Please note as of Wednesday, August 15th, 2018 this wiki has been set to read only. If you are a TI Employee and require Edit ability please contact x0211426 from the company directory.

WL18xx Linux Wireless Architecture

From Texas Instruments Wiki
Jump to: navigation, search

wlcore Linux Wireless basic Architecture



  • nl80211 is the new 802.11 netlinkinterface public header.
  • Together withcfg80211it is intended to replace Wireless-Extensions and serve as the main mechanism to pass wireless commands/events from user space to the kernel.
  • nl80211 andcfg80211are underconsistent development.
  • The nl80211 interface can be found in include/linux/nl80211.h, This file consists of two principal enums:
  • enumnl80211_commands –holds all the nl80211 command
  • enumnl80211_attrs –holds all the nl80211 attributes.
  • The nl80211 implementation can be found in net/wireless/nl80211.c, This file consists of :
  • Static structgenl_opsnl80211_ops[]–an array which holds the callback for each command.
  • static const structnla_policynl80211_policy[] –an array which hold the size/type of each attribute (needed to verify parse the commands)

Commands enum: (linux/include/linux/nl80211.h)

enumnl80211_commands {
/* don't change the order or add anything between, this is ABI! */
/* add new commands above here */
/* used to define NL80211_CMD_MAX below */
NL80211_CMD_MAX = __NL80211_CMD_AFTER_LAST -1

Attributes enum (linux/include/linux/nl80211.h)

enumnl80211_attrs {
/* don't change the order or add anything between, this is ABI! */
/* add attributes here, update the policy in nl80211.c */

nl80211 – How to add command

  • Add a new command to enumnl80211_commands
  • Add the attributes needed as parameters for the command to enumnl80211_attrs
  • Add a handler to nl80211_opswith your new command.
  • In the handler:
  • parse the command
  • read all the needed attributes (there are some macros such as nla_get_u32, nla_data, etc.)
  • perform the needed action.

nl80211 – How to send Command

  • Allocate a new command using nlmsg_alloc
  • Create a new command using genlmsg_put
  • Add the device index using NLA_PUT_U32
  • Add all the attribureusing nla_put, you should use the given macros (i.e. NLA_PUT_U32, NLA_PUT_U16,…)
  • Send the command to the kernel using nl_send_auto_complete

nl80211 -kernel handlers (net/wireless/nl80211.c)

  • nl80211 commands are handles in the kernel in net/wireless/nl80211.c
  • The array nl80211_ops hold the handlers for each command.

For example:

.doit= nl80211_trigger_scan,
.policy = nl80211_policy,
.internal_flags= NL80211_FLAG_NEED_NETDEV_UP | NL80211_FLAG_NEED_RTNL,


  • IW is a new nl80211 based CLI configuration utility for wireless devices.
  • IW is used for the configuration of the wlan interface
  • IW sources can be downloaded from the following git: git://
  • IW commands allows you to modify the station configuration on the fly, using IW commands. This option supports only non-secured networks and WEP secured networks, without involving the WPA supplicant. for more information (refer to: <IW commands description>)
  • IW home page (refe to <IW home page>)


  • wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux.
  • wpa_supplicant is a full-featured WPA2 supplicant, and also has support for WPA and older wireless LAN security protocols.
  • wpa_supplicant is a userspace application which acts like WPA supplicant and SME (to handle initiating MLME commands).

Supported features include:

  • WPA and full IEEE 802.11i/RSN/WPA2
  • WPA-PSK and WPA2-PSK (pre-shared key) ("WPA-Personal")
  • WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
  • key management for CCMP, TKIP, WEP (both 104/128 and 40/64 bit)
  • RSN: PMKSA caching, pre-authentication

User Interface:
Included with the supplicant are a graphical user interface and a command line interface utility (wpa_cli) for interacting with the running supplicant. From either of these interfaces it is possible to review a list of currently visible networks, select one of them, provide any additional security information needed to authenticate with the network (e.g. a passphrase or username and password) and add it to the preference list to enable automatic reconnection in the future.
The graphical user interface is built on top of the Qt library from Qt Software, which is used in the SDK as is.
In addition an Initial setting when running the wpa_supplicantare set in a .conf text file (/etc/wpa_supplicant.conf), given as an init param.
Therfore in order to configure the WA supplicant, one can use the wpa_cli to configure a new wireless network to connect to, or Wireless networks can also be configured statically in the .conf file.

The following steps are used when associating with an AP using WPA:

  • Before wpa_supplicant can do its work, the network interface must be available. That means that the physical device must be present and enabled, and the driver for the device must have be loaded.
  • wpa_supplicant requests the kernel driver to scan neighboring BSSes
  • wpa_supplicant selects a BSS based on its configuration
  • wpa_supplicant requests the kernel driver to associate with the chosen BSS
  • If WPA-EAP: integrated IEEE 802.1X Supplicant or external Xsupplicant completes EAP authentication with the authentication server (proxied by the Authenticator in the AP)
  • If WPA-EAP: master key is received from the IEEE 802.1X Supplicant
  • If WPA-PSK: wpa_supplicant uses PSK as the master session key
  • wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake with the Authenticator (AP)
  • wpa_supplicant configures encryption keys for unicast and broadcast
  • normal data packets can be transmitted and received

How to run the WPA_Supplicant: In most common cases, wpa_supplicant is started with:

wpa_supplicant–D nl80211 –iwlan0 –c /etc/wpa_supplicant.conf

Where the parameters mean:
–D: Driver to use
–i: Interface to listen on
–c: Path to configuration file

This makes the process fork into background and wait for the wlan0 interface if it is not available at startup time.
The easiest way to debug problems, and to get debug log for bug reports, is to start wpa_supplicant on foreground with debugging enabled:

wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d


  • OpenSSL is an open source implementation of the SSL (Secure Sockets Layer)and TLS (Transport Layer Security) protocols.
  • The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions.
  • Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.


  • hostapd is a user space daemon for access point and authentication servers.
  • It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server.
  • hostapd uses a network interfaces on startup specified in the configuration file hostapd.conf. The interface is used to access the Host AP, which is a wireless interface running in Host AP mode.
  • Host AP mode can be enabled using ifconfig.

Examples of Supported WPA/IEEE 802.11i/EAP/IEEE 802.1X features

  • WPA-PSK ("WPA-Personal")
  • WPA with EAP (with integrated EAP server or an external RADIUS backend authentication server) ("WPA-Enterprise")
  • key management for CCMP, TKIP, WEP104, WEP40
  • WPA and full IEEE 802.11i/RSN/WPA2
  • RSN: PMKSA caching, pre-authentication
  • Wi-Fi Protected Setup (WPS)

Examples of Supported EAP methods(integrated EAP server and RADIUS authentication server)

  • EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
  • EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
  • EAP-PEAP/GTC (both PEAPv0 and PEAPv1)


  • mac80211 is a framework which driver developers can use to write drivers for SoftMAC (where the MLME is expected to be managed in software) wireless devices
  • SoftMAC devices allow for a finer control of the hardware, allowing for 802.11 frame management to be done in software for them, for both parsing and generation of 802.11 wireless frames. Most 802.11 devices today tend to be of this type, FullMAC devices have become scarce.
  • mac80211 implements the cfg80211 callbacks for SoftMAC devices, mac80211 then depends on cfg80211 for both registration to the networking subsystem and for configuration. Configuration is handled by cfg80211 both through nl80211 and wireless extensions.
  • In mac80211 the MLME is done in the kernel for station mode (STA) and in userspace for AP mode (hostapd).

mac80211 supports the MAC layer as defined by IEEE 802.11abgn, IEEE 802.11d, QoS standards, also supports BSS and IBSS mode.


This module contains the main code for TI WLAN chips

wlcore SDIO

TI wlcore SDIO support, This module adds support for the SDIO interface of adapters using TI WLAN chipsets.

Basic HW Allocation

Following diagram describes the HW allocation (memory allocation and data structures setting)upon linking the WLAN module into the running kernel.
HW Allocation.PNG

Layers Interface Scheme

The following are the 4 Layers Interface:

  • Upper layer defines a structof operations.
  • Lower layer holds an object with the handlers of the ops.
  • During the init phase the lower layer registers to the upper layer and supplies it with the ops object.
  • When the upper layer needs to invoke a function from the lower layer it checks if the operation is implemented and calls it.

More details on the Layers:

  • Upper layer defines a structof operations.


struct ieee80211_ops {
 void(*tx)(struct ieee80211_hw *hw, struct sk_buff *skb);
 void(*tx_frags)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct ieee80211_sta *sta, struct sk_buff_head*skbs);
 int(*start)(struct ieee80211_hw *hw);
 void(*stop)(struct ieee80211_hw *hw);
  • Lower layer holds an object with the handlers of the ops.


static const struct ieee80211_ops wl1271_ops {
 .start = wl1271_op_start,
 .stop = wl1271_op_stop,
 .add_interface= wl1271_add_interface,
 .tx= wl1271_op_tx,
  • During the init phase the lower layer registers to the upper layer and supplies it with the ops object.

Following is an example of Allocation.
function wlcore_alloc_hw() in drivers/net/wireless/wl12xx/main.c, allocate the hw structure based on "wl1271_ops"

static struct ieee80211_hw *wlcore_alloc_hw(void)
 struct ieee80211_hw *hw;
 struct wl1271 *wl;
 hw = ieee80211_alloc_hw(sizeof(*wl), &wl1271_ops);

function ieee80211_alloc_hw() in net/mac80211/main.c, supplies it with the ops object (local->ops = ops)

struct ieee80211_hw *ieee80211_alloc_hw(size_tpriv_data_len, const struct ieee80211_ops *ops)
 struct ieee80211_local *local;
 wiphy= wiphy_new(&mac80211_config_ops, priv_size);
 local->ops = ops;

Connection Process

  • Connection are always initiated by user space applications such as wpa_supplicant.
  • The trigger to start a new connection in wpa_supplicantis when new scan results are received.
  • Once the wpa_supplicantfinds a suitable bssin the scan results it will initiate a connection process.

connection flow

The following steps are used when associating with an AP using WPA:

  1. wpa_supplicant requests the kernel driver to scan neighboring BSSes
  2. wpa_supplicant selects a BSS based on its configuration
  3. wpa_supplicant requests the kernel driver to authenticate with the chosen BSS
  4. wpa_supplicant requests the kernel driver to associate with the chosen BSS
  5. if Security is configured the wpa_supplicantcompletes security protocol
  6. Connection is complete and STATE AUTHORIZED is set to the driver.

Connect 1.PNG

Connect 2.PNG

Connect 3.PNG