1/*
2 * hostapd / WMM (Wi-Fi Multimedia)
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11#include "utils/includes.h"
12
13#include "utils/common.h"
14#include "common/ieee802_11_defs.h"
15#include "common/ieee802_11_common.h"
16#include "hostapd.h"
17#include "ieee802_11.h"
18#include "sta_info.h"
19#include "ap_config.h"
20#include "ap_drv_ops.h"
21#include "wmm.h"
22
23
24/* TODO: maintain separate sequence and fragment numbers for each AC
25 * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA
26 * if only WMM stations are receiving a certain group */
27
28
29static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
30{
31	u8 ret;
32	ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
33	if (acm)
34		ret |= WMM_AC_ACM;
35	ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
36	return ret;
37}
38
39
40static inline u8 wmm_ecw(int ecwmin, int ecwmax)
41{
42	return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
43		((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
44}
45
46
47/*
48 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
49 * Response frames.
50 */
51u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
52{
53	u8 *pos = eid;
54	struct wmm_parameter_element *wmm =
55		(struct wmm_parameter_element *) (pos + 2);
56	int e;
57
58	if (!hapd->conf->wmm_enabled)
59		return eid;
60	eid[0] = WLAN_EID_VENDOR_SPECIFIC;
61	wmm->oui[0] = 0x00;
62	wmm->oui[1] = 0x50;
63	wmm->oui[2] = 0xf2;
64	wmm->oui_type = WMM_OUI_TYPE;
65	wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
66	wmm->version = WMM_VERSION;
67	wmm->qos_info = hapd->parameter_set_count & 0xf;
68
69	if (hapd->conf->wmm_uapsd &&
70	    (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
71		wmm->qos_info |= 0x80;
72
73	wmm->reserved = 0;
74
75	/* fill in a parameter set record for each AC */
76	for (e = 0; e < 4; e++) {
77		struct wmm_ac_parameter *ac = &wmm->ac[e];
78		struct hostapd_wmm_ac_params *acp =
79			&hapd->iconf->wmm_ac_params[e];
80
81		ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
82					      acp->admission_control_mandatory,
83					      e);
84		ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
85		ac->txop_limit = host_to_le16(acp->txop_limit);
86	}
87
88	pos = (u8 *) (wmm + 1);
89	eid[1] = pos - eid - 2; /* element length */
90
91	return pos;
92}
93
94
95/*
96 * This function is called when a station sends an association request with
97 * WMM info element. The function returns 1 on success or 0 on any error in WMM
98 * element. eid does not include Element ID and Length octets.
99 */
100int hostapd_eid_wmm_valid(struct hostapd_data *hapd, const u8 *eid, size_t len)
101{
102	struct wmm_information_element *wmm;
103
104	wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
105
106	if (len < sizeof(struct wmm_information_element)) {
107		wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
108			   (unsigned long) len);
109		return 0;
110	}
111
112	wmm = (struct wmm_information_element *) eid;
113	wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x  "
114		   "OUI type %d  OUI sub-type %d  version %d  QoS info 0x%x",
115		   wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
116		   wmm->oui_subtype, wmm->version, wmm->qos_info);
117	if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
118	    wmm->version != WMM_VERSION) {
119		wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
120		return 0;
121	}
122
123	return 1;
124}
125
126
127static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
128			    const struct wmm_tspec_element *tspec,
129			    u8 action_code, u8 dialogue_token, u8 status_code)
130{
131	u8 buf[256];
132	struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
133	struct wmm_tspec_element *t = (struct wmm_tspec_element *)
134		m->u.action.u.wmm_action.variable;
135	int len;
136
137	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
138		       HOSTAPD_LEVEL_DEBUG,
139		       "action response - reason %d", status_code);
140	os_memset(buf, 0, sizeof(buf));
141	m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
142					WLAN_FC_STYPE_ACTION);
143	os_memcpy(m->da, addr, ETH_ALEN);
144	os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
145	os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
146	m->u.action.category = WLAN_ACTION_WMM;
147	m->u.action.u.wmm_action.action_code = action_code;
148	m->u.action.u.wmm_action.dialog_token = dialogue_token;
149	m->u.action.u.wmm_action.status_code = status_code;
150	os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
151	len = ((u8 *) (t + 1)) - buf;
152
153	if (hostapd_drv_send_mlme(hapd, m, len, 0) < 0)
154		wpa_printf(MSG_INFO, "wmm_send_action: send failed");
155}
156
157
158int wmm_process_tspec(struct wmm_tspec_element *tspec)
159{
160	int medium_time, pps, duration;
161	int up, psb, dir, tid;
162	u16 val, surplus;
163
164	up = (tspec->ts_info[1] >> 3) & 0x07;
165	psb = (tspec->ts_info[1] >> 2) & 0x01;
166	dir = (tspec->ts_info[0] >> 5) & 0x03;
167	tid = (tspec->ts_info[0] >> 1) & 0x0f;
168	wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
169		   up, psb, dir, tid);
170	val = le_to_host16(tspec->nominal_msdu_size);
171	wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
172		   val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
173	wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
174		   le_to_host32(tspec->mean_data_rate));
175	wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
176		   le_to_host32(tspec->minimum_phy_rate));
177	val = le_to_host16(tspec->surplus_bandwidth_allowance);
178	wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
179		   val >> 13, 10000 * (val & 0x1fff) / 0x2000);
180
181	val = le_to_host16(tspec->nominal_msdu_size);
182	if (val == 0) {
183		wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
184		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
185	}
186	/* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
187	pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
188	wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
189		   pps);
190
191	if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
192		wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
193		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
194	}
195
196	duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
197		(le_to_host32(tspec->minimum_phy_rate) / 1000000) +
198		50 /* FIX: proper SIFS + ACK duration */;
199
200	/* unsigned binary number with an implicit binary point after the
201	 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
202	surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
203	if (surplus <= 0x2000) {
204		wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
205			   "greater than unity");
206		return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
207	}
208
209	medium_time = surplus * pps * duration / 0x2000;
210	wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %u", medium_time);
211
212	/*
213	 * TODO: store list of granted (and still active) TSPECs and check
214	 * whether there is available medium time for this request. For now,
215	 * just refuse requests that would by themselves take very large
216	 * portion of the available bandwidth.
217	 */
218	if (medium_time > 750000) {
219		wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
220			   "75%% of available bandwidth");
221		return WMM_ADDTS_STATUS_REFUSED;
222	}
223
224	/* Convert to 32 microseconds per second unit */
225	tspec->medium_time = host_to_le16(medium_time / 32);
226
227	return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
228}
229
230
231static void wmm_addts_req(struct hostapd_data *hapd,
232			  const struct ieee80211_mgmt *mgmt,
233			  struct wmm_tspec_element *tspec, size_t len)
234{
235	const u8 *end = ((const u8 *) mgmt) + len;
236	int res;
237
238	if ((const u8 *) (tspec + 1) > end) {
239		wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
240		return;
241	}
242
243	wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
244		   "from " MACSTR,
245		   mgmt->u.action.u.wmm_action.dialog_token,
246		   MAC2STR(mgmt->sa));
247
248	res = wmm_process_tspec(tspec);
249	wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
250
251	wmm_send_action(hapd, mgmt->sa, tspec, WMM_ACTION_CODE_ADDTS_RESP,
252			mgmt->u.action.u.wmm_action.dialog_token, res);
253}
254
255
256void hostapd_wmm_action(struct hostapd_data *hapd,
257			const struct ieee80211_mgmt *mgmt, size_t len)
258{
259	int action_code;
260	int left = len - IEEE80211_HDRLEN - 4;
261	const u8 *pos = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 4;
262	struct ieee802_11_elems elems;
263	struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
264
265	/* check that the request comes from a valid station */
266	if (!sta ||
267	    (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
268	    (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
269		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
270			       HOSTAPD_LEVEL_DEBUG,
271			       "wmm action received is not from associated wmm"
272			       " station");
273		/* TODO: respond with action frame refused status code */
274		return;
275	}
276
277	if (left < 0)
278		return; /* not a valid WMM Action frame */
279
280	/* extract the tspec info element */
281	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
282		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
283			       HOSTAPD_LEVEL_DEBUG,
284			       "hostapd_wmm_action - could not parse wmm "
285			       "action");
286		/* TODO: respond with action frame invalid parameters status
287		 * code */
288		return;
289	}
290
291	if (!elems.wmm_tspec ||
292	    elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
293		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
294			       HOSTAPD_LEVEL_DEBUG,
295			       "hostapd_wmm_action - missing or wrong length "
296			       "tspec");
297		/* TODO: respond with action frame invalid parameters status
298		 * code */
299		return;
300	}
301
302	/* TODO: check the request is for an AC with ACM set, if not, refuse
303	 * request */
304
305	action_code = mgmt->u.action.u.wmm_action.action_code;
306	switch (action_code) {
307	case WMM_ACTION_CODE_ADDTS_REQ:
308		wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
309			      (elems.wmm_tspec - 2), len);
310		return;
311#if 0
312	/* TODO: needed for client implementation */
313	case WMM_ACTION_CODE_ADDTS_RESP:
314		wmm_setup_request(hapd, mgmt, len);
315		return;
316	/* TODO: handle station teardown requests */
317	case WMM_ACTION_CODE_DELTS:
318		wmm_teardown(hapd, mgmt, len);
319		return;
320#endif
321	}
322
323	hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
324		       HOSTAPD_LEVEL_DEBUG,
325		       "hostapd_wmm_action - unknown action code %d",
326		       action_code);
327}
328