On Mon, Sep 8, 2014 at 11:03 AM, Bastian Bittorf <bitt...@bluebottle.com> wrote: > * Felix Fietkau <n...@openwrt.org> [08.09.2014 10:36]: >> > is from a security point of view a difficult thing - because everybody >> > can take down a complete city-network. >> I've never heard this claim before. How does enabling this option allow >> people to take down a network? > > the theory is here: > http://battlemesh.org/BattleMeshV7/Agenda?action=AttachFile&do=get&target=2014-05-17_wbmv7_DFS.pdf > > on short - it is a problem for IBSS/adhoc: > if somebody sends a CSA / channel switch announcement which is > not "signed/thrusted", you must switch.
So the issue is in CSA, not DFS. I have bad news for you: CSA support is independent of DFS support and (being) implemented in the generic mac80211 layer. All my changeset did was to enable the hardware specific radar detection support in ath9k/ath10k. So if CSAs are an issue, it was already an issue before. > also: > "somebody" can just mark all channels as "unavailable". How would they do that? Especially with non-DFS enabled channels. Spamming CSAs? I'm pretty sure authorities get interested very fast if you produce patterns triggering radar detection over a very wide band. > the question is: is it really implemented in IBSS mode and > what about vif's? (adhoc + ap) There's both multi-vif CSA support as well as IBSS DFS support in mac80211. CSA support was disabled until recently as it had locking issues, but these are supposedly resolved. The current compat-wireless used by OpenWrt still has it disabled. But all of these should only affect you if you try to use a channel requiring DFS support, and should have no influence when operating on non-DFS channels. Jonas _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel