Feature #133

Add a 'privacy extension' - feature

Added by Linus L├╝ssing about 13 years ago. Updated almost 6 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Although each BATMAN-Adv node does not have a complete topology map, they still have a complete list of all nodes and mesh clients being bridged into the mesh network. This is not such a privacy issue for BATMAN nodes themselves as they're mostly having random mac-addresses on their bat0 interface anyway, but more for bridged-in clients which are usually using static plus unique mac-addresses. In a publicly accessable BATMAN-Adv mesh network this would mean, that those peoples' locations are trackable as a BATMAN node with the help of a vis-server and knowing a couple of node's geographical locations. Even a person's movements could be tracked while s/he might be roaming from access-point to access-point.

So like a 'privacy extension' had to be introduced to IPv6's Stateless Address Autoconfiguration (RFC 4941) because of those considerations, I'd see something similar neccessary for the BATMAN-Adv routing protocol as well. Maybe some people might say now, that users could get their privacy back by randomising their mac-address in their operating system already, but usually those users are not (and should not have to be) aware of what underlying 'routing voodoo' they are using.

Such a privacy extension could simply be masquerading the HNAs entering the network with a random one as well as the data packets mac-address in the ethernet frame. So each BATMAN node would manage a look-up/translation table for its local mesh clients. Each entry would have to be purged after it times out.

Some more efforts would be needed to ensure roaming capabilities for those clients not running a batman-daemon (but could be done later in my opinion, as people really needing roaming capabilities would be better off with running their own batman-daemon with a high(er) OGM frequency anyway). But maybe this might be done by asking just the local neighbours, if any of them had seen/translated the real mac-address of its new client before.



Updated by Simon Wunderlich almost 13 years ago

  • Status changed from New to Closed

no plans to do this. I'd suggest to implement some "symmetric MAC NAT" like this in ebtables/bridge/etc. You might also run into different problems (e.g. roaming won't work anymore, etc).


Updated by Anonymous over 11 years ago

  • Assignee deleted (Anonymous)
  • Category set to 2

Updated by Sven Eckelmann over 6 years ago

  • Description updated (diff)

Updated by Sven Eckelmann almost 6 years ago

  • Status changed from Closed to Rejected

Also available in: Atom PDF