CN100496050C

CN100496050C - Wireless protection accessing device based on embedded system

Info

Publication number: CN100496050C
Application number: CNB2005101227899A
Authority: CN
Inventors: 胡爱群; 杨晓辉; 宋宇波; 陈立全
Original assignee: Southeast University
Current assignee: Southeast University
Priority date: 2005-12-02
Filing date: 2005-12-02
Publication date: 2009-06-03
Anticipated expiration: 2025-12-02
Also published as: CN1777180A

Abstract

The device includes three modules: platform module of minimum embedded system, I/O expandable communication module and software system module. In realization of hardware, the invention puts forward new method for designing structure and realization. Features of the invention are: realizing WEP, TKIP, AES, dynamic updating cryptographic key, WPA standard, and first time in domestic for supporting WPA2/IEEE802.11i standard; supporting 802.1x standard based each EAP safety authentication mode; realizing access control for MAC address from users, isolation in two layers for users, possessing functions for managing network addresses including DHCP, NAT; supporting local network management and remote security network management functions.

Description

Wireless protection accessing device based on embedded system

Technical field

The present invention is the wireless protection accessing device in a kind of wireless communication field, and it adopts flush bonding processor MPC852 is basic platform, is a kind of wireless protection accessing device based on embedded system.

Background technology

WLAN (wireless local area network) (Wireless Local Area Network, WLAN) be the application of Modern wireless communication technology in computer network of high speed development, its adopts the effective means of wireless multiple access channel to support communication between the computer, and provides the means that realize for the mobile of communication, individualized and multimedia application.Along with the development of personal data communication, powerful portable data terminals and multimedia terminal have obtained extensive use.In order to realize that anyone all can carry out the target of data communication at any time and any place, require traditional computer network by there being alignment wireless, developed to multimedia service by single business to moving by fixing, therefore the wireless local area network technology of complying with this demand got common attention.Many advantages such as WLAN (wireless local area network) is convenient, fast with it, cheapness, in the application in enterprises and institutions inside and public hot spot area, significant progress and great success have been obtained, and meanwhile the user is to the various performances of WLAN (wireless local area network), and especially the requirement of security performance is more and more higher.

The easier security threat that is subjected to is compared in wireless Internet with wired internet, main cause is:

Open:. the transceiver of WLAN (wireless local area network) usually adopts omnidirectional antenna.Information is sent to open space.Have the fixed physical border different with cable LAN, the information boundary of WLAN (wireless local area network) is that open, uncertain, thereby the easier information leakage that causes, and suffers unauthorized to obtain the attack of information.

Mobility: the terminal of WLAN (wireless local area network) is transportable.No matter be stroll mode or roaming mode, its physical location is uncertain, thereby route also is uncertain.

The efficient implementation method of security mechanism: the bandwidth of the wired network of the bandwidth ratio of WLAN (wireless local area network) is much smaller usually.The requirement of the low-power consumption of portable terminal, low cost, small size has proposed harsh requirement to the portable terminal security mechanism aspect of WLAN (wireless local area network).

Although existing WLAN has adopted direct sequence spread spectrum (DSSS) and frequency-hopping spread spectrum (FHSS) etc. to be used for jamproof spread spectrum, and IEEE 802.11 also formulated wired on an equal basis secret (WEP) agreement, can't satisfy the safety requirements of certain customers to WLAN.Existing security breaches are generally acknowledged by international in the version standards in 1999 of IEEE 802.11, and the further application of serious threat WLAN standard.For this reason, become one of most active research field in the present international wireless local area network (LAN) new standard formulation work at the wireless LAN safety Study on Technology.In the world, Wi-Fi Alliance has proposed the security performance that new safety standard strengthens WLAN, and this standard is called wireless protection and inserts (WPA).Its basic ideas are to add that with IEEE802.1x access authentication agreement Temporal Key Integrirty Protocol (TKIP) is as information security solution.802.11i the IEEE802.11 safety of being worked out by IEEE strengthens agreement, pass in Institute of Electrical and Electronics (IEEE) standard committee in June, 2004.It comprises two parts: a part is used to improve existing 802.11 equipment that use current algorithm; Another part then makes 802.11 equipment possess new ability, can support the cryptographic algorithm of Advanced Encryption Standard (AES).WPA2 is the second generation WPA standard of Wi-Fi Alliance issue, with WPA first generation operating such.802.11i with the characteristic of WPA2 is identical basically, their most important properties is a pre-authentication: realize roaming safely and fast under the situation that the user has no to find to delay, and adopt the CCMP encrypted packet to substitute TKIP.AES can produce some enterprise, government department and other mechanisms needed high level of data privacy ability.CCMP is a kind of encryption mechanism based on AES, is enforceable in 802.11i and WPA2, and pre-authentication then is optional content.

At present, the security mechanism of IEEE802.11X can't provide strong safety protecting mechanism.For remedying the safety defect of IEEE802.11X.Each manufacturer all proposes the solution of oneself.802.11TGi working group also is being engaged in the exploitation of being responsible for new security mechanism.The one, abandon RC4 fully, be that brand-new security system is set up on the basis with up-to-date aes algorithm.Fail safe is higher although it is so, but workload is bigger, and is incompatible to existing product, can be used as long-term solution; Be on existing WEP agreement basis, to improve its deficiency in addition.The solution of a short-term is provided by the mode of software upgrading as far as possible.So that several 802.11 equipment that necessarily overlap that has sold in the present whole world are unlikely to superseded immediately.No matter the sort of scheme has all been introduced new security protocol to strengthen security performance.

Realizing that known method is to utilize the relevant nest plate (Chipsets) of external ready-made WLAN (wireless local area network) to realize on the mode that wireless protection inserts.Provide at present the producer of the realization nest plate of WLAN (wireless local area network) to mainly contain the cover flake products of companies such as Intersil, Atmel and Atheros abroad.The realization of nest plate generally is made up of the firmware module of MAC layer processor module, physical layer hardware module and integrated mac-layer protocol function in the prior art.Because the firmware moduleization of mac-layer protocol function, system update port are not open.Thereby; on the implementation that above known wireless protection inserts; some following shortcomings have been embodied: 1, lack extensibility; because the related standards of WLAN (wireless local area network) is in the middle of the continuous revision; the fail safe of present known WLAN (wireless local area network) and support multimedia feature have much room for improvement; ready-made nest plate can't be finished the wireless protection access function, must upgrade existing hardware device.2, lack flexibility, because cryptographic algorithm is solidificated in the chip, in the time of therefore will realizing the security algorithm of oneself on wireless protection accessing device, the implementation method that adopts nest plate obviously is to be difficult to realize.

Summary of the invention

Technical problem: the object of the present invention is to provide a kind of wireless protection accessing device based on embedded system, overcome the shortcoming of above-mentioned wireless access, realization can be expanded, the WLAN (wireless local area network) protection inserts neatly.

Technical scheme: the wireless protection accessing device based on embedded system of the present invention comprises minimum embedded system hardware platform, I/O expanding communication module and three parts of software system module.Wherein,

1. embedded system platform hardware module of the present invention mainly comprises following submodule:

1) flush bonding processor and support circuit submodule: MPC852T to have the SPI interface that is used to control at least and be used for the SCC interface of data communication.

2) memory module circuit: have a synchronous DRAM and a flash chip at least.

3) power module circuitry: the power supply supply side is provided with a plurality of power filtering capacitors with effective filter out power ripple.

4) reset and the hardware initialization module: produce the software and hardware reset signal.

5) clock module circuit: provide different clock selecting to be used on the sheet and peripheral hardware.

6) BDM debugging interface module: be used for hardware debug and program upgrade etc.

2.I/O the expanding communication module partly is made up of 10M/100M Fast Ethernet communication module circuit, 10M ethernet communication modular circuit, serial communication module circuit and wireless communication module four.

1) 10M/100M self adaptation ethernet communication module: provide and the Fast Ethernet communication interface;

2) 10M ethernet communication module: provide and ethernet interface;

3) serial communication module: the serial line interface that is used for the local system configuration.

4) wireless communication module: form by Intersil PRISM2.5 chipset and correspondent peripheral circuit, be used for data wireless and send and receive.

3. the software system module of this wireless protection accessing device comprises:

A) flush type LINUX operating system software platform: for other functions of modules realizes providing the fundamental system support platform;

B) Ethernet driver module: realize that Ethernet interface drives, and can carry out Ethernet data communication;

C) serial port drive module: realize the RS232 serial port drive, can carry out local configuration feature to system by serial ports;

D) PCMCIA driver module: realize that the pcmcia bus data transmit and control;

E) wireless access Hardware drive module: realize based on 802.11b radio access module hardware driving;

F) WEP encrypting module: realize that communication data packet WEP encrypts;

G) TKIP encryption module: realize the communication data packet TKIP encryption;

H) AES encrypting module: realize that communication data packet AES encrypts;

I) bridge equipment driver module: realize bridging functionality with Ethernet interface.

J) other module of mac-layer protocol stack software module also comprises IEEE802.1x authentication module, SNMP/HHTP/CLI remote network management module, local serial port module: management functions such as the authentication management of the mac-layer protocol of mainly intact IEEE802.11 definition, key agreement, IEEE802.1x, remote network management, local system configuration.

Flush bonding processor U1 is electrically connected with a readable and writable memory circuit and a flash memory circuit by data, address, control line respectively, also is electrically connected with a storage auxiliary circuit by a data wire; Flush bonding processor U1 also is electrically connected with power-supplying circuit respectively, reset and hardware initialization circuit, clock circuit, BDM debug i/f circuit, and they constitute a minimum embedded system platform module jointly; Flush bonding processor U1 also is connected with 10/100M fastethernet interface circuit, 10M ethernet interface circuit and serial interface circuit respectively by the control data line, and these interface circuits are more respectively by corresponding Ethernet interface and the serial line interface of connecting of interface line; Flush bonding processor U1 connects the radio access module circuit by Standard PC MCIA interface socket; These constitute the I/O expanding communication module with multiple communication form; All finish to communicate by letter between flush bonding processor U1 and each communicator module and connect and the cooperating process of communicating by letter by corresponding driving module and MAC software protocol stack.

The mode that each driver module of the present invention all adopts dynamic module to load is write.

Wireless protection accessing device based on embedded system of the present invention has reached the good function characteristic: realized functions such as access of 802.11 WLAN (wireless local area network) and bridge, had the characteristics of extensibility and flexibility simultaneously, convenient later upgrading expansion; Present device is also by adding corresponding functional modules in the mac-layer protocol stack; strengthened the function of access point: the authentication, TKIP encryption algorithm, AES cryptographic algorithm and the dynamic secret key management method that have increased based on 802.1x wait the fail safe that strengthens wireless access, and then are implemented in protectiveness access in the WLAN (wireless local area network).In addition, other enhancing supports the relevant algorithm of multimedia transmission performance also can join in the product of the present invention, thereby has realized the wireless protection accessing device of good support multimedia communication.

The wireless protection accessing device that the present invention proposes based on embedded system, one side has been followed the international standard of IEEE, realizes the basic WLAN (wireless local area network) access function of standard code; Also provide on the other hand can expand, interface flexibly, convenient after edition upgrading, can increase and strengthen cryptographic algorithm, rapid authentication algorithm and support the QoS service mechanism, realize safety, efficiently and support the wireless protection accessing device of multimedia communication; In addition, after this system building finishes, by writing corresponding software or revising a little, this platform can be transform as other communication products on hardware, for example wireless bridge, router, T1/E1 communications platform etc. still have the comparison application prospects.

Description of drawings

The system architecture diagram of Fig. 1 present device;

The way circuit schematic diagram of Fig. 2 present device;

Soft, the hardware module graph of a relation of Fig. 3 present device;

The minimum embedded system platform of the electrical schematic diagram I-of Fig. 4 present device;

The electrical schematic diagram II-I/O expansion wire communication part of Fig. 5 present device;

The electrical schematic diagram III-I/O spread radio communication part of Fig. 6 present device;

The software systems state diagram of Fig. 7 present device;

The mac-layer protocol stack software flow pattern of Fig. 8 present device.

Embodiment

Present device is a kind of wireless protection accessing device based on embedded system.Below in conjunction with accompanying drawing, the structure and the flow process of each module of present device is elaborated.

System architecture as shown in Figure 1 this access device as can be known mainly comprises three parts: minimum embedded system hardware console module 1, I/O expanding communication module 2 and software system module 3.Wherein, minimum embedded system hardware console module 1 part comprises flush bonding processor MPC852T and support circuit 4, memory module circuit 5, power module circuitry 6, resets and hardware initialization module 7, clock module circuit 8 and BDM debugging interface modular circuit 9; I/O expanding communication module 2 is divided into wired communication interface and wireless communication interface two parts again, and the former comprises 10M/100M fastethernet interface

modular circuit

10,10M ethernet interface module circuit 11 and serial interface module circuit 12; The latter comprises MAC and baseband processing circuitry 13, processing circuitry of intermediate frequency 14, rf processing circuitry 15, radio-frequency (RF) power amplification circuit 16 and Anneta module 17; Software system module 3 is by flush type LINUX operating system software platform 18, and Ethernet driver module 19, serial port drive module 20, PCMCIA driver module 21, wireless access Hardware drive module 22, WEP encrypting module 23, TKIP encryption module 24, AES encrypting module 25, bridge equipment driver module 26 and 802.1x authentication management module 27, SNMP/HTTP/CLI remote network management module 28, local serial port module 29 are formed.

Provide the wireless protection accessing device way circuit principle that the present invention is based on embedded system as Fig. 2.As seen flush bonding processor U1 by data, address, control line 33 and 34, is electrically connected with a readable and writable memory circuit 30 and a flash memory circuit 31 respectively, also is electrically connected with a storage auxiliary circuit 32 by a data wire 35; In addition, flush bonding processor U1 also is electrically connected with power-supplying circuit 6 respectively, reset and hardware initialization circuit 7, clock circuit 8, BDM debug i/f circuit 9, and they constitute a minimum embedded system platform jointly.Flush bonding processor U1 also is connected with 10/100M

fastethernet interface circuit

10,10M ethernet interface circuit 11 and serial interface circuit 12 respectively by control data line 36,37,38, and these interface circuits are more respectively by interface line 42,43,44 corresponding Ethernet interface 39,40 and the serial line interfaces 41 of connecting; Flush bonding processor U1 connects radio access module circuit 45 by Standard PC MCIA interface socket 46; These constitute the I/O expanding communication module with multiple communication form.All corresponding corresponding driving module is finished to communicate by letter with MAC software protocol stack and is connected and the cooperating process of communicating by letter between flush bonding processor U1 and each communicator module.

The data transmission procedure of the wireless protection accessing device based on embedded system of the present invention is: the data that receive from each communication interface; handle after pcmcia interface sends to MAC and baseband processing circuitry 13 by embedded system; data transaction is become the timing waveform that is complementary with baseband processing circuitry by MAC treatment circuit in the module; and then the data of the MAC layer being sent here by baseband processing circuitry add physical layer header; and data are carried out the BPSK/QPSK/CCK modulation; the analog signal that generates is carried out I/Q through processing circuitry of intermediate frequency 14 again and is modulated to intermediate frequency; carry out RF/IF again by rf processing circuitry 15 and be transformed into ISM band, be transmitted in the space by rf power amplifier circuit 16 and Anneta module 17 at last.DRP data reception process is, receive the signal of coming from antenna and at first pass through filtering, amplification, frequency inverted, intermediate frequency I/Q demodulation, deliver to again that baseband processing circuitry carries out the BPSK/QPSK/CCK demodulation to remove physical layer header in the module 13, hand to flush bonding processor by pcmcia interface by MAC treatment circuit data intercept bag; Flush bonding processor U1 handles data or be forwarded to wired accordingly, wave point as requested.

The core flush bonding processor U1 that the present invention is based on the wireless protection accessing device of embedded system adopts the POWERPC of motorola inc series clock frequency to reach the processor chips of 100M.Its one side and two 16Bit * 8M * 2Bank, be total to 32MbyteSDRAM dynamic randon access device chip (HY57V651620B TC-10S) and two 16Bit * 1M * 2Bank, 4Mbyte FLASH flash chip (AMD29LV160DB) links to each other altogether, forms memory module circuit 5 jointly.Connection between them is to be finished by data/address line 33,34, comprising being connected of data signal line, address signal line and other assist control line.Power module 6 satisfies MPC852T processor U1 and the multiple power reguirements of peripheral circuit thereof.Reset and hardware initialization module 7 is finished soft, hardware reset process to MPC852T processor U1.Sequence circuit module 8 provides system required different clocks sequence.The MPC852T processor also has a BDM debug i/f circuit 9, finishes to the debug process of hardware device of the present invention with to the process of the debugging and the upgrading of software program.MPC852T processor U1 also utilizes the FEC of himself to expand the Ethernet interface 11 that a 100M fastethernet interface 10 and SCC interface expand out a 10M, realizes the process that wireless protection accessing device of the present invention links to each other with wired network.MPC852T processor U1 also by the SMC interface expansion of himself, by the transfer process of MAX3222 chip 12, finishes serial line interface 41 of expansion, realizes the process of local serial monitoring.MPC852T processor U1 utilizes pcmcia interface expansion, realizes wireless communication interface based on 802.11b by the IntersilPRISM2.5 chipset, finishes the wireless access of data.

Control relation is as shown in Figure 3 between soft, the hardware module of embedded system among the present invention.Flush bonding processor U1 directly controls read-write flash memory and readable and writable memory by the LINUX operating system that embeds; Simultaneously,, finish the control of flush bonding processor U1, realize the communication of various ways various I/O expanding communication hardware interface module by in flush type LINUX operating system, loading each software-driven module.

Below in conjunction with accompanying drawing, do not carry out detailed statement to what each divided module.

1. minimum embedded system hardware platform 1:

The minimum embedded platform module 1 of wireless protection accessing device based on embedded system of the present invention is by MPC852T processor U1 and support circuit 4, memory module circuit 5, power module circuitry 6, reset and hardware initialization module 7, clock module 8 and BDM debug i/f circuit 9 are formed.Wherein: as shown in Figure 4: comprise MPC852T processor U1 and operation indication etc. in MPC852T processor and the support circuit 4 thereof.The MPC852T processor U1 that the present invention adopts is the POWERPC chip processor MPC852TVR50 towards low end communication of motorola inc.

Memory module circuit 5 is divided into the read-write memory circuit 30 of SDRAM dynamic random access memory and 31 two submodules of flash memory circuit of FLASH chip again.Wherein, read-write memory circuit 30 is by two 16Bit * 1M * 4Bank, and HY57V651620B TC-10S SDRAM chip U2, the U3 of 16MByte form altogether.The internal memory that this is equivalent in the computer system is used for operational system and application program.Flash memory circuit 31 is by two 16Bit * 1M, and AMD29LV160DB FLASH chip U4, the U5 of 4MByte form.The hard disk that this is equivalent to computer system is used for the deposit operation system, related data and application software.The data wire D[0:15 of read-write memory circuit 30 and flash memory circuit 31] with the data wire D[0:15 of MPC852T processor U1] link to each other the address wire A[0:31 of read-write memory circuit 30 and flash memory circuit 31] and with the address wire A[0:31 of MPC852T processor 1] link to each other.There is control line to link to each other with flash memory circuit 31 in addition with read-write memory circuit 30.In memory module circuit 30,31, the ram cell of the 16M that the HY57V651620B TC-10S SDRAM dynamic random access memory of two 16Bit * 4M constitutes distributes the address location that takies from 0X00000000 to 0X00FFFFFF.In two FLASH chips, first distribution takies the address realm of address 0X40000000 to 0X401FFFFF; Second is then distributed and takies the address space of 0X40200000 to 0X403FFFFF.Wherein 0X40000000 is the side-play amount that logical address is mapped to absolute address`.

In the SDRAM dynamic random access memory, it is that the UPMA in the memory management module among the MPC852T processor U1 (User Porgrammable Machine A) realizes that the read-write of SDRAM is controlled.Read-write operation to 16MSDRAM is the transfer of data of 32 bit data bus, thereby needs two SDRAM combinations that the data width of 32Bits is provided.Two SDRAM chip co-operation are in same address, the input and output of height 16 bit data are provided respectively, be the data wire D[0:15 of MPC852T processor U1] meet the data wire D[0:15 of first SDRAM chip], the data wire D[16:31 of MPC852T processor U1] meet the data wire D[0:15 of second SDRAM chip].Owing to want two SDRAM chips to work simultaneously, thereby once read and write 32 data, require two SDRAM chips to use identical chip selection signal/CS2, identical clock input CLK, identical address wire connect A8, A9 (Bank selections) ,/GPLAO:/GPLA3 (read-write control, ranks selection), A18, A20:A29 (address wire).Be not both: the UDQM and the LDQM pin that are used for mask output of first SDRAM chip are connected respectively to/BAS1/ and BAS0; And second SDRAM chip UDQM and LDQM pin are connected respectively to/BAS3 and/BAS2 on.

In FLASH chip system part, the A[11:30 of MPC852T processor U1] be connected respectively to the A[19:0 of FLASH chip], the D[0:15 of MPC852T processor U1] be connected respectively to the D[15:0 of FLASH chip].Among the MPC852T processor U1 /BYTE management pin puts height and promptly adopts 16 transmission modes.General/CSO pin is as the chip selection signal of first FLASH chip, and/CS1 pin is as the chip selection signal of second FLASH chip.This method of attachment uses GPCM (General-PurposeChip-Select Machine) interface of MPC852T processor to come the operation of control storage.The output enable of two FLASH chips of/GPLA1 pin control; The read-write of two FLASH chips of/WR pin control enables.In the GPCM of MPC852T system interface ,/CSO is the chip selection signal that is used for connecting the memory of depositing start-up code, so with/ FLASH chip that the CSO pin is connected must be that system boot functions is housed.

The power supply of power module circuitry 6:MPC852 needs two level.Internal logic and DPLL module are by 1.8V (VDDL and VDDSYNC) power supply, and the I/O buffering is powered by 3.3V (VDDH).Therefore except the 3.3V voltage source will be provided, also should increase a DC-DC circuit module that 3.3V can be transferred to 1.8V.We adopt a general-purpose transformer that 220V/50Hz is become 9V DC, and then the input of receiving the plank power module carries out the transformation of second step DC～DC; And do not adopt a step to change to 3.3V from 220V/50Hz, be in order to obtain more high-quality level output.For obtaining high-quality 3.3V direct voltage, we select the MAX726 power supply to adjust chip and finish the second step transformation.MAX726 is the switching power source chip of a 100KHZ, and it is little that it has (1) volume, the high advantage of (2) in light weight power conversion efficiency.3.3V-1.8V transformation adopts the EZ1085C chip of SEMTECH.EZ1085 is high performance voltage transitions chip.

Reset and hardware initialization modular circuit 7:MPC852T processor U1 has electrification reset, three kinds of hard reset and warm resets by the reset signal that resets with initializing circuit 7.When system powered on, the electrification reset stage had finished extremely important to PLL (phase-locked loop) circuit working pattern MODCK1 in the MPC852T processor U1 internal clocking module and sampling and the setting of MODCK2.Then begin hard reset and warm reset.Emphasized that system powers in MPC852T processor U1 after, the useful signal of/PORESET pin should just can be finished the sampling to MODCK1 and MODCK2 more than the lasting at least 3ms.

After having carried out electrification reset or hard reset, under the situation that does not connect BDM debugging interface 12, if the BDIS position in the reset configuration words is low, MPC852T processor U1 just reads SSP and the PC pointer value of being deposited by preceding 8 bytes of the FLASH chip of/CSO pin brace choosing, and the FLASH guiding port by 16 bit widths begins guidance system then.In fact because operating system to the control of bottom hardware, is transparent for developing application of the present invention for the operation of FLASH to a certain extent.In system of the present invention, when operating system is carried out initialization to MPC852T processor U1, the related register among the initialization GPCM that is bound to, after this GPCM just can finish function corresponding promptly to the transparent operation of FLASH chip.The pin NC of AMD29LV160DB has connected the A10 of MPC852T processor U1, pin NC ground connection.This is to do the reservation preparation for can change in the future 4M FLASH chip on same plank.

Clock module circuit 8: comprise PLL and crystal concussion support circuit.Primary features: (1) two sets of plan can be used, a kind of is to adopt the external active oscillator to be not less than the initial clock signal of 10MHz crystal oscillator from the input of EXTCLK pin, and another kind is to adopt crystal oscillating circuit 10-MHz crystal between EXTAL and XTAL to provide initial clock signal or crystal crystal oscillator to exist simultaneously.After the clock signal of (2) two kinds of scheme inputs enters MPC852T processor U1, to the setting of SPLL phase-locked loop and to the PLPRCR register MF of multiplier parameter is set during according to initialization MPC852T processor U1, thereby produces the internal work clock of this MPC852T processor U1.(3) DPLL starts configuration: when PORESET was effective, the startup of DPLL was disposed from MODCK[1-2] (pin is drawn on the circuit board, but wire jumper) the pin sampling.DPLL just uses the clock source of MODCK decision at once subsequently, and multiplier factor removes the factor in advance and attempts locking.When PORESET is effective, MODCK[1-2] signal should keep; When PORESET is invalid, MODCK[1-2] value is by inner lock storage, at this moment can change MODCK[1-2] value.Designing MODCK[1-2 in the access device of the present invention] initial value is 01, the PLPRCR value is operated in 50MHz for 0x2240c000 can make CPU.

Use BDM (Background Debug Model) debugging interface to realize initial configuration and system debug among the BDM debug i/f circuit 9:MPC852T processor U1, be used for core integrated circuit board hardware detection, image file download, operation, FLASH programming this MPC852T processor U1.Using the advantage of BDM debugging interface is the function that need not just to have realized with simulator interactive debugging.

2, I/O expanding communication module 2:

As shown in Figure 5, in the system design of I/O expanding communication modular circuit, the CPM processor of MPC852T processor U1 can support the Ethernet of 10M/100M and 10M to connect.With the register GSMR[MODE among the MPC852T processor U1] be made as the communication mode that 0B1100 can select Ethernet, SCC (SerialCommunication Controllers) carries out a complete set of function of IEEE802.38/Ethernet CSMA/CD media interviews control and channel interface under the control of CPM.The Ethernet controller of MPC852T processor U1 requires have the transceiver of an outside to be connected on the Ethernet interface.In the present invention, this ethernet transceiver function is realized by LXT972 10/100M ethernet physical layer chip U8 and LXT905 10M ethernet physical layer chip U9.LXT905 chip U9 is the application chip of IEEE 802.3 physical layers, and it provides interface circuit for most standard 802.3 controllers to the 10base-T medium.Ethernet controller among the MPC852T processor U1 is ignored the DPLL on the sheet and is used outside LXT905 chip U9 that corresponding function is provided.DPLL can not be used for low speed (1-Mbps) Ethernet on the sheet, detects postamble because it can not be correct.

It is that chip U12 has finished level shifter interface and driven the 10base-T pair cable that LXT905 chip U9 uses the transformer HR601624 of an isolation, and interface adopts the RJ-45 interface of main flow.Logically, the 10M Ethernet supplies wired access by the SCC1 port of MPC852T processor U1.From physical connection, the 10M Ethernet interface adds that by the part pin among the general-purpose interface PA among the MPC852T processor U1 part pin among the general-purpose interface PC forms jointly.And that the use of the transceiver interface chip of 10M/100M is the LXT972 10M/100M ethernet physical layer chip U8 of INTEL Corp., it directly supports the application of 100BASE-TX and 10base-T, provides Media Inteface medium independent interface (MII) to be used for being connected with the convenient of MAC of 10M/100M simultaneously.It supports two two operations of 10M/100M, and operating environment may be set to auto-negotiation (conferring automatically), parallel detecting or manually control.

For 100M Fast Ethernet mouth, the present invention has used a slice HR601680 chip U11 to finish the function of level shifter interface.Use the input of 25MHz external clock in the realization of Ethernet10/100M Ethernet, 4 serial data incoming line RXD[0:3 of use], 4 serial data output line TXD[0; 3], carry out the transmission of data.The realization of 10/100M Ethernet has taken the PD[3:15 of MPC852T processor U1] pin and [1:4] pin.PD[3:15 wherein] pin respectively with the RXD[0:3 of LXT972 chip U12] with TXD[0:3] corresponding linking to each other, SPARE[1:4] pin then with corresponding connection of TX_ER, RX_ER, COL and TX_EN of LXT972 chip U12.

In addition in the present invention, by the management of the serial in the CPM port of MPC852T processor U1 control SMC1 module (Serial Management Controllers) communication port, realized the design of the RS-232 serial port circuit 12 of one two line.It is the rs 232 serial interface signal that meets RS-232 serial ports level standard with the conversion of signals of MPC852T processor U1 output that the present invention adopts AMD3322 chip U10, can be with the rate transmissioning data of 460KBps.

As shown in Figure 6, MPC852T processor U1 connects the radio access interface module by Standard PC MCIA socket.Every each functional module is all realized by each chip block in the Intersil PRISM2.5 chipset and respective peripheral circuit in the radio communication:

A) MAC and baseband processing circuitry 13 are realized by ISL3873B chip U13: mainly finish data stream is carried out baseband modulation and demodulation; The ISL3873B chip comprises the MAC unit, transmits and receives the unit and comprises automatic gain control AGC unit that radiating portion is finished spread spectrum, coding, the scrambled code work of base band data, and produces header and preamble for the grouping that sends automatically; Receiving element finish the data behind the intermediate frequency demodulation despreading, remove scrambler, go header work.ISL3873B chip U13 also contains the standard pcmcia interface and links to each other with the PCMCIA socket of MPC852T U1, carries out data, address and control information exchange.

B) both processing circuitry of intermediate frequency module 14 of HFA3783 chip U14 is made up of I/Q modulator/demodulator and frequency mixer, finishes carrier modulation and demodulation to signal.

C) both rf processing circuitry module 15 of ISL3685 chip U15: form by 2.4GHz radio frequency/intermediate frequency IF/RF transducer and frequency mixer, realize the frequency inverted of modulated signal;

D) both radio-frequency (RF) power amplification circuit module 16 of ISL3984 chip U16: mainly the rf wireless signal that sends is carried out processing and amplifying;

E) Anneta module 17: be made up of distributed entelechy double antenna, finish the conversion of the signal of telecommunication and electromagnetic wave signal.

In addition, corresponding TXI, TXQ among TXI, the TXQ among the ISL3873B chip U13 and RXI, RXQ and the HFA3783 chip U14 and the pin of RXI, RXQ link to each other, and finish the transmission course of the quadrature of data.RX_IF_DET links to each other with RX_IF_DET among the HFA3783 chip U14; RX_IF_AGC links to each other with RX_IF_AGC among the HFA3783 chip U14, the AGC adjustment process that RX_RF_AGC and H/L among the ISL3685 chip U15 link to each other and finish corresponding IF and RF.The antenna selection signals ANT_SEL that draws from ISL3873B chip U13 links to each other with Anneta module 17, finishes the selection problem of distributing antenna system.HFA3783 chip U14 links to each other by being total to the road coupling with ISL3685 chip U15.The common clock of same 44MHz that adopts is used as the clock source between chip U13, U14 and the U15.

As shown in Figure 6, ISL3984 chip U16 has the two stage power amplifier as 2.4GHz power amplifier and detector, the power gain of 30dB, peak power output 18dBm.In control procedure, the power output that ISL3873B chip U13 utilizes the output of DET_OUT in the ISL3984 chip U16 rf power amplifier circuit that obtains to come this ISL3984 chip of dynamic surveillance.When needs were adjusted the AGC (automatic gain control) voltage of IF modulator-demodulator of HFA3783 chip U14, output voltage will change.This can provide most possible free from error message transmission rate under certain operational environment, and occurs between passage and the passage in the compensation chain and the relevant change in voltage with variations in temperature.

ISL3685 chip U15 is RF/IF transducer and the frequency mixer that is operated on the 2.4GHz frequency, it is a programmable frequency synthesizer and the optional low noise amplifier of gain simultaneously, the interface of this U15 chip and intermediate frequency has been realized the intermediate frequency transmission and has been received multiplexing, a shared difference matching network, transmission and received RF amplifier can be directly connected on the frequency mixer, have reduced the use of intermediate-frequency filter simultaneously.ISL3685 chip U15 has the low noise amplifier (LNA) of gain optional (H/L) and down-conversion mixer (Mixer) and realizes amplification and down-converted to signal in receiving link channel; And sending on the link channel, up-conversion mixer (Mixer) and high performance signal prime amplifier (Preamplifier) are finished the up-conversion process to intermediate-freuqncy signal.

HFA3783 chip U14 is a chip of realizing that the modulation of I/Q orthogonal signalling is conciliate system and carried out mixing, and it has realized the quadrature modulation demodulation to the I/Q digital orthogonal baseband signal, the AGC control module that simultaneously integrated Tx/Rx sends and receives.In sending link channel, mainly comprise: difference I/Q two paths of signals input stage, semaphore request is by the simulation preform signal of 500mVpp; To frequency mixer, realize the modulation of signal on the I/Q road; Analog signal summer; Send the intermediate-freuqncy signal amplifier; Frequency mixer is driven by a wideband orthogonal local oscillator generator, and IF-FRE setting and PLL synchronization parameter are by a three-way serial port control.In receiving link channel, mainly comprise: two-stage is hanged down distortion AGC intermediate frequency amplifier, and the AGC scope of 70dB can be provided; Intermediate frequency level peak detector; To frequency mixer, realize the demodulation of IF-baseband under the two balances of pair of orthogonal; Receiver DC offset correction loop.

U15 is the same with the ISL3685 chip, the IF interface of HFA3783 chip U14 sends, receives the shared difference matching network of intermediate-frequency channel, reduced the required filtering device quantity of using in the single intermediate frequency half-duplex transmitter, ISL3685 chip U15 interface has only used a SAW (Surface Acoustic Wave) filter to connect.All integrated separately programmable frequency synthesizer in HFA3783 chip U14 and ISL3685 chip U15 can be by constituting frequency phase lock loop (PLL) with outside VCO.The vibration of local oscillator (VCO) signal after through the frequency divider frequency division that presets divide ratio and the reference oscillation frequency signal after through the R frequency division carries out bit comparison mutually, result relatively is converted into the control signal of control VCO vibration, this control signal is connected to the voltage controling end of VCO by loop filter, forms a frequency phase lock loop (PLL).The divide ratio of the frequency divider that can preset by change changes the output frequency of phase-locked loop like this.

ISL3873B chip U13 is band rake receiver MAC and baseband processing circuitry chip, and MAC and baseband processing circuitry 13 are made of the special integrated chip ISL3873B and the correspondent peripheral circuit of an Intersil company in the access device of the present invention.The MAC treatment circuit of ISL3873B chip U13 meets 802.11 WLAN (wireless local area network) MAC agreements, supports BSS and IBSS pattern under the DCF, PCF is optional, RTS/CTS is machine-processed, acknowledgement mechanism, WEP are encrypted.The Base-Band Processing of ISL3873B chip U13 is partly supported DSSS Base-Band Processing function, the repertoire that comprises base band duplex/half-duplex, grouping/continuous, transceiver, and comprise A/D, D/A converter, work frequently device is 1,2,5.5 and 11M, can adopt DBPSK, DQPSK and CCK modulation system.Transmitter section comprises network processing unit interface, preamble and a header generator, DPSK modulator, high-speed modulator, data scrambler, transmitting filter and spectral expander.Finish the work such as spread spectrum, coding, scrambled code of base band data, and produce header and preamble for the grouping that sends automatically.Preamble is always modulated in the DBPSK mode when sending, and header can be selected DBPSK or DQPSK mode and packet can be selected DBPSK, DQPSK or CCK mode for use.Transmitter switches between DBPSK, DQPSK or CCK pattern when needed automatically.The purpose of doing like this is to shorten capture time between sync period, and in case after finishing synchronously, can transmit data with faster rate.Receiving element comprises CCK correlator, feedback equalization device, symbol judgement device, peak detector, DPSK demodulator, data scrambling code decoding device, digital controlled oscillator, loop filter and header detector etc.Finish the data behind the intermediate frequency demodulation despreading, remove scrambler, go work such as header.Except transmitting element and receiving element, the ISL3873B chip also has automatic gain control (AGC) unit, form automatic gain control AGC system with the AGC unit of intermediate frequency Modulation module and radio-frequency module, thereby improve the dynamic range of receiving of receiver according to the variation that intermediate frequency, radio frequency part gain and decay are controlled in the variation of environment automatically.

PCMCIA socket on the embedded system platform is connected with PCMCIA plug on the baseband processing module with MAC, and realization flush bonding processor U1 is connected with radio access interface.

3, software system module 3:

As shown in Figure 7; the system hardware of the wireless protection accessing device based on embedded system of the present invention is the carrying platform that access point function is realized; and the last way of realization of software is to deposit in the FLASH flash memory circuit 31 of embedded access point apparatus of the present invention as the mode of firmware (firmware); combine with MPC852T processor U1 and hardware system; the just operation of start time that powers on is finished fast, stable system operation function.The present invention has selected use based on the MAC layer hardware module platform of the POWERPC MPC852T processor of Motorola and the hardware and software platform that POWERPC-LINUX2.4.4 version flush type LINUX operating system is formed realization, finishes the structure of mac-layer protocol stack software module system then on this platform base.

802.11b MAC layer software module of the present invention is divided into kernel state and user's attitude two parts, its dominant mechanism is real-time is required strong handling such as the 802.11b data transmit-receive, DCF/PCF media interviews control modules etc. realize in the mode that kernel drives, the less demanding functions of real-time such as authentication management, key agreement, 802.1X agreement are then realized at user's state space.

As seen from Figure 7, the kernel portion of mac-layer protocol stack software module is made of each module of 54-65: the 54-61 of mac-layer protocol stack module mainly finishes the mac-layer protocol data transmit-receive of IEEE802.11 definition and the relevant function of access control, finish the coordination function that the wireless medium channel is inserted, also finish function in addition with the bridge joint of the interface of Ethernet; Module 62 realizes providing the standard air interfaces of user's attitude program; Module 63 realizes STA key updating function, and module 23-25 realizes WEP encryption, TKIP encryption and the AES encryption function of MAC layer data respectively.These three modules are called by module 61, and the action attitude that is configured into by the user loads; Module 65 realizes connecting the management function of website.

User's polymorphic segment is made of module 66-74 in the mac-layer protocol stack software module: module 66 realizes the extraction and the filtration of kernel state data flow, is the interface of kernel state module and user's morphotype interblock.Module 67 realizes WAP (wireless access point) management function in the IEEE802.11 standard, and some improvement of having added IEEE 802.11b.In module 67, MIB module, Mlme_Requests module, Mlme_Indications module and modules such as Distribute_Mmpdus, Power_Save_Monitor, AuthReq_Service_AP, AsocService_AP, AuthRspService and Synchronization_AP have mainly been comprised.Module 67 is mainly finished the monitoring function of LLC layer and DS distributed system and Tx_Rx partial interior data transmission procedure.Module 68 and module 69 are submodules of module 67, handle the management frames of IEEE802.11/11b and the EAPOL frame that the IEEE802.11i/WPA/WPA2 agreement is used respectively.Module 70 realizes the 802.1X agreement, and wherein module 73 and module 74 realize the state machine of 802.1X and the state machine of 802.11i/WPA/WPA2 cipher key agreement authentication respectively.

Mac-layer protocol stack module will realize that the MAC layer function that can move then also must finish corresponding and outside interface.There is interface procedure between MAC core and DS distributed system (promptly being Ethernet driver module 19), radio network interface part and the upper strata LLC layer.DS distributed interface and wave point part all has the corresponding apparatus driver to finish this corresponding interface to finish mutual with the MAC layer.And the interface that the MAC layer is finished the service of corresponding M AC layer calls and finishes reciprocal process with the LLC layer for the LLC layer.MAC layer software module is to be based upon on the actual embedded system platform basis, thereby also must have the kernel of flush type LINUX system software platform 18 to finish the action invocation function of MAC layer.

Between the process of the process of LLC or application layer and MAC layer kernel Data passage and Control passage arranged alternately, this reciprocal process can be called and the method for interrupting is finished by internal memory.Same and DS distributed system interface and radio network interface interface partly also can call and the method for interrupting is finished by internal memory.

In concrete implementation procedure, the realizability of taking into account system and the efficiency of system, the present invention does not adopt traditional multithreading to realize the parallel processing of disparate modules and intercommunication mutually, but has redesigned a kind of mode of parallel processing.This considers that mainly more thread can have influence on the time of switching of system and the cost in space between thread, thereby has influence on the efficiency of system equally.Mac-layer protocol stack module such as above-mentionedly include 22 submodules altogether.

PHY I/O driver module is finished the driving process to I/O interface module partial data transport process and control procedure.The module of bridge joint is received Frame from Ethernet driver module 19 in the mac-layer protocol stack software module, need from the interface of wireless network, to spread out of, the each several part module of requirement in can operating physical layer hardware module finished the process that data is sent from wireless data communications port; Equally, rightabout data transmission procedure also requires the participation of PHY I/O driver module.

Also have, some in the hardware module are controlled as power, stop production to detect, and AGC process etc. is all wanted and can be controlled from MAC layer software module.Thereby requirement can provide such interface procedure in the I/O driver module.And in flush type LINUX system software platform 18, the implementation of driving has three kinds of character device type of drive, block device type of drive and network device driver modes.Simultaneously, the driving under the flush type LINUX system software platform can have the dual mode chain to go into kernel: a kind of mode is to carry out dynamic load as a module; The another one mode is that static chain is gone into kernel.Because dynamic load goes into to have greater flexibility than static chain, so the mode that each realization that drives among the present invention all adopts dynamic module to load is write, the drive controlling to the control mouth of ISL3873B chip U13 control mouthful, HFA3783 chip U14 and ISL3685 chip U15 on software is to drive as character device to finish; The transmission operation driving of ISL3873B chip U13 data port is then finished with network device driver.

The workflow of wired I/O driver module control mouth is as follows: in software flow, at first for this module generates a file_operation structure, wherein comprised all invoked functions: read, write, ioctl, release function etc.In the course of work of the SPI interface of MPC852T processor U1, need to dispose the pin of SPI interface in the init_module () function; The working method of SDMA is set; ParameterRam and BD are set; Simultaneously as required, ON/OFF is interrupted, if open interruption, then registers interrupt handling routine; Application can be used the memory block of DMA; Register this character device to kernel; Open () function module is finished counter and is added up.Write () function is finished and copy data to kernel spacing from user's space, and data are sent; Check whether successfully send simultaneously, if make mistakes to upper strata report error message.Whether the address that Read () function copy will be write sends the address to kernel spacing, and sending finishes then to start receives, check and make mistakes, if make mistakes to upper strata report error message.Close () function module is finished counter and is subtracted one.Cleanup_module () function module discharges the internal memory that is distributed, and cancels this character device.In the course of work of data port, SCC can realize a lot of common agreements, such as ETHERNET, HDLC, BITSYNC, TRANSPARENT, APPLETALK etc.The present invention has selected the TANSPARENT pattern of additional CRC check not to finish the transmitting-receiving transmission course of data port.

Long-range SNMP/HTTP/CLI remote network management module 28 provides the SNMP/HTTP/CLI port for access point so that long-range monitor terminal can carry out control corresponding and supervision to the running parameter and the service behaviour of access point apparatus by network.And SNMP/HTTP/CLI remote network management module 28 is exactly to reside in the program of finishing among the AP with the remote terminal communication.By monitoring 161,162 ports, can realize the SNMP/HTTP/CLI communication with remote terminal, and can make amendment the agreement operational factor of MAC layer, set up the MIB storehouse of corresponding IEEE 802.11, realize the network management of unified compatibility.The local serial port module 29 that is used for local serial ports supervision is finished the acceptance and the transmission of Serial Port Information, and can carry out real-time change to the operational factor of MAC protocol stack, realizes the function of local monitor.The establishment of serial port drive module 20 realizes the driving to serial ports.The establishment of Ethernet driver module 19 has realized the driving of the 10M/100M Ethernet under the flush type LINUX system software platform 18, finishes the behavior of the filter process of respective frame simultaneously.Also to finish at last the simplifying of flush type LINUX system software platform 18 kernels, with the requirement of the little access space that adapts to embedded system.

As Fig. 8, the flow process of MAC layer software protocol stack modular program of the present invention is as follows: after the device power, initialize routine be written into the initialization procedure of finishing MPC852T processor U1, and finish each register assignment of inside of MPC852T processor U1 and the initialization procedure of mode of operation location, the initialization of simultaneously peripheral other chips is finished equally.In this MPC852T processor, carry out following step successively: being written into and moving of flush type LINUX system, being written into of each driver, articulate and move, the operation of mac-layer protocol stack program, the operation of SNMP/HTTP/CLI remote network management program, main () function operation in mac-layer protocol stack module, start the operation of 9 threads in the mac-layer protocol stack program, enter the process of the circulation of thread then,, judge then when in cyclic process, receiving data, when being when receiving data from the wired network termination and will be sent in the middle of the wireless network, then start the process that sends from wireless network accordingly and finish the process that sends from wireless network.When being when the wireless access termination receives that data will send on the wired network, then start the other process that sends from wired network and finish corresponding process, in addition when receiving the control data of SNMP/HTTP/CLI mode, then start corresponding SNMP/HTTP/CLI remote network management operation process and finish adjustment process the operational factor of mac-layer protocol stack module.When the appearance abnormality processing in the processing procedure of above-mentioned thread process and process, then program can withdraw from, otherwise mac-layer protocol stack software module can be gone down in circular flow.

Should be understood that; for those of ordinary skills; can preferred embodiment according to the present invention with and technical conceive make various possible changes or replacement, and all these changes or replace the protection range that all should belong to claims of the present invention.

Claims

1, a kind of wireless access protection equipment based on embedded system is characterized in that this equipment comprises three following modules: minimum embedded system platform module (1), I/O expanding communication module (2) and software system module (3); Wherein, minimum embedded system platform module (1) comprising: a flush bonding processor U1 and support circuit (4), memory module circuit (5), power module circuitry (6), reset and hardware initialization modular circuit (7), clock module circuit (8) and BDM debugging interface modular circuit (9); I/O expanding communication module (2) comprises wired communication interface and radio access interface two parts, wired communication interface comprises 10/100M fastethernet interface circuit (10), 10M ethernet interface circuit (11) and serial interface circuit (12), and radio access interface is made up of MAC and baseband processing circuitry (13), processing circuitry of intermediate frequency module (14), rf processing circuitry module (15), radio-frequency (RF) power amplification circuit module (16) and Anneta module (17); Software system module (3) comprises flush type LINUX operating system software platform (18) and mac-layer protocol stack software module, and mac-layer protocol stack software module has comprised following several sections: Ethernet driver module (19), serial port drive module (20), PCMCIA driver module (21), wireless access Hardware drive module (22), WEP encrypting module (23), TKIP encryption module (24), AES encrypting module (25), bridge equipment driver module (26), 802.1X authentication module (27), the remote network management module (28) of SNMP/HTTP/CLI mode and finish the serial port module (29) of local configuration feature; Flush bonding processor U1 is electrically connected with a readable and writable memory circuit (30) and a flash memory circuit (31) by data, address, control line (33,34) respectively, and flush bonding processor U1 also is electrically connected with a storage auxiliary circuit (32) by another data wire (35); Flush bonding processor U1 also is electrically connected with power module circuitry (6) respectively, reset and hardware initialization modular circuit (7), clock module circuit (8), BDM debugging interface modular circuit (9), constitutes a minimum embedded system platform module (1) jointly; Flush bonding processor U1 also is connected with 10/100M fastethernet interface circuit (10), 10M ethernet interface circuit (11) and serial interface circuit (12) respectively by control line (36,37,38), and these interface circuits are more respectively by corresponding Ethernet interface (39,40) and the serial line interface (41) of connecting of interface line (42,43,44); Flush bonding processor U1 connects radio access module circuit (45) by Standard PC MCIA interface socket (46), constitutes an I/O expanding communication module with multiple communication form; Finish to communicate by letter by corresponding driving module and mac-layer protocol stack software module between flush bonding processor U1 and each communicator module and connect and the cooperating process of communicating by letter.

2, the wireless access protection equipment based on embedded system according to claim 1, it is characterized in that: the MAC layer data is handled for MAC in the described radio access interface and baseband processing circuitry and baseband modulation and demodulation combines, and improves treatment effeciency; Described processing circuitry of intermediate frequency module is finished the carrier modulation demodulation to signal; Described rf processing circuitry module is finished the frequency inverted of modulated signal; The rf wireless signal that described radio-frequency (RF) power amplification circuit module is finished sending carries out processing and amplifying; And Anneta module is finished the conversion of the signal of telecommunication and electromagnetic wave signal.

3, the wireless access protection equipment based on embedded system according to claim 1 and 2; it is characterized in that: employing standard " PCMCIA " interface finishes that signal is connected and the sequential matching process between described radio access interface part and the described minimum embedded system platform module (1), for the design of minimum embedded system platform module (1) provides more more options space.

4, the wireless access protection equipment based on embedded system according to claim 1 and 2, it is characterized in that: described flush bonding processor is " MPC852T " module.

5, the wireless access protection equipment based on embedded system according to claim 1, it is characterized in that: in described radio access module circuit, adopt the correlation module and the peripheral circuit of " PRISM2.5 " chipset of " Intersil " company to finish each functional module; And described MAC and baseband processing circuitry are handled by band MAC layer data and the baseband processing circuitry chip " ISL3873B " and the peripheral circuit of rake receiver are realized; Described processing circuitry of intermediate frequency module then is made up of I/Q modulator/demodulator and mixer chip " HFA3783 " and peripheral circuit; The RF/IF transfer process of described rf processing circuitry module is finished by 2.4GHz radio frequency/intermediate frequency transducer and mixer chip ISL3685 and peripheral circuit; Described radio-frequency (RF) power amplification circuit module is made up of 2.4GHz power amplifier and detector ISL3984; Anneta module is made up of distributed circular polarization double antenna.

6, the wireless access protection equipment based on embedded system according to claim 1; it is characterized in that: described mac-layer protocol stack software module is finished the basic function and the security extensions functionality of the mac-layer protocol stack of IEEE802.11,802.11i, WPA/WPA2 definition; finish the coordination function that the wireless medium channel is inserted, wireless protection inserts the WPA safety function and finishes function with the bridge joint of the interface of Ethernet.

7, according to claim 1 or 6 described wireless access protection equipment based on embedded system; it is characterized in that: described mac-layer protocol stack software module is divided into kernel state and user's attitude two parts; strong 802.11b data transmit-receive is handled, DCF/PCF media interviews control module realizes in the mode that kernel drives real-time is required, and authentication management, key agreement, the less demanding function of 802.1X agreement real-time are realized at user's state space.

8, the wireless access protection equipment based on embedded system according to claim 7; it is characterized in that: user's polymorphic segment of described mac-layer protocol stack software module adopts single-threaded mode; 16 function sub-modules of user's polymorphic segment adopt self-defining message queue to communicate alternately, have reduced overhead.

9, the wireless access protection equipment based on embedded system according to claim 7; it is characterized in that WEP encrypting module, TKIP encryption module and AES encrypting module are realized in the form of kernel state part with the kernel driver module in the described mac-layer protocol stack software module; mode by dynamic call is called, and reduces overhead and the assurance real-time transmission requirement to data.