Re: batman-adv: User defined nonce in packet header

[Sven Eckelmann <sven@narfation.org>]

[-- Attachment #1: Type: text/plain, Size: 2199 bytes --]

On Saturday, 30 January 2021 11:06:10 CET Sven Eckelmann wrote:
[...]
> The information are far to vague to give you anything.

I just got two mails which tried to standard new threads and were therefore 
rejected. Still I am forwarding the most relevant one of both to this thread.

But I still think that this is completely unrelated to batman-adv. Because it 
is at the completely wrong layer, doesn't have access to the users device
(and the other way around) and  the firewall wouldn't even see batman-adv packets:

----------  Forwarded Message  ----------

Subject: Users authentication with roaming feature
Date: Saturday, 30 January 2021, 14:18:02 CET
From: Tushar Malpani <tusharmalpani20@gmail.com>
To: b.a.t.m.a.n@lists.open-mesh.org

Hi,
     I have a community mesh setup here in India and we have been
using B.A.T.M.A.N  Adv as our mesh routing protocol. At present, we
are using pfSense firewall/router which hosts a captive portal for
authenticating a users. Am not sure but somehow it seems to work great
with client roaming as the users switches from one node to another
but, since it's easy to bypass a captive portal by changing one's IP
and MAC address we switched to different authentication methods such
and tried using WPA-Enterprise, VPN but none of those gave us a
seamless roaming experience.
So, we moved baked to captive portal as of now and understood it's
working and found that it uses ipfw table under the hood, it adds the
authenticated users IP address in ipfw tables and passes all the
request made by them.
And then we came up with the idea of adding an additional header to
each packet which will have a value(which is unique to each
user).After the first authentication we add that unique value to our
firewall rules which will be similar to what captive portal does but
secure since each value is unique to each user.
Can this be done by tweaking B.A.T.M.A.N Adv code or this is something
which should be done at users devices?
Is this idea as good as we think it is or there is already a better
solution out there?
Can you help point to where to look, learn and build this system?

Thanks and regards
Tushar Malpani
-----------------------------------------

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]