On Tue, Mar 8, 2011 at 7:10 AM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > On Mon, 2011-03-07 at 18:11 -0800, Javier Cardona wrote: >> Notify userspace when a beacon/presp is received from a suitable mesh >> peer candidate for whom no sta information exists. Userspace can then >> decide to create a sta info for the candidate. If userspace is not >> ready to authenticate the peer right away, it can create the sta info >> with the authenticated flag unset and set it later. > > I'm a little worried about this creating lots of bogus stations if > somebody is attacking the mesh. Will that be relevant? Would it be > better to just pass up any beacon that matches the mesh ID, trading CPU > resources for memory? With this approach, when security is enabled, the decision to create the station is still made by the userspace daemon. A normal sequence would be: beacon is received mesh_matches_local is true no peer exists send NEW_PEER_CANDIDATE notification userspace creates unauthenticated station (optionally, to stop notifications) userspace authenticates station userspace sets authenticated flag But alternatively userspace can create no station at all. In that case a NEW_PEER_CANDIDATE notification is sent for every beacon received. If somebody decides to attack the mesh by sending bogus mesh beacons, userspace may decide not to create stations and ignore the notifications. You see a problem in this? > Also, this goes back to the "authenticate station" rather than full > station management in userspace, right? Partially. The station must still be created by userspace. We add the possibility to set the autenticated flag sometime after creation. I would also like to support the creation of a mesh candidate station with the ASSOC flag unset, which is not possible at this time. -- Javier Cardona cozybit Inc. http://www.cozybit.com -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
