android hci debugging tip (실시간 패킷 보기)

/system/bt/doc/btsnoop_net.md 문서를 참조하여 아래와 같이 BtSnoopLogOutput=true로 변경 후,

linux host를 이용하여 8872 포트를 통해 실시간으로 hci packet을 모니터링 할 수 있다.

This feature is enabled by  setting `BtSnoopLogOutput=true` in `bt_stack.conf`.

Once it has been enabled and the stack restarted, the stack will listen for

incoming TCP connections on port 8872.

To use this feature with hcidump on a Linux host, you can run:

```

  $ adb forward tcp:8872 tcp:8872

  $ nc localhost 8872 | hcidump -r /dev/stdin

```

현재 테스트 중인 모델은 모든 포트가 막혀있어 적용이 불가능하다.

# netstat -tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program Name

tcp        0      0 127.0.0.1:8872          0.0.0.0:*               LISTEN      3879/com.android.bluetoot

만일 사용 중인 디바이스가 열린 포트를 확인하여 port가 열려있는 것이 확인이 된다면 linux host에서 아래와 같이 실시간 packet monitoring을 활용하자

#adb connect DEV_IP

$adb forward tcp:8872 tcp:8872

$ nc localhost 8872 | hcidump -r /dev/stdin

ex)

< HCI Command: Remote Name Request (0x01|0x0019) plen 10

    bdaddr 1C:4D:70:28:28:FE mode 1 clkoffset 0x173a (valid)

> HCI Event: Command Status (0x0f) plen 4

    Remote Name Request (0x01|0x0019) status 0x00 ncmd 1

< HCI Command: Vendor (0x3f|0x0157) plen 3

> HCI Event: Command Complete (0x0e) plen 4

    Vendor (0x3f|0x0157) ncmd 1

> HCI Event: Remote Name Req Complete (0x07) plen 255

    status 0x04 bdaddr 1C:4D:70:28:28:FE name ''

    Error: Page Timeout

< HCI Command: Remote Name Request (0x01|0x0019) plen 10

    bdaddr 22:22:72:4D:80:D1 mode 0 clkoffset 0x0000 (valid)

> HCI Event: Command Status (0x0f) plen 4

    Remote Name Request (0x01|0x0019) status 0x00 ncmd 1

< HCI Command: Remote Name Request Cancel (0x01|0x001a) plen 6

    bdaddr 22:22:72:4D:80:D1

> HCI Event: Remote Name Req Complete (0x07) plen 255

    status 0x16 bdaddr 22:22:72:4D:80:D1 name ''

    Error: Connection Terminated by Local Host

> HCI Event: Command Complete (0x0e) plen 10

    Remote Name Request Cancel (0x01|0x001a) ncmd 1

    status 0x00 bdaddr 22:22:72:4D:80:D1

< HCI Command: Remote Name Request Cancel (0x01|0x001a) plen 6

    bdaddr 22:22:72:4D:80:D1

> HCI Event: Command Complete (0x0e) plen 10

    Remote Name Request Cancel (0x01|0x001a) ncmd 1

    status 0x00 bdaddr 22:22:72:4D:80:D1

< HCI Command: Vendor (0x3f|0x0157) plen 3

> HCI Event: Command Complete (0x0e) plen 4

    Vendor (0x3f|0x0157) ncmd 1

참조 : https://zetawiki.com/wiki/%EB%A6%AC%EB%88%85%EC%8A%A4_%EB%A1%9C%EC%BB%AC%EC%84%9C%EB%B2%84_%EC%97%B4%EB%A6%B0_%ED%8F%AC%ED%8A%B8_%ED%99%95%EC%9D%B8