Поделиться через


Sending 802.11 Packets

An 802.11 miniport driver emulates an 802.3 device. All packet data accessed through NDIS_PACKET descriptors passed to the driver's MiniportSendor MiniportSendPacketsfunction is in 802.3 format.

An 802.11 device must replace the 802.3 MAC header with the appropriate 802.11 MAC header. Neither bound protocols nor NDIS pass any 802.11 media-specific data in the out-of-band (OOB) data of a packet descriptor.

In addition, if the packet data contains an Ethernet II MAC header, then the device must perform LLC encapsulation. This encapsulation is based on the following:

  • RFC 1042 for IP, ARP, and 802.1X EAPOL packets.

  • IEEE 802.1h for other protocols.

After the MAC header has been translated, the device must do the following:

  • If the device is using the TKIP cipher suite, then it must first perform the Message Integrity Code (MIC) over the packet's MAC service data unit (MSDU) payload, using the Michael algorithm. The device then appends the 8-byte MIC checksum value to the end of the payload.

  • Each MAC protocol data unit (MPDU) fragment sent by the device must be encrypted according to the specifications defined by the cipher suite that the driver is using.

  • For WEP, the driver must insert a valid initialization vector (IV) after the 802.11 MAC header and before the MPDU. It must also append the 4-byte integrity check value (ICV) to the end of the MPDU.

  • For TKIP, the driver must insert a valid IV and Extended IV after the 802.11 MAC header and before the MPDU. It must also append the 4-byte ICV to the end of the MPDU.

  • For AES, the driver must add a valid CCMP header after the 802.11 MAC header and before the MPDU. It must also append the 8-byte MIC checksum to the end of the MPDU.

    Note   AES uses an 8-byte MIC checksum instead of a 4-byte ICV. The AES MIC checksum and the TKIP MIC checksum are different checksum values and are not used in the same way.

     

  • After delivering the packet data to the NIC, the driver must complete the send operation by calling NdisMSendComplete. It is recommended that the driver not wait until the NIC has actually sent the packet data before completing the send.

If the device is using a cipher suite for its association, then it must not send packet data unless it has a transmit WEP key or pairwise key for TKIP or AES. WEP keys are set through OID_802_11_ADD_WEP. WEP, TKIP, and AES keys are set through OID_802_11_ADD_KEY.

802.1X EAPOL data packets are the only exception to this. An 802.11 device must follow these rules with respect to sending 802.1X EAPOL data packets:

  • If WEP is used as the cipher suite, then the device always sends 802.1X EAPOL packet data unencrypted.

  • If TKIP or AES is used as the cipher suite, then the device sends 802.1X EAPOL packet data unencrypted if the device does not have a pairwise key. After the pairwise key is set through OID_802_11_ADD_KEY, then the device sends the 802.1X EAPOL packet data encrypted.

 

 

Send comments about this topic to Microsoft