According to this one guy a group of PhD's had stated that B.A.T.M.A.N protocol is the best Mesh router protocol out there. B.A.T.M.A.N protocol is the one used by Freifunk, which is Germanys mesh community and perhaps the largest in the world. What exactly do you mean with malicious mesh node? For what purpose would the malicious nodes exist? Standard nodes have max capacity and you could set a cap limit to output for standard nodes. Someone running a malicious node would forge the output to very high, right?
What B.A.T.M.A.N. does is has every participant periodically announce themselves, and then each peer that hears them repeats the announcement. Each node remembers the best source for a particular host they've heard of and sends traffic for it in that general direction.
The announcements have a hop count and a sequence number to prevent loops and repetitions of the announcements.
There is absolutely no security at all, except by totally limiting access to the media (e.g. by encrypting all packets and not making the network accessible to the public).
If someone with access to the network wants to impersonate another party and receive almost all of their traffic all they have to do is start generating announcements for them. They can selectively mitm, impersonate, or block access to any other party on the mesh.
If you are using some L3 IP security on top of the mesh (like a VPN) then they can't impersonate but they can trivially deny access.
So as they stand right now, these protocols do not work for public networks except to the extent that no one wants to bother attacking them. A lot of the time that is probably true --- but centralized ISPs are also secure so long as no one wants to bother attacking.
It looks like the Freifunk firmware is still actively maintained--
https://github.com/ffbsee/ffbsee-firmware/commits/master thanks-- thats the sort of thing I was looking for when I asked before. There was a lot of excitement about meshes around 2013-2015 and there are a lot of dead webpages now.
No security? The network is connected to the internet with NAT which goes through a gateway that has a VPN. Is that not security? There is no way to spy or track or identify a single user of the network. In addition you can also encrypt the wi-fi signal. Centralized ISP's are not secure. Centralized ISP's are the security breach themselves. The intelligence community gathers data through the centralized ISP's. They can now without any permission or warrant get your entire browsing history.