Fatal编程技术网
  • bluetooth/
  • Bluetooth 解码蓝牙4.0设备的hcitool信息扩展功能的含义

Bluetooth 解码蓝牙4.0设备的hcitool信息扩展功能的含义

bluetooth

Bluetooth 解码蓝牙4.0设备的hcitool信息扩展功能的含义,bluetooth,Bluetooth,我有一个嵌入式蓝牙4.0模块(Laird BT900使用CSR 8811)。我正在尝试调试在发现和连接其他设备期间发生的一些问题。因此,我正试图准确地了解该设备在查询期间向其他人传达其功能的信息 在我的嵌入式模块上,如果我禁用配对,然后运行hcitool info,我会看到以下内容 $ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98 Requesting information ... BD Address: 00:16:A4:0F:B9:98

我有一个嵌入式蓝牙4.0模块(Laird BT900使用CSR 8811)。我正在尝试调试在发现和连接其他设备期间发生的一些问题。因此,我正试图准确地了解该设备在查询期间向其他人传达其功能的信息

在我的嵌入式模块上,如果我禁用配对,然后运行hcitool info,我会看到以下内容

$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
    BD Address:  00:16:A4:0F:B9:98
    OUI Company: Ezurio Ltd (00-16-A4)
    Device Name: FOO BAR
    LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
    Manufacturer: Cambridge Silicon Radio (10)
    Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
        <3-slot packets> <5-slot packets> <encryption> <slot offset> 
        <timing accuracy> <role switch> <hold mode> <sniff mode> 
        <park state> <RSSI> <channel quality> <CVSD> <paging scheme> 
        <power control> <broadcast encrypt> <EDR ACL 2 Mbps> 
        <EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan> 
        <interlaced pscan> <inquiry with RSSI> <AFH cap. slave> 
        <AFH class. slave> <LE support> <3-slot EDR ACL> 
        <5-slot EDR ACL> <sniff subrating> <pause encryption> 
        <AFH cap. master> <AFH class. master> <extended inquiry> 
        <LE and BR/EDR> <simple pairing> <encapsulated PDU> 
        <non-flush flag> <LSTO> <inquiry TX power> <EPC> 
        <extended features> 
    Features page 1: 0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00

$sudo hcitool-i hci0信息00:16:A4:0F:B9:98
正在请求信息。。。
屋宇署地址:00:16:A4:0F:B9:98
OUI公司:Ezurio有限公司(00-16-A4)
设备名称:foobar
LMP版本:4.0(0x6)LMP Subversion:0x2031
制造商:剑桥硅收音机(10)
功能页0:0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
功能页1:0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
如果我将设备设置为pairable,则输出如下

$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
    BD Address:  00:16:A4:0F:B9:98
    OUI Company: Ezurio Ltd (00-16-A4)
    Device Name: FOO BAR
    LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
    Manufacturer: Cambridge Silicon Radio (10)
    Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
        <3-slot packets> <5-slot packets> <encryption> <slot offset> 
        <timing accuracy> <role switch> <hold mode> <sniff mode> 
        <park state> <RSSI> <channel quality> <CVSD> <paging scheme> 
        <power control> <broadcast encrypt> <EDR ACL 2 Mbps> 
        <EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan> 
        <interlaced pscan> <inquiry with RSSI> <AFH cap. slave> 
        <AFH class. slave> <LE support> <3-slot EDR ACL> 
        <5-slot EDR ACL> <sniff subrating> <pause encryption> 
        <AFH cap. master> <AFH class. master> <extended inquiry> 
        <LE and BR/EDR> <simple pairing> <encapsulated PDU> 
        <non-flush flag> <LSTO> <inquiry TX power> <EPC> 
        <extended features> 
    Features page 1: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00

$sudo hcitool-i hci0信息00:16:A4:0F:B9:98
正在请求信息。。。
屋宇署地址:00:16:A4:0F:B9:98
OUI公司:Ezurio有限公司(00-16-A4)
设备名称:foobar
LMP版本:4.0(0x6)LMP Subversion:0x2031
制造商:剑桥硅收音机(10)
功能页0:0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
功能页1:0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
这两者之间的唯一区别是第1页的功能。在一种情况下,第一个字节是0x02,而在另一种情况下,第一个字节是0x03

所以我的问题是:这个字节是什么意思?在哪里可以找到有关这些扩展功能的文档?这是我只能从供应商那里得到的东西,还是有一些标准的含义?

我的问题的答案是:扩展功能记录在链路管理器协议规范第2卷C部分v 5.2(第587页)第3.3节“功能掩码定义”的表3.3中。HCI_读取_远程_扩展_功能命令在第4.9节和第7.1.22节中有说明

通过执行TCP转储并分析wireshark中的数据,我能够找到这个问题的答案

$ tcpdump -i bluetooth0 -w bt900_inquire_with_pairing_on.pcap &
[1] 26733
tcpdump: listening on bluetooth0, link-type BLUETOOTH_HCI_H4_WITH_PHDR (Bluetooth HCI UART transport layer plus pseudo-header), capture size 262144 bytes
$ hcitool scan
Scanning ...
    00:16:A4:0F:B9:98   FOO BAR
$ sudo hcitool -i hci0 info 00:16:A4:0F:B9:98
Requesting information ...
    BD Address:  00:16:A4:0F:B9:98
    OUI Company: Ezurio Ltd (00-16-A4)
    Device Name: FOO BAR
    LMP Version: 4.0 (0x6) LMP Subversion: 0x2031
    Manufacturer: Cambridge Silicon Radio (10)
    Features page 0: 0xff 0x07 0x87 0x7e 0xd8 0x1f 0x5b 0x87
        <3-slot packets> <5-slot packets> <encryption> <slot offset> 
        <timing accuracy> <role switch> <hold mode> <sniff mode> 
        <park state> <RSSI> <channel quality> <CVSD> <paging scheme> 
        <power control> <broadcast encrypt> <EDR ACL 2 Mbps> 
        <EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan> 
        <interlaced pscan> <inquiry with RSSI> <AFH cap. slave> 
        <AFH class. slave> <LE support> <3-slot EDR ACL> 
        <5-slot EDR ACL> <sniff subrating> <pause encryption> 
        <AFH cap. master> <AFH class. master> <extended inquiry> 
        <LE and BR/EDR> <simple pairing> <encapsulated PDU> 
        <non-flush flag> <LSTO> <inquiry TX power> <EPC> 
        <extended features> 
    Features page 1: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
$ fg 1
tcpdump -i bluetooth0 -w bt900_inquire_with_pairing_on.pcap
^C44 packets captured
1021 packets received by filter
0 packets dropped by kernel
$
这给了我很多搜索词来帮助我找到我想要的东西,第1位是根据LMP协议规范的“安全简单配对(主机支持)功能位”。

如果我在Bluetooth0界面上启动Wireshark捕获,我本可以避免tcpdump(需要以超级用户身份运行Wireshark),然后运行
sudo hcitool-i hci0 info 00:16:A4:0F:B9:98
Bluetooth HCI Event - Read Remote Extended Features Complete
    Event Code: Read Remote Extended Features Complete (0x23)
    Parameter Total Length: 13
    Status: Success (0x00)
    Connection Handle: 0x000c
    Page Number: 1
    Max. Page Number: 1
    LMP Features
        .... ...0 = Secure Simple Pairing Host: False
        .... ..1. = LE Supported Host: True
        .... .0.. = Simultaneous LE and BR/EDR to Same Device Capable Host: False
        .... 0... = Secure Connections Host: False
        0000 .... = Reserved: 0x0
        Reserved: 00000000000000