Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Odd, BRB_L2CA_OPEN_CHANNEL is returning IO_TIMEOUT

matt_sykesmatt_sykes Member - All Emails Posts: 270

There is very little documentation on bluetooth client profile drivers (need to create a custom one to modify the behaviour of a device), but following the two samples, from the DDK, and HIDWiiRemote from git, it is fairly simple.

The devices address and name are returned OK, the SDP record and PSM is parsed OK, so all working up to the point where BRB_L2CA_OPEN_CHANNEL fails with STATUS_IO_TIMEOUT.

I tried it with and without a call back (the call back when active did get the reference/deeference notifications), tried with various MTU sizes. This is the setup of the BRB, as you can see it is pretty much boiler plate stuff, nothing unusual:

pBrb->BtAddress = pDevExt->DevInfoAddress;
pBrb->Psm =  pDevExt->PSM;
pBrb->ChannelFlags = CF_ROLE_EITHER;

pBrb->ConfigOut.Flags = 0;
pBrb->ConfigIn.Flags = 0;

pBrb->ConfigOut.Flags |= CFG_MTU;
pBrb->ConfigOut.Mtu.Max = L2CAP_DEFAULT_MTU;
pBrb->ConfigOut.Mtu.Min =  L2CAP_MIN_MTU;
pBrb->ConfigOut.Mtu.Preferred = L2CAP_DEFAULT_MTU;

pBrb->ConfigIn.Flags = CFG_MTU;
pBrb->ConfigIn.Mtu.Max = L2CAP_DEFAULT_MTU;
pBrb->ConfigIn.Mtu.Min =  L2CAP_MIN_MTU;
pBrb->ConfigIn.Mtu.Preferred = L2CAP_DEFAULT_MTU;

pBrb->ConfigOut.ExtraOptions = 0;
pBrb->ConfigOut.NumExtraOptions = 0;
pBrb->ConfigOut.LinkTO = 0;

pBrb->CallbackFlags = 0;
pBrb->Callback = 0;;
pBrb->CallbackContext = 0;;

pBrb->ReferenceObject =  (PVOID)pDevExt->pFunctionalDeviceObject;
pBrb->IncomingQueueDepth = 10;

Is this a device issue perhaps?

Hard to see where it can go wrong it is so simple.

Comments

  • FrankGorgenyiFrankGorgenyi Member Posts: 1

    Hi Matt,

    Can you provide traces of you reproducing the issue?

  • matt_sykesmatt_sykes Member - All Emails Posts: 270

    The only trace is what my driver produces, which sees the failure from IoCallDriver, and prints it to windbg, nothing additional to that.

    IOCTL_INTERNAL_BTHENUM_GET_DEVINFO, IOCTL_INTERNAL_BTHENUM_GET_ENUMINFO, IOCTL_BTH_SDP_CONNECT, IOCTL_BTH_SDP_SERVICE_ATTRIBUTE_SEARCH, BRB_HCI_GET_LOCAL_BD_ADDR all work and return the expected data.

    If I change the parameters too much in the call to BRB_L2CA_OPEN_CHANNEL the stack returns with an 'invalid argument' error, for example if I change the address to the local one, instead of the devinfo address, so it look like the parameters being used are correct.

    This is why I am a bit puzzled. With the in box profile driver (HID) it is OK (it is a game controller, and joy.cpl sees the device and talks to it properly), so the device itself appears to function correctly.

    Is there anything special about HID devices? Do they need different parameters?

    The documentation on bluetooth, what there is, is badly entirely lacking. MSDN hasnot got much, but the bluetooth site is more like a marketing portal, their so called 'developer' section is pitiful!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA