Bluetooth 解码蓝牙4.0设备的hcitool信息扩展功能的含义
我有一个嵌入式蓝牙4.0模块(Laird BT900使用CSR 8811)。我正在尝试调试在发现和连接其他设备期间发生的一些问题。因此,我正试图准确地了解该设备在查询期间向其他人传达其功能的信息 在我的嵌入式模块上,如果我禁用配对,然后运行hcitool info,我会看到以下内容Bluetooth 解码蓝牙4.0设备的hcitool信息扩展功能的含义,bluetooth,Bluetooth,我有一个嵌入式蓝牙4.0模块(Laird BT900使用CSR 8811)。我正在尝试调试在发现和连接其他设备期间发生的一些问题。因此,我正试图准确地了解该设备在查询期间向其他人传达其功能的信息 在我的嵌入式模块上,如果我禁用配对,然后运行hcitool info,我会看到以下内容 $ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98 Requesting information ... BD Address: 00:16:A4:0F:B9:98
$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
BD Address: 00:16:A4:0F:B9:98
OUI Company: Ezurio Ltd (00-16-A4)
Device Name: FOO BAR
LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
Manufacturer: Cambridge Silicon Radio (10)
Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
<3-slot packets> <5-slot packets> <encryption> <slot offset>
<timing accuracy> <role switch> <hold mode> <sniff mode>
<park state> <RSSI> <channel quality> <CVSD> <paging scheme>
<power control> <broadcast encrypt> <EDR ACL 2 Mbps>
<EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan>
<interlaced pscan> <inquiry with RSSI> <AFH cap. slave>
<AFH class. slave> <LE support> <3-slot EDR ACL>
<5-slot EDR ACL> <sniff subrating> <pause encryption>
<AFH cap. master> <AFH class. master> <extended inquiry>
<LE and BR/EDR> <simple pairing> <encapsulated PDU>
<non-flush flag> <LSTO> <inquiry TX power> <EPC>
<extended features>
Features page 1: 0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00
$sudo hcitool-i hci0信息00:16:A4:0F:B9:98
正在请求信息。。。
屋宇署地址:00:16:A4:0F:B9:98
OUI公司:Ezurio有限公司(00-16-A4)
设备名称:foobar
LMP版本:4.0(0x6)LMP Subversion:0x2031
制造商:剑桥硅收音机(10)
功能页0:0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
功能页1:0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
如果我将设备设置为pairable,则输出如下
$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
BD Address: 00:16:A4:0F:B9:98
OUI Company: Ezurio Ltd (00-16-A4)
Device Name: FOO BAR
LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
Manufacturer: Cambridge Silicon Radio (10)
Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
<3-slot packets> <5-slot packets> <encryption> <slot offset>
<timing accuracy> <role switch> <hold mode> <sniff mode>
<park state> <RSSI> <channel quality> <CVSD> <paging scheme>
<power control> <broadcast encrypt> <EDR ACL 2 Mbps>
<EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan>
<interlaced pscan> <inquiry with RSSI> <AFH cap. slave>
<AFH class. slave> <LE support> <3-slot EDR ACL>
<5-slot EDR ACL> <sniff subrating> <pause encryption>
<AFH cap. master> <AFH class. master> <extended inquiry>
<LE and BR/EDR> <simple pairing> <encapsulated PDU>
<non-flush flag> <LSTO> <inquiry TX power> <EPC>
<extended features>
Features page 1: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
$sudo hcitool-i hci0信息00:16:A4:0F:B9:98
正在请求信息。。。
屋宇署地址:00:16:A4:0F:B9:98
OUI公司:Ezurio有限公司(00-16-A4)
设备名称:foobar
LMP版本:4.0(0x6)LMP Subversion:0x2031
制造商:剑桥硅收音机(10)
功能页0:0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
功能页1:0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
这两者之间的唯一区别是第1页的功能。在一种情况下,第一个字节是0x02,而在另一种情况下,第一个字节是0x03
所以我的问题是:这个字节是什么意思?在哪里可以找到有关这些扩展功能的文档?这是我只能从供应商那里得到的东西,还是有一些标准的含义?我的问题的答案是:扩展功能记录在链路管理器协议规范第2卷C部分v 5.2(第587页)第3.3节“功能掩码定义”的表3.3中。HCI_读取_远程_扩展_功能命令在第4.9节和第7.1.22节中有说明 通过执行TCP转储并分析wireshark中的数据,我能够找到这个问题的答案
$ tcpdump -i bluetooth0 -w bt900_inquire_with_pairing_on.pcap &
[1] 26733
tcpdump: listening on bluetooth0, link-type BLUETOOTH_HCI_H4_WITH_PHDR (Bluetooth HCI UART transport layer plus pseudo-header), capture size 262144 bytes
$ hcitool scan
Scanning ...
00:16:A4:0F:B9:98 FOO BAR
$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
BD Address: 00:16:A4:0F:B9:98
OUI Company: Ezurio Ltd (00-16-A4)
Device Name: FOO BAR
LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
Manufacturer: Cambridge Silicon Radio (10)
Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
<3-slot packets> <5-slot packets> <encryption> <slot offset>
<timing accuracy> <role switch> <hold mode> <sniff mode>
<park state> <RSSI> <channel quality> <CVSD> <paging scheme>
<power control> <broadcast encrypt> <EDR ACL 2 Mbps>
<EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan>
<interlaced pscan> <inquiry with RSSI> <AFH cap. slave>
<AFH class. slave> <LE support> <3-slot EDR ACL>
<5-slot EDR ACL> <sniff subrating> <pause encryption>
<AFH cap. master> <AFH class. master> <extended inquiry>
<LE and BR/EDR> <simple pairing> <encapsulated PDU>
<non-flush flag> <LSTO> <inquiry TX power> <EPC>
<extended features>
Features page 1: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
$ fg 1
tcpdump -i bluetooth0 -w bt900_inquire_with_pairing_on.pcap
^C44 packets captured
1021 packets received by filter
0 packets dropped by kernel
$
这给了我很多搜索词来帮助我找到我想要的东西,第1位是根据LMP协议规范的“安全简单配对(主机支持)功能位”。如果我在Bluetooth0界面上启动Wireshark捕获,我本可以避免tcpdump(需要以超级用户身份运行Wireshark),然后运行
sudo hcitool-i hci0 info 00:16:A4:0F:B9:98
。
Bluetooth HCI Event - Read Remote Extended Features Complete
Event Code: Read Remote Extended Features Complete (0x23)
Parameter Total Length: 13
Status: Success (0x00)
Connection Handle: 0x000c
Page Number: 1
Max. Page Number: 1
LMP Features
.... ...0 = Secure Simple Pairing Host: False
.... ..1. = LE Supported Host: True
.... .0.. = Simultaneous LE and BR/EDR to Same Device Capable Host: False
.... 0... = Secure Connections Host: False
0000 .... = Reserved: 0x0
Reserved: 00000000000000