50

I want to learn about how nl80211 and cfg80211 work in detail, such as: function flow and how nl80211 interacts with network tools like wpa_supplicant and iw.

Jeff Schaller
  • 2,352
  • 5
  • 23
  • 38
Rafal
  • 1,120
  • 3
  • 15
  • 23

4 Answers4

70

To be able to control wireless drivers from userspace, some IPC communication processes between kernel and userspace are used.

  • At first ioctl with vendor dependent APIs was used.
  • In 1996, Jean Tourrilhes creates wireless extensions (WE or WEXT).

The Wireless Extension (WE) is a generic API allowing a driver to expose to the user space configuration and statistics specific to common Wireless LANs.

  • In 2006, John Linville creates mac80211 and Johannes Berg creates cfg80211 and nl80211. Together it is intended to replace wireless extensions.

    +-------------+
|             |
|  Userspace  |
|             |
+-------------+
      ^
- - - | - - - - 
      | nl80211
      v
+-------------+
|             |
|  cfg80211   |
|             |
+-------------+
+-------------+
|             |
|  mac80211   |
|   driver    |
|             |
+-------------+

An important point is that nl80211/cfg80211/mac80211 no longer use ioctl, they use netlink.

So, tools like iw, hostapd or the wpa_supplicant use some netlink libraries (like libnl or libnl-tiny) and the netlink interface public header which is of course nl80211.h.

There is not so much documentations, but I advise you to read the libnl documentation and then the iw source code (because iw use libnl).

Omer Tuchfeld
  • 2,886
  • 1
  • 17
  • 24
jmlemetayer
  • 4,774
  • 1
  • 32
  • 46
  • nl80211 act as an interface between userspace and kernel space.....i m having difficulty in understanding at what point control flow goes from user space to kernel space – Rafal Feb 03 '14 at 04:15
  • 1
    Have you read [this](http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals). Netlink can be compared to a socket between the kernel and the user space. So the user can use it in a request-response way (e.g `iw dev wlan0 link`) and/or in an event way (e.g `iw dev wlan0 event`). – jmlemetayer Feb 03 '14 at 10:33
  • thanks for the link but i have gone through that page.....for interaction between user n kernel space a socket is created...but when it comes to tracing the code i m not able to trace it from user space to kernel space....if anybody can help plz reply soon – Rafal Feb 04 '14 at 04:58
  • You can search in the [linux-wireless mailing list](http://wireless.kernel.org/en/developers/MailingLists) or even try asking them. If you got a response, please post it, I'm very interested in and I don't have enough time to do it now! – jmlemetayer Feb 04 '14 at 06:35
  • 1
    ^ Link is dead, here's an archived version: https://web.archive.org/web/20160316163624/http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html – Miscreant Apr 29 '19 at 15:49
45

A slightly more detailed picture of how nl80211 and cfg80211 work with other parts of the system (user space, kernel, and hardware).

  • nl80211 is the interface between user space software (iw, wpa_supplicant, etc.) and the kernel (cfg80211 and mac80211 kernel modules, and specific drivers).
  • The WiFi drivers and hardware could be Full-MAC or Soft-MAC (see Wireless_network_interface_controller).
  • cfg80211_ops is a set of operations that Full-MAC drivers and mac80211 module register to cfg80211 module.
  • ieee80211_ops is a set of operations that Soft-MAC drivers register to mac80211 module.

enter image description here

artm
  • 17,291
  • 6
  • 38
  • 54
  • lspci -k | grep -A 3 -i "network" returns me "Kernel driver in use: iwlwifi". Then modinfo iwlwifi | grep depends returns me "cfg80211". But how can I check about nl80211 and mac80211. Also, how do I know if the driver supports AP mode or not? – infoclogged Mar 19 '17 at 12:56
10

I've created a basic code flow diagram for the wireless stack in linux,
all the way from wpa_supplicant > cfg80211 > mac80211 > ath9k_htc.

The code has been traced for linux kernel 5.4.31.

Here is the link.

Akshdeep Singh
  • 1,301
  • 1
  • 19
  • 34
9

See my reply to How to learn the structure of Linux wireless drivers (mac80211)?

In wpa_supplicant, you can follow the code in src/drivers/driver_nl80211.c. This is a wpa_supplicant driver (not a kernel driver but an abstraction used in wpa_supplicant code) which uses libnl to communicate with the kernel cfg80211 module. When wpa_supplicant issues a scan for example then wpa_driver_nl80211_scan gets called. It builds the netlink message with a command called NL80211_CMD_TRIGGER_SCAN and with all the parameters required for the scan.

Community
  • 1
  • 1
eyalsh
  • 931
  • 8
  • 12