主要介紹下藍芽協定棧(bluetooth stack)低功耗藍芽搜尋廣播的流程以及協定棧的實現流程,BLE scan flow
btsnoop以及流程在資料中的......\STM32_UBUNTU_BLUETOOTH\2-藍芽資料\藍芽協定分析\BLE搜尋廣播.log
本專欄文章我們會以連載的方式持續更新,本專欄計劃更新內容如下:
第一篇:藍芽綜合介紹 ,主要介紹藍芽的一些概念,產生背景,發展軌跡,市面藍芽介紹,以及藍芽開發板介紹。
第二篇:Transport層介紹,主要介紹藍芽協定棧跟藍芽晶片之前的硬體傳輸協定,比如基於UART的H4,H5,BCSP,基於USB的H2等
第三篇:傳統藍芽controller介紹,主要介紹傳統藍芽晶片的介紹,包括射頻層(RF),基頻層(baseband),鏈路管理層(LMP)等
第四篇:傳統藍芽host介紹,主要介紹傳統藍芽的協定棧,比如HCI,L2CAP,SDP,RFCOMM,HFP,SPP,HID,AVDTP,AVCTP,A2DP,AVRCP,OBEX,PBAP,MAP等等一系列的協定吧。
第五篇:低功耗藍芽controller介紹,主要介紹低功耗藍芽晶片,包括物理層(PHY),鏈路層(LL)
第六篇:低功耗藍芽host介紹,低功耗藍芽協定棧的介紹,包括HCI,L2CAP,ATT,GATT,SM等
第七篇:藍芽晶片介紹,主要介紹一些藍芽晶片的初始化流程,基於HCI vendor command的擴充套件
第八篇:附錄,主要介紹以上常用名詞的介紹以及一些特殊流程的介紹等。
另外,開發板如下所示,對於想學習藍芽協定棧的最好人手一套。以便更好的學習藍芽協定棧,相信我,學完這一套視訊你將擁有修改任何協定棧的能力(比如Linux下的bluez,Android下的bluedroid)。
-------------------------------------------------------------------------------------------------------------------------
CSDN學院連結(進入選擇你想要學習的課程):https://edu.csdn.net/lecturer/5352?spm=1002.2001.3001.4144
藍芽交流扣扣群:970324688
Github程式碼:https://github.com/sj15712795029/bluetooth_stack
入手開發板:https://item.taobao.com/item.htm?spm=a1z10.1-c-s.w4004-22329603896.18.5aeb41f973iStr&id=622836061708
藍芽學習目錄:https://blog.csdn.net/XiaoXiaoPengBo/article/details/107727900
--------------------------------------------------------------------------------------------------------------------------
整個流程如下(注意在初始化的時候有省略的步驟,只列出初始化的關鍵步驟)
注意我們在截圖初始化的時候只是擷取了兩個command以及event,一個是跟傳統藍芽有差別的set event mask,一個是write le host supported,其他可以參照傳統藍芽的初始化,步驟整理如下:
步驟1)傳送設定事件掩碼的command(set event mask)以及收到commnd complete event
步驟2)傳送設定支援BLE的command(write le host support)收到command complete event
步驟3)傳送設定BLE scan引數的command(LE set scan param)
步驟4)傳送BLE搜尋使能的command(LE set scan enable)
步驟5)收到步驟3)4)的command complete
步驟6)解析BLE廣播event的封包
步驟7)傳送結束搜尋的command(LE set scan enable)以及收到commnd complete event
下面我們就詳細說下每個步驟
① 傳送設定事件掩碼的command(set event mask)
首先我們來看下這個command格式,OGF=3,OCF=1
一共8byte的引數,一共有62個mask,這個command就是掩碼,決定晶片是否要上報給協定棧這個event,此部分我們傳統藍芽跟BLE藍芽傳送的引數有差別,截圖code如下:
可以看到就差了bit61,也就是LE Meta Event,此部分很多BLE的event都會通過這個上來
我們來看下btsnoop
② 收到command complete event
此event我們在傳統藍芽HCI章節中多次講到不再重複
我們來看下btsnoop
① 傳送設定支援BLE的command(write le host support)
首先我們來看下command的格式,OGF=3,OCF=0x6d
可以看到如果要使能BLE,那麼LE SUPPORTED HOST要設定為0x01,SIMULTANEOUS LE HOST只能設定為0,其他用在擴充套件使用。
我們來看下btsnoop
② command complete event
此event我們在傳統藍芽HCI章節中多次講到不再重複
我們來看下btsnoop
首先我們來看下命令格式(OGF=8,OCF=0xb)
下面來具體說下引數的意義:
LE_Scan_Type:分主動掃描跟被動掃描
區別主要有幾個
一般被動掃描用於確定從機不會傳送掃描響應,只會傳送31byte的廣播資料
而主動掃描用於不確定從機是否有額外的資料,所以要額外發起掃描請求來接受更多的廣播的資料
注意:主動掃描的掃描請求以及掃描響應也是廣播封包
LE_Scan_Window跟LE_Scan_Interval:
看以上圖你就懂這兩個引數了
我們來看下btsnoop
我們來看下command格式(OGF=8,OCF=0xc)
我們看下btsnoop
這個command我們已經在傳統藍芽HCI介紹了,我們直接貼下btsnoop
此部分的event code是0x3e(LE Meta event)
其中Subevent_Code = 2就是LE廣播封包的event
我們首先來看下引數
這是一個關鍵的event,我們來詳細說下廣播資料,其他引數自己體會
廣播引數格式如下:
一個1byte的length,n byte的type,後面跟的是這個item的廣播資料,符合L T V格式
L:length T:Type V:value
其中Type跟HCI EIR基本一樣,在檔案CSS_V9中,想詳細看的可以看下
Data Type Value | Data Type Name | Reference for Definition |
---|---|---|
0x01 | «Flags» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.3 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.3 and 18.1 (v4.0)Core Specification Supplement, Part A, section 1.3 |
0x02 | «Incomplete List of 16-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x03 | «Complete List of 16-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x04 | «Incomplete List of 32-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, section 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x05 | «Complete List of 32-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, section 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x06 | «Incomplete List of 128-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x07 | «Complete List of 128-bit Service Class UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1 |
0x08 | «Shortened Local Name» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.2 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.2 and 18.4 (v4.0)Core Specification Supplement, Part A, section 1.2 |
0x09 | «Complete Local Name» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.2 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.2 and 18.4 (v4.0)Core Specification Supplement, Part A, section 1.2 |
0x0A | «Tx Power Level» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.5 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.3 (v4.0)Core Specification Supplement, Part A, section 1.5 |
0x0D | «Class of Device» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0)Core Specification Supplement, Part A, section 1.6 |
0x0E | «Simple Pairing Hash C» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0) |
0x0E | «Simple Pairing Hash C-192» | Core Specification Supplement, Part A, section 1.6 |
0x0F | «Simple Pairing Randomizer R» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0) |
0x0F | «Simple Pairing Randomizer R-192» | Core Specification Supplement, Part A, section 1.6 |
0x10 | «Device ID» | Device ID Profile v1.3 or later |
0x10 | «Security Manager TK Value» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.7 and 18.6 (v4.0)Core Specification Supplement, Part A, section 1.8 |
0x11 | «Security Manager Out of Band Flags» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.6 and 18.7 (v4.0)Core Specification Supplement, Part A, section 1.7 |
0x12 | «Slave Connection Interval Range» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.8 and 18.8 (v4.0)Core Specification Supplement, Part A, section 1.9 |
0x14 | «List of 16-bit Service Solicitation UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.9 and 18.9 (v4.0)Core Specification Supplement, Part A, section 1.10 |
0x15 | «List of 128-bit Service Solicitation UUIDs» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.9 and 18.9 (v4.0)Core Specification Supplement, Part A, section 1.10 |
0x16 | «Service Data» | Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.10 and 18.10 (v4.0) |
0x16 | «Service Data - 16-bit UUID» | Core Specification Supplement, Part A, section 1.11 |
0x17 | «Public Target Address» | Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.13 |
0x18 | «Random Target Address» | Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.14 |
0x19 | «Appearance» | Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.12 |
0x1A | «Advertising Interval» | Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.15 |
0x1B | «LE Bluetooth Device Address» | Core Specification Supplement, Part A, section 1.16 |
0x1C | «LE Role» | Core Specification Supplement, Part A, section 1.17 |
0x1D | «Simple Pairing Hash C-256» | Core Specification Supplement, Part A, section 1.6 |
0x1E | «Simple Pairing Randomizer R-256» | Core Specification Supplement, Part A, section 1.6 |
0x1F | «List of 32-bit Service Solicitation UUIDs» | Core Specification Supplement, Part A, section 1.10 |
0x20 | «Service Data - 32-bit UUID» | Core Specification Supplement, Part A, section 1.11 |
0x21 | «Service Data - 128-bit UUID» | Core Specification Supplement, Part A, section 1.11 |
0x22 | «LE Secure Connections Confirmation Value» | Core Specification Supplement Part A, Section 1.6 |
0x23 | «LE Secure Connections Random Value» | Core Specification Supplement Part A, Section 1.6 |
0x24 | «URI» | Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.18 |
0x25 | «Indoor Positioning» | Indoor Positioning Service v1.0 or later |
0x26 | «Transport Discovery Data» | Transport Discovery Service v1.0 or later |
0x27 | «LE Supported Features» | Core Specification Supplement, Part A, Section 1.19 |
0x28 | «Channel Map Update Indication» | Core Specification Supplement, Part A, Section 1.20 |
0x29 | «PB-ADV» | Mesh Profile Specification Section 5.2.1 |
0x2A | «Mesh Message» | Mesh Profile Specification Section 3.3.1 |
0x2B | «Mesh Beacon» | Mesh Profile Specification Section 3.9 |
0x2C | «BIGInfo» | |
0x2D | «Broadcast_Code» | |
0x3D | «3D Information Data» | 3D Synchronization Profile, v1.0 or later |
0xFF | «Manufacturer Specific Data» | Bluetooth Core Specification:Vol. 3, Part C, section 8.1.4 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.4 and 18.11 (v4.0)Core Specification Supplement, Part A, section 1.4 |
我們來分析一組raw data讓你加深理解,方便自己寫code的時候解析廣播資料
Raw data為:02 01 06 03 03 00 FF 04 08 42 4c 45 03 19 80 00
02 -》此個item的length為2
01-》Type為1,也就是«Flags»
06 -》 flag的值
03 -》此個item的length為3
03 -》«Complete List of 16-bit Service Class UUIDs»
00 FF -》UUID的值
04 -》此個item的length為4
08 -》«Shortened Local Name»
42 4c 45 -》 名字為BLE
03 -》此個item的length為3
19 -》«Appearance»
80 00 -》 «Appearance»的值
LE set scan enable我們已經在步驟4)說明了,我們直接貼下btsnoop