一.概述
二.基本概念
HCI ACL Data Format:
L2CAP的C-Frame,在signaling channel上使用,结构如下:
L2CAP是request-response的通信形式,signaling channel上发送一些控制信息,它的information payload是comamnd的形式,格式如下:
总结下来,就是一些控制信息在signaling channel上发送,采用的C-Frame,information域是上图request packet的形式。定义的commnand code可以查询Spec:page1415-1416。
三.一些步骤的分析
Frame29:L2CAP发出Information request,HCI收到ACL Data
HCI层看到的Data如下:
00001001 00100000 00001010 00000000 00000110
00000000 00000001 00000000 00001010 00011111 00000010 00000000 00000010 00000000
00000000 00000001 00000000 00001010 00011111 00000010 00000000 00000010 00000000
Connection Handle: 00001001 = 0x09 = 9 //占据12个bit
PB:0x10(First automatically flushable packet)
BC:0x00(No broadcast, point-to-point)
Total Length: 00001010 00000000 = 0x000A = 10
绿色部分是L2CAP的Data,前面是HCI层所做的包装.
PDU Length: 00000110 00000000 = 0x0006 = 6
Channel ID:00000001 00000000 = 0x0001(signaling channel)
Information payload:00001010 00011111 00000010
00000000 00000010 00000000
00000000 00000010 00000000
其中command code:00001010 = 0x0a = 10 (Information request)
Identifier:00011111 = 0x1f = 31(response与request保持相同,ps:貌似与opcode类似的样子!!)
Length:00000010 00000000 = 0x02 = 2
Data:00000010 00000000 = 0x02 (Extended features supported)
Frame30:相应的,HCI层发出HCI_Read_Remote_Extended_Features
该command的参数为
Connection_Handle
Page Number
00011100 00000100 00000011 00001001 00000000 00000001
opCode:00011100 = 0x041C
TotalLength = 00000011 =3
Connection handle:00001001 = 9
page Number = 00000000 00000001 = 0x0100(0x0000代表normal LMP features,其余根据page Number确定对应的feature)
Frame31:HCI收到ACL
Data,是对方发来的发来的Information request。
Data,是对方发来的发来的Information request。
这其实是一个互相交换information的过程。
Frame32:收到Max Slots Change event
该Event有两个参数:
Connection_Handle,
LMP_Max_Slots
00011011 00000011 00001001 00000000 00000101
EventCode:0x1b
Total Length: 3
Connection Handle: 9
LMP Max Slots: 5
////这个应该是返回的extended feature吧
Frame33: Read_Remote_Extended_Supported_Features----Command Status
00001111 00000100 00000000 00000010 00011100 00000100
OpCode:0x0f
Total Length: 4
Status: Success 0x00
Number HCI Command Packets: 2
Opcode: 0x041c
Frame34:Read_Remote_Extended_Features_Complete
event
event
该Event参数如下:
Status, Connection_Handle,
Page_Number,
Maximum page number,
Extended_LMP_Features
00100011 00001101 00000000 00001001 00000000 00000001 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
EventCode:0x23
Total Length: 00001101 = 13
Status: Request for remote extended features succeeded
Connection Handle: 0x00001001 = 9
Page Number = 00000000 00000001 = 0x01
Maximum Page Number: 0x01
Extended_LMP_Features: 0x0000000000000001 //根据FEATURE MASK来表示,支持就置为1,这里表示支持3 slot packets
以上完成了一个L2CAp的information request的过程,这个request要求的是Extended features supported,相应的HCI发送HCI_Read_Remote_Extended_Features,page Number为0x00000001,左后返回的
Read_Remote_Extended_Features_Complete event返回了需要读取的Feature,和相同的Page Number0x0000001。
Frame35-37发出Read_RSSI的Command,返回Number Of Completed Packets和command complete event。这个是在L2CAP发出Connection request之前必须的吗??
Frame38:L2CAP发出Connection request,HCI收到相应的ACL Data
00001001 00000000 00001100 00000000 00001000 00000000 00000001 00000000 00000010 00000100 00000100 00000000 00000001
00000000 01000000 00000000
00000000 01000000 00000000
Connection Handle: 00001001 000000 = 9
Broadcast Flag: No broadcast, point-to-point
Packet Boundary Flag: First non-automatically-flushable L2CAP packet
Total Length: 00001100 00000000 = 0x0c = 12
L2CAP部分:
PDU Length: 00001000 00000000 = 8
CID:00000001 000000000 = 0x0001(signaling Channel)
Command Code: 00000010 = 0x02(Connection request)
ID:00000100 = 4
length = 00000000 000000100 = 4
PSM: 00000001 00000000 = 0x0001 (SDP)
Source CID:01000000 00000000 = 0x0040 //定义了request发出和接收的CID
这个request发出,开始建立L2CAP的连接
Frame39:发出Write_Link_Policy_Settings command
Frame40:L2CAP对对方的information request进行response,ID是2
Frame41:对本地发送的information request的response,ID是31。
Frame42:本地L2CAP再次发送information request,ID为32,
Frame43:收到Write_Link_Policy_Settings command的command complete event
Frame44-47是Role discovery command和对应的event
Frame48:HCI收到ACL Data,远端L2CAP发出的对本地的connection request的response
00001001 00100000 00010000 00000000 00001100 00000000 00000001 00000000
00000011 00000100 00001000 00000000 01000100 00000000 01000000 00000000 00000001
00000000 00000000 00000000
00000011 00000100 00001000 00000000 01000100 00000000 01000000 00000000 00000001
00000000 00000000 00000000
Connection Handle: 9
Broadcast Flag: No broadcast, point-to-point
Packet Boundary Flag: First automatically-flushable L2CAP packet
Total Length: 16
L2CAP部分:
PDU Length: 12
Channel ID: 0x0001
Command Code: 00000000 00000011 =0x03 Connection response
Identifier: 4
Command Length: 8
Destination Channel ID: 01000100 00000000 = 0x0044 //发送这个response的CID
Source Channel ID:01000000 00000000 0x0040 //这个CID在request中确定下来
Result: 00000001 00000000 (Connection pending)
Status: No further information available
四.总结