diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py
index 56310becd8deedfeca0ed79a2e31810a2ded330b..8d80bdccb5a82b3ca979244faf8df34d9db12b2c 100644
--- a/scapy/layers/bluetooth.py
+++ b/scapy/layers/bluetooth.py
@@ -26,6 +26,13 @@ class XLEShortField(LEShortField):
     def i2repr(self, pkt, x):
         return lhex(self.i2h(pkt, x))
 
+class XLELongField(LEShortField):
+    def __init__(self, name, default):
+        Field.__init__(self, name, default, "<Q")
+    def i2repr(self, pkt, x):
+        return lhex(self.i2h(pkt, x))
+
+
 class LEMACField(Field):
     def __init__(self, name, default):
         Field.__init__(self, name, default, "6s")
@@ -88,7 +95,8 @@ class L2CAP_CmdHdr(Packet):
         ByteEnumField("code",8,{1:"rej",2:"conn_req",3:"conn_resp",
                                 4:"conf_req",5:"conf_resp",6:"disconn_req",
                                 7:"disconn_resp",8:"echo_req",9:"echo_resp",
-                                10:"info_req",11:"info_resp"}),
+                                10:"info_req",11:"info_resp", 18:"conn_param_update_req",
+                                19:"conn_param_update_resp"}),
         ByteField("id",0),
         LEShortField("len",None) ]
     def post_build(self, p, pay):
@@ -101,7 +109,7 @@ class L2CAP_CmdHdr(Packet):
         if other.id == self.id:
             if self.code == 1:
                 return 1
-            if other.code in [2,4,6,8,10] and self.code == other.code+1:
+            if other.code in [2,4,6,8,10,18] and self.code == other.code+1:
                 if other.code == 8:
                     return 1
                 return self.payload.answers(other.payload)
@@ -175,6 +183,19 @@ class L2CAP_InfoResp(Packet):
     def answers(self, other):
         return self.type == other.type
 
+    
+class L2CAP_Connection_Parameter_Update_Request(Packet):
+    name = "L2CAP Connection Parameter Update Request"
+    fields_desc = [ LEShortField("min_interval", 0),
+                    LEShortField("max_interval", 0),
+                    LEShortField("slave_latency", 0),
+                    LEShortField("timeout_mult", 0), ]
+
+    
+class L2CAP_Connection_Parameter_Update_Response(Packet):
+    name = "L2CAP Connection Parameter Update Response"
+    fields_desc = [ LEShortField("move_result", 0), ]
+
 
 class ATT_Hdr(Packet):
     name = "ATT header"
@@ -216,11 +237,18 @@ class ATT_Find_By_Type_Value_Response(Packet):
     name = "Find By Type Value Response"
     fields_desc = [ StrField("handles", ""), ]
 
+class ATT_Read_By_Type_Request_128bit(Packet):
+    name = "Read By Type Request"
+    fields_desc = [ XLEShortField("start", 0x0001),
+                    XLEShortField("end", 0xffff),
+                    XLELongField("uuid1", None),
+                    XLELongField("uuid2", None)]
+
 class ATT_Read_By_Type_Request(Packet):
     name = "Read By Type Request"
     fields_desc = [ XLEShortField("start", 0x0001),
                     XLEShortField("end", 0xffff),
-                    XLEShortField("uuid", None), ]
+                    XLEShortField("uuid", None)]
 
 class ATT_Read_By_Type_Response(Packet):
     name = "Read By Type Response"
@@ -311,6 +339,19 @@ class SM_Master_Identification(Packet):
     name = "Master Identification"
     fields_desc = [ XLEShortField("ediv", 0),
                     StrFixedLenField("rand", '\x00' * 8, 8), ]
+    
+class SM_Identity_Information(Packet):
+    name = "Identity Information"
+    fields_desc = [ StrFixedLenField("irk", '\x00' * 16, 16), ]
+
+class SM_Identity_Address_Information(Packet):
+    name = "Identity Address Information"
+    fields_desc = [ ByteEnumField("atype", 0, {0:"public"}),
+                    LEMACField("address", None), ]
+    
+class SM_Signing_Information(Packet):
+    name = "Signing Information"
+    fields_desc = [ StrFixedLenField("csrk", '\x00' * 16, 16), ]
 
 
 class EIR_Hdr(Packet):
@@ -483,6 +524,16 @@ class HCI_Cmd_LE_Create_Connection(Packet):
                     LEShortField("timeout", 42),
                     LEShortField("min_ce", 0),
                     LEShortField("max_ce", 0), ]
+    
+class HCI_Cmd_LE_Connection_Update(Packet):
+    name = "LE Connection Update"
+    fields_desc = [ LEShortField("conn_handle", 64),
+                    LEShortField("conn_interval_min", 0),
+                    LEShortField("conn_interval_max", 0),
+                    LEShortField("conn_latency", 0),
+                    LEShortField("timeout", 600),
+                    LEShortField("min_ce_len", 0),
+                    LEShortField("max_ce_len", 0),]
 
 class HCI_Cmd_LE_Create_Connection_Cancel(Packet):
     name = "LE Create Connection Cancel"
@@ -514,6 +565,13 @@ class HCI_Cmd_LE_Set_Advertise_Enable(Packet):
     name = "LE Set Advertise Enable"
     fields_desc = [ ByteField("enable", 0) ]
 
+class HCI_Cmd_LE_Start_Encryption_Request(Packet):
+    name = "LE Start Encryption"
+    fields_desc = [ LEShortField("handle", 0),
+                    StrFixedLenField("rand", None, 8),
+                    XLEShortField("ediv", 0),
+                    StrFixedLenField("ltk", '\x00' * 16, 16), ]
+
 class HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply(Packet):
     name = "LE Long Term Key Request Negative Reply"
     fields_desc = [ LEShortField("handle", 0), ]
@@ -621,6 +679,11 @@ bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, opcode=0x200c)
 bind_layers( HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x406)
 bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, opcode=0x200d)
 bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, opcode=0x200e)
+bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Connection_Update, opcode=0x2013)
+
+
+bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Start_Encryption_Request, opcode=0x2019)
+
 bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, opcode=0x201a)
 bind_layers( HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, opcode=0x201b)
 
@@ -630,7 +693,6 @@ bind_layers( HCI_Event_Hdr, HCI_Event_Command_Complete, code=0xe)
 bind_layers( HCI_Event_Hdr, HCI_Event_Command_Status, code=0xf)
 bind_layers( HCI_Event_Hdr, HCI_Event_Number_Of_Completed_Packets, code=0x13)
 bind_layers( HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e)
-
 bind_layers( HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009)
 
 bind_layers( HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=1)
@@ -648,6 +710,7 @@ bind_layers(EIR_Hdr, EIR_Raw)
 
 bind_layers( HCI_ACL_Hdr,   L2CAP_Hdr,     )
 bind_layers( L2CAP_Hdr,     L2CAP_CmdHdr,      cid=1)
+bind_layers( L2CAP_Hdr,     L2CAP_CmdHdr,      cid=5) #LE L2CAP Signaling Channel
 bind_layers( L2CAP_CmdHdr,  L2CAP_CmdRej,      code=1)
 bind_layers( L2CAP_CmdHdr,  L2CAP_ConnReq,     code=2)
 bind_layers( L2CAP_CmdHdr,  L2CAP_ConnResp,    code=3)
@@ -657,6 +720,8 @@ bind_layers( L2CAP_CmdHdr,  L2CAP_DisconnReq,  code=6)
 bind_layers( L2CAP_CmdHdr,  L2CAP_DisconnResp, code=7)
 bind_layers( L2CAP_CmdHdr,  L2CAP_InfoReq,     code=10)
 bind_layers( L2CAP_CmdHdr,  L2CAP_InfoResp,    code=11)
+bind_layers( L2CAP_CmdHdr,  L2CAP_Connection_Parameter_Update_Request,    code=18)
+bind_layers( L2CAP_CmdHdr,  L2CAP_Connection_Parameter_Update_Response,    code=19)
 bind_layers( L2CAP_Hdr,     ATT_Hdr,           cid=4)
 bind_layers( ATT_Hdr,       ATT_Error_Response, opcode=0x1)
 bind_layers( ATT_Hdr,       ATT_Exchange_MTU_Request, opcode=0x2)
@@ -666,6 +731,7 @@ bind_layers( ATT_Hdr,       ATT_Find_Information_Response, opcode=0x5)
 bind_layers( ATT_Hdr,       ATT_Find_By_Type_Value_Request, opcode=0x6)
 bind_layers( ATT_Hdr,       ATT_Find_By_Type_Value_Response, opcode=0x7)
 bind_layers( ATT_Hdr,       ATT_Read_By_Type_Request, opcode=0x8)
+bind_layers( ATT_Hdr,       ATT_Read_By_Type_Request_128bit, opcode=0x8)
 bind_layers( ATT_Hdr,       ATT_Read_By_Type_Response, opcode=0x9)
 bind_layers( ATT_Hdr,       ATT_Read_Request, opcode=0xa)
 bind_layers( ATT_Hdr,       ATT_Read_Response, opcode=0xb)
@@ -683,6 +749,10 @@ bind_layers( SM_Hdr,        SM_Random,         sm_command=4)
 bind_layers( SM_Hdr,        SM_Failed,         sm_command=5)
 bind_layers( SM_Hdr,        SM_Encryption_Information, sm_command=6)
 bind_layers( SM_Hdr,        SM_Master_Identification, sm_command=7)
+bind_layers( SM_Hdr,        SM_Identity_Information, sm_command=8)
+bind_layers( SM_Hdr,        SM_Identity_Address_Information, sm_command=9)
+bind_layers( SM_Hdr,        SM_Signing_Information, sm_command=0x0a)
+
 
 class BluetoothL2CAPSocket(SuperSocket):
     desc = "read/write packets on a connected L2CAP socket"
@@ -770,7 +840,7 @@ class BluetoothUserSocket(SuperSocket):
         self.send(cmd)
         while True:
             r = self.recv()
-            if r.code == 0xe and r.opcode == opcode:
+            if r.type == 0x04 and r.code == 0xe and r.opcode == opcode:
                 if r.status != 0:
                     raise BluetoothCommandError("Command %x failed with %x" % (opcode, r.status))
                 return r