From: Adam Pigg <adam@piggz.co.uk>
To: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc: "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>
Subject: Re: GATT issue, possible bluez bug?
Date: Tue, 22 Mar 2022 10:40:46 +0000 [thread overview]
Message-ID: <CANFkB1xEesP1cMmK4VGi5cH-v80ho00wT24q=+4QQSdyPegPQQ@mail.gmail.com> (raw)
In-Reply-To: <CANFkB1yr3N_Twac=ocxBRst79-gmdu8=6VTD6oPgdGT0rb_HaQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3740 bytes --]
Hi Luiz
On Tue, 22 Mar 2022 at 07:55, Adam Pigg <adam@piggz.co.uk> wrote:
>
> Hi Luiz
>
> On Tue, 22 Mar 2022 at 00:44, Luiz Augusto von Dentz
> <luiz.dentz@gmail.com> wrote:
> >
> > Hi Adam,
> >
> > On Mon, Mar 21, 2022 at 4:03 PM Adam Pigg <adam@piggz.co.uk> wrote:
> > >
> > > Hi
> > >
> > > A bit of background, I write a linux desktop/mobile app called
> > > Amazfish which interfaces with several watches over BLE using their
> > > GATT services. To do this, I use the bluez dbus api (technically a
> > > thin wrapper around it I wrote called qble
> > > https://github.com/piggz/qble)
> > >
> > > All has been good so far, I support several generations of
> > > Huami/Amazfit watches, as well as the open source Pinetime and
> > > Bangle.js. For the Amazfit watches, i have implementations for older
> > > devies such as the Bip, and newer ones such as the GTS.
> > >
> > > Much of the reverse engineering comes from the Android Gadget Bridge
> > > project, which supports many more devices.
> > >
> > > My community of users donated to buy me a newer device called a GTR2,
> > > which, according to the GB devs uses the same protocol as the slightly
> > > older GTS, and the packet captures I have from Android would support
> > > this.
> > >
> > > But this is where my trouble starts with Bluez, my existing
> > > implementation doesnt work at all. Normally, after a connection, I
> > > would wait for the ServicesResolved signal, which happens pretty fast
> > > on all other devices, but on the GTR2, it takes about 30 seconds, by
> > > which time, the watch has disconnected. (i get a disconnected signal
> > > immediately after the ServicesResolved signal)
> > >
> > > To rule out my code, I have tried several things:
> > > Gatttool
> > > With gattool, i can connect, get the services, enable a notification,
> > > write a value and get the expected results seemingly fine
> > >
> > > Python-gatt (using the bluez dbus api)
> > > Im unable to iterate the services, like my app, it takes 30 seconds to
> > > get the signal and then swiftly disconnects
> > >
> > > Gattlib (https://github.com/labapart/gattlib)
> > > Gattlib is interesting as it appears to have "borrowed" much of its
> > > code directly from bluez. When built against the system bluez, if the
> > > version is > 5.42, it will use the dbus api. When I do this, again im
> > > unable to list services on the watch. However, if I edit the build to
> > > force it to use its internal gatt implementation, which appears to be
> > > the same one used by gatttool, then, it IS able to interrogate the
> > > watch.
> > >
> > > I have attached 3 files
> > > 1. test python program which should print services, and associated btmon
> > > 2. btmon output while using gatttool
> > > 3. btmon output running gattlib discover example
> > >
> > > Note, other than discovery, I havnt been able to get gattlib to
> > > read/write/notify!
> > >
> > > It seems as though I may be triggering a bug in the bluez dbus api?
> > > Can anyone suggest anything?
> >
> > What version are you using? I would first try with the latest to see
> > if that something already fixed.
> >
> >
> Im using 5.63 already, which is the latest tag (on opensuse tumbleweed)
>
> I'll also try bluetoothctl and attach logs using that, though I
> suspect it will behave the same as the python library and my own
> library.
>
Attached is the output of btmon while using bluetoothctl
bluetoothctl behaves the same as my lib and python, it is unable to
list services, and after a while, emits the ServicesResolved and
disconnected messages at the same time. Im sure it should be able to
list the services immediately after connect just like gatttool can.
Thanks
> > --
> > Luiz Augusto von Dentz
[-- Attachment #2: btmon_bluetoothctl.txt --]
[-- Type: text/plain, Size: 20135 bytes --]
bluetoothctl:
[bluetooth]# connect F8:C3:D1:B0:5A:3A
Attempting to connect to F8:C3:D1:B0:5A:3A
[CHG] Device F8:C3:D1:B0:5A:3A Connected: yes
Connection successful
[Amazfit GTR 2]# menu gatt
Menu gatt:
Available commands:
-------------------
list-attributes [dev/local] List attributes
select-attribute <attribute/UUID> Select attribute
attribute-info [attribute/UUID] Select attribute
read [offset] Read attribute value
write <data=xx xx ...> [offset] [type] Write attribute value
acquire-write Acquire Write file descriptor
release-write Release Write file descriptor
acquire-notify Acquire Notify file descriptor
release-notify Release Notify file descriptor
notify <on/off> Notify attribute value
clone [dev/attribute/UUID] Clone a device or attribute
register-application [UUID ...] Register profile to connect
unregister-application Unregister profile
register-service <UUID> [handle] Register application service.
unregister-service <UUID/object> Unregister application service
register-includes <UUID> [handle] Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID> Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object> Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object> Unregister application descriptor
back Return to main menu
version Display version
quit Quit program
exit Quit program
help Display help about this program
export Print environment variables
[Amazfit GTR 2]# list-attributes
[Amazfit GTR 2]# list-attributes
[CHG] Device F8:C3:D1:B0:5A:3A ServicesResolved: yes
[CHG] Device F8:C3:D1:B0:5A:3A ServicesResolved: no
[CHG] Device F8:C3:D1:B0:5A:3A Connected: no
[bluetooth]# list-attributes
Missing device address argument
[bluetooth]#
----------
btmon:
piggz@adam-laptop ~ $ sudo btmon
Bluetooth monitor ver 5.63
= Note: Linux version 5.16.14-1-default (x86_64) 0.789481
= Note: Bluetooth subsystem version 2.22 0.789491
= New Index: DC:53:60:51:00:C6 (Primary,USB,hci0) [hci0] 0.789493
= Open Index: DC:53:60:51:00:C6 [hci0] 0.789495
= Index Info: DC:53:60:51:00:C6 (Intel Corp.) [hci0] 0.789497
@ MGMT Open: bluetoothd (privileged) version 1.21 {0x0001} 0.789501
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #1 [hci0] 23.828121
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 60.000 msec (0x0060)
Own address type: Public (0x00)
Filter policy: Accept all advertisement (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 23.945934
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 23.945959
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 23.946923
LE Set Scan Enable (0x08|0x000c) ncmd 2
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 40 #5 [hci0] 24.036976
LE Advertising Report (0x02)
Num reports: 1
Event type: Scannable undirected - ADV_SCAN_IND (0x02)
Address type: Random (0x01)
Address: 59:99:99:79:5A:A2 (Resolvable)
Data length: 28
16-bit Service UUIDs (complete): 1 entry
Google (0xfe9f)
Service Data (UUID 0xfe9f): 0000000000000000000000000000000000000000
RSSI: -79 dBm (0xb1)
> HCI Event: LE Meta Event (0x3e) plen 43 #6 [hci0] 24.935972
LE Advertising Report (0x02)
Num reports: 1
Event type: Connectable undirected - ADV_IND (0x00)
Address type: Random (0x01)
Address: F8:C3:D1:B0:5A:3A (Static)
Data length: 31
Flags: 0x02
LE General Discoverable Mode
Company: Anhui Huami Information Technology Co., Ltd. (343)
Data: 02ffffffffffffffffffffffffffffffff02f8c3d1b05a3a
RSSI: -55 dBm (0xc9)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #7 [hci0] 24.936049
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #8 [hci0] 24.960963
LE Set Scan Enable (0x08|0x000c) ncmd 2
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #9 [hci0] 24.961101
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: Accept list is not used (0x00)
Peer address type: Random (0x01)
Peer address: F8:C3:D1:B0:5A:3A (Static)
Own address type: Public (0x00)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #10 [hci0] 24.961888
LE Create Connection (0x08|0x000d) ncmd 2
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #11 [hci0] 25.792901
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 3585
Role: Central (0x00)
Peer address type: Random (0x01)
Peer address: F8:C3:D1:B0:5A:3A (Static)
Connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Central clock accuracy: 0x00
@ MGMT Event: Device Connected (0x000b) plen 44 {0x0001} [hci0] 25.792971
LE Address: F8:C3:D1:B0:5A:3A (Static)
Flags: 0x00000008
Connection Locally Initiated
Data length: 31
Flags: 0x02
LE General Discoverable Mode
Company: Anhui Huami Information Technology Co., Ltd. (343)
Data: 02ffffffffffffffffffffffffffffffff02f8c3d1b05a3a
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2 #12 [hci0] 25.793193
Handle: 3585
> HCI Event: Command Status (0x0f) plen 4 #13 [hci0] 25.793895
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12 #14 [hci0] 25.841893
LE Read Remote Used Features (0x04)
Status: Success (0x00)
Handle: 3585
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
LE Encryption
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28 #15 [hci0] 25.841997
Handle: 3585
Random number: 0x4466d17a4fe0a6d4
Encrypted diversifier: 0xdc96
Long term key: 86f2f8d5c8b54af78af65be71cd95bc0
> HCI Event: Command Status (0x0f) plen 4 #16 [hci0] 25.842883
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Change (0x08) plen 4 #17 [hci0] 26.290886
Status: Success (0x00)
Handle: 3585
Encryption: Enabled with AES-CCM (0x01)
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #18 [hci0] 26.291150
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 517
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #19 [hci0] 26.340636
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 247
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #20 [hci0] 26.341105
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 517
> HCI Event: Number of Completed Packets (0x13) plen 5 #21 [hci0] 26.341885
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #22 [hci0] 26.391907
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #23 [hci0] 26.440658
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 252
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #24 [hci0] 26.441186
ATT: Read Request (0x0a) len 2
Handle: 0x0032
> HCI Event: Number of Completed Packets (0x13) plen 5 #25 [hci0] 26.490891
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 12 #26 [hci0] 26.540658
ATT: Read Response (0x0b) len 7
Value: 01570140000101
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #27 [hci0] 26.541145
ATT: Read Request (0x0a) len 2
Handle: 0x0016
> HCI Event: Number of Completed Packets (0x13) plen 5 #28 [hci0] 26.640888
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 19 #29 [hci0] 26.641236
ATT: Read Response (0x0b) len 14
Value: 416d617a66697420475452203200
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #30 [hci0] 26.641557
ATT: Read Request (0x0a) len 2
Handle: 0x0018
> HCI Event: Number of Completed Packets (0x13) plen 5 #31 [hci0] 26.690889
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 7 #32 [hci0] 29.073366
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 247
< ACL Data TX: Handle 3585 flags 0x00 dlen 7 #33 [hci0] 29.073754
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 247
> HCI Event: Number of Completed Packets (0x13) plen 5 #34 [hci0] 29.090909
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #35 [hci0] 29.790616
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0001-0xffff
Attribute type: Characteristic (0x2803)
< ACL Data TX: Handle 3585 flags 0x00 dlen 27 #36 [hci0] 29.791232
< ACL Data TX: Handle 3585 flags 0x01 dlen 27 #37 [hci0] 29.791274
< ACL Data TX: Handle 3585 flags 0x01 dlen 8 #38 [hci0] 29.791289
ATT: Read By Type Response (0x09) len 57
Attribute data length: 7
Attribute data list: 8 entries
Handle: 0x0002
Value: 020300002a
Handle: 0x0004
Value: 020500012a
Handle: 0x0006
Value: 020700a62a
Handle: 0x0009
Value: 200a00052a
Handle: 0x000c
Value: 0a0d00292b
Handle: 0x000e
Value: 020f002a2b
Handle: 0x0010
Value: 0211003a2b
Handle: 0x0013
Value: 021400502a
> HCI Event: Number of Completed Packets (0x13) plen 5 #39 [hci0] 29.840901
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #40 [hci0] 29.841879
Num handles: 1
Handle: 3585
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5 #41 [hci0] 29.842882
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #42 [hci0] 29.890579
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0014-0xffff
Attribute type: Characteristic (0x2803)
< ACL Data TX: Handle 3585 flags 0x00 dlen 9 #43 [hci0] 29.890738
ATT: Error Response (0x01) len 4
Read By Type Request (0x08)
Handle: 0x0014
Error: Attribute Not Found (0x0a)
> HCI Event: Number of Completed Packets (0x13) plen 5 #44 [hci0] 29.940895
Num handles: 1
Handle: 3585
Count: 1
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #45 [hci0] 29.990588
ATT: Read By Type Request (0x08) len 6
Handle range: 0x0001-0xffff
Attribute type: Device Name (0x2a00)
< ACL Data TX: Handle 3585 flags 0x00 dlen 18 #46 [hci0] 29.991016
ATT: Read By Type Response (0x09) len 13
Attribute data length: 12
Attribute data list: 1 entry
Handle: 0x0003
Value: 426c75655a20352e3633
> HCI Event: Number of Completed Packets (0x13) plen 5 #47 [hci0] 30.040906
Num handles: 1
Handle: 3585
Count: 1
< HCI Command: Disconnect (0x01|0x0006) plen 3 #48 [hci0] 58.673128
Handle: 3585
Reason: Remote User Terminated Connection (0x13)
> HCI Event: Command Status (0x0f) plen 4 #49 [hci0] 58.790939
Disconnect (0x01|0x0006) ncmd 1
Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4 #50 [hci0] 58.791937
Status: Success (0x00)
Handle: 3585
Reason: Connection Terminated By Local Host (0x16)
@ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 58.791993
LE Address: F8:C3:D1:B0:5A:3A (Static)
Reason: Connection terminated by local host (0x02)
next prev parent reply other threads:[~2022-03-22 10:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-20 18:44 GATT issue, possible bluez bug? Adam Pigg
2022-03-22 0:43 ` Luiz Augusto von Dentz
2022-03-22 6:04 ` Luiz Augusto von Dentz
2022-03-22 7:55 ` Adam Pigg
2022-03-22 10:40 ` Adam Pigg [this message]
2022-03-22 21:35 ` Luiz Augusto von Dentz
2022-03-22 23:09 ` Adam Pigg
2022-03-22 23:35 ` Luiz Augusto von Dentz
2022-03-22 23:43 ` Luiz Augusto von Dentz
2022-03-23 9:11 ` Adam Pigg
2022-03-23 13:36 ` Adam Pigg
2022-03-23 14:46 ` Adam Pigg
2022-03-23 19:45 ` Luiz Augusto von Dentz
2022-03-23 19:52 ` Luiz Augusto von Dentz
2022-03-23 19:57 ` Adam Pigg
2022-03-28 16:37 ` Adam Pigg
2022-04-01 20:12 ` Adam Pigg
2022-04-01 21:49 ` Luiz Augusto von Dentz
2022-04-02 8:26 ` Adam Pigg
2022-04-02 9:14 ` Adam Pigg
2022-04-04 19:07 ` Adam Pigg
2022-04-04 20:12 ` Luiz Augusto von Dentz
2022-04-04 20:24 ` Adam Pigg
2022-04-04 20:29 ` Luiz Augusto von Dentz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANFkB1xEesP1cMmK4VGi5cH-v80ho00wT24q=+4QQSdyPegPQQ@mail.gmail.com' \
--to=adam@piggz.co.uk \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.