The Microsoft WinSock API allows a programmer to open or receive RFCOMM Bluetooth connections to an arbitrary BTH_ADDR and port. I’d like to do something similar, but at the L2CAP level, which, unless I’m mistaken isn’t currently possible.
The MS profile drivers overview page states, “Profile drivers use the Bluetooth L2CAP DDIs to open, update, and close L2CAP connections, as well as to perform read and write operations over an open L2CAP connection.” So is it possible to create a simple pass-through driver that makes this available to user mode, allowing the user-mode code to send and receive packets over a desired PSM?
Or perhaps there’s a better way to do what I’m trying to accomplish:
The Nintendo Wii peripherals have become relatively popular as tools in academic research. They communicate over Bluetooth, mostly using the HID protocol (over L2CAP PSMs 0x11 and 0x13). On Windows, communicating with Wii devices using the MS Bluetooth stack requires you to first go through the “Add a Device” menu. When the Wii is put into discoverable mode, Bluetooth Inquiry finds the device and allows a user to select it and pair without a pass code. The device reports itself as Joystick-type HID. Windows then proceeds to install the HID driver for the device and finally tries to open the appropriate PSM connections. However, in the time it takes to install the driver, the device frequently times-out and turns off. It seems like you can increase the likelihood of successful connection by opening the properties page for the device. I’m guessing that this keeps the device awake by opening PSM 1 for an SDP connection. Once the device is connected, you can use SetupDiEnumDeviceInterfaces to find and communicate with the device through HID channels.
The problem is, if the initial connection fails or the link is broken later on, the only way to get those channels back open seems to be first Removing the Device from the devices and printers menu and then starting the whole discovery/pairing process over again.
By registering for WM_DEVICECHANGE events on the local Bluetooth Radio, we can see when devices come into range. We can tell it’s the right device. We just want a quick and painless way to re-establish the L2CAP connections so we can start sending/receiving packets again. I’m open to suggestions.
Thanks,
jc
If the connection fails, or
You are right. At L2CAP level, one needs to write KMDF profile driver to
establish connections. Basically KMDF profile driver is responsible for
sending BRBs (
http://msdn.microsoft.com/en-us/library/windows/hardware/ff536657(v=vs.85).aspx
).
These BRBs are not accessible to user mode. So whatever you have done
with RFCOMM will be possible if you implement the profile driver for the
needed L2CAP PSM.
Thanks
Ramana
On Mon, Mar 24, 2014 at 11:22 AM, wrote:
> The Microsoft WinSock API allows a programmer to open or receive RFCOMM
> Bluetooth connections to an arbitrary BTH_ADDR and port. I’d like to do
> something similar, but at the L2CAP level, which, unless I’m mistaken isn’t
> currently possible.
>
> The MS profile drivers overview page states, “Profile drivers use the
> Bluetooth L2CAP DDIs to open, update, and close L2CAP connections, as well
> as to perform read and write operations over an open L2CAP connection.” So
> is it possible to create a simple pass-through driver that makes this
> available to user mode, allowing the user-mode code to send and receive
> packets over a desired PSM?
>
> Or perhaps there’s a better way to do what I’m trying to accomplish:
> The Nintendo Wii peripherals have become relatively popular as tools in
> academic research. They communicate over Bluetooth, mostly using the HID
> protocol (over L2CAP PSMs 0x11 and 0x13). On Windows, communicating with
> Wii devices using the MS Bluetooth stack requires you to first go through
> the “Add a Device” menu. When the Wii is put into discoverable mode,
> Bluetooth Inquiry finds the device and allows a user to select it and pair
> without a pass code. The device reports itself as Joystick-type HID.
> Windows then proceeds to install the HID driver for the device and finally
> tries to open the appropriate PSM connections. However, in the time it
> takes to install the driver, the device frequently times-out and turns off.
> It seems like you can increase the likelihood of successful connection by
> opening the properties page for the device. I’m guessing that this keeps
> the device awake by opening PSM 1 for an SDP connection. Once the device
> is connected, you can use SetupDiEnumDeviceInterfaces to find and
> communicate with the device through HID channels.
> The problem is, if the initial connection fails or the link is broken
> later on, the only way to get those channels back open seems to be first
> Removing the Device from the devices and printers menu and then starting
> the whole discovery/pairing process over again.
>
> By registering for WM_DEVICECHANGE events on the local Bluetooth Radio, we
> can see when devices come into range. We can tell it’s the right device.
> We just want a quick and painless way to re-establish the L2CAP
> connections so we can start sending/receiving packets again. I’m open to
> suggestions.
>
> Thanks,
> jc
>
> If the connection fails, or
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>