xref: /netbsd-src/external/bsd/wpa/dist/src/ap/wmm.c (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*
2  * hostapd / WMM (Wi-Fi Multimedia)
3  * Copyright 2002-2003, Instant802 Networks, Inc.
4  * Copyright 2005-2006, Devicescape Software, Inc.
5  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  *
11  * Alternatively, this software may be distributed under the terms of BSD
12  * license.
13  *
14  * See README and COPYING for more details.
15  */
16 
17 #include "utils/includes.h"
18 
19 #include "utils/common.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "hostapd.h"
23 #include "ieee802_11.h"
24 #include "sta_info.h"
25 #include "ap_config.h"
26 #include "ap_drv_ops.h"
27 #include "wmm.h"
28 
29 
30 /* TODO: maintain separate sequence and fragment numbers for each AC
31  * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA
32  * if only WMM stations are receiving a certain group */
33 
34 
35 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
36 {
37 	u8 ret;
38 	ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
39 	if (acm)
40 		ret |= WMM_AC_ACM;
41 	ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
42 	return ret;
43 }
44 
45 
46 static inline u8 wmm_ecw(int ecwmin, int ecwmax)
47 {
48 	return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
49 		((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
50 }
51 
52 
53 /*
54  * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
55  * Response frames.
56  */
57 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
58 {
59 	u8 *pos = eid;
60 	struct wmm_parameter_element *wmm =
61 		(struct wmm_parameter_element *) (pos + 2);
62 	int e;
63 
64 	if (!hapd->conf->wmm_enabled)
65 		return eid;
66 	eid[0] = WLAN_EID_VENDOR_SPECIFIC;
67 	wmm->oui[0] = 0x00;
68 	wmm->oui[1] = 0x50;
69 	wmm->oui[2] = 0xf2;
70 	wmm->oui_type = WMM_OUI_TYPE;
71 	wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
72 	wmm->version = WMM_VERSION;
73 	wmm->qos_info = hapd->parameter_set_count & 0xf;
74 
75 	if (hapd->conf->wmm_uapsd)
76 		wmm->qos_info |= 0x80;
77 
78 	wmm->reserved = 0;
79 
80 	/* fill in a parameter set record for each AC */
81 	for (e = 0; e < 4; e++) {
82 		struct wmm_ac_parameter *ac = &wmm->ac[e];
83 		struct hostapd_wmm_ac_params *acp =
84 			&hapd->iconf->wmm_ac_params[e];
85 
86 		ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
87 					      acp->admission_control_mandatory,
88 					      e);
89 		ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
90 		ac->txop_limit = host_to_le16(acp->txop_limit);
91 	}
92 
93 	pos = (u8 *) (wmm + 1);
94 	eid[1] = pos - eid - 2; /* element length */
95 
96 	return pos;
97 }
98 
99 
100 /*
101  * This function is called when a station sends an association request with
102  * WMM info element. The function returns 1 on success or 0 on any error in WMM
103  * element. eid does not include Element ID and Length octets.
104  */
105 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len)
106 {
107 	struct wmm_information_element *wmm;
108 
109 	wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
110 
111 	if (len < sizeof(struct wmm_information_element)) {
112 		wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
113 			   (unsigned long) len);
114 		return 0;
115 	}
116 
117 	wmm = (struct wmm_information_element *) eid;
118 	wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x  "
119 		   "OUI type %d  OUI sub-type %d  version %d  QoS info 0x%x",
120 		   wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
121 		   wmm->oui_subtype, wmm->version, wmm->qos_info);
122 	if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
123 	    wmm->version != WMM_VERSION) {
124 		wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
125 		return 0;
126 	}
127 
128 	return 1;
129 }
130 
131 
132 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
133 			    const struct wmm_tspec_element *tspec,
134 			    u8 action_code, u8 dialogue_token, u8 status_code)
135 {
136 	u8 buf[256];
137 	struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
138 	struct wmm_tspec_element *t = (struct wmm_tspec_element *)
139 		m->u.action.u.wmm_action.variable;
140 	int len;
141 
142 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
143 		       HOSTAPD_LEVEL_DEBUG,
144 		       "action response - reason %d", status_code);
145 	os_memset(buf, 0, sizeof(buf));
146 	m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
147 					WLAN_FC_STYPE_ACTION);
148 	os_memcpy(m->da, addr, ETH_ALEN);
149 	os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
150 	os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
151 	m->u.action.category = WLAN_ACTION_WMM;
152 	m->u.action.u.wmm_action.action_code = action_code;
153 	m->u.action.u.wmm_action.dialog_token = dialogue_token;
154 	m->u.action.u.wmm_action.status_code = status_code;
155 	os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
156 	len = ((u8 *) (t + 1)) - buf;
157 
158 	if (hostapd_drv_send_mlme(hapd, m, len) < 0)
159 		perror("wmm_send_action: send");
160 }
161 
162 
163 int wmm_process_tspec(struct wmm_tspec_element *tspec)
164 {
165 	int medium_time, pps, duration;
166 	int up, psb, dir, tid;
167 	u16 val, surplus;
168 
169 	up = (tspec->ts_info[1] >> 3) & 0x07;
170 	psb = (tspec->ts_info[1] >> 2) & 0x01;
171 	dir = (tspec->ts_info[0] >> 5) & 0x03;
172 	tid = (tspec->ts_info[0] >> 1) & 0x0f;
173 	wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
174 		   up, psb, dir, tid);
175 	val = le_to_host16(tspec->nominal_msdu_size);
176 	wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
177 		   val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
178 	wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
179 		   le_to_host32(tspec->mean_data_rate));
180 	wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
181 		   le_to_host32(tspec->minimum_phy_rate));
182 	val = le_to_host16(tspec->surplus_bandwidth_allowance);
183 	wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
184 		   val >> 13, 10000 * (val & 0x1fff) / 0x2000);
185 
186 	val = le_to_host16(tspec->nominal_msdu_size);
187 	if (val == 0) {
188 		wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
189 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
190 	}
191 	/* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
192 	pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
193 	wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
194 		   pps);
195 
196 	if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
197 		wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
198 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
199 	}
200 
201 	duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
202 		(le_to_host32(tspec->minimum_phy_rate) / 1000000) +
203 		50 /* FIX: proper SIFS + ACK duration */;
204 
205 	/* unsigned binary number with an implicit binary point after the
206 	 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
207 	surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
208 	if (surplus <= 0x2000) {
209 		wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
210 			   "greater than unity");
211 		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
212 	}
213 
214 	medium_time = surplus * pps * duration / 0x2000;
215 	wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %u", medium_time);
216 
217 	/*
218 	 * TODO: store list of granted (and still active) TSPECs and check
219 	 * whether there is available medium time for this request. For now,
220 	 * just refuse requests that would by themselves take very large
221 	 * portion of the available bandwidth.
222 	 */
223 	if (medium_time > 750000) {
224 		wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
225 			   "75%% of available bandwidth");
226 		return WMM_ADDTS_STATUS_REFUSED;
227 	}
228 
229 	/* Convert to 32 microseconds per second unit */
230 	tspec->medium_time = host_to_le16(medium_time / 32);
231 
232 	return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
233 }
234 
235 
236 static void wmm_addts_req(struct hostapd_data *hapd,
237 			  const struct ieee80211_mgmt *mgmt,
238 			  struct wmm_tspec_element *tspec, size_t len)
239 {
240 	const u8 *end = ((const u8 *) mgmt) + len;
241 	int res;
242 
243 	if ((const u8 *) (tspec + 1) > end) {
244 		wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
245 		return;
246 	}
247 
248 	wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
249 		   "from " MACSTR,
250 		   mgmt->u.action.u.wmm_action.dialog_token,
251 		   MAC2STR(mgmt->sa));
252 
253 	res = wmm_process_tspec(tspec);
254 	wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
255 
256 	wmm_send_action(hapd, mgmt->sa, tspec, WMM_ACTION_CODE_ADDTS_RESP,
257 			mgmt->u.action.u.wmm_action.dialog_token, res);
258 }
259 
260 
261 void hostapd_wmm_action(struct hostapd_data *hapd,
262 			const struct ieee80211_mgmt *mgmt, size_t len)
263 {
264 	int action_code;
265 	int left = len - IEEE80211_HDRLEN - 4;
266 	const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4;
267 	struct ieee802_11_elems elems;
268 	struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
269 
270 	/* check that the request comes from a valid station */
271 	if (!sta ||
272 	    (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
273 	    (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
274 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
275 			       HOSTAPD_LEVEL_DEBUG,
276 			       "wmm action received is not from associated wmm"
277 			       " station");
278 		/* TODO: respond with action frame refused status code */
279 		return;
280 	}
281 
282 	/* extract the tspec info element */
283 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
284 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
285 			       HOSTAPD_LEVEL_DEBUG,
286 			       "hostapd_wmm_action - could not parse wmm "
287 			       "action");
288 		/* TODO: respond with action frame invalid parameters status
289 		 * code */
290 		return;
291 	}
292 
293 	if (!elems.wmm_tspec ||
294 	    elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
295 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
296 			       HOSTAPD_LEVEL_DEBUG,
297 			       "hostapd_wmm_action - missing or wrong length "
298 			       "tspec");
299 		/* TODO: respond with action frame invalid parameters status
300 		 * code */
301 		return;
302 	}
303 
304 	/* TODO: check the request is for an AC with ACM set, if not, refuse
305 	 * request */
306 
307 	action_code = mgmt->u.action.u.wmm_action.action_code;
308 	switch (action_code) {
309 	case WMM_ACTION_CODE_ADDTS_REQ:
310 		wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
311 			      (elems.wmm_tspec - 2), len);
312 		return;
313 #if 0
314 	/* TODO: needed for client implementation */
315 	case WMM_ACTION_CODE_ADDTS_RESP:
316 		wmm_setup_request(hapd, mgmt, len);
317 		return;
318 	/* TODO: handle station teardown requests */
319 	case WMM_ACTION_CODE_DELTS:
320 		wmm_teardown(hapd, mgmt, len);
321 		return;
322 #endif
323 	}
324 
325 	hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
326 		       HOSTAPD_LEVEL_DEBUG,
327 		       "hostapd_wmm_action - unknown action code %d",
328 		       action_code);
329 }
330