2 * hostapd / Radio Measurement (RRM)
3 * Copyright(c) 2013 - 2016 Intel Mobile Communications GmbH.
4 * Copyright(c) 2011 - 2016 Intel Corporation. All rights reserved.
5 * Copyright (c) 2016-2017, Jouni Malinen <j@w1.fi>
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
11 #include "utils/includes.h"
13 #include "utils/common.h"
14 #include "common/wpa_ctrl.h"
16 #include "ap_drv_ops.h"
19 #include "neighbor_db.h"
22 #define HOSTAPD_RRM_REQUEST_TIMEOUT 5
25 static void hostapd_lci_rep_timeout_handler(void *eloop_data, void *user_ctx)
27 struct hostapd_data *hapd = eloop_data;
29 wpa_printf(MSG_DEBUG, "RRM: LCI request (token %u) timed out",
31 hapd->lci_req_active = 0;
35 static void hostapd_handle_lci_report(struct hostapd_data *hapd, u8 token,
36 const u8 *pos, size_t len)
38 if (!hapd->lci_req_active || hapd->lci_req_token != token) {
39 wpa_printf(MSG_DEBUG, "Unexpected LCI report, token %u", token);
43 hapd->lci_req_active = 0;
44 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd, NULL);
45 wpa_printf(MSG_DEBUG, "LCI report token %u len %zu", token, len);
49 static void hostapd_range_rep_timeout_handler(void *eloop_data, void *user_ctx)
51 struct hostapd_data *hapd = eloop_data;
53 wpa_printf(MSG_DEBUG, "RRM: Range request (token %u) timed out",
54 hapd->range_req_token);
55 hapd->range_req_active = 0;
59 static void hostapd_handle_range_report(struct hostapd_data *hapd, u8 token,
60 const u8 *pos, size_t len)
62 if (!hapd->range_req_active || hapd->range_req_token != token) {
63 wpa_printf(MSG_DEBUG, "Unexpected range report, token %u",
68 hapd->range_req_active = 0;
69 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd, NULL);
70 wpa_printf(MSG_DEBUG, "Range report token %u len %zu", token, len);
74 static void hostapd_handle_beacon_report(struct hostapd_data *hapd,
75 const u8 *addr, u8 token, u8 rep_mode,
76 const u8 *pos, size_t len)
78 char report[2 * 255 + 1];
80 wpa_printf(MSG_DEBUG, "Beacon report token %u len %zu from " MACSTR,
81 token, len, MAC2STR(addr));
82 /* Skip to the beginning of the Beacon report */
88 if (wpa_snprintf_hex(report, sizeof(report), pos, len) < 0)
90 wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
91 MAC2STR(addr), token, rep_mode, report);
95 static void hostapd_handle_radio_msmt_report(struct hostapd_data *hapd,
96 const u8 *buf, size_t len)
98 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
99 const u8 *pos, *ie, *end;
103 token = mgmt->u.action.u.rrm.dialog_token;
104 pos = mgmt->u.action.u.rrm.variable;
106 while ((ie = get_ie(pos, end - pos, WLAN_EID_MEASURE_REPORT))) {
108 wpa_printf(MSG_DEBUG, "Bad Measurement Report element");
113 wpa_printf(MSG_DEBUG, "Measurement report mode 0x%x type %u",
117 case MEASURE_TYPE_LCI:
118 hostapd_handle_lci_report(hapd, token, ie + 2, ie[1]);
120 case MEASURE_TYPE_FTM_RANGE:
121 hostapd_handle_range_report(hapd, token, ie + 2, ie[1]);
123 case MEASURE_TYPE_BEACON:
124 hostapd_handle_beacon_report(hapd, mgmt->sa, token,
125 rep_mode, ie + 2, ie[1]);
128 wpa_printf(MSG_DEBUG,
129 "Measurement report type %u is not supported",
134 pos = ie + ie[1] + 2;
139 static u16 hostapd_parse_location_lci_req_age(const u8 *buf, size_t len)
143 /* Range Request element + Location Subject + Maximum Age subelement */
147 /* Subelements are arranged as IEs */
148 subelem = get_ie(buf + 4, len - 4, LCI_REQ_SUBELEM_MAX_AGE);
149 if (subelem && subelem[1] == 2)
150 return WPA_GET_LE16(subelem + 2);
156 static int hostapd_check_lci_age(struct hostapd_neighbor_entry *nr, u16 max_age)
158 struct os_time curr, diff;
159 unsigned long diff_l;
161 if (nr->stationary || max_age == 0xffff)
167 if (os_get_time(&curr))
170 os_time_sub(&curr, &nr->lci_date, &diff);
173 if (diff.sec > 0xffff)
176 /* LCI age is calculated in 10th of a second units. */
177 diff_l = diff.sec * 10 + diff.usec / 100000;
179 return max_age > diff_l;
183 static size_t hostapd_neighbor_report_len(struct wpabuf *buf,
184 struct hostapd_neighbor_entry *nr,
185 int send_lci, int send_civic)
187 size_t len = 2 + wpabuf_len(nr->nr);
189 if (send_lci && nr->lci)
190 len += 2 + wpabuf_len(nr->lci);
192 if (send_civic && nr->civic)
193 len += 2 + wpabuf_len(nr->civic);
199 static void hostapd_send_nei_report_resp(struct hostapd_data *hapd,
200 const u8 *addr, u8 dialog_token,
201 struct wpa_ssid_value *ssid, u8 lci,
202 u8 civic, u16 lci_max_age)
204 struct hostapd_neighbor_entry *nr;
209 * The number and length of the Neighbor Report elements in a Neighbor
210 * Report frame is limited by the maximum allowed MMPDU size; + 3 bytes
213 buf = wpabuf_alloc(3 + IEEE80211_MAX_MMPDU_SIZE);
217 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
218 wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_RESPONSE);
219 wpabuf_put_u8(buf, dialog_token);
221 dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
226 if (ssid->ssid_len != nr->ssid.ssid_len ||
227 os_memcmp(ssid->ssid, nr->ssid.ssid, ssid->ssid_len) != 0)
230 send_lci = (lci != 0) && hostapd_check_lci_age(nr, lci_max_age);
231 len = hostapd_neighbor_report_len(buf, nr, send_lci, civic);
233 if (len - 2 > 0xff) {
234 wpa_printf(MSG_DEBUG,
235 "NR entry for " MACSTR " exceeds 0xFF bytes",
240 if (len > wpabuf_tailroom(buf))
243 wpabuf_put_u8(buf, WLAN_EID_NEIGHBOR_REPORT);
244 wpabuf_put_u8(buf, len - 2);
245 wpabuf_put_buf(buf, nr->nr);
247 if (send_lci && nr->lci) {
248 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REPORT);
249 wpabuf_put_u8(buf, wpabuf_len(nr->lci));
251 * Override measurement token - the first byte of the
252 * Measurement Report element.
254 msmt_token = wpabuf_put(buf, 0);
255 wpabuf_put_buf(buf, nr->lci);
259 if (civic && nr->civic) {
260 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REPORT);
261 wpabuf_put_u8(buf, wpabuf_len(nr->civic));
263 * Override measurement token - the first byte of the
264 * Measurement Report element.
266 msmt_token = wpabuf_put(buf, 0);
267 wpabuf_put_buf(buf, nr->civic);
272 hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
273 wpabuf_head(buf), wpabuf_len(buf));
278 static void hostapd_handle_nei_report_req(struct hostapd_data *hapd,
279 const u8 *buf, size_t len)
281 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
282 const u8 *pos, *ie, *end;
283 struct wpa_ssid_value ssid = {
287 u8 lci = 0, civic = 0; /* Measurement tokens */
290 if (!(hapd->conf->radio_measurements[0] &
291 WLAN_RRM_CAPS_NEIGHBOR_REPORT))
296 token = mgmt->u.action.u.rrm.dialog_token;
297 pos = mgmt->u.action.u.rrm.variable;
300 ie = get_ie(pos, len, WLAN_EID_SSID);
301 if (ie && ie[1] && ie[1] <= SSID_MAX_LEN) {
302 ssid.ssid_len = ie[1];
303 os_memcpy(ssid.ssid, ie + 2, ssid.ssid_len);
305 ssid.ssid_len = hapd->conf->ssid.ssid_len;
306 os_memcpy(ssid.ssid, hapd->conf->ssid.ssid, ssid.ssid_len);
309 while ((ie = get_ie(pos, len, WLAN_EID_MEASURE_REQUEST))) {
313 wpa_printf(MSG_DEBUG,
314 "Neighbor report request, measure type %u",
317 switch (ie[4]) { /* Measurement Type */
318 case MEASURE_TYPE_LCI:
319 lci = ie[2]; /* Measurement Token */
320 lci_max_age = hostapd_parse_location_lci_req_age(ie + 2,
323 case MEASURE_TYPE_LOCATION_CIVIC:
324 civic = ie[2]; /* Measurement token */
328 pos = ie + ie[1] + 2;
332 hostapd_send_nei_report_resp(hapd, mgmt->sa, token, &ssid, lci, civic,
337 void hostapd_handle_radio_measurement(struct hostapd_data *hapd,
338 const u8 *buf, size_t len)
340 const struct ieee80211_mgmt *mgmt = (const struct ieee80211_mgmt *) buf;
343 * Check for enough bytes: header + (1B)Category + (1B)Action +
346 if (len < IEEE80211_HDRLEN + 3)
349 wpa_printf(MSG_DEBUG, "Radio measurement frame, action %u from " MACSTR,
350 mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
352 switch (mgmt->u.action.u.rrm.action) {
353 case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
354 hostapd_handle_radio_msmt_report(hapd, buf, len);
356 case WLAN_RRM_NEIGHBOR_REPORT_REQUEST:
357 hostapd_handle_nei_report_req(hapd, buf, len);
360 wpa_printf(MSG_DEBUG, "RRM action %u is not supported",
361 mgmt->u.action.u.rrm.action);
367 int hostapd_send_lci_req(struct hostapd_data *hapd, const u8 *addr)
370 struct sta_info *sta = ap_get_sta(hapd, addr);
373 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
375 "Request LCI: Destination address is not connected");
379 if (!(sta->rrm_enabled_capa[1] & WLAN_RRM_CAPS_LCI_MEASUREMENT)) {
381 "Request LCI: Station does not support LCI in RRM");
385 if (hapd->lci_req_active) {
386 wpa_printf(MSG_DEBUG,
387 "Request LCI: LCI request is already in process, overriding");
388 hapd->lci_req_active = 0;
389 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd,
393 /* Measurement request (5) + Measurement element with LCI (10) */
394 buf = wpabuf_alloc(5 + 10);
398 hapd->lci_req_token++;
399 /* For wraparounds - the token must be nonzero */
400 if (!hapd->lci_req_token)
401 hapd->lci_req_token++;
403 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
404 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
405 wpabuf_put_u8(buf, hapd->lci_req_token);
406 wpabuf_put_le16(buf, 0); /* Number of repetitions */
408 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
409 wpabuf_put_u8(buf, 3 + 1 + 4);
411 wpabuf_put_u8(buf, 1); /* Measurement Token */
413 * Parallel and Enable bits are 0, Duration, Request, and Report are
416 wpabuf_put_u8(buf, 0);
417 wpabuf_put_u8(buf, MEASURE_TYPE_LCI);
419 wpabuf_put_u8(buf, LOCATION_SUBJECT_REMOTE);
421 wpabuf_put_u8(buf, LCI_REQ_SUBELEM_MAX_AGE);
422 wpabuf_put_u8(buf, 2);
423 wpabuf_put_le16(buf, 0xffff);
425 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
426 wpabuf_head(buf), wpabuf_len(buf));
431 hapd->lci_req_active = 1;
433 eloop_register_timeout(HOSTAPD_RRM_REQUEST_TIMEOUT, 0,
434 hostapd_lci_rep_timeout_handler, hapd, NULL);
440 int hostapd_send_range_req(struct hostapd_data *hapd, const u8 *addr,
441 u16 random_interval, u8 min_ap,
442 const u8 *responders, unsigned int n_responders)
445 struct sta_info *sta;
450 wpa_printf(MSG_DEBUG, "Request range: dest addr " MACSTR
451 " rand interval %u min AP %u n_responders %u", MAC2STR(addr),
452 random_interval, min_ap, n_responders);
454 if (min_ap == 0 || min_ap > n_responders) {
455 wpa_printf(MSG_INFO, "Request range: Wrong min AP count");
459 sta = ap_get_sta(hapd, addr);
460 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
462 "Request range: Destination address is not connected");
466 if (!(sta->rrm_enabled_capa[4] & WLAN_RRM_CAPS_FTM_RANGE_REPORT)) {
467 wpa_printf(MSG_ERROR,
468 "Request range: Destination station does not support FTM range report in RRM");
472 if (hapd->range_req_active) {
473 wpa_printf(MSG_DEBUG,
474 "Request range: Range request is already in process; overriding");
475 hapd->range_req_active = 0;
476 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd,
480 /* Action + measurement type + token + reps + EID + len = 7 */
481 buf = wpabuf_alloc(7 + 255);
485 hapd->range_req_token++;
486 if (!hapd->range_req_token) /* For wraparounds */
487 hapd->range_req_token++;
489 /* IEEE P802.11-REVmc/D5.0, 9.6.7.2 */
490 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
491 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
492 wpabuf_put_u8(buf, hapd->range_req_token); /* Dialog Token */
493 wpabuf_put_le16(buf, 0); /* Number of Repetitions */
495 /* IEEE P802.11-REVmc/D5.0, 9.4.2.21 */
496 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
497 len = wpabuf_put(buf, 1); /* Length will be set later */
499 wpabuf_put_u8(buf, 1); /* Measurement Token */
501 * Parallel and Enable bits are 0; Duration, Request, and Report are
504 wpabuf_put_u8(buf, 0); /* Measurement Request Mode */
505 wpabuf_put_u8(buf, MEASURE_TYPE_FTM_RANGE); /* Measurement Type */
507 /* IEEE P802.11-REVmc/D5.0, 9.4.2.21.19 */
508 wpabuf_put_le16(buf, random_interval); /* Randomization Interval */
509 wpabuf_put_u8(buf, min_ap); /* Minimum AP Count */
511 /* FTM Range Subelements */
514 * Taking the neighbor report part of the range request from neighbor
515 * database instead of requesting the separate bits of data from the
518 for (i = 0; i < n_responders; i++) {
519 struct hostapd_neighbor_entry *nr;
521 nr = hostapd_neighbor_get(hapd, responders + ETH_ALEN * i,
524 wpa_printf(MSG_INFO, "Missing neighbor report for "
525 MACSTR, MAC2STR(responders + ETH_ALEN * i));
530 if (wpabuf_tailroom(buf) < 2 + wpabuf_len(nr->nr)) {
531 wpa_printf(MSG_ERROR, "Too long range request");
536 wpabuf_put_u8(buf, WLAN_EID_NEIGHBOR_REPORT);
537 wpabuf_put_u8(buf, wpabuf_len(nr->nr));
538 wpabuf_put_buf(buf, nr->nr);
541 /* Action + measurement type + token + reps + EID + len = 7 */
542 *len = wpabuf_len(buf) - 7;
544 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
545 wpabuf_head(buf), wpabuf_len(buf));
550 hapd->range_req_active = 1;
552 eloop_register_timeout(HOSTAPD_RRM_REQUEST_TIMEOUT, 0,
553 hostapd_range_rep_timeout_handler, hapd, NULL);
559 void hostapd_clean_rrm(struct hostapd_data *hapd)
561 hostapd_free_neighbor_db(hapd);
562 eloop_cancel_timeout(hostapd_lci_rep_timeout_handler, hapd, NULL);
563 hapd->lci_req_active = 0;
564 eloop_cancel_timeout(hostapd_range_rep_timeout_handler, hapd, NULL);
565 hapd->range_req_active = 0;
569 int hostapd_send_beacon_req(struct hostapd_data *hapd, const u8 *addr,
570 u8 req_mode, const struct wpabuf *req)
573 struct sta_info *sta = ap_get_sta(hapd, addr);
575 enum beacon_report_mode mode;
579 * Operating Class (1), Channel Number (1), Randomization Interval (2),
580 * Measurement Duration (2), Measurement Mode (1), BSSID (6),
581 * Optional Subelements (variable)
583 if (wpabuf_len(req) < 13) {
584 wpa_printf(MSG_INFO, "Beacon request: Too short request data");
587 pos = wpabuf_head(req);
590 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
592 "Beacon request: " MACSTR " is not connected",
598 case BEACON_REPORT_MODE_PASSIVE:
599 if (!(sta->rrm_enabled_capa[0] &
600 WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE)) {
602 "Beacon request: " MACSTR
603 " does not support passive beacon report",
608 case BEACON_REPORT_MODE_ACTIVE:
609 if (!(sta->rrm_enabled_capa[0] &
610 WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE)) {
612 "Beacon request: " MACSTR
613 " does not support active beacon report",
618 case BEACON_REPORT_MODE_TABLE:
619 if (!(sta->rrm_enabled_capa[0] &
620 WLAN_RRM_CAPS_BEACON_REPORT_TABLE)) {
622 "Beacon request: " MACSTR
623 " does not support table beacon report",
630 "Beacon request: Unknown measurement mode %d", mode);
634 buf = wpabuf_alloc(5 + 2 + 3 + wpabuf_len(req));
638 hapd->beacon_req_token++;
639 if (!hapd->beacon_req_token)
640 hapd->beacon_req_token++;
642 wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
643 wpabuf_put_u8(buf, WLAN_RRM_RADIO_MEASUREMENT_REQUEST);
644 wpabuf_put_u8(buf, hapd->beacon_req_token);
645 wpabuf_put_le16(buf, 0); /* Number of repetitions */
647 /* Measurement Request element */
648 wpabuf_put_u8(buf, WLAN_EID_MEASURE_REQUEST);
649 wpabuf_put_u8(buf, 3 + wpabuf_len(req));
650 wpabuf_put_u8(buf, 1); /* Measurement Token */
651 wpabuf_put_u8(buf, req_mode); /* Measurement Request Mode */
652 wpabuf_put_u8(buf, MEASURE_TYPE_BEACON); /* Measurement Type */
653 wpabuf_put_buf(buf, req);
655 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
656 wpabuf_head(buf), wpabuf_len(buf));
661 return hapd->beacon_req_token;
665 void hostapd_rrm_beacon_req_tx_status(struct hostapd_data *hapd,
666 const struct ieee80211_mgmt *mgmt,
671 wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_REQ_TX_STATUS MACSTR
672 " %u ack=%d", MAC2STR(mgmt->da),
673 mgmt->u.action.u.rrm.dialog_token, ok);
projects / dragonfly.git / blob