技術文章 » 低功耗藍芽搜尋廣播的實現流流程介紹 /BLE scan flow ----- 藍芽低功耗協定棧

低功耗藍芽搜尋廣播的實現流流程介紹 /BLE scan flow ----- 藍芽低功耗協定棧

2020-10-28 15:00:45

零. 概述

主要介紹下藍芽協定棧(bluetooth stack)低功耗藍芽搜尋廣播的流程以及協定棧的實現流程,BLE scan flow

btsnoop以及流程在資料中的......\STM32_UBUNTU_BLUETOOTH\2-藍芽資料\藍芽協定分析\BLE搜尋廣播.log

一. 宣告

本專欄文章我們會以連載的方式持續更新,本專欄計劃更新內容如下:

第一篇:藍芽綜合介紹 ,主要介紹藍芽的一些概念,產生背景,發展軌跡,市面藍芽介紹,以及藍芽開發板介紹。

第二篇:Transport層介紹,主要介紹藍芽協定棧跟藍芽晶片之前的硬體傳輸協定,比如基於UART的H4,H5,BCSP,基於USB的H2等

第三篇:傳統藍芽controller介紹,主要介紹傳統藍芽晶片的介紹,包括射頻層(RF),基頻層(baseband),鏈路管理層(LMP)等

第四篇:傳統藍芽host介紹,主要介紹傳統藍芽的協定棧,比如HCI,L2CAP,SDP,RFCOMM,HFP,SPP,HID,AVDTP,AVCTP,A2DP,AVRCP,OBEX,PBAP,MAP等等一系列的協定吧。

第五篇:低功耗藍芽controller介紹,主要介紹低功耗藍芽晶片,包括物理層(PHY),鏈路層(LL)

第六篇:低功耗藍芽host介紹,低功耗藍芽協定棧的介紹,包括HCI,L2CAP,ATT,GATT,SM等

第七篇:藍芽晶片介紹,主要介紹一些藍芽晶片的初始化流程,基於HCI vendor command的擴充套件

第八篇:附錄,主要介紹以上常用名詞的介紹以及一些特殊流程的介紹等。

另外,開發板如下所示,對於想學習藍芽協定棧的最好人手一套。以便更好的學習藍芽協定棧,相信我,學完這一套視訊你將擁有修改任何協定棧的能力(比如Linux下的bluez,Android下的bluedroid)。

-------------------------------------------------------------------------------------------------------------------------

CSDN學院連結(進入選擇你想要學習的課程):https://edu.csdn.net/lecturer/5352?spm=1002.2001.3001.4144

藍芽交流扣扣群:970324688

Github程式碼:https://github.com/sj15712795029/bluetooth_stack

入手開發板:https://item.taobao.com/item.htm?spm=a1z10.1-c-s.w4004-22329603896.18.5aeb41f973iStr&id=622836061708

藍芽學習目錄https://blog.csdn.net/XiaoXiaoPengBo/article/details/107727900

--------------------------------------------------------------------------------------------------------------------------

二. BLE搜尋廣播command以及event

整個流程如下(注意在初始化的時候有省略的步驟,只列出初始化的關鍵步驟)

注意我們在截圖初始化的時候只是擷取了兩個command以及event,一個是跟傳統藍芽有差別的set event mask,一個是write le host supported,其他可以參照傳統藍芽的初始化,步驟整理如下:

步驟1)傳送設定事件掩碼的command(set event mask)以及收到commnd complete event

步驟2)傳送設定支援BLE的command(write le host support)收到command complete event

步驟3)傳送設定BLE scan引數的command(LE set scan param)

步驟4)傳送BLE搜尋使能的command(LE set scan enable)

步驟5)收到步驟3)4)的command complete

步驟6)解析BLE廣播event的封包

步驟7)傳送結束搜尋的command(LE set scan enable)以及收到commnd complete event

下面我們就詳細說下每個步驟

步驟1)傳送設定事件掩碼的command(set event mask)以及收到commnd complete event

① 傳送設定事件掩碼的command(set event mask)

首先我們來看下這個command格式,OGF=3,OCF=1

一共8byte的引數,一共有62個mask,這個command就是掩碼,決定晶片是否要上報給協定棧這個event,此部分我們傳統藍芽跟BLE藍芽傳送的引數有差別,截圖code如下:

可以看到就差了bit61,也就是LE Meta Event,此部分很多BLE的event都會通過這個上來

我們來看下btsnoop

② 收到command complete event

此event我們在傳統藍芽HCI章節中多次講到不再重複

我們來看下btsnoop

步驟2)傳送設定支援BLE的command(write le host support)收到command complete event

① 傳送設定支援BLE的command(write le host support)

首先我們來看下command的格式,OGF=3,OCF=0x6d

可以看到如果要使能BLE,那麼LE SUPPORTED HOST要設定為0x01,SIMULTANEOUS LE HOST只能設定為0,其他用在擴充套件使用。

我們來看下btsnoop

② command complete event

此event我們在傳統藍芽HCI章節中多次講到不再重複

我們來看下btsnoop

 

步驟3)傳送設定BLE scan引數的command(LE set scan param)

首先我們來看下命令格式(OGF=8,OCF=0xb)

下面來具體說下引數的意義:

LE_Scan_Type:分主動掃描跟被動掃描

區別主要有幾個

  • 被動掃描僅僅接受廣播包,不會發起掃描請求
  • 主動掃描接受廣播包後悔傳送掃描請求給處於廣播態的裝置,來獲取額外的廣播資料

一般被動掃描用於確定從機不會傳送掃描響應,只會傳送31byte的廣播資料

而主動掃描用於不確定從機是否有額外的資料,所以要額外發起掃描請求來接受更多的廣播的資料

注意:主動掃描的掃描請求以及掃描響應也是廣播封包

LE_Scan_Window跟LE_Scan_Interval:

看以上圖你就懂這兩個引數了

我們來看下btsnoop

步驟4)傳送BLE搜尋使能的command(LE set scan enable)

我們來看下command格式(OGF=8,OCF=0xc)

我們看下btsnoop

步驟5)收到步驟3)4)的command complete

這個command我們已經在傳統藍芽HCI介紹了,我們直接貼下btsnoop

步驟6)解析BLE廣播event的封包

此部分的event code是0x3e(LE Meta event)

其中Subevent_Code = 2就是LE廣播封包的event

我們首先來看下引數

這是一個關鍵的event,我們來詳細說下廣播資料,其他引數自己體會

廣播引數格式如下:

一個1byte的length,n byte的type,後面跟的是這個item的廣播資料,符合L T V格式

L:length  T:Type   V:value

其中Type跟HCI EIR基本一樣,在檔案CSS_V9中,想詳細看的可以看下

Data Type ValueData Type NameReference for Definition
0x01«Flags»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.3 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.3 and 18.1 (v4.0)Core Specification Supplement, Part A, section 1.3
0x02«Incomplete List of 16-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x03«Complete List of 16-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x04«Incomplete List of 32-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, section 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x05«Complete List of 32-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, section 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x06«Incomplete List of 128-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x07«Complete List of 128-bit Service Class UUIDs»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.1 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.1 and 18.2 (v4.0)Core Specification Supplement, Part A, section 1.1
0x08«Shortened Local Name»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.2 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.2 and 18.4 (v4.0)Core Specification Supplement, Part A, section 1.2
0x09«Complete Local Name»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.2 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.2 and 18.4 (v4.0)Core Specification Supplement, Part A, section 1.2
0x0A«Tx Power Level»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.5 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.3 (v4.0)Core Specification Supplement, Part A, section 1.5
0x0D«Class of Device»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0)Core Specification Supplement, Part A, section 1.6
0x0E«Simple Pairing Hash C»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0)
0x0E«Simple Pairing Hash C-192»Core Specification Supplement, Part A, section 1.6
0x0F«Simple Pairing Randomizer R»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.6 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.5 and 18.5 (v4.0)
0x0F«Simple Pairing Randomizer R-192»Core Specification Supplement, Part A, section 1.6
0x10«Device ID»Device ID Profile v1.3 or later
0x10«Security Manager TK Value»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.7 and 18.6 (v4.0)Core Specification Supplement, Part A, section 1.8
0x11«Security Manager Out of Band Flags»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.6 and 18.7 (v4.0)Core Specification Supplement, Part A, section 1.7
0x12«Slave Connection Interval Range»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.8 and 18.8 (v4.0)Core Specification Supplement, Part A, section 1.9
0x14«List of 16-bit Service Solicitation UUIDs»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.9 and 18.9 (v4.0)Core Specification Supplement, Part A, section 1.10
0x15«List of 128-bit Service Solicitation UUIDs»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.9 and 18.9 (v4.0)Core Specification Supplement, Part A, section 1.10
0x16«Service Data»Bluetooth Core Specification:Vol. 3, Part C, sections 11.1.10 and 18.10 (v4.0)
0x16«Service Data - 16-bit UUID»Core Specification Supplement, Part A, section 1.11
0x17«Public Target Address»Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.13
0x18«Random Target Address»Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.14
0x19«Appearance»Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.12
0x1A«Advertising Interval»Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.15
0x1B«LE Bluetooth Device Address»Core Specification Supplement, Part A, section 1.16
0x1C«LE Role»Core Specification Supplement, Part A, section 1.17
0x1D«Simple Pairing Hash C-256»Core Specification Supplement, Part A, section 1.6
0x1E«Simple Pairing Randomizer R-256»Core Specification Supplement, Part A, section 1.6
0x1F«List of 32-bit Service Solicitation UUIDs»Core Specification Supplement, Part A, section 1.10
0x20«Service Data - 32-bit UUID»Core Specification Supplement, Part A, section 1.11
0x21«Service Data - 128-bit UUID»Core Specification Supplement, Part A, section 1.11
0x22«LE Secure Connections Confirmation Value»Core Specification Supplement Part A, Section 1.6
0x23«LE Secure Connections Random Value»Core Specification Supplement Part A, Section 1.6
0x24«URI»Bluetooth Core Specification:Core Specification Supplement, Part A, section 1.18
0x25«Indoor Positioning»Indoor Positioning Service v1.0 or later
0x26«Transport Discovery Data»Transport Discovery Service v1.0 or later
0x27«LE Supported Features»Core Specification Supplement, Part A, Section 1.19
0x28«Channel Map Update Indication»Core Specification Supplement, Part A, Section 1.20
0x29«PB-ADV»Mesh Profile Specification Section 5.2.1
0x2A«Mesh Message»Mesh Profile Specification Section 3.3.1
0x2B«Mesh Beacon»Mesh Profile Specification Section 3.9
0x2C«BIGInfo» 
0x2D«Broadcast_Code» 
0x3D«3D Information Data»3D Synchronization Profile, v1.0 or later
0xFF«Manufacturer Specific Data»Bluetooth Core Specification:Vol. 3, Part C, section 8.1.4 (v2.1 + EDR, 3.0 + HS and 4.0)Vol. 3, Part C, sections 11.1.4 and 18.11 (v4.0)Core Specification Supplement, Part A, section 1.4

我們來分析一組raw data讓你加深理解,方便自己寫code的時候解析廣播資料

Raw data為:02 01 06 03 03 00 FF 04 08 42 4c 45 03 19 80 00

02 -》此個item的length為2

01-》Type為1,也就是«Flags»

06 -》 flag的值

03 -》此個item的length為3

03 -》«Complete List of 16-bit Service Class UUIDs»

00 FF -》UUID的值

04 -》此個item的length為4

08 -》«Shortened Local Name»

42 4c 45 -》 名字為BLE

03 -》此個item的length為3

19 -》«Appearance»

80 00 -》 «Appearance»的值

步驟7)傳送結束搜尋的command(LE set scan enable)以及收到commnd complete event

LE set scan enable我們已經在步驟4)說明了,我們直接貼下btsnoop