mac80211 subsystem (basics)

You should read and understand the information contained within this part of the book while implementing a mac80211 driver. In some chapters, advanced usage is noted, those may be skipped if this isn’t needed.

This part of the book only covers station and monitor mode functionality, additional information required to implement the other modes is covered in the second part of the book.

Basic hardware handling

TBD

This chapter shall contain information on getting a hw struct allocated and registered with mac80211.

Since it is required to allocate rates/modes before registering a hw struct, this chapter shall also contain information on setting up the rate/mode structs.

Additionally, some discussion about the callbacks and the general programming model should be in here, including the definition of ieee80211_ops which will be referred to a lot.

Finally, a discussion of hardware capabilities should be done with references to other parts of the book.

struct ieee80211_hw

hardware information and state

Definition

struct ieee80211_hw {
  struct ieee80211_conf conf;
  struct wiphy *wiphy;
  const char *rate_control_algorithm;
  void *priv;
  unsigned long flags[BITS_TO_LONGS(NUM_IEEE80211_HW_FLAGS)];
  unsigned int extra_tx_headroom;
  unsigned int extra_beacon_tailroom;
  int vif_data_size;
  int sta_data_size;
  int chanctx_data_size;
  int txq_data_size;
  u16 queues;
  u16 max_listen_interval;
  s8 max_signal;
  u8 max_rates;
  u8 max_report_rates;
  u8 max_rate_tries;
  u16 max_rx_aggregation_subframes;
  u16 max_tx_aggregation_subframes;
  u8 max_tx_fragments;
  u8 offchannel_tx_hw_queue;
  u8 radiotap_mcs_details;
  u16 radiotap_vht_details;
  struct {
    int units_pos;
    s16 accuracy;
  } radiotap_timestamp;
  netdev_features_t netdev_features;
  u8 uapsd_queues;
  u8 uapsd_max_sp_len;
  u8 n_cipher_schemes;
  const struct ieee80211_cipher_scheme *cipher_schemes;
  u8 max_nan_de_entries;
  u8 tx_sk_pacing_shift;
  u8 weight_multiplier;
};

Members

conf

struct ieee80211_conf, device configuration, don’t use.

wiphy

This points to the struct wiphy allocated for this 802.11 PHY. You must fill in the perm_addr and dev members of this structure using SET_IEEE80211_DEV() and SET_IEEE80211_PERM_ADDR(). Additionally, all supported bands (with channels, bitrates) are registered here.

rate_control_algorithm

rate control algorithm for this hardware. If unset (NULL), the default algorithm will be used. Must be set before calling ieee80211_register_hw().

priv

pointer to private area that was allocated for driver use along with this structure.

flags

hardware flags, see enum ieee80211_hw_flags.

extra_tx_headroom

headroom to reserve in each transmit skb for use by the driver (e.g. for transmit headers.)

extra_beacon_tailroom

tailroom to reserve in each beacon tx skb. Can be used by drivers to add extra IEs.

vif_data_size

size (in bytes) of the drv_priv data area within struct ieee80211_vif.

sta_data_size

size (in bytes) of the drv_priv data area within struct ieee80211_sta.

chanctx_data_size

size (in bytes) of the drv_priv data area within struct ieee80211_chanctx_conf.

txq_data_size

size (in bytes) of the drv_priv data area within struct ieee80211_txq.

queues

number of available hardware transmit queues for data packets. WMM/QoS requires at least four, these queues need to have configurable access parameters.

max_listen_interval

max listen interval in units of beacon interval that HW supports

max_signal

Maximum value for signal (rssi) in RX information, used only when IEEE80211_HW_SIGNAL_UNSPEC or IEEE80211_HW_SIGNAL_DB

max_rates

maximum number of alternate rate retry stages the hw can handle.

max_report_rates

maximum number of alternate rate retry stages the hw can report back.

max_rate_tries

maximum number of tries for each stage

max_rx_aggregation_subframes

maximum buffer size (number of sub-frames) to be used for A-MPDU block ack receiver aggregation. This is only relevant if the device has restrictions on the number of subframes, if it relies on mac80211 to do reordering it shouldn’t be set.

max_tx_aggregation_subframes

maximum number of subframes in an aggregate an HT/HE device will transmit. In HT AddBA we’ll advertise a constant value of 64 as some older APs crash if the window size is smaller (an example is LinkSys WRT120N with FW v1.0.07 build 002 Jun 18 2012). For AddBA to HE capable peers this value will be used.

max_tx_fragments

maximum number of tx buffers per (A)-MSDU, sum of 1 + skb_shinfo(skb)->nr_frags for each skb in the frag_list.

offchannel_tx_hw_queue

HW queue ID to use for offchannel TX (if IEEE80211_HW_QUEUE_CONTROL is set)

radiotap_mcs_details

lists which MCS information can the HW reports, by default it is set to _MCS, _GI and _BW but doesn’t include _FMT. Use IEEE80211_RADIOTAP_MCS_HAVE_* values, only adding _BW is supported today.

radiotap_vht_details

lists which VHT MCS information the HW reports, the default is _GI | _BANDWIDTH. Use the IEEE80211_RADIOTAP_VHT_KNOWN_* values.

radiotap_timestamp

Information for the radiotap timestamp field; if the units_pos member is set to a non-negative value then the timestamp field will be added and populated from the struct ieee80211_rx_status device_timestamp.

radiotap_timestamp.units_pos

Must be set to a combination of a IEEE80211_RADIOTAP_TIMESTAMP_UNIT_* and a IEEE80211_RADIOTAP_TIMESTAMP_SPOS_* value.

radiotap_timestamp.accuracy

If non-negative, fills the accuracy in the radiotap field and the accuracy known flag will be set.

netdev_features

netdev features to be set in each netdev created from this HW. Note that not all features are usable with mac80211, other features will be rejected during HW registration.

uapsd_queues

This bitmap is included in (re)association frame to indicate for each access category if it is uAPSD trigger-enabled and delivery- enabled. Use IEEE80211_WMM_IE_STA_QOSINFO_AC_* to set this bitmap. Each bit corresponds to different AC. Value ‘1’ in specific bit means that corresponding AC is both trigger- and delivery-enabled. ‘0’ means neither enabled.

uapsd_max_sp_len

maximum number of total buffered frames the WMM AP may deliver to a WMM STA during any Service Period triggered by the WMM STA. Use IEEE80211_WMM_IE_STA_QOSINFO_SP_* for correct values.

n_cipher_schemes

a size of an array of cipher schemes definitions.

cipher_schemes

a pointer to an array of cipher scheme definitions supported by HW.

max_nan_de_entries

maximum number of NAN DE functions supported by the device.

tx_sk_pacing_shift

Pacing shift to set on TCP sockets when frames from them are encountered. The default should typically not be changed, unless the driver has good reasons for needing more buffers.

weight_multiplier

Driver specific airtime weight multiplier used while refilling deficit of each TXQ.

Description

This structure contains the configuration and hardware information for an 802.11 PHY.

enum ieee80211_hw_flags

hardware flags

Constants

IEEE80211_HW_HAS_RATE_CONTROL

The hardware or firmware includes rate control, and cannot be controlled by the stack. As such, no rate control algorithm should be instantiated, and the TX rate reported to userspace will be taken from the TX status instead of the rate control algorithm. Note that this requires that the driver implement a number of callbacks so it has the correct information, it needs to have the set_rts_threshold callback and must look at the BSS config use_cts_prot for G/N protection, use_short_slot for slot timing in 2.4 GHz and use_short_preamble for preambles for CCK frames.

IEEE80211_HW_RX_INCLUDES_FCS

Indicates that received frames passed to the stack include the FCS at the end.

IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING

Some wireless LAN chipsets buffer broadcast/multicast frames for power saving stations in the hardware/firmware and others rely on the host system for such buffering. This option is used to configure the IEEE 802.11 upper layer to buffer broadcast and multicast frames when there are power saving stations so that the driver can fetch them with ieee80211_get_buffered_bc().

IEEE80211_HW_SIGNAL_UNSPEC

Hardware can provide signal values but we don’t know its units. We expect values between 0 and max_signal. If possible please provide dB or dBm instead.

IEEE80211_HW_SIGNAL_DBM

Hardware gives signal values in dBm, decibel difference from one milliwatt. This is the preferred method since it is standardized between different devices. max_signal does not need to be set.

IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC

This device needs to get data from beacon before association (i.e. dtim_period).

IEEE80211_HW_SPECTRUM_MGMT

Hardware supports spectrum management defined in 802.11h Measurement, Channel Switch, Quieting, TPC

IEEE80211_HW_AMPDU_AGGREGATION

Hardware supports 11n A-MPDU aggregation.

IEEE80211_HW_SUPPORTS_PS

Hardware has power save support (i.e. can go to sleep).

IEEE80211_HW_PS_NULLFUNC_STACK

Hardware requires nullfunc frame handling in stack, implies stack support for dynamic PS.

IEEE80211_HW_SUPPORTS_DYNAMIC_PS

Hardware has support for dynamic PS.

IEEE80211_HW_MFP_CAPABLE

Hardware supports management frame protection (MFP, IEEE 802.11w).

IEEE80211_HW_WANT_MONITOR_VIF

The driver would like to be informed of a virtual monitor interface when monitor interfaces are the only active interfaces.

IEEE80211_HW_NO_AUTO_VIF

The driver would like for no wlanX to be created. It is expected user-space will create vifs as desired (and thus have them named as desired).

IEEE80211_HW_SW_CRYPTO_CONTROL

The driver wants to control which of the crypto algorithms can be done in software - so don’t automatically try to fall back to it if hardware crypto fails, but do so only if the driver returns 1. This also forces the driver to advertise its supported cipher suites.

IEEE80211_HW_SUPPORT_FAST_XMIT

The driver/hardware supports fast-xmit, this currently requires only the ability to calculate the duration for frames.

IEEE80211_HW_REPORTS_TX_ACK_STATUS

Hardware can provide ack status reports of Tx frames to the stack.

IEEE80211_HW_CONNECTION_MONITOR

The hardware performs its own connection monitoring, including periodic keep-alives to the AP and probing the AP on beacon loss.

IEEE80211_HW_QUEUE_CONTROL

The driver wants to control per-interface queue mapping in order to use different queues (not just one per AC) for different virtual interfaces. See the doc section on HW queue control for more details.

IEEE80211_HW_SUPPORTS_PER_STA_GTK

The device’s crypto engine supports per-station GTKs as used by IBSS RSN or during fast transition. If the device doesn’t support per-station GTKs, but can be asked not to decrypt group addressed frames, then IBSS RSN support is still possible but software crypto will be used. Advertise the wiphy flag only in that case.

IEEE80211_HW_AP_LINK_PS

When operating in AP mode the device autonomously manages the PS status of connected stations. When this flag is set mac80211 will not trigger PS mode for connected stations based on the PM bit of incoming frames. Use ieee80211_start_ps()/ieee8021_end_ps() to manually configure the PS mode of connected stations.

IEEE80211_HW_TX_AMPDU_SETUP_IN_HW

The device handles TX A-MPDU session setup strictly in HW. mac80211 should not attempt to do this in software.

IEEE80211_HW_SUPPORTS_RC_TABLE

The driver supports using a rate selection table provided by the rate control algorithm.

IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF

Use the P2P Device address for any P2P Interface. This will be honoured even if more than one interface is supported.

IEEE80211_HW_TIMING_BEACON_ONLY

Use sync timing from beacon frames only, to allow getting TBTT of a DTIM beacon.

IEEE80211_HW_SUPPORTS_HT_CCK_RATES

Hardware supports mixing HT/CCK rates and can cope with CCK rates in an aggregation session (e.g. by not using aggregation for such frames.)

IEEE80211_HW_CHANCTX_STA_CSA

Support 802.11h based channel-switch (CSA) for a single active channel while using channel contexts. When support is not enabled the default action is to disconnect when getting the CSA frame.

IEEE80211_HW_SUPPORTS_CLONED_SKBS

The driver will never modify the payload or tailroom of TX skbs without copying them first.

IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS

The HW supports scanning on all bands in one command, mac80211 doesn’t have to run separate scans per band.

IEEE80211_HW_TDLS_WIDER_BW

The device/driver supports wider bandwidth than then BSS bandwidth for a TDLS link on the base channel.

IEEE80211_HW_SUPPORTS_AMSDU_IN_AMPDU

The driver supports receiving A-MSDUs within A-MPDU.

IEEE80211_HW_BEACON_TX_STATUS

The device/driver provides TX status for sent beacons.

IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR

Hardware (or driver) requires that each station has a unique address, i.e. each station entry can be identified by just its MAC address; this prevents, for example, the same station from connecting to two virtual AP interfaces at the same time.

IEEE80211_HW_SUPPORTS_REORDERING_BUFFER

Hardware (or driver) manages the reordering buffer internally, guaranteeing mac80211 receives frames in order and does not need to manage its own reorder buffer or BA session timeout.

IEEE80211_HW_USES_RSS

The device uses RSS and thus requires parallel RX, which implies using per-CPU station statistics.

IEEE80211_HW_TX_AMSDU

Hardware (or driver) supports software aggregated A-MSDU frames. Requires software tx queueing and fast-xmit support. When not using minstrel/minstrel_ht rate control, the driver must limit the maximum A-MSDU size based on the current tx rate by setting max_rc_amsdu_len in struct ieee80211_sta.

IEEE80211_HW_TX_FRAG_LIST

Hardware (or driver) supports sending frag_list skbs, needed for zero-copy software A-MSDU.

IEEE80211_HW_REPORTS_LOW_ACK

The driver (or firmware) reports low ack event by ieee80211_report_low_ack() based on its own algorithm. For such drivers, mac80211 packet loss mechanism will not be triggered and driver is completely depending on firmware event for station kickout.

IEEE80211_HW_SUPPORTS_TX_FRAG

Hardware does fragmentation by itself. The stack will not do fragmentation. The callback for set_frag_threshold should be set as well.

IEEE80211_HW_SUPPORTS_TDLS_BUFFER_STA

Hardware supports buffer STA on TDLS links.

IEEE80211_HW_DEAUTH_NEED_MGD_TX_PREP

The driver requires the mgd_prepare_tx() callback to be called before transmission of a deauthentication frame in case the association was completed but no beacon was heard. This is required in multi-channel scenarios, where the virtual interface might not be given air time for the transmission of the frame, as it is not synced with the AP/P2P GO yet, and thus the deauthentication frame might not be transmitted.

IEEE80211_HW_DOESNT_SUPPORT_QOS_NDP

The driver (or firmware) doesn’t support QoS NDP for AP probing - that’s most likely a driver bug.

IEEE80211_HW_BUFF_MMPDU_TXQ

use the TXQ for bufferable MMPDUs, this of course requires the driver to use TXQs to start with.

IEEE80211_HW_SUPPORTS_VHT_EXT_NSS_BW

(Hardware) rate control supports VHT extended NSS BW (dot11VHTExtendedNSSBWCapable). This flag will be set if the selected rate control algorithm sets RATE_CTRL_CAPA_VHT_EXT_NSS_BW but if the rate control is built-in then it must be set by the driver. See also the documentation for that flag.

IEEE80211_HW_STA_MMPDU_TXQ

use the extra non-TID per-station TXQ for all MMPDUs on station interfaces. This of course requires the driver to use TXQs to start with.

IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN

Driver does not report accurate A-MPDU length in tx status information

IEEE80211_HW_SUPPORTS_MULTI_BSSID

Hardware supports multi BSSID

IEEE80211_HW_SUPPORTS_ONLY_HE_MULTI_BSSID

Hardware supports multi BSSID only for HE APs. Applies if IEEE80211_HW_SUPPORTS_MULTI_BSSID is set.

IEEE80211_HW_EXT_KEY_ID_NATIVE

Driver and hardware are supporting Extended Key ID and can handle two unicast keys per station for Rx and Tx.

IEEE80211_HW_NO_AMPDU_KEYBORDER_SUPPORT

The card/driver can’t handle active Tx A-MPDU sessions with Extended Key IDs during rekey.

NUM_IEEE80211_HW_FLAGS

number of hardware flags, used for sizing arrays

Description

These flags are used to indicate hardware capabilities to the stack. Generally, flags here should have their meaning done in a way that the simplest hardware doesn’t need setting any particular flags. There are some exceptions to this rule, however, so you are advised to review these flags carefully.

void SET_IEEE80211_DEV(struct ieee80211_hw * hw, struct device * dev)

set device for 802.11 hardware

Parameters

struct ieee80211_hw * hw

the struct ieee80211_hw to set the device for

struct device * dev

the struct device of this 802.11 device

void SET_IEEE80211_PERM_ADDR(struct ieee80211_hw * hw, const u8 * addr)

set the permanent MAC address for 802.11 hardware

Parameters

struct ieee80211_hw * hw

the struct ieee80211_hw to set the MAC address for

const u8 * addr

the address to set

struct ieee80211_ops

callbacks from mac80211 to the driver

Definition

struct ieee80211_ops {
  void (*tx)(struct ieee80211_hw *hw,struct ieee80211_tx_control *control, struct sk_buff *skb);
  int (*start)(struct ieee80211_hw *hw);
  void (*stop)(struct ieee80211_hw *hw);
#ifdef CONFIG_PM;
  int (*suspend)(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan);
  int (*resume)(struct ieee80211_hw *hw);
  void (*set_wakeup)(struct ieee80211_hw *hw, bool enabled);
#endif;
  int (*add_interface)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*change_interface)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, enum nl80211_iftype new_type, bool p2p);
  void (*remove_interface)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*config)(struct ieee80211_hw *hw, u32 changed);
  void (*bss_info_changed)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_bss_conf *info, u32 changed);
  int (*start_ap)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*stop_ap)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  u64 (*prepare_multicast)(struct ieee80211_hw *hw, struct netdev_hw_addr_list *mc_list);
  void (*configure_filter)(struct ieee80211_hw *hw,unsigned int changed_flags,unsigned int *total_flags, u64 multicast);
  void (*config_iface_filter)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,unsigned int filter_flags, unsigned int changed_flags);
  int (*set_tim)(struct ieee80211_hw *hw, struct ieee80211_sta *sta, bool set);
  int (*set_key)(struct ieee80211_hw *hw, enum set_key_cmd cmd,struct ieee80211_vif *vif, struct ieee80211_sta *sta, struct ieee80211_key_conf *key);
  void (*update_tkip_key)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_key_conf *conf,struct ieee80211_sta *sta, u32 iv32, u16 *phase1key);
  void (*set_rekey_data)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct cfg80211_gtk_rekey_data *data);
  void (*set_default_unicast_key)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, int idx);
  int (*hw_scan)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct ieee80211_scan_request *req);
  void (*cancel_hw_scan)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*sched_scan_start)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct cfg80211_sched_scan_request *req, struct ieee80211_scan_ies *ies);
  int (*sched_scan_stop)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*sw_scan_start)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, const u8 *mac_addr);
  void (*sw_scan_complete)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*get_stats)(struct ieee80211_hw *hw, struct ieee80211_low_level_stats *stats);
  void (*get_key_seq)(struct ieee80211_hw *hw,struct ieee80211_key_conf *key, struct ieee80211_key_seq *seq);
  int (*set_frag_threshold)(struct ieee80211_hw *hw, u32 value);
  int (*set_rts_threshold)(struct ieee80211_hw *hw, u32 value);
  int (*sta_add)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct ieee80211_sta *sta);
  int (*sta_remove)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct ieee80211_sta *sta);
#ifdef CONFIG_MAC80211_DEBUGFS;
  void (*sta_add_debugfs)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_sta *sta, struct dentry *dir);
#endif;
  void (*sta_notify)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, enum sta_notify_cmd, struct ieee80211_sta *sta);
  int (*sta_set_txpwr)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_sta *sta);
  int (*sta_state)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,struct ieee80211_sta *sta,enum ieee80211_sta_state old_state, enum ieee80211_sta_state new_state);
  void (*sta_pre_rcu_remove)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_sta *sta);
  void (*sta_rc_update)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_sta *sta, u32 changed);
  void (*sta_rate_tbl_update)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_sta *sta);
  void (*sta_statistics)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_sta *sta, struct station_info *sinfo);
  int (*conf_tx)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, u16 ac, const struct ieee80211_tx_queue_params *params);
  u64 (*get_tsf)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*set_tsf)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, u64 tsf);
  void (*offset_tsf)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, s64 offset);
  void (*reset_tsf)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*tx_last_beacon)(struct ieee80211_hw *hw);
  int (*ampdu_action)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_ampdu_params *params);
  int (*get_survey)(struct ieee80211_hw *hw, int idx, struct survey_info *survey);
  void (*rfkill_poll)(struct ieee80211_hw *hw);
  void (*set_coverage_class)(struct ieee80211_hw *hw, s16 coverage_class);
#ifdef CONFIG_NL80211_TESTMODE;
  int (*testmode_cmd)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, void *data, int len);
  int (*testmode_dump)(struct ieee80211_hw *hw, struct sk_buff *skb,struct netlink_callback *cb, void *data, int len);
#endif;
  void (*flush)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, u32 queues, bool drop);
  void (*channel_switch)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_channel_switch *ch_switch);
  int (*set_antenna)(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant);
  int (*get_antenna)(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant);
  int (*remain_on_channel)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_channel *chan,int duration, enum ieee80211_roc_type type);
  int (*cancel_remain_on_channel)(struct ieee80211_hw *hw);
  int (*set_ringparam)(struct ieee80211_hw *hw, u32 tx, u32 rx);
  void (*get_ringparam)(struct ieee80211_hw *hw, u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max);
  bool (*tx_frames_pending)(struct ieee80211_hw *hw);
  int (*set_bitrate_mask)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, const struct cfg80211_bitrate_mask *mask);
  void (*event_callback)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, const struct ieee80211_event *event);
  void (*allow_buffered_frames)(struct ieee80211_hw *hw,struct ieee80211_sta *sta,u16 tids, int num_frames,enum ieee80211_frame_release_type reason, bool more_data);
  void (*release_buffered_frames)(struct ieee80211_hw *hw,struct ieee80211_sta *sta,u16 tids, int num_frames,enum ieee80211_frame_release_type reason, bool more_data);
  int (*get_et_sset_count)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, int sset);
  void (*get_et_stats)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ethtool_stats *stats, u64 *data);
  void (*get_et_strings)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, u32 sset, u8 *data);
  void (*mgd_prepare_tx)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, u16 duration);
  void (*mgd_protect_tdls_discover)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*add_chanctx)(struct ieee80211_hw *hw, struct ieee80211_chanctx_conf *ctx);
  void (*remove_chanctx)(struct ieee80211_hw *hw, struct ieee80211_chanctx_conf *ctx);
  void (*change_chanctx)(struct ieee80211_hw *hw,struct ieee80211_chanctx_conf *ctx, u32 changed);
  int (*assign_vif_chanctx)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_chanctx_conf *ctx);
  void (*unassign_vif_chanctx)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_chanctx_conf *ctx);
  int (*switch_vif_chanctx)(struct ieee80211_hw *hw,struct ieee80211_vif_chanctx_switch *vifs,int n_vifs, enum ieee80211_chanctx_switch_mode mode);
  void (*reconfig_complete)(struct ieee80211_hw *hw, enum ieee80211_reconfig_type reconfig_type);
#if IS_ENABLED(CONFIG_IPV6);
  void (*ipv6_addr_change)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct inet6_dev *idev);
#endif;
  void (*channel_switch_beacon)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct cfg80211_chan_def *chandef);
  int (*pre_channel_switch)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_channel_switch *ch_switch);
  int (*post_channel_switch)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*abort_channel_switch)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*channel_switch_rx_beacon)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_channel_switch *ch_switch);
  int (*join_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  void (*leave_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  u32 (*get_expected_throughput)(struct ieee80211_hw *hw, struct ieee80211_sta *sta);
  int (*get_txpower)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, int *dbm);
  int (*tdls_channel_switch)(struct ieee80211_hw *hw,struct ieee80211_vif *vif,struct ieee80211_sta *sta, u8 oper_class,struct cfg80211_chan_def *chandef, struct sk_buff *tmpl_skb, u32 ch_sw_tm_ie);
  void (*tdls_cancel_channel_switch)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_sta *sta);
  void (*tdls_recv_channel_switch)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct ieee80211_tdls_ch_sw_params *params);
  void (*wake_tx_queue)(struct ieee80211_hw *hw, struct ieee80211_txq *txq);
  void (*sync_rx_queues)(struct ieee80211_hw *hw);
  int (*start_nan)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct cfg80211_nan_conf *conf);
  int (*stop_nan)(struct ieee80211_hw *hw, struct ieee80211_vif *vif);
  int (*nan_change_conf)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct cfg80211_nan_conf *conf, u32 changes);
  int (*add_nan_func)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, const struct cfg80211_nan_func *nan_func);
  void (*del_nan_func)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, u8 instance_id);
  bool (*can_aggregate_in_amsdu)(struct ieee80211_hw *hw,struct sk_buff *head, struct sk_buff *skb);
  int (*get_ftm_responder_stats)(struct ieee80211_hw *hw,struct ieee80211_vif *vif, struct cfg80211_ftm_responder_stats *ftm_stats);
  int (*start_pmsr)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct cfg80211_pmsr_request *request);
  void (*abort_pmsr)(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct cfg80211_pmsr_request *request);
};

Members

tx

Handler that 802.11 module calls for each transmitted frame. skb contains the buffer starting from the IEEE 802.11 header. The low-level driver should send the frame out based on configuration in the TX control data. This handler should, preferably, never fail and stop queues appropriately. Must be atomic.

start

Called before the first netdevice attached to the hardware is enabled. This should turn on the hardware and must turn on frame reception (for possibly enabled monitor interfaces.) Returns negative error codes, these may be seen in userspace, or zero. When the device is started it should not have a MAC address to avoid acknowledging frames before a non-monitor device is added. Must be implemented and can sleep.

stop

Called after last netdevice attached to the hardware is disabled. This should turn off the hardware (at least it must turn off frame reception.) May be called right after add_interface if that rejects an interface. If you added any work onto the mac80211 workqueue you should ensure to cancel it on this callback. Must be implemented and can sleep.

suspend

Suspend the device; mac80211 itself will quiesce before and stop transmitting and doing any other configuration, and then ask the device to suspend. This is only invoked when WoWLAN is configured, otherwise the device is deconfigured completely and reconfigured at resume time. The driver may also impose special conditions under which it wants to use the “normal” suspend (deconfigure), say if it only supports WoWLAN when the device is associated. In this case, it must return 1 from this function.

resume

If WoWLAN was configured, this indicates that mac80211 is now resuming its operation, after this the device must be fully functional again. If this returns an error, the only way out is to also unregister the device. If it returns 1, then mac80211 will also go through the regular complete restart on resume.

set_wakeup

Enable or disable wakeup when WoWLAN configuration is modified. The reason is that device_set_wakeup_enable() is supposed to be called when the configuration changes, not only in suspend().

add_interface

Called when a netdevice attached to the hardware is enabled. Because it is not called for monitor mode devices, start and stop must be implemented. The driver should perform any initialization it needs before the device can be enabled. The initial configuration for the interface is given in the conf parameter. The callback may refuse to add an interface by returning a negative error code (which will be seen in userspace.) Must be implemented and can sleep.

change_interface

Called when a netdevice changes type. This callback is optional, but only if it is supported can interface types be switched while the interface is UP. The callback may sleep. Note that while an interface is being switched, it will not be found by the interface iteration callbacks.

remove_interface

Notifies a driver that an interface is going down. The stop callback is called after this if it is the last interface and no monitor interfaces are present. When all interfaces are removed, the MAC address in the hardware must be cleared so the device no longer acknowledges packets, the mac_addr member of the conf structure is, however, set to the MAC address of the device going away. Hence, this callback must be implemented. It can sleep.

config

Handler for configuration requests. IEEE 802.11 code calls this function to change hardware configuration, e.g., channel. This function should never fail but returns a negative error code if it does. The callback can sleep.

bss_info_changed

Handler for configuration requests related to BSS parameters that may vary during BSS’s lifespan, and may affect low level driver (e.g. assoc/disassoc status, erp parameters). This function should not be used if no BSS has been set, unless for association indication. The changed parameter indicates which of the bss parameters has changed when a call is made. The callback can sleep.

start_ap

Start operation on the AP interface, this is called after all the information in bss_conf is set and beacon can be retrieved. A channel context is bound before this is called. Note that if the driver uses software scan or ROC, this (and stop_ap) isn’t called when the AP is just “paused” for scanning/ROC, which is indicated by the beacon being disabled/enabled via bss_info_changed.

stop_ap

Stop operation on the AP interface.

prepare_multicast

Prepare for multicast filter configuration. This callback is optional, and its return value is passed to configure_filter(). This callback must be atomic.

configure_filter

Configure the device’s RX filter. See the section “Frame filtering” for more information. This callback must be implemented and can sleep.

config_iface_filter

Configure the interface’s RX filter. This callback is optional and is used to configure which frames should be passed to mac80211. The filter_flags is the combination of FIF_* flags. The changed_flags is a bit mask that indicates which flags are changed. This callback can sleep.

set_tim

Set TIM bit. mac80211 calls this function when a TIM bit must be set or cleared for a given STA. Must be atomic.

set_key

See the section “Hardware crypto acceleration” This callback is only called between add_interface and remove_interface calls, i.e. while the given virtual interface is enabled. Returns a negative error code if the key can’t be added. The callback can sleep.

update_tkip_key

See the section “Hardware crypto acceleration” This callback will be called in the context of Rx. Called for drivers which set IEEE80211_KEY_FLAG_TKIP_REQ_RX_P1_KEY. The callback must be atomic.

set_rekey_data

If the device supports GTK rekeying, for example while the host is suspended, it can assign this callback to retrieve the data necessary to do GTK rekeying, this is the KEK, KCK and replay counter. After rekeying was done it should (for example during resume) notify userspace of the new replay counter using ieee80211_gtk_rekey_notify().

set_default_unicast_key

Set the default (unicast) key index, useful for WEP when the device sends data packets autonomously, e.g. for ARP offloading. The index can be 0-3, or -1 for unsetting it.

hw_scan

Ask the hardware to service the scan request, no need to start the scan state machine in stack. The scan must honour the channel configuration done by the regulatory agent in the wiphy’s registered bands. The hardware (or the driver) needs to make sure that power save is disabled. The req ie/ie_len members are rewritten by mac80211 to contain the entire IEs after the SSID, so that drivers need not look at these at all but just send them after the SSID – mac80211 includes the (extended) supported rates and HT information (where applicable). When the scan finishes, ieee80211_scan_completed() must be called; note that it also must be called when the scan cannot finish due to any error unless this callback returned a negative error code. This callback is also allowed to return the special return value 1, this indicates that hardware scan isn’t desirable right now and a software scan should be done instead. A driver wishing to use this capability must ensure its (hardware) scan capabilities aren’t advertised as more capable than mac80211’s software scan is. The callback can sleep.

cancel_hw_scan

Ask the low-level tp cancel the active hw scan. The driver should ask the hardware to cancel the scan (if possible), but the scan will be completed only after the driver will call ieee80211_scan_completed(). This callback is needed for wowlan, to prevent enqueueing a new scan_work after the low-level driver was already suspended. The callback can sleep.

sched_scan_start

Ask the hardware to start scanning repeatedly at specific intervals. The driver must call the ieee80211_sched_scan_results() function whenever it finds results. This process will continue until sched_scan_stop is called.

sched_scan_stop

Tell the hardware to stop an ongoing scheduled scan. In this case, ieee80211_sched_scan_stopped() must not be called.

sw_scan_start

Notifier function that is called just before a software scan is started. Can be NULL, if the driver doesn’t need this notification. The mac_addr parameter allows supporting NL80211_SCAN_FLAG_RANDOM_ADDR, the driver may set the NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR flag if it can use this parameter. The callback can sleep.

sw_scan_complete

Notifier function that is called just after a software scan finished. Can be NULL, if the driver doesn’t need this notification. The callback can sleep.

get_stats

Return low-level statistics. Returns zero if statistics are available. The callback can sleep.

get_key_seq

If your device implements encryption in hardware and does IV/PN assignment then this callback should be provided to read the IV/PN for the given key from hardware. The callback must be atomic.

set_frag_threshold

Configuration of fragmentation threshold. Assign this if the device does fragmentation by itself. Note that to prevent the stack from doing fragmentation IEEE80211_HW_SUPPORTS_TX_FRAG should be set as well. The callback can sleep.

set_rts_threshold

Configuration of RTS threshold (if device needs it) The callback can sleep.

sta_add

Notifies low level driver about addition of an associated station, AP, IBSS/WDS/mesh peer etc. This callback can sleep.

sta_remove

Notifies low level driver about removal of an associated station, AP, IBSS/WDS/mesh peer etc. Note that after the callback returns it isn’t safe to use the pointer, not even RCU protected; no RCU grace period is guaranteed between returning here and freeing the station. See sta_pre_rcu_remove if needed. This callback can sleep.

sta_add_debugfs

Drivers can use this callback to add debugfs files when a station is added to mac80211’s station list. This callback should be within a CONFIG_MAC80211_DEBUGFS conditional. This callback can sleep.

sta_notify

Notifies low level driver about power state transition of an associated station, AP, IBSS/WDS/mesh peer etc. For a VIF operating in AP mode, this callback will not be called when the flag IEEE80211_HW_AP_LINK_PS is set. Must be atomic.

sta_state

Notifies low level driver about state transition of a station (which can be the AP, a client, IBSS/WDS/mesh peer etc.) This callback is mutually exclusive with sta_add/sta_remove. It must not fail for down transitions but may fail for transitions up the list of states. Also note that after the callback returns it isn’t safe to use the pointer, not even RCU protected - no RCU grace period is guaranteed between returning here and freeing the station. See sta_pre_rcu_remove if needed. The callback can sleep.

sta_pre_rcu_remove

Notify driver about station removal before RCU synchronisation. This is useful if a driver needs to have station pointers protected using RCU, it can then use this call to clear the pointers instead of waiting for an RCU grace period to elapse in sta_state. The callback can sleep.

sta_rc_update

Notifies the driver of changes to the bitrates that can be used to transmit to the station. The changes are advertised with bits from enum ieee80211_rate_control_changed and the values are reflected in the station data. This callback should only be used when the driver uses hardware rate control (IEEE80211_HW_HAS_RATE_CONTROL) since otherwise the rate control algorithm is notified directly. Must be atomic.

sta_rate_tbl_update

Notifies the driver that the rate table changed. This is only used if the configured rate control algorithm actually uses the new rate table API, and is therefore optional. Must be atomic.

sta_statistics

Get statistics for this station. For example with beacon filtering, the statistics kept by mac80211 might not be accurate, so let the driver pre-fill the statistics. The driver can fill most of the values (indicating which by setting the filled bitmap), but not all of them make sense - see the source for which ones are possible. Statistics that the driver doesn’t fill will be filled by mac80211. The callback can sleep.

conf_tx

Configure TX queue parameters (EDCF (aifs, cw_min, cw_max), bursting) for a hardware TX queue. Returns a negative error code on failure. The callback can sleep.

get_tsf

Get the current TSF timer value from firmware/hardware. Currently, this is only used for IBSS mode BSSID merging and debugging. Is not a required function. The callback can sleep.

set_tsf

Set the TSF timer to the specified value in the firmware/hardware. Currently, this is only used for IBSS mode debugging. Is not a required function. The callback can sleep.

offset_tsf

Offset the TSF timer by the specified value in the firmware/hardware. Preferred to set_tsf as it avoids delay between calling set_tsf() and hardware getting programmed, which will show up as TSF delay. Is not a required function. The callback can sleep.

reset_tsf

Reset the TSF timer and allow firmware/hardware to synchronize with other STAs in the IBSS. This is only used in IBSS mode. This function is optional if the firmware/hardware takes full care of TSF synchronization. The callback can sleep.

tx_last_beacon

Determine whether the last IBSS beacon was sent by us. This is needed only for IBSS mode and the result of this function is used to determine whether to reply to Probe Requests. Returns non-zero if this device sent the last beacon. The callback can sleep.

ampdu_action

Perform a certain A-MPDU action. The RA/TID combination determines the destination and TID we want the ampdu action to be performed for. The action is defined through ieee80211_ampdu_mlme_action. When the action is set to IEEE80211_AMPDU_TX_OPERATIONAL the driver may neither send aggregates containing more subframes than buf_size nor send aggregates in a way that lost frames would exceed the buffer size. If just limiting the aggregate size, this would be possible with a buf_size of 8:

  • TX: 1.....7

  • RX:  2....7 (lost frame #1)

  • TX:        8..1...

which is invalid since #1 was now re-transmitted well past the buffer size of 8. Correct ways to retransmit #1 would be:

  • TX:        1   or

  • TX:        18  or

  • TX:        81

Even 189 would be wrong since 1 could be lost again.

Returns a negative error code on failure. The callback can sleep.

get_survey

Return per-channel survey information

rfkill_poll

Poll rfkill hardware state. If you need this, you also need to set wiphy->rfkill_poll to true before registration, and need to call wiphy_rfkill_set_hw_state() in the callback. The callback can sleep.

set_coverage_class

Set slot time for given coverage class as specified in IEEE 802.11-2007 section 17.3.8.6 and modify ACK timeout accordingly; coverage class equals to -1 to enable ACK timeout estimation algorithm (dynack). To disable dynack set valid value for coverage class. This callback is not required and may sleep.

testmode_cmd

Implement a cfg80211 test mode command. The passed vif may be NULL. The callback can sleep.

testmode_dump

Implement a cfg80211 test mode dump. The callback can sleep.

flush

Flush all pending frames from the hardware queue, making sure that the hardware queues are empty. The queues parameter is a bitmap of queues to flush, which is useful if different virtual interfaces use different hardware queues; it may also indicate all queues. If the parameter drop is set to true, pending frames may be dropped. Note that vif can be NULL. The callback can sleep.

channel_switch

Drivers that need (or want) to offload the channel switch operation for CSAs received from the AP may implement this callback. They must then call ieee80211_chswitch_done() to indicate completion of the channel switch.

set_antenna

Set antenna configuration (tx_ant, rx_ant) on the device. Parameters are bitmaps of allowed antennas to use for TX/RX. Drivers may reject TX/RX mask combinations they cannot support by returning -EINVAL (also see nl80211.h NL80211_ATTR_WIPHY_ANTENNA_TX).

get_antenna

Get current antenna configuration from device (tx_ant, rx_ant).

remain_on_channel

Starts an off-channel period on the given channel, must call back to ieee80211_ready_on_channel() when on that channel. Note that normal channel traffic is not stopped as this is intended for hw offload. Frames to transmit on the off-channel channel are transmitted normally except for the IEEE80211_TX_CTL_TX_OFFCHAN flag. When the duration (which will always be non-zero) expires, the driver must call ieee80211_remain_on_channel_expired(). Note that this callback may be called while the device is in IDLE and must be accepted in this case. This callback may sleep.

cancel_remain_on_channel

Requests that an ongoing off-channel period is aborted before it expires. This callback may sleep.

set_ringparam

Set tx and rx ring sizes.

get_ringparam

Get tx and rx ring current and maximum sizes.

tx_frames_pending

Check if there is any pending frame in the hardware queues before entering power save.

set_bitrate_mask

Set a mask of rates to be used for rate control selection when transmitting a frame. Currently only legacy rates are handled. The callback can sleep.

event_callback

Notify driver about any event in mac80211. See enum ieee80211_event_type for the different types. The callback must be atomic.

allow_buffered_frames

Prepare device to allow the given number of frames to go out to the given station. The frames will be sent by mac80211 via the usual TX path after this call. The TX information for frames released will also have the IEEE80211_TX_CTL_NO_PS_BUFFER flag set and the last one will also have IEEE80211_TX_STATUS_EOSP set. In case frames from multiple TIDs are released and the driver might reorder them between the TIDs, it must set the IEEE80211_TX_STATUS_EOSP flag on the last frame and clear it on all others and also handle the EOSP bit in the QoS header correctly. Alternatively, it can also call the ieee80211_sta_eosp() function. The tids parameter is a bitmap and tells the driver which TIDs the frames will be on; it will at most have two bits set. This callback must be atomic.

release_buffered_frames

Release buffered frames according to the given parameters. In the case where the driver buffers some frames for sleeping stations mac80211 will use this callback to tell the driver to release some frames, either for PS-poll or uAPSD. Note that if the more_data parameter is false the driver must check if there are more frames on the given TIDs, and if there are more than the frames being released then it must still set the more-data bit in the frame. If the more_data parameter is true, then of course the more-data bit must always be set. The tids parameter tells the driver which TIDs to release frames from, for PS-poll it will always have only a single bit set. In the case this is used for a PS-poll initiated release, the num_frames parameter will always be 1 so code can be shared. In this case the driver must also set IEEE80211_TX_STATUS_EOSP flag on the TX status (and must report TX status) so that the PS-poll period is properly ended. This is used to avoid sending multiple responses for a retried PS-poll frame. In the case this is used for uAPSD, the num_frames parameter may be bigger than one, but the driver may send fewer frames (it must send at least one, however). In this case it is also responsible for setting the EOSP flag in the QoS header of the frames. Also, when the service period ends, the driver must set IEEE80211_TX_STATUS_EOSP on the last frame in the SP. Alternatively, it may call the function ieee80211_sta_eosp() to inform mac80211 of the end of the SP. This callback must be atomic.

get_et_sset_count

Ethtool API to get string-set count.

get_et_stats

Ethtool API to get a set of u64 stats.

get_et_strings

Ethtool API to get a set of strings to describe stats and perhaps other supported types of ethtool data-sets.

mgd_prepare_tx

Prepare for transmitting a management frame for association before associated. In multi-channel scenarios, a virtual interface is bound to a channel before it is associated, but as it isn’t associated yet it need not necessarily be given airtime, in particular since any transmission to a P2P GO needs to be synchronized against the GO’s powersave state. mac80211 will call this function before transmitting a management frame prior to having successfully associated to allow the driver to give it channel time for the transmission, to get a response and to be able to synchronize with the GO. For drivers that set IEEE80211_HW_DEAUTH_NEED_MGD_TX_PREP, mac80211 would also call this function before transmitting a deauthentication frame in case that no beacon was heard from the AP/P2P GO. The callback will be called before each transmission and upon return mac80211 will transmit the frame right away. If duration is greater than zero, mac80211 hints to the driver the duration for which the operation is requested. The callback is optional and can (should!) sleep.

mgd_protect_tdls_discover

Protect a TDLS discovery session. After sending a TDLS discovery-request, we expect a reply to arrive on the AP’s channel. We must stay on the channel (no PSM, scan, etc.), since a TDLS setup-response is a direct packet not buffered by the AP. mac80211 will call this function just before the transmission of a TDLS discovery-request. The recommended period of protection is at least 2 * (DTIM period). The callback is optional and can sleep.

add_chanctx

Notifies device driver about new channel context creation. This callback may sleep.

remove_chanctx

Notifies device driver about channel context destruction. This callback may sleep.

change_chanctx

Notifies device driver about channel context changes that may happen when combining different virtual interfaces on the same channel context with different settings This callback may sleep.

assign_vif_chanctx

Notifies device driver about channel context being bound to vif. Possible use is for hw queue remapping. This callback may sleep.

unassign_vif_chanctx

Notifies device driver about channel context being unbound from vif. This callback may sleep.

switch_vif_chanctx

switch a number of vifs from one chanctx to another, as specified in the list of ieee80211_vif_chanctx_switch passed to the driver, according to the mode defined in ieee80211_chanctx_switch_mode. This callback may sleep.

reconfig_complete

Called after a call to ieee80211_restart_hw() and during resume, when the reconfiguration has completed. This can help the driver implement the reconfiguration step (and indicate mac80211 is ready to receive frames). This callback may sleep.

ipv6_addr_change

IPv6 address assignment on the given interface changed. Currently, this is only called for managed or P2P client interfaces. This callback is optional; it must not sleep.

channel_switch_beacon

Starts a channel switch to a new channel. Beacons are modified to include CSA or ECSA IEs before calling this function. The corresponding count fields in these IEs must be decremented, and when they reach 1 the driver must call ieee80211_csa_finish(). Drivers which use ieee80211_beacon_get() get the csa counter decremented by mac80211, but must check if it is 1 using ieee80211_csa_is_complete() after the beacon has been transmitted and then call ieee80211_csa_finish(). If the CSA count starts as zero or 1, this function will not be called, since there won’t be any time to beacon before the switch anyway.

pre_channel_switch

This is an optional callback that is called before a channel switch procedure is started (ie. when a STA gets a CSA or a userspace initiated channel-switch), allowing the driver to prepare for the channel switch.

post_channel_switch

This is an optional callback that is called after a channel switch procedure is completed, allowing the driver to go back to a normal configuration.

abort_channel_switch

This is an optional callback that is called when channel switch procedure was completed, allowing the driver to go back to a normal configuration.

channel_switch_rx_beacon

This is an optional callback that is called when channel switch procedure is in progress and additional beacon with CSA IE was received, allowing driver to track changes in count.

join_ibss

Join an IBSS (on an IBSS interface); this is called after all information in bss_conf is set up and the beacon can be retrieved. A channel context is bound before this is called.

leave_ibss

Leave the IBSS again.

get_expected_throughput

extract the expected throughput towards the specified station. The returned value is expressed in Kbps. It returns 0 if the RC algorithm does not have proper data to provide.

get_txpower

get current maximum tx power (in dBm) based on configuration and hardware limits.

tdls_channel_switch

Start channel-switching with a TDLS peer. The driver is responsible for continually initiating channel-switching operations and returning to the base channel for communication with the AP. The driver receives a channel-switch request template and the location of the switch-timing IE within the template as part of the invocation. The template is valid only within the call, and the driver can optionally copy the skb for further re-use.

tdls_cancel_channel_switch

Stop channel-switching with a TDLS peer. Both peers must be on the base channel when the call completes.

tdls_recv_channel_switch

a TDLS channel-switch related frame (request or response) has been received from a remote peer. The driver gets parameters parsed from the incoming frame and may use them to continue an ongoing channel-switch operation. In addition, a channel-switch response template is provided, together with the location of the switch-timing IE within the template. The skb can only be used within the function call.

wake_tx_queue

Called when new packets have been added to the queue.

sync_rx_queues

Process all pending frames in RSS queues. This is a synchronization which is needed in case driver has in its RSS queues pending frames that were received prior to the control path action currently taken (e.g. disassociation) but are not processed yet.

start_nan

join an existing NAN cluster, or create a new one.

stop_nan

leave the NAN cluster.

nan_change_conf

change NAN configuration. The data in cfg80211_nan_conf contains full new configuration and changes specify which parameters are changed with respect to the last NAN config. The driver gets both full configuration and the changed parameters since some devices may need the full configuration while others need only the changed parameters.

add_nan_func

Add a NAN function. Returns 0 on success. The data in cfg80211_nan_func must not be referenced outside the scope of this call.

del_nan_func

Remove a NAN function. The driver must call ieee80211_nan_func_terminated() with NL80211_NAN_FUNC_TERM_REASON_USER_REQUEST reason code upon removal.

can_aggregate_in_amsdu

Called in order to determine if HW supports aggregating two specific frames in the same A-MSDU. The relation between the skbs should be symmetric and transitive. Note that while skb is always a real frame, head may or may not be an A-MSDU.

get_ftm_responder_stats

Retrieve FTM responder statistics, if available. Statistics should be cumulative, currently no way to reset is provided.

start_pmsr

start peer measurement (e.g. FTM) (this call can sleep)

abort_pmsr

abort peer measurement (this call can sleep)

Description

This structure contains various callbacks that the driver may handle or, in some cases, must handle, for example to configure the hardware to a new channel or to transmit a frame.

struct ieee80211_hw * ieee80211_alloc_hw(size_t priv_data_len, const struct ieee80211_ops * ops)

Allocate a new hardware device

Parameters

size_t priv_data_len

length of private data

const struct ieee80211_ops * ops

callbacks for this device

Description

This must be called once for each hardware device. The returned pointer must be used to refer to this device when calling other functions. mac80211 allocates a private data area for the driver pointed to by priv in struct ieee80211_hw, the size of this area is given as priv_data_len.

Return

A pointer to the new hardware device, or NULL on error.

int ieee80211_register_hw(struct ieee80211_hw * hw)

Register hardware device

Parameters

struct ieee80211_hw * hw

the device to register as returned by ieee80211_alloc_hw()

Description

You must call this function before any other functions in mac80211. Note that before a hardware can be registered, you need to fill the contained wiphy’s information.

Return

0 on success. An error code otherwise.

void ieee80211_unregister_hw(struct ieee80211_hw * hw)

Unregister a hardware device

Parameters

struct ieee80211_hw * hw

the hardware to unregister

Description

This function instructs mac80211 to free allocated resources and unregister netdevices from the networking subsystem.

void ieee80211_free_hw(struct ieee80211_hw * hw)

free hardware descriptor

Parameters

struct ieee80211_hw * hw

the hardware to free

Description

This function frees everything that was allocated, including the private data for the driver. You must call ieee80211_unregister_hw() before calling this function.

PHY configuration

TBD

This chapter should describe PHY handling including start/stop callbacks and the various structures used.

struct ieee80211_conf

configuration of the device

Definition

struct ieee80211_conf {
  u32 flags;
  int power_level, dynamic_ps_timeout;
  u16 listen_interval;
  u8 ps_dtim_period;
  u8 long_frame_max_tx_count, short_frame_max_tx_count;
  struct cfg80211_chan_def chandef;
  bool radar_enabled;
  enum ieee80211_smps_mode smps_mode;
};

Members

flags

configuration flags defined above

power_level

requested transmit power (in dBm), backward compatibility value only that is set to the minimum of all interfaces

dynamic_ps_timeout

The dynamic powersave timeout (in ms), see the powersave documentation below. This variable is valid only when the CONF_PS flag is set.

listen_interval

listen interval in units of beacon interval

ps_dtim_period

The DTIM period of the AP we’re connected to, for use in power saving. Power saving will not be enabled until a beacon has been received and the DTIM period is known.

long_frame_max_tx_count

Maximum number of transmissions for a “long” frame (a frame not RTS protected), called “dot11LongRetryLimit” in 802.11, but actually means the number of transmissions not the number of retries

short_frame_max_tx_count

Maximum number of transmissions for a “short” frame, called “dot11ShortRetryLimit” in 802.11, but actually means the number of transmissions not the number of retries

chandef

the channel definition to tune to

radar_enabled

whether radar detection is enabled

smps_mode

spatial multiplexing powersave mode; note that IEEE80211_SMPS_STATIC is used when the device is not configured for an HT channel. Note that this is only valid if channel contexts are not used, otherwise each channel context has the number of chains listed.

Description

This struct indicates how the driver shall configure the hardware.

enum ieee80211_conf_flags

configuration flags

Constants

IEEE80211_CONF_MONITOR

there’s a monitor interface present – use this to determine for example whether to calculate timestamps for packets or not, do not use instead of filter flags!

IEEE80211_CONF_PS

Enable 802.11 power save mode (managed mode only). This is the power save mode defined by IEEE 802.11-2007 section 11.2, meaning that the hardware still wakes up for beacons, is able to transmit frames and receive the possible acknowledgment frames. Not to be confused with hardware specific wakeup/sleep states, driver is responsible for that. See the section “Powersave support” for more.

IEEE80211_CONF_IDLE

The device is running, but idle; if the flag is set the driver should be prepared to handle configuration requests but may turn the device off as much as possible. Typically, this flag will be set when an interface is set UP but not associated or scanning, but it can also be unset in that case when monitor interfaces are active.

IEEE80211_CONF_OFFCHANNEL

The device is currently not on its main operating channel.

Description

Flags to define PHY configuration options

Virtual interfaces

TBD

This chapter should describe virtual interface basics that are relevant to the driver (VLANs, MGMT etc are not.) It should explain the use of the add_iface/remove_iface callbacks as well as the interface configuration callbacks.

Things related to AP mode should be discussed there.

Things related to supporting multiple interfaces should be in the appropriate chapter, a BIG FAT note should be here about this though and the recommendation to allow only a single interface in STA mode at first!

struct ieee80211_vif

per-interface data

Definition

struct ieee80211_vif {
  enum nl80211_iftype type;
  struct ieee80211_bss_conf bss_conf;
  u8 addr[ETH_ALEN];
  bool p2p;
  bool csa_active;
  bool mu_mimo_owner;
  u8 cab_queue;
  u8 hw_queue[IEEE80211_NUM_ACS];
  struct ieee80211_txq *txq;
  struct ieee80211_chanctx_conf __rcu *chanctx_conf;
  u32 driver_flags;
#ifdef CONFIG_MAC80211_DEBUGFS;
  struct dentry *debugfs_dir;
#endif;
  unsigned int probe_req_reg;
  bool txqs_stopped[IEEE80211_NUM_ACS];
  u8 drv_priv[0];
};

Members

type

type of this virtual interface

bss_conf

BSS configuration for this interface, either our own or the BSS we’re associated to

addr

address of this interface

p2p

indicates whether this AP or STA interface is a p2p interface, i.e. a GO or p2p-sta respectively

csa_active

marks whether a channel switch is going on. Internally it is write-protected by sdata_lock and local->mtx so holding either is fine for read access.

mu_mimo_owner

indicates interface owns MU-MIMO capability

cab_queue

content-after-beacon (DTIM beacon really) queue, AP mode only

hw_queue

hardware queue for each AC

txq

the multicast data TX queue (if driver uses the TXQ abstraction)

chanctx_conf

The channel context this interface is assigned to, or NULL when it is not assigned. This pointer is RCU-protected due to the TX path needing to access it; even though the netdev carrier will always be off when it is NULL there can still be races and packets could be processed after it switches back to NULL.

driver_flags

flags/capabilities the driver has for this interface, these need to be set (or cleared) when the interface is added or, if supported by the driver, the interface type is changed at runtime, mac80211 will never touch this field

debugfs_dir

debugfs dentry, can be used by drivers to create own per interface debug files. Note that it will be NULL for the virtual monitor interface (if that is requested.)

probe_req_reg

probe requests should be reported to mac80211 for this interface.

txqs_stopped

per AC flag to indicate that intermediate TXQs are stopped, protected by fq->lock.

drv_priv

data area for driver use, will always be aligned to sizeof(void *).

Description

Data in this structure is continually present for driver use during the life of a virtual interface.

Receive and transmit processing

what should be here

TBD

This should describe the receive and transmit paths in mac80211/the drivers as well as transmit status handling.

Frame format

As a general rule, when frames are passed between mac80211 and the driver, they start with the IEEE 802.11 header and include the same octets that are sent over the air except for the FCS which should be calculated by the hardware.

There are, however, various exceptions to this rule for advanced features:

The first exception is for hardware encryption and decryption offload where the IV/ICV may or may not be generated in hardware.

Secondly, when the hardware handles fragmentation, the frame handed to the driver from mac80211 is the MSDU, not the MPDU.

Packet alignment

Drivers always need to pass packets that are aligned to two-byte boundaries to the stack.

Additionally, should, if possible, align the payload data in a way that guarantees that the contained IP header is aligned to a four-byte boundary. In the case of regular frames, this simply means aligning the payload to a four-byte boundary (because either the IP header is directly contained, or IV/RFC1042 headers that have a length divisible by four are in front of it). If the payload data is not properly aligned and the architecture doesn’t support efficient unaligned operations, mac80211 will align the data.

With A-MSDU frames, however, the payload data address must yield two modulo four because there are 14-byte 802.3 headers within the A-MSDU frames that push the IP header further back to a multiple of four again. Thankfully, the specs were sane enough this time around to require padding each A-MSDU subframe to a length that is a multiple of four.

Padding like Atheros hardware adds which is between the 802.11 header and the payload is not supported, the driver is required to move the 802.11 header to be directly in front of the payload in that case.

Calling into mac80211 from interrupts

Only ieee80211_tx_status_irqsafe() and ieee80211_rx_irqsafe() can be called in hardware interrupt context. The low-level driver must not call any other functions in hardware interrupt context. If there is a need for such call, the low-level driver should first ACK the interrupt and perform the IEEE 802.11 code call after this, e.g. from a scheduled workqueue or even tasklet function.

NOTE: If the driver opts to use the _irqsafe() functions, it may not also

use the non-IRQ-safe functions!

functions/definitions

struct ieee80211_rx_status

receive status

Definition

struct ieee80211_rx_status {
  u64 mactime;
  u64 boottime_ns;
  u32 device_timestamp;
  u32 ampdu_reference;
  u32 flag;
  u16 freq;
  u8 enc_flags;
  u8 encoding:2, bw:3, he_ru:3;
  u8 he_gi:2, he_dcm:1;
  u8 rate_idx;
  u8 nss;
  u8 rx_flags;
  u8 band;
  u8 antenna;
  s8 signal;
  u8 chains;
  s8 chain_signal[IEEE80211_MAX_CHAINS];
  u8 ampdu_delimiter_crc;
  u8 zero_length_psdu_type;
};

Members

mactime

value in microseconds of the 64-bit Time Synchronization Function (TSF) timer when the first data symbol (MPDU) arrived at the hardware.

boottime_ns

CLOCK_BOOTTIME timestamp the frame was received at, this is needed only for beacons and probe responses that update the scan cache.

device_timestamp

arbitrary timestamp for the device, mac80211 doesn’t use it but can store it and pass it back to the driver for synchronisation

ampdu_reference

A-MPDU reference number, must be a different value for each A-MPDU but the same for each subframe within one A-MPDU

flag

RX_FLAG_*

freq

frequency the radio was tuned to when receiving this frame, in MHz This field must be set for management frames, but isn’t strictly needed for data (other) frames - for those it only affects radiotap reporting.

enc_flags

uses bits from enum mac80211_rx_encoding_flags

encoding

enum mac80211_rx_encoding

bw

enum rate_info_bw

he_ru

HE RU, from enum nl80211_he_ru_alloc

he_gi

HE GI, from enum nl80211_he_gi

he_dcm

HE DCM value

rate_idx

index of data rate into band’s supported rates or MCS index if HT or VHT is used (RX_FLAG_HT/RX_FLAG_VHT)

nss

number of streams (VHT and HE only)

rx_flags

internal RX flags for mac80211

band

the active band when this frame was received

antenna

antenna used

signal

signal strength when receiving this frame, either in dBm, in dB or unspecified depending on the hardware capabilities flags IEEE80211_HW_SIGNAL_*

chains

bitmask of receive chains for which separate signal strength values were filled.

chain_signal

per-chain signal strength, in dBm (unlike signal, doesn’t support dB or unspecified units)

ampdu_delimiter_crc

A-MPDU delimiter CRC

zero_length_psdu_type

radiotap type of the 0-length PSDU

Description

The low-level driver should provide this information (the subset supported by hardware) to the 802.11 code with each received frame, in the skb’s control buffer (cb).

enum mac80211_rx_encoding_flags

MCS & bandwidth flags

Constants

RX_ENC_FLAG_SHORTPRE

Short preamble was used for this frame

RX_ENC_FLAG_SHORT_GI

Short guard interval was used

RX_ENC_FLAG_HT_GF

This frame was received in a HT-greenfield transmission, if the driver fills this value it should add IEEE80211_RADIOTAP_MCS_HAVE_FMT to hw.radiotap_mcs_details to advertise that fact.

RX_ENC_FLAG_STBC_MASK

STBC 2 bit bitmask. 1 - Nss=1, 2 - Nss=2, 3 - Nss=3

RX_ENC_FLAG_LDPC

LDPC was used

RX_ENC_FLAG_BF

packet was beamformed

enum mac80211_rx_flags

receive flags

Constants

RX_FLAG_MMIC_ERROR

Michael MIC error was reported on this frame. Use together with RX_FLAG_MMIC_STRIPPED.

RX_FLAG_DECRYPTED

This frame was decrypted in hardware.

RX_FLAG_MACTIME_PLCP_START

The timestamp passed in the RX status (mactime field) is valid and contains the time the SYNC preamble was received.

RX_FLAG_MMIC_STRIPPED

the Michael MIC is stripped off this frame, verification has been done by the hardware.

RX_FLAG_IV_STRIPPED

The IV and ICV are stripped from this frame. If this flag is set, the stack cannot do any replay detection hence the driver or hardware will have to do that.

RX_FLAG_FAILED_FCS_CRC

Set this flag if the FCS check failed on the frame.

RX_FLAG_FAILED_PLCP_CRC

Set this flag if the PCLP check failed on the frame.

RX_FLAG_MACTIME_START

The timestamp passed in the RX status (mactime field) is valid and contains the time the first symbol of the MPDU was received. This is useful in monitor mode and for proper IBSS merging.

RX_FLAG_NO_SIGNAL_VAL

The signal strength value is not present. Valid only for data frames (mainly A-MPDU)

RX_FLAG_AMPDU_DETAILS

A-MPDU details are known, in particular the reference number (ampdu_reference) must be populated and be a distinct number for each A-MPDU

RX_FLAG_PN_VALIDATED

Currently only valid for CCMP/GCMP frames, this flag indicates that the PN was verified for replay protection. Note that this flag is also currently only supported when a frame is also decrypted (ie. RX_FLAG_DECRYPTED must be set)

RX_FLAG_DUP_VALIDATED

The driver should set this flag if it did de-duplication by itself.

RX_FLAG_AMPDU_LAST_KNOWN

last subframe is known, should be set on all subframes of a single A-MPDU

RX_FLAG_AMPDU_IS_LAST

this subframe is the last subframe of the A-MPDU

RX_FLAG_AMPDU_DELIM_CRC_ERROR

A delimiter CRC error has been detected on this subframe

RX_FLAG_AMPDU_DELIM_CRC_KNOWN

The delimiter CRC field is known (the CRC is stored in the ampdu_delimiter_crc field)

RX_FLAG_MACTIME_END

The timestamp passed in the RX status (mactime field) is valid and contains the time the last symbol of the MPDU (including FCS) was received.

RX_FLAG_ONLY_MONITOR

Report frame only to monitor interfaces without processing it in any regular way. This is useful if drivers offload some frames but still want to report them for sniffing purposes.

RX_FLAG_SKIP_MONITOR

Process and report frame to all interfaces except monitor interfaces. This is useful if drivers offload some frames but still want to report them for sniffing purposes.

RX_FLAG_AMSDU_MORE

Some drivers may prefer to report separate A-MSDU subframes instead of a one huge frame for performance reasons. All, but the last MSDU from an A-MSDU should have this flag set. E.g. if an A-MSDU has 3 frames, the first 2 must have the flag set, while the 3rd (last) one must not have this flag set. The flag is used to deal with retransmission/duplication recovery properly since A-MSDU subframes share the same sequence number. Reported subframes can be either regular MSDU or singly A-MSDUs. Subframes must not be interleaved with other frames.

RX_FLAG_RADIOTAP_VENDOR_DATA

This frame contains vendor-specific radiotap data in the skb->data (before the frame) as described by the struct ieee80211_vendor_radiotap.

RX_FLAG_MIC_STRIPPED

The mic was stripped of this packet. Decryption was done by the hardware

RX_FLAG_ALLOW_SAME_PN

Allow the same PN as same packet before. This is used for AMSDU subframes which can have the same PN as the first subframe.

RX_FLAG_ICV_STRIPPED

The ICV is stripped from this frame. CRC checking must be done in the hardware.

RX_FLAG_AMPDU_EOF_BIT

Value of the EOF bit in the A-MPDU delimiter for this frame

RX_FLAG_AMPDU_EOF_BIT_KNOWN

The EOF value is known

RX_FLAG_RADIOTAP_HE

HE radiotap data is present (struct ieee80211_radiotap_he, mac80211 will fill in

  • DATA3_DATA_MCS

  • DATA3_DATA_DCM

  • DATA3_CODING

  • DATA5_GI

  • DATA5_DATA_BW_RU_ALLOC

  • DATA6_NSTS

  • DATA3_STBC

from the RX info data, so leave those zeroed when building this data)

RX_FLAG_RADIOTAP_HE_MU

HE MU radiotap data is present (struct ieee80211_radiotap_he_mu)

RX_FLAG_RADIOTAP_LSIG

L-SIG radiotap data is present

RX_FLAG_NO_PSDU

use the frame only for radiotap reporting, with the “0-length PSDU” field included there. The value for it is in struct ieee80211_rx_status. Note that if this value isn’t known the frame shouldn’t be reported.

Description

These flags are used with the flag member of struct ieee80211_rx_status.

enum mac80211_tx_info_flags

flags to describe transmission information/status

Constants

IEEE80211_TX_CTL_REQ_TX_STATUS

require TX status callback for this frame.

IEEE80211_TX_CTL_ASSIGN_SEQ

The driver has to assign a sequence number to this frame, taking care of not overwriting the fragment number and increasing the sequence number only when the IEEE80211_TX_CTL_FIRST_FRAGMENT flag is set. mac80211 will properly assign sequence numbers to QoS-data frames but cannot do so correctly for non-QoS-data and management frames because beacons need them from that counter as well and mac80211 cannot guarantee proper sequencing. If this flag is set, the driver should instruct the hardware to assign a sequence number to the frame or assign one itself. Cf. IEEE 802.11-2007 7.1.3.4.1 paragraph 3. This flag will always be set for beacons and always be clear for frames without a sequence number field.

IEEE80211_TX_CTL_NO_ACK

tell the low level not to wait for an ack

IEEE80211_TX_CTL_CLEAR_PS_FILT

clear powersave filter for destination station

IEEE80211_TX_CTL_FIRST_FRAGMENT

this is a first fragment of the frame

IEEE80211_TX_CTL_SEND_AFTER_DTIM

send this frame after DTIM beacon

IEEE80211_TX_CTL_AMPDU

this frame should be sent as part of an A-MPDU

IEEE80211_TX_CTL_INJECTED

Frame was injected, internal to mac80211.

IEEE80211_TX_STAT_TX_FILTERED

The frame was not transmitted because the destination STA was in powersave mode. Note that to avoid race conditions, the filter must be set by the hardware or firmware upon receiving a frame that indicates that the station went to sleep (must be done on device to filter frames already on the queue) and may only be unset after mac80211 gives the OK for that by setting the IEEE80211_TX_CTL_CLEAR_PS_FILT (see above), since only then is it guaranteed that no more frames are in the hardware queue.

IEEE80211_TX_STAT_ACK

Frame was acknowledged

IEEE80211_TX_STAT_AMPDU

The frame was aggregated, so status is for the whole aggregation.

IEEE80211_TX_STAT_AMPDU_NO_BACK

no block ack was returned, so consider using block ack request (BAR).

IEEE80211_TX_CTL_RATE_CTRL_PROBE

internal to mac80211, can be set by rate control algorithms to indicate probe rate, will be cleared for fragmented frames (except on the last fragment)

IEEE80211_TX_INTFL_OFFCHAN_TX_OK

Internal to mac80211. Used to indicate that a frame can be transmitted while the queues are stopped for off-channel operation.

IEEE80211_TX_INTFL_NEED_TXPROCESSING

completely internal to mac80211, used to indicate that a pending frame requires TX processing before it can be sent out.

IEEE80211_TX_INTFL_RETRIED

completely internal to mac80211, used to indicate that a frame was already retried due to PS

IEEE80211_TX_INTFL_DONT_ENCRYPT

completely internal to mac80211, used to indicate frame should not be encrypted

IEEE80211_TX_CTL_NO_PS_BUFFER

This frame is a response to a poll frame (PS-Poll or uAPSD) or a non-bufferable MMPDU and must be sent although the station is in powersave mode.

IEEE80211_TX_CTL_MORE_FRAMES

More frames will be passed to the transmit function after the current frame, this can be used by drivers to kick the DMA queue only if unset or when the queue gets full.

IEEE80211_TX_INTFL_RETRANSMISSION

This frame is being retransmitted after TX status because the destination was asleep, it must not be modified again (no seqno assignment, crypto, etc.)

IEEE80211_TX_INTFL_MLME_CONN_TX

This frame was transmitted by the MLME code for connection establishment, this indicates that its status should kick the MLME state machine.

IEEE80211_TX_INTFL_NL80211_FRAME_TX

Frame was requested through nl80211 MLME command (internal to mac80211 to figure out whether to send TX status to user space)

IEEE80211_TX_CTL_LDPC

tells the driver to use LDPC for this frame

IEEE80211_TX_CTL_STBC

Enables Space-Time Block Coding (STBC) for this frame and selects the maximum number of streams that it can use.

IEEE80211_TX_CTL_TX_OFFCHAN

Marks this packet to be transmitted on the off-channel channel when a remain-on-channel offload is done in hardware – normal packets still flow and are expected to be handled properly by the device.

IEEE80211_TX_INTFL_TKIP_MIC_FAILURE

Marks this packet to be used for TKIP testing. It will be sent out with incorrect Michael MIC key to allow TKIP countermeasures to be tested.

IEEE80211_TX_CTL_NO_CCK_RATE

This frame will be sent at non CCK rate. This flag is actually used for management frame especially for P2P frames not being sent at CCK rate in 2GHz band.

IEEE80211_TX_STATUS_EOSP

This packet marks the end of service period, when its status is reported the service period ends. For frames in an SP that mac80211 transmits, it is already set; for driver frames the driver may set this flag. It is also used to do the same for PS-Poll responses.

IEEE80211_TX_CTL_USE_MINRATE

This frame will be sent at lowest rate. This flag is used to send nullfunc frame at minimum rate when the nullfunc is used for connection monitoring purpose.

IEEE80211_TX_CTL_DONTFRAG

Don’t fragment this packet even if it would be fragmented by size (this is optional, only used for monitor injection).

IEEE80211_TX_STAT_NOACK_TRANSMITTED

A frame that was marked with IEEE80211_TX_CTL_NO_ACK has been successfully transmitted without any errors (like issues specific to the driver/HW). This flag must not be set for frames that don’t request no-ack behaviour with IEEE80211_TX_CTL_NO_ACK.

Description

These flags are used with the flags member of ieee80211_tx_info.

Note

If you have to add new flags to the enumeration, then don’t

forget to update IEEE80211_TX_TEMPORARY_FLAGS when necessary.

enum mac80211_tx_control_flags

flags to describe transmit control

Constants

IEEE80211_TX_CTRL_PORT_CTRL_PROTO

this frame is a port control protocol frame (e.g. EAP)

IEEE80211_TX_CTRL_PS_RESPONSE

This frame is a response to a poll frame (PS-Poll or uAPSD).

IEEE80211_TX_CTRL_RATE_INJECT

This frame is injected with rate information

IEEE80211_TX_CTRL_AMSDU

This frame is an A-MSDU frame

IEEE80211_TX_CTRL_FAST_XMIT

This frame is going through the fast_xmit path

IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP

This frame skips mesh path lookup

Description

These flags are used in tx_info->control.flags.

enum mac80211_rate_control_flags

per-rate flags set by the Rate Control algorithm.

Constants

IEEE80211_TX_RC_USE_RTS_CTS

Use RTS/CTS exchange for this rate.

IEEE80211_TX_RC_USE_CTS_PROTECT

CTS-to-self protection is required. This is set if the current BSS requires ERP protection.

IEEE80211_TX_RC_USE_SHORT_PREAMBLE

Use short preamble.

IEEE80211_TX_RC_MCS

HT rate.

IEEE80211_TX_RC_GREEN_FIELD

Indicates whether this rate should be used in Greenfield mode.

IEEE80211_TX_RC_40_MHZ_WIDTH

Indicates if the Channel Width should be 40 MHz.

IEEE80211_TX_RC_DUP_DATA

The frame should be transmitted on both of the adjacent 20 MHz channels, if the current channel type is NL80211_CHAN_HT40MINUS or NL80211_CHAN_HT40PLUS.

IEEE80211_TX_RC_SHORT_GI

Short Guard interval should be used for this rate.

IEEE80211_TX_RC_VHT_MCS

VHT MCS rate, in this case the idx field is split into a higher 4 bits (Nss) and lower 4 bits (MCS number)

IEEE80211_TX_RC_80_MHZ_WIDTH

Indicates 80 MHz transmission

IEEE80211_TX_RC_160_MHZ_WIDTH

Indicates 160 MHz transmission (80+80 isn’t supported yet)

Description

These flags are set by the Rate control algorithm for each rate during tx, in the flags member of struct ieee80211_tx_rate.

struct ieee80211_tx_rate

rate selection/status

Definition

struct ieee80211_tx_rate {
  s8 idx;
  u16 count:5, flags:11;
};

Members

idx

rate index to attempt to send with

count

number of tries in this rate before going to the next rate

flags

rate control flags (enum mac80211_rate_control_flags)

Description

A value of -1 for idx indicates an invalid rate and, if used in an array of retry rates, that no more rates should be tried.

When used for transmit status reporting, the driver should always report the rate along with the flags it used.

struct ieee80211_tx_info contains an array of these structs in the control information, and it will be filled by the rate control algorithm according to what should be sent. For example, if this array contains, in the format { <idx>, <count> } the information:

{ 3, 2 }, { 2, 2 }, { 1, 4 }, { -1, 0 }, { -1, 0 }

then this means that the frame should be transmitted up to twice at rate 3, up to twice at rate 2, and up to four times at rate 1 if it doesn’t get acknowledged. Say it gets acknowledged by the peer after the fifth attempt, the status information should then contain:

{ 3, 2 }, { 2, 2 }, { 1, 1 }, { -1, 0 } ...

since it was transmitted twice at rate 3, twice at rate 2 and once at rate 1 after which we received an acknowledgement.

struct ieee80211_tx_info

skb transmit information

Definition

struct ieee80211_tx_info {
  u32 flags;
  u8 band;
  u8 hw_queue;
  u16 ack_frame_id;
  union {
    struct {
      union {
        struct {
          struct ieee80211_tx_rate rates[ IEEE80211_TX_MAX_RATES];
          s8 rts_cts_rate_idx;
          u8 use_rts:1;
          u8 use_cts_prot:1;
          u8 short_preamble:1;
          u8 skip_table:1;
        };
        unsigned long jiffies;
      };
      struct ieee80211_vif *vif;
      struct ieee80211_key_conf *hw_key;
      u32 flags;
      codel_time_t enqueue_time;
    } control;
    struct {
      u64 cookie;
    } ack;
    struct {
      struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];
      s32 ack_signal;
      u8 ampdu_ack_len;
      u8 ampdu_len;
      u8 antenna;
      u16 tx_time;
      bool is_valid_ack_signal;
      void *status_driver_data[19 / sizeof(void *)];
    } status;
    struct {
      struct ieee80211_tx_rate driver_rates[ IEEE80211_TX_MAX_RATES];
      u8 pad[4];
      void *rate_driver_data[ IEEE80211_TX_INFO_RATE_DRIVER_DATA_SIZE / sizeof(void *)];
    };
    void *driver_data[ IEEE80211_TX_INFO_DRIVER_DATA_SIZE / sizeof(void *)];
  };
};

Members

flags

transmit info flags, defined above

band

the band to transmit on (use for checking for races)

hw_queue

HW queue to put the frame on, skb_get_queue_mapping() gives the AC

ack_frame_id

internal frame ID for TX status, used internally

{unnamed_union}

anonymous

control

union part for control data

{unnamed_union}

anonymous

{unnamed_struct}

anonymous

control.rates

TX rates array to try

control.rts_cts_rate_idx

rate for RTS or CTS

control.use_rts

use RTS

control.use_cts_prot

use RTS/CTS

control.short_preamble

use short preamble (CCK only)

control.skip_table

skip externally configured rate table

control.jiffies

timestamp for expiry on powersave clients

control.vif

virtual interface (may be NULL)

control.hw_key

key to encrypt with (may be NULL)

control.flags

control flags, see enum mac80211_tx_control_flags

control.enqueue_time

enqueue time (for iTXQs)

ack

union part for pure ACK data

ack.cookie

cookie for the ACK

status

union part for status data

status.rates

attempted rates

status.ack_signal

ACK signal

status.ampdu_ack_len

AMPDU ack length

status.ampdu_len

AMPDU length

status.antenna

(legacy, kept only for iwlegacy)

status.tx_time

airtime consumed for transmission

status.is_valid_ack_signal

ACK signal is valid

status.status_driver_data

driver use area

{unnamed_struct}

anonymous

driver_rates

alias to control.rates to reserve space

pad

padding

rate_driver_data

driver use area if driver needs control.rates

driver_data

array of driver_data pointers

Description

This structure is placed in skb->cb for three uses:
  1. mac80211 TX control - mac80211 tells the driver what to do

  2. driver internal use (if applicable)

  3. TX status information - driver tells mac80211 what happened

void ieee80211_tx_info_clear_status(struct ieee80211_tx_info * info)

clear TX status

Parameters

struct ieee80211_tx_info * info

The struct ieee80211_tx_info to be cleared.

Description

When the driver passes an skb back to mac80211, it must report a number of things in TX status. This function clears everything in the TX status but the rate control information (it does clear the count since you need to fill that in anyway).

NOTE

You can only use this function if you do NOT use

info->driver_data! Use info->rate_driver_data instead if you need only the less space that allows.

void ieee80211_rx(struct ieee80211_hw * hw, struct sk_buff * skb)

receive frame

Parameters

struct ieee80211_hw * hw

the hardware this frame came in on

struct sk_buff * skb

the buffer to receive, owned by mac80211 after this call

Description

Use this function to hand received frames to mac80211. The receive buffer in skb must start with an IEEE 802.11 header. In case of a paged skb is used, the driver is recommended to put the ieee80211 header of the frame on the linear part of the skb to avoid memory allocation and/or memcpy by the stack.

This function may not be called in IRQ context. Calls to this function for a single hardware must be synchronized against each other. Calls to this function, ieee80211_rx_ni() and ieee80211_rx_irqsafe() may not be mixed for a single hardware. Must not run concurrently with ieee80211_tx_status() or ieee80211_tx_status_ni().

In process context use instead ieee80211_rx_ni().

void ieee80211_rx_ni(struct ieee80211_hw * hw, struct sk_buff * skb)

receive frame (in process context)

Parameters

struct ieee80211_hw * hw

the hardware this frame came in on

struct sk_buff * skb

the buffer to receive, owned by mac80211 after this call

Description

Like ieee80211_rx() but can be called in process context (internally disables bottom halves).

Calls to this function, ieee80211_rx() and ieee80211_rx_irqsafe() may not be mixed for a single hardware. Must not run concurrently with ieee80211_tx_status() or ieee80211_tx_status_ni().

void ieee80211_rx_irqsafe(struct ieee80211_hw * hw, struct sk_buff * skb)

receive frame

Parameters

struct ieee80211_hw * hw

the hardware this frame came in on

struct sk_buff * skb

the buffer to receive, owned by mac80211 after this call

Description

Like ieee80211_rx() but can be called in IRQ context (internally defers to a tasklet.)

Calls to this function, ieee80211_rx() or ieee80211_rx_ni() may not be mixed for a single hardware.Must not run concurrently with ieee80211_tx_status() or ieee80211_tx_status_ni().

struct ieee80211_tx_status

extended tx staus info for rate control

Definition

struct ieee80211_tx_status {
  struct ieee80211_sta *sta;
  struct ieee80211_tx_info *info;
  struct sk_buff *skb;
};

Members

sta

Station that the packet was transmitted for

info

Basic tx status information

skb

Packet skb (can be NULL if not provided by the driver)

void ieee80211_tx_status(struct ieee80211_hw * hw, struct sk_buff * skb)

transmit status callback

Parameters

struct ieee80211_hw * hw

the hardware the frame was transmitted by

struct sk_buff * skb

the frame that was transmitted, owned by mac80211 after this call

Description

Call this function for all transmitted frames after they have been transmitted. It is permissible to not call this function for multicast frames but this can affect statistics.

This function may not be called in IRQ context. Calls to this function for a single hardware must be synchronized against each other. Calls to this function, ieee80211_tx_status_ni() and ieee80211_tx_status_irqsafe() may not be mixed for a single hardware. Must not run concurrently with ieee80211_rx() or ieee80211_rx_ni().

void ieee80211_tx_status_ni(struct ieee80211_hw * hw, struct sk_buff * skb)

transmit status callback (in process context)

Parameters

struct ieee80211_hw * hw

the hardware the frame was transmitted by

struct sk_buff * skb

the frame that was transmitted, owned by mac80211 after this call

Description

Like ieee80211_tx_status() but can be called in process context.

Calls to this function, ieee80211_tx_status() and ieee80211_tx_status_irqsafe() may not be mixed for a single hardware.

void ieee80211_tx_status_irqsafe(struct ieee80211_hw * hw, struct sk_buff * skb)

IRQ-safe transmit status callback

Parameters

struct ieee80211_hw * hw

the hardware the frame was transmitted by

struct sk_buff * skb

the frame that was transmitted, owned by mac80211 after this call

Description

Like ieee80211_tx_status() but can be called in IRQ context (internally defers to a tasklet.)

Calls to this function, ieee80211_tx_status() and ieee80211_tx_status_ni() may not be mixed for a single hardware.

void ieee80211_rts_get(struct ieee80211_hw * hw, struct ieee80211_vif * vif, const void * frame, size_t frame_len, const struct ieee80211_tx_info * frame_txctl, struct ieee80211_rts * rts)

RTS frame generation function

Parameters

struct ieee80211_hw * hw

pointer obtained from ieee80211_alloc_hw().

struct ieee80211_vif * vif

struct ieee80211_vif pointer from the add_interface callback.

const void * frame

pointer to the frame that is going to be protected by the RTS.

size_t frame_len

the frame length (in octets).

const struct ieee80211_tx_info * frame_txctl

struct ieee80211_tx_info of the frame.

struct ieee80211_rts * rts

The buffer where to store the RTS frame.

Description

If the RTS frames are generated by the host system (i.e., not in hardware/firmware), the low-level driver uses this function to receive the next RTS frame from the 802.11 code. The low-level is responsible for calling this function before and RTS frame is needed.

__le16 ieee80211_rts_duration(struct ieee80211_hw * hw, struct ieee80211_vif * vif, size_t frame_len, const struct ieee80211_tx_info * frame_txctl)

Get the duration field for an RTS frame

Parameters

struct ieee80211_hw * hw

pointer obtained from ieee80211_alloc_hw().

struct ieee80211_vif * vif

struct ieee80211_vif pointer from the add_interface callback.

size_t frame_len

the length of the frame that is going to be protected by the RTS.

const struct ieee80211_tx_info * frame_txctl

struct ieee80211_tx_info of the frame.

Description

If the RTS is generated in firmware, but the host system must provide the duration field, the low-level driver uses this function to receive the duration field value in little-endian byteorder.

Return

The duration.

void ieee80211_ctstoself_get(struct ieee80211_hw * hw, struct ieee80211_vif * vif, const void * frame, size_t frame_len, const struct ieee80211_tx_info * frame_txctl, struct ieee80211_cts * cts)

CTS-to-self frame generation function

Parameters

struct ieee80211_hw * hw

pointer obtained from ieee80211_alloc_hw().

struct ieee80211_vif * vif

struct ieee80211_vif pointer from the add_interface callback.

const void * frame

pointer to the frame that is going to be protected by the CTS-to-self.

size_t frame_len

the frame length (in octets).

const struct ieee80211_tx_info * frame_txctl

struct ieee80211_tx_info of the frame.

struct ieee80211_cts * cts

The buffer where to store the CTS-to-self frame.

Description

If the CTS-to-self frames are generated by the host system (i.e., not in hardware/firmware), the low-level driver uses this function to receive the next CTS-to-self frame from the 802.11 code. The low-level is responsible for calling this function before and CTS-to-self frame is needed.

__le16 ieee80211_ctstoself_duration(struct ieee80211_hw * hw, struct ieee80211_vif * vif, size_t frame_len, const struct ieee80211_tx_info * frame_txctl)

Get the duration field for a CTS-to-self frame

Parameters

struct ieee80211_hw * hw

pointer obtained from ieee80211_alloc_hw().

struct ieee80211_vif * vif

struct ieee80211_vif pointer from the add_interface callback.

size_t frame_len

the length of the frame that is going to be protected by the CTS-to-self.

const struct ieee80211_tx_info * frame_txctl

struct ieee80211_tx_info of the frame.

Description

If the CTS-to-self is generated in firmware, but the host system must provide the duration field, the low-level driver uses this function to receive the duration field value in little-endian byteorder.

Return

The duration.

__le16 ieee80211_generic_frame_duration(struct ieee80211_hw * hw, struct ieee80211_vif * vif, enum nl80211_band band, size_t frame_len, struct ieee80211_rate * rate)

Calculate the duration field for a frame

Parameters

struct ieee80211_hw * hw

pointer obtained from ieee80211_alloc_hw().

struct ieee80211_vif * vif

struct ieee80211_vif pointer from the add_interface callback.

enum nl80211_band band

the band to calculate the frame duration on

size_t frame_len

the length of the frame.

struct ieee80211_rate * rate

the rate at which the frame is going to be transmitted.

Description

Calculate the duration field of some generic frame, given its length and transmission rate (in 100kbps).

Return

The duration.

void ieee80211_wake_queue(struct ieee80211_hw * hw, int queue)

wake specific queue

Parameters

struct ieee80211_hw * hw

pointer as obtained from ieee80211_alloc_hw().

int queue

queue number (counted from zero).

Description

Drivers should use this function instead of netif_wake_queue.

void ieee80211_stop_queue(struct ieee80211_hw * hw, int queue)

stop specific queue

Parameters

struct ieee80211_hw * hw

pointer as obtained from ieee80211_alloc_hw().

int queue

queue number (counted from zero).

Description

Drivers should use this function instead of netif_stop_queue.

void ieee80211_wake_queues(struct ieee80211_hw * hw)

wake all queues

Parameters

struct ieee80211_hw * hw

pointer as obtained from ieee80211_alloc_hw().

Description

Drivers should use this function instead of netif_wake_queue.

void ieee80211_stop_queues(struct ieee80211_hw * hw)

stop all queues

Parameters

struct ieee80211_hw * hw

pointer as obtained from ieee80211_alloc_hw().

Description

Drivers should use this function instead of netif_stop_queue.

int ieee80211_queue_stopped(struct ieee80211_hw * hw, int queue)

test status of the queue

Parameters

struct ieee80211_hw * hw

pointer as obtained from ieee80211_alloc_hw().

int queue

queue number (counted from zero).

Description

Drivers should use this function instead of netif_stop_queue.

Return

true if the queue is stopped. false otherwise.

Frame filtering

mac80211 requires to see many management frames for proper operation, and users may want to see many more frames when in monitor mode. However, for best CPU usage and power consumption, having as few frames as possible percolate through the stack is desirable. Hence, the hardware should filter as much as possible.

To achieve this, mac80211 uses filter flags (see below) to tell the driver’s configure_filter() function which frames should be passed to mac80211 and which should be filtered out.

Before configure_filter() is invoked, the prepare_multicast() callback is invoked with the parameters mc_count and mc_list for the combined multicast address list of all virtual interfaces. It’s use is optional, and it returns a u64 that is passed to configure_filter(). Additionally, configure_filter() has the arguments changed_flags telling which flags were changed and total_flags with the new flag states.

If your device has no multicast address filters your driver will need to check both the FIF_ALLMULTI flag and the mc_count parameter to see whether multicast frames should be accepted or dropped.

All unsupported flags in total_flags must be cleared. Hardware does not support a flag if it is incapable of _passing_ the frame to the stack. Otherwise the driver must ignore the flag, but not clear it. You must _only_ clear the flag (announce no support for the flag to mac80211) if you are not able to pass the packet type to the stack (so the hardware always filters it). So for example, you should clear FIF_CONTROL, if your hardware always filters control frames. If your hardware always passes control frames to the kernel and is incapable of filtering them, you do _not_ clear the FIF_CONTROL flag. This rule applies to all other FIF flags as well.

enum ieee80211_filter_flags

hardware filter flags

Constants

FIF_ALLMULTI

pass all multicast frames, this is used if requested by the user or if the hardware is not capable of filtering by multicast address.

FIF_FCSFAIL

pass frames with failed FCS (but you need to set the RX_FLAG_FAILED_FCS_CRC for them)

FIF_PLCPFAIL

pass frames with failed PLCP CRC (but you need to set the RX_FLAG_FAILED_PLCP_CRC for them

FIF_BCN_PRBRESP_PROMISC

This flag is set during scanning to indicate to the hardware that it should not filter beacons or probe responses by BSSID. Filtering them can greatly reduce the amount of processing mac80211 needs to do and the amount of CPU wakeups, so you should honour this flag if possible.

FIF_CONTROL

pass control frames (except for PS Poll) addressed to this station

FIF_OTHER_BSS

pass frames destined to other BSSes

FIF_PSPOLL

pass PS Poll frames

FIF_PROBE_REQ

pass probe request frames

Description

These flags determine what the filter in hardware should be programmed to let through and what should not be passed to the stack. It is always safe to pass more frames than requested, but this has negative impact on power consumption.

The mac80211 workqueue

mac80211 provides its own workqueue for drivers and internal mac80211 use. The workqueue is a single threaded workqueue and can only be accessed by helpers for sanity checking. Drivers must ensure all work added onto the mac80211 workqueue should be cancelled on the driver stop() callback.

mac80211 will flushed the workqueue upon interface removal and during suspend.

All work performed on the mac80211 workqueue must not acquire the RTNL lock.

void ieee80211_queue_work(struct ieee80211_hw * hw, struct work_struct * work)

add work onto the mac80211 workqueue

Parameters

struct ieee80211_hw * hw

the hardware struct for the interface we are adding work for

struct work_struct * work

the work we want to add onto the mac80211 workqueue

Description

Drivers and mac80211 use this to add work onto the mac80211 workqueue. This helper ensures drivers are not queueing work when they should not be.

void ieee80211_queue_delayed_work(struct ieee80211_hw * hw, struct delayed_work * dwork, unsigned long delay)

add work onto the mac80211 workqueue

Parameters

struct ieee80211_hw * hw

the hardware struct for the interface we are adding work for

struct delayed_work * dwork

delayable work to queue onto the mac80211 workqueue

unsigned long delay

number of jiffies to wait before queueing

Description

Drivers and mac80211 use this to queue delayed work onto the mac80211 workqueue.