2 * Wi-Fi Direct - P2P service discovery
3 * Copyright (c) 2009, Atheros Communications
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/ieee802_11_defs.h"
13 #include "common/gas.h"
18 #ifdef CONFIG_WIFI_DISPLAY
19 static int wfd_wsd_supported(struct wpabuf *wfd)
28 pos = wpabuf_head(wfd);
29 end = pos + wpabuf_len(wfd);
31 while (end - pos >= 3) {
33 len = WPA_GET_BE16(pos);
38 if (subelem == WFD_SUBELEM_DEVICE_INFO && len >= 6) {
39 u16 info = WPA_GET_BE16(pos);
40 return !!(info & 0x0040);
48 #endif /* CONFIG_WIFI_DISPLAY */
50 struct p2p_sd_query * p2p_pending_sd_req(struct p2p_data *p2p,
51 struct p2p_device *dev)
53 struct p2p_sd_query *q;
57 if (!(dev->info.dev_capab & P2P_DEV_CAPAB_SERVICE_DISCOVERY))
58 return NULL; /* peer does not support SD */
59 #ifdef CONFIG_WIFI_DISPLAY
60 if (wfd_wsd_supported(dev->info.wfd_subelems))
62 #endif /* CONFIG_WIFI_DISPLAY */
64 for (q = p2p->sd_queries; q; q = q->next) {
65 /* Use WSD only if the peer indicates support or it */
68 /* if the query is a broadcast query */
69 if (q->for_all_peers) {
71 * check if there are any broadcast queries pending for
74 if (dev->sd_pending_bcast_queries <= 0)
76 /* query number that needs to be send to the device */
77 if (count == dev->sd_pending_bcast_queries - 1)
81 if (!q->for_all_peers &&
82 os_memcmp(q->peer, dev->info.p2p_device_addr, ETH_ALEN) ==
90 if (dev->sd_reqs > 100) {
91 p2p_dbg(p2p, "Too many SD request attempts to " MACSTR
92 " - skip remaining queries",
93 MAC2STR(dev->info.p2p_device_addr));
100 static void p2p_decrease_sd_bc_queries(struct p2p_data *p2p, int query_number)
102 struct p2p_device *dev;
104 p2p->num_p2p_sd_queries--;
105 dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
106 if (query_number <= dev->sd_pending_bcast_queries - 1) {
108 * Query not yet sent to the device and it is to be
109 * removed, so update the pending count.
111 dev->sd_pending_bcast_queries--;
117 static int p2p_unlink_sd_query(struct p2p_data *p2p,
118 struct p2p_sd_query *query)
120 struct p2p_sd_query *q, *prev;
121 int query_number = 0;
127 /* If the query is a broadcast query, decrease one from
129 if (query->for_all_peers)
130 p2p_decrease_sd_bc_queries(p2p, query_number);
132 prev->next = q->next;
134 p2p->sd_queries = q->next;
135 if (p2p->sd_query == query)
136 p2p->sd_query = NULL;
139 if (q->for_all_peers)
148 static void p2p_free_sd_query(struct p2p_sd_query *q)
152 wpabuf_free(q->tlvs);
157 void p2p_free_sd_queries(struct p2p_data *p2p)
159 struct p2p_sd_query *q, *prev;
161 p2p->sd_queries = NULL;
165 p2p_free_sd_query(prev);
167 p2p->num_p2p_sd_queries = 0;
171 static struct wpabuf * p2p_build_sd_query(u16 update_indic,
177 buf = gas_anqp_build_initial_req(0, 100 + wpabuf_len(tlvs));
181 /* ANQP Query Request Frame */
182 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
183 wpabuf_put_be32(buf, P2P_IE_VENDOR_TYPE);
184 wpabuf_put_le16(buf, update_indic); /* Service Update Indicator */
185 wpabuf_put_buf(buf, tlvs);
186 gas_anqp_set_element_len(buf, len_pos);
188 gas_anqp_set_len(buf);
194 static void p2p_send_gas_comeback_req(struct p2p_data *p2p, const u8 *dst,
195 u8 dialog_token, int freq)
199 req = gas_build_comeback_req(dialog_token);
203 p2p->pending_action_state = P2P_NO_PENDING_ACTION;
204 if (p2p_send_action(p2p, freq, dst, p2p->cfg->dev_addr, dst,
205 wpabuf_head(req), wpabuf_len(req), 200) < 0)
206 p2p_dbg(p2p, "Failed to send Action frame");
212 static struct wpabuf * p2p_build_sd_response(u8 dialog_token, u16 status_code,
215 const struct wpabuf *tlvs)
220 buf = gas_anqp_build_initial_resp(dialog_token, status_code,
222 100 + (tlvs ? wpabuf_len(tlvs) : 0));
227 /* ANQP Query Response Frame */
228 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
229 wpabuf_put_be32(buf, P2P_IE_VENDOR_TYPE);
230 /* Service Update Indicator */
231 wpabuf_put_le16(buf, update_indic);
232 wpabuf_put_buf(buf, tlvs);
233 gas_anqp_set_element_len(buf, len_pos);
236 gas_anqp_set_len(buf);
242 static struct wpabuf * p2p_build_gas_comeback_resp(u8 dialog_token,
245 const u8 *data, size_t len,
251 buf = gas_anqp_build_comeback_resp(dialog_token, status_code, frag_id,
257 /* ANQP Query Response Frame */
258 wpabuf_put_le16(buf, ANQP_VENDOR_SPECIFIC); /* Info ID */
259 wpabuf_put_le16(buf, 3 + 1 + 2 + total_len);
260 wpabuf_put_be32(buf, P2P_IE_VENDOR_TYPE);
261 /* Service Update Indicator */
262 wpabuf_put_le16(buf, update_indic);
265 wpabuf_put_data(buf, data, len);
266 gas_anqp_set_len(buf);
272 int p2p_start_sd(struct p2p_data *p2p, struct p2p_device *dev)
276 struct p2p_sd_query *query;
278 unsigned int wait_time;
280 freq = dev->listen_freq > 0 ? dev->listen_freq : dev->oper_freq;
282 p2p_dbg(p2p, "No Listen/Operating frequency known for the peer "
283 MACSTR " to send SD Request",
284 MAC2STR(dev->info.p2p_device_addr));
288 query = p2p_pending_sd_req(p2p, dev);
291 if (p2p->state == P2P_SEARCH &&
292 os_memcmp(p2p->sd_query_no_ack, dev->info.p2p_device_addr,
294 p2p_dbg(p2p, "Do not start Service Discovery with " MACSTR
295 " due to it being the first no-ACK peer in this search iteration",
296 MAC2STR(dev->info.p2p_device_addr));
300 p2p_dbg(p2p, "Start Service Discovery with " MACSTR,
301 MAC2STR(dev->info.p2p_device_addr));
303 req = p2p_build_sd_query(p2p->srv_update_indic, query->tlvs);
309 p2p->sd_query = query;
310 p2p->pending_action_state = P2P_PENDING_SD;
313 if (p2p->cfg->max_listen && wait_time > p2p->cfg->max_listen)
314 wait_time = p2p->cfg->max_listen;
315 if (p2p_send_action(p2p, freq, dev->info.p2p_device_addr,
316 p2p->cfg->dev_addr, dev->info.p2p_device_addr,
317 wpabuf_head(req), wpabuf_len(req), wait_time) < 0) {
318 p2p_dbg(p2p, "Failed to send Action frame");
328 void p2p_rx_gas_initial_req(struct p2p_data *p2p, const u8 *sa,
329 const u8 *data, size_t len, int rx_freq)
331 const u8 *pos = data;
332 const u8 *end = data + len;
340 if (p2p->cfg->sd_request == NULL)
346 freq = p2p_channel_to_freq(p2p->cfg->reg_class,
354 dialog_token = *pos++;
355 p2p_dbg(p2p, "GAS Initial Request from " MACSTR
356 " (dialog token %u, freq %d)",
357 MAC2STR(sa), dialog_token, rx_freq);
359 if (*pos != WLAN_EID_ADV_PROTO) {
360 p2p_dbg(p2p, "Unexpected IE in GAS Initial Request: %u", *pos);
366 if (slen > end - pos || slen < 2) {
367 p2p_dbg(p2p, "Invalid IE in GAS Initial Request");
371 pos++; /* skip QueryRespLenLimit and PAME-BI */
373 if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
374 p2p_dbg(p2p, "Unsupported GAS advertisement protocol id %u",
383 slen = WPA_GET_LE16(pos);
385 if (slen > end - pos)
389 /* ANQP Query Request */
392 if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
393 p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
398 slen = WPA_GET_LE16(pos);
400 if (slen > end - pos || slen < 3 + 1) {
401 p2p_dbg(p2p, "Invalid ANQP Query Request length");
405 if (WPA_GET_BE32(pos) != P2P_IE_VENDOR_TYPE) {
406 p2p_dbg(p2p, "Unsupported ANQP vendor OUI-type %08x",
414 update_indic = WPA_GET_LE16(pos);
415 p2p_dbg(p2p, "Service Update Indicator: %u", update_indic);
418 p2p->cfg->sd_request(p2p->cfg->cb_ctx, freq, sa, dialog_token,
419 update_indic, pos, end - pos);
420 /* the response will be indicated with a call to p2p_sd_response() */
424 void p2p_sd_response(struct p2p_data *p2p, int freq, const u8 *dst,
425 u8 dialog_token, const struct wpabuf *resp_tlvs)
431 * In the 60 GHz, we have a smaller maximum frame length for management
434 max_len = (freq > 56160) ? 928 : 1400;
436 /* TODO: fix the length limit to match with the maximum frame length */
437 if (wpabuf_len(resp_tlvs) > max_len) {
438 p2p_dbg(p2p, "SD response long enough to require fragmentation");
441 * TODO: Could consider storing the fragmented response
442 * separately for each peer to avoid having to drop old
443 * one if there is more than one pending SD query.
444 * Though, that would eat more memory, so there are
445 * also benefits to just using a single buffer.
447 p2p_dbg(p2p, "Drop previous SD response");
448 wpabuf_free(p2p->sd_resp);
450 p2p->sd_resp = wpabuf_dup(resp_tlvs);
451 if (p2p->sd_resp == NULL) {
452 p2p_err(p2p, "Failed to allocate SD response fragmentation area");
455 os_memcpy(p2p->sd_resp_addr, dst, ETH_ALEN);
456 p2p->sd_resp_dialog_token = dialog_token;
457 p2p->sd_resp_pos = 0;
459 resp = p2p_build_sd_response(dialog_token, WLAN_STATUS_SUCCESS,
460 1, p2p->srv_update_indic, NULL);
462 p2p_dbg(p2p, "SD response fits in initial response");
463 resp = p2p_build_sd_response(dialog_token,
464 WLAN_STATUS_SUCCESS, 0,
465 p2p->srv_update_indic, resp_tlvs);
470 p2p->pending_action_state = P2P_NO_PENDING_ACTION;
471 if (p2p_send_action(p2p, freq, dst, p2p->cfg->dev_addr,
473 wpabuf_head(resp), wpabuf_len(resp), 200) < 0)
474 p2p_dbg(p2p, "Failed to send Action frame");
480 void p2p_rx_gas_initial_resp(struct p2p_data *p2p, const u8 *sa,
481 const u8 *data, size_t len, int rx_freq)
483 const u8 *pos = data;
484 const u8 *end = data + len;
492 if (p2p->state != P2P_SD_DURING_FIND || p2p->sd_peer == NULL ||
493 os_memcmp(sa, p2p->sd_peer->info.p2p_device_addr, ETH_ALEN) != 0) {
494 p2p_dbg(p2p, "Ignore unexpected GAS Initial Response from "
495 MACSTR, MAC2STR(sa));
498 p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
499 p2p_clear_timeout(p2p);
501 p2p_dbg(p2p, "Received GAS Initial Response from " MACSTR " (len=%d)",
502 MAC2STR(sa), (int) len);
505 p2p_dbg(p2p, "Too short GAS Initial Response frame");
509 dialog_token = *pos++;
510 /* TODO: check dialog_token match */
511 status_code = WPA_GET_LE16(pos);
513 comeback_delay = WPA_GET_LE16(pos);
515 p2p_dbg(p2p, "dialog_token=%u status_code=%u comeback_delay=%u",
516 dialog_token, status_code, comeback_delay);
518 p2p_dbg(p2p, "Service Discovery failed: status code %u",
523 if (*pos != WLAN_EID_ADV_PROTO) {
524 p2p_dbg(p2p, "Unexpected IE in GAS Initial Response: %u", *pos);
530 if (slen > end - pos || slen < 2) {
531 p2p_dbg(p2p, "Invalid IE in GAS Initial Response");
535 pos++; /* skip QueryRespLenLimit and PAME-BI */
537 if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
538 p2p_dbg(p2p, "Unsupported GAS advertisement protocol id %u",
546 p2p_dbg(p2p, "Too short Query Response");
549 slen = WPA_GET_LE16(pos);
551 p2p_dbg(p2p, "Query Response Length: %d", slen);
552 if (slen > end - pos) {
553 p2p_dbg(p2p, "Not enough Query Response data");
558 if (comeback_delay) {
559 p2p_dbg(p2p, "Fragmented response - request fragments");
560 if (p2p->sd_rx_resp) {
561 p2p_dbg(p2p, "Drop old SD reassembly buffer");
562 wpabuf_free(p2p->sd_rx_resp);
563 p2p->sd_rx_resp = NULL;
565 p2p_send_gas_comeback_req(p2p, sa, dialog_token, rx_freq);
569 /* ANQP Query Response */
572 if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
573 p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
578 slen = WPA_GET_LE16(pos);
580 if (slen > end - pos || slen < 3 + 1) {
581 p2p_dbg(p2p, "Invalid ANQP Query Response length");
585 if (WPA_GET_BE32(pos) != P2P_IE_VENDOR_TYPE) {
586 p2p_dbg(p2p, "Unsupported ANQP vendor OUI-type %08x",
594 update_indic = WPA_GET_LE16(pos);
595 p2p_dbg(p2p, "Service Update Indicator: %u", update_indic);
601 if (!p2p->sd_query->for_all_peers) {
602 struct p2p_sd_query *q;
603 p2p_dbg(p2p, "Remove completed SD query %p",
606 p2p_unlink_sd_query(p2p, p2p->sd_query);
607 p2p_free_sd_query(q);
609 p2p->sd_query = NULL;
612 if (p2p->cfg->sd_response)
613 p2p->cfg->sd_response(p2p->cfg->cb_ctx, sa, update_indic,
615 p2p_continue_find(p2p);
619 void p2p_rx_gas_comeback_req(struct p2p_data *p2p, const u8 *sa,
620 const u8 *data, size_t len, int rx_freq)
624 size_t frag_len, max_len;
627 wpa_hexdump(MSG_DEBUG, "P2P: RX GAS Comeback Request", data, len);
630 dialog_token = *data;
631 p2p_dbg(p2p, "Dialog Token: %u", dialog_token);
632 if (dialog_token != p2p->sd_resp_dialog_token) {
633 p2p_dbg(p2p, "No pending SD response fragment for dialog token %u",
638 if (p2p->sd_resp == NULL) {
639 p2p_dbg(p2p, "No pending SD response fragment available");
642 if (os_memcmp(sa, p2p->sd_resp_addr, ETH_ALEN) != 0) {
643 p2p_dbg(p2p, "No pending SD response fragment for " MACSTR,
649 * In the 60 GHz, we have a smaller maximum frame length for management
652 max_len = (rx_freq > 56160) ? 928 : 1400;
653 frag_len = wpabuf_len(p2p->sd_resp) - p2p->sd_resp_pos;
654 if (frag_len > max_len) {
658 resp = p2p_build_gas_comeback_resp(dialog_token, WLAN_STATUS_SUCCESS,
659 p2p->srv_update_indic,
660 wpabuf_head_u8(p2p->sd_resp) +
661 p2p->sd_resp_pos, frag_len,
662 p2p->sd_frag_id, more,
663 wpabuf_len(p2p->sd_resp));
666 p2p_dbg(p2p, "Send GAS Comeback Response (frag_id %d more=%d frag_len=%d)",
667 p2p->sd_frag_id, more, (int) frag_len);
669 p2p->sd_resp_pos += frag_len;
672 p2p_dbg(p2p, "%d more bytes remain to be sent",
673 (int) (wpabuf_len(p2p->sd_resp) - p2p->sd_resp_pos));
675 p2p_dbg(p2p, "All fragments of SD response sent");
676 wpabuf_free(p2p->sd_resp);
680 p2p->pending_action_state = P2P_NO_PENDING_ACTION;
681 if (p2p_send_action(p2p, rx_freq, sa, p2p->cfg->dev_addr,
683 wpabuf_head(resp), wpabuf_len(resp), 200) < 0)
684 p2p_dbg(p2p, "Failed to send Action frame");
690 void p2p_rx_gas_comeback_resp(struct p2p_data *p2p, const u8 *sa,
691 const u8 *data, size_t len, int rx_freq)
693 const u8 *pos = data;
694 const u8 *end = data + len;
703 wpa_hexdump(MSG_DEBUG, "P2P: RX GAS Comeback Response", data, len);
705 if (p2p->state != P2P_SD_DURING_FIND || p2p->sd_peer == NULL ||
706 os_memcmp(sa, p2p->sd_peer->info.p2p_device_addr, ETH_ALEN) != 0) {
707 p2p_dbg(p2p, "Ignore unexpected GAS Comeback Response from "
708 MACSTR, MAC2STR(sa));
711 p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
712 p2p_clear_timeout(p2p);
714 p2p_dbg(p2p, "Received GAS Comeback Response from " MACSTR " (len=%d)",
715 MAC2STR(sa), (int) len);
718 p2p_dbg(p2p, "Too short GAS Comeback Response frame");
722 dialog_token = *pos++;
723 /* TODO: check dialog_token match */
724 status_code = WPA_GET_LE16(pos);
726 frag_id = *pos & 0x7f;
727 more_frags = (*pos & 0x80) >> 7;
729 comeback_delay = WPA_GET_LE16(pos);
731 p2p_dbg(p2p, "dialog_token=%u status_code=%u frag_id=%d more_frags=%d "
733 dialog_token, status_code, frag_id, more_frags,
735 /* TODO: check frag_id match */
737 p2p_dbg(p2p, "Service Discovery failed: status code %u",
742 if (*pos != WLAN_EID_ADV_PROTO) {
743 p2p_dbg(p2p, "Unexpected IE in GAS Comeback Response: %u",
750 if (slen > end - pos || slen < 2) {
751 p2p_dbg(p2p, "Invalid IE in GAS Comeback Response");
755 pos++; /* skip QueryRespLenLimit and PAME-BI */
757 if (*pos != ACCESS_NETWORK_QUERY_PROTOCOL) {
758 p2p_dbg(p2p, "Unsupported GAS advertisement protocol id %u",
766 p2p_dbg(p2p, "Too short Query Response");
769 slen = WPA_GET_LE16(pos);
771 p2p_dbg(p2p, "Query Response Length: %d", slen);
772 if (slen > end - pos) {
773 p2p_dbg(p2p, "Not enough Query Response data");
777 p2p_dbg(p2p, "No Query Response data");
782 if (p2p->sd_rx_resp) {
784 * ANQP header is only included in the first fragment; rest of
785 * the fragments start with continue TLVs.
787 goto skip_nqp_header;
790 /* ANQP Query Response */
793 if (WPA_GET_LE16(pos) != ANQP_VENDOR_SPECIFIC) {
794 p2p_dbg(p2p, "Unsupported ANQP Info ID %u", WPA_GET_LE16(pos));
799 slen = WPA_GET_LE16(pos);
801 p2p_dbg(p2p, "ANQP Query Response length: %u", slen);
803 p2p_dbg(p2p, "Invalid ANQP Query Response length");
809 if (WPA_GET_BE32(pos) != P2P_IE_VENDOR_TYPE) {
810 p2p_dbg(p2p, "Unsupported ANQP vendor OUI-type %08x",
818 p2p->sd_rx_update_indic = WPA_GET_LE16(pos);
819 p2p_dbg(p2p, "Service Update Indicator: %u", p2p->sd_rx_update_indic);
823 if (wpabuf_resize(&p2p->sd_rx_resp, end - pos) < 0)
825 wpabuf_put_data(p2p->sd_rx_resp, pos, end - pos);
826 p2p_dbg(p2p, "Current SD reassembly buffer length: %u",
827 (unsigned int) wpabuf_len(p2p->sd_rx_resp));
830 p2p_dbg(p2p, "More fragments remains");
831 /* TODO: what would be a good size limit? */
832 if (wpabuf_len(p2p->sd_rx_resp) > 64000) {
833 wpabuf_free(p2p->sd_rx_resp);
834 p2p->sd_rx_resp = NULL;
835 p2p_dbg(p2p, "Too long SD response - drop it");
838 p2p_send_gas_comeback_req(p2p, sa, dialog_token, rx_freq);
845 if (!p2p->sd_query->for_all_peers) {
846 struct p2p_sd_query *q;
847 p2p_dbg(p2p, "Remove completed SD query %p",
850 p2p_unlink_sd_query(p2p, p2p->sd_query);
851 p2p_free_sd_query(q);
853 p2p->sd_query = NULL;
856 if (p2p->cfg->sd_response)
857 p2p->cfg->sd_response(p2p->cfg->cb_ctx, sa,
858 p2p->sd_rx_update_indic,
859 wpabuf_head(p2p->sd_rx_resp),
860 wpabuf_len(p2p->sd_rx_resp));
861 wpabuf_free(p2p->sd_rx_resp);
862 p2p->sd_rx_resp = NULL;
864 p2p_continue_find(p2p);
868 void * p2p_sd_request(struct p2p_data *p2p, const u8 *dst,
869 const struct wpabuf *tlvs)
871 struct p2p_sd_query *q;
873 q = os_zalloc(sizeof(*q));
878 os_memcpy(q->peer, dst, ETH_ALEN);
880 q->for_all_peers = 1;
882 q->tlvs = wpabuf_dup(tlvs);
883 if (q->tlvs == NULL) {
884 p2p_free_sd_query(q);
888 q->next = p2p->sd_queries;
890 p2p_dbg(p2p, "Added SD Query %p", q);
893 struct p2p_device *dev;
895 p2p->num_p2p_sd_queries++;
897 /* Update all the devices for the newly added broadcast query */
898 dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
899 if (dev->sd_pending_bcast_queries <= 0)
900 dev->sd_pending_bcast_queries = 1;
902 dev->sd_pending_bcast_queries++;
910 #ifdef CONFIG_WIFI_DISPLAY
911 void * p2p_sd_request_wfd(struct p2p_data *p2p, const u8 *dst,
912 const struct wpabuf *tlvs)
914 struct p2p_sd_query *q;
915 q = p2p_sd_request(p2p, dst, tlvs);
920 #endif /* CONFIG_WIFI_DISPLAY */
923 void p2p_sd_service_update(struct p2p_data *p2p)
925 p2p->srv_update_indic++;
929 int p2p_sd_cancel_request(struct p2p_data *p2p, void *req)
931 if (p2p_unlink_sd_query(p2p, req)) {
932 p2p_dbg(p2p, "Cancel pending SD query %p", req);
933 p2p_free_sd_query(req);