Develop Reference

Bluez can't connect permanently to a Bluetooth LE remote "Function not implemented (38)"

I have a new buster image:
Linux stereo 5.10.17+ #1414 Fri Apr 30 13:16:27 BST 2021 armv6l GNU/Linux
I did update bluez to it to bluez 5.52. What is already interesting is the fact that I have the following entry in my /var/log/syslog:
Jun 30 23:15:09 stereopida bluetoothd[557]: Bluetooth daemon 5.50
That seems to indicate that the 5.50 version that was previously installed is still lingering around.
I did this same setup on other machines and there and then I could get it to work but this time there seems to be a problem.
Now using bluetoothctl I can see my device and pair it but the connection is instantly dropped:
[bluetooth]# trust 84:EB:18:0C:92:0F
Changing 84:EB:18:0C:92:0F trust succeeded
[bluetooth]# pair 84:EB:18:0C:92:0F
Attempting to pair with 84:EB:18:0C:92:0F
[CHG] Device 84:EB:18:0C:92:0F Connected: yes
Failed to pair: org.bluez.Error.AuthenticationFailed
[CHG] Device 84:EB:18:0C:92:0F Connected: no
[bluetooth]# connect 84:EB:18:0C:92:0F
Attempting to connect to 84:EB:18:0C:92:0F
[CHG] Device 84:EB:18:0C:92:0F Connected: yes
Failed to connect: org.bluez.Error.Failed
[CHG] Device 84:EB:18:0C:92:0F Connected: no
When I check in the logs I do see the following:
Jun 30 23:15:53 stereopida bluetoothd[567]: src/device.c:bonding_request_new() Requesting bonding for 84:EB:18:0C:92:0F
Jun 30 23:15:53 stereopida bluetoothd[567]: src/agent.c:agent_ref() 0x7b62b0: ref=3
Jun 30 23:15:53 stereopida bluetoothd[567]: src/agent.c:agent_unref() 0x7b62b0: ref=2
Jun 30 23:15:53 stereopida bluetoothd[567]: src/adapter.c:suspend_discovery()
Jun 30 23:15:53 stereopida bluetoothd[567]: src/adapter.c:adapter_bonding_attempt() hci0 bdaddr 84:EB:18:0C:92:0F type 1 io_cap 0x04
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:connected_callback() hci0 device 84:EB:18:0C:92:0F connected eir_len 13
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:pair_device_complete() Failed (0x03)
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:bonding_attempt_complete() hci0 bdaddr 84:EB:18:0C:92:0F type 1 status 0x3
Jun 30 23:15:55 stereopida bluetoothd[567]: src/device.c:device_bonding_complete() bonding 0x7ba428 status 0x03
Jun 30 23:15:55 stereopida bluetoothd[567]: src/device.c:device_bonding_failed() status 3
Jun 30 23:15:55 stereopida bluetoothd[567]: src/agent.c:agent_unref() 0x7b62b0: ref=1
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:resume_discovery()
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:dev_disconnected() Device 84:EB:18:0C:92:0F disconnected, reason 0
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:adapter_remove_connection()
Jun 30 23:15:55 stereopida bluetoothd[567]: plugins/policy.c:disconnect_cb() reason 0
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:bonding_attempt_complete() hci0 bdaddr 84:EB:18:0C:92:0F type 1 status 0xe
Jun 30 23:15:55 stereopida bluetoothd[567]: src/device.c:device_bonding_complete() bonding (nil) status 0x0e
Jun 30 23:15:55 stereopida bluetoothd[567]: src/device.c:device_bonding_failed() status 14
Jun 30 23:15:55 stereopida bluetoothd[567]: src/adapter.c:resume_discovery()
Jun 30 23:16:04 stereopida bluetoothd[567]: src/device.c:device_connect_le() Connection attempt to: 84:EB:18:0C:92:0F
Jun 30 23:16:08 stereopida systemd[1]: systemd-hostnamed.service: Succeeded.
Jun 30 23:16:09 stereopida bluetoothd[567]: src/adapter.c:connected_callback() hci0 device 84:EB:18:0C:92:0F connected eir_len 13
Jun 30 23:16:09 stereopida bluetoothd[567]: src/device.c:att_connect_cb() connect error: Function not implemented (38)
Jun 30 23:16:09 stereopida bluetoothd[567]: src/adapter.c:dev_disconnected() Device 84:EB:18:0C:92:0F disconnected, reason 0
Jun 30 23:16:09 stereopida bluetoothd[567]: src/adapter.c:adapter_remove_connection()
Jun 30 23:16:09 stereopida bluetoothd[567]: plugins/policy.c:disconnect_cb() reason 0
Jun 30 23:16:09 stereopida bluetoothd[567]: src/adapter.c:bonding_attempt_complete() hci0 bdaddr 84:EB:18:0C:92:0F type 1 status 0xe
Jun 30 23:16:09 stereopida bluetoothd[567]: src/device.c:device_bonding_complete() bonding (nil) status 0x0e
Jun 30 23:16:09 stereopida bluetoothd[567]: src/device.c:device_bonding_failed() status 14
Jun 30 23:16:09 stereopida bluetoothd[567]: src/adapter.c:resume_discovery()
Jun 30 23:16:15 stereopida bluetoothd[567]: src/agent.c:agent_disconnect() Agent :1.20 disconnected
Jun 30 23:16:15 stereopida bluetoothd[567]: src/agent.c:agent_destroy() agent :1.20
Jun 30 23:16:15 stereopida bluetoothd[567]: src/agent.c:agent_unref() 0x7b62b0: ref=0
In my /etc/bluetooth/main.conf file I did make the following changes:
DiscoverableTimeout = 0
PairableTimeout = 0
ControllerMode = le
Privacy = off
The ExecStart part of my bluetooth.service I did change to this:
ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap -E
Gatttool
sudo gatttool -b 84:EB:18:0C:92:0F --interactive
[84:EB:18:0C:92:0F][LE]> connect
Attempting to connect to 84:EB:18:0C:92:0F
Error: connect error: Function not implemented (38)
Btmon
As I connected using Gattool this was the output of sudo btmon
sudo btmon
Bluetooth monitor ver 5.52
= Note: Linux version 5.10.17+ (armv6l) 0.137356
= Note: Bluetooth subsystem version 2.22 0.137373
= New Index: B8:27:EB:BD:CA:1B (Primary,UART,hci0) [hci0] 0.137378
= Open Index: B8:27:EB:BD:CA:1B [hci0] 0.137386
= Index Info: B8:27:EB:BD:CA:1B (Broadcom Corporation) [hci0] 0.137390
# MGMT Open: bluetoothd (privileged) version 1.18 {0x0001} 0.137396
# MGMT Open: btmon (privileged) version 1.18 {0x0002} 0.139895
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #1 [hci0] 9.320332
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 60.000 msec (0x0060)
Own address type: Public (0x00)
Filter policy: Ignore not in white list (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 9.321695
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 9.321835
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 9.324626
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 25 #5 [hci0] 11.847196
LE Advertising Report (0x02)
Num reports: 1
Event type: Connectable undirected - ADV_IND (0x00)
Address type: Public (0x00)
Address: 84:EB:18:0C:92:0F (Texas Instruments)
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
RSSI: -72 dBm (0xb8)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #6 [hci0] 11.847369
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #7 [hci0] 11.851192
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #8 [hci0] 11.851310
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: White list is not used (0x00)
Peer address type: Public (0x00)
Peer address: 84:EB:18:0C:92:0F (Texas Instruments)
Own address type: Public (0x00)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 11.852722
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #10 [hci0] 11.869896
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 64
Role: Master (0x00)
Peer address type: Public (0x00)
Peer address: 84:EB:18:0C:92:0F (Texas Instruments)
Connection interval: 48.75 msec (0x0027)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x00
# MGMT Event: Device Connected (0x000b) plen 26 {0x0002} [hci0] 11.869988
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Flags: 0x00000000
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
# MGMT Event: Device Connected (0x000b) plen 26 {0x0001} [hci0] 11.869988
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Flags: 0x00000000
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2 #11 [hci0] 11.870350
Handle: 64
> HCI Event: Command Status (0x0f) plen 4 #12 [hci0] 11.877612
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12 #13 [hci0] 12.210580
LE Read Remote Used Features (0x04)
Status: Connection Failed to be Established (0x3e)
Handle: 64
Features: 0x1f 0x00 0x00 0x08 0x00 0x00 0x00 0x00
LE Encryption
Connection Parameter Request Procedure
Extended Reject Indication
Slave-initiated Features Exchange
LE Ping
Remote Public Key Validation
< HCI Command: Disconnect (0x01|0x0006) plen 3 #14 [hci0] 12.210756
Handle: 64
Reason: Remote User Terminated Connection (0x13)
> HCI Event: Disconnect Complete (0x05) plen 4 #15 [hci0] 12.214327
Status: Success (0x00)
Handle: 64
Reason: Connection Failed to be Established (0x3e)
# MGMT Event: Device Disconnected (0x000c) plen 8 {0x0002} [hci0] 12.214426
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Reason: Unspecified (0x00)
# MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 12.214426
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Reason: Unspecified (0x00)
> HCI Event: Command Status (0x0f) plen 4 #16 [hci0] 12.214351
Disconnect (0x01|0x0006) ncmd 1
Status: Invalid HCI Command Parameters (0x12)
Update 2: Using DBUS
I tried to connect using the dbus-python-script but I got the error:
Creating device failed: org.bluez.Error.AuthenticationFailed
This is the btmon output of that attempt:
$ sudo btmon
Bluetooth monitor ver 5.52
= Note: Linux version 5.10.17+ (armv6l) 0.495323
= Note: Bluetooth subsystem version 2.22 0.495341
= New Index: B8:27:EB:BD:CA:1B (Primary,UART,hci0) [hci0] 0.495350
= Open Index: B8:27:EB:BD:CA:1B [hci0] 0.495355
= Index Info: B8:27:EB:BD:CA:1B (Broadcom Corporation) [hci0] 0.495361
# MGMT Open: bluetoothd (privileged) version 1.18 {0x0001} 0.495370
# MGMT Open: btmon (privileged) version 1.18 {0x0002} 0.495742
# MGMT Command: Pair Device (0x0019) plen 8 {0x0001} [hci0] 7.479710
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Capability: KeyboardDisplay (0x04)
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #1 [hci0] 7.482368
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 60.000 msec (0x0060)
Own address type: Public (0x00)
Filter policy: Ignore not in white list (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 7.482814
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 7.482909
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 7.483658
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 25 #5 [hci0] 7.501439
LE Advertising Report (0x02)
Num reports: 1
Event type: Connectable undirected - ADV_IND (0x00)
Address type: Public (0x00)
Address: 84:EB:18:0C:92:0F (Texas Instruments)
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
RSSI: -55 dBm (0xc9)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #6 [hci0] 7.501585
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #7 [hci0] 7.505073
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #8 [hci0] 7.505187
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: White list is not used (0x00)
Peer address type: Public (0x00)
Peer address: 84:EB:18:0C:92:0F (Texas Instruments)
Own address type: Public (0x00)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 7.505940
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #10 [hci0] 7.525258
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 64
Role: Master (0x00)
Peer address type: Public (0x00)
Peer address: 84:EB:18:0C:92:0F (Texas Instruments)
Connection interval: 48.75 msec (0x0027)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x00
# MGMT Event: Device Connected (0x000b) plen 26 {0x0002} [hci0] 7.525347
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Flags: 0x00000000
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
# MGMT Event: Device Connected (0x000b) plen 26 {0x0001} [hci0] 7.525347
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Flags: 0x00000000
Data length: 13
Flags: 0x05
LE Limited Discoverable Mode
BR/EDR Not Supported
Appearance: Human Interface Device (0x03c0)
16-bit Service UUIDs (partial): 2 entries
Human Interface Device (0x1812)
Battery Service (0x180f)
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2 #11 [hci0] 7.525694
Handle: 64
> HCI Event: Command Status (0x0f) plen 4 #12 [hci0] 7.527893
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12 #13 [hci0] 7.837849
LE Read Remote Used Features (0x04)
Status: Connection Failed to be Established (0x3e)
Handle: 64
Features: 0x1f 0x00 0x00 0x08 0x00 0x00 0x00 0x00
LE Encryption
Connection Parameter Request Procedure
Extended Reject Indication
Slave-initiated Features Exchange
LE Ping
Remote Public Key Validation
# MGMT Event: Command Complete (0x0001) plen 10 {0x0001} [hci0] 7.837949
Pair Device (0x0019) plen 7
Status: Failed (0x03)
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
> HCI Event: Disconnect Complete (0x05) plen 4 #14 [hci0] 7.843837
Status: Success (0x00)
Handle: 64
Reason: Connection Failed to be Established (0x3e)
# MGMT Event: Device Disconnected (0x000c) plen 8 {0x0002} [hci0] 7.843928
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Reason: Unspecified (0x00)
# MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 7.843928
LE Address: 84:EB:18:0C:92:0F (Texas Instruments)
Reason: Unspecified (0x00)
hcidump
sudo hcidump
HCI sniffer - Bluetooth packet analyzer ver 5.50
device: hci0 snap_len: 1500 filter: 0xffffffff
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7
type 0x00 (passive)
interval 60.000ms window 60.000ms
own address: 0x00 (Public) policy: white list only
> HCI Event: Command Complete (0x0e) plen 4
LE Set Scan Parameters (0x08|0x000b) ncmd 1
status 0x00
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
value 0x01 (scanning enabled)
filter duplicates 0x01 (enabled)
> HCI Event: Command Complete (0x0e) plen 4
LE Set Scan Enable (0x08|0x000c) ncmd 1
status 0x00
> HCI Event: LE Meta Event (0x3e) plen 25
LE Advertising Report
ADV_IND - Connectable undirected advertising (0)
bdaddr 84:EB:18:0C:92:0F (Public)
Flags: 0x05
Unknown type 0x19 with 2 bytes data
Shortened service classes: 0x1812 0x180f
RSSI: -74
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2
value 0x00 (scanning disabled)
filter duplicates 0x00 (disabled)
> HCI Event: Command Complete (0x0e) plen 4
LE Set Scan Enable (0x08|0x000c) ncmd 1
status 0x00
< HCI Command: LE Create Connection (0x08|0x000d) plen 25
bdaddr 84:EB:18:0C:92:0F type 0
interval 96 window 96 initiator_filter 0
own_bdaddr_type 0 min_interval 24 max_interval 40
latency 0 supervision_to 42 min_ce 0 max_ce 0
> HCI Event: Command Status (0x0f) plen 4
LE Create Connection (0x08|0x000d) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 19
LE Connection Complete
status 0x00 handle 64, role master
bdaddr 84:EB:18:0C:92:0F (Public)
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2
> HCI Event: Command Status (0x0f) plen 4
LE Read Remote Used Features (0x08|0x0016) status 0x00 ncmd 1
> HCI Event: LE Meta Event (0x3e) plen 12
LE Read Remote Used Features Complete
status 0x3e handle 64
Error: Connection Failed to be Established
< HCI Command: Disconnect (0x01|0x0006) plen 3
handle 64 reason 0x13
Reason: Remote User Terminated Connection
> HCI Event: Disconn Complete (0x05) plen 4
status 0x00 handle 64 reason 0x3e
Reason: Connection Failed to be Established
> HCI Event: Command Status (0x0f) plen 4
Disconnect (0x01|0x0006) status 0x12 ncmd 1
Error: Invalid HCI Command Parameters

Let's first identify this. Pairing and connecting are two completely different things. You can't connect without pairing first.
Now using bluetoothctl I can see my device and pair it but the connection is instantly dropped:
This assumption is wrong, you are not able to pair your device at all. We can understand this from the output of bluetoothctl and logs.
Failed to pair: org.bluez.Error.AuthenticationFailed
src/adapter.c:pair_device_complete() Failed (0x03)
You will get this [CHG] Device 84:EB:18:0C:92:0F Connected: yes even though you fail pairing. From the question tags, it seems that you are trying to establish a Bluetooth connection with Raspberry Pi, however you set ControllerMode = le. But you also mention, you already did this with other devices which got me confused.
So few solutions that comes to my mind. Try these one by one:
Setting ControllerMode = dual if your device is Bluetooth Classic, not BLE.
Try with gatttool(works in 5.50) if it is a BLE device: sudo gatttool -b 84:EB:18:0C:92:0F --interactive then connect.
Remove and install from the source. Nice guide available here.. configure --enable-tools so you can try btgatt-client tool as well. (I never tried this, but seems possible).
Make sure max number of connections is not reached.
For all Bluetooth connections, I always go with D-Bus API rather than using command line tools. But it is not trivial. Here is a nice example code is available.
I did this same setup on other machines and there and then I could get it to work but this time there seems to be a problem.
Try another device with the same Pi, weak connection might be a reason as well.
If these do not help, please share the output of sudo btmon.
UPDATE
Now we are sure this is a BLE device and the problem is peripheral (your BLE remote) is not responding to the central (Pi) Status: Connection Failed to be Established (0x3e).
This will take us to the 6th solution I have suggested, which is very well explained by #Emil here.. I will just quote given answer as well (think as Master/Central (Pi), Slave/Peripheral(BLE remote):
"Connection failed to be established" means that after the master sent
out CONNECT_IND in response to an ADV_IND, the slave does not seem to
respond to any data packets the master sends out. This either happens
due to some hardware or firmware failure, bad signal quality or that
the peripheral uses white listing to ignore connections from unwanted
devices. There are no other reasons for this error to occur.

BlueZ BLE Pin or Key Missing authentication error after initial connection

It seems that after initially pairing / connecting with certain BLE devices (In this case, a pulse ox), any subsequent connection results in a PIN or Key Missing (0x06) error. I can remove the device using bluetoothctl or a similar tool, and then I'm able to connect again, but I'm trying to figure out what the actual issue is so that I can get this working. I'm using BlueZ 5.47 and in this case, I'm just attempting to talk to the device via gatttool (works first time, not any subsequent times after making a valid connection). I've read through some tickets where people described a similar issue, but the only solution I've seen so far involved removing the device before pairing.
Here is the btmon log of the failed connection:
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #3 [hci0] 91.335394
Scan interval: 60.000 msec (0x0060)
Scan window: 30.000 msec (0x0030)
Filter policy: White list is not used (0x00)
Peer address type: Public (0x00)
Peer address: 00:1C:05:FF:9C:A5 (OUI 00-1C-05)
Own address type: Public (0x00)
Min connection interval: 50.00 msec (0x0028)
Max connection interval: 70.00 msec (0x0038)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #4 [hci0] 91.347480
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #5 [hci0] 92.874610
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 1025
Role: Master (0x00)
Peer address type: Public (0x00)
Peer address: 00:1C:05:FF:9C:A5 (OUI 00-1C-05)
Connection interval: 70.00 msec (0x0038)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x01
# Device Connected: 00:1C:05:FF:9C:A5 (1) flags 0x0000
< ACL Data TX: Handle 1025 flags 0x00 dlen 8 #6 [hci0] 92.928535
ATT: Write Request (0x12) len 3
Handle: 0x0019
Data: 01
> ACL Data RX: Handle 1025 flags 0x02 dlen 6 #7 [hci0] 92.977319
SMP: Security Request (0x0b) len 1
Authentication requirement: No bonding, No MITM, Legacy, No Keypresses (0x00)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28 #8 [hci0] 92.977466
Handle: 1025
Random number: 0x8f15c8e27f50c2fc
Encrypted diversifier: 0x6ee1
Long term key: b3c9837306766fd8d4024ae4549c6337
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 92.988087
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
> ACL Data RX: Handle 1025 flags 0x02 dlen 5 #10 [hci0] 93.117417
ATT: Write Response (0x13) len 0
> HCI Event: Number of Completed Packets (0x13) plen 5 #11 [hci0] 93.145136
Num handles: 1
Handle: 1025
Count: 1
> HCI Event: Encryption Change (0x08) plen 4 #12 [hci0] 93.327778
Status: PIN or Key Missing (0x06)
Handle: 1025
Encryption: Disabled (0x00)
< HCI Command: Disconnect (0x01|0x0006) plen 3 #13 [hci0] 93.327909
Handle: 1025
Reason: Authentication Failure (0x05)
> HCI Event: Command Status (0x0f) plen 4 #14 [hci0] 93.333590
Disconnect (0x01|0x0006) ncmd 1
Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4 #15 [hci0] 93.397883
Status: Success (0x00)
Handle: 1025
Reason: Authentication Failure (0x05)

I ended up on your SO issue while investigating another BLE issue. It looks your issue might be related to this Linux kernel bug that has been fixed in 3.8: https://lore.kernel.org/patchwork/patch/458251/

"Connection timed out(100)" when trying to set up a bluetooth PAN

I'm trying to set up a Bluetooth PAN between two Linux systems. I've got it working between two Raspberry Pi 3s, both running BlueZ 5.23. However, when I try to connect a different Linux system running BlueZ 4.101, I get this error:
pand[27746]: Connect to B8:27:EB:6C:CE:26 failed. Connection timed out(110)
I have successfully gotten two BlueZ 4.101 systems to talk to each other, but it consistently fails with that error when I try to get it to talk to my Pi3 NAP. Unfortunately, the older version of BlueZ is running on a very small embedded system and I can't run hcidump on it easily. However, I do have the output of hcidump for the two different attempts to talk to the Pi3:
This was a successful attempt to connect from another Pi3:
HCI sniffer - Bluetooth packet analyzer ver 5.45 btsnoop version: 1 datalink type: 1002
> HCI Event: Connect Request (0x04) plen 10
bdaddr B8:27:EB:99:1C:22 class 0x000000 type ACL < HCI Command: Accept Connection Request (0x01|0x0009) plen 7
bdaddr B8:27:EB:99:1C:22 role 0x00
Role: Master
> HCI Event: Command Status (0x0f) plen 4
Accept Connection Request (0x01|0x0009) status 0x00 ncmd 1
> HCI Event: Role Change (0x12) plen 8
status 0x00 bdaddr B8:27:EB:99:1C:22 role 0x00
Role: Master
> HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 12 bdaddr B8:27:EB:99:1C:22 type ACL encrypt 0x00 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 12
> HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 12
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
handle 12 page 1
> HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 12 page 1 max 2
Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 < HCI Command: Remote Name Request (0x01|0x0019) plen 10
bdaddr B8:27:EB:99:1C:22 mode 2 clkoffset 0x0000 < ACL data: handle 12 flags 0x00 dlen 10
L2CAP(s): Info req: type 2
> HCI Event: Max Slots Change (0x1b) plen 3
handle 12 slots 5
> HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 2 < ACL data: handle 12 flags 0x00 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x02b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
Unicast Connectless Data Reception
> HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr B8:27:EB:99:1C:22 name 'raspberrypi'
> ACL data: handle 12 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x02b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
Unicast Connectless Data Reception < ACL data: handle 12 flags 0x00 dlen 10
L2CAP(s): Info req: type 3
> HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 2
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 3 < ACL data: handle 12 flags 0x00 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000006
L2CAP Signalling Channel
L2CAP Connless
> ACL data: handle 12 flags 0x02 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000006
L2CAP Signalling Channel
L2CAP Connless
> HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 2
> ACL data: handle 12 flags 0x02 dlen 12
L2CAP(s): Connect req: psm 1 scid 0x0040 < ACL data: handle 12 flags 0x00 dlen 16
L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0040 result 0 status 0
Connection successful < ACL data: handle 12 flags 0x00 dlen 23
L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 11
RFC 0x00 (Basic)
And this is the unsuccessful attempt to connect from the system running BlueZ 4.101:
> HCI Event: Connect Request (0x04) plen 10
bdaddr 00:07:80:C0:D8:73 class 0x000000 type ACL
< HCI Command: Accept Connection Request (0x01|0x0009) plen 7
bdaddr 00:07:80:C0:D8:73 role 0x00
Role: Master
> HCI Event: Command Status (0x0f) plen 4
Accept Connection Request (0x01|0x0009) status 0x00 ncmd 1
> HCI Event: Role Change (0x12) plen 8
status 0x00 bdaddr 00:07:80:C0:D8:73 role 0x00
Role: Master
> HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 11 bdaddr 00:07:80:C0:D8:73 type ACL encrypt 0x00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 11
> HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 11
Features: 0xff 0xff 0x8f 0xfe 0xdb 0xff 0x5b 0x87
< HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
handle 11 page 1
> HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 11 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
< HCI Command: Remote Name Request (0x01|0x0019) plen 10
bdaddr 00:07:80:C0:D8:73 mode 2 clkoffset 0x0000
< ACL data: handle 11 flags 0x00 dlen 10
L2CAP(s): Info req: type 2
> HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
> HCI Event: Max Slots Change (0x1b) plen 3
handle 11 slots 5
> ACL data: handle 11 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x00b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
< ACL data: handle 11 flags 0x00 dlen 10
L2CAP(s): Info req: type 3
> HCI Event: Number of Completed Packets (0x13) plen 5
handle 11 packets 2
> ACL data: handle 11 flags 0x02 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000002
L2CAP Signalling Channel
> HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr 00:07:80:C0:D8:73 name 'BT111'
> HCI Event: Disconn Complete (0x05) plen 4
status 0x00 handle 11 reason 0x13
Reason: Remote User Terminated Connection
There are no time stamps, but everything up to the Disconn Complete event at the very end happened pretty quickly, then it paused for about 30 seconds.
Clearly, the PANU on 4.101 is waiting for something, but I don't know what and I don't know where to look for what it could be. The only other differences I saw in the dumps were:
The handle is 11 in one and 12 in the other.
The Read Remote Extended Features event returns a different feature set. (0x03 followed by 7 0 bytes, instead of 0x01)
The one that succeeded supported Unicast Connectless Data Reception in its L2CAP extended feature mask.
I assume that the handle being different is unimportant. I googled around for a decoder ring for the extended features, but couldn't find anything that seemed like it mapped to what I'm seeing. The difference there is 1 bit, though. Maybe that's the magic bit.
I also noticed that the pi-pi connection used SDP, and sdpd is not running on my little embedded system.
The only references I could find to Unicast Connectless Data Reception were in PTS submissions. I'm not interested in BT certification right now.
Anyway, it seems like I need a Bluetooth expert (which I am not) to explain what's going on and why my connection's not working.

As it turned out, the problem was that the two devices weren't paired. Pairing to the raspberry pi let everything run fine.
In order to get the embedded board to pair to the pi, I had to run bluetoothd on it with an appropriate configuration in /etc/bluetooth/hcid.conf, run hciconfig hci0 piscan, and run this in bluetoothctl from the pi:
scan on
scan off # after waiting until I saw the device's mac
pair <MAC address>
trust <MAC address>

How to detect CDP by tcpdump

I would like to ask you for help: Does somebody know how to detect Cisco Discovery Protocol via tcpdump?
Currently I'm using following command, but I'm not sure by this:
tcpdump -i eth0 -nn "ether[20:2]==0x2000"
Some hints are appreciated. Thank you ...
Charkh

I normally use this filters
tcpdump -nvi bce0 -s 1500 ether dst 01:00:0c:cc:cc:cc
replace bce0 with your network interface.
This will output the hole CDP information, received from ether the switch or the host itself (if you have a cdpd running on the host)
This will output Switch-Name, Port, Switch Type, Software, VLAN and so on...
the output will look similar to this:
$tcpdump -nvi bce0 -s 1500 ether dst 01:00:0c:cc:cc:cc
tcpdump: WARNING: bce0: no IPv4 address assigned
tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 1500 bytes
11:43:24.327197 DTPv1, length 39
Domain TLV (0x0001) TLV, length 18, domain-internal
Status TLV (0x0002) TLV, length 5, 0x81
DTP type TLV (0x0003) TLV, length 5, 0xa5
Neighbor TLV (0x0004) TLV, length 10, 6c:50:4d:06:64:01
11:43:44.820865 CDPv2, ttl: 180s, checksum: 692 (unverified), length 477
Device-ID (0x01), length: 40 bytes: 'my-switch.mydomain.net'
Version String (0x05), length: 247 bytes:
Cisco IOS Software, CBS30X0 Software (CBS30X0-IPBASEK9-M), Version 12.2(58)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 03:57 by prod_rel_team
Platform (0x06), length: 20 bytes: 'cisco WS-CBS3020-HPQ'
Address (0x02), length: 13 bytes: IPv4 (1) 1.2.3.4
Port-ID (0x03), length: 18 bytes: 'GigabitEthernet0/1'
Capability (0x04), length: 4 bytes: (0x00000028): L2 Switch, IGMP snooping
Protocol-Hello option (0x08), length: 32 bytes:
VTP Management Domain (0x09), length: 13 bytes: 'doman-internal'
Native VLAN ID (0x0a), length: 2 bytes: 358
Duplex (0x0b), length: 1 byte: full
AVVID trust bitmap (0x12), length: 1 byte: 0x00
AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00
Management Addresses (0x16), length: 13 bytes: IPv4 (1) [IP]
unknown field type (0x1a), length: 12 bytes:
0x0000: 0000 0001 0000 0000 ffff ffff

I use the following command:
tcpdump -nn -v -xx -i eth? -s 1500 -c 1 'ether dst 01:00:0c:cc:cc:cc and (ether[24:2] = 0x2000 or ether[20:2] = 0x2000)'
Where eth? is your ethernet adapter.
It can be used with IBM SEA over trunked connections or over standard copper connections.

Cannot connect to the usb-serial port (GSM modem)

I've decided to bring up a GSM Modem for my Linux machine (OpenSuse 12.1 64-bit on Vmware) so that I can use it as the SMS gateway. I've got a Wavecom M1306B GSM modem which provides a USB interface, and obviously there is a USB cable (end to end, GSM Modem to my Desktop) with it.
I tested this modem successfully with my Windows 7 64-bit PC by running some basic commands on it. (like: AT , ATZ, ..)
Here are some of my logs:
machine2:~ # lsusb
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 001 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 001 Device 006: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port
lsusb -v output for that interface:
Bus 001 Device 006: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x067b Prolific Technology, Inc.
idProduct 0x2303 PL2303 Serial Port
bcdDevice 3.00
iManufacturer 1 Prolific Technology Inc.
iProduct 2 USB-Serial Controller
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 39
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xa0
(Bus Powered)
Remote Wakeup
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x000a 1x 10 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
machine2:/proc # setserial -a /dev/ttyUSB0
/dev/ttyUSB0, Line 0, UART: 16654, Port: 0x0000, IRQ: 0
Baud_base: 460800, close_delay: 0, divisor: 0
closing_wait: infinte
Flags: spd_normal
machine2:/home/smsto/bin # setserial -a /dev/ttyS0
/dev/ttyS0, Line 0, UART: 16550A, Port: 0x03f8, IRQ: 4
Baud_base: 115200, close_delay: 50, divisor: 0
closing_wait: 3000
Flags: spd_normal skip_test
machine2:/home/smsto/bin # setserial -a /dev/ttyS1
/dev/ttyS1, Line 1, UART: 16550A, Port: 0x02f8, IRQ: 3
Baud_base: 115200, close_delay: 50, divisor: 0
closing_wait: 3000
Flags: spd_normal skip_test
machine2:/proc # setserial -G /dev/ttyUSB0
/dev/ttyUSB0 uart 16654 port 0x0000 irq 0 baud_base 460800 spd_normal
machine2:/proc # setserial /dev/ttyUSB0
/dev/ttyUSB0, UART: 16654, Port: 0x0000, IRQ: 0
machine2:/proc/tty/driver # ls -ltr
total 0
-r--r--r-- 1 root root 0 Jan 10 14:03 usbserial
-r--r--r-- 1 root root 0 Jan 10 14:03 serial
machine2:/proc/tty/driver # cat serial
serinfo:1.0 driver revision:
0: uart:16550A port:000003F8 irq:4 tx:0 rx:0 CTS|DSR|CD
1: uart:16550A port:000002F8 irq:3 tx:0 rx:0 CTS|DSR|CD
2: uart:unknown port:000003E8 irq:4
3: uart:unknown port:000002E8 irq:3
4: uart:unknown port:00000000 irq:0
5: uart:unknown port:00000000 irq:0
6: uart:unknown port:00000000 irq:0
7: uart:unknown port:00000000 irq:0
machine2:/proc/tty/driver # cat usbserial
usbserinfo:1.0 driver:2.0
0: module:pl2303 name:"pl2303" vendor:067b product:2303 num_ports:1 port:1 path:usb-0000:02:00.0-2.1
machine2:/proc/tty # cat drivers
/dev/tty /dev/tty 5 0 system:/dev/tty
/dev/console /dev/console 5 1 system:console
/dev/ptmx /dev/ptmx 5 2 system
/dev/vc/0 /dev/vc/0 4 0 system:vtmaster
usbserial /dev/ttyUSB 188 0-253 serial
serial /dev/ttyS 4 64-79 serial
pty_slave /dev/pts 136 0-1048575 pty:slave
pty_master /dev/ptm 128 0-1048575 pty:master
unknown /dev/tty 4 1-63 console
machine2:/proc/tty # dmesg | grep -i tty
[ 1.383652] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 1.424541] serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[ 1.581063] 00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 1.654207] 00:0b: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
[ 1.938507] tty tty17: hash matches
[ 2498.137304] usb 1-2.1: pl2303 converter now attached to ttyUSB0
I noticed that the Baud rate of USB0 interface is too much, so i tried to assign 115200 :
machine2:/proc # setserial /dev/ttyUSB0 baud_base 115200
Cannot set serial info: Invalid argument
So, it is the problem ... and I receive this error.
Whenever I try to connect S0, S1, USB0 interfaces via minicom, it simply doesn't work.

Baud_base is not the port speed, it's the maximum speed when a frequency divisor is 1. The ability to set baud_base probably doesn't apply to USB serial device at all, and it's most certainly not what you want.
Use stty to set the port speed, or use cu or minicom for testing (they can set port speed by themselves).

I'm not sure about the baud rate but If you open up another terminal and do cat /dev/ttyUSB0
Then in the first terminal do echo AT > /dev/ttyUSB0 you might get an OK back..not sure if it helps but it should get you a response at least..