2 * hostapd / WMM (Wi-Fi Multimedia)
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
11 #include "utils/includes.h"
13 #include "utils/common.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
17 #include "ieee802_11.h"
19 #include "ap_config.h"
20 #include "ap_drv_ops.h"
24 /* TODO: maintain separate sequence and fragment numbers for each AC
25 * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA
26 * if only WMM stations are receiving a certain group */
29 static inline u8
wmm_aci_aifsn(int aifsn
, int acm
, int aci
)
32 ret
= (aifsn
<< WMM_AC_AIFNS_SHIFT
) & WMM_AC_AIFSN_MASK
;
35 ret
|= (aci
<< WMM_AC_ACI_SHIFT
) & WMM_AC_ACI_MASK
;
40 static inline u8
wmm_ecw(int ecwmin
, int ecwmax
)
42 return ((ecwmin
<< WMM_AC_ECWMIN_SHIFT
) & WMM_AC_ECWMIN_MASK
) |
43 ((ecwmax
<< WMM_AC_ECWMAX_SHIFT
) & WMM_AC_ECWMAX_MASK
);
48 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
51 u8
* hostapd_eid_wmm(struct hostapd_data
*hapd
, u8
*eid
)
54 struct wmm_parameter_element
*wmm
=
55 (struct wmm_parameter_element
*) (pos
+ 2);
58 if (!hapd
->conf
->wmm_enabled
)
60 eid
[0] = WLAN_EID_VENDOR_SPECIFIC
;
64 wmm
->oui_type
= WMM_OUI_TYPE
;
65 wmm
->oui_subtype
= WMM_OUI_SUBTYPE_PARAMETER_ELEMENT
;
66 wmm
->version
= WMM_VERSION
;
67 wmm
->qos_info
= hapd
->parameter_set_count
& 0xf;
69 if (hapd
->conf
->wmm_uapsd
&&
70 (hapd
->iface
->drv_flags
& WPA_DRIVER_FLAGS_AP_UAPSD
))
71 wmm
->qos_info
|= 0x80;
75 /* fill in a parameter set record for each AC */
76 for (e
= 0; e
< 4; e
++) {
77 struct wmm_ac_parameter
*ac
= &wmm
->ac
[e
];
78 struct hostapd_wmm_ac_params
*acp
=
79 &hapd
->iconf
->wmm_ac_params
[e
];
81 ac
->aci_aifsn
= wmm_aci_aifsn(acp
->aifs
,
82 acp
->admission_control_mandatory
,
84 ac
->cw
= wmm_ecw(acp
->cwmin
, acp
->cwmax
);
85 ac
->txop_limit
= host_to_le16(acp
->txop_limit
);
88 pos
= (u8
*) (wmm
+ 1);
89 eid
[1] = pos
- eid
- 2; /* element length */
96 * This function is called when a station sends an association request with
97 * WMM info element. The function returns 1 on success or 0 on any error in WMM
98 * element. eid does not include Element ID and Length octets.
100 int hostapd_eid_wmm_valid(struct hostapd_data
*hapd
, const u8
*eid
, size_t len
)
102 struct wmm_information_element
*wmm
;
104 wpa_hexdump(MSG_MSGDUMP
, "WMM IE", eid
, len
);
106 if (len
< sizeof(struct wmm_information_element
)) {
107 wpa_printf(MSG_DEBUG
, "Too short WMM IE (len=%lu)",
108 (unsigned long) len
);
112 wmm
= (struct wmm_information_element
*) eid
;
113 wpa_printf(MSG_DEBUG
, "Validating WMM IE: OUI %02x:%02x:%02x "
114 "OUI type %d OUI sub-type %d version %d QoS info 0x%x",
115 wmm
->oui
[0], wmm
->oui
[1], wmm
->oui
[2], wmm
->oui_type
,
116 wmm
->oui_subtype
, wmm
->version
, wmm
->qos_info
);
117 if (wmm
->oui_subtype
!= WMM_OUI_SUBTYPE_INFORMATION_ELEMENT
||
118 wmm
->version
!= WMM_VERSION
) {
119 wpa_printf(MSG_DEBUG
, "Unsupported WMM IE Subtype/Version");
127 static void wmm_send_action(struct hostapd_data
*hapd
, const u8
*addr
,
128 const struct wmm_tspec_element
*tspec
,
129 u8 action_code
, u8 dialogue_token
, u8 status_code
)
132 struct ieee80211_mgmt
*m
= (struct ieee80211_mgmt
*) buf
;
133 struct wmm_tspec_element
*t
= (struct wmm_tspec_element
*)
134 m
->u
.action
.u
.wmm_action
.variable
;
137 hostapd_logger(hapd
, addr
, HOSTAPD_MODULE_IEEE80211
,
139 "action response - reason %d", status_code
);
140 os_memset(buf
, 0, sizeof(buf
));
141 m
->frame_control
= IEEE80211_FC(WLAN_FC_TYPE_MGMT
,
142 WLAN_FC_STYPE_ACTION
);
143 os_memcpy(m
->da
, addr
, ETH_ALEN
);
144 os_memcpy(m
->sa
, hapd
->own_addr
, ETH_ALEN
);
145 os_memcpy(m
->bssid
, hapd
->own_addr
, ETH_ALEN
);
146 m
->u
.action
.category
= WLAN_ACTION_WMM
;
147 m
->u
.action
.u
.wmm_action
.action_code
= action_code
;
148 m
->u
.action
.u
.wmm_action
.dialog_token
= dialogue_token
;
149 m
->u
.action
.u
.wmm_action
.status_code
= status_code
;
150 os_memcpy(t
, tspec
, sizeof(struct wmm_tspec_element
));
151 len
= ((u8
*) (t
+ 1)) - buf
;
153 if (hostapd_drv_send_mlme(hapd
, m
, len
, 0) < 0)
154 wpa_printf(MSG_INFO
, "wmm_send_action: send failed");
158 int wmm_process_tspec(struct wmm_tspec_element
*tspec
)
160 int medium_time
, pps
, duration
;
161 int up
, psb
, dir
, tid
;
164 up
= (tspec
->ts_info
[1] >> 3) & 0x07;
165 psb
= (tspec
->ts_info
[1] >> 2) & 0x01;
166 dir
= (tspec
->ts_info
[0] >> 5) & 0x03;
167 tid
= (tspec
->ts_info
[0] >> 1) & 0x0f;
168 wpa_printf(MSG_DEBUG
, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
170 val
= le_to_host16(tspec
->nominal_msdu_size
);
171 wpa_printf(MSG_DEBUG
, "WMM: Nominal MSDU Size: %d%s",
172 val
& 0x7fff, val
& 0x8000 ? " (fixed)" : "");
173 wpa_printf(MSG_DEBUG
, "WMM: Mean Data Rate: %u bps",
174 le_to_host32(tspec
->mean_data_rate
));
175 wpa_printf(MSG_DEBUG
, "WMM: Minimum PHY Rate: %u bps",
176 le_to_host32(tspec
->minimum_phy_rate
));
177 val
= le_to_host16(tspec
->surplus_bandwidth_allowance
);
178 wpa_printf(MSG_DEBUG
, "WMM: Surplus Bandwidth Allowance: %u.%04u",
179 val
>> 13, 10000 * (val
& 0x1fff) / 0x2000);
181 val
= le_to_host16(tspec
->nominal_msdu_size
);
183 wpa_printf(MSG_DEBUG
, "WMM: Invalid Nominal MSDU Size (0)");
184 return WMM_ADDTS_STATUS_INVALID_PARAMETERS
;
186 /* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
187 pps
= ((le_to_host32(tspec
->mean_data_rate
) / 8) + val
- 1) / val
;
188 wpa_printf(MSG_DEBUG
, "WMM: Packets-per-second estimate for TSPEC: %d",
191 if (le_to_host32(tspec
->minimum_phy_rate
) < 1000000) {
192 wpa_printf(MSG_DEBUG
, "WMM: Too small Minimum PHY Rate");
193 return WMM_ADDTS_STATUS_INVALID_PARAMETERS
;
196 duration
= (le_to_host16(tspec
->nominal_msdu_size
) & 0x7fff) * 8 /
197 (le_to_host32(tspec
->minimum_phy_rate
) / 1000000) +
198 50 /* FIX: proper SIFS + ACK duration */;
200 /* unsigned binary number with an implicit binary point after the
201 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
202 surplus
= le_to_host16(tspec
->surplus_bandwidth_allowance
);
203 if (surplus
<= 0x2000) {
204 wpa_printf(MSG_DEBUG
, "WMM: Surplus Bandwidth Allowance not "
205 "greater than unity");
206 return WMM_ADDTS_STATUS_INVALID_PARAMETERS
;
209 medium_time
= surplus
* pps
* duration
/ 0x2000;
210 wpa_printf(MSG_DEBUG
, "WMM: Estimated medium time: %u", medium_time
);
213 * TODO: store list of granted (and still active) TSPECs and check
214 * whether there is available medium time for this request. For now,
215 * just refuse requests that would by themselves take very large
216 * portion of the available bandwidth.
218 if (medium_time
> 750000) {
219 wpa_printf(MSG_DEBUG
, "WMM: Refuse TSPEC request for over "
220 "75%% of available bandwidth");
221 return WMM_ADDTS_STATUS_REFUSED
;
224 /* Convert to 32 microseconds per second unit */
225 tspec
->medium_time
= host_to_le16(medium_time
/ 32);
227 return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED
;
231 static void wmm_addts_req(struct hostapd_data
*hapd
,
232 const struct ieee80211_mgmt
*mgmt
,
233 struct wmm_tspec_element
*tspec
, size_t len
)
235 const u8
*end
= ((const u8
*) mgmt
) + len
;
238 if ((const u8
*) (tspec
+ 1) > end
) {
239 wpa_printf(MSG_DEBUG
, "WMM: TSPEC overflow in ADDTS Request");
243 wpa_printf(MSG_DEBUG
, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
245 mgmt
->u
.action
.u
.wmm_action
.dialog_token
,
248 res
= wmm_process_tspec(tspec
);
249 wpa_printf(MSG_DEBUG
, "WMM: ADDTS processing result: %d", res
);
251 wmm_send_action(hapd
, mgmt
->sa
, tspec
, WMM_ACTION_CODE_ADDTS_RESP
,
252 mgmt
->u
.action
.u
.wmm_action
.dialog_token
, res
);
256 void hostapd_wmm_action(struct hostapd_data
*hapd
,
257 const struct ieee80211_mgmt
*mgmt
, size_t len
)
260 int left
= len
- IEEE80211_HDRLEN
- 4;
261 const u8
*pos
= ((const u8
*) mgmt
) + IEEE80211_HDRLEN
+ 4;
262 struct ieee802_11_elems elems
;
263 struct sta_info
*sta
= ap_get_sta(hapd
, mgmt
->sa
);
265 /* check that the request comes from a valid station */
267 (sta
->flags
& (WLAN_STA_ASSOC
| WLAN_STA_WMM
)) !=
268 (WLAN_STA_ASSOC
| WLAN_STA_WMM
)) {
269 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
271 "wmm action received is not from associated wmm"
273 /* TODO: respond with action frame refused status code */
278 return; /* not a valid WMM Action frame */
280 /* extract the tspec info element */
281 if (ieee802_11_parse_elems(pos
, left
, &elems
, 1) == ParseFailed
) {
282 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
284 "hostapd_wmm_action - could not parse wmm "
286 /* TODO: respond with action frame invalid parameters status
291 if (!elems
.wmm_tspec
||
292 elems
.wmm_tspec_len
!= (sizeof(struct wmm_tspec_element
) - 2)) {
293 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
295 "hostapd_wmm_action - missing or wrong length "
297 /* TODO: respond with action frame invalid parameters status
302 /* TODO: check the request is for an AC with ACM set, if not, refuse
305 action_code
= mgmt
->u
.action
.u
.wmm_action
.action_code
;
306 switch (action_code
) {
307 case WMM_ACTION_CODE_ADDTS_REQ
:
308 wmm_addts_req(hapd
, mgmt
, (struct wmm_tspec_element
*)
309 (elems
.wmm_tspec
- 2), len
);
312 /* TODO: needed for client implementation */
313 case WMM_ACTION_CODE_ADDTS_RESP
:
314 wmm_setup_request(hapd
, mgmt
, len
);
316 /* TODO: handle station teardown requests */
317 case WMM_ACTION_CODE_DELTS
:
318 wmm_teardown(hapd
, mgmt
, len
);
323 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
325 "hostapd_wmm_action - unknown action code %d",