Friday, 26 July 2013

QoS packets

WiFi MultiMedia (WMM)

Wireless Multimedia Extensions (WME), also known as Wi-Fi Multimedia (WMM), is a Wi-Fi Allianceinteroperability certification, based on the IEEE 802.11e standard. WMM not only prioritize traffic on the basis of the type of traffic (voice, video, best effort data, or background data) , but also taking into account network load and channel conditions.

With WMM-Admission Control, the access point (AP) in a Wi-Fi network admits only the traffic streams it can support based on the available network resources.  Users can confidently use voice applications knowing the quality of traffic stream will be consistently high and will provide the reliability needed to host real-time applications in Wi-Fi networks.

 When the network resources are not sufficient to provide this level of performance, the new traffic stream is not admitted, allowing the client device to seek association with an alternative AP that has sufficient network resources to support the traffic stream, and preserving the quality of already admitted traffic streams.

WMM replaces the traditional Wi-Fi DCF distributed coordination function for traditional CSMA/CA wireless frame transmission with EDCF.


QoS modifies the media access rule such that Data having a higher priority is given preferential access to the medium. EDCA contention access is an extension of the legacy CSMA/CA DCF mechanism to include priorities. 

The contention window and backoff times are adjusted to change the probability of gaining medium access to favor higher priority classes. A total of eight user priority levels are available. Each priority is mapped to an Access Category (AC), which corresponds to one of four transmit queue.

A station that wins an EDCA contention is granted a TXOP—the right to use the medium for a period of time. The duration of this TXOP is specified per access category, and is contained in the TXOP limit field of the access category (AC) parameter record in the EDCA parameter set(e.g. in beacon frame as shown below). A QoS STA can use a TXOP to transmit multiple frames within an access category.

WMM/WME IE in beacon

 AC parameters format:

AP advertises ACM bit in Beacon to indicate if admission control
is mandatory for any Access Category.

Case 1: ACM bit not set

AC Index (ACI)is chosen as per the following table.

The AIFSN (arbitration interframe space number) subfield indicates the number of slots after a SIFS duration a non-AP STA should defer before either invoking a backoff or starting a transmission. The minimum value for the AIFSN subfield is 2.

ECWmin/ ECWmax is the minimum/maximum value of contention window which is expressed in exponent.
As in 802.11-2007 spec, table 7.37, CWmin = (aCWmin+1)/4 – 1 and CWmax = (aCWmin+1)/2 – 1

aCWMin is PHY dependent. For example, for OFDM PHY, aCWmin = 15.
So, CWmin = 3 and CWmax = 7.
ECWmin = 2
ECWmax = 3

The Queue Size subfield is an 8-bit field that indicates the amount of buffered traffic for a given TC or TS at the non-AP STA sending this frame.

TXOP grants a particular STA the right to use the medium at a defined point in time, for a defined maximum duration. The allowed duration of TXOPs are communicated globally in the beacon for stations using EDCA.Non-AP STAs should make sure that TXOPs should not exceed TXOP limit. 

Case 2: ACM bit is set

When ACM bit is set, STA sends ADDTS Request Action Frame to AP that includes a TSPEC. Before a client can send traffic of a certain priority type, it must have requested to do so via the TSpec mechanism. For example, a WLAN client device wanting to use the voice AC must first make a request for use of that AC.

Add Traffic Stream

The Add Traffic Stream (ADDTS) function is how a WLAN client performs an admissions request to an AP.

Association and re-association message

The association message might contain one or more TSpecs and one TSRS IE if the STA wants to establish the traffic stream as part of the association. The re-association message might contain one or more TSPECs and one TSRS IE if an STA roams to another AP. 

The ADDTS contains the TSpec element that describes the traffic request. See figure 1 and figure 2 for examples of an ADDTS request and response. Apart from key data describing the traffic requirements, such as data rates and frame sizes, the TSpec element also tells the AP the minimum physical rate that the client device will use. This allows the calculation of how much time that station can potentially consume in sending and receiving in this TSpec, and therefore allowing the AP to calculate whether it has the resources to meet the TSpec. 

TSpec admission control is used by the WLAN client (target clients are VoIP handsets) when a call is initiated and during a roam request. During a roam, the TSpec request is appended to the re-association request. 

Note that action code is 0 for ADDTS request.


Action code is 1 for ADDTS response. Status code 0 specifies that admission is accepted.

                                            figure -2

Following is the sample data packets for voice(with UP = 7) and best effort (UP = 0).

Data frame (voice):

Thursday, 25 July 2013

Part 2: P2P states

Run wpa_supplicant and wpa_cli in STA1 in another terminal.Similarly run wpa_supplicant and wpa_cli in STA2 also. (please refer to this link )

To discover other P2P devices, use p2p_find command.

Now, state machine enters scan and find phase. (find phase alternates between listen and search state.)

Scan phase

In scan phase all supported channels are scanned. It can either be an active scan or a passive scan. It sends probe requests in channel 1 to 11 or listens to beacon from channel 1 to 11.


Find phase:

1. Listen state

A P2P device that is not in a P2P group may use listen state to become discoverable.

  • In listen state P2P device dwells on listen channel (configured in p2p.conf => p2p_listen_channel=1 to configure listen channel as 1) for at least a contiguous period of 500ms every 5 seconds.
  •  Listens for probe requests and shall only respond to probe requests that contain P2P IE.
  • If probe request contains WPS IE with device type attribute, it  shall only respond if device type is same as it's primary and secondary device type.
Duration of each listen state shall be a random number 'T' such that,
Max discoverable Interval value > T > Min discoverable Interval value

Following is a P2P IE in probe request frame:

Group Limit field is 0 indicates that additional P2P connections are supported.
1 indicates that no further connections are allowed.

WPS IE in the same probe request:

2. Search State:

Alternates between channels 1,6 and 11. Sends probe request in one channel and listens for probe response from the same channel.

Find state is a combination of listen and search states.

Supported rates

Supported Rates Element

This element is included in the following frames sent from AP.
  1. Beacon
  2. Probe Response
  3. Association Response
  4. Reassociation Response 
AP mandates that stations joining the BSS support certain rates.  The rates required by the AP are called basic rates. In other words, basic rate contains the rates that all devices in the cell must support.  All management frames, multicast, and broadcast packets are  transmitted using one of the Basic Rates.

The Supported Rates element specifies up to eight rates. The information field is encoded as 1 to 8 octets, where each octet describes a single Supported Rate.

    IEEE 802.11 specification provides mapping value for each data rate. For example,

    value for few of the rates: 
    02 = 1 Mb/s
       03 = 1.5 Mb/s
    04 = 2 Mb/s
       05 = 2.5 Mb/s
     06 = 3 Mb/s
        09 = 4.5 Mb/s
       11 = 5.5 Mb/s
                                Figure 1: BSSBasicRateSet parameter encoding

    For the basic rate an encoding is used, which sets bit 7 to 1. Following is a part of beacon frame. As per figure 1, value for 1 Mb/s is 02 (0000 0010) . Notice the hex value highlighted in the following packet. it is 82 (1000 0010) for 1 Mb/s.

    This is applicable only for the basic rates (rates marked with (B)). You can notice that the other values after 11(B) which is 0x96 begin with 0.Remaining values are supported rates. (Support for these rates is not required to join a BSS, but a station may choose to transmit at any supported rate that the receiving station supports.)

    Extended Supported Rates element

    For STAs supporting eight or fewer data rates, this element is optional for
    inclusion. For STAs supporting more than eight data rates, this element shall
    be included in all of the frame types that include the supported rates element.

    The information field is encoded as 1 to 255 octets where each octet describes a single supported rate.

    From beacon frame:


    Wednesday, 24 July 2013

    Part 1: P2P aka WiFi Direct - Introduction and Configuration of wpa_supplicant in Linux kernel version 3.8.3

    What is P2P?

    P2P alias Wi-Fi Direct builds upon the successful IEEE802.11 infrastructure mode and lets devices negotiate who will take over the AP-like functionalities. Thus, legacy Wi-Fi devices may seamlessly connect to Wi-Fi Direct devices . By taking this decision, Wi-Fi Direct immediately inherits all the enhanced QoS, power saving, and security mechanisms.

    In a typical Wi-Fi network, clients discover and associate to WLANs, which are created and announced by Access Points (APs). In this way, a device unambiguously behaves either as an AP or as a client, each of these roles involving a different set of functionality. A major novelty of Wi-Fi Direct is that these roles are specified as dynamic, and hence a Wi-Fi Direct device has to implement both the role of a client and the role of an AP.

    The device implementing AP-like functionality in the P2P Group is referred to as the P2P Group Owner (P2P GO), and devices acting as clients are known as P2P
    Clients.Legacy clients can also communicate with the P2P GO, as long as they are not 802.11b-only devices and support the required security mechanisms.

    For example, consider a laptop accessing the Internet through a legacy infrastructure AP while at the same time streaming content to a TV set by establishing a P2P Group, where the laptop acts as P2P GO.If the P2P GO leaves the P2P Group then the group is torn down, and has to be re-established using some of the specified procedures.

    Wi-Fi Direct devices usually start by performing a traditional Wi-Fi scan (active or passive), by means of which they can discover existent P2P Groups and Wi-Fi networks.

    After this scan, a new Discovery algorithm is executed, which we describe next. First, a P2P Device selects one of the so-called Social channels, namely channels 1, 6 or 11 in the 2.4 Ghz band, as its Listen channel.

    Then, it alternates between two states: a search state, in which the device performs active scanning by sending Probe Requests in each of the social channels; and a listen state, in which the device listens for Probe Requests in its listen channel to respond with Probe Responses. The amount of time that a P2P Device spends on each state is randomly distributed, typically between 100 ms and 300 ms.

    How to know if your device supports p2p? Use iw list command in terminal and look for the following field. If it contains p2p-client and p2p-GO, you can be assured that your device supports P2P.

    Just like a client and server model, you need to run supplicant and p2p client.
    Supplicant is a daemon running in the user space to provide authentication.

    mac80211 and cfg80211 does not implement WPA feature. So you need a seperate program which provides supplicant functionality in Linux which is
    wpa_supplicant.Install latest release of wpa_supplicant from

    I downloaded: wpa_supplicant-2.0.tar.gz

    First thing you need to do is to create the .config file in the folder wpa_supplicant-2.0/wpa_supplicant from defconfig file.

    Enable following options in defconfig file (uncommenting is removing # in defconfig file)

    Give cp defconfig .config command and then make command in wpa_supplicant 
    folder. Now there are two binaries created wpa_supplicant and wpa_cli. In order to run wpa_supplicant we need a config file. Traditionally it is created in /etc folder. Here is a sample config file for p2p. (/etc/p2p.conf)

    Find out the wireless interface using iwconfig command and then give the following command in wpa_supplicant

    ./wpa_supplicant -i wlan2 -c /etc/p2p.conf -Dnl80211

    You will see a msg "Successfully initialized wpa_supplicant" which means that supplicant has started running.In another window run the wpa client using ./wpa_cli

    This opens an interactive mode in which commands can be given.
    Interactive mode

    (Tip: Use killall wpa_supplicant if you get error message like: 

    ctrl_iface exists and seems to be in use - cannot override it Delete '/var/run/wpa_supplicant/wlan2' manually if it is not used anymore Failed to initialize control interface '/var/run/wpa_supplicant'. You may have another wpa_supplicant process already running or the file was left by an unclean termination of wpa_supplicant in which case you will need to manually remove this file before starting wpa_supplicant again.  )