Copyright © 2007-2009 Johannes Berg
This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this documentation; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
For more details see the file COPYING in the source distribution of Linux.
Abstract
These books attempt to give a description of the various subsystems that play a role in 802.11 wireless networking in Linux. Since these books are for kernel developers they attempts to document the structures and functions used in the kernel as well as giving a higher-level overview.
The reader is expected to be familiar with the 802.11 standard as published by the IEEE in 802.11-2007 (or possibly later versions). References to this standard will be given as "802.11-2007 8.1.5".
Table of Contents
Abstract
cfg80211 is the configuration API for 802.11 devices in Linux. It bridges userspace and drivers, and offers some utility functionality associated with 802.11. cfg80211 must, directly or indirectly via mac80211, be used by all modern wireless drivers in Linux, so that they offer a consistent API through nl80211. For backward compatibility, cfg80211 also offers wireless extensions to userspace, but hides them from drivers completely.
Additionally, cfg80211 contains code to help enforce regulatory spectrum use restrictions.
Table of Contents
Table of Contents
In order for a driver to use cfg80211, it must register the hardware device with cfg80211. This happens through a number of hardware capability structs described below.
The fundamental structure for each device is the 'wiphy', of which each
instance describes a physical wireless device connected to the system. Each
such wiphy can have zero, one, or many virtual interfaces associated with
it, which need to be identified as such by pointing the network interface's
ieee80211_ptr pointer to a struct wireless_dev which further describes
the wireless part of the interface, normally this struct is embedded in the
network interface's private data area. Drivers can optionally allow creating
or destroying virtual interfaces on the fly, but without at least one or the
ability to create some the wireless device isn't useful.
Each wiphy structure contains device capability information, and also has a pointer to the various operations the driver offers. The definitions and structures here describe these capabilities in detail.
enum ieee80211_band — supported frequency bands
enum ieee80211_band {
IEEE80211_BAND_2GHZ,
IEEE80211_BAND_5GHZ,
IEEE80211_NUM_BANDS
}; enum ieee80211_channel_flags — channel flags
enum ieee80211_channel_flags {
IEEE80211_CHAN_DISABLED,
IEEE80211_CHAN_PASSIVE_SCAN,
IEEE80211_CHAN_NO_IBSS,
IEEE80211_CHAN_RADAR,
IEEE80211_CHAN_NO_HT40PLUS,
IEEE80211_CHAN_NO_HT40MINUS
}; This channel is disabled.
Only passive scanning is permitted on this channel.
IBSS is not allowed on this channel.
Radar detection is required on this channel.
extension channel above this channel is not permitted.
extension channel below this channel is not permitted.
struct ieee80211_channel — channel definition
struct ieee80211_channel {
enum ieee80211_band band;
u16 center_freq;
u16 hw_value;
u32 flags;
int max_antenna_gain;
int max_power;
bool beacon_found;
u32 orig_flags;
int orig_mag;
int orig_mpwr;
}; band this channel belongs to.
center frequency in MHz
hardware-specific value for the channel
channel flags from enum ieee80211_channel_flags.
maximum antenna gain in dBi
maximum transmission power (in dBm)
helper to regulatory code to indicate when a beacon
has been found on this channel. Use regulatory_hint_found_beacon
to enable this, this is useful only on 5 GHz band.
channel flags at registration time, used by regulatory code to support devices with additional restrictions
internal use
internal use
enum ieee80211_rate_flags — rate flags
enum ieee80211_rate_flags {
IEEE80211_RATE_SHORT_PREAMBLE,
IEEE80211_RATE_MANDATORY_A,
IEEE80211_RATE_MANDATORY_B,
IEEE80211_RATE_MANDATORY_G,
IEEE80211_RATE_ERP_G
}; Hardware can send with short preamble on this bitrate; only relevant in 2.4GHz band and with CCK rates.
This bitrate is a mandatory rate when used with 802.11a (on the 5 GHz band); filled by the core code when registering the wiphy.
This bitrate is a mandatory rate when used with 802.11b (on the 2.4 GHz band); filled by the core code when registering the wiphy.
This bitrate is a mandatory rate when used with 802.11g (on the 2.4 GHz band); filled by the core code when registering the wiphy.
This is an ERP rate in 802.11g mode.
struct ieee80211_rate — bitrate definition
struct ieee80211_rate {
u32 flags;
u16 bitrate;
u16 hw_value;
u16 hw_value_short;
}; struct ieee80211_sta_ht_cap — STA's HT capabilities
struct ieee80211_sta_ht_cap {
u16 cap;
bool ht_supported;
u8 ampdu_factor;
u8 ampdu_density;
struct ieee80211_mcs_info mcs;
}; struct ieee80211_supported_band — frequency band definition
struct ieee80211_supported_band {
struct ieee80211_channel * channels;
struct ieee80211_rate * bitrates;
enum ieee80211_band band;
int n_channels;
int n_bitrates;
struct ieee80211_sta_ht_cap ht_cap;
}; Array of channels the hardware can operate in in this band.
Array of bitrates the hardware can operate with in this band. Must be sorted to give a valid “supported rates” IE, i.e. CCK rates first, then OFDM.
the band this structure represents
Number of channels in channels
Number of bitrates in bitrates
HT capabilities in this band
enum cfg80211_signal_type — signal type
enum cfg80211_signal_type {
CFG80211_SIGNAL_TYPE_NONE,
CFG80211_SIGNAL_TYPE_MBM,
CFG80211_SIGNAL_TYPE_UNSPEC
}; enum wiphy_params_flags — set_wiphy_params bitfield values
enum wiphy_params_flags {
WIPHY_PARAM_RETRY_SHORT,
WIPHY_PARAM_RETRY_LONG,
WIPHY_PARAM_FRAG_THRESHOLD,
WIPHY_PARAM_RTS_THRESHOLD,
WIPHY_PARAM_COVERAGE_CLASS
}; enum wiphy_flags — wiphy capability flags
enum wiphy_flags {
WIPHY_FLAG_CUSTOM_REGULATORY,
WIPHY_FLAG_STRICT_REGULATORY,
WIPHY_FLAG_DISABLE_BEACON_HINTS,
WIPHY_FLAG_NETNS_OK,
WIPHY_FLAG_PS_ON_BY_DEFAULT,
WIPHY_FLAG_4ADDR_AP,
WIPHY_FLAG_4ADDR_STATION,
WIPHY_FLAG_CONTROL_PORT_PROTOCOL,
WIPHY_FLAG_IBSS_RSN,
WIPHY_FLAG_MESH_AUTH,
WIPHY_FLAG_SUPPORTS_SCHED_SCAN,
WIPHY_FLAG_ENFORCE_COMBINATIONS
};
tells us the driver for this device
has its own custom regulatory domain and cannot identify the
ISO / IEC 3166 alpha2 it belongs to. When this is enabled
we will disregard the first regulatory hint (when the
initiator is REGDOM_SET_BY_CORE).
tells us the driver for this device will
ignore regulatory domain settings until it gets its own regulatory
domain via its regulatory_hint unless the regulatory hint is
from a country IE. After its gets its own regulatory domain it will
only allow further regulatory domain settings to further enhance
compliance. For example if channel 13 and 14 are disabled by this
regulatory domain no user regulatory domain can enable these channels
at a later time. This can be used for devices which do not have
calibration information guaranteed for frequencies or settings
outside of its regulatory domain.
enable this if your driver needs to ensure
that passive scan flags and beaconing flags may not be lifted by
cfg80211 due to regulatory beacon hints. For more information on beacon
hints read the documenation for regulatory_hint_found_beacon
if not set, do not allow changing the netns of this wiphy at all
if set to true, powersave will be enabled
by default -- this flag will be set depending on the kernel's default
on wiphy_new, but can be changed by the driver if it has a good
reason to override the default
supports 4addr mode even on AP (with a single station on a VLAN interface)
supports 4addr mode even as a station
This device supports setting the control port protocol ethertype. The device also honours the control_port_no_encrypt flag.
The device supports IBSS RSN.
The device supports mesh authentication by routing
auth frames to userspace. See NL80211_MESH_SETUP_USERSPACE_AUTH.
The device supports scheduled scans.
Set this flag to enforce interface combinations for this device. This flag is used for backward compatibility only until all drivers advertise combinations and they will always be enforced.
struct wiphy — wireless hardware description
struct wiphy {
u8 perm_addr[ETH_ALEN];
u8 addr_mask[ETH_ALEN];
struct mac_address * addresses;
const struct ieee80211_txrx_stypes * mgmt_stypes;
const struct ieee80211_iface_combination * iface_combinations;
int n_iface_combinations;
u16 software_iftypes;
u16 n_addresses;
u16 interface_modes;
u32 flags;
enum cfg80211_signal_type signal_type;
int bss_priv_size;
u8 max_scan_ssids;
u16 max_scan_ie_len;
int n_cipher_suites;
const u32 * cipher_suites;
u8 retry_short;
u8 retry_long;
u32 frag_threshold;
u32 rts_threshold;
u8 coverage_class;
char fw_version[ETHTOOL_BUSINFO_LEN];
u32 hw_version;
struct wiphy_wowlan_support wowlan;
u16 max_remain_on_channel_duration;
u8 max_num_pmkids;
u32 available_antennas_tx;
u32 available_antennas_rx;
const void * privid;
struct ieee80211_supported_band * bands[IEEE80211_NUM_BANDS];
int (* reg_notifier) (struct wiphy *wiphy,struct regulatory_request *request);
const struct ieee80211_regdomain * regd;
struct device dev;
struct dentry * debugfsdir;
#ifdef CONFIG_NET_NS
struct net * _net;
#endif
#ifdef CONFIG_CFG80211_WEXT
const struct iw_handler_def * wext;
#endif
char priv[0] __attribute__((__aligned__(NETDEV_ALIGN)));
}; permanent MAC address of this device
If the device supports multiple MAC addresses by masking, set this to a mask with variable bits set to 1, e.g. if the last
If the device has more than one address, set this pointer to a list of addresses (6 bytes each). The first one will be used by default for perm_addr. In this case, the mask should be set to all-zeroes. In this case it is assumed that the device can handle the same number of arbitrary MAC addresses.
bitmasks of frame subtypes that can be subscribed to or transmitted through nl80211, points to an array indexed by interface type
Valid interface combinations array, should not list single interface types.
number of entries in iface_combinations array.
bitmask of software interface types, these are not subject to any restrictions since they are purely managed in SW.
number of addresses in addresses.
bitmask of interfaces types valid for this wiphy, must be set by driver
wiphy flags, see enum wiphy_flags
signal type reported in struct cfg80211_bss.
each BSS struct has private data allocated with it, this variable determines its size
maximum number of SSIDs the device can scan for in any given scan
maximum length of user-controlled IEs device can add to probe request frames transmitted during a scan, must not include fixed IEs like supported rates
number of supported cipher suites
supported cipher suites
Retry limit for short frames (dot11ShortRetryLimit)
Retry limit for long frames (dot11LongRetryLimit)
Fragmentation threshold (dot11FragmentationThreshold); -1 = fragmentation disabled, only odd values >= 256 used
RTS threshold (dot11RTSThreshold); -1 = RTS/CTS disabled
current coverage class
firmware version for ethtool reporting
hardware version for ethtool reporting
WoWLAN support information
Maximum time a remain-on-channel operation may request, if implemented.
maximum number of PMKIDs supported by device
bitmap of antennas which are available to be
configured as TX antennas. Antenna configuration commands will be
rejected unless this or available_antennas_rx is set.
bitmap of antennas which are available to be
configured as RX antennas. Antenna configuration commands will be
rejected unless this or available_antennas_tx is set.
a pointer that drivers can use to identify if an arbitrary wiphy is theirs, e.g. in global notifiers
information about bands/channels supported by this device
the driver's regulatory notification callback,
note that if your driver uses wiphy_apply_custom_regulatory
the reg_notifier's request can be passed as NULL
the driver's regulatory domain, if one was requested via
the regulatory_hint API. This can be used by the driver
on the reg_notifier if it chooses to ignore future
regulatory domain changes caused by other drivers.
(virtual) struct device for this wiphy
debugfs directory used for this wiphy, will be renamed automatically on wiphy renames
the network namespace this wiphy currently lives in
wireless extension handlers
driver private data (sized according to wiphy_new parameter)
struct wireless_dev — wireless per-netdev state
struct wireless_dev {
struct wiphy * wiphy;
enum nl80211_iftype iftype;
struct list_head list;
struct net_device * netdev;
struct list_head mgmt_registrations;
spinlock_t mgmt_registrations_lock;
struct mutex mtx;
struct work_struct cleanup_work;
bool use_4addr;
u8 ssid[IEEE80211_MAX_SSID_LEN];
u8 ssid_len;
u8 mesh_id_len;
u8 mesh_id_up_len;
enum wext;
#endif
}; pointer to hardware description
interface type
(private) Used to collect the interfaces
(private) Used to reference back to the netdev
list of registrations for management frames
lock for the list
mutex used to lock data in this struct
work struct used for cleanup that can't be done directly
indicates 4addr mode is used on this interface, must be set by driver (if supported) on add_interface BEFORE registering the netdev and may otherwise be used by driver read-only, will be update by cfg80211 on change_interface
(private) Used by the internal configuration code
(private) Used by the internal configuration code
(private) Used by the internal configuration code
(private) Used by the internal configuration code
(private) Used by the internal wireless extensions compat code
wiphy_new — create a new wiphy for use with cfg80211
struct wiphy * wiphy_new ( | ops, | |
sizeof_priv); |
const struct cfg80211_ops * ops;int sizeof_priv;wiphy_register — register a wiphy with cfg80211
int wiphy_register ( | wiphy); |
struct wiphy * wiphy;wiphy_unregister — deregister a wiphy from cfg80211
void wiphy_unregister ( | wiphy); |
struct wiphy * wiphy;wiphy_name — get wiphy name
const char * wiphy_name ( | wiphy); |
const struct wiphy * wiphy;wiphy_dev — get wiphy dev pointer
struct device * wiphy_dev ( | wiphy); |
struct wiphy * wiphy;priv_to_wiphy — return the wiphy containing the priv
struct wiphy * priv_to_wiphy ( | priv); |
void * priv;Table of Contents
Each wireless device and each virtual interface offer a set of configuration operations and other actions that are invoked by userspace. Each of these actions is described in the operations structure, and the parameters these operations use are described separately.
Additionally, some operations are asynchronous and expect to get status information via some functions that drivers need to call.
Scanning and BSS list handling with its associated functionality is described in a separate chapter.
struct cfg80211_ops — backend description for wireless configuration
struct cfg80211_ops {
int (* suspend) (struct wiphy *wiphy, struct cfg80211_wowlan *wow);
int (* resume) (struct wiphy *wiphy);
struct net_device * (* add_virtual_intf) (struct wiphy *wiphy,char *name,enum nl80211_iftype type,u32 *flags,struct vif_params *params);
int (* del_virtual_intf) (struct wiphy *wiphy, struct net_device *dev);
int (* change_virtual_intf) (struct wiphy *wiphy,struct net_device *dev,enum nl80211_iftype type, u32 *flags,struct vif_params *params);
int (* add_key) (struct wiphy *wiphy, struct net_device *netdev,u8 key_index, bool pairwise, const u8 *mac_addr,struct key_params *params);
int (* get_key) (struct wiphy *wiphy, struct net_device *netdev,u8 key_index, bool pairwise, const u8 *mac_addr,void *cookie,void (*callback);
int (* del_key) (struct wiphy *wiphy, struct net_device *netdev,u8 key_index, bool pairwise, const u8 *mac_addr);
int (* set_default_key) (struct wiphy *wiphy,struct net_device *netdev,u8 key_index, bool unicast, bool multicast);
int (* set_default_mgmt_key) (struct wiphy *wiphy,struct net_device *netdev,u8 key_index);
int (* add_beacon) (struct wiphy *wiphy, struct net_device *dev,struct beacon_parameters *info);
int (* set_beacon) (struct wiphy *wiphy, struct net_device *dev,struct beacon_parameters *info);
int (* del_beacon) (struct wiphy *wiphy, struct net_device *dev);
int (* add_station) (struct wiphy *wiphy, struct net_device *dev,u8 *mac, struct station_parameters *params);
int (* del_station) (struct wiphy *wiphy, struct net_device *dev,u8 *mac);
int (* change_station) (struct wiphy *wiphy, struct net_device *dev,u8 *mac, struct station_parameters *params);
int (* get_station) (struct wiphy *wiphy, struct net_device *dev,u8 *mac, struct station_info *sinfo);
int (* dump_station) (struct wiphy *wiphy, struct net_device *dev,int idx, u8 *mac, struct station_info *sinfo);
int (* add_mpath) (struct wiphy *wiphy, struct net_device *dev,u8 *dst, u8 *next_hop);
int (* del_mpath) (struct wiphy *wiphy, struct net_device *dev,u8 *dst);
int (* change_mpath) (struct wiphy *wiphy, struct net_device *dev,u8 *dst, u8 *next_hop);
int (* get_mpath) (struct wiphy *wiphy, struct net_device *dev,u8 *dst, u8 *next_hop,struct mpath_info *pinfo);
int (* dump_mpath) (struct wiphy *wiphy, struct net_device *dev,int idx, u8 *dst, u8 *next_hop,struct mpath_info *pinfo);
int (* get_mesh_config) (struct wiphy *wiphy,struct net_device *dev,struct mesh_config *conf);
int (* update_mesh_config) (struct wiphy *wiphy,struct net_device *dev, u32 mask,const struct mesh_config *nconf);
int (* join_mesh) (struct wiphy *wiphy, struct net_device *dev,const struct mesh_config *conf,const struct mesh_setup *setup);
int (* leave_mesh) (struct wiphy *wiphy, struct net_device *dev);
int (* change_bss) (struct wiphy *wiphy, struct net_device *dev,struct bss_parameters *params);
int (* set_txq_params) (struct wiphy *wiphy,struct ieee80211_txq_params *params);
int (* set_channel) (struct wiphy *wiphy, struct net_device *dev,struct ieee80211_channel *chan,enum nl80211_channel_type channel_type);
int (* scan) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_scan_request *request);
int (* auth) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_auth_request *req);
int (* assoc) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_assoc_request *req);
int (* deauth) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_deauth_request *req,void *cookie);
int (* disassoc) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_disassoc_request *req,void *cookie);
int (* connect) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_connect_params *sme);
int (* disconnect) (struct wiphy *wiphy, struct net_device *dev,u16 reason_code);
int (* join_ibss) (struct wiphy *wiphy, struct net_device *dev,struct cfg80211_ibss_params *params);
int (* leave_ibss) (struct wiphy *wiphy, struct net_device *dev);
int (* set_wiphy_params) (struct wiphy *wiphy, u32 changed);
int (* set_tx_power) (struct wiphy *wiphy,enum nl80211_tx_power_setting type, int mbm);
int (* get_tx_power) (struct wiphy *wiphy, int *dbm);
int (* set_wds_peer) (struct wiphy *wiphy, struct net_device *dev,const u8 *addr);
void (* rfkill_poll) (struct wiphy *wiphy);
#ifdef CONFIG_NL80211_TESTMODE
int (* testmode_cmd) (struct wiphy *wiphy, void *data, int len);
#endif
int (* set_bitrate_mask) (struct wiphy *wiphy,struct net_device *dev,const u8 *peer,const struct cfg80211_bitrate_mask *mask);
int (* dump_survey) (struct wiphy *wiphy, struct net_device *netdev,int idx, struct survey_info *info);
int (* set_pmksa) (struct wiphy *wiphy, struct net_device *netdev,struct cfg80211_pmksa *pmksa);
int (* del_pmksa) (struct wiphy *wiphy, struct net_device *netdev,struct cfg80211_pmksa *pmksa);
int (* flush_pmksa) (struct wiphy *wiphy, struct net_device *netdev);
int (* remain_on_channel) (struct wiphy *wiphy,struct net_device *dev,struct ieee80211_channel *chan,enum nl80211_channel_type channel_type,unsigned int duration,u64 *cookie);
int (* cancel_remain_on_channel) (struct wiphy *wiphy,struct net_device *dev,u64 cookie);
int (* mgmt_tx) (struct wiphy *wiphy, struct net_device *dev,struct ieee80211_channel *chan, bool offchan,enum nl80211_channel_type channel_type,bool channel_type_valid, unsigned int wait,const u8 *buf, size_t len, u64 *cookie);
int (* mgmt_tx_cancel_wait) (struct wiphy *wiphy,struct net_device *dev,u64 cookie);
int (* set_power_mgmt) (struct wiphy *wiphy, struct net_device *dev,bool enabled, int timeout);
int (* set_cqm_rssi_config) (struct wiphy *wiphy,struct net_device *dev,s32 rssi_thold, u32 rssi_hyst);
void (* mgmt_frame_register) (struct wiphy *wiphy,struct net_device *dev,u16 frame_type, bool reg);
int (* set_antenna) (struct wiphy *wiphy, u32 tx_ant, u32 rx_ant);
int (* get_antenna) (struct wiphy *wiphy, u32 *tx_ant, u32 *rx_ant);
int (* set_ringparam) (struct wiphy *wiphy, u32 tx, u32 rx);
void (* get_ringparam) (struct wiphy *wiphy,u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max);
int (* sched_scan_start) (struct wiphy *wiphy,struct net_device *dev,struct cfg80211_sched_scan_request *request);
int (* sched_scan_stop) (struct wiphy *wiphy, struct net_device *dev);
};
wiphy device needs to be suspended. The variable wow will
be NULL or contain the enabled Wake-on-Wireless triggers that are
configured for the device.
wiphy device needs to be resumed
create a new virtual interface with the given name, must set the struct wireless_dev's iftype. Beware: You must create the new netdev in the wiphy's network namespace! Returns the netdev, or an ERR_PTR.
remove the virtual interface determined by ifindex.
change type/configuration of virtual interface, keep the struct wireless_dev's iftype updated.
add a key with the given parameters. mac_addr will be NULL
when adding a group key.
get information about the key with the given parameters.
mac_addr will be NULL when requesting information for a group
key. All pointers given to the callback function need not be valid
after it returns. This function should return an error if it is
not possible to retrieve the key, -ENOENT if it doesn't exist.
remove a key given the mac_addr (NULL for a group key)
and key_index, return -ENOENT if the key doesn't exist.
set the default key on an interface
set the default management frame key on an interface
Add a beacon with given parameters, head, interval
and dtim_period will be valid, tail is optional.
Change the beacon parameters for an access point mode interface. This should reject the call when no beacon has been configured.
Remove beacon configuration and stop sending the beacon.
Add a new station.
Remove a station; mac may be NULL to remove all stations.
Modify a given station.
get station information for the station identified by mac
dump station callback -- resume dump at index idx
add a fixed mesh path
delete a given mesh path
change a given mesh path
get a mesh path for the given parameters
dump mesh path callback -- resume dump at index idx
Get the current mesh configuration
Update mesh parameters on a running mesh. The mask is a bitfield which tells us which parameters to set, and which to leave alone.
join the mesh network with the specified parameters
leave the current mesh network
Modify parameters for a given BSS.
Set TX queue parameters
Set channel for a given wireless interface. Some devices
may support multi-channel operation (by channel hopping) so cfg80211
doesn't verify much. Note, however, that the passed netdev may be
NULL as well if the user requested changing the channel for the
device itself, or for a monitor interface.
Request to do a scan. If returning zero, the scan request is given
the driver, and will be valid until passed to cfg80211_scan_done.
For scan results, call cfg80211_inform_bss; you can call this outside
the scan/scan_done bracket too.
Request to authenticate with the specified peer
Request to (re)associate with the specified peer
Request to deauthenticate from the specified peer
Request to disassociate from the specified peer
Connect to the ESS with the specified parameters. When connected,
call cfg80211_connect_result with status code WLAN_STATUS_SUCCESS.
If the connection fails for some reason, call cfg80211_connect_result
with the status from the AP.
Disconnect from the BSS/ESS.
Join the specified IBSS (or create if necessary). Once done, call
cfg80211_ibss_joined, also call that function when changing BSSID due
to a merge.
Leave the IBSS.
Notify that wiphy parameters have changed;
changed bitfield (see enum wiphy_params_flags) describes which values
have changed. The actual parameter values are available in
struct wiphy. If returning an error, no value should be changed.
set the transmit power according to the parameters
store the current TX power into the dbm variable; return 0 if successful
set the WDS peer for a WDS interface
polls the hw rfkill line, use cfg80211 reporting functions to adjust rfkill hw state
run a test mode command
set the bitrate mask configuration
get site survey information.
Cache a PMKID for a BSSID. This is mostly useful for fullmac devices running firmwares capable of generating the (re) association RSN IE. It allows for faster roaming between WPA2 BSSIDs.
Delete a cached PMKID.
Flush all cached PMKIDs.
Request the driver to remain awake on the specified
channel for the specified duration to complete an off-channel
operation (e.g., public action frame exchange). When the driver is
ready on the requested channel, it must indicate this with an event
notification by calling cfg80211_ready_on_channel.
Cancel an on-going remain-on-channel operation. This allows the operation to be terminated prior to timeout based on the duration value.
Transmit a management frame.
Cancel the wait time from transmitting a management frame on another channel
Configure WLAN power management. A timeout value of -1 allows the driver to adjust the dynamic ps timeout value.
Configure connection quality monitor RSSI threshold.
Notify driver that a management frame type was registered. Note that this callback may not sleep, and cannot run concurrently with itself.
Set antenna configuration (tx_ant, rx_ant) on the device.
Parameters are bitmaps of allowed antennas to use for TX/RX. Drivers may
reject TX/RX mask combinations they cannot support by returning -EINVAL
(also see nl80211.h NL80211_ATTR_WIPHY_ANTENNA_TX).
Get current antenna configuration from device (tx_ant, rx_ant).
Set tx and rx ring sizes.
Get tx and rx ring current and maximum sizes.
Tell the driver to start a scheduled scan.
Tell the driver to stop an ongoing scheduled scan. The driver_initiated flag specifies whether the driver itself has informed that the scan has stopped.
This struct is registered by fullmac card drivers and/or wireless stacks in order to handle configuration requests on their interfaces.
All callbacks except where otherwise noted should return 0 on success or a negative error code.
All operations are currently invoked under rtnl for consistency with the wireless extensions but this is subject to reevaluation as soon as this code is used more widely and we have a first user without wext.
struct vif_params — describes virtual interface parameters
struct vif_params {
int use_4addr;
}; struct key_params — key information
struct key_params {
u8 * key;
u8 * seq;
int key_len;
int seq_len;
u32 cipher;
}; enum survey_info_flags — survey information flags
enum survey_info_flags {
SURVEY_INFO_NOISE_DBM,
SURVEY_INFO_IN_USE,
SURVEY_INFO_CHANNEL_TIME,
SURVEY_INFO_CHANNEL_TIME_BUSY,
SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
SURVEY_INFO_CHANNEL_TIME_RX,
SURVEY_INFO_CHANNEL_TIME_TX
}; noise (in dBm) was filled in
channel is currently being used
channel active time (in ms) was filled in
channel busy time was filled in
extension channel busy time was filled in
channel receive time was filled in
channel transmit time was filled in
struct survey_info — channel survey response
struct survey_info {
struct ieee80211_channel * channel;
u64 channel_time;
u64 channel_time_busy;
u64 channel_time_ext_busy;
u64 channel_time_rx;
u64 channel_time_tx;
u32 filled;
s8 noise;
}; the channel this survey record reports, mandatory
amount of time in ms the radio spent on the channel
amount of time the primary channel was sensed busy
amount of time the extension channel was sensed busy
amount of time the radio spent receiving data
amount of time the radio spent transmitting data
bitflag of flags from enum survey_info_flags
channel noise in dBm. This and all following fields are optional
struct beacon_parameters — beacon parameters
struct beacon_parameters {
u8 * head;
u8 * tail;
int interval;
int dtim_period;
int head_len;
int tail_len;
}; enum plink_actions — actions to perform in mesh peers
enum plink_actions {
PLINK_ACTION_INVALID,
PLINK_ACTION_OPEN,
PLINK_ACTION_BLOCK
}; struct station_parameters — station parameters
struct station_parameters {
u8 * supported_rates;
struct net_device * vlan;
u32 sta_flags_mask;
u32 sta_flags_set;
int listen_interval;
u16 aid;
u8 supported_rates_len;
u8 plink_action;
u8 plink_state;
struct ieee80211_ht_cap * ht_capa;
}; supported rates in IEEE 802.11 format (or NULL for no change)
vlan interface station should belong to
station flags that changed (bitmask of BIT(NL80211_STA_FLAG_...))
station flags values (bitmask of BIT(NL80211_STA_FLAG_...))
listen interval or -1 for no change
AID or zero for no change
number of supported rates
plink action to take
set the peer link state for a station
HT capabilities of station
enum station_info_flags — station information flags
enum station_info_flags {
STATION_INFO_INACTIVE_TIME,
STATION_INFO_RX_BYTES,
STATION_INFO_TX_BYTES,
STATION_INFO_LLID,
STATION_INFO_PLID,
STATION_INFO_PLINK_STATE,
STATION_INFO_SIGNAL,
STATION_INFO_TX_BITRATE,
STATION_INFO_RX_PACKETS,
STATION_INFO_TX_PACKETS,
STATION_INFO_TX_RETRIES,
STATION_INFO_TX_FAILED,
STATION_INFO_RX_DROP_MISC,
STATION_INFO_SIGNAL_AVG,
STATION_INFO_RX_BITRATE,
STATION_INFO_BSS_PARAM,
STATION_INFO_CONNECTED_TIME
};
inactive_time filled
rx_bytes filled
tx_bytes filled
llid filled
plid filled
plink_state filled
signal filled
txrate fields are filled
(tx_bitrate, tx_bitrate_flags and tx_bitrate_mcs)
rx_packets filled
tx_packets filled
tx_retries filled
tx_failed filled
rx_dropped_misc filled
signal_avg filled
rxrate fields are filled
bss_param filled
connected_time filled
enum rate_info_flags — bitrate info flags
enum rate_info_flags {
RATE_INFO_FLAGS_MCS,
RATE_INFO_FLAGS_40_MHZ_WIDTH,
RATE_INFO_FLAGS_SHORT_GI
}; struct rate_info — bitrate information
struct rate_info {
u8 flags;
u8 mcs;
u16 legacy;
}; struct station_info — station information
struct station_info {
u32 filled;
u32 connected_time;
u32 inactive_time;
u32 rx_bytes;
u32 tx_bytes;
u16 llid;
u16 plid;
u8 plink_state;
s8 signal;
s8 signal_avg;
struct rate_info txrate;
struct rate_info rxrate;
u32 rx_packets;
u32 tx_packets;
u32 tx_retries;
u32 tx_failed;
u32 rx_dropped_misc;
struct sta_bss_parameters bss_param;
int generation;
}; bitflag of flags from enum station_info_flags
time(in secs) since a station is last connected
time since last station activity (tx/rx) in milliseconds
bytes received from this station
bytes transmitted to this station
mesh local link id
mesh peer link id
mesh peer link state
signal strength of last received packet in dBm
signal strength average in dBm
current unicast bitrate from this station
current unicast bitrate to this station
packets received from this station
packets transmitted to this station
cumulative retry counts
number of failed transmissions (retries exceeded, no ACK)
Dropped for un-specified reason.
current BSS parameters
generation number for nl80211 dumps. This number should increase every time the list of stations changes, i.e. when a station is added or removed, so that userspace can tell whether it got a consistent snapshot.
enum monitor_flags — monitor flags
enum monitor_flags {
MONITOR_FLAG_FCSFAIL,
MONITOR_FLAG_PLCPFAIL,
MONITOR_FLAG_CONTROL,
MONITOR_FLAG_OTHER_BSS,
MONITOR_FLAG_COOK_FRAMES
}; enum mpath_info_flags — mesh path information flags
enum mpath_info_flags {
MPATH_INFO_FRAME_QLEN,
MPATH_INFO_SN,
MPATH_INFO_METRIC,
MPATH_INFO_EXPTIME,
MPATH_INFO_DISCOVERY_TIMEOUT,
MPATH_INFO_DISCOVERY_RETRIES,
MPATH_INFO_FLAGS
}; struct mpath_info — mesh path information
struct mpath_info {
u32 filled;
u32 frame_qlen;
u32 sn;
u32 metric;
u32 exptime;
u32 discovery_timeout;
u8 discovery_retries;
u8 flags;
int generation;
}; bitfield of flags from enum mpath_info_flags
number of queued frames for this destination
target sequence number
metric (cost) of this mesh path
expiration time for the mesh path from now, in msecs
total mesh path discovery timeout, in msecs
mesh path discovery retries
mesh path flags
generation number for nl80211 dumps. This number should increase every time the list of mesh paths changes, i.e. when a station is added or removed, so that userspace can tell whether it got a consistent snapshot.
struct bss_parameters — BSS parameters
struct bss_parameters {
int use_cts_prot;
int use_short_preamble;
int use_short_slot_time;
u8 * basic_rates;
u8 basic_rates_len;
int ap_isolate;
int ht_opmode;
}; Whether to use CTS protection (0 = no, 1 = yes, -1 = do not change)
Whether the use of short preambles is allowed (0 = no, 1 = yes, -1 = do not change)
Whether the use of short slot time is allowed (0 = no, 1 = yes, -1 = do not change)
basic rates in IEEE 802.11 format (or NULL for no change)
number of basic rates
do not forward packets between connected stations
HT Operation mode (u16 = opmode, -1 = do not change)
struct ieee80211_txq_params — TX queue parameters
struct ieee80211_txq_params {
enum nl80211_txq_q queue;
u16 txop;
u16 cwmin;
u16 cwmax;
u8 aifs;
}; TX queue identifier (NL80211_TXQ_Q_*)
Maximum burst time in units of 32 usecs, 0 meaning disabled
Minimum contention window [a value of the form 2^n-1 in the range 1..32767]
Maximum contention window [a value of the form 2^n-1 in the range 1..32767]
Arbitration interframe space [0..255]
struct cfg80211_crypto_settings — Crypto settings
struct cfg80211_crypto_settings {
u32 wpa_versions;
u32 cipher_group;
int n_ciphers_pairwise;
u32 ciphers_pairwise[NL80211_MAX_NR_CIPHER_SUITES];
int n_akm_suites;
u32 akm_suites[NL80211_MAX_NR_AKM_SUITES];
bool control_port;
__be16 control_port_ethertype;
bool control_port_no_encrypt;
}; indicates which, if any, WPA versions are enabled (from enum nl80211_wpa_versions)
group key cipher suite (or 0 if unset)
number of AP supported unicast ciphers
unicast key cipher suites
number of AKM suites
AKM suites
Whether user space controls IEEE 802.1X port, i.e.,
sets/clears NL80211_STA_FLAG_AUTHORIZED. If true, the driver is
required to assume that the port is unauthorized until authorized by
user space. Otherwise, port is marked authorized by default.
the control port protocol that should be allowed through even on unauthorized ports
TRUE to prevent encryption of control port protocol frames.
struct cfg80211_auth_request — Authentication request data
struct cfg80211_auth_request {
struct cfg80211_bss * bss;
const u8 * ie;
size_t ie_len;
enum nl80211_auth_type auth_type;
const u8 * key;
u8 key_len;
u8 key_idx;
bool local_state_change;
}; The BSS to authenticate with.
Extra IEs to add to Authentication frame or NULL
Length of ie buffer in octets
Authentication type (algorithm)
WEP key for shared key authentication
length of WEP key for shared key authentication
index of WEP key for shared key authentication
This is a request for a local state only, i.e., no Authentication frame is to be transmitted and authentication state is to be changed without having to wait for a response from the peer STA (AP).
struct cfg80211_assoc_request — (Re)Association request data
struct cfg80211_assoc_request {
struct cfg80211_bss * bss;
const u8 * ie;
const u8 * prev_bssid;
size_t ie_len;
struct cfg80211_crypto_settings crypto;
bool use_mfp;
}; struct cfg80211_deauth_request — Deauthentication request data
struct cfg80211_deauth_request {
struct cfg80211_bss * bss;
const u8 * ie;
size_t ie_len;
u16 reason_code;
bool local_state_change;
}; the BSS to deauthenticate from
Extra IEs to add to Deauthentication frame or NULL
Length of ie buffer in octets
The reason code for the deauthentication
This is a request for a local state only, i.e., no Deauthentication frame is to be transmitted.
struct cfg80211_disassoc_request — Disassociation request data
struct cfg80211_disassoc_request {
struct cfg80211_bss * bss;
const u8 * ie;
size_t ie_len;
u16 reason_code;
bool local_state_change;
}; struct cfg80211_ibss_params — IBSS parameters
struct cfg80211_ibss_params {
u8 * ssid;
u8 * bssid;
struct ieee80211_channel * channel;
u8 * ie;
u8 ssid_len;
u8 ie_len;
u16 beacon_interval;
u32 basic_rates;
bool channel_fixed;
bool privacy;
int mcast_rate[IEEE80211_NUM_BANDS];
}; The SSID, will always be non-null.
Fixed BSSID requested, maybe be NULL, if set do not
search for IBSSs with a different BSSID.
The channel to use if no IBSS can be found to join.
information element(s) to include in the beacon
The length of the SSID, will always be non-zero.
length of that
beacon interval to use
bitmap of basic rates to use when creating the IBSS
The channel should be fixed -- do not search for IBSSs to join on other channels.
this is a protected network, keys will be configured after joining
per-band multicast rate index + 1 (0: disabled)
struct cfg80211_connect_params — Connection parameters
struct cfg80211_connect_params {
struct ieee80211_channel * channel;
u8 * bssid;
u8 * ssid;
size_t ssid_len;
enum nl80211_auth_type auth_type;
u8 * ie;
size_t ie_len;
bool privacy;
struct cfg80211_crypto_settings crypto;
const u8 * key;
u8 key_len;
u8 key_idx;
};
The channel to use or NULL if not specified (auto-select based
on scan results)
The AP BSSID or NULL if not specified (auto-select based on scan
results)
SSID
Length of ssid in octets
Authentication type (algorithm)
IEs for association request
Length of assoc_ie in octets
indicates whether privacy-enabled APs should be used
crypto settings
WEP key for shared key authentication
length of WEP key for shared key authentication
index of WEP key for shared key authentication
struct cfg80211_pmksa — PMK Security Association
struct cfg80211_pmksa {
u8 * bssid;
u8 * pmkid;
}; cfg80211_send_rx_auth — notification of processed authentication
void cfg80211_send_rx_auth ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;cfg80211_send_auth_timeout — notification of timed out authentication
void cfg80211_send_auth_timeout ( | dev, | |
addr); |
struct net_device * dev;const u8 * addr;__cfg80211_auth_canceled — notify cfg80211 that authentication was canceled
void __cfg80211_auth_canceled ( | dev, | |
addr); |
struct net_device * dev;const u8 * addr;cfg80211_send_rx_assoc — notification of processed association
void cfg80211_send_rx_assoc ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;devnetwork device
buf(re)association response frame (header + body)
lenlength of the frame data
cfg80211_send_assoc_timeout — notification of timed out association
void cfg80211_send_assoc_timeout ( | dev, | |
addr); |
struct net_device * dev;const u8 * addr;cfg80211_send_deauth — notification of processed deauthentication
void cfg80211_send_deauth ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;__cfg80211_send_deauth — notification of processed deauthentication
void __cfg80211_send_deauth ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;cfg80211_send_disassoc — notification of processed disassociation
void cfg80211_send_disassoc ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;__cfg80211_send_disassoc — notification of processed disassociation
void __cfg80211_send_disassoc ( | dev, | |
| buf, | ||
len); |
struct net_device * dev;const u8 * buf;size_t len;cfg80211_ibss_joined — notify cfg80211 that device joined an IBSS
void cfg80211_ibss_joined ( | dev, | |
| bssid, | ||
gfp); |
struct net_device * dev;const u8 * bssid;gfp_t gfp;This function notifies cfg80211 that the device joined an IBSS or switched to a different BSSID. Before this function can be called, either a beacon has to have been received from the IBSS, or one of the cfg80211_inform_bss{,_frame} functions must have been called with the locally generated beacon -- this guarantees that there is always a scan result for this IBSS. cfg80211 will handle the rest.
cfg80211_connect_result — notify cfg80211 of connection result
void cfg80211_connect_result ( | dev, | |
| bssid, | ||
| req_ie, | ||
| req_ie_len, | ||
| resp_ie, | ||
| resp_ie_len, | ||
| status, | ||
gfp); |
struct net_device * dev;const u8 * bssid;const u8 * req_ie;size_t req_ie_len;const u8 * resp_ie;size_t resp_ie_len;u16 status;gfp_t gfp;devnetwork device
bssidthe BSSID of the AP
req_ie
association request IEs (maybe be NULL)
req_ie_lenassociation request IEs length
resp_ie
association response IEs (may be NULL)
resp_ie_lenassoc response IEs length
status
status code, 0 for successful connection, use
WLAN_STATUS_UNSPECIFIED_FAILURE if your device cannot give you
the real status code for failures.
gfpallocation flags
cfg80211_roamed — notify cfg80211 of roaming
void cfg80211_roamed ( | dev, | |
| channel, | ||
| bssid, | ||
| req_ie, | ||
| req_ie_len, | ||
| resp_ie, | ||
| resp_ie_len, | ||
gfp); |
struct net_device * dev;struct ieee80211_channel * channel;const u8 * bssid;const u8 * req_ie;size_t req_ie_len;const u8 * resp_ie;size_t resp_ie_len;gfp_t gfp;cfg80211_disconnected — notify cfg80211 that connection was dropped
void cfg80211_disconnected ( | dev, | |
| reason, | ||
| ie, | ||
| ie_len, | ||
gfp); |
struct net_device * dev;u16 reason;u8 * ie;size_t ie_len;gfp_t gfp;cfg80211_ready_on_channel — notification of remain_on_channel start
void cfg80211_ready_on_channel ( | dev, | |
| cookie, | ||
| chan, | ||
| channel_type, | ||
| duration, | ||
gfp); |
struct net_device * dev;u64 cookie;struct ieee80211_channel * chan;enum nl80211_channel_type channel_type;unsigned int duration;gfp_t gfp;cfg80211_remain_on_channel_expired — remain_on_channel duration expired
void cfg80211_remain_on_channel_expired ( | dev, | |
| cookie, | ||
| chan, | ||
| channel_type, | ||
gfp); |
struct net_device * dev;u64 cookie;struct ieee80211_channel * chan;enum nl80211_channel_type channel_type;gfp_t gfp;cfg80211_new_sta — notify userspace about station
void cfg80211_new_sta ( | dev, | |
| mac_addr, | ||
| sinfo, | ||
gfp); |
struct net_device * dev;const u8 * mac_addr;struct station_info * sinfo;gfp_t gfp;cfg80211_rx_mgmt — notification of received, unprocessed management frame
bool cfg80211_rx_mgmt ( | dev, | |
| freq, | ||
| buf, | ||
| len, | ||
gfp); |
struct net_device * dev;int freq;const u8 * buf;size_t len;gfp_t gfp;devnetwork device
freqFrequency on which the frame was received in MHz
bufManagement frame (header + body)
lenlength of the frame data
gfpcontext flags
Returns true if a user space application has registered for this frame.
For action frames, that makes it responsible for rejecting unrecognized
action frames; false otherwise, in which case for action frames the
driver is responsible for rejecting the frame.
This function is called whenever an Action frame is received for a station mode interface, but is not processed in kernel.
cfg80211_mgmt_tx_status — notification of TX status for management frame
void cfg80211_mgmt_tx_status ( | dev, | |
| cookie, | ||
| buf, | ||
| len, | ||
| ack, | ||
gfp); |
struct net_device * dev;u64 cookie;const u8 * buf;size_t len;bool ack;gfp_t gfp;cfg80211_cqm_rssi_notify — connection quality monitoring rssi event
void cfg80211_cqm_rssi_notify ( | dev, | |
| rssi_event, | ||
gfp); |
struct net_device * dev;enum nl80211_cqm_rssi_threshold_event rssi_event;gfp_t gfp;cfg80211_cqm_pktloss_notify — notify userspace about packetloss to peer
void cfg80211_cqm_pktloss_notify ( | dev, | |
| peer, | ||
| num_packets, | ||
gfp); |
struct net_device * dev;const u8 * peer;u32 num_packets;gfp_t gfp;cfg80211_michael_mic_failure — notification of Michael MIC failure (TKIP)
void cfg80211_michael_mic_failure ( | dev, | |
| addr, | ||
| key_type, | ||
| key_id, | ||
| tsc, | ||
gfp); |
struct net_device * dev;const u8 * addr;enum nl80211_key_type key_type;int key_id;const u8 * tsc;gfp_t gfp;Table of Contents
The scanning process itself is fairly simple, but cfg80211 offers quite a bit of helper functionality. To start a scan, the scan operation will be invoked with a scan definition. This scan definition contains the channels to scan, and the SSIDs to send probe requests for (including the wildcard, if desired). A passive scan is indicated by having no SSIDs to probe. Additionally, a scan request may contain extra information elements that should be added to the probe request. The IEs are guaranteed to be well-formed, and will not exceed the maximum length the driver advertised in the wiphy structure.
When scanning finds a BSS, cfg80211 needs to be notified of that, because it is responsible for maintaining the BSS list; the driver should not maintain a list itself. For this notification, various functions exist.
Since drivers do not maintain a BSS list, there are also a number of functions to search for a BSS and obtain information about it from the BSS structure cfg80211 maintains. The BSS list is also made available to userspace.
struct cfg80211_ssid — SSID description
struct cfg80211_ssid {
u8 ssid[IEEE80211_MAX_SSID_LEN];
u8 ssid_len;
}; struct cfg80211_scan_request — scan request description
struct cfg80211_scan_request {
struct cfg80211_ssid * ssids;
int n_ssids;
u32 n_channels;
const u8 * ie;
size_t ie_len;
struct wiphy * wiphy;
struct net_device * dev;
bool aborted;
struct ieee80211_channel * channels[0];
}; SSIDs to scan for (active scan only)
number of SSIDs
total number of channels to scan
optional information element(s) to add into Probe Request or NULL
length of ie in octets
the wiphy this was for
the interface
(internal) scan request was notified as aborted
channels to scan on.
cfg80211_scan_done — notify that scan finished
void cfg80211_scan_done ( | request, | |
aborted); |
struct cfg80211_scan_request * request;bool aborted;struct cfg80211_bss — BSS description
struct cfg80211_bss {
struct ieee80211_channel * channel;
u8 bssid[ETH_ALEN];
u64 tsf;
u16 beacon_interval;
u16 capability;
u8 * information_elements;
size_t len_information_elements;
u8 * beacon_ies;
size_t len_beacon_ies;
u8 * proberesp_ies;
size_t len_proberesp_ies;
s32 signal;
void (* free_priv) (struct cfg80211_bss *bss);
u8 priv[0] __attribute__((__aligned__(sizeof(void *))));
}; channel this BSS is on
BSSID of the BSS
timestamp of last received update
the beacon interval as from the frame
the capability field in host byte order
the information elements (Note that there is no guarantee that these are well-formed!); this is a pointer to either the beacon_ies or proberesp_ies depending on whether Probe Response frame has been received
total length of the information elements
the information elements from the last Beacon frame
total length of the beacon_ies
the information elements from the last Probe Response frame
total length of the proberesp_ies
signal strength value (type depends on the wiphy's signal_type)
function pointer to free private data
private area for driver use, has at least wiphy->bss_priv_size bytes
cfg80211_inform_bss_frame — inform cfg80211 of a received BSS frame
struct cfg80211_bss* cfg80211_inform_bss_frame ( | wiphy, | |
| channel, | ||
| mgmt, | ||
| len, | ||
| signal, | ||
gfp); |
struct wiphy * wiphy;struct ieee80211_channel * channel;struct ieee80211_mgmt * mgmt;size_t len;s32 signal;gfp_t gfp;cfg80211_inform_bss — inform cfg80211 of a new BSS
struct cfg80211_bss* cfg80211_inform_bss ( | wiphy, | |
| channel, | ||
| bssid, | ||
| timestamp, | ||
| capability, | ||
| beacon_interval, | ||
| ie, | ||
| ielen, | ||
| signal, | ||
gfp); |
struct wiphy * wiphy;struct ieee80211_channel * channel;const u8 * bssid;u64 timestamp;u16 capability;u16 beacon_interval;const u8 * ie;size_t ielen;s32 signal;gfp_t gfp;wiphythe wiphy reporting the BSS
channelThe channel the frame was received on
bssidthe BSSID of the BSS
timestampthe TSF timestamp sent by the peer
capabilitythe capability field sent by the peer
beacon_intervalthe beacon interval announced by the peer
ieadditional IEs sent by the peer
ielenlength of the additional IEs
signalthe signal strength, type depends on the wiphy's signal_type
gfpcontext flags
cfg80211_unlink_bss — unlink BSS from internal data structures
void cfg80211_unlink_bss ( | wiphy, | |
bss); |
struct wiphy * wiphy;struct cfg80211_bss * bss;cfg80211_find_ie — find information element in data
const u8 * cfg80211_find_ie ( | eid, | |
| ies, | ||
len); |
u8 eid;const u8 * ies;int len;
This function will return NULL if the element ID could
not be found or if the element is invalid (claims to be
longer than the given data), or a pointer to the first byte
of the requested element, that is the byte containing the
element ID. There are no checks on the element length
other than having to fit into the given data.
Table of Contents
cfg80211 offers a number of utility functions that can be useful.
ieee80211_channel_to_frequency — convert channel number to frequency
int ieee80211_channel_to_frequency ( | chan, | |
band); |
int chan;enum ieee80211_band band;ieee80211_frequency_to_channel — convert frequency to channel number
int ieee80211_frequency_to_channel ( | freq); |
int freq;ieee80211_get_channel — get channel struct from wiphy for specified frequency
struct ieee80211_channel * ieee80211_get_channel ( | wiphy, | |
freq); |
struct wiphy * wiphy;int freq;ieee80211_get_response_rate — get basic rate for a given rate
struct ieee80211_rate * ieee80211_get_response_rate ( | sband, | |
| basic_rates, | ||
bitrate); |
struct ieee80211_supported_band * sband;u32 basic_rates;int bitrate;ieee80211_hdrlen — get header length in bytes from frame control
unsigned int __attribute_const__ ieee80211_hdrlen ( | fc); |
__le16 fc;ieee80211_get_hdrlen_from_skb — get header length from data
unsigned int ieee80211_get_hdrlen_from_skb ( | skb); |
const struct sk_buff * skb;struct ieee80211_radiotap_iterator — tracks walk thru present radiotap args
struct ieee80211_radiotap_iterator {
struct ieee80211_radiotap_header * _rtheader;
const struct ieee80211_radiotap_vendor_namespaces * _vns;
const struct ieee80211_radiotap_namespace * current_namespace;
unsigned char * _arg;
unsigned char * _next_ns_data;
__le32 * _next_bitmap;
unsigned char * this_arg;
int this_arg_index;
int this_arg_size;
int is_radiotap_ns;
int _max_length;
int _arg_index;
uint32_t _bitmap_shifter;
int _reset_on_ext;
}; pointer to the radiotap header we are walking through
vendor namespace definitions
pointer to the current namespace definition
(or internally NULL if the current namespace is unknown)
next argument pointer
beginning of the next namespace's data
internal pointer to next present u32
pointer to current radiotap arg; it is valid after each
call to ieee80211_radiotap_iterator_next but also after
ieee80211_radiotap_iterator_init where it will point to
the beginning of the actual data portion
index of current arg, valid after each successful call
to ieee80211_radiotap_iterator_next
length of the current arg, for convenience
indicates whether the current namespace is the default radiotap namespace or not
length of radiotap header in cpu byte ordering
next argument index
internal shifter for curr u32 bitmap, b0 set == arg present
internal; reset the arg index to 0 when going to the next bitmap word
Table of Contents
In addition to generic utilities, cfg80211 also offers functions that help implement the data path for devices that do not do the 802.11/802.3 conversion on the device.
ieee80211_data_to_8023 — convert an 802.11 data frame to 802.3
int ieee80211_data_to_8023 ( | skb, | |
| addr, | ||
iftype); |
struct sk_buff * skb;const u8 * addr;enum nl80211_iftype iftype;ieee80211_data_from_8023 — convert an 802.3 frame to 802.11
int ieee80211_data_from_8023 ( | skb, | |
| addr, | ||
| iftype, | ||
| bssid, | ||
qos); |
struct sk_buff * skb;const u8 * addr;enum nl80211_iftype iftype;u8 * bssid;bool qos;ieee80211_amsdu_to_8023s — decode an IEEE 802.11n A-MSDU frame
void ieee80211_amsdu_to_8023s ( | skb, | |
| list, | ||
| addr, | ||
| iftype, | ||
| extra_headroom, | ||
has_80211_header); |
struct sk_buff * skb;struct sk_buff_head * list;const u8 * addr;enum nl80211_iftype iftype;const unsigned int extra_headroom;bool has_80211_header;skbThe input IEEE 802.11n A-MSDU frame.
listThe output list of 802.3 frames. It must be allocated and initialized by by the caller.
addrThe device MAC address.
iftypeThe device interface type.
extra_headroom
The hardware extra headroom for SKBs in the list.
has_80211_headerSet it true if SKB is with IEEE 802.11 header.
Table of Contents
TODO
regulatory_hint — driver hint to the wireless core a regulatory domain
int regulatory_hint ( | wiphy, | |
alpha2); |
struct wiphy * wiphy;const char * alpha2;wiphythe wireless device giving the hint (used only for reporting conflicts)
alpha2
the ISO/IEC 3166 alpha2 the driver claims its regulatory domain
should be in. If rd is set this should be NULL. Note that if you
set this to NULL you should still set rd->alpha2 to some accepted
alpha2.
Wireless drivers can use this function to hint to the wireless core what it believes should be the current regulatory domain by giving it an ISO/IEC 3166 alpha2 country code it knows its regulatory domain should be in or by providing a completely build regulatory domain. If the driver provides an ISO/IEC 3166 alpha2 userspace will be queried for a regulatory domain structure for the respective country.
The wiphy must have been registered to cfg80211 prior to this call.
For cfg80211 drivers this means you must first use wiphy_register,
for mac80211 drivers you must first use ieee80211_register_hw.
Drivers should check the return value, its possible you can get an -ENOMEM.
wiphy_apply_custom_regulatory — apply a custom driver regulatory domain
void wiphy_apply_custom_regulatory ( | wiphy, | |
regd); |
struct wiphy * wiphy;const struct ieee80211_regdomain * regd;wiphythe wireless device we want to process the regulatory domain on
regdthe custom regulatory domain to use for this wiphy
Drivers can sometimes have custom regulatory domains which do not apply to a specific country. Drivers can use this to apply such custom regulatory domains. This routine must be called prior to wiphy registration. The custom regulatory domain will be trusted completely and as such previous default channel settings will be disregarded. If no rule is found for a channel on the regulatory domain the channel will be disabled.
freq_reg_info — get regulatory information for the given frequency
int freq_reg_info ( | wiphy, | |
| center_freq, | ||
| desired_bw_khz, | ||
reg_rule); |
struct wiphy * wiphy;u32 center_freq;u32 desired_bw_khz;const struct ieee80211_reg_rule ** reg_rule;wiphythe wiphy for which we want to process this rule for
center_freqFrequency in KHz for which we want regulatory information for
desired_bw_khzthe desired max bandwidth you want to use per channel. Note that this is still 20 MHz if you want to use HT40 as HT40 makes use of two channels for its 40 MHz width bandwidth. If set to 0 we'll assume you want the standard 20 MHz.
reg_rulethe regulatory rule which we have for this frequency
Use this function to get the regulatory rule for a specific frequency on a given wireless device. If the device has a specific regulatory domain it wants to follow we respect that unless a country IE has been received and processed already.
Returns 0 if it was able to find a valid regulatory rule which does
apply to the given center_freq otherwise it returns non-zero. It will
also return -ERANGE if we determine the given center_freq does not even have
a regulatory rule for a frequency range in the center_freq's band. See
freq_in_rule_band for our current definition of a band -- this is purely
subjective and right now its 802.11 specific.
Table of Contents
RFkill integration in cfg80211 is almost invisible to drivers, as cfg80211 automatically registers an rfkill instance for each wireless device it knows about. Soft kill is also translated into disconnecting and turning all interfaces off, drivers are expected to turn off the device when all interfaces are down.
However, devices may have a hard RFkill line, in which case they also need to interact with the rfkill subsystem, via cfg80211. They can do this with a few helper functions documented here.
wiphy_rfkill_set_hw_state — notify cfg80211 about hw block state
void wiphy_rfkill_set_hw_state ( | wiphy, | |
blocked); |
struct wiphy * wiphy;bool blocked;Table of Contents
Test mode is a set of utility functions to allow drivers to interact with driver-specific tools to aid, for instance, factory programming.
This chapter describes how drivers interact with it, for more information see the nl80211 book's chapter on it.
cfg80211_testmode_alloc_reply_skb — allocate testmode reply
struct sk_buff * cfg80211_testmode_alloc_reply_skb ( | wiphy, | |
approxlen); |
struct wiphy * wiphy;int approxlen;wiphythe wiphy
approxlenan upper bound of the length of the data that will be put into the skb
This function allocates and pre-fills an skb for a reply to
the testmode command. Since it is intended for a reply, calling
it outside of the testmode_cmd operation is invalid.
The returned skb (or NULL if any errors happen) is pre-filled
with the wiphy index and set up in a way that any data that is
put into the skb (with skb_put, nla_put or similar) will end
up being within the NL80211_ATTR_TESTDATA attribute, so all that
needs to be done with the skb is adding data for the corresponding
userspace tool which can then read that data out of the testdata
attribute. You must not modify the skb in any other way.
When done, call cfg80211_testmode_reply with the skb and return
its error code as the result of the testmode_cmd operation.
cfg80211_testmode_reply — send the reply skb
int cfg80211_testmode_reply ( | skb); |
struct sk_buff * skb;cfg80211_testmode_alloc_event_skb — allocate testmode event
struct sk_buff * cfg80211_testmode_alloc_event_skb ( | wiphy, | |
| approxlen, | ||
gfp); |
struct wiphy * wiphy;int approxlen;gfp_t gfp;wiphythe wiphy
approxlenan upper bound of the length of the data that will be put into the skb
gfpallocation flags
This function allocates and pre-fills an skb for an event on the testmode multicast group.
The returned skb (or NULL if any errors happen) is set up in the
same way as with cfg80211_testmode_alloc_reply_skb but prepared
for an event. As there, you should simply add data to it that will
then end up in the NL80211_ATTR_TESTDATA attribute. Again, you must
not modify the skb in any other way.
When done filling the skb, call cfg80211_testmode_event with the
skb to send the event.
Abstract
mac80211 is the Linux stack for 802.11 hardware that implements only partial functionality in hard- or firmware. This document defines the interface between mac80211 and low-level hardware drivers.
If you're reading this document and not the header file itself, it will be incomplete because not all documentation has been converted yet.
Table of Contents
You should read and understand the information contained within this part of the book while implementing a driver. In some chapters, advanced usage is noted, that may be skipped at first.
This part of the book only covers station and monitor mode functionality, additional information required to implement the other modes is covered in the second part of the book.
Table of Contents
Table of Contents
TBD
This chapter shall contain information on getting a hw struct allocated and registered with mac80211.
Since it is required to allocate rates/modes before registering a hw struct, this chapter shall also contain information on setting up the rate/mode structs.
Additionally, some discussion about the callbacks and the general programming model should be in here, including the definition of ieee80211_ops which will be referred to a lot.
Finally, a discussion of hardware capabilities should be done with references to other parts of the book.
struct ieee80211_hw — hardware information and state
struct ieee80211_hw {
struct ieee80211_conf conf;
struct wiphy * wiphy;
const char * rate_control_algorithm;
void * priv;
u32 flags;
unsigned int extra_tx_headroom;
int channel_change_time;
int vif_data_size;
int sta_data_size;
int napi_weight;
u16 queues;
u16 max_listen_interval;
s8 max_signal;
u8 max_rates;
u8 max_report_rates;
u8 max_rate_tries;
u8 max_rx_aggregation_subframes;
u8 max_tx_aggregation_subframes;
}; struct ieee80211_conf, device configuration, don't use.
This points to the struct wiphy allocated for this
802.11 PHY. You must fill in the perm_addr and dev
members of this structure using SET_IEEE80211_DEV
and SET_IEEE80211_PERM_ADDR. Additionally, all supported
bands (with channels, bitrates) are registered here.
rate control algorithm for this hardware.
If unset (NULL), the default algorithm will be used. Must be
set before calling ieee80211_register_hw.
pointer to private area that was allocated for driver use along with this structure.
hardware flags, see enum ieee80211_hw_flags.
headroom to reserve in each transmit skb for use by the driver (e.g. for transmit headers.)
time (in microseconds) it takes to change channels.
size (in bytes) of the drv_priv data area within struct ieee80211_vif.
size (in bytes) of the drv_priv data area within struct ieee80211_sta.
weight used for NAPI polling. You must specify an appropriate value here if a napi_poll operation is provided by your driver.
number of available hardware transmit queues for data packets. WMM/QoS requires at least four, these queues need to have configurable access parameters.
max listen interval in units of beacon interval that HW supports
Maximum value for signal (rssi) in RX information, used
only when IEEE80211_HW_SIGNAL_UNSPEC or IEEE80211_HW_SIGNAL_DB
maximum number of alternate rate retry stages the hw can handle.
maximum number of alternate rate retry stages the hw can report back.
maximum number of tries for each stage
maximum buffer size (number of sub-frames) to be used for A-MPDU block ack receiver aggregation. This is only relevant if the device has restrictions on the number of subframes, if it relies on mac80211 to do reordering it shouldn't be set.
maximum number of subframes in an aggregate an HT driver will transmit, used by the peer as a hint to size its reorder buffer.
enum ieee80211_hw_flags — hardware flags
enum ieee80211_hw_flags {
IEEE80211_HW_HAS_RATE_CONTROL,
IEEE80211_HW_RX_INCLUDES_FCS,
IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING,
IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE,
IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE,
IEEE80211_HW_SIGNAL_UNSPEC,
IEEE80211_HW_SIGNAL_DBM,
IEEE80211_HW_NEED_DTIM_PERIOD,
IEEE80211_HW_SPECTRUM_MGMT,
IEEE80211_HW_AMPDU_AGGREGATION,
IEEE80211_HW_SUPPORTS_PS,
IEEE80211_HW_PS_NULLFUNC_STACK,
IEEE80211_HW_SUPPORTS_DYNAMIC_PS,
IEEE80211_HW_MFP_CAPABLE,
IEEE80211_HW_BEACON_FILTER,
IEEE80211_HW_SUPPORTS_STATIC_SMPS,
IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS,
IEEE80211_HW_SUPPORTS_UAPSD,
IEEE80211_HW_REPORTS_TX_ACK_STATUS,
IEEE80211_HW_CONNECTION_MONITOR,
IEEE80211_HW_SUPPORTS_CQM_RSSI,
IEEE80211_HW_SUPPORTS_PER_STA_GTK,
IEEE80211_HW_AP_LINK_PS
};
The hardware or firmware includes rate control, and cannot be
controlled by the stack. As such, no rate control algorithm
should be instantiated, and the TX rate reported to userspace
will be taken from the TX status instead of the rate control
algorithm.
Note that this requires that the driver implement a number of
callbacks so it has the correct information, it needs to have
the set_rts_threshold callback and must look at the BSS config
use_cts_prot for G/N protection, use_short_slot for slot
timing in 2.4 GHz and use_short_preamble for preambles for
CCK frames.
Indicates that received frames passed to the stack include the FCS at the end.
Some wireless LAN chipsets buffer broadcast/multicast frames
for power saving stations in the hardware/firmware and others
rely on the host system for such buffering. This option is used
to configure the IEEE 802.11 upper layer to buffer broadcast and
multicast frames when there are power saving stations so that
the driver can fetch them with ieee80211_get_buffered_bc.
Hardware is not capable of short slot operation on the 2.4 GHz band.
Hardware is not capable of receiving frames with short preamble on the 2.4 GHz band.
Hardware can provide signal values but we don't know its units. We
expect values between 0 and max_signal.
If possible please provide dB or dBm instead.
Hardware gives signal values in dBm, decibel difference from
one milliwatt. This is the preferred method since it is standardized
between different devices. max_signal does not need to be set.
This device needs to know the DTIM period for the BSS before associating.
Hardware supports spectrum management defined in 802.11h Measurement, Channel Switch, Quieting, TPC
Hardware supports 11n A-MPDU aggregation.
Hardware has power save support (i.e. can go to sleep).
Hardware requires nullfunc frame handling in stack, implies stack support for dynamic PS.
Hardware has support for dynamic PS.
Hardware supports management frame protection (MFP, IEEE 802.11w).
Hardware supports dropping of irrelevant beacon frames to avoid waking up cpu.
Hardware supports static spatial multiplexing powersave, ie. can turn off all but one chain even on HT connections that should be using more chains.
Hardware supports dynamic spatial multiplexing powersave, ie. can turn off all but one chain and then wake the rest up as required after, for example, rts/cts handshake.
Hardware supports Unscheduled Automatic Power Save Delivery
(U-APSD) in managed mode. The mode is configured with
conf_tx operation.
Hardware can provide ack status reports of Tx frames to the stack.
The hardware performs its own connection monitoring, including periodic keep-alives to the AP and probing the AP on beacon loss. When this flag is set, signaling beacon-loss will cause an immediate change to disassociated state.
Hardware can do connection quality monitoring - i.e. it can monitor connection quality related parameters, such as the RSSI level and provide notifications if configured trigger levels are reached.
The device's crypto engine supports per-station GTKs as used by IBSS RSN or during fast transition. If the device doesn't support per-station GTKs, but can be asked not to decrypt group addressed frames, then IBSS RSN support is still possible but software crypto will be used. Advertise the wiphy flag only in that case.
When operating in AP mode the device
autonomously manages the PS status of connected stations. When
this flag is set mac80211 will not trigger PS mode for connected
stations based on the PM bit of incoming frames.
Use ieee80211_start_ps/ieee8021_end_ps to manually configure
the PS mode of connected stations.
These flags are used to indicate hardware capabilities to the stack. Generally, flags here should have their meaning done in a way that the simplest hardware doesn't need setting any particular flags. There are some exceptions to this rule, however, so you are advised to review these flags carefully.
SET_IEEE80211_DEV — set device for 802.11 hardware
void SET_IEEE80211_DEV ( | hw, | |
dev); |
struct ieee80211_hw * hw;struct device * dev;SET_IEEE80211_PERM_ADDR — set the permanent MAC address for 802.11 hardware
void SET_IEEE80211_PERM_ADDR ( | hw, | |
addr); |
struct ieee80211_hw * hw;u8 * addr;struct ieee80211_ops — callbacks from mac80211 to the driver
struct ieee80211_ops {
void (* tx) (struct ieee80211_hw *hw, struct sk_buff *skb);
int (* start) (struct ieee80211_hw *hw);
void (* stop) (struct ieee80211_hw *hw);
#ifdef CONFIG_PM
int (* suspend) (struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan);
int (* resume) (struct ieee80211_hw *hw);
#endif
int (* add_interface) (struct ieee80211_hw *hw,struct ieee80211_vif *vif);
int (* change_interface) (struct ieee80211_hw *hw,struct ieee80211_vif *vif,enum nl80211_iftype new_type, bool p2p);
void (* remove_interface) (struct ieee80211_hw *hw,struct ieee80211_vif *vif);
int (* config) (struct ieee80211_hw *hw, u32 changed);
void (* bss_info_changed) (struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_bss_conf *info,u32 changed);
u64 (* prepare_multicast) (struct ieee80211_hw *hw,struct netdev_hw_addr_list *mc_list);
void (* configure_filter) (struct ieee80211_hw *hw,unsigned int changed_flags,unsigned int *total_flags,u64 multicast);
int (* set_tim) (struct ieee80211_hw *hw, struct ieee80211_sta *sta,bool set);
int (* set_key) (struct ieee80211_hw *hw, enum set_key_cmd cmd,struct ieee80211_vif *vif, struct ieee80211_sta *sta,struct ieee80211_key_conf *key);
void (* update_tkip_key) (struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_key_conf *conf,struct ieee80211_sta *sta,u32 iv32, u16 *phase1key);
int (* hw_scan) (struct ieee80211_hw *hw, struct ieee80211_vif *vif,struct cfg80211_scan_request *req);
int (* sched_scan_start) (struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct cfg80211_sched_scan_request *req,struct ieee80211_sched_scan_ies *ies);
void (* sched_scan_stop) (struct ieee80211_hw *hw,struct ieee80211_vif *vif);
void (* sw_scan_start) (struct ieee80211_hw *hw);
void (* sw_scan_complete) (struct ieee80211_hw *hw);
int (* get_stats) (struct ieee80211_hw *hw,struct ieee80211_low_level_stats *stats);
void (* get_tkip_seq) (struct ieee80211_hw *hw, u8 hw_key_idx,u32 *iv32, u16 *iv16);
int (* set_frag_threshold) (struct ieee80211_hw *hw, u32 value);
int (* set_rts_threshold) (struct ieee80211_hw *hw, u32 value);
int (* sta_add) (struct ieee80211_hw *hw, struct ieee80211_vif *vif,struct ieee80211_sta *sta);
int (* sta_remove) (struct ieee80211_hw *hw, struct ieee80211_vif *vif,struct ieee80211_sta *sta);
void (* sta_notify) (struct ieee80211_hw *hw, struct ieee80211_vif *vif,enum sta_notify_cmd, struct ieee80211_sta *sta);
int (* conf_tx) (struct ieee80211_hw *hw, u16 queue,const struct ieee80211_tx_queue_params *params);
u64 (* get_tsf) (struct ieee80211_hw *hw);
void (* set_tsf) (struct ieee80211_hw *hw, u64 tsf);
void (* reset_tsf) (struct ieee80211_hw *hw);
int (* tx_last_beacon) (struct ieee80211_hw *hw);
int (* ampdu_action) (struct ieee80211_hw *hw,struct ieee80211_vif *vif,enum ieee80211_ampdu_mlme_action action,struct ieee80211_sta *sta, u16 tid, u16 *ssn,u8 buf_size);
int (* get_survey) (struct ieee80211_hw *hw, int idx,struct survey_info *survey);
void (* rfkill_poll) (struct ieee80211_hw *hw);
void (* set_coverage_class) (struct ieee80211_hw *hw, u8 coverage_class);
#ifdef CONFIG_NL80211_TESTMODE
int (* testmode_cmd) (struct ieee80211_hw *hw, void *data, int len);
#endif
void (* flush) (struct ieee80211_hw *hw, bool drop);
void (* channel_switch) (struct ieee80211_hw *hw,struct ieee80211_channel_switch *ch_switch);
int (* napi_poll) (struct ieee80211_hw *hw, int budget);
int (* set_antenna) (struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant);
int (* get_antenna) (struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant);
int (* remain_on_channel) (struct ieee80211_hw *hw,struct ieee80211_channel *chan,enum nl80211_channel_type channel_type,int duration);
int (* cancel_remain_on_channel) (struct ieee80211_hw *hw);
int (* offchannel_tx) (struct ieee80211_hw *hw, struct sk_buff *skb,struct ieee80211_channel *chan,enum nl80211_channel_type channel_type,unsigned int wait);
int (* offchannel_tx_cancel_wait) (struct ieee80211_hw *hw);
int (* set_ringparam) (struct ieee80211_hw *hw, u32 tx, u32 rx);
void (* get_ringparam) (struct ieee80211_hw *hw,u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max);
bool (* tx_frames_pending) (struct ieee80211_hw *hw);
int (* set_bitrate_mask) (struct ieee80211_hw *hw, struct ieee80211_vif *vif,const struct cfg80211_bitrate_mask *mask);
}; Handler that 802.11 module calls for each transmitted frame. skb contains the buffer starting from the IEEE 802.11 header. The low-level driver should send the frame out based on configuration in the TX control data. This handler should, preferably, never fail and stop queues appropriately, more importantly, however, it must never fail for A-MPDU-queues. This function should return NETDEV_TX_OK except in very limited cases. Must be implemented and atomic.
Called before the first netdevice attached to the hardware is enabled. This should turn on the hardware and must turn on frame reception (for possibly enabled monitor interfaces.) Returns negative error codes, these may be seen in userspace, or zero. When the device is started it should not have a MAC address to avoid acknowledging frames before a non-monitor device is added. Must be implemented and can sleep.
Called after last netdevice attached to the hardware is disabled. This should turn off the hardware (at least it must turn off frame reception.) May be called right after add_interface if that rejects an interface. If you added any work onto the mac80211 workqueue you should ensure to cancel it on this callback. Must be implemented and can sleep.
Suspend the device; mac80211 itself will quiesce before and stop transmitting and doing any other configuration, and then ask the device to suspend. This is only invoked when WoWLAN is configured, otherwise the device is deconfigured completely and reconfigured at resume time.
If WoWLAN was configured, this indicates that mac80211 is now resuming its operation, after this the device must be fully functional again. If this returns an error, the only way out is to also unregister the device. If it returns 1, then mac80211 will also go through the regular complete restart on resume.
Called when a netdevice attached to the hardware is
enabled. Because it is not called for monitor mode devices, start
and stop must be implemented.
The driver should perform any initialization it needs before
the device can be enabled. The initial configuration for the
interface is given in the conf parameter.
The callback may refuse to add an interface by returning a
negative error code (which will be seen in userspace.)
Must be implemented and can sleep.
Called when a netdevice changes type. This callback is optional, but only if it is supported can interface types be switched while the interface is UP. The callback may sleep. Note that while an interface is being switched, it will not be found by the interface iteration callbacks.
Notifies a driver that an interface is going down.
The stop callback is called after this if it is the last interface
and no monitor interfaces are present.
When all interfaces are removed, the MAC address in the hardware
must be cleared so the device no longer acknowledges packets,
the mac_addr member of the conf structure is, however, set to the
MAC address of the device going away.
Hence, this callback must be implemented. It can sleep.
Handler for configuration requests. IEEE 802.11 code calls this function to change hardware configuration, e.g., channel. This function should never fail but returns a negative error code if it does. The callback can sleep.
Handler for configuration requests related to BSS
parameters that may vary during BSS's lifespan, and may affect low
level driver (e.g. assoc/disassoc status, erp parameters).
This function should not be used if no BSS has been set, unless
for association indication. The changed parameter indicates which
of the bss parameters has changed when a call is made. The callback
can sleep.
Prepare for multicast filter configuration.
This callback is optional, and its return value is passed
to configure_filter. This callback must be atomic.
Configure the device's RX filter. See the section “Frame filtering” for more information. This callback must be implemented and can sleep.
Set TIM bit. mac80211 calls this function when a TIM bit must be set or cleared for a given STA. Must be atomic.
See the section “Hardware crypto acceleration” This callback is only called between add_interface and remove_interface calls, i.e. while the given virtual interface is enabled. Returns a negative error code if the key can't be added. The callback can sleep.
See the section “Hardware crypto acceleration” This callback will be called in the context of Rx. Called for drivers which set IEEE80211_KEY_FLAG_TKIP_REQ_RX_P1_KEY. The callback must be atomic.
Ask the hardware to service the scan request, no need to start
the scan state machine in stack. The scan must honour the channel
configuration done by the regulatory agent in the wiphy's
registered bands. The hardware (or the driver) needs to make sure
that power save is disabled.
The req ie/ie_len members are rewritten by mac80211 to contain the
entire IEs after the SSID, so that drivers need not look at these
at all but just send them after the SSID -- mac80211 includes the
(extended) supported rates and HT information (where applicable).
When the scan finishes, ieee80211_scan_completed must be called;
note that it also must be called when the scan cannot finish due to
any error unless this callback returned a negative error code.
The callback can sleep.
Ask the hardware to start scanning repeatedly at
specific intervals. The driver must call the
ieee80211_sched_scan_results function whenever it finds results.
This process will continue until sched_scan_stop is called.
Tell the hardware to stop an ongoing scheduled scan.
Notifier function that is called just before a software scan is started. Can be NULL, if the driver doesn't need this notification. The callback can sleep.
Notifier function that is called just after a software scan finished. Can be NULL, if the driver doesn't need this notification. The callback can sleep.
Return low-level statistics. Returns zero if statistics are available. The callback can sleep.
If your device implements TKIP encryption in hardware this callback should be provided to read the TKIP transmit IVs (both IV32 and IV16) for the given key from hardware. The callback must be atomic.
Configuration of fragmentation threshold. Assign this if the device does fragmentation by itself; if this callback is implemented then the stack will not do fragmentation. The callback can sleep.
Configuration of RTS threshold (if device needs it) The callback can sleep.
Notifies low level driver about addition of an associated station, AP, IBSS/WDS/mesh peer etc. This callback can sleep.
Notifies low level driver about removal of an associated station, AP, IBSS/WDS/mesh peer etc. This callback can sleep.
Notifies low level driver about power state transition of an
associated station, AP, IBSS/WDS/mesh peer etc. For a VIF operating
in AP mode, this callback will not be called when the flag
IEEE80211_HW_AP_LINK_PS is set. Must be atomic.
Configure TX queue parameters (EDCF (aifs, cw_min, cw_max), bursting) for a hardware TX queue. Returns a negative error code on failure. The callback can sleep.
Get the current TSF timer value from firmware/hardware. Currently, this is only used for IBSS mode BSSID merging and debugging. Is not a required function. The callback can sleep.
Set the TSF timer to the specified value in the firmware/hardware. Currently, this is only used for IBSS mode debugging. Is not a required function. The callback can sleep.
Reset the TSF timer and allow firmware/hardware to synchronize with other STAs in the IBSS. This is only used in IBSS mode. This function is optional if the firmware/hardware takes full care of TSF synchronization. The callback can sleep.
Determine whether the last IBSS beacon was sent by us. This is needed only for IBSS mode and the result of this function is used to determine whether to reply to Probe Requests. Returns non-zero if this device sent the last beacon. The callback can sleep.
Perform a certain A-MPDU action
The RA/TID combination determines the destination and TID we want
the ampdu action to be performed for. The action is defined through
ieee80211_ampdu_mlme_action. Starting sequence number (ssn)
is the first frame we expect to perform the action on. Notice
that TX/RX_STOP can pass NULL for this parameter.
The buf_size parameter is only valid when the action is set to
IEEE80211_AMPDU_TX_OPERATIONAL and indicates the peer's reorder
buffer size (number of subframes) for this session -- the driver
may neither send aggregates containing more subframes than this
nor send aggregates in a way that lost frames would exceed the
buffer size. If just limiting the aggregate size, this would be
Return per-channel survey information
Poll rfkill hardware state. If you need this, you also
need to set wiphy->rfkill_poll to true before registration,
and need to call wiphy_rfkill_set_hw_state in the callback.
The callback can sleep.
Set slot time for given coverage class as specified in IEEE 802.11-2007 section 17.3.8.6 and modify ACK timeout accordingly. This callback is not required and may sleep.
Implement a cfg80211 test mode command. The callback can sleep.
Flush all pending frames from the hardware queue, making sure
that the hardware queues are empty. If the parameter drop is set
to true, pending frames may be dropped. The callback can sleep.
Drivers that need (or want) to offload the channel
switch operation for CSAs received from the AP may implement this
callback. They must then call ieee80211_chswitch_done to indicate
completion of the channel switch.
Poll Rx queue for incoming data frames.
Set antenna configuration (tx_ant, rx_ant) on the device.
Parameters are bitmaps of allowed antennas to use for TX/RX. Drivers may
reject TX/RX mask combinations they cannot support by returning -EINVAL
(also see nl80211.h NL80211_ATTR_WIPHY_ANTENNA_TX).
Get current antenna configuration from device (tx_ant, rx_ant).
Starts an off-channel period on the given channel, must
call back to ieee80211_ready_on_channel when on that channel. Note
that normal channel traffic is not stopped as this is intended for hw
offload. Frames to transmit on the off-channel channel are transmitted
normally except for the IEEE80211_TX_CTL_TX_OFFCHAN flag. When the
duration (which will always be non-zero) expires, the driver must call
ieee80211_remain_on_channel_expired. This callback may sleep.
Requests that an ongoing off-channel period is aborted before it expires. This callback may sleep.
Transmit frame on another channel, wait for a response
and return. Reliable TX status must be reported for the frame. If the
return value is 1, then the remain_on_channel will be used with a
regular transmission (if supported.)
cancel wait associated with offchannel TX
Set tx and rx ring sizes.
Get tx and rx ring current and maximum sizes.
Check if there is any pending frame in the hardware queues before entering power save.
Set a mask of rates to be used for rate control selection when transmitting a frame. Currently only legacy rates are handled. The callback can sleep.
This structure contains various callbacks that the driver may handle or, in some cases, must handle, for example to configure the hardware to a new channel or to transmit a frame.
- TX: 1.....7 - RX: 2....7 (lost frame #1) - TX: 8..1... which is invalid since #1 was now re-transmitted well past the buffer size of 8. Correct ways to retransmit #1 would be: - TX: 1 or 18 or 81 Even “189” would be wrong since 1 could be lost again.
Returns a negative error code on failure. The callback can sleep.
ieee80211_alloc_hw — Allocate a new hardware device
struct ieee80211_hw * ieee80211_alloc_hw ( | priv_data_len, | |
ops); |
size_t priv_data_len;const struct ieee80211_ops * ops;ieee80211_register_hw — Register hardware device
int ieee80211_register_hw ( | hw); |
struct ieee80211_hw * hw;ieee80211_unregister_hw — Unregister a hardware device
void ieee80211_unregister_hw ( | hw); |
struct ieee80211_hw * hw;Table of Contents
TBD
This chapter should describe PHY handling including start/stop callbacks and the various structures used.
struct ieee80211_conf — configuration of the device
struct ieee80211_conf {
u32 flags;
int power_level;
int dynamic_ps_timeout;
int max_sleep_period;
u16 listen_interval;
u8 ps_dtim_period;
u8 long_frame_max_tx_count;
u8 short_frame_max_tx_count;
struct ieee80211_channel * channel;
enum nl80211_channel_type channel_type;
enum ieee80211_smps_mode smps_mode;
}; configuration flags defined above
requested transmit power (in dBm)
The dynamic powersave timeout (in ms), see the powersave documentation below. This variable is valid only when the CONF_PS flag is set.
the maximum number of beacon intervals to sleep for before checking the beacon for a TIM bit (managed mode only); this value will be only achievable between DTIM frames, the hardware needs to check for the multicast traffic bit in DTIM beacons. This variable is valid only when the CONF_PS flag is set.
listen interval in units of beacon interval
The DTIM period of the AP we're connected to, for use in power saving. Power saving will not be enabled until a beacon has been received and the DTIM period is known.
Maximum number of transmissions for a “long” frame (a frame not RTS protected), called “dot11LongRetryLimit” in 802.11, but actually means the number of transmissions not the number of retries
Maximum number of transmissions for a “short” frame, called “dot11ShortRetryLimit” in 802.11, but actually means the number of transmissions not the number of retries
the channel to tune to
the channel (HT) type
spatial multiplexing powersave mode; note that
IEEE80211_SMPS_STATIC is used when the device is not
configured for an HT channel
enum ieee80211_conf_flags — configuration flags
enum ieee80211_conf_flags {
IEEE80211_CONF_MONITOR,
IEEE80211_CONF_PS,
IEEE80211_CONF_IDLE,
IEEE80211_CONF_OFFCHANNEL
}; there's a monitor interface present -- use this to determine for example whether to calculate timestamps for packets or not, do not use instead of filter flags!
Enable 802.11 power save mode (managed mode only). This is the power save mode defined by IEEE 802.11-2007 section 11.2, meaning that the hardware still wakes up for beacons, is able to transmit frames and receive the possible acknowledgment frames. Not to be confused with hardware specific wakeup/sleep states, driver is responsible for that. See the section “Powersave support” for more.
The device is running, but idle; if the flag is set the driver should be prepared to handle configuration requests but may turn the device off as much as possible. Typically, this flag will be set when an interface is set UP but not associated or scanning, but it can also be unset in that case when monitor interfaces are active.
The device is currently not on its main operating channel.
Table of Contents
TBD
This chapter should describe virtual interface basics that are relevant to the driver (VLANs, MGMT etc are not.) It should explain the use of the add_iface/remove_iface callbacks as well as the interface configuration callbacks.
Things related to AP mode should be discussed there.
Things related to supporting multiple interfaces should be in the appropriate chapter, a BIG FAT note should be here about this though and the recommendation to allow only a single interface in STA mode at first!
struct ieee80211_vif — per-interface data
struct ieee80211_vif {
enum nl80211_iftype type;
struct ieee80211_bss_conf bss_conf;
u8 addr[ETH_ALEN];
bool p2p;
u8 drv_priv[0] __attribute__((__aligned__(sizeof(void *))));
}; type of this virtual interface
BSS configuration for this interface, either our own or the BSS we're associated to
address of this interface
indicates whether this AP or STA interface is a p2p interface, i.e. a GO or p2p-sta respectively
data area for driver use, will always be aligned to sizeof(void *).
Table of Contents
TBD
This should describe the receive and transmit paths in mac80211/the drivers as well as transmit status handling.
As a general rule, when frames are passed between mac80211 and the driver, they start with the IEEE 802.11 header and include the same octets that are sent over the air except for the FCS which should be calculated by the hardware.
There are, however, various exceptions to this rule for advanced features:
The first exception is for hardware encryption and decryption offload where the IV/ICV may or may not be generated in hardware.
Secondly, when the hardware handles fragmentation, the frame handed to the driver from mac80211 is the MSDU, not the MPDU.
Finally, for received frames, the driver is able to indicate that it has filled a radiotap header and put that in front of the frame; if it does not do so then mac80211 may add this under certain circumstances.
Drivers always need to pass packets that are aligned to two-byte boundaries to the stack.
Additionally, should, if possible, align the payload data in a way that guarantees that the contained IP header is aligned to a four-byte boundary. In the case of regular frames, this simply means aligning the payload to a four-byte boundary (because either the IP header is directly contained, or IV/RFC1042 headers that have a length divisible by four are in front of it). If the payload data is not properly aligned and the architecture doesn't support efficient unaligned operations, mac80211 will align the data.
With A-MSDU frames, however, the payload data address must yield two modulo four because there are 14-byte 802.3 headers within the A-MSDU frames that push the IP header further back to a multiple of four again. Thankfully, the specs were sane enough this time around to require padding each A-MSDU subframe to a length that is a multiple of four.
Padding like Atheros hardware adds which is between the 802.11 header and the payload is not supported, the driver is required to move the 802.11 header to be directly in front of the payload in that case.
Only ieee80211_tx_status_irqsafe and ieee80211_rx_irqsafe can be
called in hardware interrupt context. The low-level driver must not call any
other functions in hardware interrupt context. If there is a need for such
call, the low-level driver should first ACK the interrupt and perform the
IEEE 802.11 code call after this, e.g. from a scheduled workqueue or even
tasklet function.
NOTE: If the driver opts to use the _irqsafe functions, it may not also
use the non-IRQ-safe functions!
struct ieee80211_rx_status — receive status
struct ieee80211_rx_status {
u64 mactime;
enum ieee80211_band band;
int freq;
int signal;
int antenna;
int rate_idx;
int flag;
unsigned int rx_flags;
}; value in microseconds of the 64-bit Time Synchronization Function (TSF) timer when the first data symbol (MPDU) arrived at the hardware.
the active band when this frame was received
frequency the radio was tuned to when receiving this frame, in MHz
signal strength when receiving this frame, either in dBm, in dB or
unspecified depending on the hardware capabilities flags
IEEE80211_HW_SIGNAL_*
antenna used
index of data rate into band's supported rates or MCS index if HT rates are use (RX_FLAG_HT)
RX_FLAG_*
internal RX flags for mac80211
enum mac80211_rx_flags — receive flags
enum mac80211_rx_flags {
RX_FLAG_MMIC_ERROR,
RX_FLAG_DECRYPTED,
RX_FLAG_MMIC_STRIPPED,
RX_FLAG_IV_STRIPPED,
RX_FLAG_FAILED_FCS_CRC,
RX_FLAG_FAILED_PLCP_CRC,
RX_FLAG_MACTIME_MPDU,
RX_FLAG_SHORTPRE,
RX_FLAG_HT,
RX_FLAG_40MHZ,
RX_FLAG_SHORT_GI
};
Michael MIC error was reported on this frame.
Use together with RX_FLAG_MMIC_STRIPPED.
This frame was decrypted in hardware.
the Michael MIC is stripped off this frame, verification has been done by the hardware.
The IV/ICV are stripped from this frame. If this flag is set, the stack cannot do any replay detection hence the driver or hardware will have to do that.
Set this flag if the FCS check failed on the frame.
Set this flag if the PCLP check failed on the frame.
The timestamp passed in the RX status (mactime
field) is valid and contains the time the first symbol of the MPDU
was received. This is useful in monitor mode and for proper IBSS
merging.
Short preamble was used for this frame
HT MCS was used and rate_idx is MCS index
HT40 (40 MHz) was used
Short guard interval was used
enum mac80211_tx_control_flags — flags to describe transmission information/status
enum mac80211_tx_control_flags {
IEEE80211_TX_CTL_REQ_TX_STATUS,
IEEE80211_TX_CTL_ASSIGN_SEQ,
IEEE80211_TX_CTL_NO_ACK,
IEEE80211_TX_CTL_CLEAR_PS_FILT,
IEEE80211_TX_CTL_FIRST_FRAGMENT,
IEEE80211_TX_CTL_SEND_AFTER_DTIM,
IEEE80211_TX_CTL_AMPDU,
IEEE80211_TX_CTL_INJECTED,
IEEE80211_TX_STAT_TX_FILTERED,
IEEE80211_TX_STAT_ACK,
IEEE80211_TX_STAT_AMPDU,
IEEE80211_TX_STAT_AMPDU_NO_BACK,
IEEE80211_TX_CTL_RATE_CTRL_PROBE,
IEEE80211_TX_INTFL_NEED_TXPROCESSING,
IEEE80211_TX_INTFL_RETRIED,
IEEE80211_TX_INTFL_DONT_ENCRYPT,
IEEE80211_TX_CTL_PSPOLL_RESPONSE,
IEEE80211_TX_CTL_MORE_FRAMES,
IEEE80211_TX_INTFL_RETRANSMISSION,
IEEE80211_TX_INTFL_HAS_RADIOTAP,
IEEE80211_TX_INTFL_NL80211_FRAME_TX,
IEEE80211_TX_CTL_LDPC,
IEEE80211_TX_CTL_STBC,
IEEE80211_TX_CTL_TX_OFFCHAN,
IEEE80211_TX_INTFL_TKIP_MIC_FAILURE
}; require TX status callback for this frame.
The driver has to assign a sequence number to this frame, taking care of not overwriting the fragment number and increasing the sequence number only when the IEEE80211_TX_CTL_FIRST_FRAGMENT flag is set. mac80211 will properly assign sequence numbers to QoS-data frames but cannot do so correctly for non-QoS-data and management frames because beacons need them from that counter as well and mac80211 cannot guarantee proper sequencing. If this flag is set, the driver should instruct the hardware to assign a sequence number to the frame or assign one itself. Cf. IEEE 802.11-2007 7.1.3.4.1 paragraph 3. This flag will always be set for beacons and always be clear for frames without a sequence number field.
tell the low level not to wait for an ack
clear powersave filter for destination station
this is a first fragment of the frame
send this frame after DTIM beacon
this frame should be sent as part of an A-MPDU
Frame was injected, internal to mac80211.
The frame was not transmitted because the destination STA was in powersave mode. Note that to avoid race conditions, the filter must be set by the hardware or firmware upon receiving a frame that indicates that the station went to sleep (must be done on device to filter frames already on the queue) and may only be unset after mac80211 gives the OK for that by setting the IEEE80211_TX_CTL_CLEAR_PS_FILT (see above), since only then is it guaranteed that no more frames are in the hardware queue.
Frame was acknowledged
The frame was aggregated, so status is for the whole aggregation.
no block ack was returned, so consider using block ack request (BAR).
internal to mac80211, can be set by rate control algorithms to indicate probe rate, will be cleared for fragmented frames (except on the last fragment)
completely internal to mac80211, used to indicate that a pending frame requires TX processing before it can be sent out.
completely internal to mac80211, used to indicate that a frame was already retried due to PS
completely internal to mac80211, used to indicate frame should not be encrypted
(internal?) This frame is a response to a PS-poll frame and should be sent although the station is in powersave mode.
More frames will be passed to the transmit function after the current frame, this can be used by drivers to kick the DMA queue only if unset or when the queue gets full.
This frame is being retransmitted after TX status because the destination was asleep, it must not be modified again (no seqno assignment, crypto, etc.)
This frame was injected and still has a radiotap header at skb->data.
Frame was requested through nl80211 MLME command (internal to mac80211 to figure out whether to send TX status to user space)
tells the driver to use LDPC for this frame
Enables Space-Time Block Coding (STBC) for this frame and selects the maximum number of streams that it can use.
Marks this packet to be transmitted on the off-channel channel when a remain-on-channel offload is done in hardware -- normal packets still flow and are expected to be handled properly by the device.
Marks this packet to be used for TKIP testing. It will be sent out with incorrect Michael MIC key to allow TKIP countermeasures to be tested.
enum mac80211_rate_control_flags — per-rate flags set by the Rate Control algorithm.
enum mac80211_rate_control_flags {
IEEE80211_TX_RC_USE_RTS_CTS,
IEEE80211_TX_RC_USE_CTS_PROTECT,
IEEE80211_TX_RC_USE_SHORT_PREAMBLE,
IEEE80211_TX_RC_MCS,
IEEE80211_TX_RC_GREEN_FIELD,
IEEE80211_TX_RC_40_MHZ_WIDTH,
IEEE80211_TX_RC_DUP_DATA,
IEEE80211_TX_RC_SHORT_GI
}; Use RTS/CTS exchange for this rate.
CTS-to-self protection is required. This is set if the current BSS requires ERP protection.
Use short preamble.
HT rate.
Indicates whether this rate should be used in Greenfield mode.
Indicates if the Channel Width should be 40 MHz.
The frame should be transmitted on both of the adjacent 20 MHz channels, if the current channel type is NL80211_CHAN_HT40MINUS or NL80211_CHAN_HT40PLUS.
Short Guard interval should be used for this rate.
struct ieee80211_tx_rate — rate selection/status
struct ieee80211_tx_rate {
s8 idx;
u8 count;
u8 flags;
}; rate index to attempt to send with
number of tries in this rate before going to the next rate
rate control flags (enum mac80211_rate_control_flags)
A value of -1 for idx indicates an invalid rate and, if used
in an array of retry rates, that no more rates should be tried.
When used for transmit status reporting, the driver should always report the rate along with the flags it used.
struct ieee80211_tx_info contains an array of these structs in the control information, and it will be filled by the rate control algorithm according to what should be sent. For example, if this array contains, in the format { <idx>, <count> } the information { 3, 2 }, { 2, 2 }, { 1, 4 }, { -1, 0 }, { -1, 0 } then this means that the frame should be transmitted up to twice at rate 3, up to twice at rate 2, and up to four times at rate 1 if it doesn't get acknowledged. Say it gets acknowledged by the peer after the fifth attempt, the status information should then contain { 3, 2 }, { 2, 2 }, { 1, 1 }, { -1, 0 } ... since it was transmitted twice at rate 3, twice at rate 2 and once at rate 1 after which we received an acknowledgement.
struct ieee80211_tx_info — skb transmit information
struct ieee80211_tx_info {
u32 flags;
u8 band;
u8 antenna_sel_tx;
u8 pad[2];
union {unnamed_union};
}; transmit info flags, defined above
the band to transmit on (use for checking for races)
antenna to use, 0 for automatic diversity
padding, ignore
anonymous
This structure is placed in skb->cb for three uses: (1) mac80211 TX control - mac80211 tells the driver what to do (2) driver internal use (if applicable) (3) TX status information - driver tells mac80211 what happened
The TX control's sta pointer is only valid during the ->tx call, it may be NULL.
ieee80211_tx_info_clear_status — clear TX status
void ieee80211_tx_info_clear_status ( | info); |
struct ieee80211_tx_info * info;ieee80211_rx — receive frame
void ieee80211_rx ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;hwthe hardware this frame came in on
skbthe buffer to receive, owned by mac80211 after this call
Use this function to hand received frames to mac80211. The receive
buffer in skb must start with an IEEE 802.11 header. In case of a
paged skb is used, the driver is recommended to put the ieee80211
header of the frame on the linear part of the skb to avoid memory
allocation and/or memcpy by the stack.
This function may not be called in IRQ context. Calls to this function
for a single hardware must be synchronized against each other. Calls to
this function, ieee80211_rx_ni and ieee80211_rx_irqsafe may not be
mixed for a single hardware.
In process context use instead ieee80211_rx_ni.
ieee80211_rx_ni — receive frame (in process context)
void ieee80211_rx_ni ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;ieee80211_rx_irqsafe — receive frame
void ieee80211_rx_irqsafe ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;ieee80211_tx_status — transmit status callback
void ieee80211_tx_status ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;hwthe hardware the frame was transmitted by
skbthe frame that was transmitted, owned by mac80211 after this call
Call this function for all transmitted frames after they have been transmitted. It is permissible to not call this function for multicast frames but this can affect statistics.
This function may not be called in IRQ context. Calls to this function
for a single hardware must be synchronized against each other. Calls
to this function, ieee80211_tx_status_ni and ieee80211_tx_status_irqsafe
may not be mixed for a single hardware.
ieee80211_tx_status_ni — transmit status callback (in process context)
void ieee80211_tx_status_ni ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;ieee80211_tx_status_irqsafe — IRQ-safe transmit status callback
void ieee80211_tx_status_irqsafe ( | hw, | |
skb); |
struct ieee80211_hw * hw;struct sk_buff * skb;ieee80211_rts_get — RTS frame generation function
void ieee80211_rts_get ( | hw, | |
| vif, | ||
| frame, | ||
| frame_len, | ||
| frame_txctl, | ||
rts); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;const void * frame;size_t frame_len;const struct ieee80211_tx_info * frame_txctl;struct ieee80211_rts * rts;hw
pointer obtained from ieee80211_alloc_hw.
vifstruct ieee80211_vif pointer from the add_interface callback.
framepointer to the frame that is going to be protected by the RTS.
frame_lenthe frame length (in octets).
frame_txctlstruct ieee80211_tx_info of the frame.
rtsThe buffer where to store the RTS frame.
ieee80211_rts_duration — Get the duration field for an RTS frame
__le16 ieee80211_rts_duration ( | hw, | |
| vif, | ||
| frame_len, | ||
frame_txctl); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;size_t frame_len;const struct ieee80211_tx_info * frame_txctl;ieee80211_ctstoself_get — CTS-to-self frame generation function
void ieee80211_ctstoself_get ( | hw, | |
| vif, | ||
| frame, | ||
| frame_len, | ||
| frame_txctl, | ||
cts); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;const void * frame;size_t frame_len;const struct ieee80211_tx_info * frame_txctl;struct ieee80211_cts * cts;hw
pointer obtained from ieee80211_alloc_hw.
vifstruct ieee80211_vif pointer from the add_interface callback.
framepointer to the frame that is going to be protected by the CTS-to-self.
frame_lenthe frame length (in octets).
frame_txctlstruct ieee80211_tx_info of the frame.
ctsThe buffer where to store the CTS-to-self frame.
ieee80211_ctstoself_duration — Get the duration field for a CTS-to-self frame
__le16 ieee80211_ctstoself_duration ( | hw, | |
| vif, | ||
| frame_len, | ||
frame_txctl); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;size_t frame_len;const struct ieee80211_tx_info * frame_txctl;ieee80211_generic_frame_duration — Calculate the duration field for a frame
__le16 ieee80211_generic_frame_duration ( | hw, | |
| vif, | ||
| frame_len, | ||
rate); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;size_t frame_len;struct ieee80211_rate * rate;ieee80211_wake_queue — wake specific queue
void ieee80211_wake_queue ( | hw, | |
queue); |
struct ieee80211_hw * hw;int queue;ieee80211_stop_queue — stop specific queue
void ieee80211_stop_queue ( | hw, | |
queue); |
struct ieee80211_hw * hw;int queue;ieee80211_wake_queues — wake all queues
void ieee80211_wake_queues ( | hw); |
struct ieee80211_hw * hw;ieee80211_stop_queues — stop all queues
void ieee80211_stop_queues ( | hw); |
struct ieee80211_hw * hw;Table of Contents
mac80211 requires to see many management frames for proper operation, and users may want to see many more frames when in monitor mode. However, for best CPU usage and power consumption, having as few frames as possible percolate through the stack is desirable. Hence, the hardware should filter as much as possible.
To achieve this, mac80211 uses filter flags (see below) to tell
the driver's configure_filter function which frames should be
passed to mac80211 and which should be filtered out.
Before configure_filter is invoked, the prepare_multicast
callback is invoked with the parameters mc_count and mc_list
for the combined multicast address list of all virtual interfaces.
It's use is optional, and it returns a u64 that is passed to
configure_filter. Additionally, configure_filter has the
arguments changed_flags telling which flags were changed and
total_flags with the new flag states.
If your device has no multicast address filters your driver will
need to check both the FIF_ALLMULTI flag and the mc_count
parameter to see whether multicast frames should be accepted
or dropped.
All unsupported flags in total_flags must be cleared.
Hardware does not support a flag if it is incapable of _passing_
the frame to the stack. Otherwise the driver must ignore
the flag, but not clear it.
You must _only_ clear the flag (announce no support for the
flag to mac80211) if you are not able to pass the packet type
to the stack (so the hardware always filters it).
So for example, you should clear FIF_CONTROL, if your hardware
always filters control frames. If your hardware always passes
control frames to the kernel and is incapable of filtering them,
you do _not_ clear the FIF_CONTROL flag.
This rule applies to all other FIF flags as well.
enum ieee80211_filter_flags — hardware filter flags
enum ieee80211_filter_flags {
FIF_PROMISC_IN_BSS,
FIF_ALLMULTI,
FIF_FCSFAIL,
FIF_PLCPFAIL,
FIF_BCN_PRBRESP_PROMISC,
FIF_CONTROL,
FIF_OTHER_BSS,
FIF_PSPOLL,
FIF_PROBE_REQ
}; promiscuous mode within your BSS, think of the BSS as your network segment and then this corresponds to the regular ethernet device promiscuous mode.
pass all multicast frames, this is used if requested by the user or if the hardware is not capable of filtering by multicast address.
pass frames with failed FCS (but you need to set the
RX_FLAG_FAILED_FCS_CRC for them)
pass frames with failed PLCP CRC (but you need to set
the RX_FLAG_FAILED_PLCP_CRC for them
This flag is set during scanning to indicate to the hardware that it should not filter beacons or probe responses by BSSID. Filtering them can greatly reduce the amount of processing mac80211 needs to do and the amount of CPU wakeups, so you should honour this flag if possible.
pass control frames (except for PS Poll), if PROMISC_IN_BSS is not set then only those addressed to this station.
pass frames destined to other BSSes
pass PS Poll frames, if PROMISC_IN_BSS is not set then only those addressed to this station.
pass probe request frames
Table of Contents
mac80211 provides its own workqueue for drivers and internal mac80211 use.
The workqueue is a single threaded workqueue and can only be accessed by
helpers for sanity checking. Drivers must ensure all work added onto the
mac80211 workqueue should be cancelled on the driver stop callback.
mac80211 will flushed the workqueue upon interface removal and during suspend.
All work performed on the mac80211 workqueue must not acquire the RTNL lock.
ieee80211_queue_work — add work onto the mac80211 workqueue
void ieee80211_queue_work ( | hw, | |
work); |
struct ieee80211_hw * hw;struct work_struct * work;ieee80211_queue_delayed_work — add work onto the mac80211 workqueue
void ieee80211_queue_delayed_work ( | hw, | |
| dwork, | ||
delay); |
struct ieee80211_hw * hw;struct delayed_work * dwork;unsigned long delay;Information contained within this part of the book is of interest only for advanced interaction of mac80211 with drivers to exploit more hardware capabilities and improve performance.
Table of Contents
Table of Contents
Mac80211 supports various ways of blinking LEDs. Wherever possible, device LEDs should be exposed as LED class devices and hooked up to the appropriate trigger, which will then be triggered appropriately by mac80211.
ieee80211_get_tx_led_name — get name of TX LED
char * ieee80211_get_tx_led_name ( | hw); |
struct ieee80211_hw * hw;ieee80211_get_rx_led_name — get name of RX LED
char * ieee80211_get_rx_led_name ( | hw); |
struct ieee80211_hw * hw;ieee80211_get_assoc_led_name — get name of association LED
char * ieee80211_get_assoc_led_name ( | hw); |
struct ieee80211_hw * hw;ieee80211_get_radio_led_name — get name of radio LED
char * ieee80211_get_radio_led_name ( | hw); |
struct ieee80211_hw * hw;struct ieee80211_tpt_blink — throughput blink description
struct ieee80211_tpt_blink {
int throughput;
int blink_time;
}; enum ieee80211_tpt_led_trigger_flags — throughput trigger flags
enum ieee80211_tpt_led_trigger_flags {
IEEE80211_TPT_LEDTRIG_FL_RADIO,
IEEE80211_TPT_LEDTRIG_FL_WORK,
IEEE80211_TPT_LEDTRIG_FL_CONNECTED
}; ieee80211_create_tpt_led_trigger — create throughput LED trigger
char * ieee80211_create_tpt_led_trigger ( | hw, | |
| flags, | ||
| blink_table, | ||
blink_table_len); |
struct ieee80211_hw * hw;unsigned int flags;const struct ieee80211_tpt_blink * blink_table;unsigned int blink_table_len;Table of Contents
mac80211 is capable of taking advantage of many hardware acceleration designs for encryption and decryption operations.
The set_key callback in the struct ieee80211_ops for a given
device is called to enable hardware acceleration of encryption and
decryption. The callback takes a sta parameter that will be NULL
for default keys or keys used for transmission only, or point to
the station information for the peer for individual keys.
Multiple transmission keys with the same key index may be used when
VLANs are configured for an access point.
When transmitting, the TX control data will use the hw_key_idx
selected by the driver by modifying the struct ieee80211_key_conf
pointed to by the key parameter to the set_key function.
The set_key call for the SET_KEY command should return 0 if
the key is now in use, -EOPNOTSUPP or -ENOSPC if it couldn't be
added; if you return 0 then hw_key_idx must be assigned to the
hardware key index, you are free to use the full u8 range.
When the cmd is DISABLE_KEY then it must succeed.
Note that it is permissible to not decrypt a frame even if a key for it has been uploaded to hardware, the stack will not make any decision based on whether a key has been uploaded or not but rather based on the receive flags.
The struct ieee80211_key_conf structure pointed to by the key
parameter is guaranteed to be valid until another call to set_key
removes it, but it can only be used as a cookie to differentiate
keys.
In TKIP some HW need to be provided a phase 1 key, for RX decryption
acceleration (i.e. iwlwifi). Those drivers should provide update_tkip_key
handler.
The update_tkip_key call updates the driver with the new phase 1 key.
This happens every time the iv16 wraps around (every 65536 packets). The
set_key call will happen only once for each key (unless the AP did
rekeying), it will not include a valid phase 1 key. The valid phase 1 key is
provided by update_tkip_key only. The trigger that makes mac80211 call this
handler is software decryption with wrap around of iv16.
struct ieee80211_key_conf — key information
struct ieee80211_key_conf {
u32 cipher;
u8 icv_len;
u8 iv_len;
u8 hw_key_idx;
u8 flags;
s8 keyidx;
u8 keylen;
u8 key[0];
}; The key's cipher suite selector.
The ICV length for this key type
The IV length for this key type
To be set by the driver, this is the key index the driver wants to be given when a frame is transmitted and needs to be encrypted in hardware.
key flags, see enum ieee80211_key_flags.
the key index (0-3)
key material length
key material. For ALG_TKIP the key is encoded as a 256-bit (32 byte)
enum ieee80211_key_flags — key flags
enum ieee80211_key_flags {
IEEE80211_KEY_FLAG_WMM_STA,
IEEE80211_KEY_FLAG_GENERATE_IV,
IEEE80211_KEY_FLAG_GENERATE_MMIC,
IEEE80211_KEY_FLAG_PAIRWISE,
IEEE80211_KEY_FLAG_SW_MGMT
}; Set by mac80211, this flag indicates that the STA this key will be used with could be using QoS.
This flag should be set by the driver to indicate that it requires IV generation for this particular key.
This flag should be set by the driver for a TKIP key if it requires Michael MIC generation in software.
Set by mac80211, this flag indicates that the key is pairwise rather then a shared key.
This flag should be set by the driver for a CCMP key if it requires CCMP encryption of management frames (MFP) to be done in software.
enum ieee80211_tkip_key_type — get tkip key
enum ieee80211_tkip_key_type {
IEEE80211_TKIP_P1_KEY,
IEEE80211_TKIP_P2_KEY
}; ieee80211_get_tkip_key — get a TKIP rc4 for skb
void ieee80211_get_tkip_key ( | keyconf, | |
| skb, | ||
| type, | ||
key); |
struct ieee80211_key_conf * keyconf;struct sk_buff * skb;enum ieee80211_tkip_key_type type;u8 * key;ieee80211_key_removed — disable hw acceleration for key
void ieee80211_key_removed ( | key_conf); |
struct ieee80211_key_conf * key_conf;This allows drivers to indicate that the given key has been removed from hardware acceleration, due to a new key that was added. Don't use this if the key can continue to be used for TX, if the key restriction is on RX only it is permitted to keep the key for TX only and not call this function.
Due to locking constraints, it may only be called during
set_key. This function must be allowed to sleep, and the
key it tries to disable may still be used until it returns.
mac80211 has support for various powersave implementations.
First, it can support hardware that handles all powersaving by itself,
such hardware should simply set the IEEE80211_HW_SUPPORTS_PS hardware
flag. In that case, it will be told about the desired powersave mode
with the IEEE80211_CONF_PS flag depending on the association status.
The hardware must take care of sending nullfunc frames when necessary,
i.e. when entering and leaving powersave mode. The hardware is required
to look at the AID in beacons and signal to the AP that it woke up when
it finds traffic directed to it.
IEEE80211_CONF_PS flag enabled means that the powersave mode defined in
IEEE 802.11-2007 section 11.2 is enabled. This is not to be confused
with hardware wakeup and sleep states. Driver is responsible for waking
up the hardware before issuing commands to the hardware and putting it
back to sleep at appropriate times.
When PS is enabled, hardware needs to wakeup for beacons and receive the buffered multicast/broadcast frames after the beacon. Also it must be possible to send frames and receive the acknowledment frame.
Other hardware designs cannot send nullfunc frames by themselves and also
need software support for parsing the TIM bitmap. This is also supported
by mac80211 by combining the IEEE80211_HW_SUPPORTS_PS and
IEEE80211_HW_PS_NULLFUNC_STACK flags. The hardware is of course still
required to pass up beacons. The hardware is still required to handle
waking up for multicast traffic; if it cannot the driver must handle that
as best as it can, mac80211 is too slow to do that.
Dynamic powersave is an extension to normal powersave in which the hardware stays awake for a user-specified period of time after sending a frame so that reply frames need not be buffered and therefore delayed to the next wakeup. It's compromise of getting good enough latency when there's data traffic and still saving significantly power in idle periods.
Dynamic powersave is simply supported by mac80211 enabling and disabling
PS based on traffic. Driver needs to only set IEEE80211_HW_SUPPORTS_PS
flag and mac80211 will handle everything automatically. Additionally,
hardware having support for the dynamic PS feature may set the
IEEE80211_HW_SUPPORTS_DYNAMIC_PS flag to indicate that it can support
dynamic PS mode itself. The driver needs to look at the
dynamic_ps_timeout hardware configuration value and use it that value
whenever IEEE80211_CONF_PS is set. In this case mac80211 will disable
dynamic PS feature in stack and will just keep IEEE80211_CONF_PS
enabled whenever user has enabled powersave.
Some hardware need to toggle a single shared antenna between WLAN and
Bluetooth to facilitate co-existence. These types of hardware set
limitations on the use of host controlled dynamic powersave whenever there
is simultaneous WLAN and Bluetooth traffic. For these types of hardware, the
driver may request temporarily going into full power save, in order to
enable toggling the antenna between BT and WLAN. If the driver requests
disabling dynamic powersave, the dynamic_ps_timeout value will be
temporarily set to zero until the driver re-enables dynamic powersave.
Driver informs U-APSD client support by enabling
IEEE80211_HW_SUPPORTS_UAPSD flag. The mode is configured through the
uapsd paramater in conf_tx operation. Hardware needs to send the QoS
Nullfunc frames and stay awake until the service period has ended. To
utilize U-APSD, dynamic powersave is disabled for voip AC and all frames
from that AC are transmitted with powersave enabled.
Note: U-APSD client mode is not yet supported with
IEEE80211_HW_PS_NULLFUNC_STACK.
Table of Contents
Some hardware have beacon filter support to reduce host cpu wakeups which will reduce system power consumption. It usuallly works so that the firmware creates a checksum of the beacon but omits all constantly changing elements (TSF, TIM etc). Whenever the checksum changes the beacon is forwarded to the host, otherwise it will be just dropped. That way the host will only receive beacons where some relevant information (for example ERP protection or WMM settings) have changed.
Beacon filter support is advertised with the IEEE80211_HW_BEACON_FILTER
hardware capability. The driver needs to enable beacon filter support
whenever power save is enabled, that is IEEE80211_CONF_PS is set. When
power save is enabled, the stack will not check for beacon loss and the
driver needs to notify about loss of beacons with ieee80211_beacon_loss.
The time (or number of beacons missed) until the firmware notifies the
driver of a beacon loss event (which in turn causes the driver to call
ieee80211_beacon_loss) should be configurable and will be controlled
by mac80211 and the roaming algorithm in the future.
Since there may be constantly changing information elements that nothing in the software stack cares about, we will, in the future, have mac80211 tell the driver which information elements are interesting in the sense that we want to see changes in them. This will include - a list of information element IDs - a list of OUIs for the vendor information element
Ideally, the hardware would filter out any beacons without changes in the requested elements, but if it cannot support that it may, at the expense of some efficiency, filter out only a subset. For example, if the device doesn't support checking for OUIs it should pass up all changes in all vendor information elements.
Note that change, for the sake of simplification, also includes information elements appearing or disappearing from the beacon.
Some hardware supports an “ignore list” instead, just make sure nothing that was requested is on the ignore list, and include commonly changing information element IDs in the ignore list, for example 11 (BSS load) and the various vendor-assigned IEs with unknown contents (128, 129, 133-136, 149, 150, 155, 156, 173, 176, 178, 179, 219); for forward compatibility it could also include some currently unused IDs.
In addition to these capabilities, hardware should support notifying the host of changes in the beacon RSSI. This is relevant to implement roaming when no traffic is flowing (when traffic is flowing we see the RSSI of the received data packets). This can consist in notifying the host when the RSSI changes significantly or when it drops below or rises above configurable thresholds. In the future these thresholds will also be configured by mac80211 (which gets them from userspace) to implement them as the roaming algorithm requires.
If the hardware cannot implement this, the driver should ask it to periodically pass beacon frames to the host so that software can do the signal strength threshold checking.
Table of Contents
TBD
struct ieee80211_tx_queue_params — transmit queue configuration
struct ieee80211_tx_queue_params {
u16 txop;
u16 cw_min;
u16 cw_max;
u8 aifs;
bool uapsd;
}; Table of Contents
TBD
Some parts of the if_conf should be discussed here instead
Insert notes about VLAN interfaces with hw crypto here or in the hw crypto chapter.
ieee80211_get_buffered_bc — accessing buffered broadcast and multicast frames
struct sk_buff * ieee80211_get_buffered_bc ( | hw, | |
vif); |
struct ieee80211_hw * hw;struct ieee80211_vif * vif;hw
pointer as obtained from ieee80211_alloc_hw.
vifstruct ieee80211_vif pointer from the add_interface callback.
Function for accessing buffered broadcast and multicast frames. If hardware/firmware does not implement buffering of broadcast/multicast frames when power saving is used, 802.11 code buffers them in the host memory. The low-level driver uses this function to fetch next buffered frame. In most cases, this is used when generating beacon frame. This function returns a pointer to the next buffered skb or NULL if no more buffered frames are available.
buffered frames are returned only after DTIM beacon frame was
generated with ieee80211_beacon_get and the low-level driver must thus
call ieee80211_beacon_get first. ieee80211_get_buffered_bc returns
NULL if the previous generated beacon was not DTIM, so the low-level driver
does not need to check for DTIM beacons separately and should be able to
use common code for all beacons.
Table of Contents
TBD
Note: WDS with identical MAC address should almost always be OK
Insert notes about having multiple virtual interfaces with different MAC addresses here, note which configurations are supported by mac80211, add notes about supporting hw crypto with it.
ieee80211_iterate_active_interfaces — iterate active interfaces
void ieee80211_iterate_active_interfaces ( | hw, | |
| iterator, | ||
data); |
struct ieee80211_hw * hw;void (*iterator)
(void *data, u8 *mac, struct ieee80211_vif *vif);void * data;hwthe hardware struct of which the interfaces should be iterated over
iteratorthe iterator function to call
datafirst argument of the iterator function
This function iterates over the interfaces associated with a given
hardware that are currently active and calls the callback for them.
This function allows the iterator function to sleep, when the iterator
function is atomic ieee80211_iterate_active_interfaces_atomic can
be used.
Does not iterate over a new interface during add_interface
ieee80211_iterate_active_interfaces_atomic — iterate active interfaces
void ieee80211_iterate_active_interfaces_atomic ( | hw, | |
| iterator, | ||
data); |
struct ieee80211_hw * hw;void (*iterator)
(void *data, u8 *mac, struct ieee80211_vif *vif);void * data;hwthe hardware struct of which the interfaces should be iterated over
iteratorthe iterator function to call, cannot sleep
datafirst argument of the iterator function
This function iterates over the interfaces associated with a given
hardware that are currently active and calls the callback for them.
This function requires the iterator callback function to be atomic,
if that is not desired, use ieee80211_iterate_active_interfaces instead.
Does not iterate over a new interface during add_interface
Table of Contents
TODO
struct ieee80211_sta — station table entry
struct ieee80211_sta {
u32 supp_rates[IEEE80211_NUM_BANDS];
u8 addr[ETH_ALEN];
u16 aid;
struct ieee80211_sta_ht_cap ht_cap;
u8 drv_priv[0] __attribute__((__aligned__(sizeof(void *))));
}; Bitmap of supported rates (per band)
MAC address
AID we assigned to the station if we're an AP
HT capabilities of this STA; restricted to our own TX capabilities
data area for driver use, will always be aligned to sizeof(void *), size is determined in hw information.
A station table entry represents a station we are possibly
communicating with. Since stations are RCU-managed in
mac80211, any ieee80211_sta pointer you get access to must
either be protected by rcu_read_lock explicitly or implicitly,
or you must take good care to not use such a pointer after a
call to your sta_remove callback that removed it.
enum sta_notify_cmd — sta notify command
enum sta_notify_cmd {
STA_NOTIFY_SLEEP,
STA_NOTIFY_AWAKE
}; ieee80211_find_sta — find a station
struct ieee80211_sta * ieee80211_find_sta ( | vif, | |
addr); |
struct ieee80211_vif * vif;const u8 * addr;ieee80211_find_sta_by_ifaddr — find a station on hardware
struct ieee80211_sta * ieee80211_find_sta_by_ifaddr ( | hw, | |
| addr, | ||
localaddr); |
struct ieee80211_hw * hw;const u8 * addr;const u8 * localaddr;hw
pointer as obtained from ieee80211_alloc_hw
addrremote station's address
localaddrlocal address (vif->sdata->vif.addr). Use NULL for 'any'.
This function must be called under RCU lock and the resulting pointer is only valid under RCU lock as well.
You may pass NULL for localaddr, but then you will just get the first STA that matches the remote address 'addr'. We can have multiple STA associated with multiple logical stations (e.g. consider a station connecting to another BSSID on the same AP hardware without disconnecting first). In this case, the result of this method with localaddr NULL is not reliable.
DO NOT USE THIS FUNCTION with localaddr NULL if at all possible.
ieee80211_sta_block_awake — block station from waking up
void ieee80211_sta_block_awake ( | hw, | |
| pubsta, | ||
block); |
struct ieee80211_hw * hw;struct ieee80211_sta * pubsta;bool block;Some devices require that all frames that are on the queues for a specific station that went to sleep are flushed before a poll response or frames after the station woke up can be delivered to that it. Note that such frames must be rejected by the driver as filtered, with the appropriate status flag.
This function allows implementing this mode in a race-free manner.
To do this, a driver must keep track of the number of frames still enqueued for a specific station. If this number is not zero when the station goes to sleep, the driver must call this function to force mac80211 to consider the station to be asleep regardless of the station's actual state. Once the number of outstanding frames reaches zero, the driver must call this function again to unblock the station. That will cause mac80211 to be able to send ps-poll responses, and if the station queried in the meantime then frames will also be sent out as a result of this. Additionally, the driver will be notified that the station woke up some time after it is unblocked, regardless of whether the station actually woke up while blocked or not.
Table of Contents
TBD
Table of Contents
Aggregation on the TX side requires setting the hardware flag
IEEE80211_HW_AMPDU_AGGREGATION. The driver will then be handed
packets with a flag indicating A-MPDU aggregation. The driver
or device is responsible for actually aggregating the frames,
as well as deciding how many and which to aggregate.
When TX aggregation is started by some subsystem (usually the rate
control algorithm would be appropriate) by calling the
ieee80211_start_tx_ba_session function, the driver will be
notified via its ampdu_action function, with the
IEEE80211_AMPDU_TX_START action.
In response to that, the driver is later required to call the
ieee80211_start_tx_ba_cb_irqsafe function, which will really
start the aggregation session after the peer has also responded.
If the peer responds negatively, the session will be stopped
again right away. Note that it is possible for the aggregation
session to be stopped before the driver has indicated that it
is done setting it up, in which case it must not indicate the
setup completion.
Also note that, since we also need to wait for a response from
the peer, the driver is notified of the completion of the
handshake by the IEEE80211_AMPDU_TX_OPERATIONAL action to the
ampdu_action callback.
Similarly, when the aggregation session is stopped by the peer
or something calling ieee80211_stop_tx_ba_session, the driver's
ampdu_action function will be called with the action
IEEE80211_AMPDU_TX_STOP. In this case, the call must not fail,
and the driver must later call ieee80211_stop_tx_ba_cb_irqsafe.
Aggregation on the RX side requires only implementing the
ampdu_action callback that is invoked to start/stop any
block-ack sessions for RX aggregation.
When RX aggregation is started by the peer, the driver is
notified via ampdu_action function, with the
IEEE80211_AMPDU_RX_START action, and may reject the request
in which case a negative response is sent to the peer, if it
accepts it a positive response is sent.
While the session is active, the device/driver are required to de-aggregate frames and pass them up one by one to mac80211, which will handle the reorder buffer.
When the aggregation session is stopped again by the peer or
ourselves, the driver's ampdu_action function will be called
with the action IEEE80211_AMPDU_RX_STOP. In this case, the
call must not fail.
enum ieee80211_ampdu_mlme_action — A-MPDU actions
enum ieee80211_ampdu_mlme_action {
IEEE80211_AMPDU_RX_START,
IEEE80211_AMPDU_RX_STOP,
IEEE80211_AMPDU_TX_START,
IEEE80211_AMPDU_TX_STOP,
IEEE80211_AMPDU_TX_OPERATIONAL
}; start Rx aggregation
stop Rx aggregation
start Tx aggregation
stop Tx aggregation
TX aggregation has become operational
These flags are used with the ampdu_action callback in
struct ieee80211_ops to indicate which action is needed.
Note that drivers MUST be able to deal with a TX aggregation session being stopped even before they OK'ed starting it by calling ieee80211_start_tx_ba_cb_irqsafe, because the peer might receive the addBA frame and send a delBA right away!
Table of Contents
SMPS (Spatial multiplexing power save) is a mechanism to conserve power in an 802.11n implementation. For details on the mechanism and rationale, please refer to 802.11 (as amended by 802.11n-2009) “11.2.3 SM power save”.
The mac80211 implementation is capable of sending action frames to update the AP about the station's SMPS mode, and will instruct the driver to enter the specific mode. It will also announce the requested SMPS mode during the association handshake. Hardware support for this feature is required, and can be indicated by hardware flags.
The default mode will be “automatic”, which nl80211/cfg80211 defines to be dynamic SMPS in (regular) powersave, and SMPS turned off otherwise.
To support this feature, the driver must set the appropriate
hardware support flags, and handle the SMPS flag to the config
operation. It will then with this mechanism be instructed to
enter the requested SMPS mode while associated to an HT AP.
ieee80211_request_smps — request SM PS transition
void ieee80211_request_smps ( | vif, | |
smps_mode); |
struct ieee80211_vif * vif;enum ieee80211_smps_mode smps_mode;TBD
This part of the book describes the rate control algorithm interface and how it relates to mac80211 and drivers.
Table of Contents
Table of Contents
TBD
ieee80211_start_tx_ba_session — Start a tx Block Ack session.
int ieee80211_start_tx_ba_session ( | sta, | |
| tid, | ||
timeout); |
struct ieee80211_sta * sta;u16 tid;u16 timeout;ieee80211_start_tx_ba_cb_irqsafe — low level driver ready to aggregate.
void ieee80211_start_tx_ba_cb_irqsafe ( | vif, | |
| ra, | ||
tid); |
struct ieee80211_vif * vif;const u8 * ra;u16 tid;ieee80211_stop_tx_ba_session — Stop a Block Ack session.
int ieee80211_stop_tx_ba_session ( | sta, | |
tid); |
struct ieee80211_sta * sta;u16 tid;ieee80211_stop_tx_ba_cb_irqsafe — low level driver ready to stop aggregate.
void ieee80211_stop_tx_ba_cb_irqsafe ( | vif, | |
| ra, | ||
tid); |
struct ieee80211_vif * vif;const u8 * ra;u16 tid;enum rate_control_changed — flags to indicate which parameter changed
enum rate_control_changed {
IEEE80211_RC_HT_CHANGED
}; struct ieee80211_tx_rate_control — rate control information for/from RC algo
struct ieee80211_tx_rate_control {
struct ieee80211_hw * hw;
struct ieee80211_supported_band * sband;
struct ieee80211_bss_conf * bss_conf;
struct sk_buff * skb;
struct ieee80211_tx_rate reported_rate;
bool rts;
bool short_preamble;
u8 max_rate_idx;
u32 rate_idx_mask;
bool bss;
}; The hardware the algorithm is invoked for.
The band this frame is being transmitted on.
the current BSS configuration
the skb that will be transmitted, the control information in it needs to be filled in
The rate control algorithm can fill this in to indicate which rate should be reported to userspace as the current rate and used for rate calculations in the mesh network.
whether RTS will be used for this frame because it is longer than the RTS threshold
whether mac80211 will request short-preamble transmission if the selected rate supports it
user-requested maximum rate (not MCS for now) (deprecated; this will be removed once drivers get updated to use rate_idx_mask)
user-requested rate mask (not MCS for now)
whether this frame is sent out in AP or IBSS mode
rate_control_send_low — helper for drivers for management/no-ack frames
bool rate_control_send_low ( | sta, | |
| priv_sta, | ||
txrc); |
struct ieee80211_sta * sta;void * priv_sta;struct ieee80211_tx_rate_control * txrc;stastruct ieee80211_sta pointer to the target destination. Note that this may be null.
priv_staprivate rate control structure. This may be null.
txrcrate control information we sholud populate for mac80211.
Rate control algorithms that agree to use the lowest rate to send management frames and NO_ACK data with the respective hw retries should use this in the beginning of their mac80211 get_rate callback. If true is returned the rate control can simply return. If false is returned we guarantee that sta and sta and priv_sta is not null.
Rate control algorithms wishing to do more intelligent selection of rate for multicast/broadcast frames may choose to not use this.
TBD
This part of the book describes mac80211 internals.
Table of Contents
Table of Contents
Key handling in mac80211 is done based on per-interface (sub_if_data) keys and per-station keys. Since each station belongs to an interface, each station key also belongs to that interface.
Hardware acceleration is done on a best-effort basis for algorithms that are implemented in software, for each key the hardware is asked to enable that key for offloading but if it cannot do that the key is simply kept for software encryption (unless it is for an algorithm that isn't implemented in software). There is currently no way of knowing whether a key is handled in SW or HW except by looking into debugfs.
All key management is internally protected by a mutex. Within all
other parts of mac80211, key references are, just as STA structure
references, protected by RCU. Note, however, that some things are
unprotected, namely the key->sta dereferences within the hardware
acceleration functions. This means that sta_info_destroy must
remove the key which waits for an RCU grace period.
Table of Contents
struct sta_info — STA information
struct sta_info {
struct list_head list;
struct sta_info __rcu * hnext;
struct ieee80211_local * local;
struct ieee80211_sub_if_data * sdata;
struct ieee80211_key __rcu * gtk[NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS];
struct ieee80211_key __rcu * ptk;
struct rate_control_ref * rate_ctrl;
void * rate_ctrl_priv;
spinlock_t lock;
spinlock_t flaglock;
struct work_struct drv_unblock_wk;
u16 listen_interval;
bool dead;
bool uploaded;
u32 flags;
struct sk_buff_head ps_tx_buf;
struct sk_buff_head tx_filtered;
unsigned long rx_packets;
unsigned long rx_bytes;
unsigned long wep_weak_iv_count;
unsigned long last_rx;
long last_connected;
unsigned long num_duplicates;
unsigned long rx_fragments;
unsigned long rx_dropped;
int last_signal;
struct ewma avg_signal;
__le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
unsigned long tx_filtered_count;
unsigned long tx_retry_failed;
unsigned long tx_retry_count;
unsigned int fail_avg;
unsigned long tx_packets;
unsigned long tx_bytes;
unsigned long tx_fragments;
struct ieee80211_tx_rate last_tx_rate;
int last_rx_rate_idx;
int last_rx_rate_flag;
u16 tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1];
struct sta_ampdu_mlme ampdu_mlme;
u8 timer_to_tid[STA_TID_NUM];
#ifdef CONFIG_MAC80211_MESH
__le16 llid;
__le16 plid;
__le16 reason;
u8 plink_retries;
bool ignore_plink_timer;
bool plink_timer_was_running;
enum nl80211_plink_state plink_state;
u32 plink_timeout;
struct timer_list plink_timer;
#endif
#ifdef CONFIG_MAC80211_DEBUGFS
struct sta_info_debugfsdentries debugfs;
#endif
unsigned int lost_packets;
struct ieee80211_sta sta;
}; global linked list entry
hash table linked list pointer
pointer to the global information
virtual interface this station belongs to
group keys negotiated with this station, if any
peer key negotiated with this station, if any
rate control algorithm reference
rate control private per-STA pointer
used for locking all fields that require locking, see comments in the header file.
spinlock for flags accesses
used for driver PS unblocking
listen interval of this station, when we're acting as AP
set to true when sta is unlinked
set to true when sta is uploaded to the driver
STA flags, see enum ieee80211_sta_info_flags
buffer of frames to transmit to this station when it leaves power saving state
buffer of frames we already tried to transmit but were filtered by hardware due to STA having entered power saving state
Number of MSDUs received from this STA
Number of bytes received from this STA
number of weak WEP IVs received from this station
time (in jiffies) when last frame was received from this STA
time (in seconds) when a station got connected
number of duplicate frames received from this STA
number of received MPDUs
number of dropped MPDUs from this STA
signal of last received frame from this STA
moving average of signal of received frames from this STA
last received seq/frag number from this STA (per RX queue)
number of frames the hardware filtered for this STA
number of frames that failed retry
total number of retries for frames to this STA
moving percentage of failed MSDUs
number of RX/TX MSDUs
number of bytes transmitted to this STA
number of transmitted MPDUs
rate used for last transmit, to report to userspace as “the” transmit rate
rx status rate index of the last data packet
rx status flag of the last data packet
per-TID sequence numbers for sending to this STA
A-MPDU state machine state
identity mapping to ID timers
Local link ID
Peer link ID
Cancel reason on PLINK_HOLDING state
Retries in establishment
ignore the peer-link timer (used internally)
used by suspend/resume to restore timers
peer link state
timeout of peer link
peer link watch timer
debug filesystem info
number of consecutive lost packets
station information we share with the driver
enum ieee80211_sta_info_flags — Stations flags
enum ieee80211_sta_info_flags {
WLAN_STA_AUTH,
WLAN_STA_ASSOC,
WLAN_STA_PS_STA,
WLAN_STA_AUTHORIZED,
WLAN_STA_SHORT_PREAMBLE,
WLAN_STA_ASSOC_AP,
WLAN_STA_WME,
WLAN_STA_WDS,
WLAN_STA_CLEAR_PS_FILT,
WLAN_STA_MFP,
WLAN_STA_BLOCK_BA,
WLAN_STA_PS_DRIVER,
WLAN_STA_PSPOLL,
WLAN_STA_PS_DRIVER_BUF
}; Station is authenticated.
Station is associated.
Station is in power-save mode
Station is authorized to send/receive traffic. This bit is always checked so needs to be enabled for all stations when virtual port control is not in use.
Station is capable of receiving short-preamble frames.
We're associated to that station, it is an AP.
Station is a QoS-STA.
Station is one of our WDS peers.
Clear PS filter in hardware (using the IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next frame to this station is transmitted.
Management frame protection is used with this STA.
Used to deny ADDBA requests (both TX and RX) during suspend/resume and station removal.
driver requires keeping this station in power-save mode logically to flush frames that might still be in the queues
Station sent PS-poll while driver was keeping station in power-save mode, reply when the driver unblocks.
Station has frames pending in driver internal buffers. Automatically cleared on station wake-up.
STA info structures (struct sta_info) are managed in a hash table for faster lookup and a list for iteration. They are managed using RCU, i.e. access to the list and hash table is protected by RCU.
Upon allocating a STA info structure with sta_info_alloc, the caller
owns that structure. It must then insert it into the hash table using
either sta_info_insert or sta_info_insert_rcu; only in the latter
case (which acquires an rcu read section but must not be called from
within one) will the pointer still be valid after the call. Note that
the caller may not do much with the STA info before inserting it, in
particular, it may not start any mesh peer link management or add
encryption keys.
When the insertion fails (sta_info_insert) returns non-zero), the
structure will have been freed by sta_info_insert!
Station entries are added by mac80211 when you establish a link with a peer. This means different things for the different type of interfaces we support. For a regular station this mean we add the AP sta when we receive an association response from the AP. For IBSS this occurs when get to know about a peer on the same IBSS. For WDS we add the sta for the peer immediately upon device open. When using AP mode we add stations for each respective station upon request from userspace through nl80211.
In order to remove a STA info structure, various sta_info_destroy_*() calls are available.
There is no concept of ownership on a STA entry, each structure is owned by the global hash table/list until it is removed. All users of the structure need to be RCU protected so that the structure won't be freed before they are done using it.
Table of Contents
struct sta_ampdu_mlme — STA aggregation information.
struct sta_ampdu_mlme {
struct mutex mtx;
struct tid_ampdu_rx __rcu * tid_rx[STA_TID_NUM];
unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)];
struct work_struct work;
struct tid_ampdu_tx __rcu * tid_tx[STA_TID_NUM];
struct tid_ampdu_tx * tid_start_tx[STA_TID_NUM];
u8 addba_req_num[STA_TID_NUM];
u8 dialog_token_allocator;
}; mutex to protect all TX data (except non-NULL assignments to tid_tx[idx], which are protected by the sta spinlock)
aggregation info for Rx per TID -- RCU protected
bitmap indicating on which TIDs the RX timer expired until the work for it runs
work struct for starting/stopping aggregation
aggregation info for Tx per TID
sessions where start was requested
number of times addBA request has been sent.
dialog token enumerator for each new session;
struct tid_ampdu_tx — TID aggregation information (Tx).
struct tid_ampdu_tx {
struct rcu_head rcu_head;
struct timer_list addba_resp_timer;
struct sk_buff_head pending;
unsigned long state;
u16 timeout;
u8 dialog_token;
u8 stop_initiator;
bool tx_stop;
u8 buf_size;
}; rcu head for freeing structure
timer for peer's response to addba request
pending frames queue -- use sta's spinlock to protect
session state (see above)
session timeout value to be filled in ADDBA requests
dialog token for aggregation session
initiator of a session stop
TX DelBA frame when stopping
reorder buffer size at receiver
This structure's lifetime is managed by RCU, assignments to the array holding it must hold the aggregation mutex.
The TX path can access it under RCU lock-free if, and
only if, the state has the flag HT_AGG_STATE_OPERATIONAL
set. Otherwise, the TX path must also acquire the spinlock
and re-check the state, see comments in the tx code
touching it.
struct tid_ampdu_rx — TID aggregation information (Rx).
struct tid_ampdu_rx {
struct rcu_head rcu_head;
spinlock_t reorder_lock;
struct sk_buff ** reorder_buf;
unsigned long * reorder_time;
struct timer_list session_timer;
struct timer_list reorder_timer;
u16 head_seq_num;
u16 stored_mpdu_num;
u16 ssn;
u16 buf_size;
u16 timeout;
u8 dialog_token;
}; RCU head used for freeing this struct
serializes access to reorder buffer, see below.
buffer to reorder incoming aggregated MPDUs
jiffies when skb was added
check if peer keeps Tx-ing on the TID (by timeout value)
releases expired frames from the reorder buffer.
head sequence number in reordering buffer.
number of MPDUs in reordering buffer
Starting Sequence Number expected to be aggregated.
buffer size for incoming A-MPDUs
reset timer value (in TUs).
dialog token for aggregation session
This structure's lifetime is managed by RCU, assignments to the array holding it must hold the aggregation mutex.
The reorder_lock is used to protect the members of this
struct, except for timeout, buf_size and dialog_token,
which are constant across the lifetime of the struct (the
dialog token being used only for debugging).