[Olsr-users] Inquiry about secure plugin of OLSR
Henning Rogge
(spam-protected)
Thu May 12 08:06:58 CEST 2011
On Wed May 11 2011 17:01:36 Zack Genesis wrote:
> I see... I get your point there...
> Other than the blackhole route method which might somehow block off unicast
> packet.
> Is there a way to convert unicast packets in to OLSR packet... maybe
> something like encapsulate Non-olsr packet into olsr packet?
> If it can be done... will the packet be block off by the secure plugin??
I think you still misunderstand the purpose of the OLSRd daemon. Its a pure
routing daemon that decides about forwarding rules to other nodes and tell the
kernel about it.
It's neither designed nor able to handle unicast traffic of the network. One
reason an OLSRd mesh is pretty fast even on slow hardware is that the traffic of
the network does not need to be transfered into userspace.
The only thing I see what you could do is to write an OLSR plugin that somehow
controls your local firewall to block of unwanted packages. But even then an
attacker would just spoof his IP address.
Using IPsec for unicast might be the better sollution.
Henning Rogge
--
Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
Kommunikation, Informationsverarbeitung und Ergonomie FKIE
Kommunikationssysteme (KOM)
Neuenahrer Straße 20, 53343 Wachtberg, Germany
Telefon +49 228 9435-961, Fax +49 228 9435 685
mailto:(spam-protected) http://www.fkie.fraunhofer.de
GPG: E1C6 0914 490B 3909 D944 F80D 4487 C67C 55EC CFE0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20110512/ba8eec55/attachment.sig>
More information about the Olsr-users
mailing list