80211 Study Notes

Situ

First, network services

802. 11 A total of 9 services:
1. The distributed (distribution) access point receives the frame, and the distributed service is used to transfer the true to the destination.
2. Consolidation (integration) The service is provided by a distributed system that enables the distribution system to be linked to a non-IEEE802.11 network
3. The associated (association) mobile Workstation registers with the access point, and the distributed system can determine which access point the mobile workstation should use according to the registration information. Authentication is only possible after the association. The access point discards all data from the workstation until authentication is complete.
4. Re-association (association) when a mobile workstation moves between basic service areas in the same extended service area, it must always evaluate the strength of the signal and, if necessary, switch the associated access point. The Re-association is enabled by mobile workstations, which are re-associated when the signal strength reality is best to toggle the associated object.
5. Unlink (disassociation) ends an existing association.
6. Authentication (authentication) authentication is STA after scanning to the appropriate AP, only by authenticating the STA to use the WLAN via the AP
Existing authentication methods are: (1) Open, that is, do not need authentication, as long as the interaction of a null frame (2) shared key, requires a 4-time handshake process (3) 802.11i, need to authentication server authentication
When the STA completes the authentication only needs to send the reassociation Request frame, then waits for the reassociationresponse frame to complete the association also completes the entire switching process
Unlock some encryption mechanisms such as authentication confidentiality WEP
7. MSDU Delivery (MAC Service data Unit) is responsible for transmitting the data to the actual receiving end.
8. Transmission Power Control (transmit power controls, TPC) The European standard requires that workstations operating with the 5G Hz band must be able to control the bump transmission power and avoid interfering with other users who also use the 5G Hz band.
9. Dynamic frequency selection (dynamically Frequency Selection Dfs) WLAN must be able to detect radar systems and select frequencies not used by radar systemstwo. Network Type

A basic service Set (basic services set, or BBS) consists of a set of workstations that communicate with each other.
BSS is divided into two types:
Stand-alone network independent BSS: A temporary network typically composed of a few workstations for specific purposes.

Infrastructure-based network infrastructure networks: Access point. The access point is responsible for all traffic to the infrastructure network.

Extended Services Area Extended Service Set (ESS)
A few BSS concatenation is called the extended service set. All access points in the same ESS use the same service group identifier (services identifier, referred to as SSID)
three. MAC Layer

Two sub-layers of the data link layer
Logical link Controls LLC (Logical link Control)
The sub-layer media access control Mac (Medium access controls) Sublayer is placed on the Mac sublayer with respect to the access to the transport media, while the LLC Sublayer is independent of the transport media, regardless of which protocol the LAN is transparent to the LLC sublayer

The network card and its function data are encapsulated and unpacked to send the previous layer of data, plus the header and tail, become the frame of the Ethernet. When receiving the Ethernet frame stripped to the head and tail,  and then sent to the last layer of link management is the implementation of the CSMA/CD protocol encoding and decoding that is, Manchester code and decoding network card every time you receive a Mac frame from the Internet, the MAC address of Mac frame is checked first with hardware if it is sent to the frame of the site, and then Do other processing otherwise the frame is discarded and no other processing is done
Four. Frame

There are three main types of 802.11 frames: data frame, control frame, management
Frame
Data frame:
Frame format:

Protocol: On behalf of the MAC protocol version
Type and subtype: Make use of frame type (control frame, data frame, manage frame)
ADDRESS1: Frame Receive end Address2: Address of the sending side
ADDRESS3: For access points and distributed system filtering
Duration: Media usage, RTS transfer section calculates how long it will take for frame switching to end after the RTS frame.

Address information

Corresponds to the second line
Address1:ra/bssid Address2:sa/ta

Corresponds to the third row
Address1:ra/da Address2:ta/bssid

Control frame:

Usually used in conjunction with the data frame, responsible for the area of the emptying, channel acquisition, carrier monitoring maintenance, and in the receipt of data to be confirmed, thereby improving the reliability of data transmission between workstations.
Because the wireless transceiver is usually only half-duplex operating mode, that is, unable to start the data at the same time, to prevent conflicts, 802.11 allows the workstation to use request to send (RTS) and clear to send (CTS) signal to clear the transfer area

Node 1 has a frame to be transmitted, the first to send RTS frames, to reserve the use of the wireless link, the need to receive this frame other workstations remain silent.
When the RTS frame is received, the receiving end is answered with the CTS frame, and the RTS keeps the nearby workstations silent.
Rts/cts after the exchange is complete, the frame can be sent.

Media access is only reserved for unicast frames, and multicast and broadcast frames are simply transmitted. This mechanism is generally only used in high-volume environment and transmission competition is more intense occasions, for low-volume environment, temporarily do not need

Duration: Media usage, RTS transfer section calculates how long it will take for frame switching to end after the RTS frame.
ADDRESS1: Workstation address for large frames
Address2:rts Send-side

Address1: The field at the receiving end, copied to the sender address of the RTS.

In addition to these 3 control frames, there are also ps-poll frames (power-saving polling)

Manage Frames

Responsible for monitoring, to join or exit the wireless network and to handle the transfer of connections between access points.

In order to limit the side effects of broadcasting or multicast management frames, you must verify the management frames after receiving them. Only broadcast or multicast frames are sent to the Mac management layer when they are from the BSSID currently associated with the workstation. The only exception is beacon frames.   The
frame body is divided into two types: fixed field, information element.  
Fixed field (fixed-length Management Frame components): Data uses fixed-length fields. A total of 10 kinds. Authentication algorithm number authentication algorithm no.:  
0: Open system authentication  
1: Shared key authentication  
2~65535; reserved Authentication Transaction Sequence Number authentication processes serial numbers to track authentication progress. Beacon Interval field   The
is used to set how many time units are spaced between beacon signals. Capability information Performance information  
When transmitting beacon signals, it is used to advertise the performance   of the network;
Current AP Address Mobile workstations Use this field to indicate the MAC address of the currently associated access point to facilitate association and re-association. Listen interval Workstation to save power, temporarily shut down 802.11 of the antenna, dormant workstations will periodically wake up to listen to messages, to determine if there is a frame cache at the access point. In fact, it is the sleep time calculated by Beacon interval unit. Association ID Association Identifier when the workstation is associated with an access point, it is given an association ID to assist in control and management. The timestamp timestamp is used to synchronize the workstations in BSS. Reason code cause the caller is not fit to join the network, the workstation sends a disassociation (disassociate) or deauthentication (de-authentication) frame as a response. This field is used to indicate the reason that the reason code was generated. Status Code indicates the success or failure of an operation. Madwifi

1.
Madwifi structure, mainly has three layers, HAL is the hardware layer, and then the ATH layer, on the top of the 802.11 layer, the entire Madwifi source code is the HAL folder (hardware), Ath folder, Ath_rate folder, net80211 folder (802.11 protocol related), tools folder (some tools)

When the driver is loaded, it detects the presence of the physical device and installs the device through the Ath_attach () function. At the same time, the driver automatically creates a virtual network interface, which is implemented through the function Ieee80211_create_vap (). The initial state of this virtual network interface is init, where the hardware does not receive packets.

When the actual AP interface begins to work (for example, via the ifconfig ath0 Up command), the driver will set the hardware appropriately and enter the scan state.

In the scan state, the AP scans all of the channels it supports.
Scanning includes two aspects, one is the active scan, that is, the AP sends the appropriate request message; One is a passive scan, that is, the AP listens to the beacons of the adjacent AP.

In the scan state, the AP does not transmit datagrams. After all the channels have been scanned, the AP chooses a channel with the lowest wireless signal strength and then enters the run State (Ap_end ()).

In the run state, the AP performs a normal operation of an Access node. It broadcasts a beacon message (Ath_beacon_send ()) about every 100ms outward,

Answer the request sent by the other AP, the authentication message sent by the answering terminal and the connection/reconnection message, and the packet is transmitted.
When the interface is closed, the AP sends a cancellation authentication message to each connected terminal, then frees up the resources they occupy and enters the Init state.

You need to be aware of the use of control messages, such as RTS, CTS, and ACK, which are controlled by the drive HAL (the hardware abstraction layer).
Various frame-handling function pointers are defined in the structure ieee80211com

3. Data reception

Most of the CSMA/CA mechanisms are implemented in HAL or hardware. When a new package arrives, the driver portion of the open source is interrupted to get notifications (ATH_INTR ()).

The package is handled by Linux Tasklet (Ath_rx_tasklet ()), where the package is located SKB the structure is found and its target node is correct.
The function ieee80211_input () receives a variety of different types of packages, in which the management packet is passed to the

IEEE80211_RECV_MGMT () function is processed, the packet is processed into an Ethernet frame format and then transmitted to the Linux kernel (NETIF_RX ()) or, if working in bridge mode, this packet is sent through Dev_queue_xmit ()

4. Sending of data

The Linux kernel takes turns calling the Ieee80211_hardstart () function and the physical interface of the virtual interface via Dev->hard_start_xmit.

The Ath_hardstart () function implements the transport of the package.

The Ath_hardstart () function encapsulates an Ethernet package into a 802.11-format package.

The Ath_tx_start () function encrypts the packet that needs to be encrypted, maps the SKB that holds the package to the DMA buffer, and selects a transmission queue (QoS control) based on the priority of the package. The Ath_tx_txqaddbuf () function inserts the mapped buffer (buffer) inside the selected transport queue and notifies the HAL to begin the transfer.

Management frames are generated by 802.11 layers. They are sent through the Ieee80211_mgmt_output () function.

Beacon messages are triggered by the HAL. When the time to send Beacon messages arrives, Hal creates an interrupt and then calls the function

Ath_beacon_send () to send. Beacon messages are delivered directly to the HAL and sent.

The HAL also generates an interrupt to notify the driver when a package is successfully sent.

The function Ath_tx_tasklet () updates the sending related information. If there is a virtual port that is working in monitor mode,
This package is passed to the monitoring interface in the function Ath_tx_capture ().

5 Madwifi load into kernel order:
Insmod WLAN.O
Insmod ATH_HAL.O
Insmod ATH_RATE_AMRR.O
Insmod ATH_RATE_ONOE.O
Insmod ATH_RATE_SAMPLE.O
Insmod WLAN_ACL.O
Insmod WLAN_CCMP.O
Insmod WLAN_SCAN_AP.O
Insmod WLAN_SCAN_STA.O
Insmod WLAN_TKIP.O I
Nsmod WLAN_WEP.O I
Nsmod WLAN_XAUTH.O
Insmod ATH_PCI.O