[OpenWrt-Devel] mac80211/DFS-support default since r42431
with r42431 DFS is enabled by default[1]: mac80211: enable DFS support for ath9k/10k by default The DFS pattern detector now supports all three regions; ETSI, FCC and JP, so there is no reason to not have it enabled anymore. there was a long discussion on battlemesh/Leipzig[2] that this is from a security point of view a difficult thing - because everybody can take down a complete city-network. I'am unsure about the decision: a) selfbuilders can disable it b) it changes the default behaviour what do you think about it? bye, bastian [1] https://dev.openwrt.org/changeset/42431/trunk [2] http://www.battlemesh.org/BattleMeshV7 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] mac80211/DFS-support default since r42431
On 2014-09-08 08:52, Bastian Bittorf wrote: with r42431 DFS is enabled by default[1]: mac80211: enable DFS support for ath9k/10k by default The DFS pattern detector now supports all three regions; ETSI, FCC and JP, so there is no reason to not have it enabled anymore. there was a long discussion on battlemesh/Leipzig[2] that this is from a security point of view a difficult thing - because everybody can take down a complete city-network. I've never heard this claim before. How does enabling this option allow people to take down a network? - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] mac80211/DFS-support default since r42431
* Felix Fietkau n...@openwrt.org [08.09.2014 10:36]: is from a security point of view a difficult thing - because everybody can take down a complete city-network. I've never heard this claim before. How does enabling this option allow people to take down a network? the theory is here: http://battlemesh.org/BattleMeshV7/Agenda?action=AttachFiledo=gettarget=2014-05-17_wbmv7_DFS.pdf on short - it is a problem for IBSS/adhoc: if somebody sends a CSA / channel switch announcement which is not signed/thrusted, you must switch. also: somebody can just mark all channels as unavailable. the question is: is it really implemented in IBSS mode and what about vif's? (adhoc + ap) bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] mac80211/DFS-support default since r42431
On Mon, Sep 8, 2014 at 11:03 AM, Bastian Bittorf bitt...@bluebottle.com wrote: * Felix Fietkau n...@openwrt.org [08.09.2014 10:36]: is from a security point of view a difficult thing - because everybody can take down a complete city-network. I've never heard this claim before. How does enabling this option allow people to take down a network? the theory is here: http://battlemesh.org/BattleMeshV7/Agenda?action=AttachFiledo=gettarget=2014-05-17_wbmv7_DFS.pdf on short - it is a problem for IBSS/adhoc: if somebody sends a CSA / channel switch announcement which is not signed/thrusted, you must switch. So the issue is in CSA, not DFS. I have bad news for you: CSA support is independent of DFS support and (being) implemented in the generic mac80211 layer. All my changeset did was to enable the hardware specific radar detection support in ath9k/ath10k. So if CSAs are an issue, it was already an issue before. also: somebody can just mark all channels as unavailable. How would they do that? Especially with non-DFS enabled channels. Spamming CSAs? I'm pretty sure authorities get interested very fast if you produce patterns triggering radar detection over a very wide band. the question is: is it really implemented in IBSS mode and what about vif's? (adhoc + ap) There's both multi-vif CSA support as well as IBSS DFS support in mac80211. CSA support was disabled until recently as it had locking issues, but these are supposedly resolved. The current compat-wireless used by OpenWrt still has it disabled. But all of these should only affect you if you try to use a channel requiring DFS support, and should have no influence when operating on non-DFS channels. Jonas ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] mac80211/DFS-support default since r42431
* Jonas Gorski j...@openwrt.org [08.09.2014 11:54]: detection support in ath9k/ath10k. So if CSAs are an issue, it was already an issue before. thanks for pointing that, it was not clear to me. somebody can just mark all channels as unavailable. How would they do that? Especially with non-DFS enabled channels. Spamming CSAs? I'm pretty sure authorities get interested very fast if you produce patterns triggering radar detection over a very wide band. as far as i understand, sending a CSA can be done from anybody in IBSS. if a station hears a CSA it must mark the channel as unavailable, because you must thrust the CSA. Or is this only when a radar-pattern is detected? But all of these should only affect you if you try to use a channel requiring DFS support, and should have no influence when operating on non-DFS channels. ok. bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel