Re: How to activate MAC address randomization?

From: poma <pomidorabelisima gmail com>
To: Thomas Haller <thaller redhat com>, Chris Laprise <tasket openmailbox org>
Cc: Network Manager <networkmanager-list gnome org>
Subject: Re: How to activate MAC address randomization?
Date: Mon, 11 Jul 2016 19:12:49 +0200

On 06.07.2016 17:41, Thomas Haller wrote:

On Wed, 2016-07-06 at 16:45 +0200, poma wrote:

On 18.06.2016 14:36, Chris Laprise wrote:

[...]

Is there more of a consensus now on this issue?

My last attempt at using NM 1.2 with wpas 2.4 and iwlwifi driver
(which 
supposedly uses nl80211) resulted in NM saying it couldn't turn 
randomization on.

If I compile the latest NM 1.2 and wpas 2.5 master branches, should
it 
work? My objective is to document the conditions and steps needed
to get 
wifi randomization operational on Qubes OS, which is based on
fedora.

Chris



Have you tested recent Haller's commits?
"wifi: implement MAC address randomization in NetworkManager instead
of supplicant"
https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?qt=gr
ep&q=randomization


Hi poma,


I wanted to reply to this thread, explaining what I changed there... I
forgot, ...


on master (upcoming 1.4.0) wpa-supplicant is no longer used to
randomize MAC addresses. Instead it's done by NetworkManager.
Also, this also works now with ethernet, not only Wi-Fi.



Again, randomization during Wi-Fi scanning is enabled by default. It
can be disabled per-device via NetworkManager.conf:
  [device]
  wifi.scan-rand-mac-address=no
See `man NetworkManager.conf`.


For randomzation during connection, the wifi.mac-address-randomization
setting is deprecated (but still used in case you have old connections
on disc).
Now, you configure instead wifi.cloned-mac-address (or ethernet.cloned-
mac-address). See `man nm-settings`.

  nmcli connection modify $MY_WIFI wifi.cloned-mac-address stable



Vorsprung durch Technik


Tested, and
basic, Pre-association / Scanning -and- Association / Connection - random MAC address works

/etc/NetworkManager/NetworkManager.conf
...
[connection]
# deprecated - see 'man 5 NetworkManager.conf / nm-settings':
# wifi.mac-address-randomization=2
#
# replacement:
wifi.cloned-mac-address=random

[device]
# default:
# wifi.scan-rand-mac-address=yes


Test builds - Fedora:
http://goo.gl/Gm4ffO
net/


Repairs double "random" ethernet / wifi assigned-mac-address value description for NM-SETTINGS(5)
---
 libnm-core/nm-setting-wired.c    | 2 +-
 libnm-core/nm-setting-wireless.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c
index 66ed9c4..fc5ab3e 100644
--- a/libnm-core/nm-setting-wired.c
+++ b/libnm-core/nm-setting-wired.c
@@ -1151,7 +1151,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
         * format: string
         * description: The new field for the cloned MAC address. It can be either
         *   a hardware address in ASCII representation, or one of the special values
-        *   "preserve", "permanent", "random", "random" or "stable".
+        *   "preserve", "permanent", "random" or "stable".
         *   This field replaces the deprecated "cloned-mac-address" on D-Bus, which
         *   can only contain explict hardware addresses.
         * ---end---
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
index 2aa29c9..a7f58fe 100644
--- a/libnm-core/nm-setting-wireless.c
+++ b/libnm-core/nm-setting-wireless.c
@@ -1392,7 +1392,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
         * format: string
         * description: The new field for the cloned MAC address. It can be either
         *   a hardware address in ASCII representation, or one of the special values
-        *   "preserve", "permanent", "random", "random" or "stable".
+        *   "preserve", "permanent", "random" or "stable".
         *   This field replaces the deprecated "cloned-mac-address" on D-Bus, which
         *   can only contain explict hardware addresses.
         * ---end---
--




Related expert options are:

  * per-connection (man nm-settings):

    - "connection.stable-id", which affects the generated ID for
      with "cloned-mac-address=stable". If you have multiple 
      connections that should generate the same MAC address.

    - "wifi.generate-mac-address-mask",
      "ethernet.generate-mac-address-mask"

  * per-device (man NetworkManager.conf):

    - "wifi.scan-generate-mac-address-mask"



Thomas



Chris, tested expert options?

References:
- Re: How to activate MAC address randomization?
  - From: poma
- Re: How to activate MAC address randomization?
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]