You may want to check out Johannes Berg's (mac80211 maintainer) slides here.

您可能想在此处查看 Johannes Berg（mac80211 维护者）的幻灯片。

They may be somewhat outdated but should give you a place to start.

它们可能有些过时，但应该为您提供一个起点。

A high level description of the Linux WiFi kernel stack:

Linux WiFi 内核堆栈的高级描述：

1. It's important to understand there are 2 paths in which userspace communicates with the kernel when we're talking about WiFi:
   • Data path: the data being received is passed from the wireless driver to the netdev core (usually using netif_rx()). From there the net core will pass it through the TCP/IP stack code and will queue it on the relevant sockets from which the userspace process will read it. On the Tx path packets will be sent from the netdev core to the wireless driver using the ndo_start_xmit()callback. The driver registers (like other netdevices such as an ethernet driver) a set of operations callbacks by using the struct net_device_ops.
   • Control path: This path is how userspace controls the WiFi interface/device and performs operations like scan/ authentication/ association. The userspace interface is based on netlink and called nl80211(see include/uapi/linux/nl80211.h). You can send commandsand get events in response.
2. When you send an nl80211command it gets initially handled by cfg80211kernel module (it's code is under net/wirelessand the handlers are in net/wireless/nl80211.c). cfg80211will usually call a lower level driver. In case of Full MAC hardwarethe specific HW driver is right below cfg80211. The driver below cfg80211registers a set of ops with cfg80211by using cfg80211_ops struct. For example see brcmfmac driver (drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c)
3. For Soft MAC hardwarethere's mac80211which is a kernel module implementing the 802.11 MAC layer. In this case cfg80211will talk to mac80211which will in turn use the hardware specific lower level driver. An example of this is iwlwifi (For Intel chips).
4. mac80211registers itself with cfg80211by using the cfg80211_ops(see net/mac80211/cfg.c). The specific HW driver registers itself with mac80211by using the ieee80211_ops struct(for example drivers/net/wireless/iwlwifi/mvm/mac80211.c).
5. Initialization of a new NIC you've connected occurs from the bottom up the stack. The HW specific driver will call mac80211's ieee80211_allow_hw()usually after probing the HW. ieee80211_alloc_hw()gets the size of private data struct used by the HW driver. It in turns calls cfg80211 wiphy_new()which does the actual allocation of space sufficient for the wiphy struct, the ieee80211_local struct(which is used by mac80211) and the HW driver private data (the layering is seen in ieee80211_alloc_hwcode). ieee80211_hwis an embedded struct within ieee80211_localwhich is "visible" to the the HW driver. All of these (wiphy, ieee80211_local, ieee80211_hw) represent a single physical device connected.
6. On top of a single physical device (also referred to as phy) you can set up multiple virtual interfaces. These are essentially what you know as wlan0 or wlan1 which you control with ifconfig. Each such virtual interface is represented by an ieee80211_vif. This struct also contains at the end private structs accessed by the HW driver. Multiple interfaces can be used to run something like a station on wlan0 and an AP on wlan1 (this is possible depending on the HW capabilities).

1. 当我们谈论 WiFi 时，了解用户空间与内核通信有 2 条路径很重要：
   • 数据路径：正在接收的数据从无线驱动程序传递到 netdev 核心（通常使用netif_rx()）。从那里，网络核心将通过 TCP/IP 堆栈代码传递它，并将其在相关套接字上排队，用户空间进程将从中读取它。在 Tx 路径上，数据包将使用ndo_start_xmit()回调从 netdev 核心发送到无线驱动程序。驱动程序通过使用struct net_device_ops.
   • 控制路径：此路径是用户空间如何控制 WiFi 接口/设备并执行扫描/身份验证/关联等操作。用户空间接口基于 netlink 并被调用nl80211（参见参考资料include/uapi/linux/nl80211.h）。您可以发送命令并获取响应事件。
2. 当您发送nl80211命令时，它最初由cfg80211内核模块处理（它的代码在 下net/wireless，处理程序在 中net/wireless/nl80211.c）。 cfg80211通常会调用较低级别的驱动程序。在全 MAC 硬件的情况下，特定的硬件驱动程序就在 cfg80211 的正下方。下面的驱动程序cfg80211注册的一组OPS与cfg80211使用cfg80211_ops struct。例如，请参阅 brcmfmac 驱动程序 ( drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c)
3. 对于软 MAC 硬件，有mac80211一个实现 802.11 MAC 层的内核模块。在这种情况下，cfg80211将与之交谈，mac80211后者将依次使用硬件特定的低级驱动程序。这方面的一个例子是 iwlwifi（对于英特尔芯片）。
4. mac80211与注册自身cfg80211通过使用cfg80211_ops（见net/mac80211/cfg.c）。特定的硬件驱动程序mac80211使用ieee80211_ops struct（例如drivers/net/wireless/iwlwifi/mvm/mac80211.c）向其注册自身。
5. 您已连接的新 NIC 的初始化从堆栈的底部向上进行。硬件特定的驱动程序ieee80211_allow_hw()通常会在探测硬件后调用 mac80211 。ieee80211_alloc_hw()获取硬件驱动程序使用的私有数据结构的大小。它cfg80211 wiphy_new()依次调用它为 wiphy 结构、the ieee80211_local struct（由 使用mac80211）和 HW 驱动程序私有数据（分层在ieee80211_alloc_hw代码中看到）实际分配足够的空间。 ieee80211_hw是一个嵌入式结构，ieee80211_local其中对硬件驱动程序是“可见的”。所有这些 ( wiphy, ieee80211_local, ieee80211_hw) 代表连接的单个物理设备。
6. 在单个物理设备（也称为 phy）之上，您可以设置多个虚拟接口。这些本质上就是您所知道的 wlan0 或 wlan1，您可以使用ifconfig. 每个这样的虚拟接口都由一个ieee80211_vif. 该结构最后还包含由硬件驱动程序访问的私有结构。多个接口可用于在 wlan0 上运行一个站点，在 wlan1 上运行一个 AP（这可能取决于硬件功能）。