NOTE: this page is for archival only, see the note at the end of the page.

AP support

AP support is still unfinished. Because of this, you need wireless-test.git and a patch from johill as well as and hostapd from git. The following are items we need to handle to make AP support IEEE 802.11 compliant:

  • short slot
  • short preamble
  • basic rate set
  • rts/cts
  • channel flag/regulatory domain (will be handled by CRDA)

  • tx queue params
  • CTS-protect setting for AP
  • injected frames need to be tied to another virtual interface to get the software sequence number right and keys (only relevant for 11w) right

A few bugs are also present:

  • check why we see data frames on cooked monitor
  • investigate the skb truesize bug

And possible features:

  • internal bridge setting (separated STAs in AP, local->bridge_packets, couldn't this be implemented using VLANs?)

  • multi-bss support (no kernel changes, just hostapd keep track of BSSes)

Intel is working (and already completed in their own tree) these features:

  • 802.11n
  • WMM AC
  • u-APSD support


  • Provide a replacement for all wext (iwconfig, iwlist) functionality
  • integrate wext compat layer
  • make nl80211/cfg80211 (and mac80211 where it is involved) have generation numbers for all dumps so that userspace can tell whether it got a proper snapshot dump or not
  • use 802.11 MLME SAP interface
  • add capability information (interface modes, ...)



  • Move ETH_P_PAE from ieee80211_i.h to linux/if_ether.h.
  • Sort out function definitions in ieee80211_i.h (they are at two different places in the file now).
  • remove forward declarations
  • Many internal functions, e.g. in mlme.c, take a 'struct net_device *' parameter. Remove that and pass either 'struct ieee80211_local *' if they don't need access to a certain interface, or 'struct ieee80211_sub_if_data *' if they do need a certain interface.

Long term

  • hide (or get rid of) master dev, use phy name for cfg80211


  • fix VLAN vif pointer being passed to driver in ->tx(), it should get the AP vif pointer instead.

  • handle reassociation when the sta is out of range for a moment and then comes back
  • Need to stop TX/RX when a radar is detected for the duration of scan for a new channel. [reported by Jouni Malinen]
  • Add new notification types to the ieee80211_notify_mac function that drivers can call when they suspend and resume. See this thread). (when done please remove from too)


mac80211 drivers use wpa_supplicant for help with Roaming. This is done by specifying ap_scan=1, which lets wpa_supplicant select the BSS based on scan results. This works but it could use some more enhancements.

To have better roaming we need to enhance background scanning. We can either enhance the kernel mac80211 STA MLME or userspace MLME. A quicker/temporary solution can be to have wpa_supplicant request scan results from the driver periodically. To do this mac80211 should move the STA into power save mode and stop TX queues for data frames in a way that they are not lost

Note: wpa_supplicant has IEEE 802.11r support, but this is mainly to reduce time needed to move between two BSSes, i.e., this does not help at all with selecting when to leave the current BSS if there could be a better BSS available.


  • possibly make scanning independent of virtual interface (only use MAC address of the interface that the scan was triggered for) – JohannesBerg 2007-09-24 12:53:39


  • Add dormant state support.
  • RCPI support ( [suggested by Simon Barber]

  • Export more hardware capabilities as wiphy attribute via nl80211.
  • Easier handling of configuration requests (ieee80211_hw->config()). In the current implementation, driver has no way to find out which parameter is being set; setting all parameters on every call to config() is obviously not a good idea.

  • Kicking DMA on the last fragment only (?) [suggested by Ivo van Doorn]
  • Make IEEE80211_FRAGMENT_MAX configurable (preferably at run-time).
  • In case of STA or IBSS, after a change of SSID or generic_element, ieee80211_if_conf should be called.
  • Try to switch from sw crypto to hw when there was no more room for STA keys in the hardware and one STA disassociates (so there is possibly a room now). [suggested by Johannes and Michael]

qdisc bugs

Note: will all be fixed by davem's MQ TX path rework

  • can't put the ieee80211 qdisc back on while the device is running

From Patrick McHardy:

  • classify_1d doesn't care about tc_classify return values. tc_classify may decide to steal packets, drop them, etc. In case of stolen packets this causes use-after-free, otherwise just malfunctions.
  • classify_1d returns res.class if it is != -1, which can never happen (except with an empty classifier list because of the explicit initialization, but you should check the return code) since ->get() and ->bind_tcf() both return 0 for invalid classes and the classid otherwise. There's also an off-by-one, classids start at one, so it should return res.class - 1 (or better res.classid - 1, which is meant to be a numerical identifier).

Considering that it is possibly and may be desirable to attach a different qdisc than the built-in multiband qdisc, it might also make sense to split the 80211 specific classification in a seperate classifier module to allow simple classification of management traffic with other qdiscs.

Library functions we could add

  • PLCP length calculation


  • ieee80211_get_hdrlen and ieee80211_is_eapol are called very often.
  • Recognition of device incoming frame belongs to can be made much smarter and faster.
  • think about handling probe responses in firmware like b43 can. This requires telling hostapd that it shouldn't be replying to probe requests and having it give the appropriate info to the kernel [Johannes/Michael]
  • Order available BSSes by rssi in STA/IBSS mode. We do this in ieee80211_rx_bss_add() ieee80211_sta.c


  • Add #ifdef's for not compiling AP stuff. [suggested by Jouni Malinen]
  • keep track of stations per virtual interface, helps with the optimisation asked for above

userspace mlme


The end goal is to have a communication path as follows:


nm:        Network Manager               - GUI based utility
iw:        Wireless-tool replacement     - Console based utility
           (these are prototypical, there will be more tools)
nl80211:   netlink-based wire-format for wireless configuration
umlme:     Userspace MLME (wpa_supplicant)
fullmac:   non-mac80211 full-mac hardware driver
cfg80211:  kernel wireless config agent speaking to drivers/mac80211 and userspace

Communication with userspace

  Hardware and kernel/hardware MLME configuration:
    { nm | iw | umlme } -------------> { cfg80211 }

  Userspace MLME configuration (alternative 1)
                   nl80211                     nl80211
    { nm | iw } -------------> { cfg80211 } -------------> { umlme }

  Userspace MLME configuration (alternative 2)
    { nm | iw } -------------> { umlme }

  Userspace MLME configuration (alternative 3)
                  socket (*)
    { nm | iw } -------------> { umlme }

    (*) Unix socket is just one alternative, could be a FIFO too
        or a TCP socket or a d-bus based protocol or ...

Communication inside the kernel

    { cfg80211 } -------------> { fullmac | mac80211 }

Current status

wpa_supplicant currently uses many ioctls and the management interface both of which will not go into mainline in this form.

power saving

  • implement iwconfig power on/off turning powersaving (yes!) on/off

  • add socket options for latency/throughput guarantees
  • propagate these socket options to the wireless hardware, considering IP routing
    • (wireless power saving mode must change when the IP route changes)

This is a static dump of the wiki, taken after locking it in January 2015. The new wiki is at
versions of this page: last, v359, v358, v357, v356, v355, v354, v353, v352, v351, v350, v349, v348, v347, v346, v345, v344, v343, v342, v341, v340, v339, v338, v337, v336, v335, v334, v333, v332, v331, v330, v329, v328, v327, v326, v325, v324, v323, v322, v321, v320, v319, v318, v317, v316, v315, v314, v313, v312, v311, v310, v309, v308, v307, v306, v305, v304, v303, v302, v301, v300, v299, v298, v297, v296, v295, v294, v293, v292, v291, v290, v289, v288, v287, v286, v285, v284, v283, v282, v281, v280, v279, v278, v277, v276, v275, v274, v273, v272, v271, v270, v269, v268, v267, v266, v265, v264, v263, v262, v261, v260, v259, v258, v257, v256, v255, v254, v253, v252, v251, v250, v249, v248, v247, v246, v245, v244, v243, v242, v241, v240, v239, v238, v237, v236, v235, v234, v233, v232, v231, v230, v229, v228, v227, v226, v225, v224, v223, v222, v221, v220, v219, v218, v217, v216, v215, v214, v213, v212, v211, v210, v209, v208, v207, v206, v205, v204, v203, v202, v201, v200, v199, v198, v197, v196, v195, v194, v193, v192, v191, v190, v189, v188, v187, v186, v185, v184, v183, v182, v181, v180, v179, v178, v177, v176, v175, v174, v173, v172, v171, v170, v169, v168, v167, v166, v165, v164, v163, v162, v161, v160, v159, v158, v157, v156, v155, v154, v153, v152, v151, v150, v149, v148, v147, v146, v145, v144, v143, v142, v141, v140, v139, v138, v137, v136, v135, v134, v133, v132, v131, v130, v129, v128, v127, v126, v125, v124, v123, v122, v121, v120, v119, v118, v117, v116, v115, v114, v113, v112, v111, v110, v109, v108, v107, v106, v105, v104, v103, v102, v101, v100, v99, v98, v97, v96, v95, v94, v93, v92, v91, v90, v89, v88, v87, v86, v85, v84, v83, v82, v81, v80, v79, v78, v77, v76, v75, v74, v73, v72, v71, v70, v69, v68, v67, v66, v65, v64, v63, v62, v61, v60, v59, v58, v57, v56, v55, v54, v53, v52, v51, v50, v49, v48, v47, v46, v45, v44, v43, v42, v41, v40, v39, v38, v37, v36, v35, v34, v33, v32, v31, v30, v29, v28, v27, v26, v25, v24, v23, v22, v21, v20, v19, v18, v17, v16, v15, v14, v13, v12, v11, v10, v9, v8, v7, v6, v5, v4, v3, v2, v1