xref: /freebsd/contrib/wpa/src/ap/wmm.c (revision 7aa65846327fe5bc7e5961c2f7fd0c61f2ec0b01) 
1 /*
2  * hostapd / WMM (Wi-Fi Multimedia)
3  * Copyright 2002-2003, Instant802 Networks, Inc.
4  * Copyright 2005-2006, Devicescape Software, Inc.
5  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  *
11  * Alternatively, this software may be distributed under the terms of BSD
12  * license.
13  *
14  * See README and COPYING for more details.
15  */
16 
17 #include "utils/includes.h"
18 
19 #include "utils/common.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "hostapd.h"
23 #include "ieee802_11.h"
24 #include "sta_info.h"
25 #include "ap_config.h"
26 #include "wmm.h"
27 
28 
29 /* TODO: maintain separate sequence and fragment numbers for each AC
30  * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA
31  * if only WMM stations are receiving a certain group */
32 
33 
34 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
35 {
36 	u8 ret;
37 	ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
38 	if (acm)
39 		ret |= WMM_AC_ACM;
40 	ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
41 	return ret;
42 }
43 
44 
45 static inline u8 wmm_ecw(int ecwmin, int ecwmax)
46 {
47 	return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
48 		((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
49 }
50 
51 
52 /*
53  * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
54  * Response frames.
55  */
56 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
57 {
58 	u8 *pos = eid;
59 	struct wmm_parameter_element *wmm =
60 		(struct wmm_parameter_element *) (pos + 2);
61 	int e;
62 
63 	if (!hapd->conf->wmm_enabled)
64 		return eid;
65 	eid[0] = WLAN_EID_VENDOR_SPECIFIC;
66 	wmm->oui[0] = 0x00;
67 	wmm->oui[1] = 0x50;
68 	wmm->oui[2] = 0xf2;
69 	wmm->oui_type = WMM_OUI_TYPE;
70 	wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
71 	wmm->version = WMM_VERSION;
72 	wmm->qos_info = hapd->parameter_set_count & 0xf;
73 
74 	if (hapd->conf->wmm_uapsd)
75 		wmm->qos_info |= 0x80;
76 
77 	/* fill in a parameter set record for each AC */
78 	for (e = 0; e < 4; e++) {
79 		struct wmm_ac_parameter *ac = &wmm->ac[e];
80 		struct hostapd_wmm_ac_params *acp =
81 			&hapd->iconf->wmm_ac_params[e];
82 
83 		ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
84 					      acp->admission_control_mandatory,
85 					      e);
86 		ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
87 		ac->txop_limit = host_to_le16(acp->txop_limit);
88 	}
89 
90 	pos = (u8 *) (wmm + 1);
91 	eid[1] = pos - eid - 2; /* element length */
92 
93 	return pos;
94 }
95 
96 
97 /* This function is called when a station sends an association request with
98  * WMM info element. The function returns zero on success or non-zero on any
99  * error in WMM element. eid does not include Element ID and Length octets. */
100 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len)
101 {
102 	struct wmm_information_element *wmm;
103 
104 	wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
105 
106 	if (len < sizeof(struct wmm_information_element)) {
107 		wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
108 			   (unsigned long) len);
109 		return -1;
110 	}
111 
112 	wmm = (struct wmm_information_element *) eid;
113 	wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x  "
114 		   "OUI type %d  OUI sub-type %d  version %d  QoS info 0x%x",
115 		   wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
116 		   wmm->oui_subtype, wmm->version, wmm->qos_info);
117 	if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
118 	    wmm->version != WMM_VERSION) {
119 		wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
120 		return -1;
121 	}
122 
123 	return 0;
124 }
125 
126 
127 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
128 			    const struct wmm_tspec_element *tspec,
129 			    u8 action_code, u8 dialogue_token, u8 status_code)
130 {
131 	u8 buf[256];
132 	struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
133 	struct wmm_tspec_element *t = (struct wmm_tspec_element *)
134 		m->u.action.u.wmm_action.variable;
135 	int len;
136 
137 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
138 		       HOSTAPD_LEVEL_DEBUG,
139 		       "action response - reason %d", status_code);
140 	os_memset(buf, 0, sizeof(buf));
141 	m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
142 					WLAN_FC_STYPE_ACTION);
143 	os_memcpy(m->da, addr, ETH_ALEN);
144 	os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
145 	os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
146 	m->u.action.category = WLAN_ACTION_WMM;
147 	m->u.action.u.wmm_action.action_code = action_code;
148 	m->u.action.u.wmm_action.dialog_token = dialogue_token;
149 	m->u.action.u.wmm_action.status_code = status_code;
150 	os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
151 	len = ((u8 *) (t + 1)) - buf;
152 
153 	if (hapd->drv.send_mgmt_frame(hapd, m, len) < 0)
154 		perror("wmm_send_action: send");
155 }
156 
157 
158 int wmm_process_tspec(struct wmm_tspec_element *tspec)
159 {
160 	int medium_time, pps, duration;
161 	int up, psb, dir, tid;
162 	u16 val, surplus;
163 
164 	up = (tspec->ts_info[1] >> 3) & 0x07;
165 	psb = (tspec->ts_info[1] >> 2) & 0x01;
166 	dir = (tspec->ts_info[0] >> 5) & 0x03;
167 	tid = (tspec->ts_info[0] >> 1) & 0x0f;
168 	wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
169 		   up, psb, dir, tid);
170 	val = le_to_host16(tspec->nominal_msdu_size);
171 	wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
172 		   val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
173 	wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
174 		   le_to_host32(tspec->mean_data_rate));
175 	wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
176 		   le_to_host32(tspec->minimum_phy_rate));
177 	val = le_to_host16(tspec->surplus_bandwidth_allowance);
178 	wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
179 		   val >> 13, 10000 * (val & 0x1fff) / 0x2000);
180 
181 	val = le_to_host16(tspec->nominal_msdu_size);
182 	if (val == 0) {
183 		wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
184 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
185 	}
186 	/* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
187 	pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
188 	wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
189 		   pps);
190 
191 	if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
192 		wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
193 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
194 	}
195 
196 	duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
197 		(le_to_host32(tspec->minimum_phy_rate) / 1000000) +
198 		50 /* FIX: proper SIFS + ACK duration */;
199 
200 	/* unsigned binary number with an implicit binary point after the
201 	 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
202 	surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
203 	if (surplus <= 0x2000) {
204 		wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
205 			   "greater than unity");
206 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
207 	}
208 
209 	medium_time = surplus * pps * duration / 0x2000;
210 	wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %u", medium_time);
211 
212 	/*
213 	 * TODO: store list of granted (and still active) TSPECs and check
214 	 * whether there is available medium time for this request. For now,
215 	 * just refuse requests that would by themselves take very large
216 	 * portion of the available bandwidth.
217 	 */
218 	if (medium_time > 750000) {
219 		wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
220 			   "75%% of available bandwidth");
221 		return WMM_ADDTS_STATUS_REFUSED;
222 	}
223 
224 	/* Convert to 32 microseconds per second unit */
225 	tspec->medium_time = host_to_le16(medium_time / 32);
226 
227 	return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
228 }
229 
230 
231 static void wmm_addts_req(struct hostapd_data *hapd,
232 			  const struct ieee80211_mgmt *mgmt,
233 			  struct wmm_tspec_element *tspec, size_t len)
234 {
235 	const u8 *end = ((const u8 *) mgmt) + len;
236 	int res;
237 
238 	if ((const u8 *) (tspec + 1) > end) {
239 		wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
240 		return;
241 	}
242 
243 	wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
244 		   "from " MACSTR,
245 		   mgmt->u.action.u.wmm_action.dialog_token,
246 		   MAC2STR(mgmt->sa));
247 
248 	res = wmm_process_tspec(tspec);
249 	wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
250 
251 	wmm_send_action(hapd, mgmt->sa, tspec, WMM_ACTION_CODE_ADDTS_RESP,
252 			mgmt->u.action.u.wmm_action.dialog_token, res);
253 }
254 
255 
256 void hostapd_wmm_action(struct hostapd_data *hapd,
257 			const struct ieee80211_mgmt *mgmt, size_t len)
258 {
259 	int action_code;
260 	int left = len - IEEE80211_HDRLEN - 4;
261 	const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4;
262 	struct ieee802_11_elems elems;
263 	struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
264 
265 	/* check that the request comes from a valid station */
266 	if (!sta ||
267 	    (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
268 	    (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
269 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
270 			       HOSTAPD_LEVEL_DEBUG,
271 			       "wmm action received is not from associated wmm"
272 			       " station");
273 		/* TODO: respond with action frame refused status code */
274 		return;
275 	}
276 
277 	/* extract the tspec info element */
278 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
279 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
280 			       HOSTAPD_LEVEL_DEBUG,
281 			       "hostapd_wmm_action - could not parse wmm "
282 			       "action");
283 		/* TODO: respond with action frame invalid parameters status
284 		 * code */
285 		return;
286 	}
287 
288 	if (!elems.wmm_tspec ||
289 	    elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
290 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
291 			       HOSTAPD_LEVEL_DEBUG,
292 			       "hostapd_wmm_action - missing or wrong length "
293 			       "tspec");
294 		/* TODO: respond with action frame invalid parameters status
295 		 * code */
296 		return;
297 	}
298 
299 	/* TODO: check the request is for an AC with ACM set, if not, refuse
300 	 * request */
301 
302 	action_code = mgmt->u.action.u.wmm_action.action_code;
303 	switch (action_code) {
304 	case WMM_ACTION_CODE_ADDTS_REQ:
305 		wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
306 			      (elems.wmm_tspec - 2), len);
307 		return;
308 #if 0
309 	/* TODO: needed for client implementation */
310 	case WMM_ACTION_CODE_ADDTS_RESP:
311 		wmm_setup_request(hapd, mgmt, len);
312 		return;
313 	/* TODO: handle station teardown requests */
314 	case WMM_ACTION_CODE_DELTS:
315 		wmm_teardown(hapd, mgmt, len);
316 		return;
317 #endif
318 	}
319 
320 	hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
321 		       HOSTAPD_LEVEL_DEBUG,
322 		       "hostapd_wmm_action - unknown action code %d",
323 		       action_code);
324 }
325