Has anyone looked into, or done, packet filtering on dtd links between nodes. For example, there are 2 nodes at a location, each using a separate SSID. One network, say NETA allows tunneling and has gateways. The other network, NETB, is perhaps designated for emcomm, does not want those services. However, users on NETA would like to access some services available on NETB.
Would it be possible to connect the two nodes together through a dual homed computer that ran some kind of filtering application that would keep NETA's gateways and tunneled nodes from being exposed to NETB?
thanks,
richard - wb6tae
Would it be possible to connect the two nodes together through a dual homed computer that ran some kind of filtering application that would keep NETA's gateways and tunneled nodes from being exposed to NETB?
thanks,
richard - wb6tae
Fundemntally possible but no one has done it yet.
Personaly I always envisioned some sort of switch in the UI that would have mesh backbone nodes perform that task of filtering out gateways advertisements so it could be used on backbone locations (each backbone routing node could be configured to stop propagating the route) so even more so you could easily block on PtP links between regions and similar which often have different policies. But I haven't seen much attention paid to the thought as few networks have yet gotten to the point they are worrying about it (though it's something that. Ow impacts my area as a local ham just linked us to a group in the north that's a bit more Wild West then we are down here like you describe)
Certianly a dedicated filtering appliance go do a lot more (such as data logging, traffic recording, name filtering and advertisement filtering, etc) but it would all have to be designed and programmed (and would highly recommend if done so it were done in connection with dev team to truely understand what the protocol implications are)
Agreed. My guess is there is already something out there that could be used for this application with nothing more than some (perhaps complex) configuration. I'll look around. In the meantime, if anyone has some ideas...
I'm a little less confident on something existing than you are, what this requires doing is Layer 7 filtering of OLSR.
While its a well established protocol language it does have modifications done to its since the basic RFC was created which is issue one, and issue two is I doubt many people would want to filter on it as its not too common a project (one reason why AREDN exists while there are doezns of mesh technolgoies is that obviously HAM's have different needs than the rest of the internet community) so tis a little more complex than that.
But if you find something certainly would wan tot hear about it.