What Is HCI
HCI stands for Host-to-Controller-Interface that is an optional standard interface between the Bluetooth controller subsystem (bottom three layers) and the Bluetooth host.
It places between Local Link Control & Adaption Protocol layer and Linker layer. Take a look at “Bluetooth Stack” Picture.
Understand Bit Order And Bit Group
To understand and parse the HCI command packet correctly, it is essentially necessary to remember that the unit of data in the command packet should be viewed as “bit”, not “byte”. For most of developers, we’re used to viewing data as the byte unit and also bit ordering leftmost MSB. This experience will make us confuse at parsing the HCI commands/events.
There are two concepts we should keep in mind: (1) bit ordering, and (2) group-of-bits value.
This is heading element
The bit ordering when defining fields within the packet or Protocol Data Unit (PDU) in the Link Layer specification follows the Little Endian format. The following rules apply:
– The Least Significant Bit (LSB) corresponds to b0
– The LSB is the first bit sent over the air
– In illustrations, the LSB is shown on the left side.
In HCI command/event, a length of type/parameter/error/value… are not the heximal units( a group of 4 bits), but the notation makes us assume that they are a hex number. For example OpCode Group Field (OGF) length is 6 bits, but its notation is 0x00-0x3F that make us feel like it is made up from 2 hex digits (or 8 bits). This misunderstanding happens easier when you parse the packet from command hcidump –raw.
Therefore, keep in mind the bit length of every type/parameter/error/value you want to parse instead of just looking at its notation.
Format Of HCI Commands and Events
There are four kinds of HCI packets that can be sent: HCI Command Packet, HCI Event Packet, HCI ACL Data Packet and HCI Synchronous Data Packet. HCI Command Packets can only be sent to the Bluetooth Host Controller, HCI Event Packets can only be sent from the Bluetooth Host Controller, and HCI ACL/Synchronous Data Packets can be sent both to and from the Bluetooth Host Controller.
The HCI Command Packet is used to send commands to the Controller from the Host. The format of the HCI Command Packet is shown as following, and the definition of each field is explained below.
– OGF Range (6 bits): 0x00-0x3F (0x3F reserved for vendor-specific debug commands)
– OCF Range (10 bits): 0x0000-0x03FF
Here is the list of all OpCodes http://www.lisha.ufsc.br/teaching/shi/ine5346-2003-1/work/bluetooth/hci_commands.html
– Parameter Total Length: Lengths of all of the parameters contained in this packet measured in octets. (N.B.: total length of parameters, not number of parameters)
– Parameter 0 – N: Each command has a specific number of parameters associated with it. These parameters and the size of each of the parameters are defined for each command. Each parameter is an integer number of octets in size. Controllers shall be able to accept HCI Command Packets with up to 255 bytes of data excluding the HCI Command Packet header. Each command is assigned a 2 byte Opcode used to uniquely identify different types of commands. The Opcode parameter is divided into two fields, called the OpCode Group Field (OGF) and OpCode Command Field (OCF).