How nl80211 library & cfg80211 work?

Question

I want to learn about how nl80211 and cfg80211 works in detail. Function flow, how nl80211 interact with network tools like wpa_

Answer 1

To be able to control wireless drivers from userspace, some IPC communication processes between kernel and userspace are used.

• At first ioctl with vendor dependent APIs was used.
• In 1996, Jean Tourrilhes creates wireless extensions (WE or WEXT).

The Wireless Extension (WE) is a generic API allowing a driver to expose to the user space configuration and statistics specific to common Wireless LANs.

• In 2006, John Linville creates mac80211 and Johannes Berg creates cfg80211 and nl80211. Together it is intended to replace wireless extensions.

  +-------------+
  |             |
  |  Userspace  |
  |             |
  +-------------+
        ^
  - - - | - - - - 
        | nl80211
        v
  +-------------+
  |             |
  |  cfg80211   |
  |             |
  +-------------+
  +-------------+
  |             |
  |  mac80211   |
  |   driver    |
  |             |
  +-------------+
  

An important point is that nl80211/cfg80211/mac80211 no longer use ioctl, they use netlink.

So, tools like iw, hostapd or the wpa_supplicant use some netlink libraries (like libnl or libnl-tiny) and the netlink interface public header which is of course nl80211.h.

There is not so much documentations, but I advise you to read the libnl documentation and then the iw source code (because iw use libnl).

Answer 2

I've created a basic code flow diagram for the wireless stack in linux,
all the way from wpa_supplicant > cfg80211 > mac80211 > ath9k_htc.

The code has been traced for linux kernel 5.4.31.

Here is the link.

Answer 3

A slightly more detailed picture of how nl80211 and cfg80211 work with other parts of the system (user space, kernel, and hardware).

• nl80211 is the interface between user space software (iw, wpa_supplicant, etc.) and the kernel (cfg80211 and mac80211 kernel modules, and specific drivers).
• The WiFi drivers and hardware could be Full-MAC or Soft-MAC (see Wireless_network_interface_controller).
• cfg80211_ops is a set of operations that Full-MAC drivers and mac80211 module register to cfg80211 module.
• ieee80211_ops is a set of operations that Soft-MAC drivers register to mac80211 module.

Answer 4

See my reply to How to learn the structure of Linux wireless drivers (mac80211)?

In wpa_supplicant, you can follow the code in src/drivers/driver_nl80211.c. This is a wpa_supplicant driver (not a kernel driver but an abstraction used in wpa_supplicant code) which uses libnl to communicate with the kernel cfg80211 module. When wpa_supplicant issues a scan for example then wpa_driver_nl80211_scan gets called. It builds the netlink message with a command called NL80211_CMD_TRIGGER_SCAN and with all the parameters required for the scan.