[OpenWrt-Devel] mac80211/DFS-support default since r42431

[Jonas Gorski]

On Mon, Sep 8, 2014 at 11:03 AM, Bastian Bittorf <bittorf at bluebottle.com> wrote:
> * Felix Fietkau <nbd at openwrt.org> [08.09.2014 10:36]:
>> > is from a security point of view a difficult thing - because everybody
>> > can take down a complete city-network.
>> I've never heard this claim before. How does enabling this option allow
>> people to take down a network?
>
> the theory is here:
> http://battlemesh.org/BattleMeshV7/Agenda?action=AttachFile&do=get&target=2014-05-17_wbmv7_DFS.pdf
>
> on short - it is a problem for IBSS/adhoc:
> if somebody sends a CSA / channel switch announcement which is
> not "signed/thrusted", you must switch.

So the issue is in CSA, not DFS. I have bad news for you: CSA support
is independent of DFS support and (being) implemented in the generic
mac80211 layer.

All my changeset did was to enable the hardware specific radar
detection support in ath9k/ath10k. So if CSAs are an issue, it was
already an issue before.

> also:
> "somebody" can just mark all channels as "unavailable".

How would they do that? Especially with non-DFS enabled channels.
Spamming CSAs? I'm pretty sure authorities get interested very fast if
you produce patterns triggering radar detection over a very wide band.

> the question is: is it really implemented in IBSS mode and
> what about vif's? (adhoc + ap)

There's both multi-vif CSA support as well as IBSS DFS support in
mac80211. CSA support was disabled until recently as it had locking
issues, but these are supposedly resolved. The current compat-wireless
used by OpenWrt still has it disabled.

But all of these should only affect you if you try to use a channel
requiring DFS support, and should have no influence when operating on
non-DFS channels.


Jonas
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel