Architecture overview¶

The NFC subsystem is responsible for:

• NFC adapters management;
• Polling for targets;
• Low-level data exchange;

The subsystem is divided in some parts. The ‘core’ is responsible forproviding the device driver interface. On the other side, it is alsoresponsible for providing an interface to control operations and low-leveldata exchange.

The control operations are available to userspace via generic netlink.

The low-level data exchange interface is provided by the new socket familyPF_NFC. The NFC_SOCKPROTO_RAW performs raw communication with NFC targets.

+--------------------------------------+|              USER SPACE              |+--------------------------------------+    ^                       ^    | low-level             | control    | data exchange         | operations    |                       |    |                       v    |                  +-----------+    | AF_NFC           |  netlink  |    | socket           +-----------+    | raw                   ^    |                       |    v                       v+---------+            +-----------+| rawsock | <--------> |   core    |+---------+            +-----------+                            ^                            |                            v                       +-----------+                       |  driver   |                       +-----------+

Device Driver Interface¶

When registering on the NFC subsystem, the device driver must inform the coreof the set of supported NFC protocols and the set of ops callbacks. The opscallbacks that must be implemented are the following:

• start_poll - setup the device to poll for targets
• stop_poll - stop on progress polling operation
• activate_target - select and initialize one of the targets found
• deactivate_target - deselect and deinitialize the selected target
• data_exchange - send data and receive the response (transceive operation)

Userspace interface¶

The userspace interface is divided in control operations and low-level dataexchange operation.

CONTROL OPERATIONS:

Generic netlink is used to implement the interface to the control operations.The operations are composed by commands and events, all listed below:

• NFC_CMD_GET_DEVICE - get specific device info or dump the device list
• NFC_CMD_START_POLL - setup a specific device to polling for targets
• NFC_CMD_STOP_POLL - stop the polling operation in a specific device
• NFC_CMD_GET_TARGET - dump the list of targets found by a specific device
• NFC_EVENT_DEVICE_ADDED - reports an NFC device addition
• NFC_EVENT_DEVICE_REMOVED - reports an NFC device removal
• NFC_EVENT_TARGETS_FOUND - reports START_POLL results when 1 or more targetsare found

The user must call START_POLL to poll for NFC targets, passing the desired NFCprotocols through NFC_ATTR_PROTOCOLS attribute. The device remains in pollingstate until it finds any target. However, the user can stop the pollingoperation by calling STOP_POLL command. In this case, it will be checked ifthe requester of STOP_POLL is the same of START_POLL.

If the polling operation finds one or more targets, the event TARGETS_FOUND issent (including the device id). The user must call GET_TARGET to get the list ofall targets found by such device. Each reply message has target attributes withrelevant information such as the supported NFC protocols.

All polling operations requested through one netlink socket are stopped whenit’s closed.

LOW-LEVEL DATA EXCHANGE:

The userspace must use PF_NFC sockets to perform any data communication withtargets. All NFC sockets use AF_NFC:

struct sockaddr_nfc {       sa_family_t sa_family;       __u32 dev_idx;       __u32 target_idx;       __u32 nfc_protocol;};

To establish a connection with one target, the user must create anNFC_SOCKPROTO_RAW socket and call the ‘connect’ syscall with the sockaddr_nfcstruct correctly filled. All information comes from NFC_EVENT_TARGETS_FOUNDnetlink event. As a target can support more than one NFC protocol, the usermust inform which protocol it wants to use.

Internally, ‘connect’ will result in an activate_target call to the driver.When the socket is closed, the target is deactivated.

The data format exchanged through the sockets is NFC protocol dependent. Forinstance, when communicating with MIFARE tags, the data exchanged are MIFAREcommands and their responses.

The first received package is the response to the first sent package and soon. In order to allow valid “empty” responses, every data received has a NULLheader of 1 byte.