Research and Development of HCI Layer in Bluetooth Core specifications

Abstract: Through the study of the Host Control Interface of Bluetooth Core Specification 1.2, the communication mechanisms and methods of the Bluetooth Baseband layer and the host side are analyzed. Some basic Bluetooth commands and events are illustrated, and related interfaces are explained. On this basis, the development of the Bluetooth HCI Layer is convenient.

Key words: Bluetooth; HCI; baseband; Traffic Control

Graph classification: tp399 Document Identification Code: article A No.: 1009-3044 (2007) 06-11671-04

　　

1 Introduction

Bluetooth is an open standard for wireless data and voice transmission. Bluetooth uses the frequency hopping technology and operates in the GHz ISM band. The maximum one-way transmission rate can be reached when asymmetric channels are used.
723.2kb/s, supporting both data and voice communication. Bluetooth supports point-to-point and point-to-point connections. You can connect several Bluetooth devices to a micro-Network (piconet) wirelessly.
Micro-networks can be interconnected into scattered networks (scatternet) to form a flexible topology of multiple micro-networks, so as to achieve fast communication between various devices.

　　

2 Analysis of HCI location in Bluetooth Software Protocol Model

The Protocol Model 1 of the Bluetooth system is shown in. We can see that HCI is located at The L2CAP (Logical Link Control and Adaptation Protocol) layer and LMP (Link Management Protocol) layer of the Bluetooth system.
A layer of protocol. HCI provides a unified way for upper-layer protocols to access LM and to access baseband. In the HCI host (host) and HCI host controller (host
There are several transport layers between them. These transport layers are transparent. You only need to complete the data transmission task, and you do not need to know the specific data format. Currently, Bluetooth sig provides four types
Device connection physical Bus: USB, RS232, UART, and PC Card. The connection through RS232 serial port has error verification.

Figure 1 Protocol Model of the Bluetooth System

The underlying protocol 2 of the HCI Layer is shown in. The figure shows that the HCI Layer shields the baseband and provides a unified way for the upper layer of the protocol layer to enter the baseband. Figure 2 provides an overview of the Lower software layer. HCI firmware implements HCI commands by executing baseband commands, link manager commands, hardware status recorders, and control recorders and Event recorders for Bluetooth hardware access.

　　

3 Research and Analysis of HCI and Baseband Communication Modes

Figure 2 underlying HCI protocols

The underlying protocol communication of the Bluetooth system is shown in figure 3. Next, we will analyze and study the communication between the HCI Layer and the Baseband in the Bluetooth system in combination with figure 3.

Figure 3 underlying protocol communication of the Bluetooth System

Figure 3 shows the path from one device to another. HCI drives on the host use HCI on the Bluetooth hardware
Firmware exchange data and commands. The Host Control transport layer (that is, the physical Bus) Driver provides the ability to exchange information between the two HCI layers. The host receives asynchronous communication for HCI events, and HCI events are independent
Physical bus.
3.1 analysis of communication methods

HCI transmits data, commands, and events through packets. All communication between the host and the host controller is carried out in the form of packets. Including the response parameters of each command
Package for transmission. HCI has three packages: data, command, and event. The data packet is bidirectional. The command package can only be sent from the host to the host controller, and the event package is always sent from the host controller to the host. Large number of hosts
Most command packages trigger host controllers to generate corresponding event packages as responses.

There are six types of command packages:

Link Control commands;

Link policy and mode commands;

Host Control and baseband commands;

Information command;

STATUS Command;

Test command.

Event packages can also be divided into three types:

Common events, including command complete and command status packages );

Test events;

Events that occur when an error occurs, such as flush occured and Data Buffer Overflow ).

Data packets can be divided into ACL and SCO data packets. The package format is 4.

Figure 4 package format

Analysis and Research on 3.2 packet Parameters

Command package: OCF (opcode command field) and ogf (opcode group) in the Command package
Field) is used to distinguish between command types. Parameter
Length indicates the length of the parameter, in bytes, followed by the parameter list. The following uses the inquiry command as an example to describe the HCI command package. (Note: ogf range
Yes0x00 ~ 0x3f, where 0x3e is retained for Bluetooth logo testing, 0x3f is retained as the manufacturer's debugging command)

In the inquiry command, ogf = 0x01 indicates that this command is a link control command, and OCF = 0x0001 indicates that this command is in the Link Control Command
Inquiry command. OCF and ogf occupy two bytes in total, and because the base byte is in front, they are in the Command package 0x0104. In inquiry
In the command, the parameter length is 5. The inquiry command has three parameters. The first parameter is lap (low address part ),
It is used to generate access
Code. The second parameter is inquiry_length, which indicates the maximum time defined before the inquiry command is stopped. After this time, the inquiry command is terminated. The
The three parameters are num_response. The value 0x00 indicates that the number of device responses is not limited. If the value is 0 X, the maximum number of device responses before the inquiry command ends
Number. Therefore, if lap = 0x9e8b00, inquiry_length = 0x05, num_response = 0x05, the upper layer of the Protocol calls inquiry
The command package sent by HCI to the baseband is 0x01 04 05 00 8B 9e 05.

Event package: the Event code of the event package is used to distinguish between different event packages. parameter length indicates the length of the parameter to be included, in bytes, followed by the parameter list. Take the command status event package as an example to describe the HCI event package.

When the host controller receives the inquiry command package from the host and starts processing, it sends the command status to the host.
Event event package, which is 0x0f 04 00 0a 01 04. 0xof indicates that the event package is command status
Event event package. 0x04 indicates that the event package has a four-byte length parameter. 0x00 indicates that the first parameter of the event package is status, indicating that the command package is being processed. 0x0a is
The two parameters num_hci_command_packets indicate that the host can send up to 10 command packages to the host controller. 0x01 04
Command_opcode is the third parameter, indicating that this event package is a response to the inquiry command package.

Data Packet: connection in the ACL and SCO data packets
Handle indicates that the connection handle is a 12-bit identifier used to uniquely identify the data or voice connection between two bluetooth devices, it can be seen as the unique data channel between two bluetooth devices. Two devices
There can only be one ACL connection, that is, there is only one ACL connection handle. The L2CAP channel is based on the data channel represented by this connection handle; two devices can have multiple SCO
A device has multiple SCO connection handles. The connection handle exists during the connection between the two devices, regardless of the status of the device. In an ACL packet, flags are divided into Pb
Flag and BC flag, and Pb flag are packet boundary marks. Pb flag = 0x00 indicates that this packet is the starting part of the Upper-layer protocol package (such as L2CAP package); Pb
Flag = 0x01 indicates that this packet is the subsequent part of the Upper-layer protocol package (such as The L2CAP package. BC flag is the flag for broadcasting, BC
Flag = 0x00 indicates that no broadcast is sent, but only point-to-point transmission. BC flag = 0x01 indicates that all activated slave devices are broadcast and sent.
Flag = 0x02 indicates that all slave devices, including sleeping slave devices, are broadcast and sent. Data total length in the ACL and SCO data packets
The length of the loaded data, in bytes. (Note: only after an ACL link is established can an SCO link be established)

　　
Original article

3.3 Research and Analysis of communication process

When the host and baseband communicate with each other using commands, the host sends command packets to the host controller. The host controller completes a command. In most cases, it sends a command to the host to complete
Event package (command complete
Packet). The package contains command completion information. Some commands will not receive the command completion event, but will receive the command status event package (command status
Packet), when the event is received, it indicates that the commands issued by the host have been received and processed by the host controller. After a while, the command is executed, the host controller sends an event package to the host.
To notify the host. If the command parameter is incorrect, the corresponding error code is displayed in the command status event. If the error occurs in a returned command
In the complete event package command, the command
The Complete Event package does not necessarily contain all the parameters defined by this command. The status parameter is used to explain the cause of the error and is also the first parameter returned, always to return. If a connection is followed by a status parameter
This parameter is always returned when a device address is connected to a handle or bluetooth device address.
The Complete Event package is a command of that instance. In this case, the connection handle or bluetooth device address in the event package should be consistent with the corresponding parameters of the command package. If the error appears at one, no response is returned.
Command
In the complete event package command, all parameters contained in the event package are not necessarily valid. The host must determine their validity Based on the status parameters in the event package associated with this command.

Analysis and Research on 3.4 HCI Flow Control

HCI traffic control is designed to manage limited resources in the host and host controller and control data traffic. The host manages the data cache zone of the host controller, the host dynamically adjusts the traffic of each connection handle.

For traffic control of command packages, the host must determine the number of command packages that can be sent before each command is sent. Of course, when the command package is started or restarted, you do not need to consider the receipt status, until receiving
Until the command completes the event package or command status event package. Because num_hci_command _ is included in each command completion event package and command status event package _
The packets option indicates the number of command packages that the host can send to the host controller at that time, and each command must have corresponding command to complete the event package and command status event package, the host can control the command package
Will overflow.

For packet traffic control, the host initially calls the read_buffer_size command. The two parameters returned by this command determine the ACL that the host can send to the host controller.
The maximum size of the two data packets, and two additional parameters indicate the total number of ACL and SCO data packets that the host controller can receive. The host controller sends
Number_of_complete_packets event. The parameter value of this event indicates the number of packets that have been processed for each connection handle (including correctly transmitted and discarded packets ). Master
Based on the total number of packets that the machine knows at the beginning, minus the number of packets that have been processed, you can calculate the number of data packets that can be sent to control the traffic of data packets.

If necessary, the HCI traffic control can also be implemented by the host controller to control the host. You can use set_host _
The controller_to_host_flow_control command is used to set the control process. The control process is similar to the Host control process, but the command is slightly different. When the host receives a chain disconnection confirmation
After the event, it is deemed that all data packets sent to the host controller have been discarded, and the data buffer in the host controller has been released.

　　

4 HCI protocol layer software development

After comprehensive analysis and research on the HCI Layer, we can propose a software development scheme for the HCI protocol layer and determine the interfaces provided by the HCI Layer to the upper layer of the Protocol. These interfaces are provided to the upper layer of the Bluetooth protocol stack.
Provides a unified entry to baseband. The entire interface is divided into eight parts according to the requirements of the Protocol Stack. The following describes the interfaces of each part. The entire software layer uses a mechanism that combines message transmission and function call.
Now, the upper-layer calls to the HCI interface adopt the function call mechanism, and the upper-layer communication of HCI adopts the message transmission method. Let's explain the eight interfaces in the form of examples.

4.1 start command

This command interface is used by the host to register with HCI and start HCI.

For example, the function interface for starting HCI is hci_reqstart (), and the message interface for the upstream layer after HCI is started is hci_start_cnf (). The command execution process is shown in step 5.

Figure 5 HCI startup and registration process

4.2 Link Control commands

The link control command allows the host controller to control connections to other Bluetooth devices. When the Link Control Command is run, lm controls the establishment and maintenance of the Bluetooth micronetwork and the distributed network. These commands instruct LM to create and modify the connection link with the remote Bluetooth device, query other Bluetooth devices in the range, and other link management protocol commands.

For example, the HCI Layer provides the upper layer with the function interface hci_inquiry and the message interface hci_inquiry_result_evt and hci_inquiry_cnf. The command execution process is shown in Step 6.

Figure 6 HCI Query Process

The host first calls the hci_inquiry function of HCI to start the query process. During this process, if a Bluetooth user responds to this query,
Hci_inquiry_result_evt event notifies the host. At the end of the query process, the hci_inquiry_cnf message will be generated to notify the host.
Nrofresponse indicates the number of Bluetooth devices that are returned during this query.

4.3 link policy commands

The link policy command provides a way to influence how lm manages the micronetwork. When the link policy command is run, lm still controls the establishment and maintenance of the micronetwork and the distributed network with adjustable parameters. These link policy commands adjust lm behavior, resulting in a change in the Link Layer connection with the remote Bluetooth device.

The hci_qossetup function is provided for the upper layer of the HCI Layer. The message interfaces are hci_qos_setup_evt and hci_qos_setup_cnf, and hci_qos_setup_cnf_neg. The Command Execution Process is 7.

Figure 7 HCI Service Quality establishment process

The host first calls the hci_qossetup request to establish QoS. When QoS is established as hci_qos_setup_cnf, the message is sent to the initiator, and an event message is sent to the remote device. When QoS establishment fails, hci_qos_setup_cnf_neg is sent to the initiator.

4.4 host controller and baseband commands

Host controllers and baseband commands are used to change the LM operation mode associated with establishing connections such as sound settings, authentication modes, and encryption modes.

Taking the link key stored by the host controller as an example, the HCI Layer provides the upper layer with the function interface hci_readlinkkey, and the message interface is hci_read_link_key_rresult_evt and hci_read_link_ke.

Y _ CNF. The command execution process is shown in 8.

Figure 8 link key read by HCI

4.5 information commands

The parameters of these information commands are determined by the Bluetooth hardware manufacturer. They provide information about the host controller, link manager, and baseband of Bluetooth devices and devices. Host devices cannot change these parameters.

The HCI Layer provides function interfaces for the upper layer:

Hci_reqcountrycode hci_reqlocaladdress

Hci_reqreadlocalfeatures hci_reqreadlocalversion

Hci_reqreadbd_addr

The message interface provided by the HCI Layer is:

Hci_country_code_cnf

Hci_country_code_cnf_neg

Hci_local_address_cnf

Hci_local_address_cnf_neg

Hci_read_local_features_cnf

Hci_read_local_features_cnf_neg

　　
Hci_read_local_version_cnf

Hci_read_local_version_cnf_neg

Hci_read_bd_addr_cnf

Hci_read_bd_addr_cnf_neg

4.6 STATUS Command

The status Command provides status messages of HCI, lm, and BB. These status parameters cannot be changed by the host, but can be reset.

The HCI Layer provides function interfaces for the upper layer:

Hci_reqgetlinkquality

Hci_reqreadfailedcounter

Hci_reqresetfailedcounter

Hci_reqreported

The message interface provided by the HCI Layer is:

Hci_get_link_quality_cnf

Hci_get_link_quality_cnf_neg

Hci_read_failed_counter_cnf

Hci_read_failed_counter_cnf_neg

Hci_reset_failed_counter_cnf

Hci_reset_failed_counter_cnf_neg

Hci_rssi_cnf hci_rssi_cnf_neg

4.7 test command

The test command can test various functions of the Bluetooth hardware and provide different test conditions for the blue tooth device.

The HCI Layer provides function interfaces for the upper layer:

Hci_reqenabledutmode hci_reqreadloopbackmode

Hci_reqwriteloopbackmode

The message interface provided by the HCI Layer is:

Hci_enable_dut_mode_cnf

Hci_enable_dut_mode_cnf_neg

Hci_read_loopback_mode_cnf

Hci_read_loopback_mode_cnf_neg

Hci_write_loopback_mode_cnf

Hci_write_loopback_mode_cnf_neg

4.8 Data Transmission commands

These commands provide the required interfaces for data transmission between bluetooth devices. For example, allocate the required memory interface hci_dataalloc, the data transmission interface hci_datasend, and the data extraction interface hci_dataextract. Figure 9 shows how to use these interfaces when transmitting data in a Bluetooth system.

Figure 9 HCI data transmission process

Since HCI provides a unified interface for the upper layer of the Bluetooth protocol layer to access the baseband, you can develop the above interface to match the upper layer data stream to the baseband so that the baseband can be processed, and generate corresponding events.

　　

5 conclusion

The development of Bluetooth products focuses on unique applications. It combines bluetooth technology with various terminal products in real life, such as barcode scanners, headphones, and telephones,
This frees people from the limitations of various cables. Currently, the development of Bluetooth, especially embedded development combined with terminal products, is showing a strong momentum in short-distance wireless communication,
The development of Bluetooth technology is coming soon.

References:

[1] Zhang lulin. Bluetooth protocol and its implementation [M]. Beijing: People's post and telecommunications Press, 2001.

[2] Jin Chun. Bluetooth Technology [M]. Beijing: Electronics Industry Press, 2001.

[3] ericssion, Nokia, IBM. Specification of the Bluetooth system version1.0b [s], 1999.

[4] core, version 1.2b, Bluetooth Sig. Specification of the Bluetooth system [s], 2003.