Bluetooth: Move more vars to struct l2cap_chan

	__u8		num_conf_req;

	__u8		num_conf_rsp;

	__u8		fcs;

	__u8		tx_win;

	__u8		max_tx;

	__u16		retrans_timeout;

	__u16		monitor_timeout;

	__u16		mps;

	__u8		conf_state;

	__u16		conn_state;

	__u16		flush_to;

	__u8		mode;

	__u8		fcs;

	__u8		tx_win;

	__u8		max_tx;

	__u16		retrans_timeout;

	__u16		monitor_timeout;

	__u16		mps;

	__le16		sport;

	struct l2cap_conn	*conn;

struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len);

struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len);

struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen);

struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen);

int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len);

void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb);

void l2cap_streaming_send(struct l2cap_chan *chan);

	if (sk->sk_state != BT_CONNECTED)

		return;

	if (pi->fcs == L2CAP_FCS_CRC16)

	if (chan->fcs == L2CAP_FCS_CRC16)

		hlen += 2;

	BT_DBG("chan %p, control 0x%2.2x", chan, control);

	lh->cid = cpu_to_le16(pi->dcid);

	put_unaligned_le16(control, skb_put(skb, 2));

	if (pi->fcs == L2CAP_FCS_CRC16) {

	if (chan->fcs == L2CAP_FCS_CRC16) {

		u16 fcs = crc16(0, (u8 *)lh, count - 2);

		put_unaligned_le16(fcs, skb_put(skb, 2));

	}

void l2cap_streaming_send(struct l2cap_chan *chan)

{

	struct sock *sk = chan->sk;

	struct sk_buff *skb;

	struct l2cap_pinfo *pi = l2cap_pi(sk);

	u16 control, fcs;

	while ((skb = skb_dequeue(&chan->tx_q))) {

		control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;

		put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);

		if (pi->fcs == L2CAP_FCS_CRC16) {

		if (chan->fcs == L2CAP_FCS_CRC16) {

			fcs = crc16(0, (u8 *)skb->data, skb->len - 2);

			put_unaligned_le16(fcs, skb->data + skb->len - 2);

		}

	put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);

	if (pi->fcs == L2CAP_FCS_CRC16) {

	if (chan->fcs == L2CAP_FCS_CRC16) {

		fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);

		put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);

	}

		put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);

		if (pi->fcs == L2CAP_FCS_CRC16) {

		if (chan->fcs == L2CAP_FCS_CRC16) {

			fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);

			put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);

		}

	return skb;

}

struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)

struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct sk_buff *skb;

	int err, count, hlen = L2CAP_HDR_SIZE + 2;

	if (sdulen)

		hlen += 2;

	if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)

	if (chan->fcs == L2CAP_FCS_CRC16)

		hlen += 2;

	count = min_t(unsigned int, (conn->mtu - hlen), len);

		return ERR_PTR(err);

	}

	if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)

	if (chan->fcs == L2CAP_FCS_CRC16)

		put_unaligned_le16(0, skb_put(skb, 2));

	bt_cb(skb)->retries = 0;

int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)

{

	struct sock *sk = chan->sk;

	struct sk_buff *skb;

	struct sk_buff_head sar_queue;

	u16 control;

	skb_queue_head_init(&sar_queue);

	control = L2CAP_SDU_START;

	skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len);

	skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);

	if (IS_ERR(skb))

		return PTR_ERR(skb);

			buflen = len;

		}

		skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);

		skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);

		if (IS_ERR(skb)) {

			skb_queue_purge(&sar_queue);

			return PTR_ERR(skb);

	case L2CAP_MODE_ERTM:

		rfc.mode            = L2CAP_MODE_ERTM;

		rfc.txwin_size      = pi->tx_win;

		rfc.max_transmit    = pi->max_tx;

		rfc.txwin_size      = chan->tx_win;

		rfc.max_transmit    = chan->max_tx;

		rfc.retrans_timeout = 0;

		rfc.monitor_timeout = 0;

		rfc.max_pdu_size    = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);

		if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (pi->fcs == L2CAP_FCS_NONE ||

		if (chan->fcs == L2CAP_FCS_NONE ||

				chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {

			pi->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);

			chan->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);

		}

		break;

		if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (pi->fcs == L2CAP_FCS_NONE ||

		if (chan->fcs == L2CAP_FCS_NONE ||

				chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {

			pi->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);

			chan->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);

		}

		break;

	}

		switch (rfc.mode) {

		case L2CAP_MODE_BASIC:

			pi->fcs = L2CAP_FCS_NONE;

			chan->fcs = L2CAP_FCS_NONE;

			chan->conf_state |= L2CAP_CONF_MODE_DONE;

			break;

							rfc.mode != pi->mode)

				return -ECONNREFUSED;

			pi->fcs = 0;

			chan->fcs = 0;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,

					sizeof(rfc), (unsigned long) &rfc);

	if (*result == L2CAP_CONF_SUCCESS) {

		switch (rfc.mode) {

		case L2CAP_MODE_ERTM:

			pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);

			pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);

			pi->mps    = le16_to_cpu(rfc.max_pdu_size);

			chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);

			chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);

			chan->mps    = le16_to_cpu(rfc.max_pdu_size);

			break;

		case L2CAP_MODE_STREAMING:

			pi->mps    = le16_to_cpu(rfc.max_pdu_size);

			chan->mps    = le16_to_cpu(rfc.max_pdu_size);

		}

	}

	chan->num_conf_req++;

}

static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)

static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)

{

	struct l2cap_pinfo *pi = l2cap_pi(sk);

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	int type, olen;

	unsigned long val;

	struct l2cap_conf_rfc rfc;

	BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);

	BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);

	if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))

		return;

done:

	switch (rfc.mode) {

	case L2CAP_MODE_ERTM:

		pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);

		pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);

		pi->mps    = le16_to_cpu(rfc.max_pdu_size);

		chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);

		chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);

		chan->mps    = le16_to_cpu(rfc.max_pdu_size);

		break;

	case L2CAP_MODE_STREAMING:

		pi->mps    = le16_to_cpu(rfc.max_pdu_size);

		chan->mps    = le16_to_cpu(rfc.max_pdu_size);

	}

}

	return 0;

}

static inline void set_default_fcs(struct l2cap_pinfo *pi)

static inline void set_default_fcs(struct l2cap_chan *chan)

{

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	/* FCS is enabled only in ERTM or streaming mode, if one or both

	 * sides request it.

	 */

	if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)

		pi->fcs = L2CAP_FCS_NONE;

		chan->fcs = L2CAP_FCS_NONE;

	else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))

		pi->fcs = L2CAP_FCS_CRC16;

		chan->fcs = L2CAP_FCS_CRC16;

}

static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)

		goto unlock;

	if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {

		set_default_fcs(l2cap_pi(sk));

		set_default_fcs(chan);

		sk->sk_state = BT_CONNECTED;

	switch (result) {

	case L2CAP_CONF_SUCCESS:

		l2cap_conf_rfc_get(sk, rsp->data, len);

		l2cap_conf_rfc_get(chan, rsp->data, len);

		break;

	case L2CAP_CONF_UNACCEPT:

	chan->conf_state |= L2CAP_CONF_INPUT_DONE;

	if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {

		set_default_fcs(l2cap_pi(sk));

		set_default_fcs(chan);

		sk->sk_state = BT_CONNECTED;

		chan->next_tx_seq = 0;

	kfree_skb(skb);

}

static int l2cap_check_fcs(struct l2cap_pinfo *pi,  struct sk_buff *skb)

static int l2cap_check_fcs(struct l2cap_chan *chan,  struct sk_buff *skb)

{

	u16 our_fcs, rcv_fcs;

	int hdr_size = L2CAP_HDR_SIZE + 2;

	if (pi->fcs == L2CAP_FCS_CRC16) {

	if (chan->fcs == L2CAP_FCS_CRC16) {

		skb_trim(skb, skb->len - 2);

		rcv_fcs = get_unaligned_le16(skb->data + skb->len);

		our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);

	u8 req_seq = __get_reqseq(rx_control);

	u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;

	int tx_seq_offset, expected_tx_seq_offset;

	int num_to_ack = (pi->tx_win/6) + 1;

	int num_to_ack = (chan->tx_win/6) + 1;

	int err = 0;

	BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,

		tx_seq_offset += 64;

	/* invalid tx_seq */

	if (tx_seq_offset >= pi->tx_win) {

	if (tx_seq_offset >= chan->tx_win) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

		goto drop;

	}

	 * Receiver will miss it and start proper recovery

	 * procedures and ask retransmission.

	 */

	if (l2cap_check_fcs(pi, skb))

	if (l2cap_check_fcs(chan, skb))

		goto drop;

	if (__is_sar_start(control) && __is_iframe(control))

		len -= 2;

	if (pi->fcs == L2CAP_FCS_CRC16)

	if (chan->fcs == L2CAP_FCS_CRC16)

		len -= 2;

	if (len > pi->mps) {

	if (len > chan->mps) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

		goto drop;

	}

		skb_pull(skb, 2);

		len = skb->len;

		if (l2cap_check_fcs(pi, skb))

		if (l2cap_check_fcs(chan, skb))

			goto drop;

		if (__is_sar_start(control))

			len -= 2;

		if (pi->fcs == L2CAP_FCS_CRC16)

		if (chan->fcs == L2CAP_FCS_CRC16)

			len -= 2;

		if (len > pi->mps || len < 0 || __is_sframe(control))

		if (len > chan->mps || len < 0 || __is_sframe(control))

			goto drop;

		tx_seq = __get_txseq(control);

		opts.omtu     = l2cap_pi(sk)->omtu;

		opts.flush_to = l2cap_pi(sk)->flush_to;

		opts.mode     = l2cap_pi(sk)->mode;

		opts.fcs      = l2cap_pi(sk)->fcs;

		opts.max_tx   = l2cap_pi(sk)->max_tx;

		opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;

		opts.fcs      = chan->fcs;

		opts.max_tx   = chan->max_tx;

		opts.txwin_size = (__u16)chan->tx_win;

		len = min_t(unsigned int, len, sizeof(opts));

		if (copy_to_user(optval, (char *) &opts, len))

		opts.omtu     = l2cap_pi(sk)->omtu;

		opts.flush_to = l2cap_pi(sk)->flush_to;

		opts.mode     = l2cap_pi(sk)->mode;

		opts.fcs      = l2cap_pi(sk)->fcs;

		opts.max_tx   = l2cap_pi(sk)->max_tx;

		opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;

		opts.fcs      = chan->fcs;

		opts.max_tx   = chan->max_tx;

		opts.txwin_size = (__u16)chan->tx_win;

		len = min_t(unsigned int, sizeof(opts), optlen);

		if (copy_from_user((char *) &opts, optval, len)) {

		l2cap_pi(sk)->imtu = opts.imtu;

		l2cap_pi(sk)->omtu = opts.omtu;

		l2cap_pi(sk)->fcs  = opts.fcs;

		l2cap_pi(sk)->max_tx = opts.max_tx;

		l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;

		chan->fcs  = opts.fcs;

		chan->max_tx = opts.max_tx;

		chan->tx_win = (__u8)opts.txwin_size;

		break;

	case L2CAP_LM:

		/* Entire SDU fits into one PDU */

		if (len <= pi->chan->remote_mps) {

			control = L2CAP_SDU_UNSEGMENTED;

			skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);

			skb = l2cap_create_iframe_pdu(pi->chan, msg, len,

								control, 0);

			if (IS_ERR(skb)) {

				err = PTR_ERR(skb);

				goto done;

		pi->omtu = l2cap_pi(parent)->omtu;

		chan->conf_state = pchan->conf_state;

		pi->mode = l2cap_pi(parent)->mode;

		pi->fcs  = l2cap_pi(parent)->fcs;

		pi->max_tx = l2cap_pi(parent)->max_tx;

		pi->tx_win = l2cap_pi(parent)->tx_win;

		chan->fcs  = pchan->fcs;

		chan->max_tx = pchan->max_tx;

		chan->tx_win = pchan->tx_win;

		chan->sec_level = pchan->sec_level;

		chan->role_switch = pchan->role_switch;

		chan->force_reliable = pchan->force_reliable;

		} else {

			pi->mode = L2CAP_MODE_BASIC;

		}

		pi->max_tx = L2CAP_DEFAULT_MAX_TX;

		pi->fcs  = L2CAP_FCS_CRC16;

		pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;

		chan->max_tx = L2CAP_DEFAULT_MAX_TX;

		chan->fcs  = L2CAP_FCS_CRC16;

		chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;

		chan->sec_level = BT_SECURITY_LOW;

		chan->role_switch = 0;

		chan->force_reliable = 0;

	sk = sock->sk;

	lock_sock(sk);

	l2cap_pi(sk)->imtu = l2cap_mtu;

	l2cap_pi(sk)->sec_level = sec_level;

	l2cap_pi(sk)->chan->sec_level = sec_level;

	if (l2cap_ertm)

		l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;

	release_sock(sk);