Discussion:
Receiving data in BLE non-connectable undirected advertisements
Benjamin Adler
2014-02-28 15:00:57 UTC
Permalink
Hello bluez,

as the subject notes, I'm trying to receive non-connectable undirected
advertisements from a bluetooth low energy device, namely TI's
SensorTag. Their SDK contains a sample app named SimpleBLEBroadcaster,
that, supposedly, sends those advertisements including some data. There
is an overview of TI's understanding of this mechanism for download at

http://e2e.ti.com/support/low_power_rf/m/videos__files/653593/download.aspx

Is it possible to receive/display the *data* (up to 31 bytes, I believe)
that can be contained in those advertisements using bluez? I currently
don't care whether it's a commandline tool, C-based API, python, DBUS,
anything.

When I start SimpleBLEBroadcaster, btmon alone doesn't show anything,
but "hcitool lescan" says.

LE Scan ...
90:59:AF:0B:8A:7D (unknown)

The complete output of a btmon during lescan is attached below.

https://github.com/bmpm/bcast-observer-demos and a script named
"test-bluetooth-observer" made me believe that there should be an
org.bluez.Observer interface for this, which I couldn't find using
qdbusviewer.

I asked on #bluez before, but it seems noone knew.

Thanks!
ben

###################################################################

####### start "btmon"

Bluetooth monitor ver 5.14
= New Index: 00:02:72:33:29:55 (BR/EDR,USB,hci0) [hci0] 0.377191

####### start "hcitool lescan" in another shell

< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 [hci0] 4.457403
Type: Active (0x01)
Interval: 10.000 msec (0x0010)
Window: 10.000 msec (0x0010)
Own address type: Public (0x00)
Filter policy: Accept all advertisement (0x00)
HCI Event: Command Complete (0x0e) plen 4 [hci0]
4.458949
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 4.459094
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0]
4.459957
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)

####### Power-on the SensorTag
HCI Event: LE Meta Event (0x3e) plen 20 [hci0]
9.481376
LE Advertising Report (0x02)
Num reports: 1
Event type: Non connectable undirected - ADV_NONCONN_IND (0x03)
Address type: Public (0x00)
Address: 90:59:AF:0B:8A:7D (Texas Instruments)
Data length: 8
Flags: 0x04
BR/EDR Not Supported
Company: not assigned (513)
Data: 03
RSSI: -80 dBm (0xb0)

####### Quit hcitool

< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 20.647504
Scanning: Disabled (0x00)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0]
20.650124
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)

#
Adam Warski
2014-02-28 15:13:31 UTC
Permalink
If you want to see the raw advertisement packets, run:

1st terminal: hcidump -R
2nd terminal: hcitool lescan

The raw dump will contain the advertisement data.

Adam
Post by Benjamin Adler
Hello bluez,
as the subject notes, I'm trying to receive non-connectable undirected advertisements from a bluetooth low energy device, namely TI's SensorTag. Their SDK contains a sample app named SimpleBLEBroadcaster, that, supposedly, sends those advertisements including some data. There is an overview of TI's understanding of this mechanism for download at
http://e2e.ti.com/support/low_power_rf/m/videos__files/653593/download.aspx
Is it possible to receive/display the *data* (up to 31 bytes, I believe) that can be contained in those advertisements using bluez? I currently don't care whether it's a commandline tool, C-based API, python, DBUS, anything.
When I start SimpleBLEBroadcaster, btmon alone doesn't show anything, but "hcitool lescan" says.
LE Scan ...
90:59:AF:0B:8A:7D (unknown)
The complete output of a btmon during lescan is attached below.
https://github.com/bmpm/bcast-observer-demos and a script named "test-bluetooth-observer" made me believe that there should be an org.bluez.Observer interface for this, which I couldn't find using qdbusviewer.
I asked on #bluez before, but it seems noone knew.
Thanks!
ben
###################################################################
####### start "btmon"
Bluetooth monitor ver 5.14
= New Index: 00:02:72:33:29:55 (BR/EDR,USB,hci0) [hci0] 0.377191
####### start "hcitool lescan" in another shell
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 [hci0] 4.457403
Type: Active (0x01)
Interval: 10.000 msec (0x0010)
Window: 10.000 msec (0x0010)
Own address type: Public (0x00)
Filter policy: Accept all advertisement (0x00)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 4.458949
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 4.459094
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 4.459957
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
####### Power-on the SensorTag
HCI Event: LE Meta Event (0x3e) plen 20 [hci0] 9.481376
LE Advertising Report (0x02)
Num reports: 1
Event type: Non connectable undirected - ADV_NONCONN_IND (0x03)
Address type: Public (0x00)
Address: 90:59:AF:0B:8A:7D (Texas Instruments)
Data length: 8
Flags: 0x04
BR/EDR Not Supported
Company: not assigned (513)
Data: 03
RSSI: -80 dBm (0xb0)
####### Quit hcitool
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 20.647504
Scanning: Disabled (0x00)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 20.650124
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
#
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Adam Warski

http://twitter.com/#!/adamwarski
http://www.softwaremill.com
http://www.warski.org
Benjamin Adler
2014-02-28 15:38:43 UTC
Permalink
Adam,

thanks for your answer!
Post by Adam Warski
1st terminal: hcidump -R
2nd terminal: hcitool lescan
The raw dump will contain the advertisement data.
# hcidump -R
HCI sniffer - Bluetooth packet analyzer ver 5.14
device: hci0 snap_len: 1500 filter: 0xffffffffffffffff

### start "hcitool lescan"

< 01 0B 20 07 01 10 00 10 00 00 00
Post by Adam Warski
04 0E 04 01 0B 20 00
< 01 0C 20 02 01 01
Post by Adam Warski
04 0E 04 01 0C 20 00
### power-on sensortag
Post by Adam Warski
04 3E 14 02 01 03 00 7D 8A 0B AF 59 90 08 02 01 04 04 FF 01
02 03 B7

### power-cycle sensortag

<nothing>

So it seems like hcitool must first tell bluez to listen for
advertisement packets. Is there documentation/samples on how to do this
with python or C? Any other programs that do this, so I can read their
source?

Also, only the first advertisement of the SensorTag is shown. While that
probably makes sense for traditional advertisements, my use case
requires that all advertisements are shown, as I'm trying to transmit
low-rate data from the tag's sensors in the advertisements.

Do you have some hints concerning the easiest way to receive and process
those advertisements, preferably without the hassle of user-interaction
and multiple terminals?

Cheers,
ben
Adam Warski
2014-02-28 15:54:59 UTC
Permalink
Also, only the first advertisement of the SensorTag is shown. While t=
hat probably makes sense for traditional advertisements, my use case re=
quires that all advertisements are shown, as I'm trying to transmit low=
-rate data from the tag's sensors in the advertisements.

Try hcitool lescan --duplicates.
By default duplicates are filtered out, so as all the advertisements ar=
e the same, you only see the first one after starting scanning.

However, see my post from 3 hours ago, I get into buffer overflows erro=
rs when using this option (but maybe it=92s only me :) )

Adam

--=20
Adam Warski

http://twitter.com/#!/adamwarski
http://www.softwaremill.com
http://www.warski.org
Marcel Holtmann
2014-02-28 15:46:19 UTC
Permalink
Hi Benjamin,
Post by Benjamin Adler
as the subject notes, I'm trying to receive non-connectable undirected advertisements from a bluetooth low energy device, namely TI's SensorTag. Their SDK contains a sample app named SimpleBLEBroadcaster, that, supposedly, sends those advertisements including some data. There is an overview of TI's understanding of this mechanism for download at
http://e2e.ti.com/support/low_power_rf/m/videos__files/653593/download.aspx
Is it possible to receive/display the *data* (up to 31 bytes, I believe) that can be contained in those advertisements using bluez? I currently don't care whether it's a commandline tool, C-based API, python, DBUS, anything.
When I start SimpleBLEBroadcaster, btmon alone doesn't show anything, but "hcitool lescan" says.
LE Scan ...
90:59:AF:0B:8A:7D (unknown)
The complete output of a btmon during lescan is attached below.
https://github.com/bmpm/bcast-observer-demos and a script named "test-bluetooth-observer" made me believe that there should be an org.bluez.Observer interface for this, which I couldn't find using qdbusviewer.
I asked on #bluez before, but it seems noone knew.
Thanks!
ben
###################################################################
####### start "btmon"
Bluetooth monitor ver 5.14
= New Index: 00:02:72:33:29:55 (BR/EDR,USB,hci0) [hci0] 0.377191
####### start "hcitool lescan" in another shell
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 [hci0] 4.457403
Type: Active (0x01)
Interval: 10.000 msec (0x0010)
Window: 10.000 msec (0x0010)
Own address type: Public (0x00)
Filter policy: Accept all advertisement (0x00)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 4.458949
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 4.459094
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 4.459957
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
####### Power-on the SensorTag
HCI Event: LE Meta Event (0x3e) plen 20 [hci0] 9.481376
LE Advertising Report (0x02)
Num reports: 1
Event type: Non connectable undirected - ADV_NONCONN_IND (0x03)
Address type: Public (0x00)
Address: 90:59:AF:0B:8A:7D (Texas Instruments)
Data length: 8
Flags: 0x04
BR/EDR Not Supported
Company: not assigned (513)
Data: 03
seems the TI engineers are as incapable of understanding little endian as the iOS engineers. Company identifiers are little endian, people ;)
Post by Benjamin Adler
RSSI: -80 dBm (0xb0)
####### Quit hcitool
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 [hci0] 20.647504
Scanning: Disabled (0x00)
Filter duplicates: Enabled (0x01)
HCI Event: Command Complete (0x0e) plen 4 [hci0] 20.650124
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
#
You can just write an advertising receiver by using Bluetooth HCI User Channel feature from the 3.13 kernel. With the help of src/shared/hci.c (if that license is acceptable to you), this is trivial. If the license is not acceptable, then you have to write your own HCI handling.

The BlueZ source code contains samples in form of tools/ibeacon.c and others on how to write such small program for direct access of the HCI interface. If you use this sample code, then please comply with the license as well here.

Our bluetoothd itself has zero interest in providing this functionality since we do have to look into the advertising data to make sense out of it.

Regards

Marcel
Benjamin Adler
2014-03-03 09:10:02 UTC
Permalink
Hello Marcel,
Post by Marcel Holtmann
You can just write an advertising receiver by using Bluetooth HCI
User Channel feature from the 3.13 kernel. With the help of
src/shared/hci.c (if that license is acceptable to you), this is
trivial. If the license is not acceptable, then you have to
write your own HCI handling.
The BlueZ source code contains samples in form of tools/ibeacon.c
and others on how to write such small program for direct access
of the HCI interface. If you use this sample code, then please
comply with the license as well here.
regarding the license, this is more of a hobby project, so GPL is perfect.

Looking at hci.{c,h}, there is (except for the license) not a single
comment that would help explain things (to bluetooth-newcomers). The
functions might have descriptive names, but I'm missing the bigger picture.

Reading ibeacon.c, I get the impression the code is made for sending
advertisements, not for receiving them. I might be wrong though, there's
no comments either. None of the other filenames in tools/ made me hope I
could find sample code for receiving non-connectable advertisements.

Marcel, could you either point me to some sample code, or help me
understand hci.c (or list the required steps) so that I can write my own?

thanks!
ben
Marcel Holtmann
2014-03-03 15:28:25 UTC
Permalink
Hi Benjamin,
Post by Benjamin Adler
Post by Marcel Holtmann
You can just write an advertising receiver by using Bluetooth HCI
User Channel feature from the 3.13 kernel. With the help of
src/shared/hci.c (if that license is acceptable to you), this is
trivial. If the license is not acceptable, then you have to
write your own HCI handling.
The BlueZ source code contains samples in form of tools/ibeacon.c
and others on how to write such small program for direct access
of the HCI interface. If you use this sample code, then please
comply with the license as well here.
regarding the license, this is more of a hobby project, so GPL is perfect.
Looking at hci.{c,h}, there is (except for the license) not a single comment that would help explain things (to bluetooth-newcomers). The functions might have descriptive names, but I'm missing the bigger picture.
Reading ibeacon.c, I get the impression the code is made for sending advertisements, not for receiving them. I might be wrong though, there's no comments either. None of the other filenames in tools/ made me hope I could find sample code for receiving non-connectable advertisements.
Marcel, could you either point me to some sample code, or help me understand hci.c (or list the required steps) so that I can write my own?
maybe you need to just read the HCI part of the Bluetooth Core specification. The tools/ibeacon.c is a perfect example on how to get started with HCI commands. You just need to figure out on how to do scanning instead of advertising.

Regards

Marcel
Benjamin Adler
2014-03-04 22:02:03 UTC
Permalink
Marcel,
Post by Marcel Holtmann
maybe you need to just read the HCI part of the Bluetooth Core specification. The tools/ibeacon.c is a perfect example on how to get started with HCI commands. You just need to figure out on how to do scanning instead of advertising.
during the last days, I fought through those 2600 pages, and I think I
now have a rough idea how things might work. The source of my
lescanner.c is attached, and it doesn't work yet. My questions are:

- why do you open urandom, but never use it?

- searching for the reason of "Failed to open HCI user channel", I found
a commit log from you, saying that the HCI user channel means exclusive
access to the device, so I'll have to disable e.g. bluetoothd. Is that a
limitation inherent to bluetooth, or just to bluez? Is there a way to
process those advertisements and still use bluetoothd, e.g. for skype?

- in bt_hci_register(), what is the "bt_hci_destroy_func_t destroy"
parameter used for? It seems it's always null when used in the examples?

- I was hoping that line 134 would cause advertising_report_callback()
to be called when advertisements are received. Unfortunately, that's not
the case, nothing happens. What am I missing?

- I'm also confused by how those btle advertisements are handled, they
seem to be a subevent/subtype of a generic btle event. How can I process
this correctly in advertising_report_callback()?

I'd be grateful if you could give me some hints to some of these questions.

Cheers,
ben

output from lescanner:

# ./tools/lescanner
Low Energy Passive Non-Connectable Undirected Advertisement Scanner 5.15
Registering for command-complete-events...
Registering for advertising-events...
Lets see whether we can provoke an error...
Setting bt event-mask...
Setting bt le event-mask...
Setting bt le scan parameters...
Enabling le scan...
check_error_callback: succeeded
check_error_callback: succeeded
check_error_callback: succeeded
check_error_callback: succeeded

Loading...