
++ inquiry_cache_update(hdev, info++);
++ hci_dev_unlock(hdev);
++}
++
++/* Connect Request */
++static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_conn_request *cr = (evt_conn_request *) skb->data;
++ int mask = hdev->link_mode;
++
++ BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
++ batostr(&cr->bdaddr), cr->link_type);
++
++ mask |= hci_proto_connect_ind(hdev, &cr->bdaddr, cr->link_type);
++
++ if (mask & HCI_LM_ACCEPT) {
++ /* Connection accepted */
++ struct hci_conn *conn;
++ accept_conn_req_cp ac;
++
++ hci_dev_lock(hdev);
++ conn = conn_hash_lookup_ba(hdev, cr->link_type, &cr->bdaddr);
++ if (!conn) {
++ if (!(conn = hci_conn_add(hdev, cr->link_type, &cr->bdaddr))) {
++ BT_ERR("No memmory for new connection");
++ hci_dev_unlock(hdev);
++ return;
++ }
++ }
++ conn->state = BT_CONNECT;
++ hci_dev_unlock(hdev);
++
++ bacpy(&ac.bdaddr, &cr->bdaddr);
++
++ if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
++ ac.role = 0x00; /* Become master */
++ else
++ ac.role = 0x01; /* Remain slave */
++
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ,
++ ACCEPT_CONN_REQ_CP_SIZE, &ac);
++ } else {
++ /* Connection rejected */
++ reject_conn_req_cp rc;
++
++ bacpy(&rc.bdaddr, &cr->bdaddr);
++ rc.reason = 0x0f;
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_REJECT_CONN_REQ,
++ REJECT_CONN_REQ_CP_SIZE, &rc);
++ }
++}
++
++/* Connect Complete */
++static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_conn_complete *cc = (evt_conn_complete *) skb->data;
++ struct hci_conn *conn = NULL;
++
++ BT_DBG("%s", hdev->name);
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_ba(hdev, cc->link_type, &cc->bdaddr);
++ if (!conn) {
++ hci_dev_unlock(hdev);
++ return;
++ }
++
++ if (!cc->status) {
++ conn->handle = __le16_to_cpu(cc->handle);
++ conn->state = BT_CONNECTED;
++
++ if (test_bit(HCI_AUTH, &hdev->flags))
++ conn->link_mode |= HCI_LM_AUTH;
++
++ if (test_bit(HCI_ENCRYPT, &hdev->flags))
++ conn->link_mode |= HCI_LM_ENCRYPT;
++
++
++ /* Set link policy */
++ if (conn->type == ACL_LINK && hdev->link_policy) {
++ write_link_policy_cp lp;
++ lp.handle = cc->handle;
++ lp.policy = __cpu_to_le16(hdev->link_policy);
++ hci_send_cmd(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY,
++ WRITE_LINK_POLICY_CP_SIZE, &lp);
++ }
++
++ /* Set packet type for incomming connection */
++ if (!conn->out) {
++ change_conn_ptype_cp cp;
++ cp.handle = cc->handle;
++ cp.pkt_type = (conn->type == ACL_LINK) ?
++ __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
++ __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
++
++ hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_PTYPE,
++ CHANGE_CONN_PTYPE_CP_SIZE, &cp);
++ }
++ } else
++ conn->state = BT_CLOSED;
++
++ if (conn->type == ACL_LINK) {
++ struct hci_conn *sco = conn->link;
++ if (sco) {
++ if (!cc->status)
++ hci_add_sco(sco, conn->handle);
++ else {
++ hci_proto_connect_cfm(sco, cc->status);
++ hci_conn_del(sco);
++ }
++ }
++ }
++
++ hci_proto_connect_cfm(conn, cc->status);
++ if (cc->status)
++ hci_conn_del(conn);
++
++ hci_dev_unlock(hdev);
++}
++
++/* Disconnect Complete */
++static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_disconn_complete *dc = (evt_disconn_complete *) skb->data;
++ struct hci_conn *conn = NULL;
++ __u16 handle = __le16_to_cpu(dc->handle);
++
++ BT_DBG("%s status %d", hdev->name, dc->status);
++
++ if (dc->status)
++ return;
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_handle(hdev, handle);
++ if (conn) {
++ conn->state = BT_CLOSED;
++ hci_proto_disconn_ind(conn, dc->reason);
++ hci_conn_del(conn);
++ }
++
++ hci_dev_unlock(hdev);
++}
++
++/* Number of completed packets */
++static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_num_comp_pkts *nc = (evt_num_comp_pkts *) skb->data;
++ __u16 *ptr;
++ int i;
++
++ skb_pull(skb, EVT_NUM_COMP_PKTS_SIZE);
++
++ BT_DBG("%s num_hndl %d", hdev->name, nc->num_hndl);
++
++ if (skb->len < nc->num_hndl * 4) {
++ BT_DBG("%s bad parameters", hdev->name);
++ return;
++ }
++
++ tasklet_disable(&hdev->tx_task);
++
++ for (i = 0, ptr = (__u16 *) skb->data; i < nc->num_hndl; i++) {
++ struct hci_conn *conn;
++ __u16 handle, count;
++
++ handle = __le16_to_cpu(get_unaligned(ptr++));
++ count = __le16_to_cpu(get_unaligned(ptr++));
++
++ conn = conn_hash_lookup_handle(hdev, handle);
++ if (conn) {
++ conn->sent -= count;
++
++ if (conn->type == SCO_LINK) {
++ if ((hdev->sco_cnt += count) > hdev->sco_pkts)
++ hdev->sco_cnt = hdev->sco_pkts;
++ } else {
++ if ((hdev->acl_cnt += count) > hdev->acl_pkts)
++ hdev->acl_cnt = hdev->acl_pkts;
++ }
++ }
++ }
++ hci_sched_tx(hdev);
++
++ tasklet_enable(&hdev->tx_task);
++}
++
++/* Role Change */
++static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_role_change *rc = (evt_role_change *) skb->data;
++ struct hci_conn *conn = NULL;
++
++ BT_DBG("%s status %d", hdev->name, rc->status);
++
++ if (rc->status)
++ return;
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_ba(hdev, ACL_LINK, &rc->bdaddr);
++ if (conn) {
++ if (rc->role)
++ conn->link_mode &= ~HCI_LM_MASTER;
++ else
++ conn->link_mode |= HCI_LM_MASTER;
++ }
++
++ hci_dev_unlock(hdev);
++}
++
++/* Authentication Complete */
++static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_auth_complete *ac = (evt_auth_complete *) skb->data;
++ struct hci_conn *conn = NULL;
++ __u16 handle = __le16_to_cpu(ac->handle);
++
++ BT_DBG("%s status %d", hdev->name, ac->status);
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_handle(hdev, handle);
++ if (conn) {
++ if (!ac->status)
++ conn->link_mode |= HCI_LM_AUTH;
++ clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
++
++ hci_proto_auth_cfm(conn, ac->status);
++
++ if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
++ if (!ac->status) {
++ set_conn_encrypt_cp ce;
++ ce.handle = __cpu_to_le16(conn->handle);
++ ce.encrypt = 1;
++ hci_send_cmd(conn->hdev, OGF_LINK_CTL,
++ OCF_SET_CONN_ENCRYPT,
++ SET_CONN_ENCRYPT_CP_SIZE, &ce);
++ } else {
++ clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
++ hci_proto_encrypt_cfm(conn, ac->status);
++ }
++ }
++ }
++
++ hci_dev_unlock(hdev);
++}
++
++/* Encryption Change */
++static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ evt_encrypt_change *ec = (evt_encrypt_change *) skb->data;
++ struct hci_conn *conn = NULL;
++ __u16 handle = __le16_to_cpu(ec->handle);
++
++ BT_DBG("%s status %d", hdev->name, ec->status);
++
++ hci_dev_lock(hdev);
++
++ conn = conn_hash_lookup_handle(hdev, handle);
++ if (conn) {
++ if (!ec->status) {
++ if (ec->encrypt)
++ conn->link_mode |= HCI_LM_ENCRYPT;
++ else
++ conn->link_mode &= ~HCI_LM_ENCRYPT;
++ }
++ clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
++
++ hci_proto_encrypt_cfm(conn, ec->status);
++ }
++
++ hci_dev_unlock(hdev);
++}
++
++void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
++{
++ hci_event_hdr *he = (hci_event_hdr *) skb->data;
++ evt_cmd_status *cs;
++ evt_cmd_complete *ec;
++ __u16 opcode, ocf, ogf;
++
++ skb_pull(skb, HCI_EVENT_HDR_SIZE);
++
++ BT_DBG("%s evt 0x%x", hdev->name, he->evt);
++
++ switch (he->evt) {
++ case EVT_NUM_COMP_PKTS:
++ hci_num_comp_pkts_evt(hdev, skb);
++ break;
++
++ case EVT_INQUIRY_COMPLETE:
++ hci_inquiry_complete_evt(hdev, skb);
++ break;
++
++ case EVT_INQUIRY_RESULT:
++ hci_inquiry_result_evt(hdev, skb);
++ break;
++
++ case EVT_CONN_REQUEST:
++ hci_conn_request_evt(hdev, skb);
++ break;
++
++ case EVT_CONN_COMPLETE:
++ hci_conn_complete_evt(hdev, skb);
++ break;
++
++ case EVT_DISCONN_COMPLETE:
++ hci_disconn_complete_evt(hdev, skb);
++ break;
++
++ case EVT_ROLE_CHANGE:
++ hci_role_change_evt(hdev, skb);
++ break;
++
++ case EVT_AUTH_COMPLETE:
++ hci_auth_complete_evt(hdev, skb);
++ break;
++
++ case EVT_ENCRYPT_CHANGE:
++ hci_encrypt_change_evt(hdev, skb);
++ break;
++
++ case EVT_CMD_STATUS:
++ cs = (evt_cmd_status *) skb->data;
++ skb_pull(skb, EVT_CMD_STATUS_SIZE);
++
++ opcode = __le16_to_cpu(cs->opcode);
++ ogf = cmd_opcode_ogf(opcode);
++ ocf = cmd_opcode_ocf(opcode);
++
++ switch (ogf) {
++ case OGF_INFO_PARAM:
++ hci_cs_info_param(hdev, ocf, cs->status);
++ break;
++
++ case OGF_HOST_CTL:
++ hci_cs_host_ctl(hdev, ocf, cs->status);
++ break;
++
++ case OGF_LINK_CTL:
++ hci_cs_link_ctl(hdev, ocf, cs->status);
++ break;
++
++ case OGF_LINK_POLICY:
++ hci_cs_link_policy(hdev, ocf, cs->status);
++ break;
++
++ default:
++ BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
++ break;
++ };
++
++ if (cs->ncmd) {
++ atomic_set(&hdev->cmd_cnt, 1);
++ if (!skb_queue_empty(&hdev->cmd_q))
++ hci_sched_cmd(hdev);
++ }
++ break;
++
++ case EVT_CMD_COMPLETE:
++ ec = (evt_cmd_complete *) skb->data;
++ skb_pull(skb, EVT_CMD_COMPLETE_SIZE);
++
++ opcode = __le16_to_cpu(ec->opcode);
++ ogf = cmd_opcode_ogf(opcode);
++ ocf = cmd_opcode_ocf(opcode);
++
++ switch (ogf) {
++ case OGF_INFO_PARAM:
++ hci_cc_info_param(hdev, ocf, skb);
++ break;
++
++ case OGF_HOST_CTL:
++ hci_cc_host_ctl(hdev, ocf, skb);
++ break;
++
++ case OGF_LINK_CTL:
++ hci_cc_link_ctl(hdev, ocf, skb);
++ break;
++
++ case OGF_LINK_POLICY:
++ hci_cc_link_policy(hdev, ocf, skb);
++ break;
++
++ default:
++ BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
++ break;
++ };
++
++ if (ec->ncmd) {
++ atomic_set(&hdev->cmd_cnt, 1);
++ if (!skb_queue_empty(&hdev->cmd_q))
++ hci_sched_cmd(hdev);
++ }
++ break;
++ };
++
++ kfree_skb(skb);
++ hdev->stat.evt_rx++;
++}
++
++/* General internal stack event */
++void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
++{
++ hci_event_hdr *eh;
++ evt_stack_internal *si;
++ struct sk_buff *skb;
++ int size;
++ void *ptr;
++
++ size = HCI_EVENT_HDR_SIZE + EVT_STACK_INTERNAL_SIZE + dlen;
++ skb = bluez_skb_alloc(size, GFP_ATOMIC);
++ if (!skb)
++ return;
++
++ ptr = skb_put(skb, size);
++
++ eh = ptr;
++ eh->evt = EVT_STACK_INTERNAL;
++ eh->plen = EVT_STACK_INTERNAL_SIZE + dlen;
++ ptr += HCI_EVENT_HDR_SIZE;
++
++ si = ptr;
++ si->type = type;
++ memcpy(si->data, data, dlen);
++
++ skb->pkt_type = HCI_EVENT_PKT;
++ skb->dev = (void *) hdev;
++ hci_send_to_sock(hdev, skb);
++ kfree_skb(skb);
++}
+diff -urN linux-2.4.18/net/bluetooth/hci_sock.c linux-2.4.18-mh9/net/bluetooth/hci_sock.c
+--- linux-2.4.18/net/bluetooth/hci_sock.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/net/bluetooth/hci_sock.c Mon Aug 25 18:38:12 2003
+@@ -25,7 +25,7 @@
+ /*
+ * BlueZ HCI socket layer.
+ *
+- * $Id: hci_sock.c,v 1.9 2001/08/05 06:02:16 maxk Exp $
++ * $Id: hci_sock.c,v 1.5 2002/07/22 20:32:54 maxk Exp $
+ */
+
+ #include <linux/config.h>
+@@ -49,45 +49,54 @@
+
+ #include <asm/system.h>
+ #include <asm/uaccess.h>
++#include <asm/unaligned.h>
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+ #include <net/bluetooth/hci_core.h>
+
+ #ifndef HCI_SOCK_DEBUG
+-#undef DBG
+-#define DBG( A... )
++#undef BT_DBG
++#define BT_DBG( A... )
+ #endif
+
+-/* HCI socket interface */
++/* ----- HCI socket interface ----- */
++
++/* Security filter */
++static struct hci_sec_filter hci_sec_filter = {
++ /* Packet types */
++ 0x10,
++ /* Events */
++ { 0xd9fe, 0x0 },
++ /* Commands */
++ {
++ { 0x0 },
++ /* OGF_LINK_CTL */
++ { 0x2a000002, 0x0, 0x0, 0x0 },
++ /* OGF_LINK_POLICY */
++ { 0x1200, 0x0, 0x0, 0x0 },
++ /* OGF_HOST_CTL */
++ { 0x80100000, 0x202a, 0x0, 0x0 },
++ /* OGF_INFO_PARAM */
++ { 0x22a, 0x0, 0x0, 0x0 },
++ /* OGF_STATUS_PARAM */
++ { 0x2e, 0x0, 0x0, 0x0 }
++ }
++};
+
+ static struct bluez_sock_list hci_sk_list = {
+ lock: RW_LOCK_UNLOCKED
+ };
+
+-static struct sock *hci_sock_lookup(struct hci_dev *hdev)
+-{
+- struct sock *sk;
+-
+- read_lock(&hci_sk_list.lock);
+- for (sk = hci_sk_list.head; sk; sk = sk->next) {
+- if (hci_pi(sk)->hdev == hdev)
+- break;
+- }
+- read_unlock(&hci_sk_list.lock);
+- return sk;
+-}
+-
+ /* Send frame to RAW socket */
+ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
+ {
+ struct sock * sk;
+
+- DBG("hdev %p len %d", hdev, skb->len);
++ BT_DBG("hdev %p len %d", hdev, skb->len);
+
+ read_lock(&hci_sk_list.lock);
+ for (sk = hci_sk_list.head; sk; sk = sk->next) {
+- struct hci_filter *flt;
++ struct hci_filter *flt;
+ struct sk_buff *nskb;
+
+ if (sk->state != BT_BOUND || hci_pi(sk)->hdev != hdev)
+@@ -100,13 +109,19 @@
+ /* Apply filter */
+ flt = &hci_pi(sk)->filter;
+
+- if (!test_bit(skb->pkt_type, &flt->type_mask))
++ if (!hci_test_bit((skb->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
+ continue;
+
+ if (skb->pkt_type == HCI_EVENT_PKT) {
+- register int evt = (*(__u8 *)skb->data & 63);
++ register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
++
++ if (!hci_test_bit(evt, &flt->event_mask))
++ continue;
+
+- if (!test_bit(evt, &flt->event_mask))
++ if (flt->opcode && ((evt == EVT_CMD_COMPLETE &&
++ flt->opcode != *(__u16 *)(skb->data + 3)) ||
++ (evt == EVT_CMD_STATUS &&
++ flt->opcode != *(__u16 *)(skb->data + 4))))
+ continue;
+ }
+
+@@ -116,8 +131,8 @@
+ /* Put type byte before the data */
+ memcpy(skb_push(nskb, 1), &nskb->pkt_type, 1);
+
+- skb_queue_tail(&sk->receive_queue, nskb);
+- sk->data_ready(sk, nskb->len);
++ if (sock_queue_rcv_skb(sk, nskb))
++ kfree_skb(nskb);
+ }
+ read_unlock(&hci_sk_list.lock);
+ }
+@@ -127,7 +142,7 @@
+ struct sock *sk = sock->sk;
+ struct hci_dev *hdev = hci_pi(sk)->hdev;
+
+- DBG("sock %p sk %p", sock, sk);
++ BT_DBG("sock %p sk %p", sock, sk);
+
+ if (!sk)
+ return 0;
+@@ -135,9 +150,7 @@
+ bluez_sock_unlink(&hci_sk_list, sk);
+
+ if (hdev) {
+- if (!hci_sock_lookup(hdev))
+- hdev->flags &= ~HCI_SOCK;
+-
++ atomic_dec(&hdev->promisc);
+ hci_dev_put(hdev);
+ }
+
+@@ -149,24 +162,55 @@
+ sock_put(sk);
+
+ MOD_DEC_USE_COUNT;
+-
+ return 0;
+ }
+
+-static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
++/* Ioctls that require bound socket */
++static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
+ {
+- struct sock *sk = sock->sk;
+ struct hci_dev *hdev = hci_pi(sk)->hdev;
+- __u32 mode;
+
+- DBG("cmd %x arg %lx", cmd, arg);
++ if (!hdev)
++ return -EBADFD;
+
+ switch (cmd) {
+- case HCIGETINFO:
+- return hci_dev_info(arg);
++ case HCISETRAW:
++ if (!capable(CAP_NET_ADMIN))
++ return -EACCES;
+
++ if (arg)
++ set_bit(HCI_RAW, &hdev->flags);
++ else
++ clear_bit(HCI_RAW, &hdev->flags);
++
++ return 0;
++
++ case HCIGETCONNINFO:
++ return hci_get_conn_info(hdev, arg);
++
++ default:
++ if (hdev->ioctl)
++ return hdev->ioctl(hdev, cmd, arg);
++ return -EINVAL;
++ }
++}
++
++static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
++{
++ struct sock *sk = sock->sk;
++ int err;
++
++ BT_DBG("cmd %x arg %lx", cmd, arg);
++
++ switch (cmd) {
+ case HCIGETDEVLIST:
+- return hci_dev_list(arg);
++ return hci_get_dev_list(arg);
++
++ case HCIGETDEVINFO:
++ return hci_get_dev_info(arg);
++
++ case HCIGETCONNLIST:
++ return hci_get_conn_list(arg);
+
+ case HCIDEVUP:
+ if (!capable(CAP_NET_ADMIN))
+@@ -183,48 +227,31 @@
+ return -EACCES;
+ return hci_dev_reset(arg);
+
+- case HCIRESETSTAT:
++ case HCIDEVRESTAT:
+ if (!capable(CAP_NET_ADMIN))
+ return -EACCES;
+ return hci_dev_reset_stat(arg);
+
+ case HCISETSCAN:
+- if (!capable(CAP_NET_ADMIN))
+- return -EACCES;
+- return hci_dev_setscan(arg);
+-
+ case HCISETAUTH:
+- if (!capable(CAP_NET_ADMIN))
+- return -EACCES;
+- return hci_dev_setauth(arg);
+-
+- case HCISETRAW:
+- if (!capable(CAP_NET_ADMIN))
+- return -EACCES;
+-
+- if (!hdev)
+- return -EBADFD;
+-
+- if (arg)
+- mode = HCI_RAW;
+- else
+- mode = HCI_NORMAL;
+-
+- return hci_dev_setmode(hdev, mode);
+-
++ case HCISETENCRYPT:
+ case HCISETPTYPE:
++ case HCISETLINKPOL:
++ case HCISETLINKMODE:
++ case HCISETACLMTU:
++ case HCISETSCOMTU:
+ if (!capable(CAP_NET_ADMIN))
+ return -EACCES;
+- return hci_dev_setptype(arg);
++ return hci_dev_cmd(cmd, arg);
+
+ case HCIINQUIRY:
+ return hci_inquiry(arg);
+
+- case HCIGETCONNLIST:
+- return hci_conn_list(arg);
+-
+ default:
+- return -EINVAL;
++ lock_sock(sk);
++ err = hci_sock_bound_ioctl(sk, cmd, arg);
++ release_sock(sk);
++ return err;
+ };
+ }
+
+@@ -233,28 +260,35 @@
+ struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
+ struct sock *sk = sock->sk;
+ struct hci_dev *hdev = NULL;
++ int err = 0;
+
+- DBG("sock %p sk %p", sock, sk);
++ BT_DBG("sock %p sk %p", sock, sk);
+
+ if (!haddr || haddr->hci_family != AF_BLUETOOTH)
+ return -EINVAL;
+
++ lock_sock(sk);
++
+ if (hci_pi(sk)->hdev) {
+- /* Already bound */
+- return 0;
++ err = -EALREADY;
++ goto done;
+ }
+
+ if (haddr->hci_dev != HCI_DEV_NONE) {
+- if (!(hdev = hci_dev_get(haddr->hci_dev)))
+- return -ENODEV;
++ if (!(hdev = hci_dev_get(haddr->hci_dev))) {
++ err = -ENODEV;
++ goto done;
++ }
+
+- hdev->flags |= HCI_SOCK;
++ atomic_inc(&hdev->promisc);
+ }
+
+ hci_pi(sk)->hdev = hdev;
+ sk->state = BT_BOUND;
+
+- return 0;
++done:
++ release_sock(sk);
++ return err;
+ }
+
+ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
+@@ -262,73 +296,44 @@
+ struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
+ struct sock *sk = sock->sk;
+
+- DBG("sock %p sk %p", sock, sk);
++ BT_DBG("sock %p sk %p", sock, sk);
++
++ lock_sock(sk);
+
+ *addr_len = sizeof(*haddr);
+ haddr->hci_family = AF_BLUETOOTH;
+ haddr->hci_dev = hci_pi(sk)->hdev->id;
+
++ release_sock(sk);
+ return 0;
+ }
+
+-static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len,
+- struct scm_cookie *scm)
+-{
+- struct sock *sk = sock->sk;
+- struct hci_dev *hdev = hci_pi(sk)->hdev;
+- struct sk_buff *skb;
+- int err;
+-
+- DBG("sock %p sk %p", sock, sk);
+-
+- if (msg->msg_flags & MSG_OOB)
+- return -EOPNOTSUPP;
+-
+- if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
+- return -EINVAL;
+-
+- if (!hdev)
+- return -EBADFD;
+-
+- if (!(skb = bluez_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
+- return err;
+-
+- if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
+- kfree_skb(skb);
+- return -EFAULT;
+- }
+-
+- skb->dev = (void *) hdev;
+- skb->pkt_type = *((unsigned char *) skb->data);
+- skb_pull(skb, 1);
+-
+- /* Send frame to HCI core */
+- hci_send_raw(skb);
+-
+- return len;
+-}
+-
+ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
+ {
+ __u32 mask = hci_pi(sk)->cmsg_mask;
+
+ if (mask & HCI_CMSG_DIR)
+ put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(int), &bluez_cb(skb)->incomming);
++
++ if (mask & HCI_CMSG_TSTAMP)
++ put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp);
+ }
+
+-static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len,
+- int flags, struct scm_cookie *scm)
++static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm)
+ {
+ int noblock = flags & MSG_DONTWAIT;
+ struct sock *sk = sock->sk;
+ struct sk_buff *skb;
+ int copied, err;
+
+- DBG("sock %p sk %p", sock, sk);
++ BT_DBG("sock %p, sk %p", sock, sk);
+
+- if (flags & (MSG_OOB | MSG_PEEK))
++ if (flags & (MSG_OOB))
+ return -EOPNOTSUPP;
+
++ if (sk->state == BT_CLOSED)
++ return 0;
++
+ if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
+ return err;
+
+@@ -343,28 +348,107 @@
+ skb->h.raw = skb->data;
+ err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
+
+- if (hci_pi(sk)->cmsg_mask)
+- hci_sock_cmsg(sk, msg, skb);
+-
++ hci_sock_cmsg(sk, msg, skb);
++
+ skb_free_datagram(sk, skb);
+
+ return err ? : copied;
+ }
+
++static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len,
++ struct scm_cookie *scm)
++{
++ struct sock *sk = sock->sk;
++ struct hci_dev *hdev;
++ struct sk_buff *skb;
++ int err;
++
++ BT_DBG("sock %p sk %p", sock, sk);
++
++ if (msg->msg_flags & MSG_OOB)
++ return -EOPNOTSUPP;
++
++ if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
++ return -EINVAL;
++
++ if (len < 4)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ if (!(hdev = hci_pi(sk)->hdev)) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ if (!(skb = bluez_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
++ goto done;
++
++ if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
++ err = -EFAULT;
++ goto drop;
++ }
++
++ skb->pkt_type = *((unsigned char *) skb->data);
++ skb_pull(skb, 1);
++ skb->dev = (void *) hdev;
++
++ if (skb->pkt_type == HCI_COMMAND_PKT) {
++ u16 opcode = __le16_to_cpu(get_unaligned((u16 *)skb->data));
++ u16 ogf = cmd_opcode_ogf(opcode);
++ u16 ocf = cmd_opcode_ocf(opcode);
++
++ if (((ogf > HCI_SFLT_MAX_OGF) ||
++ !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
++ !capable(CAP_NET_RAW)) {
++ err = -EPERM;
++ goto drop;
++ }
++
++ if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
++ skb_queue_tail(&hdev->raw_q, skb);
++ hci_sched_tx(hdev);
++ } else {
++ skb_queue_tail(&hdev->cmd_q, skb);
++ hci_sched_cmd(hdev);
++ }
++ } else {
++ if (!capable(CAP_NET_RAW)) {
++ err = -EPERM;
++ goto drop;
++ }
++
++ skb_queue_tail(&hdev->raw_q, skb);
++ hci_sched_tx(hdev);
++ }
++
++ err = len;
++
++done:
++ release_sock(sk);
++ return err;
++
++drop:
++ kfree_skb(skb);
++ goto done;
++}
++
+ int hci_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int len)
+ {
+ struct sock *sk = sock->sk;
+- struct hci_filter flt;
++ struct hci_filter flt = { opcode: 0 };
+ int err = 0, opt = 0;
+
+- DBG("sk %p, opt %d", sk, optname);
++ BT_DBG("sk %p, opt %d", sk, optname);
+
+ lock_sock(sk);
+
+ switch (optname) {
+ case HCI_DATA_DIR:
+- if (get_user(opt, (int *)optval))
+- return -EFAULT;
++ if (get_user(opt, (int *)optval)) {
++ err = -EFAULT;
++ break;
++ }
+
+ if (opt)
+ hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
+@@ -372,12 +456,31 @@
+ hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
+ break;
+
++ case HCI_TIME_STAMP:
++ if (get_user(opt, (int *)optval)) {
++ err = -EFAULT;
++ break;
++ }
++
++ if (opt)
++ hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
++ else
++ hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
++ break;
++
+ case HCI_FILTER:
+ len = MIN(len, sizeof(struct hci_filter));
+ if (copy_from_user(&flt, optval, len)) {
+ err = -EFAULT;
+ break;
+ }
++
++ if (!capable(CAP_NET_RAW)) {
++ flt.type_mask &= hci_sec_filter.type_mask;
++ flt.event_mask[0] &= hci_sec_filter.event_mask[0];
++ flt.event_mask[1] &= hci_sec_filter.event_mask[1];
++ }
++
+ memcpy(&hci_pi(sk)->filter, &flt, len);
+ break;
+
+@@ -409,6 +512,16 @@
+ return -EFAULT;
+ break;
+
++ case HCI_TIME_STAMP:
++ if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
++ opt = 1;
++ else
++ opt = 0;
++
++ if (put_user(opt, optval))
++ return -EFAULT;
++ break;
++
+ case HCI_FILTER:
+ len = MIN(len, sizeof(struct hci_filter));
+ if (copy_to_user(optval, &hci_pi(sk)->filter, len))
+@@ -446,7 +559,7 @@
+ {
+ struct sock *sk;
+
+- DBG("sock %p", sock);
++ BT_DBG("sock %p", sock);
+
+ if (sock->type != SOCK_RAW)
+ return -ESOCKTNOSUPPORT;
+@@ -464,44 +577,31 @@
+ sk->protocol = protocol;
+ sk->state = BT_OPEN;
+
+- /* Initialize filter */
+- hci_pi(sk)->filter.type_mask = (1<<HCI_EVENT_PKT);
+- hci_pi(sk)->filter.event_mask[0] = ~0L;
+- hci_pi(sk)->filter.event_mask[1] = ~0L;
+-
+ bluez_sock_link(&hci_sk_list, sk);
+
+ MOD_INC_USE_COUNT;
+-
+ return 0;
+ }
+
+ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
+ {
+ struct hci_dev *hdev = (struct hci_dev *) ptr;
+- struct sk_buff *skb;
+-
+- DBG("hdev %s event %ld", hdev->name, event);
++ evt_si_device sd;
++
++ BT_DBG("hdev %s event %ld", hdev->name, event);
+
+ /* Send event to sockets */
+- if ((skb = bluez_skb_alloc(HCI_EVENT_HDR_SIZE + EVT_HCI_DEV_EVENT_SIZE, GFP_ATOMIC))) {
+- hci_event_hdr eh = { EVT_HCI_DEV_EVENT, EVT_HCI_DEV_EVENT_SIZE };
+- evt_hci_dev_event he = { event, hdev->id };
+-
+- skb->pkt_type = HCI_EVENT_PKT;
+- memcpy(skb_put(skb, HCI_EVENT_HDR_SIZE), &eh, HCI_EVENT_HDR_SIZE);
+- memcpy(skb_put(skb, EVT_HCI_DEV_EVENT_SIZE), &he, EVT_HCI_DEV_EVENT_SIZE);
+-
+- hci_send_to_sock(NULL, skb);
+- kfree_skb(skb);
+- }
+-
++ sd.event = event;
++ sd.dev_id = hdev->id;
++ hci_si_event(NULL, EVT_SI_DEVICE, EVT_SI_DEVICE_SIZE, &sd);
++
+ if (event == HCI_DEV_UNREG) {
+ struct sock *sk;
+
+ /* Detach sockets from device */
+ read_lock(&hci_sk_list.lock);
+ for (sk = hci_sk_list.head; sk; sk = sk->next) {
++ bh_lock_sock(sk);
+ if (hci_pi(sk)->hdev == hdev) {
+ hci_pi(sk)->hdev = NULL;
+ sk->err = EPIPE;
+@@ -510,6 +610,7 @@
+
+ hci_dev_put(hdev);
+ }
++ bh_unlock_sock(sk);
+ }
+ read_unlock(&hci_sk_list.lock);
+ }
+@@ -529,21 +630,19 @@
+ int hci_sock_init(void)
+ {
+ if (bluez_sock_register(BTPROTO_HCI, &hci_sock_family_ops)) {
+- ERR("Can't register HCI socket");
++ BT_ERR("Can't register HCI socket");
+ return -EPROTO;
+ }
+
+ hci_register_notifier(&hci_sock_nblock);
+-
+ return 0;
+ }
+
+ int hci_sock_cleanup(void)
+ {
+ if (bluez_sock_unregister(BTPROTO_HCI))
+- ERR("Can't unregister HCI socket");
++ BT_ERR("Can't unregister HCI socket");
+
+ hci_unregister_notifier(&hci_sock_nblock);
+-
+ return 0;
+ }
+diff -urN linux-2.4.18/net/bluetooth/l2cap.c linux-2.4.18-mh9/net/bluetooth/l2cap.c
+--- linux-2.4.18/net/bluetooth/l2cap.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/l2cap.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,2187 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * BlueZ L2CAP core and sockets.
++ *
++ * $Id: l2cap.c,v 1.15 2002/09/09 01:14:52 maxk Exp $
++ */
++#define VERSION "2.3"
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/init.h>
++#include <linux/skbuff.h>
++#include <linux/interrupt.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/proc_fs.h>
++#include <linux/list.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include <net/bluetooth/l2cap.h>
++
++#ifndef L2CAP_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++static struct proto_ops l2cap_sock_ops;
++
++struct bluez_sock_list l2cap_sk_list = {
++ lock: RW_LOCK_UNLOCKED
++};
++
++static int l2cap_conn_del(struct hci_conn *conn, int err);
++
++static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
++static void l2cap_chan_del(struct sock *sk, int err);
++static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);
++
++static void __l2cap_sock_close(struct sock *sk, int reason);
++static void l2cap_sock_close(struct sock *sk);
++static void l2cap_sock_kill(struct sock *sk);
++
++static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);
++static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);
++
++/* ----- L2CAP timers ------ */
++static void l2cap_sock_timeout(unsigned long arg)
++{
++ struct sock *sk = (struct sock *) arg;
++
++ BT_DBG("sock %p state %d", sk, sk->state);
++
++ bh_lock_sock(sk);
++ __l2cap_sock_close(sk, ETIMEDOUT);
++ bh_unlock_sock(sk);
++
++ l2cap_sock_kill(sk);
++ sock_put(sk);
++}
++
++static void l2cap_sock_set_timer(struct sock *sk, long timeout)
++{
++ BT_DBG("sk %p state %d timeout %ld", sk, sk->state, timeout);
++
++ if (!mod_timer(&sk->timer, jiffies + timeout))
++ sock_hold(sk);
++}
++
++static void l2cap_sock_clear_timer(struct sock *sk)
++{
++ BT_DBG("sock %p state %d", sk, sk->state);
++
++ if (timer_pending(&sk->timer) && del_timer(&sk->timer))
++ __sock_put(sk);
++}
++
++static void l2cap_sock_init_timer(struct sock *sk)
++{
++ init_timer(&sk->timer);
++ sk->timer.function = l2cap_sock_timeout;
++ sk->timer.data = (unsigned long)sk;
++}
++
++/* -------- L2CAP connections --------- */
++static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, __u8 status)
++{
++ struct l2cap_conn *conn;
++
++ if ((conn = hcon->l2cap_data))
++ return conn;
++
++ if (status)
++ return conn;
++
++ if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
++ return NULL;
++ memset(conn, 0, sizeof(struct l2cap_conn));
++
++ hcon->l2cap_data = conn;
++ conn->hcon = hcon;
++
++ conn->mtu = hcon->hdev->acl_mtu;
++ conn->src = &hcon->hdev->bdaddr;
++ conn->dst = &hcon->dst;
++
++ spin_lock_init(&conn->lock);
++ conn->chan_list.lock = RW_LOCK_UNLOCKED;
++
++ BT_DBG("hcon %p conn %p", hcon, conn);
++
++ MOD_INC_USE_COUNT;
++ return conn;
++}
++
++static int l2cap_conn_del(struct hci_conn *hcon, int err)
++{
++ struct l2cap_conn *conn;
++ struct sock *sk;
++
++ if (!(conn = hcon->l2cap_data))
++ return 0;
++
++ BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
++
++ if (conn->rx_skb)
++ kfree_skb(conn->rx_skb);
++
++ /* Kill channels */
++ while ((sk = conn->chan_list.head)) {
++ bh_lock_sock(sk);
++ l2cap_chan_del(sk, err);
++ bh_unlock_sock(sk);
++ l2cap_sock_kill(sk);
++ }
++
++ hcon->l2cap_data = NULL;
++ kfree(conn);
++
++ MOD_DEC_USE_COUNT;
++ return 0;
++}
++
++/* -------- Socket interface ---------- */
++static struct sock *__l2cap_get_sock_by_addr(__u16 psm, bdaddr_t *src)
++{
++ struct sock *sk;
++ for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
++ if (sk->sport == psm && !bacmp(&bluez_pi(sk)->src, src))
++ break;
++ }
++ return sk;
++}
++
++/* Find socket with psm and source bdaddr.
++ * Returns closest match.
++ */
++static struct sock *__l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
++{
++ struct sock *sk, *sk1 = NULL;
++
++ for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
++ if (state && sk->state != state)
++ continue;
++
++ if (l2cap_pi(sk)->psm == psm) {
++ /* Exact match. */
++ if (!bacmp(&bluez_pi(sk)->src, src))
++ break;
++
++ /* Closest match */
++ if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
++ sk1 = sk;
++ }
++ }
++ return sk ? sk : sk1;
++}
++
++/* Find socket with given address (psm, src).
++ * Returns locked socket */
++static inline struct sock *l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
++{
++ struct sock *s;
++ read_lock(&l2cap_sk_list.lock);
++ s = __l2cap_get_sock_by_psm(state, psm, src);
++ if (s) bh_lock_sock(s);
++ read_unlock(&l2cap_sk_list.lock);
++ return s;
++}
++
++static void l2cap_sock_destruct(struct sock *sk)
++{
++ BT_DBG("sk %p", sk);
++
++ skb_queue_purge(&sk->receive_queue);
++ skb_queue_purge(&sk->write_queue);
++
++ MOD_DEC_USE_COUNT;
++}
++
++static void l2cap_sock_cleanup_listen(struct sock *parent)
++{
++ struct sock *sk;
++
++ BT_DBG("parent %p", parent);
++
++ /* Close not yet accepted channels */
++ while ((sk = bluez_accept_dequeue(parent, NULL)))
++ l2cap_sock_close(sk);
++
++ parent->state = BT_CLOSED;
++ parent->zapped = 1;
++}
++
++/* Kill socket (only if zapped and orphan)
++ * Must be called on unlocked socket.
++ */
++static void l2cap_sock_kill(struct sock *sk)
++{
++ if (!sk->zapped || sk->socket)
++ return;
++
++ BT_DBG("sk %p state %d", sk, sk->state);
++
++ /* Kill poor orphan */
++ bluez_sock_unlink(&l2cap_sk_list, sk);
++ sk->dead = 1;
++ sock_put(sk);
++}
++
++/* Close socket.
++ */
++static void __l2cap_sock_close(struct sock *sk, int reason)
++{
++ BT_DBG("sk %p state %d socket %p", sk, sk->state, sk->socket);
++
++ switch (sk->state) {
++ case BT_LISTEN:
++ l2cap_sock_cleanup_listen(sk);
++ break;
++
++ case BT_CONNECTED:
++ case BT_CONFIG:
++ case BT_CONNECT2:
++ if (sk->type == SOCK_SEQPACKET) {
++ struct l2cap_conn *conn = l2cap_pi(sk)->conn;
++ l2cap_disconn_req req;
++
++ sk->state = BT_DISCONN;
++ l2cap_sock_set_timer(sk, sk->sndtimeo);
++
++ req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
++ } else {
++ l2cap_chan_del(sk, reason);
++ }
++ break;
++
++ case BT_CONNECT:
++ case BT_DISCONN:
++ l2cap_chan_del(sk, reason);
++ break;
++
++ default:
++ sk->zapped = 1;
++ break;
++ };
++}
++
++/* Must be called on unlocked socket. */
++static void l2cap_sock_close(struct sock *sk)
++{
++ l2cap_sock_clear_timer(sk);
++ lock_sock(sk);
++ __l2cap_sock_close(sk, ECONNRESET);
++ release_sock(sk);
++ l2cap_sock_kill(sk);
++}
++
++static void l2cap_sock_init(struct sock *sk, struct sock *parent)
++{
++ struct l2cap_pinfo *pi = l2cap_pi(sk);
++
++ BT_DBG("sk %p", sk);
++
++ if (parent) {
++ sk->type = parent->type;
++ pi->imtu = l2cap_pi(parent)->imtu;
++ pi->omtu = l2cap_pi(parent)->omtu;
++ pi->link_mode = l2cap_pi(parent)->link_mode;
++ } else {
++ pi->imtu = L2CAP_DEFAULT_MTU;
++ pi->omtu = 0;
++ pi->link_mode = 0;
++ }
++
++ /* Default config options */
++ pi->conf_mtu = L2CAP_DEFAULT_MTU;
++ pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
++}
++
++static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
++{
++ struct sock *sk;
++
++ if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
++ return NULL;
++
++ bluez_sock_init(sock, sk);
++
++ sk->zapped = 0;
++
++ sk->destruct = l2cap_sock_destruct;
++ sk->sndtimeo = L2CAP_CONN_TIMEOUT;
++
++ sk->protocol = proto;
++ sk->state = BT_OPEN;
++
++ l2cap_sock_init_timer(sk);
++
++ bluez_sock_link(&l2cap_sk_list, sk);
++
++ MOD_INC_USE_COUNT;
++ return sk;
++}
++
++static int l2cap_sock_create(struct socket *sock, int protocol)
++{
++ struct sock *sk;
++
++ BT_DBG("sock %p", sock);
++
++ sock->state = SS_UNCONNECTED;
++
++ if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
++ return -ESOCKTNOSUPPORT;
++
++ if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
++ return -EPERM;
++
++ sock->ops = &l2cap_sock_ops;
++
++ if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))
++ return -ENOMEM;
++
++ l2cap_sock_init(sk, NULL);
++ return 0;
++}
++
++static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
++{
++ struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
++
++ if (!addr || addr->sa_family != AF_BLUETOOTH)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_OPEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ write_lock_bh(&l2cap_sk_list.lock);
++ if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
++ err = -EADDRINUSE;
++ } else {
++ /* Save source address */
++ bacpy(&bluez_pi(sk)->src, &la->l2_bdaddr);
++ l2cap_pi(sk)->psm = la->l2_psm;
++ sk->sport = la->l2_psm;
++ sk->state = BT_BOUND;
++ }
++ write_unlock_bh(&l2cap_sk_list.lock);
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_do_connect(struct sock *sk)
++{
++ bdaddr_t *src = &bluez_pi(sk)->src;
++ bdaddr_t *dst = &bluez_pi(sk)->dst;
++ struct l2cap_conn *conn;
++ struct hci_conn *hcon;
++ struct hci_dev *hdev;
++ int err = 0;
++
++ BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
++
++ if (!(hdev = hci_get_route(dst, src)))
++ return -EHOSTUNREACH;
++
++ hci_dev_lock_bh(hdev);
++
++ err = -ENOMEM;
++
++ hcon = hci_connect(hdev, ACL_LINK, dst);
++ if (!hcon)
++ goto done;
++
++ conn = l2cap_conn_add(hcon, 0);
++ if (!conn) {
++ hci_conn_put(hcon);
++ goto done;
++ }
++
++ err = 0;
++
++ /* Update source addr of the socket */
++ bacpy(src, conn->src);
++
++ l2cap_chan_add(conn, sk, NULL);
++
++ sk->state = BT_CONNECT;
++ l2cap_sock_set_timer(sk, sk->sndtimeo);
++
++ if (hcon->state == BT_CONNECTED) {
++ if (sk->type == SOCK_SEQPACKET) {
++ l2cap_conn_req req;
++ req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ req.psm = l2cap_pi(sk)->psm;
++ l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
++ } else {
++ l2cap_sock_clear_timer(sk);
++ sk->state = BT_CONNECTED;
++ }
++ }
++
++done:
++ hci_dev_unlock_bh(hdev);
++ hci_dev_put(hdev);
++ return err;
++}
++
++static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
++{
++ struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ lock_sock(sk);
++
++ BT_DBG("sk %p", sk);
++
++ if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
++ err = -EINVAL;
++ goto done;
++ }
++
++ if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {
++ err = -EINVAL;
++ goto done;
++ }
++
++ switch(sk->state) {
++ case BT_CONNECT:
++ case BT_CONNECT2:
++ case BT_CONFIG:
++ /* Already connecting */
++ goto wait;
++
++ case BT_CONNECTED:
++ /* Already connected */
++ goto done;
++
++ case BT_OPEN:
++ case BT_BOUND:
++ /* Can connect */
++ break;
++
++ default:
++ err = -EBADFD;
++ goto done;
++ }
++
++ /* Set destination address and psm */
++ bacpy(&bluez_pi(sk)->dst, &la->l2_bdaddr);
++ l2cap_pi(sk)->psm = la->l2_psm;
++
++ if ((err = l2cap_do_connect(sk)))
++ goto done;
++
++wait:
++ err = bluez_sock_wait_state(sk, BT_CONNECTED,
++ sock_sndtimeo(sk, flags & O_NONBLOCK));
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++int l2cap_sock_listen(struct socket *sock, int backlog)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p backlog %d", sk, backlog);
++
++ lock_sock(sk);
++
++ if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ if (!l2cap_pi(sk)->psm) {
++ err = -EINVAL;
++ goto done;
++ }
++
++ sk->max_ack_backlog = backlog;
++ sk->ack_backlog = 0;
++ sk->state = BT_LISTEN;
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct sock *sk = sock->sk, *nsk;
++ long timeo;
++ int err = 0;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
++
++ BT_DBG("sk %p timeo %ld", sk, timeo);
++
++ /* Wait for an incoming connection. (wake-one). */
++ add_wait_queue_exclusive(sk->sleep, &wait);
++ while (!(nsk = bluez_accept_dequeue(sk, newsock))) {
++ set_current_state(TASK_INTERRUPTIBLE);
++ if (!timeo) {
++ err = -EAGAIN;
++ break;
++ }
++
++ release_sock(sk);
++ timeo = schedule_timeout(timeo);
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ break;
++ }
++
++ if (signal_pending(current)) {
++ err = sock_intr_errno(timeo);
++ break;
++ }
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++
++ if (err)
++ goto done;
++
++ newsock->state = SS_CONNECTED;
++
++ BT_DBG("new socket %p", nsk);
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
++{
++ struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
++ struct sock *sk = sock->sk;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ addr->sa_family = AF_BLUETOOTH;
++ *len = sizeof(struct sockaddr_l2);
++
++ if (peer)
++ bacpy(&la->l2_bdaddr, &bluez_pi(sk)->dst);
++ else
++ bacpy(&la->l2_bdaddr, &bluez_pi(sk)->src);
++
++ la->l2_psm = l2cap_pi(sk)->psm;
++ return 0;
++}
++
++static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (sk->err)
++ return sock_error(sk);
++
++ if (msg->msg_flags & MSG_OOB)
++ return -EOPNOTSUPP;
++
++ /* Check outgoing MTU */
++ if (len > l2cap_pi(sk)->omtu)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ if (sk->state == BT_CONNECTED)
++ err = l2cap_chan_send(sk, msg, len);
++ else
++ err = -ENOTCONN;
++
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
++{
++ struct sock *sk = sock->sk;
++ struct l2cap_options opts;
++ int err = 0, len;
++ __u32 opt;
++
++ BT_DBG("sk %p", sk);
++
++ lock_sock(sk);
++
++ switch (optname) {
++ case L2CAP_OPTIONS:
++ len = MIN(sizeof(opts), optlen);
++ if (copy_from_user((char *)&opts, optval, len)) {
++ err = -EFAULT;
++ break;
++ }
++ l2cap_pi(sk)->imtu = opts.imtu;
++ l2cap_pi(sk)->omtu = opts.omtu;
++ break;
++
++ case L2CAP_LM:
++ if (get_user(opt, (__u32 *)optval)) {
++ err = -EFAULT;
++ break;
++ }
++
++ l2cap_pi(sk)->link_mode = opt;
++ break;
++
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ }
++
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
++{
++ struct sock *sk = sock->sk;
++ struct l2cap_options opts;
++ struct l2cap_conninfo cinfo;
++ int len, err = 0;
++
++ if (get_user(len, optlen))
++ return -EFAULT;
++
++ lock_sock(sk);
++
++ switch (optname) {
++ case L2CAP_OPTIONS:
++ opts.imtu = l2cap_pi(sk)->imtu;
++ opts.omtu = l2cap_pi(sk)->omtu;
++ opts.flush_to = l2cap_pi(sk)->flush_to;
++
++ len = MIN(len, sizeof(opts));
++ if (copy_to_user(optval, (char *)&opts, len))
++ err = -EFAULT;
++
++ break;
++
++ case L2CAP_LM:
++ if (put_user(l2cap_pi(sk)->link_mode, (__u32 *)optval))
++ err = -EFAULT;
++ break;
++
++ case L2CAP_CONNINFO:
++ if (sk->state != BT_CONNECTED) {
++ err = -ENOTCONN;
++ break;
++ }
++
++ cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
++
++ len = MIN(len, sizeof(cinfo));
++ if (copy_to_user(optval, (char *)&cinfo, len))
++ err = -EFAULT;
++
++ break;
++
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ }
++
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_sock_shutdown(struct socket *sock, int how)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (!sk) return 0;
++
++ lock_sock(sk);
++ if (!sk->shutdown) {
++ sk->shutdown = SHUTDOWN_MASK;
++ l2cap_sock_clear_timer(sk);
++ __l2cap_sock_close(sk, 0);
++
++ if (sk->linger)
++ err = bluez_sock_wait_state(sk, BT_CLOSED, sk->lingertime);
++ }
++ release_sock(sk);
++ return err;
++}
++
++static int l2cap_sock_release(struct socket *sock)
++{
++ struct sock *sk = sock->sk;
++ int err;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (!sk) return 0;
++
++ err = l2cap_sock_shutdown(sock, 2);
++
++ sock_orphan(sk);
++ l2cap_sock_kill(sk);
++ return err;
++}
++
++/* --------- L2CAP channels --------- */
++static struct sock * __l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
++{
++ struct sock *s;
++ for (s = l->head; s; s = l2cap_pi(s)->next_c) {
++ if (l2cap_pi(s)->dcid == cid)
++ break;
++ }
++ return s;
++}
++
++static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
++{
++ struct sock *s;
++ for (s = l->head; s; s = l2cap_pi(s)->next_c) {
++ if (l2cap_pi(s)->scid == cid)
++ break;
++ }
++ return s;
++}
++
++/* Find channel with given SCID.
++ * Returns locked socket */
++static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
++{
++ struct sock *s;
++ read_lock(&l->lock);
++ s = __l2cap_get_chan_by_scid(l, cid);
++ if (s) bh_lock_sock(s);
++ read_unlock(&l->lock);
++ return s;
++}
++
++static __u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
++{
++ __u16 cid = 0x0040;
++
++ for (; cid < 0xffff; cid++) {
++ if(!__l2cap_get_chan_by_scid(l, cid))
++ return cid;
++ }
++
++ return 0;
++}
++
++static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
++{
++ sock_hold(sk);
++
++ if (l->head)
++ l2cap_pi(l->head)->prev_c = sk;
++
++ l2cap_pi(sk)->next_c = l->head;
++ l2cap_pi(sk)->prev_c = NULL;
++ l->head = sk;
++}
++
++static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
++{
++ struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
++
++ write_lock(&l->lock);
++ if (sk == l->head)
++ l->head = next;
++
++ if (next)
++ l2cap_pi(next)->prev_c = prev;
++ if (prev)
++ l2cap_pi(prev)->next_c = next;
++ write_unlock(&l->lock);
++
++ __sock_put(sk);
++}
++
++static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
++{
++ struct l2cap_chan_list *l = &conn->chan_list;
++
++ BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
++
++ l2cap_pi(sk)->conn = conn;
++
++ if (sk->type == SOCK_SEQPACKET) {
++ /* Alloc CID for connection-oriented socket */
++ l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
++ } else if (sk->type == SOCK_DGRAM) {
++ /* Connectionless socket */
++ l2cap_pi(sk)->scid = 0x0002;
++ l2cap_pi(sk)->dcid = 0x0002;
++ l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
++ } else {
++ /* Raw socket can send/recv signalling messages only */
++ l2cap_pi(sk)->scid = 0x0001;
++ l2cap_pi(sk)->dcid = 0x0001;
++ l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
++ }
++
++ __l2cap_chan_link(l, sk);
++
++ if (parent)
++ bluez_accept_enqueue(parent, sk);
++}
++
++static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
++{
++ struct l2cap_chan_list *l = &conn->chan_list;
++ write_lock(&l->lock);
++ __l2cap_chan_add(conn, sk, parent);
++ write_unlock(&l->lock);
++}
++
++/* Delete channel.
++ * Must be called on the locked socket. */
++static void l2cap_chan_del(struct sock *sk, int err)
++{
++ struct l2cap_conn *conn = l2cap_pi(sk)->conn;
++ struct sock *parent = bluez_pi(sk)->parent;
++
++ l2cap_sock_clear_timer(sk);
++
++ BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
++
++ if (conn) {
++ /* Unlink from channel list */
++ l2cap_chan_unlink(&conn->chan_list, sk);
++ l2cap_pi(sk)->conn = NULL;
++ hci_conn_put(conn->hcon);
++ }
++
++ sk->state = BT_CLOSED;
++ sk->zapped = 1;
++
++ if (err)
++ sk->err = err;
++
++ if (parent)
++ parent->data_ready(parent, 0);
++ else
++ sk->state_change(sk);
++}
++
++static void l2cap_conn_ready(struct l2cap_conn *conn)
++{
++ struct l2cap_chan_list *l = &conn->chan_list;
++ struct sock *sk;
++
++ BT_DBG("conn %p", conn);
++
++ read_lock(&l->lock);
++
++ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
++ bh_lock_sock(sk);
++
++ if (sk->type != SOCK_SEQPACKET) {
++ l2cap_sock_clear_timer(sk);
++ sk->state = BT_CONNECTED;
++ sk->state_change(sk);
++ } else if (sk->state == BT_CONNECT) {
++ l2cap_conn_req req;
++ req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ req.psm = l2cap_pi(sk)->psm;
++ l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
++ }
++
++ bh_unlock_sock(sk);
++ }
++
++ read_unlock(&l->lock);
++}
++
++/* Notify sockets that we cannot guaranty reliability anymore */
++static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
++{
++ struct l2cap_chan_list *l = &conn->chan_list;
++ struct sock *sk;
++
++ BT_DBG("conn %p", conn);
++
++ read_lock(&l->lock);
++ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
++ if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
++ sk->err = err;
++ }
++ read_unlock(&l->lock);
++}
++
++static void l2cap_chan_ready(struct sock *sk)
++{
++ struct sock *parent = bluez_pi(sk)->parent;
++
++ BT_DBG("sk %p, parent %p", sk, parent);
++
++ l2cap_pi(sk)->conf_state = 0;
++ l2cap_sock_clear_timer(sk);
++
++ if (!parent) {
++ /* Outgoing channel.
++ * Wake up socket sleeping on connect.
++ */
++ sk->state = BT_CONNECTED;
++ sk->state_change(sk);
++ } else {
++ /* Incomming channel.
++ * Wake up socket sleeping on accept.
++ */
++ parent->data_ready(parent, 0);
++ }
++}
++
++/* Copy frame to all raw sockets on that connection */
++void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
++{
++ struct l2cap_chan_list *l = &conn->chan_list;
++ struct sk_buff *nskb;
++ struct sock * sk;
++
++ BT_DBG("conn %p", conn);
++
++ read_lock(&l->lock);
++ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
++ if (sk->type != SOCK_RAW)
++ continue;
++
++ /* Don't send frame to the socket it came from */
++ if (skb->sk == sk)
++ continue;
++
++ if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
++ continue;
++
++ if (sock_queue_rcv_skb(sk, nskb))
++ kfree_skb(nskb);
++ }
++ read_unlock(&l->lock);
++}
++
++static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len)
++{
++ struct l2cap_conn *conn = l2cap_pi(sk)->conn;
++ struct sk_buff *skb, **frag;
++ int err, hlen, count, sent=0;
++ l2cap_hdr *lh;
++
++ BT_DBG("sk %p len %d", sk, len);
++
++ /* First fragment (with L2CAP header) */
++ if (sk->type == SOCK_DGRAM)
++ hlen = L2CAP_HDR_SIZE + 2;
++ else
++ hlen = L2CAP_HDR_SIZE;
++
++ count = MIN(conn->mtu - hlen, len);
++
++ skb = bluez_skb_send_alloc(sk, hlen + count,
++ msg->msg_flags & MSG_DONTWAIT, &err);
++ if (!skb)
++ return err;
++
++ /* Create L2CAP header */
++ lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
++ lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
++
++ if (sk->type == SOCK_DGRAM)
++ put_unaligned(l2cap_pi(sk)->psm, (__u16 *) skb_put(skb, 2));
++
++ if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
++ err = -EFAULT;
++ goto fail;
++ }
++
++ sent += count;
++ len -= count;
++
++ /* Continuation fragments (no L2CAP header) */
++ frag = &skb_shinfo(skb)->frag_list;
++ while (len) {
++ count = MIN(conn->mtu, len);
++
++ *frag = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
++ if (!*frag)
++ goto fail;
++
++ if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
++ err = -EFAULT;
++ goto fail;
++ }
++
++ sent += count;
++ len -= count;
++
++ frag = &(*frag)->next;
++ }
++
++ if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
++ goto fail;
++
++ return sent;
++
++fail:
++ kfree_skb(skb);
++ return err;
++}
++
++/* --------- L2CAP signalling commands --------- */
++static inline __u8 l2cap_get_ident(struct l2cap_conn *conn)
++{
++ __u8 id;
++
++ /* Get next available identificator.
++ * 1 - 199 are used by kernel.
++ * 200 - 254 are used by utilities like l2ping, etc
++ */
++
++ spin_lock(&conn->lock);
++
++ if (++conn->tx_ident > 199)
++ conn->tx_ident = 1;
++
++ id = conn->tx_ident;
++
++ spin_unlock(&conn->lock);
++
++ return id;
++}
++
++static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
++ __u8 code, __u8 ident, __u16 dlen, void *data)
++{
++ struct sk_buff *skb, **frag;
++ l2cap_cmd_hdr *cmd;
++ l2cap_hdr *lh;
++ int len, count;
++
++ BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
++
++ len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
++ count = MIN(conn->mtu, len);
++
++ skb = bluez_skb_alloc(count, GFP_ATOMIC);
++ if (!skb)
++ return NULL;
++
++ lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
++ lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
++ lh->cid = __cpu_to_le16(0x0001);
++
++ cmd = (l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
++ cmd->code = code;
++ cmd->ident = ident;
++ cmd->len = __cpu_to_le16(dlen);
++
++ if (dlen) {
++ count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
++ memcpy(skb_put(skb, count), data, count);
++ data += count;
++ }
++
++ len -= skb->len;
++
++ /* Continuation fragments (no L2CAP header) */
++ frag = &skb_shinfo(skb)->frag_list;
++ while (len) {
++ count = MIN(conn->mtu, len);
++
++ *frag = bluez_skb_alloc(count, GFP_ATOMIC);
++ if (!*frag)
++ goto fail;
++
++ memcpy(skb_put(*frag, count), data, count);
++
++ len -= count;
++ data += count;
++
++ frag = &(*frag)->next;
++ }
++
++ return skb;
++
++fail:
++ kfree_skb(skb);
++ return NULL;
++}
++
++static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data)
++{
++ __u8 ident = l2cap_get_ident(conn);
++ struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
++
++ BT_DBG("code 0x%2.2x", code);
++
++ if (!skb)
++ return -ENOMEM;
++ return hci_send_acl(conn->hcon, skb, 0);
++}
++
++static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data)
++{
++ struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
++
++ BT_DBG("code 0x%2.2x", code);
++
++ if (!skb)
++ return -ENOMEM;
++ return hci_send_acl(conn->hcon, skb, 0);
++}
++
++static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
++{
++ l2cap_conf_opt *opt = *ptr;
++ int len;
++
++ len = L2CAP_CONF_OPT_SIZE + opt->len;
++ *ptr += len;
++
++ *type = opt->type;
++ *olen = opt->len;
++
++ switch (opt->len) {
++ case 1:
++ *val = *((__u8 *) opt->val);
++ break;
++
++ case 2:
++ *val = __le16_to_cpu(*((__u16 *)opt->val));
++ break;
++
++ case 4:
++ *val = __le32_to_cpu(*((__u32 *)opt->val));
++ break;
++
++ default:
++ *val = (unsigned long) opt->val;
++ break;
++ };
++
++ BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
++ return len;
++}
++
++static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
++{
++ int type, hint, olen;
++ unsigned long val;
++ void *ptr = data;
++
++ BT_DBG("sk %p len %d", sk, len);
++
++ while (len >= L2CAP_CONF_OPT_SIZE) {
++ len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
++
++ hint = type & 0x80;
++ type &= 0x7f;
++
++ switch (type) {
++ case L2CAP_CONF_MTU:
++ l2cap_pi(sk)->conf_mtu = val;
++ break;
++
++ case L2CAP_CONF_FLUSH_TO:
++ l2cap_pi(sk)->flush_to = val;
++ break;
++
++ case L2CAP_CONF_QOS:
++ break;
++
++ default:
++ if (hint)
++ break;
++
++ /* FIXME: Reject unknown option */
++ break;
++ };
++ }
++}
++
++static void l2cap_add_conf_opt(void **ptr, __u8 type, __u8 len, unsigned long val)
++{
++ register l2cap_conf_opt *opt = *ptr;
++
++ BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
++
++ opt->type = type;
++ opt->len = len;
++
++ switch (len) {
++ case 1:
++ *((__u8 *) opt->val) = val;
++ break;
++
++ case 2:
++ *((__u16 *) opt->val) = __cpu_to_le16(val);
++ break;
++
++ case 4:
++ *((__u32 *) opt->val) = __cpu_to_le32(val);
++ break;
++
++ default:
++ memcpy(opt->val, (void *) val, len);
++ break;
++ };
++
++ *ptr += L2CAP_CONF_OPT_SIZE + len;
++}
++
++static int l2cap_build_conf_req(struct sock *sk, void *data)
++{
++ struct l2cap_pinfo *pi = l2cap_pi(sk);
++ l2cap_conf_req *req = (l2cap_conf_req *) data;
++ void *ptr = req->data;
++
++ BT_DBG("sk %p", sk);
++
++ if (pi->imtu != L2CAP_DEFAULT_MTU)
++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
++
++ /* FIXME. Need actual value of the flush timeout */
++ //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
++ // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
++
++ req->dcid = __cpu_to_le16(pi->dcid);
++ req->flags = __cpu_to_le16(0);
++
++ return ptr - data;
++}
++
++static inline int l2cap_conf_output(struct sock *sk, void **ptr)
++{
++ struct l2cap_pinfo *pi = l2cap_pi(sk);
++ int result = 0;
++
++ /* Configure output options and let the other side know
++ * which ones we don't like.
++ */
++ if (pi->conf_mtu < pi->omtu) {
++ l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
++ result = L2CAP_CONF_UNACCEPT;
++ } else {
++ pi->omtu = pi->conf_mtu;
++ }
++
++ BT_DBG("sk %p result %d", sk, result);
++ return result;
++}
++
++static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
++{
++ l2cap_conf_rsp *rsp = (l2cap_conf_rsp *) data;
++ void *ptr = rsp->data;
++ u16 flags = 0;
++
++ BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
++
++ if (result)
++ *result = l2cap_conf_output(sk, &ptr);
++ else
++ flags |= 0x0001;
++
++ rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ rsp->result = __cpu_to_le16(result ? *result : 0);
++ rsp->flags = __cpu_to_le16(flags);
++
++ return ptr - data;
++}
++
++static inline int l2cap_connect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ struct l2cap_chan_list *list = &conn->chan_list;
++ l2cap_conn_req *req = (l2cap_conn_req *) data;
++ l2cap_conn_rsp rsp;
++ struct sock *sk, *parent;
++ int result = 0, status = 0;
++
++ __u16 dcid = 0, scid = __le16_to_cpu(req->scid);
++ __u16 psm = req->psm;
++
++ BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
++
++ /* Check if we have socket listening on psm */
++ parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
++ if (!parent) {
++ result = L2CAP_CR_BAD_PSM;
++ goto sendresp;
++ }
++
++ result = L2CAP_CR_NO_MEM;
++
++ /* Check for backlog size */
++ if (parent->ack_backlog > parent->max_ack_backlog) {
++ BT_DBG("backlog full %d", parent->ack_backlog);
++ goto response;
++ }
++
++ sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
++ if (!sk)
++ goto response;
++
++ write_lock(&list->lock);
++
++ /* Check if we already have channel with that dcid */
++ if (__l2cap_get_chan_by_dcid(list, scid)) {
++ write_unlock(&list->lock);
++ sk->zapped = 1;
++ l2cap_sock_kill(sk);
++ goto response;
++ }
++
++ hci_conn_hold(conn->hcon);
++
++ l2cap_sock_init(sk, parent);
++ bacpy(&bluez_pi(sk)->src, conn->src);
++ bacpy(&bluez_pi(sk)->dst, conn->dst);
++ l2cap_pi(sk)->psm = psm;
++ l2cap_pi(sk)->dcid = scid;
++
++ __l2cap_chan_add(conn, sk, parent);
++ dcid = l2cap_pi(sk)->scid;
++
++ l2cap_sock_set_timer(sk, sk->sndtimeo);
++
++ /* Service level security */
++ result = L2CAP_CR_PEND;
++ status = L2CAP_CS_AUTHEN_PEND;
++ sk->state = BT_CONNECT2;
++ l2cap_pi(sk)->ident = cmd->ident;
++
++ if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) {
++ if (!hci_conn_encrypt(conn->hcon))
++ goto done;
++ } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
++ if (!hci_conn_auth(conn->hcon))
++ goto done;
++ }
++
++ sk->state = BT_CONFIG;
++ result = status = 0;
++
++done:
++ write_unlock(&list->lock);
++
++response:
++ bh_unlock_sock(parent);
++
++sendresp:
++ rsp.scid = __cpu_to_le16(scid);
++ rsp.dcid = __cpu_to_le16(dcid);
++ rsp.result = __cpu_to_le16(result);
++ rsp.status = __cpu_to_le16(status);
++ l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
++ return 0;
++}
++
++static inline int l2cap_connect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ l2cap_conn_rsp *rsp = (l2cap_conn_rsp *) data;
++ __u16 scid, dcid, result, status;
++ struct sock *sk;
++ char req[128];
++
++ scid = __le16_to_cpu(rsp->scid);
++ dcid = __le16_to_cpu(rsp->dcid);
++ result = __le16_to_cpu(rsp->result);
++ status = __le16_to_cpu(rsp->status);
++
++ BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
++
++ if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
++ return -ENOENT;
++
++ switch (result) {
++ case L2CAP_CR_SUCCESS:
++ sk->state = BT_CONFIG;
++ l2cap_pi(sk)->dcid = dcid;
++ l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
++
++ l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
++ break;
++
++ case L2CAP_CR_PEND:
++ break;
++
++ default:
++ l2cap_chan_del(sk, ECONNREFUSED);
++ break;
++ }
++
++ bh_unlock_sock(sk);
++ return 0;
++}
++
++static inline int l2cap_config_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ l2cap_conf_req * req = (l2cap_conf_req *) data;
++ __u16 dcid, flags;
++ __u8 rsp[64];
++ struct sock *sk;
++ int result;
++
++ dcid = __le16_to_cpu(req->dcid);
++ flags = __le16_to_cpu(req->flags);
++
++ BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
++
++ if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
++ return -ENOENT;
++
++ l2cap_parse_conf_req(sk, req->data, cmd->len - L2CAP_CONF_REQ_SIZE);
++
++ if (flags & 0x0001) {
++ /* Incomplete config. Send empty response. */
++ l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
++ goto unlock;
++ }
++
++ /* Complete config. */
++ l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);
++
++ if (result)
++ goto unlock;
++
++ /* Output config done */
++ l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE;
++
++ if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
++ sk->state = BT_CONNECTED;
++ l2cap_chan_ready(sk);
++ } else if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
++ char req[64];
++ l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
++ }
++
++unlock:
++ bh_unlock_sock(sk);
++ return 0;
++}
++
++static inline int l2cap_config_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ l2cap_conf_rsp *rsp = (l2cap_conf_rsp *)data;
++ __u16 scid, flags, result;
++ struct sock *sk;
++ int err = 0;
++
++ scid = __le16_to_cpu(rsp->scid);
++ flags = __le16_to_cpu(rsp->flags);
++ result = __le16_to_cpu(rsp->result);
++
++ BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
++
++ if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
++ return -ENOENT;
++
++ switch (result) {
++ case L2CAP_CONF_SUCCESS:
++ break;
++
++ case L2CAP_CONF_UNACCEPT:
++ if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
++ char req[128];
++ /*
++ It does not make sense to adjust L2CAP parameters
++ that are currently defined in the spec. We simply
++ resend config request that we sent earlier. It is
++ stupid :) but it helps qualification testing
++ which expects at least some response from us.
++ */
++ l2cap_send_req(conn, L2CAP_CONF_REQ,
++ l2cap_build_conf_req(sk, req), req);
++ goto done;
++ }
++ default:
++ sk->state = BT_DISCONN;
++ sk->err = ECONNRESET;
++ l2cap_sock_set_timer(sk, HZ * 5);
++ {
++ l2cap_disconn_req req;
++ req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
++ }
++ goto done;
++ }
++
++ if (flags & 0x01)
++ goto done;
++
++ /* Input config done */
++ l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
++
++ if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
++ sk->state = BT_CONNECTED;
++ l2cap_chan_ready(sk);
++ }
++
++done:
++ bh_unlock_sock(sk);
++ return err;
++}
++
++static inline int l2cap_disconnect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ l2cap_disconn_req *req = (l2cap_disconn_req *) data;
++ l2cap_disconn_rsp rsp;
++ __u16 dcid, scid;
++ struct sock *sk;
++
++ scid = __le16_to_cpu(req->scid);
++ dcid = __le16_to_cpu(req->dcid);
++
++ BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
++
++ if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
++ return 0;
++
++ rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, L2CAP_DISCONN_RSP_SIZE, &rsp);
++
++ sk->shutdown = SHUTDOWN_MASK;
++
++ l2cap_chan_del(sk, ECONNRESET);
++ bh_unlock_sock(sk);
++
++ l2cap_sock_kill(sk);
++ return 0;
++}
++
++static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
++{
++ l2cap_disconn_rsp *rsp = (l2cap_disconn_rsp *) data;
++ __u16 dcid, scid;
++ struct sock *sk;
++
++ scid = __le16_to_cpu(rsp->scid);
++ dcid = __le16_to_cpu(rsp->dcid);
++
++ BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
++
++ if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
++ return 0;
++ l2cap_chan_del(sk, 0);
++ bh_unlock_sock(sk);
++
++ l2cap_sock_kill(sk);
++ return 0;
++}
++
++static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
++{
++ __u8 *data = skb->data;
++ int len = skb->len;
++ l2cap_cmd_hdr cmd;
++ int err = 0;
++
++ while (len >= L2CAP_CMD_HDR_SIZE) {
++ memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
++ data += L2CAP_CMD_HDR_SIZE;
++ len -= L2CAP_CMD_HDR_SIZE;
++
++ cmd.len = __le16_to_cpu(cmd.len);
++
++ BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
++
++ if (cmd.len > len || !cmd.ident) {
++ BT_DBG("corrupted command");
++ break;
++ }
++
++ switch (cmd.code) {
++ case L2CAP_CONN_REQ:
++ err = l2cap_connect_req(conn, &cmd, data);
++ break;
++
++ case L2CAP_CONN_RSP:
++ err = l2cap_connect_rsp(conn, &cmd, data);
++ break;
++
++ case L2CAP_CONF_REQ:
++ err = l2cap_config_req(conn, &cmd, data);
++ break;
++
++ case L2CAP_CONF_RSP:
++ err = l2cap_config_rsp(conn, &cmd, data);
++ break;
++
++ case L2CAP_DISCONN_REQ:
++ err = l2cap_disconnect_req(conn, &cmd, data);
++ break;
++
++ case L2CAP_DISCONN_RSP:
++ err = l2cap_disconnect_rsp(conn, &cmd, data);
++ break;
++
++ case L2CAP_COMMAND_REJ:
++ /* FIXME: We should process this */
++ l2cap_raw_recv(conn, skb);
++ break;
++
++ case L2CAP_ECHO_REQ:
++ l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
++ break;
++
++ case L2CAP_ECHO_RSP:
++ case L2CAP_INFO_REQ:
++ case L2CAP_INFO_RSP:
++ l2cap_raw_recv(conn, skb);
++ break;
++
++ default:
++ BT_ERR("Uknown signaling command 0x%2.2x", cmd.code);
++ err = -EINVAL;
++ break;
++ };
++
++ if (err) {
++ l2cap_cmd_rej rej;
++ BT_DBG("error %d", err);
++
++ /* FIXME: Map err to a valid reason. */
++ rej.reason = __cpu_to_le16(0);
++ l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, L2CAP_CMD_REJ_SIZE, &rej);
++ }
++
++ data += cmd.len;
++ len -= cmd.len;
++ }
++
++ kfree_skb(skb);
++}
++
++static inline int l2cap_data_channel(struct l2cap_conn *conn, __u16 cid, struct sk_buff *skb)
++{
++ struct sock *sk;
++
++ sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
++ if (!sk) {
++ BT_DBG("unknown cid 0x%4.4x", cid);
++ goto drop;
++ }
++
++ BT_DBG("sk %p, len %d", sk, skb->len);
++
++ if (sk->state != BT_CONNECTED)
++ goto drop;
++
++ if (l2cap_pi(sk)->imtu < skb->len)
++ goto drop;
++
++ /* If socket recv buffers overflows we drop data here
++ * which is *bad* because L2CAP has to be reliable.
++ * But we don't have any other choice. L2CAP doesn't
++ * provide flow control mechanism */
++
++ if (!sock_queue_rcv_skb(sk, skb))
++ goto done;
++
++drop:
++ kfree_skb(skb);
++
++done:
++ if (sk) bh_unlock_sock(sk);
++ return 0;
++}
++
++static inline int l2cap_conless_channel(struct l2cap_conn *conn, __u16 psm, struct sk_buff *skb)
++{
++ struct sock *sk;
++
++ sk = l2cap_get_sock_by_psm(0, psm, conn->src);
++ if (!sk)
++ goto drop;
++
++ BT_DBG("sk %p, len %d", sk, skb->len);
++
++ if (sk->state != BT_BOUND && sk->state != BT_CONNECTED)
++ goto drop;
++
++ if (l2cap_pi(sk)->imtu < skb->len)
++ goto drop;
++
++ if (!sock_queue_rcv_skb(sk, skb))
++ goto done;
++
++drop:
++ kfree_skb(skb);
++
++done:
++ if (sk) bh_unlock_sock(sk);
++ return 0;
++}
++
++static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
++{
++ l2cap_hdr *lh = (l2cap_hdr *) skb->data;
++ __u16 cid, psm, len;
++
++ skb_pull(skb, L2CAP_HDR_SIZE);
++ cid = __le16_to_cpu(lh->cid);
++ len = __le16_to_cpu(lh->len);
++
++ BT_DBG("len %d, cid 0x%4.4x", len, cid);
++
++ switch (cid) {
++ case 0x0001:
++ l2cap_sig_channel(conn, skb);
++ break;
++
++ case 0x0002:
++ psm = get_unaligned((__u16 *) skb->data);
++ skb_pull(skb, 2);
++ l2cap_conless_channel(conn, psm, skb);
++ break;
++
++ default:
++ l2cap_data_channel(conn, cid, skb);
++ break;
++ }
++}
++
++/* ------------ L2CAP interface with lower layer (HCI) ------------- */
++
++static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
++{
++ int exact = 0, lm1 = 0, lm2 = 0;
++ register struct sock *sk;
++
++ if (type != ACL_LINK)
++ return 0;
++
++ BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
++
++ /* Find listening sockets and check their link_mode */
++ read_lock(&l2cap_sk_list.lock);
++ for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
++ if (sk->state != BT_LISTEN)
++ continue;
++
++ if (!bacmp(&bluez_pi(sk)->src, &hdev->bdaddr)) {
++ lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
++ exact++;
++ } else if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
++ lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
++ }
++ read_unlock(&l2cap_sk_list.lock);
++
++ return exact ? lm1 : lm2;
++}
++
++static int l2cap_connect_cfm(struct hci_conn *hcon, __u8 status)
++{
++ BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
++
++ if (hcon->type != ACL_LINK)
++ return 0;
++
++ if (!status) {
++ struct l2cap_conn *conn;
++
++ conn = l2cap_conn_add(hcon, status);
++ if (conn)
++ l2cap_conn_ready(conn);
++ } else
++ l2cap_conn_del(hcon, bterr(status));
++
++ return 0;
++}
++
++static int l2cap_disconn_ind(struct hci_conn *hcon, __u8 reason)
++{
++ BT_DBG("hcon %p reason %d", hcon, reason);
++
++ if (hcon->type != ACL_LINK)
++ return 0;
++
++ l2cap_conn_del(hcon, bterr(reason));
++ return 0;
++}
++
++static int l2cap_auth_cfm(struct hci_conn *hcon, __u8 status)
++{
++ struct l2cap_chan_list *l;
++ struct l2cap_conn *conn;
++ l2cap_conn_rsp rsp;
++ struct sock *sk;
++ int result;
++
++ if (!(conn = hcon->l2cap_data))
++ return 0;
++ l = &conn->chan_list;
++
++ BT_DBG("conn %p", conn);
++
++ read_lock(&l->lock);
++
++ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
++ bh_lock_sock(sk);
++
++ if (sk->state != BT_CONNECT2 ||
++ (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)) {
++ bh_unlock_sock(sk);
++ continue;
++ }
++
++ if (!status) {
++ sk->state = BT_CONFIG;
++ result = 0;
++ } else {
++ sk->state = BT_DISCONN;
++ l2cap_sock_set_timer(sk, HZ/10);
++ result = L2CAP_CR_SEC_BLOCK;
++ }
++
++ rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ rsp.result = __cpu_to_le16(result);
++ rsp.status = __cpu_to_le16(0);
++ l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
++ L2CAP_CONN_RSP_SIZE, &rsp);
++
++ bh_unlock_sock(sk);
++ }
++
++ read_unlock(&l->lock);
++ return 0;
++}
++
++static int l2cap_encrypt_cfm(struct hci_conn *hcon, __u8 status)
++{
++ struct l2cap_chan_list *l;
++ struct l2cap_conn *conn;
++ l2cap_conn_rsp rsp;
++ struct sock *sk;
++ int result;
++
++ if (!(conn = hcon->l2cap_data))
++ return 0;
++ l = &conn->chan_list;
++
++ BT_DBG("conn %p", conn);
++
++ read_lock(&l->lock);
++
++ for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
++ bh_lock_sock(sk);
++
++ if (sk->state != BT_CONNECT2) {
++ bh_unlock_sock(sk);
++ continue;
++ }
++
++ if (!status) {
++ sk->state = BT_CONFIG;
++ result = 0;
++ } else {
++ sk->state = BT_DISCONN;
++ l2cap_sock_set_timer(sk, HZ/10);
++ result = L2CAP_CR_SEC_BLOCK;
++ }
++
++ rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
++ rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
++ rsp.result = __cpu_to_le16(result);
++ rsp.status = __cpu_to_le16(0);
++ l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
++ L2CAP_CONN_RSP_SIZE, &rsp);
++
++ bh_unlock_sock(sk);
++ }
++
++ read_unlock(&l->lock);
++ return 0;
++}
++
++static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, __u16 flags)
++{
++ struct l2cap_conn *conn = hcon->l2cap_data;
++
++ if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
++ goto drop;
++
++ BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
++
++ if (flags & ACL_START) {
++ l2cap_hdr *hdr;
++ int len;
++
++ if (conn->rx_len) {
++ BT_ERR("Unexpected start frame (len %d)", skb->len);
++ kfree_skb(conn->rx_skb);
++ conn->rx_skb = NULL;
++ conn->rx_len = 0;
++ l2cap_conn_unreliable(conn, ECOMM);
++ }
++
++ if (skb->len < 2) {
++ BT_ERR("Frame is too short (len %d)", skb->len);
++ l2cap_conn_unreliable(conn, ECOMM);
++ goto drop;
++ }
++
++ hdr = (l2cap_hdr *) skb->data;
++ len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
++
++ if (len == skb->len) {
++ /* Complete frame received */
++ l2cap_recv_frame(conn, skb);
++ return 0;
++ }
++
++ BT_DBG("Start: total len %d, frag len %d", len, skb->len);
++
++ if (skb->len > len) {
++ BT_ERR("Frame is too long (len %d, expected len %d)",
++ skb->len, len);
++ l2cap_conn_unreliable(conn, ECOMM);
++ goto drop;
++ }
++
++ /* Allocate skb for the complete frame including header */
++ conn->rx_skb = bluez_skb_alloc(len, GFP_ATOMIC);
++ if (!conn->rx_skb)
++ goto drop;
++
++ memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
++ conn->rx_len = len - skb->len;
++ } else {
++ BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
++
++ if (!conn->rx_len) {
++ BT_ERR("Unexpected continuation frame (len %d)", skb->len);
++ l2cap_conn_unreliable(conn, ECOMM);
++ goto drop;
++ }
++
++ if (skb->len > conn->rx_len) {
++ BT_ERR("Fragment is too long (len %d, expected %d)",
++ skb->len, conn->rx_len);
++ kfree_skb(conn->rx_skb);
++ conn->rx_skb = NULL;
++ conn->rx_len = 0;
++ l2cap_conn_unreliable(conn, ECOMM);
++ goto drop;
++ }
++
++ memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
++ conn->rx_len -= skb->len;
++
++ if (!conn->rx_len) {
++ /* Complete frame received */
++ l2cap_recv_frame(conn, conn->rx_skb);
++ conn->rx_skb = NULL;
++ }
++ }
++
++drop:
++ kfree_skb(skb);
++ return 0;
++}
++
++/* ----- Proc fs support ------ */
++static int l2cap_sock_dump(char *buf, struct bluez_sock_list *list)
++{
++ struct l2cap_pinfo *pi;
++ struct sock *sk;
++ char *ptr = buf;
++
++ read_lock_bh(&list->lock);
++
++ for (sk = list->head; sk; sk = sk->next) {
++ pi = l2cap_pi(sk);
++ ptr += sprintf(ptr, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
++ batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
++ sk->state, pi->psm, pi->scid, pi->dcid, pi->imtu, pi->omtu,
++ pi->link_mode);
++ }
++
++ read_unlock_bh(&list->lock);
++
++ ptr += sprintf(ptr, "\n");
++ return ptr - buf;
++}
++
++static int l2cap_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
++{
++ char *ptr = buf;
++ int len;
++
++ BT_DBG("count %d, offset %ld", count, offset);
++
++ ptr += l2cap_sock_dump(ptr, &l2cap_sk_list);
++ len = ptr - buf;
++
++ if (len <= count + offset)
++ *eof = 1;
++
++ *start = buf + offset;
++ len -= offset;
++
++ if (len > count)
++ len = count;
++ if (len < 0)
++ len = 0;
++
++ return len;
++}
++
++static struct proto_ops l2cap_sock_ops = {
++ family: PF_BLUETOOTH,
++ release: l2cap_sock_release,
++ bind: l2cap_sock_bind,
++ connect: l2cap_sock_connect,
++ listen: l2cap_sock_listen,
++ accept: l2cap_sock_accept,
++ getname: l2cap_sock_getname,
++ sendmsg: l2cap_sock_sendmsg,
++ recvmsg: bluez_sock_recvmsg,
++ poll: bluez_sock_poll,
++ socketpair: sock_no_socketpair,
++ ioctl: sock_no_ioctl,
++ shutdown: l2cap_sock_shutdown,
++ setsockopt: l2cap_sock_setsockopt,
++ getsockopt: l2cap_sock_getsockopt,
++ mmap: sock_no_mmap
++};
++
++static struct net_proto_family l2cap_sock_family_ops = {
++ family: PF_BLUETOOTH,
++ create: l2cap_sock_create
++};
++
++static struct hci_proto l2cap_hci_proto = {
++ name: "L2CAP",
++ id: HCI_PROTO_L2CAP,
++ connect_ind: l2cap_connect_ind,
++ connect_cfm: l2cap_connect_cfm,
++ disconn_ind: l2cap_disconn_ind,
++ recv_acldata: l2cap_recv_acldata,
++ auth_cfm: l2cap_auth_cfm,
++ encrypt_cfm: l2cap_encrypt_cfm
++};
++
++int __init l2cap_init(void)
++{
++ int err;
++
++ if ((err = bluez_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops))) {
++ BT_ERR("Can't register L2CAP socket");
++ return err;
++ }
++
++ if ((err = hci_register_proto(&l2cap_hci_proto))) {
++ BT_ERR("Can't register L2CAP protocol");
++ return err;
++ }
++
++ create_proc_read_entry("bluetooth/l2cap", 0, 0, l2cap_read_proc, NULL);
++
++ BT_INFO("BlueZ L2CAP ver %s Copyright (C) 2000,2001 Qualcomm Inc", VERSION);
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++ return 0;
++}
++
++void l2cap_cleanup(void)
++{
++ remove_proc_entry("bluetooth/l2cap", NULL);
++
++ /* Unregister socket and protocol */
++ if (bluez_sock_unregister(BTPROTO_L2CAP))
++ BT_ERR("Can't unregister L2CAP socket");
++
++ if (hci_unregister_proto(&l2cap_hci_proto))
++ BT_ERR("Can't unregister L2CAP protocol");
++}
++
++void l2cap_load(void)
++{
++ /* Dummy function to trigger automatic L2CAP module loading by
++ other modules that use L2CAP sockets but do not use any other
++ symbols from it. */
++ return;
++}
++
++EXPORT_SYMBOL(l2cap_load);
++
++module_init(l2cap_init);
++module_exit(l2cap_cleanup);
++
++MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
++MODULE_DESCRIPTION("BlueZ L2CAP ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/l2cap_core.c linux-2.4.18-mh9/net/bluetooth/l2cap_core.c
+--- linux-2.4.18/net/bluetooth/l2cap_core.c Sun Sep 30 21:26:08 2001
++++ linux-2.4.18-mh9/net/bluetooth/l2cap_core.c Thu Jan 1 01:00:00 1970
+@@ -1,2316 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * BlueZ L2CAP core and sockets.
+- *
+- * $Id: l2cap_core.c,v 1.19 2001/08/03 04:19:50 maxk Exp $
+- */
+-#define VERSION "1.1"
+-
+-#include <linux/config.h>
+-#include <linux/module.h>
+-
+-#include <linux/types.h>
+-#include <linux/errno.h>
+-#include <linux/kernel.h>
+-#include <linux/major.h>
+-#include <linux/sched.h>
+-#include <linux/slab.h>
+-#include <linux/poll.h>
+-#include <linux/fcntl.h>
+-#include <linux/init.h>
+-#include <linux/skbuff.h>
+-#include <linux/interrupt.h>
+-#include <linux/socket.h>
+-#include <linux/skbuff.h>
+-#include <linux/proc_fs.h>
+-#include <linux/list.h>
+-#include <net/sock.h>
+-
+-#include <asm/system.h>
+-#include <asm/uaccess.h>
+-
+-#include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+-#include <net/bluetooth/hci_core.h>
+-#include <net/bluetooth/l2cap.h>
+-#include <net/bluetooth/l2cap_core.h>
+-
+-#ifndef L2CAP_DEBUG
+-#undef DBG
+-#define DBG( A... )
+-#endif
+-
+-struct proto_ops l2cap_sock_ops;
+-
+-struct bluez_sock_list l2cap_sk_list = {
+- lock: RW_LOCK_UNLOCKED
+-};
+-
+-struct list_head l2cap_iff_list = LIST_HEAD_INIT(l2cap_iff_list);
+-rwlock_t l2cap_rt_lock = RW_LOCK_UNLOCKED;
+-
+-static int l2cap_conn_del(struct l2cap_conn *conn, int err);
+-
+-static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
+-static void l2cap_chan_del(struct sock *sk, int err);
+-static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);
+-
+-static void l2cap_sock_close(struct sock *sk);
+-static void l2cap_sock_kill(struct sock *sk);
+-
+-static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);
+-static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);
+-
+-/* -------- L2CAP interfaces & routing --------- */
+-/* Add/delete L2CAP interface.
+- * Must be called with locked rt_lock
+- */
+-
+-static void l2cap_iff_add(struct hci_dev *hdev)
+-{
+- struct l2cap_iff *iff;
+-
+- DBG("%s", hdev->name);
+-
+- DBG("iff_list %p next %p prev %p", &l2cap_iff_list, l2cap_iff_list.next, l2cap_iff_list.prev);
+-
+- /* Allocate new interface and lock HCI device */
+- if (!(iff = kmalloc(sizeof(struct l2cap_iff), GFP_KERNEL))) {
+- ERR("Can't allocate new interface %s", hdev->name);
+- return;
+- }
+- memset(iff, 0, sizeof(struct l2cap_iff));
+-
+- hci_dev_hold(hdev);
+- hdev->l2cap_data = iff;
+- iff->hdev = hdev;
+- iff->mtu = hdev->acl_mtu - HCI_ACL_HDR_SIZE;
+- iff->bdaddr = &hdev->bdaddr;
+-
+- spin_lock_init(&iff->lock);
+- INIT_LIST_HEAD(&iff->conn_list);
+-
+- list_add(&iff->list, &l2cap_iff_list);
+-}
+-
+-static void l2cap_iff_del(struct hci_dev *hdev)
+-{
+- struct l2cap_iff *iff;
+-
+- if (!(iff = hdev->l2cap_data))
+- return;
+-
+- DBG("%s iff %p", hdev->name, iff);
+-
+- list_del(&iff->list);
+-
+- l2cap_iff_lock(iff);
+-
+- /* Drop connections */
+- while (!list_empty(&iff->conn_list)) {
+- struct l2cap_conn *c;
+-
+- c = list_entry(iff->conn_list.next, struct l2cap_conn, list);
+- l2cap_conn_del(c, ENODEV);
+- }
+-
+- l2cap_iff_unlock(iff);
+-
+- /* Unlock HCI device */
+- hdev->l2cap_data = NULL;
+- hci_dev_put(hdev);
+-
+- kfree(iff);
+-}
+-
+-/* Get route. Returns L2CAP interface.
+- * Must be called with locked rt_lock
+- */
+-static struct l2cap_iff *l2cap_get_route(bdaddr_t *src, bdaddr_t *dst)
+-{
+- struct list_head *p;
+- int use_src;
+-
+- DBG("%s -> %s", batostr(src), batostr(dst));
+-
+- use_src = bacmp(src, BDADDR_ANY) ? 0 : 1;
+-
+- /* Simple routing:
+- * No source address - find interface with bdaddr != dst
+- * Source address - find interface with bdaddr == src
+- */
+-
+- list_for_each(p, &l2cap_iff_list) {
+- struct l2cap_iff *iff;
+-
+- iff = list_entry(p, struct l2cap_iff, list);
+-
+- if (use_src && !bacmp(iff->bdaddr, src))
+- return iff;
+- else if (bacmp(iff->bdaddr, dst))
+- return iff;
+- }
+- return NULL;
+-}
+-
+-/* ----- L2CAP timers ------ */
+-static void l2cap_sock_timeout(unsigned long arg)
+-{
+- struct sock *sk = (struct sock *) arg;
+-
+- DBG("sock %p state %d", sk, sk->state);
+-
+- bh_lock_sock(sk);
+- switch (sk->state) {
+- case BT_DISCONN:
+- l2cap_chan_del(sk, ETIMEDOUT);
+- break;
+-
+- default:
+- sk->err = ETIMEDOUT;
+- sk->state_change(sk);
+- break;
+- };
+- bh_unlock_sock(sk);
+-
+- l2cap_sock_kill(sk);
+- sock_put(sk);
+-}
+-
+-static void l2cap_sock_set_timer(struct sock *sk, long timeout)
+-{
+- DBG("sock %p state %d timeout %ld", sk, sk->state, timeout);
+-
+- if (!mod_timer(&sk->timer, jiffies + timeout))
+- sock_hold(sk);
+-}
+-
+-static void l2cap_sock_clear_timer(struct sock *sk)
+-{
+- DBG("sock %p state %d", sk, sk->state);
+-
+- if (timer_pending(&sk->timer) && del_timer(&sk->timer))
+- __sock_put(sk);
+-}
+-
+-static void l2cap_sock_init_timer(struct sock *sk)
+-{
+- init_timer(&sk->timer);
+- sk->timer.function = l2cap_sock_timeout;
+- sk->timer.data = (unsigned long)sk;
+-}
+-
+-static void l2cap_conn_timeout(unsigned long arg)
+-{
+- struct l2cap_conn *conn = (void *)arg;
+-
+- DBG("conn %p state %d", conn, conn->state);
+-
+- if (conn->state == BT_CONNECTED) {
+- hci_disconnect(conn->hconn, 0x13);
+- }
+-
+- return;
+-}
+-
+-static void l2cap_conn_set_timer(struct l2cap_conn *conn, long timeout)
+-{
+- DBG("conn %p state %d timeout %ld", conn, conn->state, timeout);
+-
+- mod_timer(&conn->timer, jiffies + timeout);
+-}
+-
+-static void l2cap_conn_clear_timer(struct l2cap_conn *conn)
+-{
+- DBG("conn %p state %d", conn, conn->state);
+-
+- del_timer(&conn->timer);
+-}
+-
+-static void l2cap_conn_init_timer(struct l2cap_conn *conn)
+-{
+- init_timer(&conn->timer);
+- conn->timer.function = l2cap_conn_timeout;
+- conn->timer.data = (unsigned long)conn;
+-}
+-
+-/* -------- L2CAP connections --------- */
+-/* Add new connection to the interface.
+- * Interface must be locked
+- */
+-static struct l2cap_conn *l2cap_conn_add(struct l2cap_iff *iff, bdaddr_t *dst)
+-{
+- struct l2cap_conn *conn;
+- bdaddr_t *src = iff->bdaddr;
+-
+- if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_KERNEL)))
+- return NULL;
+-
+- memset(conn, 0, sizeof(struct l2cap_conn));
+-
+- conn->state = BT_OPEN;
+- conn->iff = iff;
+- bacpy(&conn->src, src);
+- bacpy(&conn->dst, dst);
+-
+- spin_lock_init(&conn->lock);
+- conn->chan_list.lock = RW_LOCK_UNLOCKED;
+-
+- l2cap_conn_init_timer(conn);
+-
+- __l2cap_conn_link(iff, conn);
+-
+- DBG("%s -> %s, %p", batostr(src), batostr(dst), conn);
+-
+- MOD_INC_USE_COUNT;
+-
+- return conn;
+-}
+-
+-/* Delete connection on the interface.
+- * Interface must be locked
+- */
+-static int l2cap_conn_del(struct l2cap_conn *conn, int err)
+-{
+- struct sock *sk;
+-
+- DBG("conn %p, state %d, err %d", conn, conn->state, err);
+-
+- l2cap_conn_clear_timer(conn);
+- __l2cap_conn_unlink(conn->iff, conn);
+-
+- conn->state = BT_CLOSED;
+-
+- if (conn->rx_skb)
+- kfree_skb(conn->rx_skb);
+-
+- /* Kill channels */
+- while ((sk = conn->chan_list.head)) {
+- bh_lock_sock(sk);
+- l2cap_sock_clear_timer(sk);
+- l2cap_chan_del(sk, err);
+- bh_unlock_sock(sk);
+-
+- l2cap_sock_kill(sk);
+- }
+-
+- kfree(conn);
+-
+- MOD_DEC_USE_COUNT;
+- return 0;
+-}
+-
+-static inline struct l2cap_conn *l2cap_get_conn_by_addr(struct l2cap_iff *iff, bdaddr_t *dst)
+-{
+- struct list_head *p;
+-
+- list_for_each(p, &iff->conn_list) {
+- struct l2cap_conn *c;
+-
+- c = list_entry(p, struct l2cap_conn, list);
+- if (!bacmp(&c->dst, dst))
+- return c;
+- }
+- return NULL;
+-}
+-
+-int l2cap_connect(struct sock *sk)
+-{
+- bdaddr_t *src = &l2cap_pi(sk)->src;
+- bdaddr_t *dst = &l2cap_pi(sk)->dst;
+- struct l2cap_conn *conn;
+- struct l2cap_iff *iff;
+- int err = 0;
+-
+- DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
+-
+- read_lock_bh(&l2cap_rt_lock);
+-
+- /* Get route to remote BD address */
+- if (!(iff = l2cap_get_route(src, dst))) {
+- err = -EHOSTUNREACH;
+- goto done;
+- }
+-
+- /* Update source addr of the socket */
+- bacpy(src, iff->bdaddr);
+-
+- l2cap_iff_lock(iff);
+-
+- if (!(conn = l2cap_get_conn_by_addr(iff, dst))) {
+- /* Connection doesn't exist */
+- if (!(conn = l2cap_conn_add(iff, dst))) {
+- l2cap_iff_unlock(iff);
+- err = -ENOMEM;
+- goto done;
+- }
+- conn->out = 1;
+- }
+-
+- l2cap_iff_unlock(iff);
+-
+- l2cap_chan_add(conn, sk, NULL);
+-
+- sk->state = BT_CONNECT;
+- l2cap_sock_set_timer(sk, sk->sndtimeo);
+-
+- switch (conn->state) {
+- case BT_CONNECTED:
+- if (sk->type == SOCK_SEQPACKET) {
+- l2cap_conn_req req;
+- req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- req.psm = l2cap_pi(sk)->psm;
+- l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
+- } else {
+- l2cap_sock_clear_timer(sk);
+- sk->state = BT_CONNECTED;
+- }
+- break;
+-
+- case BT_CONNECT:
+- break;
+-
+- default:
+- /* Create ACL connection */
+- conn->state = BT_CONNECT;
+- hci_connect(iff->hdev, dst);
+- break;
+- };
+-
+-done:
+- read_unlock_bh(&l2cap_rt_lock);
+- return err;
+-}
+-
+-/* ------ Channel queues for listening sockets ------ */
+-void l2cap_accept_queue(struct sock *parent, struct sock *sk)
+-{
+- struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
+-
+- DBG("parent %p, sk %p", parent, sk);
+-
+- sock_hold(sk);
+- l2cap_pi(sk)->parent = parent;
+- l2cap_pi(sk)->next_q = NULL;
+-
+- if (!q->head) {
+- q->head = q->tail = sk;
+- } else {
+- struct sock *tail = q->tail;
+-
+- l2cap_pi(sk)->prev_q = tail;
+- l2cap_pi(tail)->next_q = sk;
+- q->tail = sk;
+- }
+-
+- parent->ack_backlog++;
+-}
+-
+-void l2cap_accept_unlink(struct sock *sk)
+-{
+- struct sock *parent = l2cap_pi(sk)->parent;
+- struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
+- struct sock *next, *prev;
+-
+- DBG("sk %p", sk);
+-
+- next = l2cap_pi(sk)->next_q;
+- prev = l2cap_pi(sk)->prev_q;
+-
+- if (sk == q->head)
+- q->head = next;
+- if (sk == q->tail)
+- q->tail = prev;
+-
+- if (next)
+- l2cap_pi(next)->prev_q = prev;
+- if (prev)
+- l2cap_pi(prev)->next_q = next;
+-
+- l2cap_pi(sk)->parent = NULL;
+-
+- parent->ack_backlog--;
+- __sock_put(sk);
+-}
+-
+-/* Get next connected channel in queue. */
+-struct sock *l2cap_accept_dequeue(struct sock *parent, int state)
+-{
+- struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
+- struct sock *sk;
+-
+- for (sk = q->head; sk; sk = l2cap_pi(sk)->next_q) {
+- if (!state || sk->state == state) {
+- l2cap_accept_unlink(sk);
+- break;
+- }
+- }
+-
+- DBG("parent %p, sk %p", parent, sk);
+-
+- return sk;
+-}
+-
+-/* -------- Socket interface ---------- */
+-static struct sock *__l2cap_get_sock_by_addr(struct sockaddr_l2 *addr)
+-{
+- bdaddr_t *src = &addr->l2_bdaddr;
+- __u16 psm = addr->l2_psm;
+- struct sock *sk;
+-
+- for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
+- if (l2cap_pi(sk)->psm == psm &&
+- !bacmp(&l2cap_pi(sk)->src, src))
+- break;
+- }
+-
+- return sk;
+-}
+-
+-/* Find socket listening on psm and source bdaddr.
+- * Returns closest match.
+- */
+-static struct sock *l2cap_get_sock_listen(bdaddr_t *src, __u16 psm)
+-{
+- struct sock *sk, *sk1 = NULL;
+-
+- read_lock(&l2cap_sk_list.lock);
+-
+- for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
+- struct l2cap_pinfo *pi;
+-
+- if (sk->state != BT_LISTEN)
+- continue;
+-
+- pi = l2cap_pi(sk);
+-
+- if (pi->psm == psm) {
+- /* Exact match. */
+- if (!bacmp(&pi->src, src))
+- break;
+-
+- /* Closest match */
+- if (!bacmp(&pi->src, BDADDR_ANY))
+- sk1 = sk;
+- }
+- }
+-
+- read_unlock(&l2cap_sk_list.lock);
+-
+- return sk ? sk : sk1;
+-}
+-
+-static void l2cap_sock_destruct(struct sock *sk)
+-{
+- DBG("sk %p", sk);
+-
+- skb_queue_purge(&sk->receive_queue);
+- skb_queue_purge(&sk->write_queue);
+-
+- MOD_DEC_USE_COUNT;
+-}
+-
+-static void l2cap_sock_cleanup_listen(struct sock *parent)
+-{
+- struct sock *sk;
+-
+- DBG("parent %p", parent);
+-
+- /* Close not yet accepted channels */
+- while ((sk = l2cap_accept_dequeue(parent, 0)))
+- l2cap_sock_close(sk);
+-
+- parent->state = BT_CLOSED;
+- parent->zapped = 1;
+-}
+-
+-/* Kill socket (only if zapped and orphan)
+- * Must be called on unlocked socket.
+- */
+-static void l2cap_sock_kill(struct sock *sk)
+-{
+- if (!sk->zapped || sk->socket)
+- return;
+-
+- DBG("sk %p state %d", sk, sk->state);
+-
+- /* Kill poor orphan */
+- bluez_sock_unlink(&l2cap_sk_list, sk);
+- sk->dead = 1;
+- sock_put(sk);
+-}
+-
+-/* Close socket.
+- * Must be called on unlocked socket.
+- */
+-static void l2cap_sock_close(struct sock *sk)
+-{
+- struct l2cap_conn *conn;
+-
+- l2cap_sock_clear_timer(sk);
+-
+- lock_sock(sk);
+-
+- conn = l2cap_pi(sk)->conn;
+-
+- DBG("sk %p state %d conn %p socket %p", sk, sk->state, conn, sk->socket);
+-
+- switch (sk->state) {
+- case BT_LISTEN:
+- l2cap_sock_cleanup_listen(sk);
+- break;
+-
+- case BT_CONNECTED:
+- case BT_CONFIG:
+- if (sk->type == SOCK_SEQPACKET) {
+- l2cap_disconn_req req;
+-
+- sk->state = BT_DISCONN;
+-
+- req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+- req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
+-
+- l2cap_sock_set_timer(sk, sk->sndtimeo);
+- } else {
+- l2cap_chan_del(sk, ECONNRESET);
+- }
+- break;
+-
+- case BT_CONNECT:
+- case BT_DISCONN:
+- l2cap_chan_del(sk, ECONNRESET);
+- break;
+-
+- default:
+- sk->zapped = 1;
+- break;
+- };
+-
+- release_sock(sk);
+-
+- l2cap_sock_kill(sk);
+-}
+-
+-static void l2cap_sock_init(struct sock *sk, struct sock *parent)
+-{
+- struct l2cap_pinfo *pi = l2cap_pi(sk);
+-
+- DBG("sk %p", sk);
+-
+- if (parent) {
+- sk->type = parent->type;
+-
+- pi->imtu = l2cap_pi(parent)->imtu;
+- pi->omtu = l2cap_pi(parent)->omtu;
+- } else {
+- pi->imtu = L2CAP_DEFAULT_MTU;
+- pi->omtu = 0;
+- }
+-
+- /* Default config options */
+- pi->conf_mtu = L2CAP_DEFAULT_MTU;
+- pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
+-}
+-
+-static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
+-{
+- struct sock *sk;
+-
+- if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
+- return NULL;
+-
+- sock_init_data(sock, sk);
+-
+- sk->zapped = 0;
+-
+- sk->destruct = l2cap_sock_destruct;
+- sk->sndtimeo = L2CAP_CONN_TIMEOUT;
+-
+- sk->protocol = proto;
+- sk->state = BT_OPEN;
+-
+- l2cap_sock_init_timer(sk);
+-
+- bluez_sock_link(&l2cap_sk_list, sk);
+-
+- MOD_INC_USE_COUNT;
+-
+- return sk;
+-}
+-
+-static int l2cap_sock_create(struct socket *sock, int protocol)
+-{
+- struct sock *sk;
+-
+- DBG("sock %p", sock);
+-
+- sock->state = SS_UNCONNECTED;
+-
+- if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_RAW)
+- return -ESOCKTNOSUPPORT;
+-
+- sock->ops = &l2cap_sock_ops;
+-
+- if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))
+- return -ENOMEM;
+-
+- l2cap_sock_init(sk, NULL);
+-
+- return 0;
+-}
+-
+-static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
+-{
+- struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
+- struct sock *sk = sock->sk;
+- int err = 0;
+-
+- DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
+-
+- if (!addr || addr->sa_family != AF_BLUETOOTH)
+- return -EINVAL;
+-
+- lock_sock(sk);
+-
+- if (sk->state != BT_OPEN) {
+- err = -EBADFD;
+- goto done;
+- }
+-
+- write_lock(&l2cap_sk_list.lock);
+-
+- if (la->l2_psm && __l2cap_get_sock_by_addr(la)) {
+- err = -EADDRINUSE;
+- goto unlock;
+- }
+-
+- /* Save source address */
+- bacpy(&l2cap_pi(sk)->src, &la->l2_bdaddr);
+- l2cap_pi(sk)->psm = la->l2_psm;
+- sk->state = BT_BOUND;
+-
+-unlock:
+- write_unlock(&l2cap_sk_list.lock);
+-
+-done:
+- release_sock(sk);
+-
+- return err;
+-}
+-
+-static int l2cap_sock_w4_connect(struct sock *sk, int flags)
+-{
+- DECLARE_WAITQUEUE(wait, current);
+- long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
+- int err = 0;
+-
+- DBG("sk %p", sk);
+-
+- add_wait_queue(sk->sleep, &wait);
+- current->state = TASK_INTERRUPTIBLE;
+-
+- while (sk->state != BT_CONNECTED) {
+- if (!timeo) {
+- err = -EAGAIN;
+- break;
+- }
+-
+- release_sock(sk);
+- timeo = schedule_timeout(timeo);
+- lock_sock(sk);
+-
+- err = 0;
+- if (sk->state == BT_CONNECTED)
+- break;
+-
+- if (sk->err) {
+- err = sock_error(sk);
+- break;
+- }
+-
+- if (signal_pending(current)) {
+- err = sock_intr_errno(timeo);
+- break;
+- }
+- }
+- current->state = TASK_RUNNING;
+- remove_wait_queue(sk->sleep, &wait);
+-
+- return err;
+-}
+-
+-static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
+-{
+- struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
+- struct sock *sk = sock->sk;
+- int err = 0;
+-
+- lock_sock(sk);
+-
+- DBG("sk %p", sk);
+-
+- if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
+- err = -EINVAL;
+- goto done;
+- }
+-
+- if (sk->state != BT_OPEN && sk->state != BT_BOUND) {
+- err = -EBADFD;
+- goto done;
+- }
+-
+- if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {
+- err = -EINVAL;
+- goto done;
+- }
+-
+- /* Set destination address and psm */
+- bacpy(&l2cap_pi(sk)->dst, &la->l2_bdaddr);
+- l2cap_pi(sk)->psm = la->l2_psm;
+-
+- if ((err = l2cap_connect(sk)))
+- goto done;
+-
+- err = l2cap_sock_w4_connect(sk, flags);
+-
+-done:
+- release_sock(sk);
+- return err;
+-}
+-
+-int l2cap_sock_listen(struct socket *sock, int backlog)
+-{
+- struct sock *sk = sock->sk;
+- int err = 0;
+-
+- DBG("sk %p backlog %d", sk, backlog);
+-
+- lock_sock(sk);
+-
+- if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
+- err = -EBADFD;
+- goto done;
+- }
+-
+- if (!l2cap_pi(sk)->psm) {
+- err = -EINVAL;
+- goto done;
+- }
+-
+- sk->max_ack_backlog = backlog;
+- sk->ack_backlog = 0;
+- sk->state = BT_LISTEN;
+-
+-done:
+- release_sock(sk);
+- return err;
+-}
+-
+-int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
+-{
+- DECLARE_WAITQUEUE(wait, current);
+- struct sock *sk = sock->sk, *ch;
+- long timeo;
+- int err = 0;
+-
+- lock_sock(sk);
+-
+- if (sk->state != BT_LISTEN) {
+- err = -EBADFD;
+- goto done;
+- }
+-
+- timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
+-
+- DBG("sk %p timeo %ld", sk, timeo);
+-
+- /* Wait for an incoming connection. (wake-one). */
+- add_wait_queue_exclusive(sk->sleep, &wait);
+- current->state = TASK_INTERRUPTIBLE;
+- while (!(ch = l2cap_accept_dequeue(sk, BT_CONNECTED))) {
+- if (!timeo) {
+- err = -EAGAIN;
+- break;
+- }
+-
+- release_sock(sk);
+- timeo = schedule_timeout(timeo);
+- lock_sock(sk);
+-
+- if (sk->state != BT_LISTEN) {
+- err = -EBADFD;
+- break;
+- }
+-
+- if (signal_pending(current)) {
+- err = sock_intr_errno(timeo);
+- break;
+- }
+- }
+- current->state = TASK_RUNNING;
+- remove_wait_queue(sk->sleep, &wait);
+-
+- if (err)
+- goto done;
+-
+- sock_graft(ch, newsock);
+- newsock->state = SS_CONNECTED;
+-
+- DBG("new socket %p", ch);
+-
+-done:
+- release_sock(sk);
+-
+- return err;
+-}
+-
+-static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
+-{
+- struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
+- struct sock *sk = sock->sk;
+-
+- DBG("sock %p, sk %p", sock, sk);
+-
+- addr->sa_family = AF_BLUETOOTH;
+- *len = sizeof(struct sockaddr_l2);
+-
+- if (peer)
+- bacpy(&la->l2_bdaddr, &l2cap_pi(sk)->dst);
+- else
+- bacpy(&la->l2_bdaddr, &l2cap_pi(sk)->src);
+-
+- la->l2_psm = l2cap_pi(sk)->psm;
+-
+- return 0;
+-}
+-
+-static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
+-{
+- struct sock *sk = sock->sk;
+- int err = 0;
+-
+- DBG("sock %p, sk %p", sock, sk);
+-
+- if (sk->err)
+- return sock_error(sk);
+-
+- if (msg->msg_flags & MSG_OOB)
+- return -EOPNOTSUPP;
+-
+- lock_sock(sk);
+-
+- if (sk->state == BT_CONNECTED)
+- err = l2cap_chan_send(sk, msg, len);
+- else
+- err = -ENOTCONN;
+-
+- release_sock(sk);
+- return err;
+-}
+-
+-static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm)
+-{
+- struct sock *sk = sock->sk;
+- int noblock = flags & MSG_DONTWAIT;
+- int copied, err;
+- struct sk_buff *skb;
+-
+- DBG("sock %p, sk %p", sock, sk);
+-
+- if (flags & (MSG_OOB))
+- return -EOPNOTSUPP;
+-
+- if (sk->state == BT_CLOSED)
+- return 0;
+-
+- if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
+- return err;
+-
+- msg->msg_namelen = 0;
+-
+- copied = skb->len;
+- if (len < copied) {
+- msg->msg_flags |= MSG_TRUNC;
+- copied = len;
+- }
+-
+- skb->h.raw = skb->data;
+- err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
+-
+- skb_free_datagram(sk, skb);
+-
+- return err ? : copied;
+-}
+-
+-int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
+-{
+- struct sock *sk = sock->sk;
+- struct l2cap_options opts;
+- int err = 0;
+-
+- DBG("sk %p", sk);
+-
+- lock_sock(sk);
+-
+- switch (optname) {
+- case L2CAP_OPTIONS:
+- if (copy_from_user((char *)&opts, optval, optlen)) {
+- err = -EFAULT;
+- break;
+- }
+- l2cap_pi(sk)->imtu = opts.imtu;
+- l2cap_pi(sk)->omtu = opts.omtu;
+- break;
+-
+- default:
+- err = -ENOPROTOOPT;
+- break;
+- };
+-
+- release_sock(sk);
+- return err;
+-}
+-
+-int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
+-{
+- struct sock *sk = sock->sk;
+- struct l2cap_options opts;
+- struct l2cap_conninfo cinfo;
+- int len, err = 0;
+-
+- if (get_user(len, optlen))
+- return -EFAULT;
+-
+- lock_sock(sk);
+-
+- switch (optname) {
+- case L2CAP_OPTIONS:
+- opts.imtu = l2cap_pi(sk)->imtu;
+- opts.omtu = l2cap_pi(sk)->omtu;
+- opts.flush_to = l2cap_pi(sk)->flush_to;
+-
+- len = MIN(len, sizeof(opts));
+- if (copy_to_user(optval, (char *)&opts, len))
+- err = -EFAULT;
+-
+- break;
+-
+- case L2CAP_CONNINFO:
+- if (sk->state != BT_CONNECTED) {
+- err = -ENOTCONN;
+- break;
+- }
+-
+- cinfo.hci_handle = l2cap_pi(sk)->conn->hconn->handle;
+-
+- len = MIN(len, sizeof(cinfo));
+- if (copy_to_user(optval, (char *)&cinfo, len))
+- err = -EFAULT;
+-
+- break;
+-
+- default:
+- err = -ENOPROTOOPT;
+- break;
+- };
+-
+- release_sock(sk);
+- return err;
+-}
+-
+-static unsigned int l2cap_sock_poll(struct file * file, struct socket *sock, poll_table *wait)
+-{
+- struct sock *sk = sock->sk;
+- struct l2cap_accept_q *aq;
+- unsigned int mask;
+-
+- DBG("sock %p, sk %p", sock, sk);
+-
+- poll_wait(file, sk->sleep, wait);
+- mask = 0;
+-
+- if (sk->err || !skb_queue_empty(&sk->error_queue))
+- mask |= POLLERR;
+-
+- if (sk->shutdown == SHUTDOWN_MASK)
+- mask |= POLLHUP;
+-
+- aq = &l2cap_pi(sk)->accept_q;
+- if (!skb_queue_empty(&sk->receive_queue) || aq->head || (sk->shutdown & RCV_SHUTDOWN))
+- mask |= POLLIN | POLLRDNORM;
+-
+- if (sk->state == BT_CLOSED)
+- mask |= POLLHUP;
+-
+- if (sock_writeable(sk))
+- mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
+- else
+- set_bit(SOCK_ASYNC_NOSPACE, &sk->socket->flags);
+-
+- return mask;
+-}
+-
+-static int l2cap_sock_release(struct socket *sock)
+-{
+- struct sock *sk = sock->sk;
+-
+- DBG("sock %p, sk %p", sock, sk);
+-
+- if (!sk)
+- return 0;
+-
+- sock_orphan(sk);
+-
+- l2cap_sock_close(sk);
+-
+- return 0;
+-}
+-
+-/* --------- L2CAP channels --------- */
+-static struct sock * __l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
+-{
+- struct sock *s;
+-
+- for (s = l->head; s; s = l2cap_pi(s)->next_c) {
+- if (l2cap_pi(s)->dcid == cid)
+- break;
+- }
+-
+- return s;
+-}
+-
+-static inline struct sock *l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
+-{
+- struct sock *s;
+-
+- read_lock(&l->lock);
+- s = __l2cap_get_chan_by_dcid(l, cid);
+- read_unlock(&l->lock);
+-
+- return s;
+-}
+-
+-static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
+-{
+- struct sock *s;
+-
+- for (s = l->head; s; s = l2cap_pi(s)->next_c) {
+- if (l2cap_pi(s)->scid == cid)
+- break;
+- }
+-
+- return s;
+-}
+-static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
+-{
+- struct sock *s;
+-
+- read_lock(&l->lock);
+- s = __l2cap_get_chan_by_scid(l, cid);
+- read_unlock(&l->lock);
+-
+- return s;
+-}
+-
+-static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, __u8 ident)
+-{
+- struct sock *s;
+-
+- for (s = l->head; s; s = l2cap_pi(s)->next_c) {
+- if (l2cap_pi(s)->ident == ident)
+- break;
+- }
+-
+- return s;
+-}
+-
+-static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, __u8 ident)
+-{
+- struct sock *s;
+-
+- read_lock(&l->lock);
+- s = __l2cap_get_chan_by_ident(l, ident);
+- read_unlock(&l->lock);
+-
+- return s;
+-}
+-
+-static __u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
+-{
+- __u16 cid = 0x0040;
+-
+- for (; cid < 0xffff; cid++) {
+- if(!__l2cap_get_chan_by_scid(l, cid))
+- return cid;
+- }
+-
+- return 0;
+-}
+-
+-static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
+-{
+- sock_hold(sk);
+-
+- if (l->head)
+- l2cap_pi(l->head)->prev_c = sk;
+-
+- l2cap_pi(sk)->next_c = l->head;
+- l2cap_pi(sk)->prev_c = NULL;
+- l->head = sk;
+-}
+-
+-static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
+-{
+- struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
+-
+- write_lock(&l->lock);
+- if (sk == l->head)
+- l->head = next;
+-
+- if (next)
+- l2cap_pi(next)->prev_c = prev;
+- if (prev)
+- l2cap_pi(prev)->next_c = next;
+- write_unlock(&l->lock);
+-
+- __sock_put(sk);
+-}
+-
+-static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
+-{
+- struct l2cap_chan_list *l = &conn->chan_list;
+-
+- DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
+-
+- l2cap_conn_clear_timer(conn);
+-
+- atomic_inc(&conn->refcnt);
+- l2cap_pi(sk)->conn = conn;
+-
+- if (sk->type == SOCK_SEQPACKET) {
+- /* Alloc CID for normal socket */
+- l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
+- } else {
+- /* Raw socket can send only signalling messages */
+- l2cap_pi(sk)->scid = 0x0001;
+- l2cap_pi(sk)->dcid = 0x0001;
+- l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
+- }
+-
+- __l2cap_chan_link(l, sk);
+-
+- if (parent)
+- l2cap_accept_queue(parent, sk);
+-}
+-
+-static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
+-{
+- struct l2cap_chan_list *l = &conn->chan_list;
+-
+- write_lock(&l->lock);
+- __l2cap_chan_add(conn, sk, parent);
+- write_unlock(&l->lock);
+-}
+-
+-/* Delete channel.
+- * Must be called on the locked socket. */
+-static void l2cap_chan_del(struct sock *sk, int err)
+-{
+- struct l2cap_conn *conn;
+- struct sock *parent;
+-
+- conn = l2cap_pi(sk)->conn;
+- parent = l2cap_pi(sk)->parent;
+-
+- DBG("sk %p, conn %p, err %d", sk, conn, err);
+-
+- if (parent) {
+- /* Unlink from parent accept queue */
+- bh_lock_sock(parent);
+- l2cap_accept_unlink(sk);
+- bh_unlock_sock(parent);
+- }
+-
+- if (conn) {
+- long timeout;
+-
+- /* Unlink from channel list */
+- l2cap_chan_unlink(&conn->chan_list, sk);
+- l2cap_pi(sk)->conn = NULL;
+-
+- if (conn->out)
+- timeout = L2CAP_DISCONN_TIMEOUT;
+- else
+- timeout = L2CAP_CONN_IDLE_TIMEOUT;
+-
+- if (atomic_dec_and_test(&conn->refcnt) && conn->state == BT_CONNECTED) {
+- /* Schedule Baseband disconnect */
+- l2cap_conn_set_timer(conn, timeout);
+- }
+- }
+-
+- sk->state = BT_CLOSED;
+- sk->err = err;
+- sk->state_change(sk);
+-
+- sk->zapped = 1;
+-}
+-
+-static void l2cap_conn_ready(struct l2cap_conn *conn)
+-{
+- struct l2cap_chan_list *l = &conn->chan_list;
+- struct sock *sk;
+-
+- DBG("conn %p", conn);
+-
+- read_lock(&l->lock);
+-
+- for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
+- bh_lock_sock(sk);
+-
+- if (sk->type != SOCK_SEQPACKET) {
+- sk->state = BT_CONNECTED;
+- sk->state_change(sk);
+- l2cap_sock_clear_timer(sk);
+- } else if (sk->state == BT_CONNECT) {
+- l2cap_conn_req req;
+- req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- req.psm = l2cap_pi(sk)->psm;
+- l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
+-
+- l2cap_sock_set_timer(sk, sk->sndtimeo);
+- }
+-
+- bh_unlock_sock(sk);
+- }
+-
+- read_unlock(&l->lock);
+-}
+-
+-static void l2cap_chan_ready(struct sock *sk)
+-{
+- struct sock *parent = l2cap_pi(sk)->parent;
+-
+- DBG("sk %p, parent %p", sk, parent);
+-
+- l2cap_pi(sk)->conf_state = 0;
+- l2cap_sock_clear_timer(sk);
+-
+- if (!parent) {
+- /* Outgoing channel.
+- * Wake up socket sleeping on connect.
+- */
+- sk->state = BT_CONNECTED;
+- sk->state_change(sk);
+- } else {
+- /* Incomming channel.
+- * Wake up socket sleeping on accept.
+- */
+- parent->data_ready(parent, 1);
+- }
+-}
+-
+-/* Copy frame to all raw sockets on that connection */
+-void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
+-{
+- struct l2cap_chan_list *l = &conn->chan_list;
+- struct sk_buff *nskb;
+- struct sock * sk;
+-
+- DBG("conn %p", conn);
+-
+- read_lock(&l->lock);
+- for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
+- if (sk->type != SOCK_RAW)
+- continue;
+-
+- /* Don't send frame to the socket it came from */
+- if (skb->sk == sk)
+- continue;
+-
+- if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
+- continue;
+-
+- skb_queue_tail(&sk->receive_queue, nskb);
+- sk->data_ready(sk, nskb->len);
+- }
+- read_unlock(&l->lock);
+-}
+-
+-static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len)
+-{
+- struct l2cap_conn *conn = l2cap_pi(sk)->conn;
+- struct sk_buff *skb, **frag;
+- int err, size, count, sent=0;
+- l2cap_hdr *lh;
+-
+- /* Check outgoing MTU */
+- if (len > l2cap_pi(sk)->omtu)
+- return -EINVAL;
+-
+- DBG("sk %p len %d", sk, len);
+-
+- /* First fragment (with L2CAP header) */
+- count = MIN(conn->iff->mtu - L2CAP_HDR_SIZE, len);
+- size = L2CAP_HDR_SIZE + count;
+- if (!(skb = bluez_skb_send_alloc(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)))
+- return err;
+-
+- /* Create L2CAP header */
+- lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
+- lh->len = __cpu_to_le16(len);
+- lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+-
+- if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
+- err = -EFAULT;
+- goto fail;
+- }
+-
+- sent += count;
+- len -= count;
+-
+- /* Continuation fragments (no L2CAP header) */
+- frag = &skb_shinfo(skb)->frag_list;
+- while (len) {
+- count = MIN(conn->iff->mtu, len);
+-
+- *frag = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
+- if (!*frag)
+- goto fail;
+-
+- if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
+- err = -EFAULT;
+- goto fail;
+- }
+-
+- sent += count;
+- len -= count;
+-
+- frag = &(*frag)->next;
+- }
+-
+- if ((err = hci_send_acl(conn->hconn, skb, 0)) < 0)
+- goto fail;
+-
+- return sent;
+-
+-fail:
+- kfree_skb(skb);
+- return err;
+-}
+-
+-/* --------- L2CAP signalling commands --------- */
+-static inline __u8 l2cap_get_ident(struct l2cap_conn *conn)
+-{
+- __u8 id;
+-
+- /* Get next available identificator.
+- * 1 - 199 are used by kernel.
+- * 200 - 254 are used by utilities like l2ping, etc
+- */
+-
+- spin_lock(&conn->lock);
+-
+- if (++conn->tx_ident > 199)
+- conn->tx_ident = 1;
+-
+- id = conn->tx_ident;
+-
+- spin_unlock(&conn->lock);
+-
+- return id;
+-}
+-
+-static inline struct sk_buff *l2cap_build_cmd(__u8 code, __u8 ident, __u16 len, void *data)
+-{
+- struct sk_buff *skb;
+- l2cap_cmd_hdr *cmd;
+- l2cap_hdr *lh;
+- int size;
+-
+- DBG("code 0x%2.2x, ident 0x%2.2x, len %d", code, ident, len);
+-
+- size = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + len;
+- if (!(skb = bluez_skb_alloc(size, GFP_ATOMIC)))
+- return NULL;
+-
+- lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
+- lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + len);
+- lh->cid = __cpu_to_le16(0x0001);
+-
+- cmd = (l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
+- cmd->code = code;
+- cmd->ident = ident;
+- cmd->len = __cpu_to_le16(len);
+-
+- if (len)
+- memcpy(skb_put(skb, len), data, len);
+-
+- return skb;
+-}
+-
+-static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data)
+-{
+- struct sk_buff *skb;
+- __u8 ident;
+-
+- DBG("code 0x%2.2x", code);
+-
+- ident = l2cap_get_ident(conn);
+- if (!(skb = l2cap_build_cmd(code, ident, len, data)))
+- return -ENOMEM;
+- return hci_send_acl(conn->hconn, skb, 0);
+-}
+-
+-static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data)
+-{
+- struct sk_buff *skb;
+-
+- DBG("code 0x%2.2x", code);
+-
+- if (!(skb = l2cap_build_cmd(code, ident, len, data)))
+- return -ENOMEM;
+- return hci_send_acl(conn->hconn, skb, 0);
+-}
+-
+-static inline int l2cap_get_conf_opt(__u8 **ptr, __u8 *type, __u32 *val)
+-{
+- l2cap_conf_opt *opt = (l2cap_conf_opt *) (*ptr);
+- int len;
+-
+- *type = opt->type;
+- switch (opt->len) {
+- case 1:
+- *val = *((__u8 *) opt->val);
+- break;
+-
+- case 2:
+- *val = __le16_to_cpu(*((__u16 *)opt->val));
+- break;
+-
+- case 4:
+- *val = __le32_to_cpu(*((__u32 *)opt->val));
+- break;
+-
+- default:
+- *val = 0L;
+- break;
+- };
+-
+- DBG("type 0x%2.2x len %d val 0x%8.8x", *type, opt->len, *val);
+-
+- len = L2CAP_CONF_OPT_SIZE + opt->len;
+-
+- *ptr += len;
+-
+- return len;
+-}
+-
+-static inline void l2cap_parse_conf_req(struct sock *sk, char *data, int len)
+-{
+- __u8 type, hint; __u32 val;
+- __u8 *ptr = data;
+-
+- DBG("sk %p len %d", sk, len);
+-
+- while (len >= L2CAP_CONF_OPT_SIZE) {
+- len -= l2cap_get_conf_opt(&ptr, &type, &val);
+-
+- hint = type & 0x80;
+- type &= 0x7f;
+-
+- switch (type) {
+- case L2CAP_CONF_MTU:
+- l2cap_pi(sk)->conf_mtu = val;
+- break;
+-
+- case L2CAP_CONF_FLUSH_TO:
+- l2cap_pi(sk)->flush_to = val;
+- break;
+-
+- case L2CAP_CONF_QOS:
+- break;
+-
+- default:
+- if (hint)
+- break;
+-
+- /* FIXME: Reject unknon option */
+- break;
+- };
+- }
+-}
+-
+-static inline void l2cap_add_conf_opt(__u8 **ptr, __u8 type, __u8 len, __u32 val)
+-{
+- register l2cap_conf_opt *opt = (l2cap_conf_opt *) (*ptr);
+-
+- DBG("type 0x%2.2x len %d val 0x%8.8x", type, len, val);
+-
+- opt->type = type;
+- opt->len = len;
+- switch (len) {
+- case 1:
+- *((__u8 *) opt->val) = val;
+- break;
+-
+- case 2:
+- *((__u16 *) opt->val) = __cpu_to_le16(val);
+- break;
+-
+- case 4:
+- *((__u32 *) opt->val) = __cpu_to_le32(val);
+- break;
+- };
+-
+- *ptr += L2CAP_CONF_OPT_SIZE + len;
+-}
+-
+-static int l2cap_build_conf_req(struct sock *sk, __u8 *data)
+-{
+- struct l2cap_pinfo *pi = l2cap_pi(sk);
+- l2cap_conf_req *req = (l2cap_conf_req *) data;
+- __u8 *ptr = req->data;
+-
+- DBG("sk %p", sk);
+-
+- if (pi->imtu != L2CAP_DEFAULT_MTU)
+- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
+-
+- /* FIXME. Need actual value of the flush timeout */
+- //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
+- // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
+-
+- req->dcid = __cpu_to_le16(pi->dcid);
+- req->flags = __cpu_to_le16(0);
+-
+- return ptr - data;
+-}
+-
+-static int l2cap_conf_output(struct sock *sk, __u8 **ptr)
+-{
+- struct l2cap_pinfo *pi = l2cap_pi(sk);
+- int result = 0;
+-
+- /* Configure output options and let other side know
+- * which ones we don't like.
+- */
+- if (pi->conf_mtu < pi->omtu) {
+- l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, l2cap_pi(sk)->omtu);
+- result = L2CAP_CONF_UNACCEPT;
+- } else {
+- pi->omtu = pi->conf_mtu;
+- }
+-
+- DBG("sk %p result %d", sk, result);
+- return result;
+-}
+-
+-static int l2cap_build_conf_rsp(struct sock *sk, __u8 *data, int *result)
+-{
+- l2cap_conf_rsp *rsp = (l2cap_conf_rsp *) data;
+- __u8 *ptr = rsp->data;
+-
+- DBG("sk %p complete %d", sk, result ? 1 : 0);
+-
+- if (result)
+- *result = l2cap_conf_output(sk, &ptr);
+-
+- rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+- rsp->result = __cpu_to_le16(result ? *result : 0);
+- rsp->flags = __cpu_to_le16(0);
+-
+- return ptr - data;
+-}
+-
+-static inline int l2cap_connect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- struct l2cap_chan_list *list = &conn->chan_list;
+- l2cap_conn_req *req = (l2cap_conn_req *) data;
+- l2cap_conn_rsp rsp;
+- struct sock *sk, *parent;
+-
+- __u16 scid = __le16_to_cpu(req->scid);
+- __u16 psm = req->psm;
+-
+- DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
+-
+- /* Check if we have socket listening on psm */
+- if (!(parent = l2cap_get_sock_listen(&conn->src, psm)))
+- goto reject;
+-
+- bh_lock_sock(parent);
+- write_lock(&list->lock);
+-
+- /* Check if we already have channel with that dcid */
+- if (__l2cap_get_chan_by_dcid(list, scid))
+- goto unlock;
+-
+- /* Check for backlog size */
+- if (parent->ack_backlog > parent->max_ack_backlog)
+- goto unlock;
+-
+- if (!(sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC)))
+- goto unlock;
+-
+- l2cap_sock_init(sk, parent);
+-
+- bacpy(&l2cap_pi(sk)->src, &conn->src);
+- bacpy(&l2cap_pi(sk)->dst, &conn->dst);
+- l2cap_pi(sk)->psm = psm;
+- l2cap_pi(sk)->dcid = scid;
+-
+- __l2cap_chan_add(conn, sk, parent);
+- sk->state = BT_CONFIG;
+-
+- write_unlock(&list->lock);
+- bh_unlock_sock(parent);
+-
+- rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+- rsp.result = __cpu_to_le16(0);
+- rsp.status = __cpu_to_le16(0);
+- l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
+-
+- return 0;
+-
+-unlock:
+- write_unlock(&list->lock);
+- bh_unlock_sock(parent);
+-
+-reject:
+- rsp.scid = __cpu_to_le16(scid);
+- rsp.dcid = __cpu_to_le16(0);
+- rsp.status = __cpu_to_le16(0);
+- rsp.result = __cpu_to_le16(L2CAP_CONN_NO_MEM);
+- l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
+-
+- return 0;
+-}
+-
+-static inline int l2cap_connect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- l2cap_conn_rsp *rsp = (l2cap_conn_rsp *) data;
+- __u16 scid, dcid, result, status;
+- struct sock *sk;
+-
+- scid = __le16_to_cpu(rsp->scid);
+- dcid = __le16_to_cpu(rsp->dcid);
+- result = __le16_to_cpu(rsp->result);
+- status = __le16_to_cpu(rsp->status);
+-
+- DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
+- return -ENOENT;
+-
+- bh_lock_sock(sk);
+-
+- if (!result) {
+- char req[64];
+-
+- sk->state = BT_CONFIG;
+- l2cap_pi(sk)->dcid = dcid;
+- l2cap_pi(sk)->conf_state |= CONF_REQ_SENT;
+-
+- l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
+- } else {
+- l2cap_chan_del(sk, ECONNREFUSED);
+- }
+-
+- bh_unlock_sock(sk);
+- return 0;
+-}
+-
+-static inline int l2cap_config_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- l2cap_conf_req * req = (l2cap_conf_req *) data;
+- __u16 dcid, flags;
+- __u8 rsp[64];
+- struct sock *sk;
+- int result;
+-
+- dcid = __le16_to_cpu(req->dcid);
+- flags = __le16_to_cpu(req->flags);
+-
+- DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
+- return -ENOENT;
+-
+- bh_lock_sock(sk);
+-
+- l2cap_parse_conf_req(sk, req->data, cmd->len - L2CAP_CONF_REQ_SIZE);
+-
+- if (flags & 0x01) {
+- /* Incomplete config. Send empty response. */
+- l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
+- goto unlock;
+- }
+-
+- /* Complete config. */
+- l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);
+-
+- if (result)
+- goto unlock;
+-
+- /* Output config done */
+- l2cap_pi(sk)->conf_state |= CONF_OUTPUT_DONE;
+-
+- if (l2cap_pi(sk)->conf_state & CONF_INPUT_DONE) {
+- sk->state = BT_CONNECTED;
+- l2cap_chan_ready(sk);
+- } else if (!(l2cap_pi(sk)->conf_state & CONF_REQ_SENT)) {
+- char req[64];
+- l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
+- }
+-
+-unlock:
+- bh_unlock_sock(sk);
+-
+- return 0;
+-}
+-
+-static inline int l2cap_config_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- l2cap_conf_rsp *rsp = (l2cap_conf_rsp *)data;
+- __u16 scid, flags, result;
+- struct sock *sk;
+- int err = 0;
+-
+- scid = __le16_to_cpu(rsp->scid);
+- flags = __le16_to_cpu(rsp->flags);
+- result = __le16_to_cpu(rsp->result);
+-
+- DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
+- return -ENOENT;
+-
+- bh_lock_sock(sk);
+-
+- if (result) {
+- l2cap_disconn_req req;
+-
+- /* They didn't like our options. Well... we do not negotiate.
+- * Close channel.
+- */
+- sk->state = BT_DISCONN;
+-
+- req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+- req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
+-
+- l2cap_sock_set_timer(sk, sk->sndtimeo);
+- goto done;
+- }
+-
+- if (flags & 0x01)
+- goto done;
+-
+- /* Input config done */
+- l2cap_pi(sk)->conf_state |= CONF_INPUT_DONE;
+-
+- if (l2cap_pi(sk)->conf_state & CONF_OUTPUT_DONE) {
+- sk->state = BT_CONNECTED;
+- l2cap_chan_ready(sk);
+- }
+-
+-done:
+- bh_unlock_sock(sk);
+-
+- return err;
+-}
+-
+-static inline int l2cap_disconnect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- l2cap_disconn_req *req = (l2cap_disconn_req *) data;
+- l2cap_disconn_rsp rsp;
+- __u16 dcid, scid;
+- struct sock *sk;
+-
+- scid = __le16_to_cpu(req->scid);
+- dcid = __le16_to_cpu(req->dcid);
+-
+- DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
+- return 0;
+-
+- bh_lock_sock(sk);
+-
+- rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
+- rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
+- l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, L2CAP_DISCONN_RSP_SIZE, &rsp);
+-
+- l2cap_chan_del(sk, ECONNRESET);
+-
+- bh_unlock_sock(sk);
+-
+- l2cap_sock_kill(sk);
+-
+- return 0;
+-}
+-
+-static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
+-{
+- l2cap_disconn_rsp *rsp = (l2cap_disconn_rsp *) data;
+- __u16 dcid, scid;
+- struct sock *sk;
+-
+- scid = __le16_to_cpu(rsp->scid);
+- dcid = __le16_to_cpu(rsp->dcid);
+-
+- DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
+- return -ENOENT;
+-
+- bh_lock_sock(sk);
+- l2cap_sock_clear_timer(sk);
+- l2cap_chan_del(sk, ECONNABORTED);
+- bh_unlock_sock(sk);
+-
+- l2cap_sock_kill(sk);
+-
+- return 0;
+-}
+-
+-static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
+-{
+- __u8 *data = skb->data;
+- int len = skb->len;
+- l2cap_cmd_hdr cmd;
+- int err = 0;
+-
+- while (len >= L2CAP_CMD_HDR_SIZE) {
+- memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
+- data += L2CAP_CMD_HDR_SIZE;
+- len -= L2CAP_CMD_HDR_SIZE;
+-
+- cmd.len = __le16_to_cpu(cmd.len);
+-
+- DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
+-
+- if (cmd.len > len || !cmd.ident) {
+- DBG("corrupted command");
+- break;
+- }
+-
+- switch (cmd.code) {
+- case L2CAP_CONN_REQ:
+- err = l2cap_connect_req(conn, &cmd, data);
+- break;
+-
+- case L2CAP_CONN_RSP:
+- err = l2cap_connect_rsp(conn, &cmd, data);
+- break;
+-
+- case L2CAP_CONF_REQ:
+- err = l2cap_config_req(conn, &cmd, data);
+- break;
+-
+- case L2CAP_CONF_RSP:
+- err = l2cap_config_rsp(conn, &cmd, data);
+- break;
+-
+- case L2CAP_DISCONN_REQ:
+- err = l2cap_disconnect_req(conn, &cmd, data);
+- break;
+-
+- case L2CAP_DISCONN_RSP:
+- err = l2cap_disconnect_rsp(conn, &cmd, data);
+- break;
+-
+- case L2CAP_COMMAND_REJ:
+- /* FIXME: We should process this */
+- l2cap_raw_recv(conn, skb);
+- break;
+-
+- case L2CAP_ECHO_REQ:
+- l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
+- break;
+-
+- case L2CAP_ECHO_RSP:
+- case L2CAP_INFO_REQ:
+- case L2CAP_INFO_RSP:
+- l2cap_raw_recv(conn, skb);
+- break;
+-
+- default:
+- ERR("Uknown signaling command 0x%2.2x", cmd.code);
+- err = -EINVAL;
+- break;
+- };
+-
+- if (err) {
+- l2cap_cmd_rej rej;
+- DBG("error %d", err);
+-
+- /* FIXME: Map err to a valid reason. */
+- rej.reason = __cpu_to_le16(0);
+- l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, L2CAP_CMD_REJ_SIZE, &rej);
+- }
+-
+- data += cmd.len;
+- len -= cmd.len;
+- }
+-
+- kfree_skb(skb);
+-}
+-
+-static inline int l2cap_data_channel(struct l2cap_conn *conn, __u16 cid, struct sk_buff *skb)
+-{
+- struct sock *sk;
+-
+- if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, cid))) {
+- DBG("unknown cid 0x%4.4x", cid);
+- goto drop;
+- }
+-
+- DBG("sk %p, len %d", sk, skb->len);
+-
+- if (sk->state != BT_CONNECTED)
+- goto drop;
+-
+- if (l2cap_pi(sk)->imtu < skb->len)
+- goto drop;
+-
+- skb_queue_tail(&sk->receive_queue, skb);
+- sk->data_ready(sk, skb->len);
+-
+- return 0;
+-
+-drop:
+- kfree_skb(skb);
+-
+- return 0;
+-}
+-
+-static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
+-{
+- l2cap_hdr *lh = (l2cap_hdr *) skb->data;
+- __u16 cid, len;
+-
+- skb_pull(skb, L2CAP_HDR_SIZE);
+- cid = __le16_to_cpu(lh->cid);
+- len = __le16_to_cpu(lh->len);
+-
+- DBG("len %d, cid 0x%4.4x", len, cid);
+-
+- if (cid == 0x0001)
+- l2cap_sig_channel(conn, skb);
+- else
+- l2cap_data_channel(conn, cid, skb);
+-}
+-
+-/* ------------ L2CAP interface with lower layer (HCI) ------------- */
+-static int l2cap_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
+-{
+- struct hci_dev *hdev = (struct hci_dev *) ptr;
+-
+- DBG("hdev %s, event %ld", hdev->name, event);
+-
+- write_lock(&l2cap_rt_lock);
+-
+- switch (event) {
+- case HCI_DEV_UP:
+- l2cap_iff_add(hdev);
+- break;
+-
+- case HCI_DEV_DOWN:
+- l2cap_iff_del(hdev);
+- break;
+- };
+-
+- write_unlock(&l2cap_rt_lock);
+-
+- return NOTIFY_DONE;
+-}
+-
+-int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
+-{
+- struct l2cap_iff *iff;
+-
+- DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
+-
+- if (!(iff = hdev->l2cap_data)) {
+- ERR("unknown interface");
+- return 0;
+- }
+-
+- /* Always accept connection */
+- return 1;
+-}
+-
+-int l2cap_connect_cfm(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 status, struct hci_conn *hconn)
+-{
+- struct l2cap_conn *conn;
+- struct l2cap_iff *iff;
+- int err = 0;
+-
+- DBG("hdev %s bdaddr %s hconn %p", hdev->name, batostr(bdaddr), hconn);
+-
+- if (!(iff = hdev->l2cap_data)) {
+- ERR("unknown interface");
+- return 0;
+- }
+-
+- l2cap_iff_lock(iff);
+-
+- conn = l2cap_get_conn_by_addr(iff, bdaddr);
+-
+- if (conn) {
+- /* Outgoing connection */
+- DBG("Outgoing connection: %s -> %s, %p, %2.2x", batostr(iff->bdaddr), batostr(bdaddr), conn, status);
+-
+- if (!status && hconn) {
+- conn->state = BT_CONNECTED;
+- conn->hconn = hconn;
+-
+- hconn->l2cap_data = (void *)conn;
+-
+- /* Establish channels */
+- l2cap_conn_ready(conn);
+- } else {
+- l2cap_conn_del(conn, bterr(status));
+- }
+- } else {
+- /* Incomming connection */
+- DBG("Incomming connection: %s -> %s, %2.2x", batostr(iff->bdaddr), batostr(bdaddr), status);
+-
+- if (status || !hconn)
+- goto done;
+-
+- if (!(conn = l2cap_conn_add(iff, bdaddr))) {
+- err = -ENOMEM;
+- goto done;
+- }
+-
+- conn->hconn = hconn;
+- hconn->l2cap_data = (void *)conn;
+-
+- conn->state = BT_CONNECTED;
+- }
+-
+-done:
+- l2cap_iff_unlock(iff);
+-
+- return err;
+-}
+-
+-int l2cap_disconn_ind(struct hci_conn *hconn, __u8 reason)
+-{
+- struct l2cap_conn *conn = hconn->l2cap_data;
+-
+- DBG("hconn %p reason %d", hconn, reason);
+-
+- if (!conn) {
+- ERR("unknown connection");
+- return 0;
+- }
+- conn->hconn = NULL;
+-
+- l2cap_iff_lock(conn->iff);
+- l2cap_conn_del(conn, bterr(reason));
+- l2cap_iff_unlock(conn->iff);
+-
+- return 0;
+-}
+-
+-int l2cap_recv_acldata(struct hci_conn *hconn, struct sk_buff *skb, __u16 flags)
+-{
+- struct l2cap_conn *conn = hconn->l2cap_data;
+-
+- if (!conn) {
+- ERR("unknown connection %p", hconn);
+- goto drop;
+- }
+-
+- DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
+-
+- if (flags & ACL_START) {
+- int flen, tlen, size;
+- l2cap_hdr *lh;
+-
+- if (conn->rx_len) {
+- ERR("Unexpected start frame (len %d)", skb->len);
+- kfree_skb(conn->rx_skb); conn->rx_skb = NULL;
+- conn->rx_len = 0;
+- }
+-
+- if (skb->len < L2CAP_HDR_SIZE) {
+- ERR("Frame is too small (len %d)", skb->len);
+- goto drop;
+- }
+-
+- lh = (l2cap_hdr *)skb->data;
+- tlen = __le16_to_cpu(lh->len);
+- flen = skb->len - L2CAP_HDR_SIZE;
+-
+- DBG("Start: total len %d, frag len %d", tlen, flen);
+-
+- if (flen == tlen) {
+- /* Complete frame received */
+- l2cap_recv_frame(conn, skb);
+- return 0;
+- }
+-
+- /* Allocate skb for the complete frame (with header) */
+- size = L2CAP_HDR_SIZE + tlen;
+- if (!(conn->rx_skb = bluez_skb_alloc(size, GFP_ATOMIC)))
+- goto drop;
+-
+- memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
+-
+- conn->rx_len = tlen - flen;
+- } else {
+- DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
+-
+- if (!conn->rx_len) {
+- ERR("Unexpected continuation frame (len %d)", skb->len);
+- goto drop;
+- }
+-
+- if (skb->len > conn->rx_len) {
+- ERR("Fragment is too large (len %d)", skb->len);
+- kfree_skb(conn->rx_skb); conn->rx_skb = NULL;
+- goto drop;
+- }
+-
+- memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
+- conn->rx_len -= skb->len;
+-
+- if (!conn->rx_len) {
+- /* Complete frame received */
+- l2cap_recv_frame(conn, conn->rx_skb);
+- conn->rx_skb = NULL;
+- }
+- }
+-
+-drop:
+- kfree_skb(skb);
+- return 0;
+-}
+-
+-struct proto_ops l2cap_sock_ops = {
+- family: PF_BLUETOOTH,
+- release: l2cap_sock_release,
+- bind: l2cap_sock_bind,
+- connect: l2cap_sock_connect,
+- listen: l2cap_sock_listen,
+- accept: l2cap_sock_accept,
+- getname: l2cap_sock_getname,
+- sendmsg: l2cap_sock_sendmsg,
+- recvmsg: l2cap_sock_recvmsg,
+- poll: l2cap_sock_poll,
+- socketpair: sock_no_socketpair,
+- ioctl: sock_no_ioctl,
+- shutdown: sock_no_shutdown,
+- setsockopt: l2cap_sock_setsockopt,
+- getsockopt: l2cap_sock_getsockopt,
+- mmap: sock_no_mmap
+-};
+-
+-struct net_proto_family l2cap_sock_family_ops = {
+- family: PF_BLUETOOTH,
+- create: l2cap_sock_create
+-};
+-
+-struct hci_proto l2cap_hci_proto = {
+- name: "L2CAP",
+- id: HCI_PROTO_L2CAP,
+- connect_ind: l2cap_connect_ind,
+- connect_cfm: l2cap_connect_cfm,
+- disconn_ind: l2cap_disconn_ind,
+- recv_acldata: l2cap_recv_acldata,
+-};
+-
+-struct notifier_block l2cap_nblock = {
+- notifier_call: l2cap_dev_event
+-};
+-
+-int __init l2cap_init(void)
+-{
+- INF("BlueZ L2CAP ver %s Copyright (C) 2000,2001 Qualcomm Inc",
+- VERSION);
+- INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
+-
+- if (bluez_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops)) {
+- ERR("Can't register L2CAP socket");
+- return -EPROTO;
+- }
+-
+- if (hci_register_proto(&l2cap_hci_proto) < 0) {
+- ERR("Can't register L2CAP protocol");
+- return -EPROTO;
+- }
+-
+- hci_register_notifier(&l2cap_nblock);
+-
+- l2cap_register_proc();
+-
+- return 0;
+-}
+-
+-void l2cap_cleanup(void)
+-{
+- l2cap_unregister_proc();
+-
+- /* Unregister socket, protocol and notifier */
+- if (bluez_sock_unregister(BTPROTO_L2CAP))
+- ERR("Can't unregister L2CAP socket");
+-
+- if (hci_unregister_proto(&l2cap_hci_proto) < 0)
+- ERR("Can't unregister L2CAP protocol");
+-
+- hci_unregister_notifier(&l2cap_nblock);
+-
+- /* We _must_ not have any sockets and/or connections
+- * at this stage.
+- */
+-
+- /* Free interface list and unlock HCI devices */
+- {
+- struct list_head *list = &l2cap_iff_list;
+-
+- while (!list_empty(list)) {
+- struct l2cap_iff *iff;
+-
+- iff = list_entry(list->next, struct l2cap_iff, list);
+- l2cap_iff_del(iff->hdev);
+- }
+- }
+-}
+-
+-module_init(l2cap_init);
+-module_exit(l2cap_cleanup);
+-
+-MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
+-MODULE_DESCRIPTION("BlueZ L2CAP ver " VERSION);
+-MODULE_LICENSE("GPL");
+-
+diff -urN linux-2.4.18/net/bluetooth/l2cap_proc.c linux-2.4.18-mh9/net/bluetooth/l2cap_proc.c
+--- linux-2.4.18/net/bluetooth/l2cap_proc.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/net/bluetooth/l2cap_proc.c Thu Jan 1 01:00:00 1970
+@@ -1,165 +0,0 @@
+-/*
+- BlueZ - Bluetooth protocol stack for Linux
+- Copyright (C) 2000-2001 Qualcomm Incorporated
+-
+- Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
+-
+- This program is free software; you can redistribute it and/or modify
+- it under the terms of the GNU General Public License version 2 as
+- published by the Free Software Foundation;
+-
+- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+- IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+- CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-
+- ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+- COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+- SOFTWARE IS DISCLAIMED.
+-*/
+-
+-/*
+- * BlueZ L2CAP proc fs support.
+- *
+- * $Id: l2cap_proc.c,v 1.2 2001/06/02 01:40:09 maxk Exp $
+- */
+-
+-#include <linux/config.h>
+-#include <linux/module.h>
+-
+-#include <linux/types.h>
+-#include <linux/errno.h>
+-#include <linux/kernel.h>
+-#include <linux/major.h>
+-#include <linux/sched.h>
+-#include <linux/slab.h>
+-#include <linux/poll.h>
+-#include <linux/fcntl.h>
+-#include <linux/init.h>
+-#include <linux/skbuff.h>
+-#include <linux/interrupt.h>
+-#include <linux/socket.h>
+-#include <linux/skbuff.h>
+-#include <linux/proc_fs.h>
+-#include <linux/list.h>
+-#include <net/sock.h>
+-
+-#include <asm/system.h>
+-#include <asm/uaccess.h>
+-
+-#include <net/bluetooth/bluez.h>
+-#include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/hci_core.h>
+-#include <net/bluetooth/l2cap_core.h>
+-
+-#ifndef L2CAP_DEBUG
+-#undef DBG
+-#define DBG( A... )
+-#endif
+-
+-/* ----- PROC fs support ----- */
+-static int l2cap_conn_dump(char *buf, struct l2cap_iff *iff)
+-{
+- struct list_head *p;
+- char *ptr = buf;
+-
+- list_for_each(p, &iff->conn_list) {
+- struct l2cap_conn *c;
+-
+- c = list_entry(p, struct l2cap_conn, list);
+- ptr += sprintf(ptr, " %p %d %p %p %s %s\n",
+- c, c->state, c->iff, c->hconn, batostr(&c->src), batostr(&c->dst));
+- }
+-
+- return ptr - buf;
+-}
+-
+-static int l2cap_iff_dump(char *buf)
+-{
+- struct list_head *p;
+- char *ptr = buf;
+-
+- ptr += sprintf(ptr, "Interfaces:\n");
+-
+- write_lock(&l2cap_rt_lock);
+-
+- list_for_each(p, &l2cap_iff_list) {
+- struct l2cap_iff *iff;
+-
+- iff = list_entry(p, struct l2cap_iff, list);
+-
+- ptr += sprintf(ptr, " %s %p %p\n", iff->hdev->name, iff, iff->hdev);
+-
+- l2cap_iff_lock(iff);
+- ptr += l2cap_conn_dump(ptr, iff);
+- l2cap_iff_unlock(iff);
+- }
+-
+- write_unlock(&l2cap_rt_lock);
+-
+- ptr += sprintf(ptr, "\n");
+-
+- return ptr - buf;
+-}
+-
+-static int l2cap_sock_dump(char *buf, struct bluez_sock_list *list)
+-{
+- struct l2cap_pinfo *pi;
+- struct sock *sk;
+- char *ptr = buf;
+-
+- ptr += sprintf(ptr, "Sockets:\n");
+-
+- write_lock(&list->lock);
+-
+- for (sk = list->head; sk; sk = sk->next) {
+- pi = l2cap_pi(sk);
+- ptr += sprintf(ptr, " %p %d %p %d %s %s 0x%4.4x 0x%4.4x %d %d\n", sk, sk->state, pi->conn, pi->psm,
+- batostr(&pi->src), batostr(&pi->dst), pi->scid, pi->dcid, pi->imtu, pi->omtu );
+- }
+-
+- write_unlock(&list->lock);
+-
+- ptr += sprintf(ptr, "\n");
+-
+- return ptr - buf;
+-}
+-
+-static int l2cap_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
+-{
+- char *ptr = buf;
+- int len;
+-
+- DBG("count %d, offset %ld", count, offset);
+-
+- ptr += l2cap_iff_dump(ptr);
+- ptr += l2cap_sock_dump(ptr, &l2cap_sk_list);
+- len = ptr - buf;
+-
+- if (len <= count + offset)
+- *eof = 1;
+-
+- *start = buf + offset;
+- len -= offset;
+-
+- if (len > count)
+- len = count;
+- if (len < 0)
+- len = 0;
+-
+- return len;
+-}
+-
+-void l2cap_register_proc(void)
+-{
+- create_proc_read_entry("bluetooth/l2cap", 0, 0, l2cap_read_proc, NULL);
+-}
+-
+-void l2cap_unregister_proc(void)
+-{
+- remove_proc_entry("bluetooth/l2cap", NULL);
+-}
+diff -urN linux-2.4.18/net/bluetooth/lib.c linux-2.4.18-mh9/net/bluetooth/lib.c
+--- linux-2.4.18/net/bluetooth/lib.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/net/bluetooth/lib.c Mon Aug 25 18:38:12 2003
+@@ -25,7 +25,7 @@
+ /*
+ * BlueZ kernel library.
+ *
+- * $Id: lib.c,v 1.3 2001/06/22 23:14:23 maxk Exp $
++ * $Id: lib.c,v 1.2 2002/06/20 19:55:08 maxk Exp $
+ */
+
+ #include <linux/kernel.h>
+@@ -105,7 +105,7 @@
+ return EACCES;
+
+ case 0x06:
+- return EINVAL;
++ return EBADE;
+
+ case 0x07:
+ return ENOMEM;
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/Config.in linux-2.4.18-mh9/net/bluetooth/rfcomm/Config.in
+--- linux-2.4.18/net/bluetooth/rfcomm/Config.in Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/Config.in Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,10 @@
++#
++# Bluetooth RFCOMM layer configuration
++#
++
++dep_tristate 'RFCOMM protocol support' CONFIG_BLUEZ_RFCOMM $CONFIG_BLUEZ_L2CAP
++
++if [ "$CONFIG_BLUEZ_RFCOMM" != "n" ]; then
++ bool ' RFCOMM TTY support' CONFIG_BLUEZ_RFCOMM_TTY
++fi
++
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/Makefile linux-2.4.18-mh9/net/bluetooth/rfcomm/Makefile
+--- linux-2.4.18/net/bluetooth/rfcomm/Makefile Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/Makefile Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,11 @@
++#
++# Makefile for the Linux Bluetooth RFCOMM layer
++#
++
++O_TARGET := rfcomm.o
++
++obj-y := core.o sock.o crc.o
++obj-$(CONFIG_BLUEZ_RFCOMM_TTY) += tty.o
++obj-m += $(O_TARGET)
++
++include $(TOPDIR)/Rules.make
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/core.c linux-2.4.18-mh9/net/bluetooth/rfcomm/core.c
+--- linux-2.4.18/net/bluetooth/rfcomm/core.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/core.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,1951 @@
++/*
++ RFCOMM implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++ Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ RPN support - Dirk Husemann <hud@zurich.ibm.com>
++*/
++
++/*
++ * RFCOMM core.
++ *
++ * $Id: core.c,v 1.46 2002/10/18 20:12:12 maxk Exp $
++ */
++
++#define __KERNEL_SYSCALLS__
++
++#include <linux/config.h>
++#include <linux/module.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/signal.h>
++#include <linux/init.h>
++#include <linux/wait.h>
++#include <linux/net.h>
++#include <linux/proc_fs.h>
++#include <net/sock.h>
++#include <asm/uaccess.h>
++#include <asm/unaligned.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/l2cap.h>
++#include <net/bluetooth/rfcomm.h>
++
++#define VERSION "1.0"
++
++#ifndef CONFIG_BLUEZ_RFCOMM_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++struct task_struct *rfcomm_thread;
++DECLARE_MUTEX(rfcomm_sem);
++unsigned long rfcomm_event;
++
++static LIST_HEAD(session_list);
++static atomic_t terminate, running;
++
++static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
++static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
++static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
++static int rfcomm_queue_disc(struct rfcomm_dlc *d);
++static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
++static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
++static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
++static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
++static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
++static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
++
++static void rfcomm_process_connect(struct rfcomm_session *s);
++
++/* ---- RFCOMM frame parsing macros ---- */
++#define __get_dlci(b) ((b & 0xfc) >> 2)
++#define __get_channel(b) ((b & 0xf8) >> 3)
++#define __get_dir(b) ((b & 0x04) >> 2)
++#define __get_type(b) ((b & 0xef))
++
++#define __test_ea(b) ((b & 0x01))
++#define __test_cr(b) ((b & 0x02))
++#define __test_pf(b) ((b & 0x10))
++
++#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
++#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
++#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
++#define __srv_channel(dlci) (dlci >> 1)
++#define __dir(dlci) (dlci & 0x01)
++
++#define __len8(len) (((len) << 1) | 1)
++#define __len16(len) ((len) << 1)
++
++/* MCC macros */
++#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
++#define __get_mcc_type(b) ((b & 0xfc) >> 2)
++#define __get_mcc_len(b) ((b & 0xfe) >> 1)
++
++/* RPN macros */
++#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
++#define __get_rpn_data_bits(line) ((line) & 0x3)
++#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
++#define __get_rpn_parity(line) (((line) >> 3) & 0x3)
++
++/* ---- RFCOMM FCS computation ---- */
++
++/* CRC on 2 bytes */
++#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
++
++/* FCS on 2 bytes */
++static inline u8 __fcs(u8 *data)
++{
++ return (0xff - __crc(data));
++}
++
++/* FCS on 3 bytes */
++static inline u8 __fcs2(u8 *data)
++{
++ return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
++}
++
++/* Check FCS */
++static inline int __check_fcs(u8 *data, int type, u8 fcs)
++{
++ u8 f = __crc(data);
++
++ if (type != RFCOMM_UIH)
++ f = rfcomm_crc_table[f ^ data[2]];
++
++ return rfcomm_crc_table[f ^ fcs] != 0xcf;
++}
++
++/* ---- L2CAP callbacks ---- */
++static void rfcomm_l2state_change(struct sock *sk)
++{
++ BT_DBG("%p state %d", sk, sk->state);
++ rfcomm_schedule(RFCOMM_SCHED_STATE);
++}
++
++static void rfcomm_l2data_ready(struct sock *sk, int bytes)
++{
++ BT_DBG("%p bytes %d", sk, bytes);
++ rfcomm_schedule(RFCOMM_SCHED_RX);
++}
++
++static int rfcomm_l2sock_create(struct socket **sock)
++{
++ int err;
++
++ BT_DBG("");
++
++ err = sock_create(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
++ if (!err) {
++ struct sock *sk = (*sock)->sk;
++ sk->data_ready = rfcomm_l2data_ready;
++ sk->state_change = rfcomm_l2state_change;
++ }
++ return err;
++}
++
++/* ---- RFCOMM DLCs ---- */
++static void rfcomm_dlc_timeout(unsigned long arg)
++{
++ struct rfcomm_dlc *d = (void *) arg;
++
++ BT_DBG("dlc %p state %ld", d, d->state);
++
++ set_bit(RFCOMM_TIMED_OUT, &d->flags);
++ rfcomm_dlc_put(d);
++ rfcomm_schedule(RFCOMM_SCHED_TIMEO);
++}
++
++static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
++{
++ BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
++
++ if (!mod_timer(&d->timer, jiffies + timeout))
++ rfcomm_dlc_hold(d);
++}
++
++static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
++{
++ BT_DBG("dlc %p state %ld", d, d->state);
++
++ if (timer_pending(&d->timer) && del_timer(&d->timer))
++ rfcomm_dlc_put(d);
++}
++
++static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
++{
++ BT_DBG("%p", d);
++
++ d->state = BT_OPEN;
++ d->flags = 0;
++ d->mscex = 0;
++ d->mtu = RFCOMM_DEFAULT_MTU;
++ d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
++
++ d->credits = 0;
++ d->rx_credits = RFCOMM_DEFAULT_CREDITS;
++}
++
++struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
++{
++ struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
++ if (!d)
++ return NULL;
++ memset(d, 0, sizeof(*d));
++
++ init_timer(&d->timer);
++ d->timer.function = rfcomm_dlc_timeout;
++ d->timer.data = (unsigned long) d;
++
++ skb_queue_head_init(&d->tx_queue);
++ spin_lock_init(&d->lock);
++ atomic_set(&d->refcnt, 1);
++
++ rfcomm_dlc_clear_state(d);
++
++ BT_DBG("%p", d);
++ return d;
++}
++
++void rfcomm_dlc_free(struct rfcomm_dlc *d)
++{
++ BT_DBG("%p", d);
++
++ skb_queue_purge(&d->tx_queue);
++ kfree(d);
++}
++
++static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
++{
++ BT_DBG("dlc %p session %p", d, s);
++
++ rfcomm_session_hold(s);
++
++ rfcomm_dlc_hold(d);
++ list_add(&d->list, &s->dlcs);
++ d->session = s;
++}
++
++static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
++{
++ struct rfcomm_session *s = d->session;
++
++ BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
++
++ list_del(&d->list);
++ d->session = NULL;
++ rfcomm_dlc_put(d);
++
++ rfcomm_session_put(s);
++}
++
++static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_dlc *d;
++ struct list_head *p;
++
++ list_for_each(p, &s->dlcs) {
++ d = list_entry(p, struct rfcomm_dlc, list);
++ if (d->dlci == dlci)
++ return d;
++ }
++ return NULL;
++}
++
++static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
++{
++ struct rfcomm_session *s;
++ int err = 0;
++ u8 dlci;
++
++ BT_DBG("dlc %p state %ld %s %s channel %d",
++ d, d->state, batostr(src), batostr(dst), channel);
++
++ if (channel < 1 || channel > 30)
++ return -EINVAL;
++
++ if (d->state != BT_OPEN && d->state != BT_CLOSED)
++ return 0;
++
++ s = rfcomm_session_get(src, dst);
++ if (!s) {
++ s = rfcomm_session_create(src, dst, &err);
++ if (!s)
++ return err;
++ }
++
++ dlci = __dlci(!s->initiator, channel);
++
++ /* Check if DLCI already exists */
++ if (rfcomm_dlc_get(s, dlci))
++ return -EBUSY;
++
++ rfcomm_dlc_clear_state(d);
++
++ d->dlci = dlci;
++ d->addr = __addr(s->initiator, dlci);
++ d->priority = 7;
++
++ d->state = BT_CONFIG;
++ rfcomm_dlc_link(s, d);
++
++ d->mtu = s->mtu;
++ d->credits = s->credits;
++
++ if (s->state == BT_CONNECTED)
++ rfcomm_send_pn(s, 1, d);
++ rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
++ return 0;
++}
++
++int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
++{
++ mm_segment_t fs;
++ int r;
++
++ rfcomm_lock();
++
++ fs = get_fs(); set_fs(KERNEL_DS);
++ r = __rfcomm_dlc_open(d, src, dst, channel);
++ set_fs(fs);
++
++ rfcomm_unlock();
++ return r;
++}
++
++static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
++{
++ struct rfcomm_session *s = d->session;
++ if (!s)
++ return 0;
++
++ BT_DBG("dlc %p state %ld dlci %d err %d session %p",
++ d, d->state, d->dlci, err, s);
++
++ switch (d->state) {
++ case BT_CONNECTED:
++ case BT_CONFIG:
++ case BT_CONNECT:
++ d->state = BT_DISCONN;
++ if (skb_queue_empty(&d->tx_queue)) {
++ rfcomm_send_disc(s, d->dlci);
++ rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
++ } else {
++ rfcomm_queue_disc(d);
++ rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
++ }
++ break;
++
++ default:
++ rfcomm_dlc_clear_timer(d);
++
++ rfcomm_dlc_lock(d);
++ d->state = BT_CLOSED;
++ d->state_change(d, err);
++ rfcomm_dlc_unlock(d);
++
++ skb_queue_purge(&d->tx_queue);
++ rfcomm_dlc_unlink(d);
++ }
++
++ return 0;
++}
++
++int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
++{
++ mm_segment_t fs;
++ int r;
++
++ rfcomm_lock();
++
++ fs = get_fs(); set_fs(KERNEL_DS);
++ r = __rfcomm_dlc_close(d, err);
++ set_fs(fs);
++
++ rfcomm_unlock();
++ return r;
++}
++
++int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
++{
++ int len = skb->len;
++
++ if (d->state != BT_CONNECTED)
++ return -ENOTCONN;
++
++ BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
++
++ if (len > d->mtu)
++ return -EINVAL;
++
++ rfcomm_make_uih(skb, d->addr);
++ skb_queue_tail(&d->tx_queue, skb);
++
++ if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
++ rfcomm_schedule(RFCOMM_SCHED_TX);
++ return len;
++}
++
++void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
++{
++ BT_DBG("dlc %p state %ld", d, d->state);
++
++ if (!d->credits) {
++ d->v24_sig |= RFCOMM_V24_FC;
++ set_bit(RFCOMM_MSC_PENDING, &d->flags);
++ }
++ rfcomm_schedule(RFCOMM_SCHED_TX);
++}
++
++void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
++{
++ BT_DBG("dlc %p state %ld", d, d->state);
++
++ if (!d->credits) {
++ d->v24_sig &= ~RFCOMM_V24_FC;
++ set_bit(RFCOMM_MSC_PENDING, &d->flags);
++ }
++ rfcomm_schedule(RFCOMM_SCHED_TX);
++}
++
++/*
++ Set/get modem status functions use _local_ status i.e. what we report
++ to the other side.
++ Remote status is provided by dlc->modem_status() callback.
++ */
++int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
++{
++ BT_DBG("dlc %p state %ld v24_sig 0x%x",
++ d, d->state, v24_sig);
++
++ if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
++ v24_sig |= RFCOMM_V24_FC;
++ else
++ v24_sig &= ~RFCOMM_V24_FC;
++
++ d->v24_sig = v24_sig;
++
++ if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
++ rfcomm_schedule(RFCOMM_SCHED_TX);
++
++ return 0;
++}
++
++int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
++{
++ BT_DBG("dlc %p state %ld v24_sig 0x%x",
++ d, d->state, d->v24_sig);
++
++ *v24_sig = d->v24_sig;
++ return 0;
++}
++
++/* ---- RFCOMM sessions ---- */
++struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
++{
++ struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
++ if (!s)
++ return NULL;
++ memset(s, 0, sizeof(*s));
++
++ BT_DBG("session %p sock %p", s, sock);
++
++ INIT_LIST_HEAD(&s->dlcs);
++ s->state = state;
++ s->sock = sock;
++
++ s->mtu = RFCOMM_DEFAULT_MTU;
++ s->credits = 0;
++
++ list_add(&s->list, &session_list);
++
++ /* Do not increment module usage count for listeting sessions.
++ * Otherwise we won't be able to unload the module. */
++ if (state != BT_LISTEN)
++ MOD_INC_USE_COUNT;
++ return s;
++}
++
++void rfcomm_session_del(struct rfcomm_session *s)
++{
++ int state = s->state;
++
++ BT_DBG("session %p state %ld", s, s->state);
++
++ list_del(&s->list);
++
++ if (state == BT_CONNECTED)
++ rfcomm_send_disc(s, 0);
++
++ sock_release(s->sock);
++ kfree(s);
++
++ if (state != BT_LISTEN)
++ MOD_DEC_USE_COUNT;
++}
++
++struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
++{
++ struct rfcomm_session *s;
++ struct list_head *p, *n;
++ struct bluez_pinfo *pi;
++ list_for_each_safe(p, n, &session_list) {
++ s = list_entry(p, struct rfcomm_session, list);
++ pi = bluez_pi(s->sock->sk);
++
++ if ((!bacmp(src, BDADDR_ANY) || !bacmp(&pi->src, src)) &&
++ !bacmp(&pi->dst, dst))
++ return s;
++ }
++ return NULL;
++}
++
++void rfcomm_session_close(struct rfcomm_session *s, int err)
++{
++ struct rfcomm_dlc *d;
++ struct list_head *p, *n;
++
++ BT_DBG("session %p state %ld err %d", s, s->state, err);
++
++ rfcomm_session_hold(s);
++
++ s->state = BT_CLOSED;
++
++ /* Close all dlcs */
++ list_for_each_safe(p, n, &s->dlcs) {
++ d = list_entry(p, struct rfcomm_dlc, list);
++ d->state = BT_CLOSED;
++ __rfcomm_dlc_close(d, err);
++ }
++
++ rfcomm_session_put(s);
++}
++
++struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
++{
++ struct rfcomm_session *s = NULL;
++ struct sockaddr_l2 addr;
++ struct l2cap_options opts;
++ struct socket *sock;
++ int size;
++
++ BT_DBG("%s %s", batostr(src), batostr(dst));
++
++ *err = rfcomm_l2sock_create(&sock);
++ if (*err < 0)
++ return NULL;
++
++ bacpy(&addr.l2_bdaddr, src);
++ addr.l2_family = AF_BLUETOOTH;
++ addr.l2_psm = 0;
++ *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
++ if (*err < 0)
++ goto failed;
++
++ /* Set L2CAP options */
++ size = sizeof(opts);
++ sock->ops->getsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, &size);
++
++ opts.imtu = RFCOMM_MAX_L2CAP_MTU;
++ sock->ops->setsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, size);
++
++ s = rfcomm_session_add(sock, BT_BOUND);
++ if (!s) {
++ *err = -ENOMEM;
++ goto failed;
++ }
++
++ s->initiator = 1;
++
++ bacpy(&addr.l2_bdaddr, dst);
++ addr.l2_family = AF_BLUETOOTH;
++ addr.l2_psm = htobs(RFCOMM_PSM);
++ *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
++ if (*err == 0 || *err == -EAGAIN)
++ return s;
++
++ rfcomm_session_del(s);
++ return NULL;
++
++failed:
++ sock_release(sock);
++ return NULL;
++}
++
++void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
++{
++ struct sock *sk = s->sock->sk;
++ if (src)
++ bacpy(src, &bluez_pi(sk)->src);
++ if (dst)
++ bacpy(dst, &bluez_pi(sk)->dst);
++}
++
++/* ---- RFCOMM frame sending ---- */
++static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
++{
++ struct socket *sock = s->sock;
++ struct iovec iv = { data, len };
++ struct msghdr msg;
++ int err;
++
++ BT_DBG("session %p len %d", s, len);
++
++ memset(&msg, 0, sizeof(msg));
++ msg.msg_iovlen = 1;
++ msg.msg_iov = &iv;
++
++ err = sock->ops->sendmsg(sock, &msg, len, 0);
++ return err;
++}
++
++static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_cmd cmd;
++
++ BT_DBG("%p dlci %d", s, dlci);
++
++ cmd.addr = __addr(s->initiator, dlci);
++ cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
++ cmd.len = __len8(0);
++ cmd.fcs = __fcs2((u8 *) &cmd);
++
++ return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
++}
++
++static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_cmd cmd;
++
++ BT_DBG("%p dlci %d", s, dlci);
++
++ cmd.addr = __addr(!s->initiator, dlci);
++ cmd.ctrl = __ctrl(RFCOMM_UA, 1);
++ cmd.len = __len8(0);
++ cmd.fcs = __fcs2((u8 *) &cmd);
++
++ return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
++}
++
++static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_cmd cmd;
++
++ BT_DBG("%p dlci %d", s, dlci);
++
++ cmd.addr = __addr(s->initiator, dlci);
++ cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
++ cmd.len = __len8(0);
++ cmd.fcs = __fcs2((u8 *) &cmd);
++
++ return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
++}
++
++static int rfcomm_queue_disc(struct rfcomm_dlc *d)
++{
++ struct rfcomm_cmd *cmd;
++ struct sk_buff *skb;
++
++ BT_DBG("dlc %p dlci %d", d, d->dlci);
++
++ skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
++ if (!skb)
++ return -ENOMEM;
++
++ cmd = (void *) __skb_put(skb, sizeof(*cmd));
++ cmd->addr = d->addr;
++ cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
++ cmd->len = __len8(0);
++ cmd->fcs = __fcs2((u8 *) cmd);
++
++ skb_queue_tail(&d->tx_queue, skb);
++ rfcomm_schedule(RFCOMM_SCHED_TX);
++ return 0;
++}
++
++static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_cmd cmd;
++
++ BT_DBG("%p dlci %d", s, dlci);
++
++ cmd.addr = __addr(!s->initiator, dlci);
++ cmd.ctrl = __ctrl(RFCOMM_DM, 1);
++ cmd.len = __len8(0);
++ cmd.fcs = __fcs2((u8 *) &cmd);
++
++ return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
++}
++
++static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d type %d", s, cr, type);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc) + 1);
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_NSC);
++ mcc->len = __len8(1);
++
++ /* Type that we didn't like */
++ *ptr = __mcc_type(cr, type); ptr++;
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ struct rfcomm_pn *pn;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_PN);
++ mcc->len = __len8(sizeof(*pn));
++
++ pn = (void *) ptr; ptr += sizeof(*pn);
++ pn->dlci = d->dlci;
++ pn->priority = d->priority;
++ pn->ack_timer = 0;
++ pn->max_retrans = 0;
++
++ if (cr || d->credits) {
++ pn->flow_ctrl = cr ? 0xf0 : 0xe0;
++ pn->credits = RFCOMM_DEFAULT_CREDITS;
++ } else {
++ pn->flow_ctrl = 0;
++ pn->credits = 0;
++ }
++
++ pn->mtu = htobs(d->mtu);
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
++ u8 bit_rate, u8 data_bits, u8 stop_bits,
++ u8 parity, u8 flow_ctrl_settings,
++ u8 xon_char, u8 xoff_char, u16 param_mask)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ struct rfcomm_rpn *rpn;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
++ "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
++ s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
++ flow_ctrl_settings, xon_char, xoff_char, param_mask);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_RPN);
++ mcc->len = __len8(sizeof(*rpn));
++
++ rpn = (void *) ptr; ptr += sizeof(*rpn);
++ rpn->dlci = __addr(1, dlci);
++ rpn->bit_rate = bit_rate;
++ rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
++ rpn->flow_ctrl = flow_ctrl_settings;
++ rpn->xon_char = xon_char;
++ rpn->xoff_char = xoff_char;
++ rpn->param_mask = param_mask;
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ struct rfcomm_rls *rls;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d status 0x%x", s, cr, status);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_RLS);
++ mcc->len = __len8(sizeof(*rls));
++
++ rls = (void *) ptr; ptr += sizeof(*rls);
++ rls->dlci = __addr(1, dlci);
++ rls->status = status;
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ struct rfcomm_msc *msc;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_MSC);
++ mcc->len = __len8(sizeof(*msc));
++
++ msc = (void *) ptr; ptr += sizeof(*msc);
++ msc->dlci = __addr(1, dlci);
++ msc->v24_sig = v24_sig | 0x01;
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d", s, cr);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
++ mcc->len = __len8(0);
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
++{
++ struct rfcomm_hdr *hdr;
++ struct rfcomm_mcc *mcc;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p cr %d", s, cr);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = __addr(s->initiator, 0);
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++ hdr->len = __len8(sizeof(*mcc));
++
++ mcc = (void *) ptr; ptr += sizeof(*mcc);
++ mcc->type = __mcc_type(cr, RFCOMM_FCON);
++ mcc->len = __len8(0);
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
++{
++ struct socket *sock = s->sock;
++ struct iovec iv[3];
++ struct msghdr msg;
++ unsigned char hdr[5], crc[1];
++
++ if (len > 125)
++ return -EINVAL;
++
++ BT_DBG("%p cr %d", s, cr);
++
++ hdr[0] = __addr(s->initiator, 0);
++ hdr[1] = __ctrl(RFCOMM_UIH, 0);
++ hdr[2] = 0x01 | ((len + 2) << 1);
++ hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
++ hdr[4] = 0x01 | (len << 1);
++
++ crc[0] = __fcs(hdr);
++
++ iv[0].iov_base = hdr;
++ iv[0].iov_len = 5;
++ iv[1].iov_base = pattern;
++ iv[1].iov_len = len;
++ iv[2].iov_base = crc;
++ iv[2].iov_len = 1;
++
++ memset(&msg, 0, sizeof(msg));
++ msg.msg_iovlen = 3;
++ msg.msg_iov = iv;
++ return sock->ops->sendmsg(sock, &msg, 6 + len, 0);
++}
++
++static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
++{
++ struct rfcomm_hdr *hdr;
++ u8 buf[16], *ptr = buf;
++
++ BT_DBG("%p addr %d credits %d", s, addr, credits);
++
++ hdr = (void *) ptr; ptr += sizeof(*hdr);
++ hdr->addr = addr;
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
++ hdr->len = __len8(0);
++
++ *ptr = credits; ptr++;
++
++ *ptr = __fcs(buf); ptr++;
++
++ return rfcomm_send_frame(s, buf, ptr - buf);
++}
++
++static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
++{
++ struct rfcomm_hdr *hdr;
++ int len = skb->len;
++ u8 *crc;
++
++ if (len > 127) {
++ hdr = (void *) skb_push(skb, 4);
++ put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
++ } else {
++ hdr = (void *) skb_push(skb, 3);
++ hdr->len = __len8(len);
++ }
++ hdr->addr = addr;
++ hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
++
++ crc = skb_put(skb, 1);
++ *crc = __fcs((void *) hdr);
++}
++
++/* ---- RFCOMM frame reception ---- */
++static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
++{
++ BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
++
++ if (dlci) {
++ /* Data channel */
++ struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
++ if (!d) {
++ rfcomm_send_dm(s, dlci);
++ return 0;
++ }
++
++ switch (d->state) {
++ case BT_CONNECT:
++ rfcomm_dlc_clear_timer(d);
++
++ rfcomm_dlc_lock(d);
++ d->state = BT_CONNECTED;
++ d->state_change(d, 0);
++ rfcomm_dlc_unlock(d);
++
++ rfcomm_send_msc(s, 1, dlci, d->v24_sig);
++ break;
++
++ case BT_DISCONN:
++ d->state = BT_CLOSED;
++ __rfcomm_dlc_close(d, 0);
++ break;
++ }
++ } else {
++ /* Control channel */
++ switch (s->state) {
++ case BT_CONNECT:
++ s->state = BT_CONNECTED;
++ rfcomm_process_connect(s);
++ break;
++ }
++ }
++ return 0;
++}
++
++static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
++{
++ int err = 0;
++
++ BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
++
++ if (dlci) {
++ /* Data DLC */
++ struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
++ if (d) {
++ if (d->state == BT_CONNECT || d->state == BT_CONFIG)
++ err = ECONNREFUSED;
++ else
++ err = ECONNRESET;
++
++ d->state = BT_CLOSED;
++ __rfcomm_dlc_close(d, err);
++ }
++ } else {
++ if (s->state == BT_CONNECT)
++ err = ECONNREFUSED;
++ else
++ err = ECONNRESET;
++
++ s->state = BT_CLOSED;
++ rfcomm_session_close(s, err);
++ }
++ return 0;
++}
++
++static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
++{
++ int err = 0;
++
++ BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
++
++ if (dlci) {
++ struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
++ if (d) {
++ rfcomm_send_ua(s, dlci);
++
++ if (d->state == BT_CONNECT || d->state == BT_CONFIG)
++ err = ECONNREFUSED;
++ else
++ err = ECONNRESET;
++
++ d->state = BT_CLOSED;
++ __rfcomm_dlc_close(d, err);
++ } else
++ rfcomm_send_dm(s, dlci);
++
++ } else {
++ rfcomm_send_ua(s, 0);
++
++ if (s->state == BT_CONNECT)
++ err = ECONNREFUSED;
++ else
++ err = ECONNRESET;
++
++ s->state = BT_CLOSED;
++ rfcomm_session_close(s, err);
++ }
++
++ return 0;
++}
++
++static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
++{
++ struct rfcomm_dlc *d;
++ u8 channel;
++
++ BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
++
++ if (!dlci) {
++ rfcomm_send_ua(s, 0);
++
++ if (s->state == BT_OPEN) {
++ s->state = BT_CONNECTED;
++ rfcomm_process_connect(s);
++ }
++ return 0;
++ }
++
++ /* Check if DLC exists */
++ d = rfcomm_dlc_get(s, dlci);
++ if (d) {
++ if (d->state == BT_OPEN) {
++ /* DLC was previously opened by PN request */
++ rfcomm_send_ua(s, dlci);
++
++ rfcomm_dlc_lock(d);
++ d->state = BT_CONNECTED;
++ d->state_change(d, 0);
++ rfcomm_dlc_unlock(d);
++
++ rfcomm_send_msc(s, 1, dlci, d->v24_sig);
++ }
++ return 0;
++ }
++
++ /* Notify socket layer about incomming connection */
++ channel = __srv_channel(dlci);
++ if (rfcomm_connect_ind(s, channel, &d)) {
++ d->dlci = dlci;
++ d->addr = __addr(s->initiator, dlci);
++ rfcomm_dlc_link(s, d);
++
++ rfcomm_send_ua(s, dlci);
++
++ rfcomm_dlc_lock(d);
++ d->state = BT_CONNECTED;
++ d->state_change(d, 0);
++ rfcomm_dlc_unlock(d);
++
++ rfcomm_send_msc(s, 1, dlci, d->v24_sig);
++ } else {
++ rfcomm_send_dm(s, dlci);
++ }
++
++ return 0;
++}
++
++static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
++{
++ struct rfcomm_session *s = d->session;
++
++ BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
++ d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
++
++ if (cr) {
++ if (pn->flow_ctrl == 0xf0) {
++ s->credits = RFCOMM_MAX_CREDITS;
++ d->credits = s->credits;
++ d->tx_credits = pn->credits;
++ } else {
++ set_bit(RFCOMM_TX_THROTTLED, &d->flags);
++ d->credits = 0;
++ }
++ } else {
++ if (pn->flow_ctrl == 0xe0) {
++ s->credits = RFCOMM_MAX_CREDITS;
++ d->credits = s->credits;
++ d->tx_credits = pn->credits;
++ } else {
++ set_bit(RFCOMM_TX_THROTTLED, &d->flags);
++ d->credits = 0;
++ }
++ }
++
++ d->priority = pn->priority;
++
++ d->mtu = btohs(pn->mtu);
++
++ return 0;
++}
++
++static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
++{
++ struct rfcomm_pn *pn = (void *) skb->data;
++ struct rfcomm_dlc *d;
++ u8 dlci = pn->dlci;
++
++ BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
++
++ if (!dlci)
++ return 0;
++
++ d = rfcomm_dlc_get(s, dlci);
++ if (d) {
++ if (cr) {
++ /* PN request */
++ rfcomm_apply_pn(d, cr, pn);
++ rfcomm_send_pn(s, 0, d);
++ } else {
++ /* PN response */
++ switch (d->state) {
++ case BT_CONFIG:
++ rfcomm_apply_pn(d, cr, pn);
++
++ d->state = BT_CONNECT;
++ rfcomm_send_sabm(s, d->dlci);
++ break;
++ }
++ }
++ } else {
++ u8 channel = __srv_channel(dlci);
++
++ if (!cr)
++ return 0;
++
++ /* PN request for non existing DLC.
++ * Assume incomming connection. */
++ if (rfcomm_connect_ind(s, channel, &d)) {
++ d->dlci = dlci;
++ d->addr = __addr(s->initiator, dlci);
++ rfcomm_dlc_link(s, d);
++
++ rfcomm_apply_pn(d, cr, pn);
++
++ d->state = BT_OPEN;
++ rfcomm_send_pn(s, 0, d);
++ } else {
++ rfcomm_send_dm(s, dlci);
++ }
++ }
++ return 0;
++}
++
++static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
++{
++ struct rfcomm_rpn *rpn = (void *) skb->data;
++ u8 dlci = __get_dlci(rpn->dlci);
++
++ u8 bit_rate = 0;
++ u8 data_bits = 0;
++ u8 stop_bits = 0;
++ u8 parity = 0;
++ u8 flow_ctrl = 0;
++ u8 xon_char = 0;
++ u8 xoff_char = 0;
++ u16 rpn_mask = RFCOMM_RPN_PM_ALL;
++
++ BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
++ dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
++ rpn->xon_char, rpn->xoff_char, rpn->param_mask);
++
++ if (!cr)
++ return 0;
++
++ if (len == 1) {
++ /* request: return default setting */
++ bit_rate = RFCOMM_RPN_BR_115200;
++ data_bits = RFCOMM_RPN_DATA_8;
++ stop_bits = RFCOMM_RPN_STOP_1;
++ parity = RFCOMM_RPN_PARITY_NONE;
++ flow_ctrl = RFCOMM_RPN_FLOW_NONE;
++ xon_char = RFCOMM_RPN_XON_CHAR;
++ xoff_char = RFCOMM_RPN_XOFF_CHAR;
++
++ goto rpn_out;
++ }
++ /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
++ no flow control lines, normal XON/XOFF chars */
++ if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
++ bit_rate = rpn->bit_rate;
++ if (bit_rate != RFCOMM_RPN_BR_115200) {
++ BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
++ bit_rate = RFCOMM_RPN_BR_115200;
++ rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
++ data_bits = __get_rpn_data_bits(rpn->line_settings);
++ if (data_bits != RFCOMM_RPN_DATA_8) {
++ BT_DBG("RPN data bits mismatch 0x%x", data_bits);
++ data_bits = RFCOMM_RPN_DATA_8;
++ rpn_mask ^= RFCOMM_RPN_PM_DATA;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
++ stop_bits = __get_rpn_stop_bits(rpn->line_settings);
++ if (stop_bits != RFCOMM_RPN_STOP_1) {
++ BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
++ stop_bits = RFCOMM_RPN_STOP_1;
++ rpn_mask ^= RFCOMM_RPN_PM_STOP;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
++ parity = __get_rpn_parity(rpn->line_settings);
++ if (parity != RFCOMM_RPN_PARITY_NONE) {
++ BT_DBG("RPN parity mismatch 0x%x", parity);
++ parity = RFCOMM_RPN_PARITY_NONE;
++ rpn_mask ^= RFCOMM_RPN_PM_PARITY;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
++ flow_ctrl = rpn->flow_ctrl;
++ if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
++ BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
++ flow_ctrl = RFCOMM_RPN_FLOW_NONE;
++ rpn_mask ^= RFCOMM_RPN_PM_FLOW;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
++ xon_char = rpn->xon_char;
++ if (xon_char != RFCOMM_RPN_XON_CHAR) {
++ BT_DBG("RPN XON char mismatch 0x%x", xon_char);
++ xon_char = RFCOMM_RPN_XON_CHAR;
++ rpn_mask ^= RFCOMM_RPN_PM_XON;
++ }
++ }
++ if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
++ xoff_char = rpn->xoff_char;
++ if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
++ BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
++ xoff_char = RFCOMM_RPN_XOFF_CHAR;
++ rpn_mask ^= RFCOMM_RPN_PM_XOFF;
++ }
++ }
++
++rpn_out:
++ rfcomm_send_rpn(s, 0, dlci,
++ bit_rate, data_bits, stop_bits, parity, flow_ctrl,
++ xon_char, xoff_char, rpn_mask);
++
++ return 0;
++}
++
++static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
++{
++ struct rfcomm_rls *rls = (void *) skb->data;
++ u8 dlci = __get_dlci(rls->dlci);
++
++ BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
++
++ if (!cr)
++ return 0;
++
++ /* FIXME: We should probably do something with this
++ information here. But for now it's sufficient just
++ to reply -- Bluetooth 1.1 says it's mandatory to
++ recognise and respond to RLS */
++
++ rfcomm_send_rls(s, 0, dlci, rls->status);
++
++ return 0;
++}
++
++static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
++{
++ struct rfcomm_msc *msc = (void *) skb->data;
++ struct rfcomm_dlc *d;
++ u8 dlci = __get_dlci(msc->dlci);
++
++ BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
++
++ d = rfcomm_dlc_get(s, dlci);
++ if (!d)
++ return 0;
++
++ if (cr) {
++ if (msc->v24_sig & RFCOMM_V24_FC && !d->credits)
++ set_bit(RFCOMM_TX_THROTTLED, &d->flags);
++ else
++ clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
++
++ rfcomm_dlc_lock(d);
++ if (d->modem_status)
++ d->modem_status(d, msc->v24_sig);
++ rfcomm_dlc_unlock(d);
++
++ rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
++
++ d->mscex |= RFCOMM_MSCEX_RX;
++ } else
++ d->mscex |= RFCOMM_MSCEX_TX;
++
++ return 0;
++}
++
++static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
++{
++ struct rfcomm_mcc *mcc = (void *) skb->data;
++ u8 type, cr, len;
++
++ cr = __test_cr(mcc->type);
++ type = __get_mcc_type(mcc->type);
++ len = __get_mcc_len(mcc->len);
++
++ BT_DBG("%p type 0x%x cr %d", s, type, cr);
++
++ skb_pull(skb, 2);
++
++ switch (type) {
++ case RFCOMM_PN:
++ rfcomm_recv_pn(s, cr, skb);
++ break;
++
++ case RFCOMM_RPN:
++ rfcomm_recv_rpn(s, cr, len, skb);
++ break;
++
++ case RFCOMM_RLS:
++ rfcomm_recv_rls(s, cr, skb);
++ break;
++
++ case RFCOMM_MSC:
++ rfcomm_recv_msc(s, cr, skb);
++ break;
++
++ case RFCOMM_FCOFF:
++ if (cr) {
++ set_bit(RFCOMM_TX_THROTTLED, &s->flags);
++ rfcomm_send_fcoff(s, 0);
++ }
++ break;
++
++ case RFCOMM_FCON:
++ if (cr) {
++ clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
++ rfcomm_send_fcon(s, 0);
++ }
++ break;
++
++ case RFCOMM_TEST:
++ if (cr)
++ rfcomm_send_test(s, 0, skb->data, skb->len);
++ break;
++
++ case RFCOMM_NSC:
++ break;
++
++ default:
++ BT_ERR("Unknown control type 0x%02x", type);
++ rfcomm_send_nsc(s, cr, type);
++ break;
++ }
++ return 0;
++}
++
++static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
++{
++ struct rfcomm_dlc *d;
++
++ BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
++
++ d = rfcomm_dlc_get(s, dlci);
++ if (!d) {
++ rfcomm_send_dm(s, dlci);
++ goto drop;
++ }
++
++ if (pf && d->credits) {
++ u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
++
++ d->tx_credits += credits;
++ if (d->tx_credits)
++ clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
++ }
++
++ if (skb->len && d->state == BT_CONNECTED) {
++ rfcomm_dlc_lock(d);
++ d->rx_credits--;
++ d->data_ready(d, skb);
++ rfcomm_dlc_unlock(d);
++ return 0;
++ }
++
++drop:
++ kfree_skb(skb);
++ return 0;
++}
++
++static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
++{
++ struct rfcomm_hdr *hdr = (void *) skb->data;
++ u8 type, dlci, fcs;
++
++ dlci = __get_dlci(hdr->addr);
++ type = __get_type(hdr->ctrl);
++
++ /* Trim FCS */
++ skb->len--; skb->tail--;
++ fcs = *(u8 *) skb->tail;
++
++ if (__check_fcs(skb->data, type, fcs)) {
++ BT_ERR("bad checksum in packet");
++ kfree_skb(skb);
++ return -EILSEQ;
++ }
++
++ if (__test_ea(hdr->len))
++ skb_pull(skb, 3);
++ else
++ skb_pull(skb, 4);
++
++ switch (type) {
++ case RFCOMM_SABM:
++ if (__test_pf(hdr->ctrl))
++ rfcomm_recv_sabm(s, dlci);
++ break;
++
++ case RFCOMM_DISC:
++ if (__test_pf(hdr->ctrl))
++ rfcomm_recv_disc(s, dlci);
++ break;
++
++ case RFCOMM_UA:
++ if (__test_pf(hdr->ctrl))
++ rfcomm_recv_ua(s, dlci);
++ break;
++
++ case RFCOMM_DM:
++ rfcomm_recv_dm(s, dlci);
++ break;
++
++ case RFCOMM_UIH:
++ if (dlci)
++ return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
++
++ rfcomm_recv_mcc(s, skb);
++ break;
++
++ default:
++ BT_ERR("Unknown packet type 0x%02x\n", type);
++ break;
++ }
++ kfree_skb(skb);
++ return 0;
++}
++
++/* ---- Connection and data processing ---- */
++
++static void rfcomm_process_connect(struct rfcomm_session *s)
++{
++ struct rfcomm_dlc *d;
++ struct list_head *p, *n;
++
++ BT_DBG("session %p state %ld", s, s->state);
++
++ list_for_each_safe(p, n, &s->dlcs) {
++ d = list_entry(p, struct rfcomm_dlc, list);
++ if (d->state == BT_CONFIG) {
++ d->mtu = s->mtu;
++ rfcomm_send_pn(s, 1, d);
++ }
++ }
++}
++
++/* Send data queued for the DLC.
++ * Return number of frames left in the queue.
++ */
++static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
++{
++ struct sk_buff *skb;
++ int err;
++
++ BT_DBG("dlc %p state %ld credits %d rx_credits %d tx_credits %d",
++ d, d->state, d->credits, d->rx_credits, d->tx_credits);
++
++ /* Send pending MSC */
++ if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
++ rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
++
++ if (d->credits) {
++ /* CFC enabled.
++ * Give them some credits */
++ if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
++ d->rx_credits <= (d->credits >> 2)) {
++ rfcomm_send_credits(d->session, d->addr, d->credits - d->rx_credits);
++ d->rx_credits = d->credits;
++ }
++ } else {
++ /* CFC disabled.
++ * Give ourselves some credits */
++ d->tx_credits = 5;
++ }
++
++ if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
++ return skb_queue_len(&d->tx_queue);
++
++ while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
++ err = rfcomm_send_frame(d->session, skb->data, skb->len);
++ if (err < 0) {
++ skb_queue_head(&d->tx_queue, skb);
++ break;
++ }
++ kfree_skb(skb);
++ d->tx_credits--;
++ }
++
++ if (d->credits && !d->tx_credits) {
++ /* We're out of TX credits.
++ * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
++ set_bit(RFCOMM_TX_THROTTLED, &d->flags);
++ }
++
++ return skb_queue_len(&d->tx_queue);
++}
++
++static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
++{
++ struct rfcomm_dlc *d;
++ struct list_head *p, *n;
++
++ BT_DBG("session %p state %ld", s, s->state);
++
++ list_for_each_safe(p, n, &s->dlcs) {
++ d = list_entry(p, struct rfcomm_dlc, list);
++ if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
++ __rfcomm_dlc_close(d, ETIMEDOUT);
++ continue;
++ }
++
++ if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
++ continue;
++
++ if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
++ d->mscex == RFCOMM_MSCEX_OK)
++ rfcomm_process_tx(d);
++ }
++}
++
++static inline void rfcomm_process_rx(struct rfcomm_session *s)
++{
++ struct socket *sock = s->sock;
++ struct sock *sk = sock->sk;
++ struct sk_buff *skb;
++
++ BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->receive_queue));
++
++ /* Get data directly from socket receive queue without copying it. */
++ while ((skb = skb_dequeue(&sk->receive_queue))) {
++ skb_orphan(skb);
++ rfcomm_recv_frame(s, skb);
++ }
++
++ if (sk->state == BT_CLOSED) {
++ if (!s->initiator)
++ rfcomm_session_put(s);
++
++ rfcomm_session_close(s, sk->err);
++ }
++}
++
++static inline void rfcomm_accept_connection(struct rfcomm_session *s)
++{
++ struct socket *sock = s->sock, *nsock;
++ int err;
++
++ /* Fast check for a new connection.
++ * Avoids unnesesary socket allocations. */
++ if (list_empty(&bluez_pi(sock->sk)->accept_q))
++ return;
++
++ BT_DBG("session %p", s);
++
++ nsock = sock_alloc();
++ if (!nsock)
++ return;
++
++ nsock->type = sock->type;
++ nsock->ops = sock->ops;
++
++ err = sock->ops->accept(sock, nsock, O_NONBLOCK);
++ if (err < 0) {
++ sock_release(nsock);
++ return;
++ }
++
++ /* Set our callbacks */
++ nsock->sk->data_ready = rfcomm_l2data_ready;
++ nsock->sk->state_change = rfcomm_l2state_change;
++
++ s = rfcomm_session_add(nsock, BT_OPEN);
++ if (s)
++ rfcomm_session_hold(s);
++ else
++ sock_release(nsock);
++}
++
++static inline void rfcomm_check_connection(struct rfcomm_session *s)
++{
++ struct sock *sk = s->sock->sk;
++
++ BT_DBG("%p state %ld", s, s->state);
++
++ switch(sk->state) {
++ case BT_CONNECTED:
++ s->state = BT_CONNECT;
++
++ /* We can adjust MTU on outgoing sessions.
++ * L2CAP MTU minus UIH header and FCS. */
++ s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
++
++ rfcomm_send_sabm(s, 0);
++ break;
++
++ case BT_CLOSED:
++ s->state = BT_CLOSED;
++ rfcomm_session_close(s, sk->err);
++ break;
++ }
++}
++
++static inline void rfcomm_process_sessions(void)
++{
++ struct list_head *p, *n;
++
++ rfcomm_lock();
++
++ list_for_each_safe(p, n, &session_list) {
++ struct rfcomm_session *s;
++ s = list_entry(p, struct rfcomm_session, list);
++
++ if (s->state == BT_LISTEN) {
++ rfcomm_accept_connection(s);
++ continue;
++ }
++
++ rfcomm_session_hold(s);
++
++ switch (s->state) {
++ case BT_BOUND:
++ rfcomm_check_connection(s);
++ break;
++
++ default:
++ rfcomm_process_rx(s);
++ break;
++ }
++
++ rfcomm_process_dlcs(s);
++
++ rfcomm_session_put(s);
++ }
++
++ rfcomm_unlock();
++}
++
++static void rfcomm_worker(void)
++{
++ BT_DBG("");
++
++ daemonize(); reparent_to_init();
++ set_fs(KERNEL_DS);
++
++ while (!atomic_read(&terminate)) {
++ BT_DBG("worker loop event 0x%lx", rfcomm_event);
++
++ if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
++ /* No pending events. Let's sleep.
++ * Incomming connections and data will wake us up. */
++ set_current_state(TASK_INTERRUPTIBLE);
++ schedule();
++ }
++
++ /* Process stuff */
++ clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
++ rfcomm_process_sessions();
++ }
++ set_current_state(TASK_RUNNING);
++ return;
++}
++
++static int rfcomm_add_listener(bdaddr_t *ba)
++{
++ struct sockaddr_l2 addr;
++ struct l2cap_options opts;
++ struct socket *sock;
++ struct rfcomm_session *s;
++ int size, err = 0;
++
++ /* Create socket */
++ err = rfcomm_l2sock_create(&sock);
++ if (err < 0) {
++ BT_ERR("Create socket failed %d", err);
++ return err;
++ }
++
++ /* Bind socket */
++ bacpy(&addr.l2_bdaddr, ba);
++ addr.l2_family = AF_BLUETOOTH;
++ addr.l2_psm = htobs(RFCOMM_PSM);
++ err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
++ if (err < 0) {
++ BT_ERR("Bind failed %d", err);
++ goto failed;
++ }
++
++ /* Set L2CAP options */
++ size = sizeof(opts);
++ sock->ops->getsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, &size);
++
++ opts.imtu = RFCOMM_MAX_L2CAP_MTU;
++ sock->ops->setsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, size);
++
++ /* Start listening on the socket */
++ err = sock->ops->listen(sock, 10);
++ if (err) {
++ BT_ERR("Listen failed %d", err);
++ goto failed;
++ }
++
++ /* Add listening session */
++ s = rfcomm_session_add(sock, BT_LISTEN);
++ if (!s)
++ goto failed;
++
++ rfcomm_session_hold(s);
++ return 0;
++failed:
++ sock_release(sock);
++ return err;
++}
++
++static void rfcomm_kill_listener(void)
++{
++ struct rfcomm_session *s;
++ struct list_head *p, *n;
++
++ BT_DBG("");
++
++ list_for_each_safe(p, n, &session_list) {
++ s = list_entry(p, struct rfcomm_session, list);
++ rfcomm_session_del(s);
++ }
++}
++
++static int rfcomm_run(void *unused)
++{
++ rfcomm_thread = current;
++
++ atomic_inc(&running);
++
++ daemonize(); reparent_to_init();
++
++ sigfillset(&current->blocked);
++ set_fs(KERNEL_DS);
++
++ sprintf(current->comm, "krfcommd");
++
++ BT_DBG("");
++
++ rfcomm_add_listener(BDADDR_ANY);
++
++ rfcomm_worker();
++
++ rfcomm_kill_listener();
++
++ atomic_dec(&running);
++ return 0;
++}
++
++/* ---- Proc fs support ---- */
++static int rfcomm_dlc_dump(char *buf)
++{
++ struct rfcomm_session *s;
++ struct sock *sk;
++ struct list_head *p, *pp;
++ char *ptr = buf;
++
++ rfcomm_lock();
++
++ list_for_each(p, &session_list) {
++ s = list_entry(p, struct rfcomm_session, list);
++ sk = s->sock->sk;
++
++ list_for_each(pp, &s->dlcs) {
++ struct rfcomm_dlc *d;
++ d = list_entry(pp, struct rfcomm_dlc, list);
++
++ ptr += sprintf(ptr, "dlc %s %s %ld %d %d %d %d\n",
++ batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
++ d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
++ }
++ }
++
++ rfcomm_unlock();
++
++ return ptr - buf;
++}
++
++extern int rfcomm_sock_dump(char *buf);
++
++static int rfcomm_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
++{
++ char *ptr = buf;
++ int len;
++
++ BT_DBG("count %d, offset %ld", count, offset);
++
++ ptr += rfcomm_dlc_dump(ptr);
++ ptr += rfcomm_sock_dump(ptr);
++ len = ptr - buf;
++
++ if (len <= count + offset)
++ *eof = 1;
++
++ *start = buf + offset;
++ len -= offset;
++
++ if (len > count)
++ len = count;
++ if (len < 0)
++ len = 0;
++
++ return len;
++}
++
++/* ---- Initialization ---- */
++int __init rfcomm_init(void)
++{
++ l2cap_load();
++
++ kernel_thread(rfcomm_run, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
++
++ rfcomm_init_sockets();
++
++#ifdef CONFIG_BLUEZ_RFCOMM_TTY
++ rfcomm_init_ttys();
++#endif
++
++ create_proc_read_entry("bluetooth/rfcomm", 0, 0, rfcomm_read_proc, NULL);
++
++ BT_INFO("BlueZ RFCOMM ver %s", VERSION);
++ BT_INFO("Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>");
++ BT_INFO("Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>");
++ return 0;
++}
++
++void rfcomm_cleanup(void)
++{
++ /* Terminate working thread.
++ * ie. Set terminate flag and wake it up */
++ atomic_inc(&terminate);
++ rfcomm_schedule(RFCOMM_SCHED_STATE);
++
++ /* Wait until thread is running */
++ while (atomic_read(&running))
++ schedule();
++
++ remove_proc_entry("bluetooth/rfcomm", NULL);
++
++#ifdef CONFIG_BLUEZ_RFCOMM_TTY
++ rfcomm_cleanup_ttys();
++#endif
++
++ rfcomm_cleanup_sockets();
++ return;
++}
++
++module_init(rfcomm_init);
++module_exit(rfcomm_cleanup);
++
++MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
++MODULE_DESCRIPTION("BlueZ RFCOMM ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/crc.c linux-2.4.18-mh9/net/bluetooth/rfcomm/crc.c
+--- linux-2.4.18/net/bluetooth/rfcomm/crc.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/crc.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,71 @@
++/*
++ RFCOMM implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++ Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * RFCOMM FCS calculation.
++ *
++ * $Id: crc.c,v 1.2 2002/09/21 09:54:32 holtmann Exp $
++ */
++
++/* reversed, 8-bit, poly=0x07 */
++unsigned char rfcomm_crc_table[256] = {
++ 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
++ 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
++ 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
++ 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
++
++ 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
++ 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
++ 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
++ 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
++
++ 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
++ 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
++ 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
++ 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
++
++ 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
++ 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
++ 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
++ 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
++
++ 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
++ 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
++ 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
++ 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
++
++ 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
++ 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
++ 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
++ 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
++
++ 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
++ 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
++ 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
++ 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
++
++ 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
++ 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
++ 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
++ 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
++};
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/sock.c linux-2.4.18-mh9/net/bluetooth/rfcomm/sock.c
+--- linux-2.4.18/net/bluetooth/rfcomm/sock.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/sock.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,847 @@
++/*
++ RFCOMM implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++ Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * RFCOMM sockets.
++ *
++ * $Id: sock.c,v 1.30 2002/10/18 20:12:12 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/init.h>
++#include <linux/skbuff.h>
++#include <linux/interrupt.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/list.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/rfcomm.h>
++
++#ifndef CONFIG_BLUEZ_RFCOMM_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++static struct proto_ops rfcomm_sock_ops;
++
++static struct bluez_sock_list rfcomm_sk_list = {
++ lock: RW_LOCK_UNLOCKED
++};
++
++static void rfcomm_sock_close(struct sock *sk);
++static void rfcomm_sock_kill(struct sock *sk);
++
++/* ---- DLC callbacks ----
++ *
++ * called under rfcomm_dlc_lock()
++ */
++static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
++{
++ struct sock *sk = d->owner;
++ if (!sk)
++ return;
++
++ atomic_add(skb->len, &sk->rmem_alloc);
++ skb_queue_tail(&sk->receive_queue, skb);
++ sk->data_ready(sk, skb->len);
++
++ if (atomic_read(&sk->rmem_alloc) >= sk->rcvbuf)
++ rfcomm_dlc_throttle(d);
++}
++
++static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
++{
++ struct sock *sk = d->owner, *parent;
++ if (!sk)
++ return;
++
++ BT_DBG("dlc %p state %ld err %d", d, d->state, err);
++
++ bh_lock_sock(sk);
++
++ if (err)
++ sk->err = err;
++ sk->state = d->state;
++
++ parent = bluez_pi(sk)->parent;
++ if (!parent) {
++ if (d->state == BT_CONNECTED)
++ rfcomm_session_getaddr(d->session, &bluez_pi(sk)->src, NULL);
++ sk->state_change(sk);
++ } else
++ parent->data_ready(parent, 0);
++
++ bh_unlock_sock(sk);
++}
++
++/* ---- Socket functions ---- */
++static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
++{
++ struct sock *sk;
++
++ for (sk = rfcomm_sk_list.head; sk; sk = sk->next) {
++ if (rfcomm_pi(sk)->channel == channel &&
++ !bacmp(&bluez_pi(sk)->src, src))
++ break;
++ }
++
++ return sk;
++}
++
++/* Find socket with channel and source bdaddr.
++ * Returns closest match.
++ */
++static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
++{
++ struct sock *sk, *sk1 = NULL;
++
++ for (sk = rfcomm_sk_list.head; sk; sk = sk->next) {
++ if (state && sk->state != state)
++ continue;
++
++ if (rfcomm_pi(sk)->channel == channel) {
++ /* Exact match. */
++ if (!bacmp(&bluez_pi(sk)->src, src))
++ break;
++
++ /* Closest match */
++ if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
++ sk1 = sk;
++ }
++ }
++ return sk ? sk : sk1;
++}
++
++/* Find socket with given address (channel, src).
++ * Returns locked socket */
++static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
++{
++ struct sock *s;
++ read_lock(&rfcomm_sk_list.lock);
++ s = __rfcomm_get_sock_by_channel(state, channel, src);
++ if (s) bh_lock_sock(s);
++ read_unlock(&rfcomm_sk_list.lock);
++ return s;
++}
++
++static void rfcomm_sock_destruct(struct sock *sk)
++{
++ struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
++
++ BT_DBG("sk %p dlc %p", sk, d);
++
++ skb_queue_purge(&sk->receive_queue);
++ skb_queue_purge(&sk->write_queue);
++
++ rfcomm_dlc_lock(d);
++ rfcomm_pi(sk)->dlc = NULL;
++
++ /* Detach DLC if it's owned by this socket */
++ if (d->owner == sk)
++ d->owner = NULL;
++ rfcomm_dlc_unlock(d);
++
++ rfcomm_dlc_put(d);
++
++ MOD_DEC_USE_COUNT;
++}
++
++static void rfcomm_sock_cleanup_listen(struct sock *parent)
++{
++ struct sock *sk;
++
++ BT_DBG("parent %p", parent);
++
++ /* Close not yet accepted dlcs */
++ while ((sk = bluez_accept_dequeue(parent, NULL))) {
++ rfcomm_sock_close(sk);
++ rfcomm_sock_kill(sk);
++ }
++
++ parent->state = BT_CLOSED;
++ parent->zapped = 1;
++}
++
++/* Kill socket (only if zapped and orphan)
++ * Must be called on unlocked socket.
++ */
++static void rfcomm_sock_kill(struct sock *sk)
++{
++ if (!sk->zapped || sk->socket)
++ return;
++
++ BT_DBG("sk %p state %d refcnt %d", sk, sk->state, atomic_read(&sk->refcnt));
++
++ /* Kill poor orphan */
++ bluez_sock_unlink(&rfcomm_sk_list, sk);
++ sk->dead = 1;
++ sock_put(sk);
++}
++
++static void __rfcomm_sock_close(struct sock *sk)
++{
++ struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
++
++ BT_DBG("sk %p state %d socket %p", sk, sk->state, sk->socket);
++
++ switch (sk->state) {
++ case BT_LISTEN:
++ rfcomm_sock_cleanup_listen(sk);
++ break;
++
++ case BT_CONNECT:
++ case BT_CONNECT2:
++ case BT_CONFIG:
++ case BT_CONNECTED:
++ rfcomm_dlc_close(d, 0);
++
++ default:
++ sk->zapped = 1;
++ break;
++ }
++}
++
++/* Close socket.
++ * Must be called on unlocked socket.
++ */
++static void rfcomm_sock_close(struct sock *sk)
++{
++ lock_sock(sk);
++ __rfcomm_sock_close(sk);
++ release_sock(sk);
++}
++
++static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
++{
++ BT_DBG("sk %p", sk);
++
++ if (parent)
++ sk->type = parent->type;
++}
++
++static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, int prio)
++{
++ struct rfcomm_dlc *d;
++ struct sock *sk;
++
++ sk = sk_alloc(PF_BLUETOOTH, prio, 1);
++ if (!sk)
++ return NULL;
++
++ d = rfcomm_dlc_alloc(prio);
++ if (!d) {
++ sk_free(sk);
++ return NULL;
++ }
++ d->data_ready = rfcomm_sk_data_ready;
++ d->state_change = rfcomm_sk_state_change;
++
++ rfcomm_pi(sk)->dlc = d;
++ d->owner = sk;
++
++ bluez_sock_init(sock, sk);
++
++ sk->zapped = 0;
++
++ sk->destruct = rfcomm_sock_destruct;
++ sk->sndtimeo = RFCOMM_CONN_TIMEOUT;
++
++ sk->sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
++ sk->rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
++
++ sk->protocol = proto;
++ sk->state = BT_OPEN;
++
++ bluez_sock_link(&rfcomm_sk_list, sk);
++
++ BT_DBG("sk %p", sk);
++
++ MOD_INC_USE_COUNT;
++ return sk;
++}
++
++static int rfcomm_sock_create(struct socket *sock, int protocol)
++{
++ struct sock *sk;
++
++ BT_DBG("sock %p", sock);
++
++ sock->state = SS_UNCONNECTED;
++
++ if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
++ return -ESOCKTNOSUPPORT;
++
++ sock->ops = &rfcomm_sock_ops;
++
++ if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL)))
++ return -ENOMEM;
++
++ rfcomm_sock_init(sk, NULL);
++ return 0;
++}
++
++static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
++{
++ struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
++
++ if (!addr || addr->sa_family != AF_BLUETOOTH)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_OPEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ write_lock_bh(&rfcomm_sk_list.lock);
++
++ if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
++ err = -EADDRINUSE;
++ } else {
++ /* Save source address */
++ bacpy(&bluez_pi(sk)->src, &sa->rc_bdaddr);
++ rfcomm_pi(sk)->channel = sa->rc_channel;
++ sk->state = BT_BOUND;
++ }
++
++ write_unlock_bh(&rfcomm_sk_list.lock);
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
++{
++ struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
++ struct sock *sk = sock->sk;
++ struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
++ int err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
++ return -EINVAL;
++
++ if (sk->state != BT_OPEN && sk->state != BT_BOUND)
++ return -EBADFD;
++
++ if (sk->type != SOCK_STREAM)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ sk->state = BT_CONNECT;
++ bacpy(&bluez_pi(sk)->dst, &sa->rc_bdaddr);
++ rfcomm_pi(sk)->channel = sa->rc_channel;
++
++ err = rfcomm_dlc_open(d, &bluez_pi(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
++ if (!err)
++ err = bluez_sock_wait_state(sk, BT_CONNECTED,
++ sock_sndtimeo(sk, flags & O_NONBLOCK));
++
++ release_sock(sk);
++ return err;
++}
++
++int rfcomm_sock_listen(struct socket *sock, int backlog)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p backlog %d", sk, backlog);
++
++ lock_sock(sk);
++
++ if (sk->state != BT_BOUND) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ sk->max_ack_backlog = backlog;
++ sk->ack_backlog = 0;
++ sk->state = BT_LISTEN;
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct sock *sk = sock->sk, *nsk;
++ long timeo;
++ int err = 0;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
++
++ BT_DBG("sk %p timeo %ld", sk, timeo);
++
++ /* Wait for an incoming connection. (wake-one). */
++ add_wait_queue_exclusive(sk->sleep, &wait);
++ while (!(nsk = bluez_accept_dequeue(sk, newsock))) {
++ set_current_state(TASK_INTERRUPTIBLE);
++ if (!timeo) {
++ err = -EAGAIN;
++ break;
++ }
++
++ release_sock(sk);
++ timeo = schedule_timeout(timeo);
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ break;
++ }
++
++ if (signal_pending(current)) {
++ err = sock_intr_errno(timeo);
++ break;
++ }
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++
++ if (err)
++ goto done;
++
++ newsock->state = SS_CONNECTED;
++
++ BT_DBG("new socket %p", nsk);
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
++{
++ struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
++ struct sock *sk = sock->sk;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ sa->rc_family = AF_BLUETOOTH;
++ sa->rc_channel = rfcomm_pi(sk)->channel;
++ if (peer)
++ bacpy(&sa->rc_bdaddr, &bluez_pi(sk)->dst);
++ else
++ bacpy(&sa->rc_bdaddr, &bluez_pi(sk)->src);
++
++ *len = sizeof(struct sockaddr_rc);
++ return 0;
++}
++
++static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len,
++ struct scm_cookie *scm)
++{
++ struct sock *sk = sock->sk;
++ struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
++ struct sk_buff *skb;
++ int err, size;
++ int sent = 0;
++
++ if (msg->msg_flags & MSG_OOB)
++ return -EOPNOTSUPP;
++
++ if (sk->shutdown & SEND_SHUTDOWN)
++ return -EPIPE;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ lock_sock(sk);
++
++ while (len) {
++ size = min_t(uint, len, d->mtu);
++
++ skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
++ msg->msg_flags & MSG_DONTWAIT, &err);
++ if (!skb)
++ break;
++ skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
++
++ err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
++ if (err) {
++ kfree_skb(skb);
++ sent = err;
++ break;
++ }
++
++ err = rfcomm_dlc_send(d, skb);
++ if (err < 0) {
++ kfree_skb(skb);
++ break;
++ }
++
++ sent += size;
++ len -= size;
++ }
++
++ release_sock(sk);
++
++ return sent ? sent : err;
++}
++
++static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
++{
++ DECLARE_WAITQUEUE(wait, current);
++
++ add_wait_queue(sk->sleep, &wait);
++ for (;;) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (skb_queue_len(&sk->receive_queue) || sk->err || (sk->shutdown & RCV_SHUTDOWN) ||
++ signal_pending(current) || !timeo)
++ break;
++
++ set_bit(SOCK_ASYNC_WAITDATA, &sk->socket->flags);
++ release_sock(sk);
++ timeo = schedule_timeout(timeo);
++ lock_sock(sk);
++ clear_bit(SOCK_ASYNC_WAITDATA, &sk->socket->flags);
++ }
++
++ __set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++ return timeo;
++}
++
++static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg, int size,
++ int flags, struct scm_cookie *scm)
++{
++ struct sock *sk = sock->sk;
++ int target, err = 0, copied = 0;
++ long timeo;
++
++ if (flags & MSG_OOB)
++ return -EOPNOTSUPP;
++
++ msg->msg_namelen = 0;
++
++ BT_DBG("sk %p size %d", sk, size);
++
++ lock_sock(sk);
++
++ target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
++ timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
++
++ do {
++ struct sk_buff *skb;
++ int chunk;
++
++ skb = skb_dequeue(&sk->receive_queue);
++ if (!skb) {
++ if (copied >= target)
++ break;
++
++ if ((err = sock_error(sk)) != 0)
++ break;
++ if (sk->shutdown & RCV_SHUTDOWN)
++ break;
++
++ err = -EAGAIN;
++ if (!timeo)
++ break;
++
++ timeo = rfcomm_sock_data_wait(sk, timeo);
++
++ if (signal_pending(current)) {
++ err = sock_intr_errno(timeo);
++ goto out;
++ }
++ continue;
++ }
++
++ chunk = min_t(unsigned int, skb->len, size);
++ if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
++ skb_queue_head(&sk->receive_queue, skb);
++ if (!copied)
++ copied = -EFAULT;
++ break;
++ }
++ copied += chunk;
++ size -= chunk;
++
++ if (!(flags & MSG_PEEK)) {
++ atomic_sub(chunk, &sk->rmem_alloc);
++
++ skb_pull(skb, chunk);
++ if (skb->len) {
++ skb_queue_head(&sk->receive_queue, skb);
++ break;
++ }
++ kfree_skb(skb);
++
++ } else {
++ /* put message back and return */
++ skb_queue_head(&sk->receive_queue, skb);
++ break;
++ }
++ } while (size);
++
++out:
++ if (atomic_read(&sk->rmem_alloc) <= (sk->rcvbuf >> 2))
++ rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
++
++ release_sock(sk);
++ return copied ? : err;
++}
++
++static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ lock_sock(sk);
++
++ switch (optname) {
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ };
++
++ release_sock(sk);
++ return err;
++}
++
++static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
++{
++ struct sock *sk = sock->sk;
++ int len, err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ if (get_user(len, optlen))
++ return -EFAULT;
++
++ lock_sock(sk);
++
++ switch (optname) {
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ };
++
++ release_sock(sk);
++ return err;
++}
++
++static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
++{
++ struct sock *sk = sock->sk;
++ int err;
++
++ lock_sock(sk);
++
++#ifdef CONFIG_BLUEZ_RFCOMM_TTY
++ err = rfcomm_dev_ioctl(sk, cmd, arg);
++#else
++ err = -EOPNOTSUPP;
++#endif
++
++ release_sock(sk);
++
++ return err;
++}
++
++static int rfcomm_sock_shutdown(struct socket *sock, int how)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (!sk) return 0;
++
++ lock_sock(sk);
++ if (!sk->shutdown) {
++ sk->shutdown = SHUTDOWN_MASK;
++ __rfcomm_sock_close(sk);
++
++ if (sk->linger)
++ err = bluez_sock_wait_state(sk, BT_CLOSED, sk->lingertime);
++ }
++ release_sock(sk);
++ return err;
++}
++
++static int rfcomm_sock_release(struct socket *sock)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (!sk)
++ return 0;
++
++ err = rfcomm_sock_shutdown(sock, 2);
++
++ sock_orphan(sk);
++ rfcomm_sock_kill(sk);
++ return err;
++}
++
++/* ---- RFCOMM core layer callbacks ----
++ *
++ * called under rfcomm_lock()
++ */
++int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
++{
++ struct sock *sk, *parent;
++ bdaddr_t src, dst;
++ int result = 0;
++
++ BT_DBG("session %p channel %d", s, channel);
++
++ rfcomm_session_getaddr(s, &src, &dst);
++
++ /* Check if we have socket listening on this channel */
++ parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
++ if (!parent)
++ return 0;
++
++ /* Check for backlog size */
++ if (parent->ack_backlog > parent->max_ack_backlog) {
++ BT_DBG("backlog full %d", parent->ack_backlog);
++ goto done;
++ }
++
++ sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
++ if (!sk)
++ goto done;
++
++ rfcomm_sock_init(sk, parent);
++ bacpy(&bluez_pi(sk)->src, &src);
++ bacpy(&bluez_pi(sk)->dst, &dst);
++ rfcomm_pi(sk)->channel = channel;
++
++ sk->state = BT_CONFIG;
++ bluez_accept_enqueue(parent, sk);
++
++ /* Accept connection and return socket DLC */
++ *d = rfcomm_pi(sk)->dlc;
++ result = 1;
++
++done:
++ bh_unlock_sock(parent);
++ return result;
++}
++
++/* ---- Proc fs support ---- */
++int rfcomm_sock_dump(char *buf)
++{
++ struct bluez_sock_list *list = &rfcomm_sk_list;
++ struct rfcomm_pinfo *pi;
++ struct sock *sk;
++ char *ptr = buf;
++
++ write_lock_bh(&list->lock);
++
++ for (sk = list->head; sk; sk = sk->next) {
++ pi = rfcomm_pi(sk);
++ ptr += sprintf(ptr, "sk %s %s %d %d\n",
++ batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
++ sk->state, rfcomm_pi(sk)->channel);
++ }
++
++ write_unlock_bh(&list->lock);
++
++ return ptr - buf;
++}
++
++static struct proto_ops rfcomm_sock_ops = {
++ family: PF_BLUETOOTH,
++ release: rfcomm_sock_release,
++ bind: rfcomm_sock_bind,
++ connect: rfcomm_sock_connect,
++ listen: rfcomm_sock_listen,
++ accept: rfcomm_sock_accept,
++ getname: rfcomm_sock_getname,
++ sendmsg: rfcomm_sock_sendmsg,
++ recvmsg: rfcomm_sock_recvmsg,
++ shutdown: rfcomm_sock_shutdown,
++ setsockopt: rfcomm_sock_setsockopt,
++ getsockopt: rfcomm_sock_getsockopt,
++ ioctl: rfcomm_sock_ioctl,
++ poll: bluez_sock_poll,
++ socketpair: sock_no_socketpair,
++ mmap: sock_no_mmap
++};
++
++static struct net_proto_family rfcomm_sock_family_ops = {
++ family: PF_BLUETOOTH,
++ create: rfcomm_sock_create
++};
++
++int rfcomm_init_sockets(void)
++{
++ int err;
++
++ if ((err = bluez_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops))) {
++ BT_ERR("Can't register RFCOMM socket layer");
++ return err;
++ }
++
++ return 0;
++}
++
++void rfcomm_cleanup_sockets(void)
++{
++ int err;
++
++ /* Unregister socket, protocol and notifier */
++ if ((err = bluez_sock_unregister(BTPROTO_RFCOMM)))
++ BT_ERR("Can't unregister RFCOMM socket layer %d", err);
++}
+diff -urN linux-2.4.18/net/bluetooth/rfcomm/tty.c linux-2.4.18-mh9/net/bluetooth/rfcomm/tty.c
+--- linux-2.4.18/net/bluetooth/rfcomm/tty.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/rfcomm/tty.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,945 @@
++/*
++ RFCOMM implementation for Linux Bluetooth stack (BlueZ).
++ Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
++ Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * RFCOMM TTY.
++ *
++ * $Id: tty.c,v 1.26 2002/10/18 20:12:12 maxk Exp $
++ */
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/tty.h>
++#include <linux/tty_driver.h>
++#include <linux/tty_flip.h>
++
++#include <linux/slab.h>
++#include <linux/skbuff.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/rfcomm.h>
++
++#ifndef CONFIG_BLUEZ_RFCOMM_DEBUG
++#undef BT_DBG
++#define BT_DBG(D...)
++#endif
++
++#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
++#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
++#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
++#define RFCOMM_TTY_MINOR 0
++
++struct rfcomm_dev {
++ struct list_head list;
++ atomic_t refcnt;
++
++ char name[12];
++ int id;
++ unsigned long flags;
++ int opened;
++ int err;
++
++ bdaddr_t src;
++ bdaddr_t dst;
++ u8 channel;
++
++ uint modem_status;
++
++ struct rfcomm_dlc *dlc;
++ struct tty_struct *tty;
++ wait_queue_head_t wait;
++ struct tasklet_struct wakeup_task;
++
++ atomic_t wmem_alloc;
++};
++
++static LIST_HEAD(rfcomm_dev_list);
++static rwlock_t rfcomm_dev_lock = RW_LOCK_UNLOCKED;
++
++static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
++static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
++static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
++
++static void rfcomm_tty_wakeup(unsigned long arg);
++
++/* ---- Device functions ---- */
++static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
++{
++ struct rfcomm_dlc *dlc = dev->dlc;
++
++ BT_DBG("dev %p dlc %p", dev, dlc);
++
++ rfcomm_dlc_lock(dlc);
++ /* Detach DLC if it's owned by this dev */
++ if (dlc->owner == dev)
++ dlc->owner = NULL;
++ rfcomm_dlc_unlock(dlc);
++
++ rfcomm_dlc_put(dlc);
++ kfree(dev);
++
++ MOD_DEC_USE_COUNT;
++}
++
++static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
++{
++ atomic_inc(&dev->refcnt);
++}
++
++static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
++{
++ if (atomic_dec_and_test(&dev->refcnt))
++ rfcomm_dev_destruct(dev);
++}
++
++static struct rfcomm_dev *__rfcomm_dev_get(int id)
++{
++ struct rfcomm_dev *dev;
++ struct list_head *p;
++
++ list_for_each(p, &rfcomm_dev_list) {
++ dev = list_entry(p, struct rfcomm_dev, list);
++ if (dev->id == id)
++ return dev;
++ }
++
++ return NULL;
++}
++
++static inline struct rfcomm_dev *rfcomm_dev_get(int id)
++{
++ struct rfcomm_dev *dev;
++
++ read_lock(&rfcomm_dev_lock);
++ dev = __rfcomm_dev_get(id);
++ read_unlock(&rfcomm_dev_lock);
++
++ if (dev) rfcomm_dev_hold(dev);
++ return dev;
++}
++
++static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
++{
++ struct rfcomm_dev *dev;
++ struct list_head *head = &rfcomm_dev_list, *p;
++ int err = 0;
++
++ BT_DBG("id %d channel %d", req->dev_id, req->channel);
++
++ dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
++ if (!dev)
++ return -ENOMEM;
++ memset(dev, 0, sizeof(struct rfcomm_dev));
++
++ write_lock_bh(&rfcomm_dev_lock);
++
++ if (req->dev_id < 0) {
++ dev->id = 0;
++
++ list_for_each(p, &rfcomm_dev_list) {
++ if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
++ break;
++
++ dev->id++;
++ head = p;
++ }
++ } else {
++ dev->id = req->dev_id;
++
++ list_for_each(p, &rfcomm_dev_list) {
++ struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
++
++ if (entry->id == dev->id) {
++ err = -EADDRINUSE;
++ goto out;
++ }
++
++ if (entry->id > dev->id - 1)
++ break;
++
++ head = p;
++ }
++ }
++
++ if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
++ err = -ENFILE;
++ goto out;
++ }
++
++ sprintf(dev->name, "rfcomm%d", dev->id);
++
++ list_add(&dev->list, head);
++ atomic_set(&dev->refcnt, 1);
++
++ bacpy(&dev->src, &req->src);
++ bacpy(&dev->dst, &req->dst);
++ dev->channel = req->channel;
++
++ dev->flags = req->flags &
++ ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
++
++ init_waitqueue_head(&dev->wait);
++ tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
++
++ rfcomm_dlc_lock(dlc);
++ dlc->data_ready = rfcomm_dev_data_ready;
++ dlc->state_change = rfcomm_dev_state_change;
++ dlc->modem_status = rfcomm_dev_modem_status;
++
++ dlc->owner = dev;
++ dev->dlc = dlc;
++ rfcomm_dlc_unlock(dlc);
++
++ MOD_INC_USE_COUNT;
++
++out:
++ write_unlock_bh(&rfcomm_dev_lock);
++
++ if (err) {
++ kfree(dev);
++ return err;
++ } else
++ return dev->id;
++}
++
++static void rfcomm_dev_del(struct rfcomm_dev *dev)
++{
++ BT_DBG("dev %p", dev);
++
++ write_lock_bh(&rfcomm_dev_lock);
++ list_del_init(&dev->list);
++ write_unlock_bh(&rfcomm_dev_lock);
++
++ rfcomm_dev_put(dev);
++}
++
++/* ---- Send buffer ---- */
++
++static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
++{
++ /* We can't let it be zero, because we don't get a callback
++ when tx_credits becomes nonzero, hence we'd never wake up */
++ return dlc->mtu * (dlc->tx_credits?:1);
++}
++
++static void rfcomm_wfree(struct sk_buff *skb)
++{
++ struct rfcomm_dev *dev = (void *) skb->sk;
++ atomic_sub(skb->truesize, &dev->wmem_alloc);
++ if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
++ tasklet_schedule(&dev->wakeup_task);
++ rfcomm_dev_put(dev);
++}
++
++static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
++{
++ rfcomm_dev_hold(dev);
++ atomic_add(skb->truesize, &dev->wmem_alloc);
++ skb->sk = (void *) dev;
++ skb->destructor = rfcomm_wfree;
++}
++
++static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, int force, int priority)
++{
++ if (force || atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
++ struct sk_buff *skb = alloc_skb(size, priority);
++ if (skb) {
++ rfcomm_set_owner_w(skb, dev);
++ return skb;
++ }
++ }
++ return NULL;
++}
++
++/* ---- Device IOCTLs ---- */
++
++#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
++
++static int rfcomm_create_dev(struct sock *sk, unsigned long arg)
++{
++ struct rfcomm_dev_req req;
++ struct rfcomm_dlc *dlc;
++ int id;
++
++ if (copy_from_user(&req, (void *) arg, sizeof(req)))
++ return -EFAULT;
++
++ BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
++
++ if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
++ return -EPERM;
++
++ if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
++ /* Socket must be connected */
++ if (sk->state != BT_CONNECTED)
++ return -EBADFD;
++
++ dlc = rfcomm_pi(sk)->dlc;
++ rfcomm_dlc_hold(dlc);
++ } else {
++ dlc = rfcomm_dlc_alloc(GFP_KERNEL);
++ if (!dlc)
++ return -ENOMEM;
++ }
++
++ id = rfcomm_dev_add(&req, dlc);
++ if (id < 0) {
++ rfcomm_dlc_put(dlc);
++ return id;
++ }
++
++ if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
++ /* DLC is now used by device.
++ * Socket must be disconnected */
++ sk->state = BT_CLOSED;
++ }
++
++ return id;
++}
++
++static int rfcomm_release_dev(unsigned long arg)
++{
++ struct rfcomm_dev_req req;
++ struct rfcomm_dev *dev;
++
++ if (copy_from_user(&req, (void *) arg, sizeof(req)))
++ return -EFAULT;
++
++ BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
++
++ if (!capable(CAP_NET_ADMIN))
++ return -EPERM;
++
++ if (!(dev = rfcomm_dev_get(req.dev_id)))
++ return -ENODEV;
++
++ if (req.flags & (1 << RFCOMM_HANGUP_NOW))
++ rfcomm_dlc_close(dev->dlc, 0);
++
++ rfcomm_dev_del(dev);
++ rfcomm_dev_put(dev);
++ return 0;
++}
++
++static int rfcomm_get_dev_list(unsigned long arg)
++{
++ struct rfcomm_dev_list_req *dl;
++ struct rfcomm_dev_info *di;
++ struct list_head *p;
++ int n = 0, size;
++ u16 dev_num;
++
++ BT_DBG("");
++
++ if (get_user(dev_num, (u16 *) arg))
++ return -EFAULT;
++
++ if (!dev_num)
++ return -EINVAL;
++
++ size = sizeof(*dl) + dev_num * sizeof(*di);
++
++ if (verify_area(VERIFY_WRITE, (void *)arg, size))
++ return -EFAULT;
++
++ if (!(dl = kmalloc(size, GFP_KERNEL)))
++ return -ENOMEM;
++
++ di = dl->dev_info;
++
++ read_lock_bh(&rfcomm_dev_lock);
++
++ list_for_each(p, &rfcomm_dev_list) {
++ struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
++ (di + n)->id = dev->id;
++ (di + n)->flags = dev->flags;
++ (di + n)->state = dev->dlc->state;
++ (di + n)->channel = dev->channel;
++ bacpy(&(di + n)->src, &dev->src);
++ bacpy(&(di + n)->dst, &dev->dst);
++ if (++n >= dev_num)
++ break;
++ }
++
++ read_unlock_bh(&rfcomm_dev_lock);
++
++ dl->dev_num = n;
++ size = sizeof(*dl) + n * sizeof(*di);
++
++ copy_to_user((void *) arg, dl, size);
++ kfree(dl);
++ return 0;
++}
++
++static int rfcomm_get_dev_info(unsigned long arg)
++{
++ struct rfcomm_dev *dev;
++ struct rfcomm_dev_info di;
++ int err = 0;
++
++ BT_DBG("");
++
++ if (copy_from_user(&di, (void *)arg, sizeof(di)))
++ return -EFAULT;
++
++ if (!(dev = rfcomm_dev_get(di.id)))
++ return -ENODEV;
++
++ di.flags = dev->flags;
++ di.channel = dev->channel;
++ di.state = dev->dlc->state;
++ bacpy(&di.src, &dev->src);
++ bacpy(&di.dst, &dev->dst);
++
++ if (copy_to_user((void *)arg, &di, sizeof(di)))
++ err = -EFAULT;
++
++ rfcomm_dev_put(dev);
++ return err;
++}
++
++int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
++{
++ BT_DBG("cmd %d arg %ld", cmd, arg);
++
++ switch (cmd) {
++ case RFCOMMCREATEDEV:
++ return rfcomm_create_dev(sk, arg);
++
++ case RFCOMMRELEASEDEV:
++ return rfcomm_release_dev(arg);
++
++ case RFCOMMGETDEVLIST:
++ return rfcomm_get_dev_list(arg);
++
++ case RFCOMMGETDEVINFO:
++ return rfcomm_get_dev_info(arg);
++ }
++
++ return -EINVAL;
++}
++
++/* ---- DLC callbacks ---- */
++static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
++{
++ struct rfcomm_dev *dev = dlc->owner;
++ struct tty_struct *tty;
++
++ if (!dev || !(tty = dev->tty)) {
++ kfree_skb(skb);
++ return;
++ }
++
++ BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
++
++ if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
++ register int i;
++ for (i = 0; i < skb->len; i++) {
++ if (tty->flip.count >= TTY_FLIPBUF_SIZE)
++ tty_flip_buffer_push(tty);
++
++ tty_insert_flip_char(tty, skb->data[i], 0);
++ }
++ tty_flip_buffer_push(tty);
++ } else
++ tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
++
++ kfree_skb(skb);
++}
++
++static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
++{
++ struct rfcomm_dev *dev = dlc->owner;
++ if (!dev)
++ return;
++
++ BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
++
++ dev->err = err;
++ wake_up_interruptible(&dev->wait);
++
++ if (dlc->state == BT_CLOSED) {
++ if (!dev->tty) {
++ if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
++ rfcomm_dev_hold(dev);
++ rfcomm_dev_del(dev);
++
++ /* We have to drop DLC lock here, otherwise
++ * rfcomm_dev_put() will dead lock if it's the last refference */
++ rfcomm_dlc_unlock(dlc);
++ rfcomm_dev_put(dev);
++ rfcomm_dlc_lock(dlc);
++ }
++ } else
++ tty_hangup(dev->tty);
++ }
++}
++
++static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
++{
++ struct rfcomm_dev *dev = dlc->owner;
++ if (!dev)
++ return;
++
++ BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
++
++ dev->modem_status =
++ ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
++ ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
++ ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
++ ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
++}
++
++/* ---- TTY functions ---- */
++static void rfcomm_tty_wakeup(unsigned long arg)
++{
++ struct rfcomm_dev *dev = (void *) arg;
++ struct tty_struct *tty = dev->tty;
++ if (!tty)
++ return;
++
++ BT_DBG("dev %p tty %p", dev, tty);
++
++ if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
++ (tty->ldisc.write_wakeup)(tty);
++
++ wake_up_interruptible(&tty->write_wait);
++#ifdef SERIAL_HAVE_POLL_WAIT
++ wake_up_interruptible(&tty->poll_wait);
++#endif
++}
++
++static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct rfcomm_dev *dev;
++ struct rfcomm_dlc *dlc;
++ int err, id;
++
++ id = MINOR(tty->device) - tty->driver.minor_start;
++
++ BT_DBG("tty %p id %d", tty, id);
++
++ dev = rfcomm_dev_get(id);
++ if (!dev)
++ return -ENODEV;
++
++ BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
++
++ if (dev->opened++ != 0)
++ return 0;
++
++ dlc = dev->dlc;
++
++ /* Attach TTY and open DLC */
++
++ rfcomm_dlc_lock(dlc);
++ tty->driver_data = dev;
++ dev->tty = tty;
++ rfcomm_dlc_unlock(dlc);
++ set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
++
++ err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
++ if (err < 0)
++ return err;
++
++ /* Wait for DLC to connect */
++ add_wait_queue(&dev->wait, &wait);
++ while (1) {
++ set_current_state(TASK_INTERRUPTIBLE);
++
++ if (dlc->state == BT_CLOSED) {
++ err = -dev->err;
++ break;
++ }
++
++ if (dlc->state == BT_CONNECTED)
++ break;
++
++ if (signal_pending(current)) {
++ err = -EINTR;
++ break;
++ }
++
++ schedule();
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(&dev->wait, &wait);
++
++ return err;
++}
++
++static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ if (!dev)
++ return;
++
++ BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
++
++ if (--dev->opened == 0) {
++ /* Close DLC and dettach TTY */
++ rfcomm_dlc_close(dev->dlc, 0);
++
++ clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
++ tasklet_kill(&dev->wakeup_task);
++
++ rfcomm_dlc_lock(dev->dlc);
++ tty->driver_data = NULL;
++ dev->tty = NULL;
++ rfcomm_dlc_unlock(dev->dlc);
++ }
++
++ rfcomm_dev_put(dev);
++}
++
++static int rfcomm_tty_write(struct tty_struct *tty, int from_user, const unsigned char *buf, int count)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ struct rfcomm_dlc *dlc = dev->dlc;
++ struct sk_buff *skb;
++ int err = 0, sent = 0, size;
++
++ BT_DBG("tty %p from_user %d count %d", tty, from_user, count);
++
++ while (count) {
++ size = min_t(uint, count, dlc->mtu);
++
++ if (from_user)
++ skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, 0, GFP_KERNEL);
++ else
++ skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, 0, GFP_ATOMIC);
++
++ if (!skb)
++ break;
++
++ skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
++
++ if (from_user)
++ copy_from_user(skb_put(skb, size), buf + sent, size);
++ else
++ memcpy(skb_put(skb, size), buf + sent, size);
++
++ if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
++ kfree_skb(skb);
++ break;
++ }
++
++ sent += size;
++ count -= size;
++ }
++
++ return sent ? sent : err;
++}
++
++static void rfcomm_tty_put_char(struct tty_struct *tty, unsigned char ch)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ struct rfcomm_dlc *dlc = dev->dlc;
++ struct sk_buff *skb;
++
++ BT_DBG("tty %p char %x", tty, ch);
++
++ skb = rfcomm_wmalloc(dev, 1 + RFCOMM_SKB_RESERVE, 1, GFP_ATOMIC);
++
++ if (!skb)
++ return;
++
++ skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
++
++ *(char *)skb_put(skb, 1) = ch;
++
++ if ((rfcomm_dlc_send(dlc, skb)) < 0)
++ kfree_skb(skb);
++}
++
++static int rfcomm_tty_write_room(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ int room;
++
++ BT_DBG("tty %p", tty);
++
++ room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
++ if (room < 0)
++ room = 0;
++
++ return room;
++}
++
++static int rfcomm_tty_set_modem_status(uint cmd, struct rfcomm_dlc *dlc, uint status)
++{
++ u8 v24_sig, mask;
++
++ BT_DBG("dlc %p cmd 0x%02x", dlc, cmd);
++
++ if (cmd == TIOCMSET)
++ v24_sig = 0;
++ else
++ rfcomm_dlc_get_modem_status(dlc, &v24_sig);
++
++ mask = ((status & TIOCM_DSR) ? RFCOMM_V24_RTC : 0) |
++ ((status & TIOCM_DTR) ? RFCOMM_V24_RTC : 0) |
++ ((status & TIOCM_RTS) ? RFCOMM_V24_RTR : 0) |
++ ((status & TIOCM_CTS) ? RFCOMM_V24_RTR : 0) |
++ ((status & TIOCM_RI) ? RFCOMM_V24_IC : 0) |
++ ((status & TIOCM_CD) ? RFCOMM_V24_DV : 0);
++
++ if (cmd == TIOCMBIC)
++ v24_sig &= ~mask;
++ else
++ v24_sig |= mask;
++
++ rfcomm_dlc_set_modem_status(dlc, v24_sig);
++ return 0;
++}
++
++static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ struct rfcomm_dlc *dlc = dev->dlc;
++ uint status;
++ int err;
++
++ BT_DBG("tty %p cmd 0x%02x", tty, cmd);
++
++ switch (cmd) {
++ case TCGETS:
++ BT_DBG("TCGETS is not supported");
++ return -ENOIOCTLCMD;
++
++ case TCSETS:
++ BT_DBG("TCSETS is not supported");
++ return -ENOIOCTLCMD;
++
++ case TIOCMGET:
++ BT_DBG("TIOCMGET");
++
++ return put_user(dev->modem_status, (unsigned int *)arg);
++
++ case TIOCMSET: /* Turns on and off the lines as specified by the mask */
++ case TIOCMBIS: /* Turns on the lines as specified by the mask */
++ case TIOCMBIC: /* Turns off the lines as specified by the mask */
++ if ((err = get_user(status, (unsigned int *)arg)))
++ return err;
++ return rfcomm_tty_set_modem_status(cmd, dlc, status);
++
++ case TIOCMIWAIT:
++ BT_DBG("TIOCMIWAIT");
++ break;
++
++ case TIOCGICOUNT:
++ BT_DBG("TIOCGICOUNT");
++ break;
++
++ case TIOCGSERIAL:
++ BT_ERR("TIOCGSERIAL is not supported");
++ return -ENOIOCTLCMD;
++
++ case TIOCSSERIAL:
++ BT_ERR("TIOCSSERIAL is not supported");
++ return -ENOIOCTLCMD;
++
++ case TIOCSERGSTRUCT:
++ BT_ERR("TIOCSERGSTRUCT is not supported");
++ return -ENOIOCTLCMD;
++
++ case TIOCSERGETLSR:
++ BT_ERR("TIOCSERGETLSR is not supported");
++ return -ENOIOCTLCMD;
++
++ case TIOCSERCONFIG:
++ BT_ERR("TIOCSERCONFIG is not supported");
++ return -ENOIOCTLCMD;
++
++ default:
++ return -ENOIOCTLCMD; /* ioctls which we must ignore */
++
++ }
++
++ return -ENOIOCTLCMD;
++}
++
++#define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
++
++static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
++{
++ BT_DBG("tty %p", tty);
++
++ if ((tty->termios->c_cflag == old->c_cflag) &&
++ (RELEVANT_IFLAG(tty->termios->c_iflag) == RELEVANT_IFLAG(old->c_iflag)))
++ return;
++
++ /* handle turning off CRTSCTS */
++ if ((old->c_cflag & CRTSCTS) && !(tty->termios->c_cflag & CRTSCTS)) {
++ BT_DBG("turning off CRTSCTS");
++ }
++}
++
++static void rfcomm_tty_throttle(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++
++ BT_DBG("tty %p dev %p", tty, dev);
++
++ rfcomm_dlc_throttle(dev->dlc);
++}
++
++static void rfcomm_tty_unthrottle(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++
++ BT_DBG("tty %p dev %p", tty, dev);
++
++ rfcomm_dlc_unthrottle(dev->dlc);
++}
++
++static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ struct rfcomm_dlc *dlc = dev->dlc;
++
++ BT_DBG("tty %p dev %p", tty, dev);
++
++ if (skb_queue_len(&dlc->tx_queue))
++ return dlc->mtu;
++
++ return 0;
++}
++
++static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ if (!dev)
++ return;
++
++ BT_DBG("tty %p dev %p", tty, dev);
++
++ skb_queue_purge(&dev->dlc->tx_queue);
++
++ if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
++ tty->ldisc.write_wakeup(tty);
++}
++
++static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
++{
++ BT_DBG("tty %p ch %c", tty, ch);
++}
++
++static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
++{
++ BT_DBG("tty %p timeout %d", tty, timeout);
++}
++
++static void rfcomm_tty_hangup(struct tty_struct *tty)
++{
++ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
++ if (!dev)
++ return;
++
++ BT_DBG("tty %p dev %p", tty, dev);
++
++ rfcomm_tty_flush_buffer(tty);
++
++ if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
++ rfcomm_dev_del(dev);
++}
++
++static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
++{
++ return 0;
++}
++
++/* ---- TTY structure ---- */
++static int rfcomm_tty_refcount; /* If we manage several devices */
++
++static struct tty_struct *rfcomm_tty_table[RFCOMM_TTY_PORTS];
++static struct termios *rfcomm_tty_termios[RFCOMM_TTY_PORTS];
++static struct termios *rfcomm_tty_termios_locked[RFCOMM_TTY_PORTS];
++
++static struct tty_driver rfcomm_tty_driver = {
++ magic: TTY_DRIVER_MAGIC,
++ driver_name: "rfcomm",
++#ifdef CONFIG_DEVFS_FS
++ name: "bluetooth/rfcomm/%d",
++#else
++ name: "rfcomm",
++#endif
++ major: RFCOMM_TTY_MAJOR,
++ minor_start: RFCOMM_TTY_MINOR,
++ num: RFCOMM_TTY_PORTS,
++ type: TTY_DRIVER_TYPE_SERIAL,
++ subtype: SERIAL_TYPE_NORMAL,
++ flags: TTY_DRIVER_REAL_RAW,
++
++ refcount: &rfcomm_tty_refcount,
++ table: rfcomm_tty_table,
++ termios: rfcomm_tty_termios,
++ termios_locked: rfcomm_tty_termios_locked,
++
++ open: rfcomm_tty_open,
++ close: rfcomm_tty_close,
++ put_char: rfcomm_tty_put_char,
++ write: rfcomm_tty_write,
++ write_room: rfcomm_tty_write_room,
++ chars_in_buffer: rfcomm_tty_chars_in_buffer,
++ flush_buffer: rfcomm_tty_flush_buffer,
++ ioctl: rfcomm_tty_ioctl,
++ throttle: rfcomm_tty_throttle,
++ unthrottle: rfcomm_tty_unthrottle,
++ set_termios: rfcomm_tty_set_termios,
++ send_xchar: rfcomm_tty_send_xchar,
++ stop: NULL,
++ start: NULL,
++ hangup: rfcomm_tty_hangup,
++ wait_until_sent: rfcomm_tty_wait_until_sent,
++ read_proc: rfcomm_tty_read_proc,
++};
++
++int rfcomm_init_ttys(void)
++{
++ int i;
++
++ /* Initalize our global data */
++ for (i = 0; i < RFCOMM_TTY_PORTS; i++)
++ rfcomm_tty_table[i] = NULL;
++
++ /* Register the TTY driver */
++ rfcomm_tty_driver.init_termios = tty_std_termios;
++ rfcomm_tty_driver.init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
++ rfcomm_tty_driver.flags = TTY_DRIVER_REAL_RAW;
++
++ if (tty_register_driver(&rfcomm_tty_driver)) {
++ BT_ERR("Can't register RFCOMM TTY driver");
++ return -1;
++ }
++
++ return 0;
++}
++
++void rfcomm_cleanup_ttys(void)
++{
++ tty_unregister_driver(&rfcomm_tty_driver);
++ return;
++}
+diff -urN linux-2.4.18/net/bluetooth/sco.c linux-2.4.18-mh9/net/bluetooth/sco.c
+--- linux-2.4.18/net/bluetooth/sco.c Thu Jan 1 01:00:00 1970
++++ linux-2.4.18-mh9/net/bluetooth/sco.c Mon Aug 25 18:38:12 2003
+@@ -0,0 +1,1019 @@
++/*
++ BlueZ - Bluetooth protocol stack for Linux
++ Copyright (C) 2000-2001 Qualcomm Incorporated
++
++ Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation;
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
++ IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
++ CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++
++ ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
++ COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
++ SOFTWARE IS DISCLAIMED.
++*/
++
++/*
++ * BlueZ SCO sockets.
++ *
++ * $Id: sco.c,v 1.4 2002/07/22 20:32:54 maxk Exp $
++ */
++#define VERSION "0.3"
++
++#include <linux/config.h>
++#include <linux/module.h>
++
++#include <linux/types.h>
++#include <linux/errno.h>
++#include <linux/kernel.h>
++#include <linux/major.h>
++#include <linux/sched.h>
++#include <linux/slab.h>
++#include <linux/poll.h>
++#include <linux/fcntl.h>
++#include <linux/init.h>
++#include <linux/skbuff.h>
++#include <linux/interrupt.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/proc_fs.h>
++#include <linux/list.h>
++#include <net/sock.h>
++
++#include <asm/system.h>
++#include <asm/uaccess.h>
++
++#include <net/bluetooth/bluetooth.h>
++#include <net/bluetooth/hci_core.h>
++#include <net/bluetooth/sco.h>
++
++#ifndef SCO_DEBUG
++#undef BT_DBG
++#define BT_DBG( A... )
++#endif
++
++static struct proto_ops sco_sock_ops;
++
++static struct bluez_sock_list sco_sk_list = {
++ lock: RW_LOCK_UNLOCKED
++};
++
++static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
++static void sco_chan_del(struct sock *sk, int err);
++static inline struct sock * sco_chan_get(struct sco_conn *conn);
++
++static int sco_conn_del(struct hci_conn *conn, int err);
++
++static void sco_sock_close(struct sock *sk);
++static void sco_sock_kill(struct sock *sk);
++
++/* ----- SCO timers ------ */
++static void sco_sock_timeout(unsigned long arg)
++{
++ struct sock *sk = (struct sock *) arg;
++
++ BT_DBG("sock %p state %d", sk, sk->state);
++
++ bh_lock_sock(sk);
++ sk->err = ETIMEDOUT;
++ sk->state_change(sk);
++ bh_unlock_sock(sk);
++
++ sco_sock_kill(sk);
++ sock_put(sk);
++}
++
++static void sco_sock_set_timer(struct sock *sk, long timeout)
++{
++ BT_DBG("sock %p state %d timeout %ld", sk, sk->state, timeout);
++
++ if (!mod_timer(&sk->timer, jiffies + timeout))
++ sock_hold(sk);
++}
++
++static void sco_sock_clear_timer(struct sock *sk)
++{
++ BT_DBG("sock %p state %d", sk, sk->state);
++
++ if (timer_pending(&sk->timer) && del_timer(&sk->timer))
++ __sock_put(sk);
++}
++
++static void sco_sock_init_timer(struct sock *sk)
++{
++ init_timer(&sk->timer);
++ sk->timer.function = sco_sock_timeout;
++ sk->timer.data = (unsigned long)sk;
++}
++
++/* -------- SCO connections --------- */
++static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status)
++{
++ struct hci_dev *hdev = hcon->hdev;
++ struct sco_conn *conn;
++
++ if ((conn = hcon->sco_data))
++ return conn;
++
++ if (status)
++ return conn;
++
++ if (!(conn = kmalloc(sizeof(struct sco_conn), GFP_ATOMIC)))
++ return NULL;
++ memset(conn, 0, sizeof(struct sco_conn));
++
++ spin_lock_init(&conn->lock);
++
++ hcon->sco_data = conn;
++ conn->hcon = hcon;
++
++ conn->src = &hdev->bdaddr;
++ conn->dst = &hcon->dst;
++
++ if (hdev->sco_mtu > 0)
++ conn->mtu = hdev->sco_mtu;
++ else
++ conn->mtu = 60;
++
++ BT_DBG("hcon %p conn %p", hcon, conn);
++
++ MOD_INC_USE_COUNT;
++ return conn;
++}
++
++static int sco_conn_del(struct hci_conn *hcon, int err)
++{
++ struct sco_conn *conn;
++ struct sock *sk;
++
++ if (!(conn = hcon->sco_data))
++ return 0;
++
++ BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
++
++ /* Kill socket */
++ if ((sk = sco_chan_get(conn))) {
++ bh_lock_sock(sk);
++ sco_sock_clear_timer(sk);
++ sco_chan_del(sk, err);
++ bh_unlock_sock(sk);
++ sco_sock_kill(sk);
++ }
++
++ hcon->sco_data = NULL;
++ kfree(conn);
++
++ MOD_DEC_USE_COUNT;
++ return 0;
++}
++
++int sco_connect(struct sock *sk)
++{
++ bdaddr_t *src = &bluez_pi(sk)->src;
++ bdaddr_t *dst = &bluez_pi(sk)->dst;
++ struct sco_conn *conn;
++ struct hci_conn *hcon;
++ struct hci_dev *hdev;
++ int err = 0;
++
++ BT_DBG("%s -> %s", batostr(src), batostr(dst));
++
++ if (!(hdev = hci_get_route(dst, src)))
++ return -EHOSTUNREACH;
++
++ hci_dev_lock_bh(hdev);
++
++ err = -ENOMEM;
++
++ hcon = hci_connect(hdev, SCO_LINK, dst);
++ if (!hcon)
++ goto done;
++
++ conn = sco_conn_add(hcon, 0);
++ if (!conn) {
++ hci_conn_put(hcon);
++ goto done;
++ }
++
++ /* Update source addr of the socket */
++ bacpy(src, conn->src);
++
++ err = sco_chan_add(conn, sk, NULL);
++ if (err)
++ goto done;
++
++ if (hcon->state == BT_CONNECTED) {
++ sco_sock_clear_timer(sk);
++ sk->state = BT_CONNECTED;
++ } else {
++ sk->state = BT_CONNECT;
++ sco_sock_set_timer(sk, sk->sndtimeo);
++ }
++done:
++ hci_dev_unlock_bh(hdev);
++ hci_dev_put(hdev);
++ return err;
++}
++
++static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
++{
++ struct sco_conn *conn = sco_pi(sk)->conn;
++ struct sk_buff *skb;
++ int err, count;
++
++ /* Check outgoing MTU */
++ if (len > conn->mtu)
++ return -EINVAL;
++
++ BT_DBG("sk %p len %d", sk, len);
++
++ count = MIN(conn->mtu, len);
++ if (!(skb = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err)))
++ return err;
++
++ if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
++ err = -EFAULT;
++ goto fail;
++ }
++
++ if ((err = hci_send_sco(conn->hcon, skb)) < 0)
++ goto fail;
++
++ return count;
++
++fail:
++ kfree_skb(skb);
++ return err;
++}
++
++static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
++{
++ struct sock *sk = sco_chan_get(conn);
++
++ if (!sk)
++ goto drop;
++
++ BT_DBG("sk %p len %d", sk, skb->len);
++
++ if (sk->state != BT_CONNECTED)
++ goto drop;
++
++ if (!sock_queue_rcv_skb(sk, skb))
++ return;
++
++drop:
++ kfree_skb(skb);
++ return;
++}
++
++/* -------- Socket interface ---------- */
++static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba)
++{
++ struct sock *sk;
++
++ for (sk = sco_sk_list.head; sk; sk = sk->next) {
++ if (!bacmp(&bluez_pi(sk)->src, ba))
++ break;
++ }
++
++ return sk;
++}
++
++/* Find socket listening on source bdaddr.
++ * Returns closest match.
++ */
++static struct sock *sco_get_sock_listen(bdaddr_t *src)
++{
++ struct sock *sk, *sk1 = NULL;
++
++ read_lock(&sco_sk_list.lock);
++
++ for (sk = sco_sk_list.head; sk; sk = sk->next) {
++ if (sk->state != BT_LISTEN)
++ continue;
++
++ /* Exact match. */
++ if (!bacmp(&bluez_pi(sk)->src, src))
++ break;
++
++ /* Closest match */
++ if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
++ sk1 = sk;
++ }
++
++ read_unlock(&sco_sk_list.lock);
++
++ return sk ? sk : sk1;
++}
++
++static void sco_sock_destruct(struct sock *sk)
++{
++ BT_DBG("sk %p", sk);
++
++ skb_queue_purge(&sk->receive_queue);
++ skb_queue_purge(&sk->write_queue);
++
++ MOD_DEC_USE_COUNT;
++}
++
++static void sco_sock_cleanup_listen(struct sock *parent)
++{
++ struct sock *sk;
++
++ BT_DBG("parent %p", parent);
++
++ /* Close not yet accepted channels */
++ while ((sk = bluez_accept_dequeue(parent, NULL))) {
++ sco_sock_close(sk);
++ sco_sock_kill(sk);
++ }
++
++ parent->state = BT_CLOSED;
++ parent->zapped = 1;
++}
++
++/* Kill socket (only if zapped and orphan)
++ * Must be called on unlocked socket.
++ */
++static void sco_sock_kill(struct sock *sk)
++{
++ if (!sk->zapped || sk->socket)
++ return;
++
++ BT_DBG("sk %p state %d", sk, sk->state);
++
++ /* Kill poor orphan */
++ bluez_sock_unlink(&sco_sk_list, sk);
++ sk->dead = 1;
++ sock_put(sk);
++}
++
++/* Close socket.
++ * Must be called on unlocked socket.
++ */
++static void sco_sock_close(struct sock *sk)
++{
++ struct sco_conn *conn;
++
++ sco_sock_clear_timer(sk);
++
++ lock_sock(sk);
++
++ conn = sco_pi(sk)->conn;
++
++ BT_DBG("sk %p state %d conn %p socket %p", sk, sk->state, conn, sk->socket);
++
++ switch (sk->state) {
++ case BT_LISTEN:
++ sco_sock_cleanup_listen(sk);
++ break;
++
++ case BT_CONNECTED:
++ case BT_CONFIG:
++ case BT_CONNECT:
++ case BT_DISCONN:
++ sco_chan_del(sk, ECONNRESET);
++ break;
++
++ default:
++ sk->zapped = 1;
++ break;
++ };
++
++ release_sock(sk);
++}
++
++static void sco_sock_init(struct sock *sk, struct sock *parent)
++{
++ BT_DBG("sk %p", sk);
++
++ if (parent)
++ sk->type = parent->type;
++}
++
++static struct sock *sco_sock_alloc(struct socket *sock, int proto, int prio)
++{
++ struct sock *sk;
++
++ if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
++ return NULL;
++
++ bluez_sock_init(sock, sk);
++
++ sk->zapped = 0;
++
++ sk->destruct = sco_sock_destruct;
++ sk->sndtimeo = SCO_CONN_TIMEOUT;
++
++ sk->protocol = proto;
++ sk->state = BT_OPEN;
++
++ sco_sock_init_timer(sk);
++
++ bluez_sock_link(&sco_sk_list, sk);
++
++ MOD_INC_USE_COUNT;
++ return sk;
++}
++
++static int sco_sock_create(struct socket *sock, int protocol)
++{
++ struct sock *sk;
++
++ BT_DBG("sock %p", sock);
++
++ sock->state = SS_UNCONNECTED;
++
++ if (sock->type != SOCK_SEQPACKET)
++ return -ESOCKTNOSUPPORT;
++
++ sock->ops = &sco_sock_ops;
++
++ if (!(sk = sco_sock_alloc(sock, protocol, GFP_KERNEL)))
++ return -ENOMEM;
++
++ sco_sock_init(sk, NULL);
++ return 0;
++}
++
++static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
++{
++ struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
++ struct sock *sk = sock->sk;
++ bdaddr_t *src = &sa->sco_bdaddr;
++ int err = 0;
++
++ BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr));
++
++ if (!addr || addr->sa_family != AF_BLUETOOTH)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_OPEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ write_lock_bh(&sco_sk_list.lock);
++
++ if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
++ err = -EADDRINUSE;
++ } else {
++ /* Save source address */
++ bacpy(&bluez_pi(sk)->src, &sa->sco_bdaddr);
++ sk->state = BT_BOUND;
++ }
++
++ write_unlock_bh(&sco_sk_list.lock);
++
++done:
++ release_sock(sk);
++
++ return err;
++}
++
++static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
++{
++ struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++
++ BT_DBG("sk %p", sk);
++
++ if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco))
++ return -EINVAL;
++
++ if (sk->state != BT_OPEN && sk->state != BT_BOUND)
++ return -EBADFD;
++
++ if (sk->type != SOCK_SEQPACKET)
++ return -EINVAL;
++
++ lock_sock(sk);
++
++ /* Set destination address and psm */
++ bacpy(&bluez_pi(sk)->dst, &sa->sco_bdaddr);
++
++ if ((err = sco_connect(sk)))
++ goto done;
++
++ err = bluez_sock_wait_state(sk, BT_CONNECTED,
++ sock_sndtimeo(sk, flags & O_NONBLOCK));
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++int sco_sock_listen(struct socket *sock, int backlog)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p backlog %d", sk, backlog);
++
++ lock_sock(sk);
++
++ if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ sk->max_ack_backlog = backlog;
++ sk->ack_backlog = 0;
++ sk->state = BT_LISTEN;
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
++{
++ DECLARE_WAITQUEUE(wait, current);
++ struct sock *sk = sock->sk, *ch;
++ long timeo;
++ int err = 0;
++
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ goto done;
++ }
++
++ timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
++
++ BT_DBG("sk %p timeo %ld", sk, timeo);
++
++ /* Wait for an incoming connection. (wake-one). */
++ add_wait_queue_exclusive(sk->sleep, &wait);
++ while (!(ch = bluez_accept_dequeue(sk, newsock))) {
++ set_current_state(TASK_INTERRUPTIBLE);
++ if (!timeo) {
++ err = -EAGAIN;
++ break;
++ }
++
++ release_sock(sk);
++ timeo = schedule_timeout(timeo);
++ lock_sock(sk);
++
++ if (sk->state != BT_LISTEN) {
++ err = -EBADFD;
++ break;
++ }
++
++ if (signal_pending(current)) {
++ err = sock_intr_errno(timeo);
++ break;
++ }
++ }
++ set_current_state(TASK_RUNNING);
++ remove_wait_queue(sk->sleep, &wait);
++
++ if (err)
++ goto done;
++
++ newsock->state = SS_CONNECTED;
++
++ BT_DBG("new socket %p", ch);
++
++done:
++ release_sock(sk);
++ return err;
++}
++
++static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
++{
++ struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
++ struct sock *sk = sock->sk;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ addr->sa_family = AF_BLUETOOTH;
++ *len = sizeof(struct sockaddr_sco);
++
++ if (peer)
++ bacpy(&sa->sco_bdaddr, &bluez_pi(sk)->dst);
++ else
++ bacpy(&sa->sco_bdaddr, &bluez_pi(sk)->src);
++
++ return 0;
++}
++
++static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (sk->err)
++ return sock_error(sk);
++
++ if (msg->msg_flags & MSG_OOB)
++ return -EOPNOTSUPP;
++
++ lock_sock(sk);
++
++ if (sk->state == BT_CONNECTED)
++ err = sco_send_frame(sk, msg, len);
++ else
++ err = -ENOTCONN;
++
++ release_sock(sk);
++ return err;
++}
++
++int sco_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ lock_sock(sk);
++
++ switch (optname) {
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ };
++
++ release_sock(sk);
++ return err;
++}
++
++int sco_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
++{
++ struct sock *sk = sock->sk;
++ struct sco_options opts;
++ struct sco_conninfo cinfo;
++ int len, err = 0;
++
++ BT_DBG("sk %p", sk);
++
++ if (get_user(len, optlen))
++ return -EFAULT;
++
++ lock_sock(sk);
++
++ switch (optname) {
++ case SCO_OPTIONS:
++ if (sk->state != BT_CONNECTED) {
++ err = -ENOTCONN;
++ break;
++ }
++
++ opts.mtu = sco_pi(sk)->conn->mtu;
++
++ BT_DBG("mtu %d", opts.mtu);
++
++ len = MIN(len, sizeof(opts));
++ if (copy_to_user(optval, (char *)&opts, len))
++ err = -EFAULT;
++
++ break;
++
++ case SCO_CONNINFO:
++ if (sk->state != BT_CONNECTED) {
++ err = -ENOTCONN;
++ break;
++ }
++
++ cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
++
++ len = MIN(len, sizeof(cinfo));
++ if (copy_to_user(optval, (char *)&cinfo, len))
++ err = -EFAULT;
++
++ break;
++
++ default:
++ err = -ENOPROTOOPT;
++ break;
++ };
++
++ release_sock(sk);
++ return err;
++}
++
++static int sco_sock_release(struct socket *sock)
++{
++ struct sock *sk = sock->sk;
++ int err = 0;
++
++ BT_DBG("sock %p, sk %p", sock, sk);
++
++ if (!sk)
++ return 0;
++
++ sco_sock_close(sk);
++ if (sk->linger) {
++ lock_sock(sk);
++ err = bluez_sock_wait_state(sk, BT_CLOSED, sk->lingertime);
++ release_sock(sk);
++ }
++
++ sock_orphan(sk);
++ sco_sock_kill(sk);
++ return err;
++}
++
++static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
++{
++ BT_DBG("conn %p", conn);
++
++ sco_pi(sk)->conn = conn;
++ conn->sk = sk;
++
++ if (parent)
++ bluez_accept_enqueue(parent, sk);
++}
++
++static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
++{
++ int err = 0;
++
++ sco_conn_lock(conn);
++ if (conn->sk) {
++ err = -EBUSY;
++ } else {
++ __sco_chan_add(conn, sk, parent);
++ }
++ sco_conn_unlock(conn);
++ return err;
++}
++
++static inline struct sock * sco_chan_get(struct sco_conn *conn)
++{
++ struct sock *sk = NULL;
++ sco_conn_lock(conn);
++ sk = conn->sk;
++ sco_conn_unlock(conn);
++ return sk;
++}
++
++/* Delete channel.
++ * Must be called on the locked socket. */
++static void sco_chan_del(struct sock *sk, int err)
++{
++ struct sco_conn *conn;
++
++ conn = sco_pi(sk)->conn;
++
++ BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
++
++ if (conn) {
++ sco_conn_lock(conn);
++ conn->sk = NULL;
++ sco_pi(sk)->conn = NULL;
++ sco_conn_unlock(conn);
++ hci_conn_put(conn->hcon);
++ }
++
++ sk->state = BT_CLOSED;
++ sk->err = err;
++ sk->state_change(sk);
++
++ sk->zapped = 1;
++}
++
++static void sco_conn_ready(struct sco_conn *conn)
++{
++ struct sock *parent, *sk;
++
++ BT_DBG("conn %p", conn);
++
++ sco_conn_lock(conn);
++
++ if ((sk = conn->sk)) {
++ sco_sock_clear_timer(sk);
++ bh_lock_sock(sk);
++ sk->state = BT_CONNECTED;
++ sk->state_change(sk);
++ bh_unlock_sock(sk);
++ } else {
++ parent = sco_get_sock_listen(conn->src);
++ if (!parent)
++ goto done;
++
++ bh_lock_sock(parent);
++
++ sk = sco_sock_alloc(NULL, BTPROTO_SCO, GFP_ATOMIC);
++ if (!sk) {
++ bh_unlock_sock(parent);
++ goto done;
++ }
++
++ sco_sock_init(sk, parent);
++
++ bacpy(&bluez_pi(sk)->src, conn->src);
++ bacpy(&bluez_pi(sk)->dst, conn->dst);
++
++ hci_conn_hold(conn->hcon);
++ __sco_chan_add(conn, sk, parent);
++
++ sk->state = BT_CONNECTED;
++
++ /* Wake up parent */
++ parent->data_ready(parent, 1);
++
++ bh_unlock_sock(parent);
++ }
++
++done:
++ sco_conn_unlock(conn);
++}
++
++/* ----- SCO interface with lower layer (HCI) ----- */
++int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
++{
++ BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
++
++ /* Always accept connection */
++ return HCI_LM_ACCEPT;
++}
++
++int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
++{
++ BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
++
++ if (hcon->type != SCO_LINK)
++ return 0;
++
++ if (!status) {
++ struct sco_conn *conn;
++
++ conn = sco_conn_add(hcon, status);
++ if (conn)
++ sco_conn_ready(conn);
++ } else
++ sco_conn_del(hcon, bterr(status));
++
++ return 0;
++}
++
++int sco_disconn_ind(struct hci_conn *hcon, __u8 reason)
++{
++ BT_DBG("hcon %p reason %d", hcon, reason);
++
++ if (hcon->type != SCO_LINK)
++ return 0;
++
++ sco_conn_del(hcon, bterr(reason));
++ return 0;
++}
++
++int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
++{
++ struct sco_conn *conn = hcon->sco_data;
++
++ if (!conn)
++ goto drop;
++
++ BT_DBG("conn %p len %d", conn, skb->len);
++
++ if (skb->len) {
++ sco_recv_frame(conn, skb);
++ return 0;
++ }
++
++drop:
++ kfree_skb(skb);
++ return 0;
++}
++
++/* ----- Proc fs support ------ */
++static int sco_sock_dump(char *buf, struct bluez_sock_list *list)
++{
++ struct sco_pinfo *pi;
++ struct sock *sk;
++ char *ptr = buf;
++
++ write_lock_bh(&list->lock);
++
++ for (sk = list->head; sk; sk = sk->next) {
++ pi = sco_pi(sk);
++ ptr += sprintf(ptr, "%s %s %d\n",
++ batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
++ sk->state);
++ }
++
++ write_unlock_bh(&list->lock);
++
++ ptr += sprintf(ptr, "\n");
++
++ return ptr - buf;
++}
++
++static int sco_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
++{
++ char *ptr = buf;
++ int len;
++
++ BT_DBG("count %d, offset %ld", count, offset);
++
++ ptr += sco_sock_dump(ptr, &sco_sk_list);
++ len = ptr - buf;
++
++ if (len <= count + offset)
++ *eof = 1;
++
++ *start = buf + offset;
++ len -= offset;
++
++ if (len > count)
++ len = count;
++ if (len < 0)
++ len = 0;
++
++ return len;
++}
++
++static struct proto_ops sco_sock_ops = {
++ family: PF_BLUETOOTH,
++ release: sco_sock_release,
++ bind: sco_sock_bind,
++ connect: sco_sock_connect,
++ listen: sco_sock_listen,
++ accept: sco_sock_accept,
++ getname: sco_sock_getname,
++ sendmsg: sco_sock_sendmsg,
++ recvmsg: bluez_sock_recvmsg,
++ poll: bluez_sock_poll,
++ socketpair: sock_no_socketpair,
++ ioctl: sock_no_ioctl,
++ shutdown: sock_no_shutdown,
++ setsockopt: sco_sock_setsockopt,
++ getsockopt: sco_sock_getsockopt,
++ mmap: sock_no_mmap
++};
++
++static struct net_proto_family sco_sock_family_ops = {
++ family: PF_BLUETOOTH,
++ create: sco_sock_create
++};
++
++static struct hci_proto sco_hci_proto = {
++ name: "SCO",
++ id: HCI_PROTO_SCO,
++ connect_ind: sco_connect_ind,
++ connect_cfm: sco_connect_cfm,
++ disconn_ind: sco_disconn_ind,
++ recv_scodata: sco_recv_scodata,
++};
++
++int __init sco_init(void)
++{
++ int err;
++
++ if ((err = bluez_sock_register(BTPROTO_SCO, &sco_sock_family_ops))) {
++ BT_ERR("Can't register SCO socket layer");
++ return err;
++ }
++
++ if ((err = hci_register_proto(&sco_hci_proto))) {
++ BT_ERR("Can't register SCO protocol");
++ return err;
++ }
++
++ create_proc_read_entry("bluetooth/sco", 0, 0, sco_read_proc, NULL);
++
++ BT_INFO("BlueZ SCO ver %s Copyright (C) 2000,2001 Qualcomm Inc", VERSION);
++ BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
++ return 0;
++}
++
++void sco_cleanup(void)
++{
++ int err;
++
++ remove_proc_entry("bluetooth/sco", NULL);
++
++ /* Unregister socket, protocol and notifier */
++ if ((err = bluez_sock_unregister(BTPROTO_SCO)))
++ BT_ERR("Can't unregister SCO socket layer %d", err);
++
++ if ((err = hci_unregister_proto(&sco_hci_proto)))
++ BT_ERR("Can't unregister SCO protocol %d", err);
++}
++
++module_init(sco_init);
++module_exit(sco_cleanup);
++
++MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
++MODULE_DESCRIPTION("BlueZ SCO ver " VERSION);
++MODULE_LICENSE("GPL");
+diff -urN linux-2.4.18/net/bluetooth/syms.c linux-2.4.18-mh9/net/bluetooth/syms.c
+--- linux-2.4.18/net/bluetooth/syms.c Fri Sep 7 18:28:38 2001
++++ linux-2.4.18-mh9/net/bluetooth/syms.c Mon Aug 25 18:38:12 2003
+@@ -25,7 +25,7 @@
+ /*
+ * BlueZ symbols.
+ *
+- * $Id: syms.c,v 1.1 2001/07/12 19:31:24 maxk Exp $
++ * $Id: syms.c,v 1.1 2002/03/08 21:06:59 maxk Exp $
+ */
+
+ #include <linux/config.h>
+@@ -39,25 +39,28 @@
+ #include <linux/socket.h>
+
+ #include <net/bluetooth/bluetooth.h>
+-#include <net/bluetooth/bluez.h>
+ #include <net/bluetooth/hci_core.h>
+
+ /* HCI Core */
+ EXPORT_SYMBOL(hci_register_dev);
+ EXPORT_SYMBOL(hci_unregister_dev);
++EXPORT_SYMBOL(hci_suspend_dev);
++EXPORT_SYMBOL(hci_resume_dev);
++
+ EXPORT_SYMBOL(hci_register_proto);
+ EXPORT_SYMBOL(hci_unregister_proto);
+-EXPORT_SYMBOL(hci_register_notifier);
+-EXPORT_SYMBOL(hci_unregister_notifier);
+
++EXPORT_SYMBOL(hci_get_route);
+ EXPORT_SYMBOL(hci_connect);
+-EXPORT_SYMBOL(hci_disconnect);
+ EXPORT_SYMBOL(hci_dev_get);
++EXPORT_SYMBOL(hci_conn_auth);
++EXPORT_SYMBOL(hci_conn_encrypt);
+
+ EXPORT_SYMBOL(hci_recv_frame);
+ EXPORT_SYMBOL(hci_send_acl);
+ EXPORT_SYMBOL(hci_send_sco);
+-EXPORT_SYMBOL(hci_send_raw);
++EXPORT_SYMBOL(hci_send_cmd);
++EXPORT_SYMBOL(hci_si_event);
+
+ /* BlueZ lib */
+ EXPORT_SYMBOL(bluez_dump);
+@@ -68,5 +71,11 @@
+ /* BlueZ sockets */
+ EXPORT_SYMBOL(bluez_sock_register);
+ EXPORT_SYMBOL(bluez_sock_unregister);
++EXPORT_SYMBOL(bluez_sock_init);
+ EXPORT_SYMBOL(bluez_sock_link);
+ EXPORT_SYMBOL(bluez_sock_unlink);
++EXPORT_SYMBOL(bluez_sock_recvmsg);
++EXPORT_SYMBOL(bluez_sock_poll);
++EXPORT_SYMBOL(bluez_accept_enqueue);
++EXPORT_SYMBOL(bluez_accept_dequeue);
++EXPORT_SYMBOL(bluez_sock_wait_state);