Properly handle AUX_CONNECT_RSP

Wait for it before moving to a DATA state

fw/RadioTask.c

@@ -83,6 +83,7 @@ static bool ll_encryption;
 static uint32_t connTimeoutTime;
 
 static volatile bool gotLegacy;
+static volatile bool gotAuxConnReq;
 static volatile bool firstPacket;
 static uint32_t legacyLen;
 static uint32_t expectedLegacyLen;
@@ -413,6 +414,7 @@ static void radioTaskFunction(UArg arg0, UArg arg1)
     while (1)
     {
         g_pkt_dir = 0;
+        gotAuxConnReq = false;
 
         if (snifferState == STATIC)
         {
@@ -879,7 +881,6 @@ void reactToPDU(const BLE_Frame *frame)
         }
 
         // handle CONNECT_IND or AUX_CONNECT_REQ (0x5)
-        // TODO: deal with AUX_CONNECT_RSP (wait for it? require it? need to decide)
         if ((pduType == CONNECT_IND) && followConnections)
         {
             bool isAuxReq = frame->channel < 37;
@@ -911,9 +912,20 @@ void reactToPDU(const BLE_Frame *frame)
             {
                 RadioWrapper_resetSeqStat();
                 stateTransition(SLAVE);
+                RadioWrapper_stop();
+            } else if (isAuxReq) {
+                gotAuxConnReq = true;
             } else {
                 stateTransition(DATA);
+                RadioWrapper_stop();
             }
+        }
+
+        // gotAuxConnReq can only be true if followConnections was true
+        // and we're currently on a secondary advertising channel
+        if (gotAuxConnReq && (pduType == AUX_CONNECT_RSP))
+        {
+            stateTransition(DATA);
             RadioWrapper_stop();
         }
     } else {

fw/RadioTask.h

@@ -75,7 +75,8 @@ typedef enum {
     SCAN_RSP,
     CONNECT_IND,
     ADV_SCAN_IND,
-    ADV_EXT_IND
+    ADV_EXT_IND,
+    AUX_CONNECT_RSP
 } AdvPDUType;
 
 struct RadioConfig {

python_cli/advertiser.py

@@ -81,7 +81,6 @@ def print_packet(pkt):
 
     if isinstance(dpkt, ConnectIndMessage):
         hw.decoder_state.cur_aa = dpkt.aa_conn
-        hw.decoder_state.last_chan = -1
 
 if __name__ == "__main__":
     main()

python_cli/packet_decoder.py

@@ -125,6 +125,8 @@ def decode(pkt: PacketMessage):
                 tc = AuxConnectReqMessage
             elif pdu_type == 7:
                 tc = AuxAdvIndMessage
+            elif pdu_type == 8:
+                tc = AuxConnectRspMessage
             else:
                 tc = AdvertMessage
 
@@ -445,3 +447,6 @@ def __str__(self):
 
 class AuxAdvIndMessage(AdvExtIndMessage):
     pdutype = "AUX_ADV_IND"
+
+class AuxConnectRspMessage(AdvExtIndMessage):
+    pdutype = "AUX_CONNECT_RSP"

python_cli/sniff_receiver.py

@@ -8,7 +8,7 @@
 from pcap import PcapBleWriter
 from sniffle_hw import SniffleHW, BLE_ADV_AA, PacketMessage, DebugMessage, StateMessage, MeasurementMessage
 from packet_decoder import (DPacketMessage, AdvaMessage, AdvDirectIndMessage, AdvExtIndMessage,
-        ConnectIndMessage, DataMessage, str_mac)
+        ConnectIndMessage, DataMessage, str_mac, AuxConnectRspMessage)
 from binascii import unhexlify
 
 # global variable to access hardware
@@ -183,10 +183,14 @@ def print_packet(pkt, quiet):
         pcwriter.write_packet(int(pkt.ts_epoch * 1000000), pkt.aa, pkt.chan, pkt.rssi,
                 pkt.body, pkt.phy, pdu_type)
 
+    # PCAP write is already done here, safe to update cur_aa
     if isinstance(dpkt, ConnectIndMessage):
-        # PCAP write is already done here, safe to update cur_aa
-        hw.decoder_state.cur_aa = dpkt.aa_conn
-        hw.decoder_state.last_chan = -1
+        if dpkt.chan < 37:
+            hw.decoder_state.aux_pending_aa = dpkt.aa_conn
+        else:
+            hw.decoder_state.cur_aa = dpkt.aa_conn
+    elif isinstance(dpkt, AuxConnectRspMessage):
+        hw.decoder_state.cur_aa = hw.decoder_state.aux_pending_aa
 
 def get_first_matching_mac(search_str = None):
     hw.cmd_mac()

python_cli/sniffle_extcap.py

@@ -38,7 +38,8 @@
 import traceback
 from sniffle_hw import SniffleHW, BLE_ADV_AA, PacketMessage
 from packet_decoder import (DPacketMessage, DataMessage, ConnectIndMessage, AdvaMessage,
-                            AdvDirectIndMessage, ScanRspMessage, AdvExtIndMessage, str_mac)
+                            AdvDirectIndMessage, ScanRspMessage, AdvExtIndMessage, str_mac,
+                            AuxConnectRspMessage)
 from pcap import PcapBleWriter
 from serial.tools.list_ports import comports
 
@@ -409,7 +410,6 @@ def capture(self):
 
         # capture packets and write to the capture output until signaled to stop
         while not self.captureStopped:
-
             # wait for a capture packet
             pkt = self.hw.recv_and_decode()
             if isinstance(pkt, PacketMessage):
@@ -431,8 +431,12 @@ def capture(self):
 
                 # update cur_aa
                 if isinstance(dpkt, ConnectIndMessage):
-                    self.hw.decoder_state.cur_aa = dpkt.aa_conn
-                    self.hw.decoder_state.last_chan = -1
+                    if dpkt.chan < 37:
+                        self.hw.decoder_state.aux_pending_aa = dpkt.aa_conn
+                    else:
+                        self.hw.decoder_state.cur_aa = dpkt.aa_conn
+                elif isinstance(dpkt, AuxConnectRspMessage):
+                    self.hw.decoder_state.cur_aa = self.hw.decoder_state.aux_pending_aa
 
         self.logger.info('Capture stopped')
 

python_cli/sniffle_hw.py

@@ -370,6 +370,10 @@ def __init__(self, is_data=False):
         # access address tracking
         self.cur_aa = 0 if is_data else BLE_ADV_AA
 
+        # in case of AUX_CONNECT_REQ, we are waiting for AUX_CONNECT_RSP
+        # temporarily hold the access address of the pending connection here
+        self.aux_pending_aa = None
+
         # state tracking
         self.last_state = SnifferState.STATIC