I'm using BlueZ for handling BLE devices. I have compiled it from source, and wrote a wrapper around it.
I'm searching for this tiny bit of information:
My problem is that my solution works with some devices already (can connect to them), but with a particular device, many times connection fails due to timeout.
I've created a sniff with btmon when the connection fails:
# btmon
Bluetooth monitor ver 5.50
= Note: Linux version 4.19.97-v7l+ (armv7l) 0.742019
= Note: Bluetooth subsystem version 2.22 0.742027
= New Index: AA:BB:CC:DD:EE:FF (Primary,UART,hci0) [hci0] 0.742030
= Open Index: AA:BB:CC:DD:EE:FF [hci0] 0.742033
= Index Info: AA:BB:CC:D.. (Cypress Semiconductor Corporation) [hci0] 0.742035
@ MGMT Open: bluetoothd (privileged) version 1.14 {0x0001} 0.742038
@ MGMT Open: btmon (privileged) version 1.14 {0x0002} 0.742321
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #1 [hci0] 4.737267
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
Own address type: Public (0x00)
Filter policy: Ignore not in white list (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #2 [hci0] 4.737714
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #3 [hci0] 4.737767
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #4 [hci0] 4.738160
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 42 #5 [hci0] 6.099681
LE Advertising Report (0x02)
Num reports: 1
Event type: Connectable undirected - ADV_IND (0x00)
Address type: Public (0x00)
Address: FF:EE:DD:CC:BB:AA
Data length: 30
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
Company: Apple, Inc. (76)
Type: iBeacon (2)
UUID: 669a0c20-0008-6c91-e411-015500e22ea9
Version: 48661.62728
TX power: -59 dB
RSSI: -78 dBm (0xb2)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #6 [hci0] 6.099747
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #7 [hci0] 6.101862
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #8 [hci0] 6.101916
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: White list is not used (0x00)
Peer address type: Public (0x00)
Peer address: FF:EE:DD:CC:BB:AA
Own address type: Public (0x00)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #9 [hci0] 6.102446
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #10 [hci0] 7.476997
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 64
Role: Master (0x00)
Peer address type: Public (0x00)
Peer address: FF:EE:DD:CC:BB:AA
Connection interval: 48.75 msec (0x0027)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x00
@ MGMT Event: Device Connected (0x000b) plen 43 {0x0002} [hci0] 7.477047
LE Address: FF:EE:DD:CC:BB:AA
Flags: 0x00000000
Data length: 30
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
Company: Apple, Inc. (76)
Type: iBeacon (2)
UUID: 669a0c20-0008-6c91-e411-015500e22ea9
Version: 48661.62728
TX power: -59 dB
@ MGMT Event: Device Connected (0x000b) plen 43 {0x0001} [hci0] 7.477047
LE Address: FF:EE:DD:CC:BB:AA
Flags: 0x00000000
Data length: 30
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
Company: Apple, Inc. (76)
Type: iBeacon (2)
UUID: UUID
Version: 48661.62728
TX power: -59 dB
< HCI Command: LE Read Remote Used... (0x08|0x0016) plen 2 #11 [hci0] 7.477210
Handle: 64
> HCI Event: Command Status (0x0f) plen 4 #12 [hci0] 7.479342
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 14 #13 [hci0] 7.479357
LE Read Remote Used Features (0x08|0x0016) ncmd 1
Status: Success (0x00)
00 00 00 00 00 00 00 00 00 00 ..........
> HCI Event: LE Meta Event (0x3e) plen 12 #14 [hci0] 7.993969
LE Read Remote Used Features (0x04)
Status: Connection Timeout (0x08)
Handle: 64
Features: 0x2d 0x00 0x00 0x00 0x00 0x00 0x00 0x00
LE Encryption
Extended Reject Indication
Slave-initiated Features Exchange
LE Data Packet Length Extension
> HCI Event: Disconnect Complete (0x05) plen 4 #15 [hci0] 7.994591
Status: Success (0x00)
Handle: 64
Reason: Connection Timeout (0x08)
@ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0002} [hci0] 8.027693
LE Address: FF:EE:DD:CC:BB:AA
Reason: Connection timeout (0x01)
@ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 8.027693
LE Address: FF:EE:DD:CC:BB:AA
Reason: Connection timeout (0x01)
The connection first succeeds, but then my device executes a "LE Read Remote Used Features" HCI Command which times out after 500ms causes the whole connection to fail.
This is my reason for hunting the answers for the questions above.
Answers to all your questions can be found in the Bluetooth Core specification in the Link Layer chapter.
What happens is that the connection drops to the remote device. Bad signal quality? Bad antenna? Bad clock accuracy? The connection timeout happens after the specified supervision timeout if no packets (possibly empty) are received within this time.
Now it just happens that the first thing BlueZ sends is a remote feature request. If any other packets were sent instead, you'd likely get the same result (connection timeout).
Use a BLE link layer sniffer instead to see what really happens.