1 /* 2 * hostapd / WMM (Wi-Fi Multimedia) 3 * Copyright 2002-2003, Instant802 Networks, Inc. 4 * Copyright 2005-2006, Devicescape Software, Inc. 5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "utils/includes.h" 12 13 #include "utils/common.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "hostapd.h" 17 #include "ieee802_11.h" 18 #include "sta_info.h" 19 #include "ap_config.h" 20 #include "ap_drv_ops.h" 21 #include "wmm.h" 22 23 #ifndef MIN 24 #define MIN(a, b) (((a) < (b)) ? (a) : (b)) 25 #endif 26 #ifndef MAX 27 #define MAX(a, b) (((a) > (b)) ? (a) : (b)) 28 #endif 29 30 31 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci) 32 { 33 u8 ret; 34 ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK; 35 if (acm) 36 ret |= WMM_AC_ACM; 37 ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK; 38 return ret; 39 } 40 41 42 static inline u8 wmm_ecw(int ecwmin, int ecwmax) 43 { 44 return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) | 45 ((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK); 46 } 47 48 49 static void 50 wmm_set_regulatory_limit(const struct hostapd_wmm_ac_params *wmm_conf, 51 struct hostapd_wmm_ac_params *wmm, 52 const struct hostapd_wmm_rule *wmm_reg) 53 { 54 int ac; 55 56 for (ac = 0; ac < WMM_AC_NUM; ac++) { 57 wmm[ac].cwmin = MAX(wmm_conf[ac].cwmin, wmm_reg[ac].min_cwmin); 58 wmm[ac].cwmax = MAX(wmm_conf[ac].cwmax, wmm_reg[ac].min_cwmax); 59 wmm[ac].aifs = MAX(wmm_conf[ac].aifs, wmm_reg[ac].min_aifs); 60 wmm[ac].txop_limit = 61 MIN(wmm_conf[ac].txop_limit, wmm_reg[ac].max_txop); 62 wmm[ac].admission_control_mandatory = 63 wmm_conf[ac].admission_control_mandatory; 64 } 65 } 66 67 68 /* 69 * Calculate WMM regulatory limit if any. 70 */ 71 static void wmm_calc_regulatory_limit(struct hostapd_data *hapd, 72 struct hostapd_wmm_ac_params *acp) 73 { 74 struct hostapd_hw_modes *mode = hapd->iface->current_mode; 75 int c; 76 77 os_memcpy(acp, hapd->iconf->wmm_ac_params, 78 sizeof(hapd->iconf->wmm_ac_params)); 79 80 for (c = 0; mode && c < mode->num_channels; c++) { 81 struct hostapd_channel_data *chan = &mode->channels[c]; 82 83 if (chan->freq != hapd->iface->freq) 84 continue; 85 86 if (chan->wmm_rules_valid) 87 wmm_set_regulatory_limit(hapd->iconf->wmm_ac_params, 88 acp, chan->wmm_rules); 89 break; 90 } 91 92 /* 93 * Check if we need to update set count. Since both were initialized to 94 * zero we can compare the whole array in one shot. 95 */ 96 if (os_memcmp(acp, hapd->iface->prev_wmm, 97 sizeof(hapd->iconf->wmm_ac_params)) != 0) { 98 os_memcpy(hapd->iface->prev_wmm, acp, 99 sizeof(hapd->iconf->wmm_ac_params)); 100 hapd->parameter_set_count++; 101 } 102 } 103 104 105 /* 106 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association 107 * Response frames. 108 */ 109 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid) 110 { 111 u8 *pos = eid; 112 struct wmm_parameter_element *wmm = 113 (struct wmm_parameter_element *) (pos + 2); 114 struct hostapd_wmm_ac_params wmmp[WMM_AC_NUM]; 115 int e; 116 117 os_memset(wmmp, 0, sizeof(wmmp)); 118 119 if (!hapd->conf->wmm_enabled) 120 return eid; 121 wmm_calc_regulatory_limit(hapd, wmmp); 122 eid[0] = WLAN_EID_VENDOR_SPECIFIC; 123 wmm->oui[0] = 0x00; 124 wmm->oui[1] = 0x50; 125 wmm->oui[2] = 0xf2; 126 wmm->oui_type = WMM_OUI_TYPE; 127 wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT; 128 wmm->version = WMM_VERSION; 129 wmm->qos_info = hapd->parameter_set_count & 0xf; 130 131 if (hapd->conf->wmm_uapsd && 132 (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD)) 133 wmm->qos_info |= 0x80; 134 135 wmm->reserved = 0; 136 137 /* fill in a parameter set record for each AC */ 138 for (e = 0; e < 4; e++) { 139 struct wmm_ac_parameter *ac = &wmm->ac[e]; 140 struct hostapd_wmm_ac_params *acp = &wmmp[e]; 141 142 ac->aci_aifsn = wmm_aci_aifsn(acp->aifs, 143 acp->admission_control_mandatory, 144 e); 145 ac->cw = wmm_ecw(acp->cwmin, acp->cwmax); 146 ac->txop_limit = host_to_le16(acp->txop_limit); 147 } 148 149 pos = (u8 *) (wmm + 1); 150 eid[1] = pos - eid - 2; /* element length */ 151 152 return pos; 153 } 154 155 156 /* 157 * This function is called when a station sends an association request with 158 * WMM info element. The function returns 1 on success or 0 on any error in WMM 159 * element. eid does not include Element ID and Length octets. 160 */ 161 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len) 162 { 163 struct wmm_information_element *wmm; 164 165 wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len); 166 167 if (len < sizeof(struct wmm_information_element)) { 168 wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)", 169 (unsigned long) len); 170 return 0; 171 } 172 173 wmm = (struct wmm_information_element *) eid; 174 wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x " 175 "OUI type %d OUI sub-type %d version %d QoS info 0x%x", 176 wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type, 177 wmm->oui_subtype, wmm->version, wmm->qos_info); 178 if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT || 179 wmm->version != WMM_VERSION) { 180 wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version"); 181 return 0; 182 } 183 184 return 1; 185 } 186 187 188 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr, 189 const struct wmm_tspec_element *tspec, 190 u8 action_code, u8 dialogue_token, u8 status_code) 191 { 192 u8 buf[256]; 193 struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf; 194 struct wmm_tspec_element *t = (struct wmm_tspec_element *) 195 m->u.action.u.wmm_action.variable; 196 int len; 197 198 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 199 HOSTAPD_LEVEL_DEBUG, 200 "action response - reason %d", status_code); 201 os_memset(buf, 0, sizeof(buf)); 202 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 203 WLAN_FC_STYPE_ACTION); 204 os_memcpy(m->da, addr, ETH_ALEN); 205 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN); 206 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN); 207 m->u.action.category = WLAN_ACTION_WMM; 208 m->u.action.u.wmm_action.action_code = action_code; 209 m->u.action.u.wmm_action.dialog_token = dialogue_token; 210 m->u.action.u.wmm_action.status_code = status_code; 211 os_memcpy(t, tspec, sizeof(struct wmm_tspec_element)); 212 len = ((u8 *) (t + 1)) - buf; 213 214 if (hostapd_drv_send_mlme(hapd, m, len, 0, NULL, 0, 0) < 0) 215 wpa_printf(MSG_INFO, "wmm_send_action: send failed"); 216 } 217 218 219 int wmm_process_tspec(struct wmm_tspec_element *tspec) 220 { 221 u64 medium_time; 222 unsigned int pps, duration; 223 unsigned int up, psb, dir, tid; 224 u16 val, surplus; 225 226 up = (tspec->ts_info[1] >> 3) & 0x07; 227 psb = (tspec->ts_info[1] >> 2) & 0x01; 228 dir = (tspec->ts_info[0] >> 5) & 0x03; 229 tid = (tspec->ts_info[0] >> 1) & 0x0f; 230 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d", 231 up, psb, dir, tid); 232 val = le_to_host16(tspec->nominal_msdu_size); 233 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s", 234 val & 0x7fff, val & 0x8000 ? " (fixed)" : ""); 235 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps", 236 le_to_host32(tspec->mean_data_rate)); 237 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps", 238 le_to_host32(tspec->minimum_phy_rate)); 239 val = le_to_host16(tspec->surplus_bandwidth_allowance); 240 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u", 241 val >> 13, 10000 * (val & 0x1fff) / 0x2000); 242 243 val = le_to_host16(tspec->nominal_msdu_size); 244 if (val == 0) { 245 wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)"); 246 return WMM_ADDTS_STATUS_INVALID_PARAMETERS; 247 } 248 /* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */ 249 pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val; 250 wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d", 251 pps); 252 253 if (le_to_host32(tspec->minimum_phy_rate) < 1000000) { 254 wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate"); 255 return WMM_ADDTS_STATUS_INVALID_PARAMETERS; 256 } 257 258 duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 / 259 (le_to_host32(tspec->minimum_phy_rate) / 1000000) + 260 50 /* FIX: proper SIFS + ACK duration */; 261 262 /* unsigned binary number with an implicit binary point after the 263 * leftmost 3 bits, i.e., 0x2000 = 1.0 */ 264 surplus = le_to_host16(tspec->surplus_bandwidth_allowance); 265 if (surplus <= 0x2000) { 266 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not " 267 "greater than unity"); 268 return WMM_ADDTS_STATUS_INVALID_PARAMETERS; 269 } 270 271 medium_time = (u64) surplus * pps * duration / 0x2000; 272 wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %lu", 273 (unsigned long) medium_time); 274 275 /* 276 * TODO: store list of granted (and still active) TSPECs and check 277 * whether there is available medium time for this request. For now, 278 * just refuse requests that would by themselves take very large 279 * portion of the available bandwidth. 280 */ 281 if (medium_time > 750000) { 282 wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over " 283 "75%% of available bandwidth"); 284 return WMM_ADDTS_STATUS_REFUSED; 285 } 286 287 /* Convert to 32 microseconds per second unit */ 288 tspec->medium_time = host_to_le16(medium_time / 32); 289 290 return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED; 291 } 292 293 294 static void wmm_addts_req(struct hostapd_data *hapd, 295 const struct ieee80211_mgmt *mgmt, 296 const struct wmm_tspec_element *tspec, size_t len) 297 { 298 const u8 *end = ((const u8 *) mgmt) + len; 299 int res; 300 struct wmm_tspec_element tspec_resp; 301 302 if ((const u8 *) (tspec + 1) > end) { 303 wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request"); 304 return; 305 } 306 307 wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC " 308 "from " MACSTR, 309 mgmt->u.action.u.wmm_action.dialog_token, 310 MAC2STR(mgmt->sa)); 311 312 os_memcpy(&tspec_resp, tspec, sizeof(struct wmm_tspec_element)); 313 res = wmm_process_tspec(&tspec_resp); 314 wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res); 315 316 wmm_send_action(hapd, mgmt->sa, &tspec_resp, WMM_ACTION_CODE_ADDTS_RESP, 317 mgmt->u.action.u.wmm_action.dialog_token, res); 318 } 319 320 321 void hostapd_wmm_action(struct hostapd_data *hapd, 322 const struct ieee80211_mgmt *mgmt, size_t len) 323 { 324 int action_code; 325 int left = len - IEEE80211_HDRLEN - 4; 326 const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4; 327 struct ieee802_11_elems elems; 328 struct sta_info *sta = ap_get_sta(hapd, mgmt->sa); 329 330 /* check that the request comes from a valid station */ 331 if (!sta || 332 (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) != 333 (WLAN_STA_ASSOC | WLAN_STA_WMM)) { 334 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 335 HOSTAPD_LEVEL_DEBUG, 336 "wmm action received is not from associated wmm" 337 " station"); 338 /* TODO: respond with action frame refused status code */ 339 return; 340 } 341 342 if (left < 0) 343 return; /* not a valid WMM Action frame */ 344 345 /* extract the tspec info element */ 346 if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { 347 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 348 HOSTAPD_LEVEL_DEBUG, 349 "hostapd_wmm_action - could not parse wmm " 350 "action"); 351 /* TODO: respond with action frame invalid parameters status 352 * code */ 353 return; 354 } 355 356 if (!elems.wmm_tspec || 357 elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) { 358 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 359 HOSTAPD_LEVEL_DEBUG, 360 "hostapd_wmm_action - missing or wrong length " 361 "tspec"); 362 /* TODO: respond with action frame invalid parameters status 363 * code */ 364 return; 365 } 366 367 /* TODO: check the request is for an AC with ACM set, if not, refuse 368 * request */ 369 370 action_code = mgmt->u.action.u.wmm_action.action_code; 371 switch (action_code) { 372 case WMM_ACTION_CODE_ADDTS_REQ: 373 wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *) 374 (elems.wmm_tspec - 2), len); 375 return; 376 #if 0 377 /* TODO: needed for client implementation */ 378 case WMM_ACTION_CODE_ADDTS_RESP: 379 wmm_setup_request(hapd, mgmt, len); 380 return; 381 /* TODO: handle station teardown requests */ 382 case WMM_ACTION_CODE_DELTS: 383 wmm_teardown(hapd, mgmt, len); 384 return; 385 #endif 386 } 387 388 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 389 HOSTAPD_LEVEL_DEBUG, 390 "hostapd_wmm_action - unknown action code %d", 391 action_code); 392 } 393