Apple Wireless Direct Link is a proprietary peer-to-peer wireless mesh protocol based on Wi-Fi. It was introduced in iOS 7 (around 2014) for AirDrop and Multipeer Connectivity, but it was later used for other Continuity features.
The OWL project from Seemoo has reverse-engineered the AWDL protocol and documented it in their paper Recipe for the Apple Wireless Direct Link Ad hoc Protocol. They also implemented a dissector for it in Wireshark 3.0.
AWDL is a mesh protocol, not point-to-point. Multiple devices can join the AWDL mesh and talk to each other, without the data packets being forwarded through a central node (as is the case on standard Wi-Fi access points). There is a central "master node", but its only role is synchronizing a clock signal across all members of the network.
Devices can be connected to a normal Wi-Fi access point and to the AWDL mesh simultaneously with a single Wi-Fi radio, by rapidly switching between the Wi-Fi radio channels of the two. For example this lets you send a file over AirDrop while being connected to a normal network. The synchronized clock signal is used to ensure all devices switch to the AWDL radio channel at the same time (during the same "availability window"). Outside the availability window, devices can go back to the access point channel, or turn off the radio for power saving.
AWDL does not provide any authentication or encryption; the data frames just encapsulate unencrypted IPv6 packets. All encryption is handled by higher layer protocols. For example, AirDrop uses TLS with mutual authentication (client certificates).
References
- What is AWDL (Apple Wireless Direct Link) and how does it work?, Stack Overflow.
- One Billion Apples’ Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol. Milan Stute, David Kreitschmann, and Matthias Hollick. Secure Mobile Networking Lab, Technische Universität Darmstadt.
- https://appleterm.com/2020/12/02/ios-wifi-exploit/ [Archived 2020-12-02 at the Wayback Machine]