From owner-freebsd-bluetooth@freebsd.org Sun Jul 9 16:54:32 2017 Return-Path: Delivered-To: freebsd-bluetooth@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D33E0D90B67 for ; Sun, 9 Jul 2017 16:54:32 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: from mail-pg0-x22a.google.com (mail-pg0-x22a.google.com [IPv6:2607:f8b0:400e:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9CDC265677 for ; Sun, 9 Jul 2017 16:54:32 +0000 (UTC) (envelope-from maksim.yevmenkin@gmail.com) Received: by mail-pg0-x22a.google.com with SMTP id t186so38263168pgb.1 for ; Sun, 09 Jul 2017 09:54:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=OLmO7C5K8/AYnXHKSWBGEXPDHQPgWAEFt6KZsYwu+Nw=; b=aqPGvoNNOtggwK2fhLMrAblb0L/jDbFDypqsdEpx5W+G1shs7c5Ybi9p6YU7mn/S0c QoMGqeV5XLn5w6Bdd0qokXSw9vEX+8az/lZ8XRQAczCQNTbxKy5fezTo35eO1nz89Qxg BQLiM1QTlARdtDTF0OtYHBFbpI4jpOfCngp8i0kqK4QZhjDivKqhs7tVjtaXKLyhkIrP eAFLBXLacIETZLcLQAkx3bVUKn/spAIjfSWYs43kic2sn2ZYjEKmZ7vGsRPDhU5G79wF AMDSpG9hPSxb1dDoOgDbccpfoYg81tVRlM8XgNNbbN+ZPzLuYoGTlNUwEZLZPynEQNzF r55g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=OLmO7C5K8/AYnXHKSWBGEXPDHQPgWAEFt6KZsYwu+Nw=; b=JYz7/2y1rR5p7XgDSf2eW2/BCioqFnlS9kr1pLQIIpSFmfiHQU9m8RqWIRixQIykuP RO0tQtkOpFw52RGiteIGFx2ZwdZDKHxijgF2STKc56PnPtYHyALVOHgUtxva9HitGDqz +9zIhj/zwubdlTVgiZKXvsYdA1yfLqcjvnljvsmnijXlsFzhcBo2KexpxEQANRwHz/0I ZlnF/2aiBCgZoh2DMq0cAcNFEW6+WNcQlNghCqvMIX6xCdbXEIU6cnVzCIpsIQNeVvH0 wr1cINuBZkh/VYzG2ticlW8cDrTnzZKjFrqk2A14yNuYFDZL8GqtnHYqWLZshNi098Rg C0bQ== X-Gm-Message-State: AIVw112p8SwDxwB9LFgbWYX9mxuI29z5/3+PWegMvSaomAecZilEuWCQ sKrPVfIXuomxOOw1+OE= X-Received: by 10.98.44.205 with SMTP id s196mr26420275pfs.168.1499619271752; Sun, 09 Jul 2017 09:54:31 -0700 (PDT) Received: from [192.168.1.105] (cpe-107-185-192-94.socal.res.rr.com. [107.185.192.94]) by smtp.gmail.com with ESMTPSA id f70sm20323247pfk.27.2017.07.09.09.54.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 09 Jul 2017 09:54:30 -0700 (PDT) Mime-Version: 1.0 (1.0) Subject: Re: How to listen quietly for other Bluetooth devices? From: maksim yevmenkin X-Mailer: iPhone Mail (14F89) In-Reply-To: Date: Sun, 9 Jul 2017 09:54:29 -0700 Cc: freebsd-bluetooth@freebsd.org Message-Id: <9DDD63D7-52A2-4995-98E4-D60CEE5EE106@gmail.com> References: <085c77b2-9f40-5a1f-0b49-86a24e561fce@aldan.algebra.com> To: "Mikhail T." Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2017 16:54:32 -0000 >> i'm not aware (not have i ever seen) of-the-shelf bluetooth dongle that i= s capable of going into "promiscuous" mode. > Thank you, Max, for sharing your expertise... So, you are saying, the deci= sion on whether to notify the host of a particular bit of traffic the dongle= "hears" is controlled by the hard-coded logic on the dongle itself -- and c= an not be reprogrammed by the host? >=20 Host normally does not get to see past HCI (host controller interface). HCI d= efines set of commands, responses and events that can be sent and received. T= his set varies slightly from one Bluetooth specification version to another,= however bulk of commands is mostly the same.=20 The way host accesses HCI is via transport. Serial, USB etc. HCI transport s= pecifies how HCI datagrams are transferred over particular low level transpo= rt interface. For example, with USB, HCI events are transferred over USB int= errupt endpoint, ACL data are transferred as USB bulk transfers and SCO data= as isochronous transfers.=20 So, basically, host gets to access particular HCI transport (USB in your cas= e) and gets to see HCI datagrams that are received over the transport. Host d= oes not get direct access to baseband (radio). All access is indirect via HC= I commands.=20 Of course HCI has provision for so called "vendor" commands. Those are speci= fic to each vendor and generally not documented. It is possible that some ve= ndor may have implemented commands that allow low level access to baseband, h= owever, I never saw anything like that.=20 > Sad... Maybe, I will have to "broadcast" something in order to register re= sponses. >=20 One possible way to do something like this is to instruct local Bluetooth de= vices to perform "periodic inquiry". This way local device will periodically= perform inquiry scan and save results into "neighbor cache". Dumping "neigh= bor cache" periodically will give an approximate list of "discoverable devic= es" in RF proximity. Of course timing is not going to be perfect (can't tell exactly when remote d= evice was seen) but it's something. Also, remote device may choose to not a= nswer inquiry scan (not discoverable). In this case there is still and optio= n to "page" remote device (try to open baseband connection) using remote dev= ice bd_addr Thanks !=20 Max