2 * hostapd / WMM (Wi-Fi Multimedia)
3 * Copyright 2002-2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * Alternatively, this software may be distributed under the terms of BSD
13 * See README and COPYING for more details.
19 #include "ieee802_11.h"
25 /* TODO: maintain separate sequence and fragment numbers for each AC
26 * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA
27 * if only WMM stations are receiving a certain group */
30 static inline u8 wmm_aci_aifsn(int aifsn, int acm, int aci)
33 ret = (aifsn << WMM_AC_AIFNS_SHIFT) & WMM_AC_AIFSN_MASK;
36 ret |= (aci << WMM_AC_ACI_SHIFT) & WMM_AC_ACI_MASK;
41 static inline u8 wmm_ecw(int ecwmin, int ecwmax)
43 return ((ecwmin << WMM_AC_ECWMIN_SHIFT) & WMM_AC_ECWMIN_MASK) |
44 ((ecwmax << WMM_AC_ECWMAX_SHIFT) & WMM_AC_ECWMAX_MASK);
49 * Add WMM Parameter Element to Beacon, Probe Response, and (Re)Association
52 u8 * hostapd_eid_wmm(struct hostapd_data *hapd, u8 *eid)
55 struct wmm_parameter_element *wmm =
56 (struct wmm_parameter_element *) (pos + 2);
59 if (!hapd->conf->wmm_enabled)
61 eid[0] = WLAN_EID_VENDOR_SPECIFIC;
65 wmm->oui_type = WMM_OUI_TYPE;
66 wmm->oui_subtype = WMM_OUI_SUBTYPE_PARAMETER_ELEMENT;
67 wmm->version = WMM_VERSION;
68 wmm->qos_info = hapd->parameter_set_count & 0xf;
70 /* fill in a parameter set record for each AC */
71 for (e = 0; e < 4; e++) {
72 struct wmm_ac_parameter *ac = &wmm->ac[e];
73 struct hostapd_wmm_ac_params *acp =
74 &hapd->iconf->wmm_ac_params[e];
76 ac->aci_aifsn = wmm_aci_aifsn(acp->aifs,
77 acp->admission_control_mandatory,
79 ac->cw = wmm_ecw(acp->cwmin, acp->cwmax);
80 ac->txop_limit = host_to_le16(acp->txop_limit);
83 pos = (u8 *) (wmm + 1);
84 eid[1] = pos - eid - 2; /* element length */
90 /* This function is called when a station sends an association request with
91 * WMM info element. The function returns zero on success or non-zero on any
92 * error in WMM element. eid does not include Element ID and Length octets. */
93 int hostapd_eid_wmm_valid(struct hostapd_data *hapd, u8 *eid, size_t len)
95 struct wmm_information_element *wmm;
97 wpa_hexdump(MSG_MSGDUMP, "WMM IE", eid, len);
99 if (len < sizeof(struct wmm_information_element)) {
100 wpa_printf(MSG_DEBUG, "Too short WMM IE (len=%lu)",
101 (unsigned long) len);
105 wmm = (struct wmm_information_element *) eid;
106 wpa_printf(MSG_DEBUG, "Validating WMM IE: OUI %02x:%02x:%02x "
107 "OUI type %d OUI sub-type %d version %d QoS info 0x%x",
108 wmm->oui[0], wmm->oui[1], wmm->oui[2], wmm->oui_type,
109 wmm->oui_subtype, wmm->version, wmm->qos_info);
110 if (wmm->oui_subtype != WMM_OUI_SUBTYPE_INFORMATION_ELEMENT ||
111 wmm->version != WMM_VERSION) {
112 wpa_printf(MSG_DEBUG, "Unsupported WMM IE Subtype/Version");
120 /* This function is called when a station sends an ACK frame for an AssocResp
121 * frame (status=success) and the matching AssocReq contained a WMM element.
123 int hostapd_wmm_sta_config(struct hostapd_data *hapd, struct sta_info *sta)
125 /* update kernel STA data for WMM related items (WLAN_STA_WPA flag) */
126 if (sta->flags & WLAN_STA_WMM)
127 hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
130 hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
137 static void wmm_send_action(struct hostapd_data *hapd, const u8 *addr,
138 const struct wmm_tspec_element *tspec,
139 u8 action_code, u8 dialogue_token, u8 status_code)
142 struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf;
143 struct wmm_tspec_element *t = (struct wmm_tspec_element *)
144 m->u.action.u.wmm_action.variable;
147 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
149 "action response - reason %d", status_code);
150 os_memset(buf, 0, sizeof(buf));
151 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
152 WLAN_FC_STYPE_ACTION);
153 os_memcpy(m->da, addr, ETH_ALEN);
154 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
155 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
156 m->u.action.category = WLAN_ACTION_WMM;
157 m->u.action.u.wmm_action.action_code = action_code;
158 m->u.action.u.wmm_action.dialog_token = dialogue_token;
159 m->u.action.u.wmm_action.status_code = status_code;
160 os_memcpy(t, tspec, sizeof(struct wmm_tspec_element));
161 len = ((u8 *) (t + 1)) - buf;
163 if (hostapd_send_mgmt_frame(hapd, m, len) < 0)
164 perror("wmm_send_action: send");
168 int wmm_process_tspec(struct wmm_tspec_element *tspec)
170 int medium_time, pps, duration;
171 int up, psb, dir, tid;
174 up = (tspec->ts_info[1] >> 3) & 0x07;
175 psb = (tspec->ts_info[1] >> 2) & 0x01;
176 dir = (tspec->ts_info[0] >> 5) & 0x03;
177 tid = (tspec->ts_info[0] >> 1) & 0x0f;
178 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
180 val = le_to_host16(tspec->nominal_msdu_size);
181 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
182 val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
183 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
184 le_to_host32(tspec->mean_data_rate));
185 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
186 le_to_host32(tspec->minimum_phy_rate));
187 val = le_to_host16(tspec->surplus_bandwidth_allowance);
188 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
189 val >> 13, 10000 * (val & 0x1fff) / 0x2000);
191 val = le_to_host16(tspec->nominal_msdu_size);
193 wpa_printf(MSG_DEBUG, "WMM: Invalid Nominal MSDU Size (0)");
194 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
196 /* pps = Ceiling((Mean Data Rate / 8) / Nominal MSDU Size) */
197 pps = ((le_to_host32(tspec->mean_data_rate) / 8) + val - 1) / val;
198 wpa_printf(MSG_DEBUG, "WMM: Packets-per-second estimate for TSPEC: %d",
201 if (le_to_host32(tspec->minimum_phy_rate) < 1000000) {
202 wpa_printf(MSG_DEBUG, "WMM: Too small Minimum PHY Rate");
203 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
206 duration = (le_to_host16(tspec->nominal_msdu_size) & 0x7fff) * 8 /
207 (le_to_host32(tspec->minimum_phy_rate) / 1000000) +
208 50 /* FIX: proper SIFS + ACK duration */;
210 /* unsigned binary number with an implicit binary point after the
211 * leftmost 3 bits, i.e., 0x2000 = 1.0 */
212 surplus = le_to_host16(tspec->surplus_bandwidth_allowance);
213 if (surplus <= 0x2000) {
214 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance not "
215 "greater than unity");
216 return WMM_ADDTS_STATUS_INVALID_PARAMETERS;
219 medium_time = surplus * pps * duration / 0x2000;
220 wpa_printf(MSG_DEBUG, "WMM: Estimated medium time: %u", medium_time);
223 * TODO: store list of granted (and still active) TSPECs and check
224 * whether there is available medium time for this request. For now,
225 * just refuse requests that would by themselves take very large
226 * portion of the available bandwidth.
228 if (medium_time > 750000) {
229 wpa_printf(MSG_DEBUG, "WMM: Refuse TSPEC request for over "
230 "75%% of available bandwidth");
231 return WMM_ADDTS_STATUS_REFUSED;
234 /* Convert to 32 microseconds per second unit */
235 tspec->medium_time = host_to_le16(medium_time / 32);
237 return WMM_ADDTS_STATUS_ADMISSION_ACCEPTED;
241 static void wmm_addts_req(struct hostapd_data *hapd,
242 struct ieee80211_mgmt *mgmt,
243 struct wmm_tspec_element *tspec, size_t len)
245 u8 *end = ((u8 *) mgmt) + len;
248 if ((u8 *) (tspec + 1) > end) {
249 wpa_printf(MSG_DEBUG, "WMM: TSPEC overflow in ADDTS Request");
253 wpa_printf(MSG_DEBUG, "WMM: ADDTS Request (Dialog Token %d) for TSPEC "
255 mgmt->u.action.u.wmm_action.dialog_token,
258 res = wmm_process_tspec(tspec);
259 wpa_printf(MSG_DEBUG, "WMM: ADDTS processing result: %d", res);
261 wmm_send_action(hapd, mgmt->sa, tspec, WMM_ACTION_CODE_ADDTS_RESP,
262 mgmt->u.action.u.wmm_action.dialog_token, res);
266 void hostapd_wmm_action(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
270 int left = len - IEEE80211_HDRLEN - 4;
271 u8 *pos = ((u8 *) mgmt) + IEEE80211_HDRLEN + 4;
272 struct ieee802_11_elems elems;
273 struct sta_info *sta = ap_get_sta(hapd, mgmt->sa);
275 /* check that the request comes from a valid station */
277 (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WMM)) !=
278 (WLAN_STA_ASSOC | WLAN_STA_WMM)) {
279 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
281 "wmm action received is not from associated wmm"
283 /* TODO: respond with action frame refused status code */
287 /* extract the tspec info element */
288 if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
289 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
291 "hostapd_wmm_action - could not parse wmm "
293 /* TODO: respond with action frame invalid parameters status
298 if (!elems.wmm_tspec ||
299 elems.wmm_tspec_len != (sizeof(struct wmm_tspec_element) - 2)) {
300 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
302 "hostapd_wmm_action - missing or wrong length "
304 /* TODO: respond with action frame invalid parameters status
309 /* TODO: check the request is for an AC with ACM set, if not, refuse
312 action_code = mgmt->u.action.u.wmm_action.action_code;
313 switch (action_code) {
314 case WMM_ACTION_CODE_ADDTS_REQ:
315 wmm_addts_req(hapd, mgmt, (struct wmm_tspec_element *)
316 (elems.wmm_tspec - 2), len);
319 /* TODO: needed for client implementation */
320 case WMM_ACTION_CODE_ADDTS_RESP:
321 wmm_setup_request(hapd, mgmt, len);
323 /* TODO: handle station teardown requests */
324 case WMM_ACTION_CODE_DELTS:
325 wmm_teardown(hapd, mgmt, len);
330 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
332 "hostapd_wmm_action - unknown action code %d",