1 /*
2 * hostapd / WMM (Wi-Fi Multimedia)
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #include "utils/common.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "hostapd.h"
17 #include "ieee802_11.h"
18 #include "sta_info.h"
19 #include "ap_config.h"
20 #include "ap_drv_ops.h"
21 #include "wmm.h"
22
23
wmm_aci_aifsn(int aifsn,int acm,int aci)24 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
25 {
26 u8 ret;
27 ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
28 if (acm)
29 ret |= WMM_AC_ACM;
30 ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
31 return ret;
32 }
33
34
wmm_ecw(int ecwmin,int ecwmax)35 static inline u8 wmm_ecw(int ecwmin, int ecwmax)
36 {
37 return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
38 ((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
39 }
40
41
42 static void
wmm_set_regulatory_limit(const struct hostapd_wmm_ac_params * wmm_conf,struct hostapd_wmm_ac_params * wmm,const struct hostapd_wmm_rule * wmm_reg)43 wmm_set_regulatory_limit(const struct hostapd_wmm_ac_params *wmm_conf,
44 struct hostapd_wmm_ac_params *wmm,
45 const struct hostapd_wmm_rule *wmm_reg)
46 {
47 int ac;
48
49 for (ac = 0; ac < WMM_AC_NUM; ac++) {
50 wmm[ac].cwmin = MAX(wmm_conf[ac].cwmin, wmm_reg[ac].min_cwmin);
51 wmm[ac].cwmax = MAX(wmm_conf[ac].cwmax, wmm_reg[ac].min_cwmax);
52 wmm[ac].aifs = MAX(wmm_conf[ac].aifs, wmm_reg[ac].min_aifs);
53 wmm[ac].txop_limit =
54 MIN(wmm_conf[ac].txop_limit, wmm_reg[ac].max_txop);
55 wmm[ac].admission_control_mandatory =
56 wmm_conf[ac].admission_control_mandatory;
57 }
58 }
59
60
61 /*
62 * Calculate WMM regulatory limit if any.
63 */
wmm_calc_regulatory_limit(struct hostapd_data * hapd,struct hostapd_wmm_ac_params * acp)64 static void wmm_calc_regulatory_limit(struct hostapd_data *hapd,
65 struct hostapd_wmm_ac_params *acp)
66 {
67 struct hostapd_hw_modes *mode = hapd->iface->current_mode;
68 int c;
69
70 os_memcpy(acp, hapd->iconf->wmm_ac_params,
71 sizeof(hapd->iconf->wmm_ac_params));
72
73 for (c = 0; mode && c < mode->num_channels; c++) {
74 struct hostapd_channel_data *chan = &mode->channels[c];
75
76 if (chan->freq != hapd->iface->freq)
77 continue;
78
79 if (chan->wmm_rules_valid)
80 wmm_set_regulatory_limit(hapd->iconf->wmm_ac_params,
81 acp, chan->wmm_rules);
82 break;
83 }
84
85 /*
86 * Check if we need to update set count. Since both were initialized to
87 * zero we can compare the whole array in one shot.
88 */
89 if (os_memcmp(acp, hapd->iface->prev_wmm,
90 sizeof(hapd->iconf->wmm_ac_params)) != 0) {
91 os_memcpy(hapd->iface->prev_wmm, acp,
92 sizeof(hapd->iconf->wmm_ac_params));
93 hapd->parameter_set_count++;
94 }
95 }
96
97
98 /*
99 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
100 * Response frames.
101 */
hostapd_eid_wmm(struct hostapd_data * hapd,u8 * eid)102 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
103 {
104 u8 *pos = eid;
105 struct wmm_parameter_element *wmm =
106 (struct wmm_parameter_element *) (pos + 2);
107 struct hostapd_wmm_ac_params wmmp[WMM_AC_NUM];
108 int e;
109
110 os_memset(wmmp, 0, sizeof(wmmp));
111
112 if (!hapd->conf->wmm_enabled)
113 return eid;
114 wmm_calc_regulatory_limit(hapd, wmmp);
115 eid[0] = WLAN_EID_VENDOR_SPECIFIC;
116 wmm->oui[0] = 0x00;
117 wmm->oui[1] = 0x50;
118 wmm->oui[2] = 0xf2;
119 wmm->oui_type = WMM_OUI_TYPE;
120 wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
121 wmm->version = WMM_VERSION;
122 wmm->qos_info = hapd->parameter_set_count & 0xf;
123
124 if (hapd->conf->wmm_uapsd &&
125 (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
126 wmm->qos_info |= 0x80;
127
128 wmm->reserved = 0;
129
130 /* fill in a parameter set record for each AC */
131 for (e = 0; e < 4; e++) {
132 struct wmm_ac_parameter *ac = &wmm->ac[e];
133 struct hostapd_wmm_ac_params *acp = &wmmp[e];
134
135 ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
136 acp->admission_control_mandatory,
137 e);
138 ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
139 ac->txop_limit = host_to_le16(acp->txop_limit);
140 }
141
142 pos = (u8 *) (wmm + 1);
143 eid[1] = pos - eid - 2; /* element length */
144
145 return pos;
146 }
147
148
149 /*
150 * This function is called when a station sends an association request with
151 * WMM info element. The function returns 1 on success or 0 on any error in WMM
152 * element. eid does not include Element ID and Length octets.
153 */
hostapd_eid_wmm_valid(struct hostapd_data * hapd,const u8 * eid,size_t len)154 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len)
155 {
156 struct wmm_information_element *wmm;
157
158 wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
159
160 if (len < sizeof(struct wmm_information_element)) {
161 wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
162 (unsigned long) len);
163 return 0;
164 }
165
166 wmm = (struct wmm_information_element *) eid;
167 wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x "
168 "OUI type %d OUI sub-type %d version %d QoS info 0x%x",
169 wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
170 wmm->oui_subtype, wmm->version, wmm->qos_info);
171 if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
172 wmm->version != WMM_VERSION) {
173 wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
174 return 0;
175 }
176
177 return 1;
178 }
179
180
wmm_send_action(struct hostapd_data * hapd,const u8 * addr,const struct wmm_tspec_element * tspec,u8 action_code,u8 dialogue_token,u8 status_code)181 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
182 const struct wmm_tspec_element *tspec,
183 u8 action_code, u8 dialogue_token, u8 status_code)
184 {
185 u8 buf[256];
186 struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
187 struct wmm_tspec_element *t = (struct wmm_tspec_element *)
188 m->u.action.u.wmm_action.variable;
189 int len;
190
191 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
192 HOSTAPD_LEVEL_DEBUG,
193 "action response - reason %d", status_code);
194 os_memset(buf, 0, sizeof(buf));
195 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
196 WLAN_FC_STYPE_ACTION);
197 os_memcpy(m->da, addr, ETH_ALEN);
198 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
199 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
200 m->u.action.category = WLAN_ACTION_WMM;
201 m->u.action.u.wmm_action.action_code = action_code;
202 m->u.action.u.wmm_action.dialog_token = dialogue_token;
203 m->u.action.u.wmm_action.status_code = status_code;
204 os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
205 len = ((u8 *) (t + 1)) - buf;
206
207 if (hostapd_drv_send_mlme(hapd, m, len, 0, NULL, 0, 0) < 0)
208 wpa_printf(MSG_INFO, "wmm_send_action: send failed");
209 }
210
211
wmm_process_tspec(struct wmm_tspec_element * tspec)212 int wmm_process_tspec(struct wmm_tspec_element *tspec)
213 {
214 u64 medium_time;
215 unsigned int pps, duration;
216 unsigned int up, psb, dir, tid;
217 u16 val, surplus;
218
219 up = (tspec->ts_info[1] >> 3) & 0x07;
220 psb = (tspec->ts_info[1] >> 2) & 0x01;
221 dir = (tspec->ts_info[0] >> 5) & 0x03;
222 tid = (tspec->ts_info[0] >> 1) & 0x0f;
223 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
224 up, psb, dir, tid);
225 val = le_to_host16(tspec->nominal_msdu_size);
226 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
227 val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
228 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
229 le_to_host32(tspec->mean_data_rate));
230 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
231 le_to_host32(tspec->minimum_phy_rate));
232 val = le_to_host16(tspec->surplus_bandwidth_allowance);
233 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
234 val >> 13, 10000 * (val & 0x1fff) / 0x2000);
235
236 val = le_to_host16(tspec->nominal_msdu_size);
237 if (val == 0) {
238 wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
239 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
240 }
241 /* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
242 pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
243 wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
244 pps);
245
246 if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
247 wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
248 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
249 }
250
251 duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
252 (le_to_host32(tspec->minimum_phy_rate) / 1000000) +
253 50 /* FIX: proper SIFS + ACK duration */;
254
255 /* unsigned binary number with an implicit binary point after the
256 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
257 surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
258 if (surplus <= 0x2000) {
259 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
260 "greater than unity");
261 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
262 }
263
264 medium_time = (u64) surplus * pps * duration / 0x2000;
265 wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %lu",
266 (unsigned long) medium_time);
267
268 /*
269 * TODO: store list of granted (and still active) TSPECs and check
270 * whether there is available medium time for this request. For now,
271 * just refuse requests that would by themselves take very large
272 * portion of the available bandwidth.
273 */
274 if (medium_time > 750000) {
275 wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
276 "75%% of available bandwidth");
277 return WMM_ADDTS_STATUS_REFUSED;
278 }
279
280 /* Convert to 32 microseconds per second unit */
281 tspec->medium_time = host_to_le16(medium_time / 32);
282
283 return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
284 }
285
286
wmm_addts_req(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,const struct wmm_tspec_element * tspec,size_t len)287 static void wmm_addts_req(struct hostapd_data *hapd,
288 const struct ieee80211_mgmt *mgmt,
289 const struct wmm_tspec_element *tspec, size_t len)
290 {
291 const u8 *end = ((const u8 *) mgmt) + len;
292 int res;
293 struct wmm_tspec_element tspec_resp;
294
295 if ((const u8 *) (tspec + 1) > end) {
296 wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
297 return;
298 }
299
300 wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
301 "from " MACSTR,
302 mgmt->u.action.u.wmm_action.dialog_token,
303 MAC2STR(mgmt->sa));
304
305 os_memcpy(&tspec_resp, tspec, sizeof(struct wmm_tspec_element));
306 res = wmm_process_tspec(&tspec_resp);
307 wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
308
309 wmm_send_action(hapd, mgmt->sa, &tspec_resp, WMM_ACTION_CODE_ADDTS_RESP,
310 mgmt->u.action.u.wmm_action.dialog_token, res);
311 }
312
313
hostapd_wmm_action(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)314 void hostapd_wmm_action(struct hostapd_data *hapd,
315 const struct ieee80211_mgmt *mgmt, size_t len)
316 {
317 int action_code;
318 int left = len - IEEE80211_HDRLEN - 4;
319 const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4;
320 struct ieee802_11_elems elems;
321 struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
322
323 /* check that the request comes from a valid station */
324 if (!sta ||
325 (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
326 (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
327 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
328 HOSTAPD_LEVEL_DEBUG,
329 "wmm action received is not from associated wmm"
330 " station");
331 /* TODO: respond with action frame refused status code */
332 return;
333 }
334
335 if (left < 0)
336 return; /* not a valid WMM Action frame */
337
338 /* extract the tspec info element */
339 if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
340 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
341 HOSTAPD_LEVEL_DEBUG,
342 "hostapd_wmm_action - could not parse wmm "
343 "action");
344 /* TODO: respond with action frame invalid parameters status
345 * code */
346 return;
347 }
348
349 if (!elems.wmm_tspec ||
350 elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
351 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
352 HOSTAPD_LEVEL_DEBUG,
353 "hostapd_wmm_action - missing or wrong length "
354 "tspec");
355 /* TODO: respond with action frame invalid parameters status
356 * code */
357 return;
358 }
359
360 /* TODO: check the request is for an AC with ACM set, if not, refuse
361 * request */
362
363 action_code = mgmt->u.action.u.wmm_action.action_code;
364 switch (action_code) {
365 case WMM_ACTION_CODE_ADDTS_REQ:
366 wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
367 (elems.wmm_tspec - 2), len);
368 return;
369 #if 0
370 /* TODO: needed for client implementation */
371 case WMM_ACTION_CODE_ADDTS_RESP:
372 wmm_setup_request(hapd, mgmt, len);
373 return;
374 /* TODO: handle station teardown requests */
375 case WMM_ACTION_CODE_DELTS:
376 wmm_teardown(hapd, mgmt, len);
377 return;
378 #endif
379 }
380
381 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
382 HOSTAPD_LEVEL_DEBUG,
383 "hostapd_wmm_action - unknown action code %d",
384 action_code);
385 }
386