[Battlemesh] Linksys promises not to block free firmware

Jonathan Morton chromatix99 at gmail.com
Sat May 14 10:10:52 UTC 2016


> On 14 May, 2016, at 08:01, Mitar <mitar at tnode.com> wrote:
> 
> The best way to win is to go for a solution which works for both
> fighting parties. Do we know of such a solution?

The fundamental goal of the FCC (and the EU equivalent) is to prevent interference to existing licensed users of the 5GHz “unlicensed” band.  Our best chance of success is to minimise the probability of such interference, and to show that it is indeed minimised.

For clients, that turns out to be easy; they listen for an AP’s beacons on each channel before attempting to transmit on it.  They then adopt the AP’s regulatory domain settings on that frequency, and effectively inherit the AP’s regulatory compliance (as far as frequency is concerned).  Listening for radars becomes the AP’s responsibility, so assume I’m talking only about APs from here on.

In the 2.4GHz band, compliance would be straightforward to achieve in an internationally-compatible manner, by shipping devices which can only transmit on channels 1-11.  This however denies the use of channels 12, 13, 14 in regions where they are permitted - which is a problem, because the airwaves are very congested, making these extra channels valuable.  Also, such a simple solution is not available for 5GHz, because the allocations vary so much internationally.

In fact, the easiest way to make a wifi device transmit on an unauthorised frequency is to tell it to use a regulatory domain different from the one it’s actually in.  With my (draft-n standard) Airport Base Station, this is *unavoidable* if I were to take it outside the EU where it was sold; the settings app only lists EU countries, so I cannot set “USA” or “Japan” or “Korea".  And yes, I have been known to pack a cache of networking gear on business trips abroad, just in case - and this has actually proved worthwhile on occasion.

I think it is noteworthy that most instances of radar interference encountered in practice are from *outdoor* installations where the equipment has been *deliberately modified*, not only to disable the radar-detection logic but to increase the power and efficiency of transmission (this requiring *hardware* modifications).  No doubt this was often done to take advantage of channels left relatively clear by compliant equipment.

On the face of it, enforcement should be directed against the owners and operators of such networks, who I assume are relatively few in number.  This however sets the calibre of our adversary; he is *not* a typical home user.  The heavy-handed approach of the regulators (given that they seek a technical rather than legal solution) is thus explainable.

But there is still an easy workaround which this sort of adversary will soon find: buy the equipment abroad, and it will be set for a different regulatory domain anyway.  The shipping cost will be a little higher, that’s all.  No technical expertise required on the end-user’s part, and the only defence would be to outlaw the *importation* of wifi devices set to the wrong region, which would be impossible to enforce.

And that is why locking down the firmware is ultimately futile.  Anyone with sufficient motivation to set up an outdoor network can obtain devices with properly locked-down firmware, regulation-compliant in their intended country of sale, which transmit on whatever channel they want - as long as there is at least one region which does not restrict transmission on that channel for wifi devices.

That doesn’t necessarily mean we should have a free-for-all - but it does suggest that locking down the region setting is the wrong approach.  It would be just as effective to enforce a chain of trust between the regulatory authority and the domain settings that are loaded into the radio hardware, with the choice of region left up to the user.  Some devices might use geolocation to eliminate user error here - this is probably easiest with phones being used as mobile hotspots.  The option could be left open for separate domain settings for amateur-radio licence holders, though this would not be in the default firmware issued at retail.

This radio hardware, incidentally, is at Layer 1 of the networking stack - the physical layer.  There is little controversy over locking that down to a reasonable extent.  Almost all the things we’re interested in tweaking are at Layer 2 (MAC) and above (IP, etc).  So far, wifi hardware has not bothered to separate these layers cleanly, which is really what we need here.

 - Jonathan Morton



More information about the Battlemesh mailing list