NOTE: this page is for archival only, see the note at the end of the page.


  • Provide a replacement for all wext (iwconfig, iwlist) functionality
  • integrate wext compat layer
  • make nl80211/cfg80211 (and mac80211 where it is involved) have generation numbers for all dumps so that userspace can tell whether it got a proper snapshot dump or not
  • use 802.11 MLME SAP interface

wext replacements



  • fix queue stop/start: we currently can stop a queue for scan and then restart it although the driver requested it to be stopped, and similar races. Need more bookkeeping about who asked for a queue stop.
  • DFS (802.11h) - On STA first disable using all DFS channels marked by regulatory, then later parse channel switch announcement, it will tell us on what x # of beacons to switch channel, once we switch we wait for 60 seconds before we assume we'll see a beacon from the AP *if* the channel we switched to is a DFS channel.
  • explain rate[i].retry in TX status with examples

AP support

AP support is still unfinished. Because of this, you need wireless-test.git as well as hostapd from git. The following are items are needed to complete AP support:

  • channel flag/regulatory domain (will be handled by CRDA)

  • injected frames need to be tied to another virtual interface to get the software sequence number and keys (only relevant for 11w) right

A few bugs are also present:

  • check why we see data frames on cooked monitor
  • investigate the skb truesize bug

And possible features:

  • internal bridge setting (separated STAs in AP)
  • multi-bss support (no kernel changes, just hostapd keep track of BSSes)

Needing investigation

  • see how the default QoS parameters should be set up
  • see if QoS parameters should be reset to defaults when disassociating

Long term

  • hide (or get rid of) master dev


  • handle reassociation when the AP is out of range for a moment and then comes back
  • Need to stop TX/RX when a radar is detected for the duration of scan for a new channel. [reported by Jouni Malinen]

power saving

  • allow handling beacon miss on the hardware, optimise timers; see this thread

  • add socket options for latency/throughput guarantees
  • propagate these socket options to the wireless hardware, considering IP routing
    • (wireless power saving mode must change when the IP route changes)
  • u-APSD support. Intel has old AP u-APSD patches (incomplete, buffering is done in their firmware)


mac80211 drivers use wpa_supplicant for help with Roaming. This is done by specifying ap_scan=1, which lets wpa_supplicant select the BSS based on scan results. This works but it could use some more enhancements.

To have better roaming we need to enhance background scanning. We can either enhance the kernel mac80211 STA MLME or userspace MLME. A quicker/temporary solution can be to have wpa_supplicant request scans periodically.


  • Add dormant state support.
  • Export more hardware capabilities as wiphy attribute via nl80211 (is anything missing now?)
  • Kicking DMA on the last fragment only (?) [suggested by Ivo van Doorn]
  • In case of STA or IBSS, after a change of SSID or generic_element, ieee80211_if_conf should be called.
  • Try to switch from sw crypto to hw when there was no more room for STA keys in the hardware and one STA disassociates (so there is possibly a room now). [suggested by Johannes and Michael]


  • ieee80211_get_hdrlen and ieee80211_is_eapol are called very often.
  • Recognition of device incoming frame belongs to can be made much smarter and faster.
  • think about handling probe responses in firmware like b43 can. This requires telling hostapd that it shouldn't be replying to probe requests and having it give the appropriate info to the kernel [Johannes/Michael]
  • Order available BSSes by rssi in STA/IBSS mode. We do this in ieee80211_rx_bss_add() ieee80211_sta.c


  • Add #ifdef's for not compiling AP stuff. [suggested by Jouni Malinen]
  • keep track of stations per virtual interface, helps with the optimisation asked for above

userspace mlme


The end goal is to have a communication path as follows:


nm:        Network Manager               - GUI based utility
iw:        Wireless-tool replacement     - Console based utility
           (these are prototypical, there will be more tools)
nl80211:   netlink-based wire-format for wireless configuration
umlme:     Userspace MLME (wpa_supplicant)
fullmac:   non-mac80211 full-mac hardware driver
cfg80211:  kernel wireless config agent speaking to drivers/mac80211 and userspace

Communication with userspace

  Hardware and kernel/hardware MLME configuration:
    { nm | iw | umlme } -------------> { cfg80211 }

  Userspace MLME configuration (alternative 1)
                   nl80211                     nl80211
    { nm | iw } -------------> { cfg80211 } -------------> { umlme }

  Userspace MLME configuration (alternative 2)
    { nm | iw } -------------> { umlme }

  Userspace MLME configuration (alternative 3)
                  socket (*)
    { nm | iw } -------------> { umlme }

    (*) Unix socket is just one alternative, could be a FIFO too
        or a TCP socket or a d-bus based protocol or ...

Communication inside the kernel

    { cfg80211 } -------------> { fullmac | mac80211 }

This is a static dump of the wiki, taken after locking it in January 2015. The new wiki is at
versions of this page: last, v359, v358, v357, v356, v355, v354, v353, v352, v351, v350, v349, v348, v347, v346, v345, v344, v343, v342, v341, v340, v339, v338, v337, v336, v335, v334, v333, v332, v331, v330, v329, v328, v327, v326, v325, v324, v323, v322, v321, v320, v319, v318, v317, v316, v315, v314, v313, v312, v311, v310, v309, v308, v307, v306, v305, v304, v303, v302, v301, v300, v299, v298, v297, v296, v295, v294, v293, v292, v291, v290, v289, v288, v287, v286, v285, v284, v283, v282, v281, v280, v279, v278, v277, v276, v275, v274, v273, v272, v271, v270, v269, v268, v267, v266, v265, v264, v263, v262, v261, v260, v259, v258, v257, v256, v255, v254, v253, v252, v251, v250, v249, v248, v247, v246, v245, v244, v243, v242, v241, v240, v239, v238, v237, v236, v235, v234, v233, v232, v231, v230, v229, v228, v227, v226, v225, v224, v223, v222, v221, v220, v219, v218, v217, v216, v215, v214, v213, v212, v211, v210, v209, v208, v207, v206, v205, v204, v203, v202, v201, v200, v199, v198, v197, v196, v195, v194, v193, v192, v191, v190, v189, v188, v187, v186, v185, v184, v183, v182, v181, v180, v179, v178, v177, v176, v175, v174, v173, v172, v171, v170, v169, v168, v167, v166, v165, v164, v163, v162, v161, v160, v159, v158, v157, v156, v155, v154, v153, v152, v151, v150, v149, v148, v147, v146, v145, v144, v143, v142, v141, v140, v139, v138, v137, v136, v135, v134, v133, v132, v131, v130, v129, v128, v127, v126, v125, v124, v123, v122, v121, v120, v119, v118, v117, v116, v115, v114, v113, v112, v111, v110, v109, v108, v107, v106, v105, v104, v103, v102, v101, v100, v99, v98, v97, v96, v95, v94, v93, v92, v91, v90, v89, v88, v87, v86, v85, v84, v83, v82, v81, v80, v79, v78, v77, v76, v75, v74, v73, v72, v71, v70, v69, v68, v67, v66, v65, v64, v63, v62, v61, v60, v59, v58, v57, v56, v55, v54, v53, v52, v51, v50, v49, v48, v47, v46, v45, v44, v43, v42, v41, v40, v39, v38, v37, v36, v35, v34, v33, v32, v31, v30, v29, v28, v27, v26, v25, v24, v23, v22, v21, v20, v19, v18, v17, v16, v15, v14, v13, v12, v11, v10, v9, v8, v7, v6, v5, v4, v3, v2, v1