Bluetooth: Add LE Connection Update command & event types (#234)

secdev · Jul 30, 2016 · 2c28f06 · 2c28f06
1 parent 42b7c20
commit 2c28f06
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py
@@ -538,6 +538,16 @@ class HCI_Cmd_LE_Connection_Update(Packet):
 class HCI_Cmd_LE_Create_Connection_Cancel(Packet):
     name = "LE Create Connection Cancel"
 
+class HCI_Cmd_LE_Connection_Update(Packet):
+    name = "LE Connection Update"
+    fields_desc = [ XLEShortField("handle", 0),
+                    XLEShortField("min_interval", 0),
+                    XLEShortField("max_interval", 0),
+                    XLEShortField("latency", 0),
+                    XLEShortField("timeout", 0),
+                    LEShortField("min_ce", 0),
+                    LEShortField("max_ce", 0xffff), ]
+
 class HCI_Cmd_LE_Read_Buffer_Size(Packet):
     name = "LE Read Buffer Size"
 
@@ -639,6 +649,14 @@ class HCI_LE_Meta_Connection_Complete(Packet):
                     LEShortField("supervision", 42),
                     XByteField("clock_latency", 5), ]
 
+class HCI_LE_Meta_Connection_Update_Complete(Packet):
+    name = "Connection Update Complete"
+    fields_desc = [ ByteEnumField("status", 0, {0:"success"}),
+                    LEShortField("handle", 0),
+                    LEShortField("interval", 54),
+                    LEShortField("latency", 0),
+                    LEShortField("timeout", 42), ]
+
 class HCI_LE_Meta_Advertising_Report(Packet):
     name = "Advertising Report"
     fields_desc = [ ByteField("number", 0),
@@ -693,10 +711,12 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
 bind_layers( HCI_Event_Hdr, HCI_Event_Command_Status, code=0xf)
 bind_layers( HCI_Event_Hdr, HCI_Event_Number_Of_Completed_Packets, code=0x13)
 bind_layers( HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e)
+
 bind_layers( HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009)
 
 bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=1)
 bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Advertising_Report, event=2)
+bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Update_Complete, event=3)
 bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Long_Term_Key_Request, event=5)
 
 bind_layers(EIR_Hdr, EIR_Flags, type=0x01)

diff --git a/test/bluetooth.uts b/test/bluetooth.uts
@@ -12,6 +12,25 @@ expected_cmd_raw_data = "01060403341213".decode('hex')
 cmd_raw_data = str(HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Disconnect(handle=0x1234))
 assert(expected_cmd_raw_data == cmd_raw_data)
 
+= LE Connection Update Command
+expected_cmd_raw_data = "0113200e47000a00140001003c000100ffff".decode('hex')
+cmd_raw_data = str(
+    HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_LE_Connection_Update(
+        handle=0x47, min_interval=10, max_interval=20, latency=1, timeout=60,
+        min_ce=1, max_ce=0xffff))
+assert(expected_cmd_raw_data == cmd_raw_data)
+
+
++ HCI Events
+= LE Connection Update Event
+evt_raw_data = "043e0a03004800140001003c00".decode('hex')
+evt_pkt =  HCI_Hdr(evt_raw_data)
+assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].handle == 0x48)
+assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].interval == 20)
+assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].latency == 1)
+assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].timeout == 60)
+
+
 + Bluetooth LE Advertising / Scan Response Data Parsing
 = Parse EIR_Flags, EIR_CompleteList16BitServiceUUIDs, EIR_CompleteLocalName and EIR_TX_Power_Level