wifi - read.pudn.comread.pudn.com/downloads616/ebook/2507228/wifi drivers.pdf ·...
TRANSCRIPT
Tech
WIFI驱动分析
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 2 of 15
Revision History Date Issue Description Author
<25/02/2009> <0.5> First draft wylhistory
目录 1. ABSTRACT .................................................................................................................................................. 3
2. INTRODUCTION ........................................................................................................................................ 3
3. 用户使用流程 ............................................................................................................................................... 3
4. WIFI驱动的初始化 ...................................................................................................................................... 5
5. 数据的发送 ................................................................................................................................................... 7
6. IOCTL的调用逻辑 ..................................................................................................................................... 11
7. 电源管理相关的调用逻辑 .......................................................................................................................... 14
8. 剩下的问题 ................................................................................................................................................. 15
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 3 of 15
1. Abstract .这里主要讲的是我对WIFI驱动的理解。
2. Introduction 因为将要负责WIFI驱动,所以就开始了WIFI驱动的学习,主要分析了WIFI驱动的初始
化,数据的发送流程以及和电源管理相关的部分。
3. 用户使用流程 通常用户的做法就是打开一个socket,调用一个ioctl,等待消息返回,收到消息后继续做下面的事情,
然后又等待内核消息的返回,如此循环。
比如我们的系统的流程就是这样的:
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 4 of 15
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 5 of 15
4. WIFI驱动的初始化
if (sbi_register(wlan_add_card, wlan_remove_card, wlan_pm,
NULL) == NULL) { ret =
WLAN_STATUS_FAILURE; goto done;
}
wlan_init_module
register_mss_driver(&wlan_driver);
sbi_probe_card
mss_init_card
wlan_add_callback = add; wlan_remove_callback =
remove;wlan_pm_callback =
pm;
add
wlan_add_card pm
wlan_pm
设置
wlan_add_card
pwlanpriv = wlan_add_callback(
card);
sdio wifi
wifi
图4.1 wifi模块初始化
这里主要的工作就是注册mmc driver,注册回调函数,包括电源管理的,包括设备添加的,
当然还有一些硬件初始化;
这里最重要的是wlan_add_card这个函数做了很多事情,我把我没有分析的代码都略过了:
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 6 of 15
wlan_service_main_thread
wlan_add_card
wlan_create_thread(wlan_service_main_thread, &priv-
>MainThread, "wlan_main_service");
wlan_create_thread(wlan_reassociation_thread, &priv-
>ReassocThread, "wlan_reassoc_service");
sbi_register_dev(priv)
priv->wlan_dev.ioport
disable_host_int_mask
wlan_reassociation_thread
dev->hard_start_xmit =
wlan_hard_start_xmit;
dev->wireless_handlers = (struct iw_handler_def *)
&wlan_handler_def;
这里面有很多对于wifi的操作函数比如wlan_set_scan
register_netdev
Wifi
wlan_process_cmdresp
wlan_process_event
firmware
wmm_process_tx
wlan_cmd_specific_scan_ssid
wlan_find_ssid_in_list
wlan_associate
wlan_init_fw
Firmware
register_netdevice
ifconfig
eth0
图4.2wlan_add_card的逻辑
这里创建了两个线程,一个用来处理基本的输入输出,那就是wlan_service_main_thread,
一个用来负责重新连接AP(当自动断开的时候),那就是wlan_reassociation_thread
还做了一些firmware的初始化;然后就是注册mmc设备,取得端口号;接着就是注册一个网
络设备,用来供上层访问,这时候就可以通过ifconfig来看到输出了,比如是eth0;最后是
一些用来使蓝牙和wifi能够共存的代码;
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 7 of 15
5. 数据的发送
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 8 of 15
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 9 of 15
图5.1发送数据的触发
数据的发送请求从tcp/ip层传到了这里,于是通过唤醒WIFI的主线程的处理函数来发送具体
的数据请求;
下面看主线程里面的数据发送:
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 10 of 15
wlan_service_main_thread
wlan_process_cmdresp
wlan_process_event wmm_process_tx
wlan_process_tx(priv);
wlan_send_single_packet
wmm_process_fw_iface_tx_xfer_start
os_start_queue
netif_wake_queue,
如果停止就唤醒
__netif_schedule(dev);
dev->next_sched = sd->output_queue;
sd->output_queue = dev;raise_softirq_irq
off(NET_TX_SOFTIRQ);
sbi_host_to_card
wifi
sdio
mmc controller
sbi_host_to_card,
wifi
firmware
net_tx_action
wmm_pop_highest_prio_skb
Adapter->CurrentTxSkb =
Adapter->wmm.txSkbQ[ac].
next;
copy
Sbi_host_to_card
wifi
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 11 of 15
可见最后数据是通过mmc总线发送到了wifi模组了,而且开始调度下一次的数据发送,至此,
数据的发送过程已经分析完了,下面是ioctl的调用逻辑
6. ioctl的调用逻辑 之所以要分析这个,是因为上层和WIFI驱动打交道的方式,多半是通过ioctl的方式进行的,所以…
看看它的调用逻辑:
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 12 of 15
dev->wireless_handlers = (struct iw_handler_def *)
&wlan_handler_def;
这里面有很多对于wifi的操作函数比如wlan_set_scan
get_handler
struct iw_handler_def wlan_handler_def = { num_standard:sizeof(wlan_handler) /
sizeof(iw_handler), num_private:sizeof(wlan_private_handler) /
sizeof(iw_handler), num_private_args:sizeof(wlan_private_args) /
sizeof(struct iw_priv_args), standard:(iw_handler *) wlan_handler,
private:(iw_handler *) wlan_private_handler, private_args:(struct iw_priv_args *)
wlan_private_args,#if WIRELESS_EXT > 20
get_wireless_stats:wlan_get_wireless_stats,#endif
};
return dev->wireless_handlers->standard[index];
return dev->wireless_handlers->private[index];
wireless_process_ioctl
dev_ioctl
sock_ioctl
调用 调用
ioctl_standard_call ioctl_private_call
ret = handler(dev, &info, &(iwr->u), extra);
这个handler就是上面通
过get_handler返回的函数,比如
wlan_set_scan
wireless_send_event
rtmsg_iwinfo
rtnetlink_fill_iwinfo
skb_queue_tail(&wireless_nlevent_que
ue, skb);wireless_nlevent_pr
ocess
tasklet_schedule
(skb = skb_dequeue(&wireless_nlevent_queue
))
rtnl_notify(skb, 0, RTNLGRP_LINK,
NULL, GFP_ATOMIC);
user
netlink socket
wlan_do_ioctl
dev->do_ioctl = wlan_do_ioctl;
wlan_add_card
设置
ioctl
handler!=NULL
Yes
ioctl_standard_call或者
ioctl_private_call
dev->do_ioctl(dev, ifr, cmd) wifi
wlan_do_ioctl
NO
调用
Switchdefault
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 13 of 15
可以看到WIFI模块对ioctl的处理非常复杂,主要是要处理许多标准的调用,也要处理一些私有的调用;后面
还要通过rtnl_notify给上层用户发送消息,这里也是一套机制,我也就不细说了。
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 14 of 15
7. 电源管理相关的调用逻辑
sbi_suspend_card
wifi
sbi_suspend_card
sbi_register
wlan_pm_callback(dev, 1);
wlan_pm
if (suspend)
wlan_enable_hs netif_device_detach
yes
sbi_set_bus_clock(priv, FALSE);
netif_stop_queue
sd_set_busclock
mss_set_clock
pxa_mss_set_ios
图7.1pm相关的逻辑
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Crack Our System to N810 Issue: <0.5> System Analysis and Design Documents Issue Date: <01/10/2009>
<Document identifier>
Tech, 2008 Page 15 of 15
在系统要求睡眠的时候会调用到sbi_suspend_card,由此开始给WIFI模块发送相关信息,并且detatch网络设备,
停止收发队列的处理,停止mmc总线等等,唤醒过程没有分析;
8. 剩下的问题 1,逻辑似乎不复杂,但是细节实现不清楚,这个可能需要具体问题具体分析了;
2,只分析了发收过程,接收过程类似,但是没有去分析;
3,数据到ip层后没有去分析。
4,不同加密方式的AP的连接,没有分析,将来或许会用到;
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.