1 /*
2 * hostapd / WMM (Wi-Fi Multimedia)
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #include "utils/common.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "hostapd.h"
17 #include "ieee802_11.h"
18 #include "sta_info.h"
19 #include "ap_config.h"
20 #include "ap_drv_ops.h"
21 #include "wmm.h"
22
23 #ifndef MIN
24 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
25 #endif
26 #ifndef MAX
27 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
28 #endif
29
30
wmm_aci_aifsn(int aifsn,int acm,int aci)31 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
32 {
33 u8 ret;
34 ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
35 if (acm)
36 ret |= WMM_AC_ACM;
37 ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
38 return ret;
39 }
40
41
wmm_ecw(int ecwmin,int ecwmax)42 static inline u8 wmm_ecw(int ecwmin, int ecwmax)
43 {
44 return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
45 ((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
46 }
47
48
49 static void
wmm_set_regulatory_limit(const struct hostapd_wmm_ac_params * wmm_conf,struct hostapd_wmm_ac_params * wmm,const struct hostapd_wmm_rule * wmm_reg)50 wmm_set_regulatory_limit(const struct hostapd_wmm_ac_params *wmm_conf,
51 struct hostapd_wmm_ac_params *wmm,
52 const struct hostapd_wmm_rule *wmm_reg)
53 {
54 int ac;
55
56 for (ac = 0; ac < WMM_AC_NUM; ac++) {
57 wmm[ac].cwmin = MAX(wmm_conf[ac].cwmin, wmm_reg[ac].min_cwmin);
58 wmm[ac].cwmax = MAX(wmm_conf[ac].cwmax, wmm_reg[ac].min_cwmax);
59 wmm[ac].aifs = MAX(wmm_conf[ac].aifs, wmm_reg[ac].min_aifs);
60 wmm[ac].txop_limit =
61 MIN(wmm_conf[ac].txop_limit, wmm_reg[ac].max_txop);
62 wmm[ac].admission_control_mandatory =
63 wmm_conf[ac].admission_control_mandatory;
64 }
65 }
66
67
68 /*
69 * Calculate WMM regulatory limit if any.
70 */
wmm_calc_regulatory_limit(struct hostapd_data * hapd,struct hostapd_wmm_ac_params * acp)71 static void wmm_calc_regulatory_limit(struct hostapd_data *hapd,
72 struct hostapd_wmm_ac_params *acp)
73 {
74 struct hostapd_hw_modes *mode = hapd->iface->current_mode;
75 int c;
76
77 os_memcpy(acp, hapd->iconf->wmm_ac_params,
78 sizeof(hapd->iconf->wmm_ac_params));
79
80 for (c = 0; mode && c < mode->num_channels; c++) {
81 struct hostapd_channel_data *chan = &mode->channels[c];
82
83 if (chan->freq != hapd->iface->freq)
84 continue;
85
86 if (chan->wmm_rules_valid)
87 wmm_set_regulatory_limit(hapd->iconf->wmm_ac_params,
88 acp, chan->wmm_rules);
89 break;
90 }
91
92 /*
93 * Check if we need to update set count. Since both were initialized to
94 * zero we can compare the whole array in one shot.
95 */
96 if (os_memcmp(acp, hapd->iface->prev_wmm,
97 sizeof(hapd->iconf->wmm_ac_params)) != 0) {
98 os_memcpy(hapd->iface->prev_wmm, acp,
99 sizeof(hapd->iconf->wmm_ac_params));
100 hapd->parameter_set_count++;
101 }
102 }
103
104
105 /*
106 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
107 * Response frames.
108 */
hostapd_eid_wmm(struct hostapd_data * hapd,u8 * eid)109 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
110 {
111 u8 *pos = eid;
112 struct wmm_parameter_element *wmm =
113 (struct wmm_parameter_element *) (pos + 2);
114 struct hostapd_wmm_ac_params wmmp[WMM_AC_NUM];
115 int e;
116
117 os_memset(wmmp, 0, sizeof(wmmp));
118
119 if (!hapd->conf->wmm_enabled)
120 return eid;
121 wmm_calc_regulatory_limit(hapd, wmmp);
122 eid[0] = WLAN_EID_VENDOR_SPECIFIC;
123 wmm->oui[0] = 0x00;
124 wmm->oui[1] = 0x50;
125 wmm->oui[2] = 0xf2;
126 wmm->oui_type = WMM_OUI_TYPE;
127 wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
128 wmm->version = WMM_VERSION;
129 wmm->qos_info = hapd->parameter_set_count & 0xf;
130
131 if (hapd->conf->wmm_uapsd &&
132 (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
133 wmm->qos_info |= 0x80;
134
135 wmm->reserved = 0;
136
137 /* fill in a parameter set record for each AC */
138 for (e = 0; e < 4; e++) {
139 struct wmm_ac_parameter *ac = &wmm->ac[e];
140 struct hostapd_wmm_ac_params *acp = &wmmp[e];
141
142 ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
143 acp->admission_control_mandatory,
144 e);
145 ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
146 ac->txop_limit = host_to_le16(acp->txop_limit);
147 }
148
149 pos = (u8 *) (wmm + 1);
150 eid[1] = pos - eid - 2; /* element length */
151
152 return pos;
153 }
154
155
156 /*
157 * This function is called when a station sends an association request with
158 * WMM info element. The function returns 1 on success or 0 on any error in WMM
159 * element. eid does not include Element ID and Length octets.
160 */
hostapd_eid_wmm_valid(struct hostapd_data * hapd,const u8 * eid,size_t len)161 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len)
162 {
163 struct wmm_information_element *wmm;
164
165 wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
166
167 if (len < sizeof(struct wmm_information_element)) {
168 wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
169 (unsigned long) len);
170 return 0;
171 }
172
173 wmm = (struct wmm_information_element *) eid;
174 wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x "
175 "OUI type %d OUI sub-type %d version %d QoS info 0x%x",
176 wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
177 wmm->oui_subtype, wmm->version, wmm->qos_info);
178 if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
179 wmm->version != WMM_VERSION) {
180 wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
181 return 0;
182 }
183
184 return 1;
185 }
186
187
wmm_send_action(struct hostapd_data * hapd,const u8 * addr,const struct wmm_tspec_element * tspec,u8 action_code,u8 dialogue_token,u8 status_code)188 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
189 const struct wmm_tspec_element *tspec,
190 u8 action_code, u8 dialogue_token, u8 status_code)
191 {
192 u8 buf[256];
193 struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
194 struct wmm_tspec_element *t = (struct wmm_tspec_element *)
195 m->u.action.u.wmm_action.variable;
196 int len;
197
198 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
199 HOSTAPD_LEVEL_DEBUG,
200 "action response - reason %d", status_code);
201 os_memset(buf, 0, sizeof(buf));
202 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
203 WLAN_FC_STYPE_ACTION);
204 os_memcpy(m->da, addr, ETH_ALEN);
205 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
206 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
207 m->u.action.category = WLAN_ACTION_WMM;
208 m->u.action.u.wmm_action.action_code = action_code;
209 m->u.action.u.wmm_action.dialog_token = dialogue_token;
210 m->u.action.u.wmm_action.status_code = status_code;
211 os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
212 len = ((u8 *) (t + 1)) - buf;
213
214 if (hostapd_drv_send_mlme(hapd, m, len, 0, NULL, 0, 0) < 0)
215 wpa_printf(MSG_INFO, "wmm_send_action: send failed");
216 }
217
218
wmm_process_tspec(struct wmm_tspec_element * tspec)219 int wmm_process_tspec(struct wmm_tspec_element *tspec)
220 {
221 u64 medium_time;
222 unsigned int pps, duration;
223 unsigned int up, psb, dir, tid;
224 u16 val, surplus;
225
226 up = (tspec->ts_info[1] >> 3) & 0x07;
227 psb = (tspec->ts_info[1] >> 2) & 0x01;
228 dir = (tspec->ts_info[0] >> 5) & 0x03;
229 tid = (tspec->ts_info[0] >> 1) & 0x0f;
230 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
231 up, psb, dir, tid);
232 val = le_to_host16(tspec->nominal_msdu_size);
233 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
234 val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
235 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
236 le_to_host32(tspec->mean_data_rate));
237 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
238 le_to_host32(tspec->minimum_phy_rate));
239 val = le_to_host16(tspec->surplus_bandwidth_allowance);
240 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
241 val >> 13, 10000 * (val & 0x1fff) / 0x2000);
242
243 val = le_to_host16(tspec->nominal_msdu_size);
244 if (val == 0) {
245 wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
246 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
247 }
248 /* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
249 pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
250 wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
251 pps);
252
253 if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
254 wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
255 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
256 }
257
258 duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
259 (le_to_host32(tspec->minimum_phy_rate) / 1000000) +
260 50 /* FIX: proper SIFS + ACK duration */;
261
262 /* unsigned binary number with an implicit binary point after the
263 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
264 surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
265 if (surplus <= 0x2000) {
266 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
267 "greater than unity");
268 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
269 }
270
271 medium_time = (u64) surplus * pps * duration / 0x2000;
272 wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %lu",
273 (unsigned long) medium_time);
274
275 /*
276 * TODO: store list of granted (and still active) TSPECs and check
277 * whether there is available medium time for this request. For now,
278 * just refuse requests that would by themselves take very large
279 * portion of the available bandwidth.
280 */
281 if (medium_time > 750000) {
282 wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
283 "75%% of available bandwidth");
284 return WMM_ADDTS_STATUS_REFUSED;
285 }
286
287 /* Convert to 32 microseconds per second unit */
288 tspec->medium_time = host_to_le16(medium_time / 32);
289
290 return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
291 }
292
293
wmm_addts_req(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,const struct wmm_tspec_element * tspec,size_t len)294 static void wmm_addts_req(struct hostapd_data *hapd,
295 const struct ieee80211_mgmt *mgmt,
296 const struct wmm_tspec_element *tspec, size_t len)
297 {
298 const u8 *end = ((const u8 *) mgmt) + len;
299 int res;
300 struct wmm_tspec_element tspec_resp;
301
302 if ((const u8 *) (tspec + 1) > end) {
303 wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
304 return;
305 }
306
307 wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
308 "from " MACSTR,
309 mgmt->u.action.u.wmm_action.dialog_token,
310 MAC2STR(mgmt->sa));
311
312 os_memcpy(&tspec_resp, tspec, sizeof(struct wmm_tspec_element));
313 res = wmm_process_tspec(&tspec_resp);
314 wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
315
316 wmm_send_action(hapd, mgmt->sa, &tspec_resp, WMM_ACTION_CODE_ADDTS_RESP,
317 mgmt->u.action.u.wmm_action.dialog_token, res);
318 }
319
320
hostapd_wmm_action(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)321 void hostapd_wmm_action(struct hostapd_data *hapd,
322 const struct ieee80211_mgmt *mgmt, size_t len)
323 {
324 int action_code;
325 int left = len - IEEE80211_HDRLEN - 4;
326 const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4;
327 struct ieee802_11_elems elems;
328 struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
329
330 /* check that the request comes from a valid station */
331 if (!sta ||
332 (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
333 (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
334 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
335 HOSTAPD_LEVEL_DEBUG,
336 "wmm action received is not from associated wmm"
337 " station");
338 /* TODO: respond with action frame refused status code */
339 return;
340 }
341
342 if (left < 0)
343 return; /* not a valid WMM Action frame */
344
345 /* extract the tspec info element */
346 if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
347 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
348 HOSTAPD_LEVEL_DEBUG,
349 "hostapd_wmm_action - could not parse wmm "
350 "action");
351 /* TODO: respond with action frame invalid parameters status
352 * code */
353 return;
354 }
355
356 if (!elems.wmm_tspec ||
357 elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
358 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
359 HOSTAPD_LEVEL_DEBUG,
360 "hostapd_wmm_action - missing or wrong length "
361 "tspec");
362 /* TODO: respond with action frame invalid parameters status
363 * code */
364 return;
365 }
366
367 /* TODO: check the request is for an AC with ACM set, if not, refuse
368 * request */
369
370 action_code = mgmt->u.action.u.wmm_action.action_code;
371 switch (action_code) {
372 case WMM_ACTION_CODE_ADDTS_REQ:
373 wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
374 (elems.wmm_tspec - 2), len);
375 return;
376 #if 0
377 /* TODO: needed for client implementation */
378 case WMM_ACTION_CODE_ADDTS_RESP:
379 wmm_setup_request(hapd, mgmt, len);
380 return;
381 /* TODO: handle station teardown requests */
382 case WMM_ACTION_CODE_DELTS:
383 wmm_teardown(hapd, mgmt, len);
384 return;
385 #endif
386 }
387
388 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
389 HOSTAPD_LEVEL_DEBUG,
390 "hostapd_wmm_action - unknown action code %d",
391 action_code);
392 }
393