Re: How to activate MAC address randomization?
- From: poma <pomidorabelisima gmail com>
- To: Thomas Haller <thaller redhat com>, Chris Laprise <tasket openmailbox org>, Dan Williams <dcbw redhat com>, networkmanager-list gnome org, Lubomir Rintel <lrintel redhat com>
- Subject: Re: How to activate MAC address randomization?
- Date: Thu, 19 May 2016 01:41:01 +0200
On 18.05.2016 16:49, Thomas Haller wrote:
On Wed, 2016-05-18 at 01:36 +0200, poma wrote:
On 16.05.2016 23:07, Chris Laprise wrote:
On 05/16/2016 12:03 PM, poma wrote:
On 13.05.2016 00:16, Dan Williams wrote:
On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote:
Hi,
I just installed NetworkManager 1.2 in fedora 23 in the hopes
that I
can
get mac randomization working. Only problem is there's no
sign of a
setting for this in nmcli or the applet. I found a reference
to a
setting on the NetworkManager.conf manpage which states:
wifi.mac-address-randomization
If left unspecified, MAC address randomization
is
disabled.
wpa_supplicant only gained the necessary functionality that
NetworkManager looks for back in late October 2015. It was
committed
after wpa_supplicant 2.5 but it appears there hasn't been a
release
since then. But once that happens, or if you build supplicant
version
from git, NM will begin to use that capability if you've enable
it in
the NM configuration.
http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a
3c9cc37743747
Dan
dbus: Expose interface globals via D-Bus properties - 2.5
backport
https://bugzilla.redhat.com/show_bug.cgi?id=1336495
Professor, your patch your move ;)
LOL, that's great. I hope this means the feature could land in
Fedora
24, which has wpas 2.5.
Chris
# grep rand /etc/NetworkManager/NetworkManager.conf
wifi.mac-address-randomization=2
the value 2 here means ALWAYS:
typedef enum {
»···NM_SETTING_MAC_RANDOMIZATION_DEFAULT = 0,
»···NM_SETTING_MAC_RANDOMIZATION_NEVER = 1,
»···NM_SETTING_MAC_RANDOMIZATION_ALWAYS = 2,
} NMSettingMacRandomization;
# nmcli connection show WiFiRd | grep rand
802-11-wireless.mac-address-randomization:default
correct, so it is allowed to fallback to the global configuration
above.
# journalctl -o cat -b -u NetworkManager | grep random
NetworkManager[2081]: <info> [...] sup-iface[[...],wlp0s2f1u3]:
config: set MAC randomization to 1
here NM logs the value for the supplicant, that is supplicant's
"MacAddr" property, it is either 0 (no-rand) or 1 (randomization).
This is not the numeric value 2 (from NMSettingMacRandomization).
So, above is correct and as expected (albeit confusing).
The problem is that "rand-mac" does not work,
tested with patched 2.5 and 2.6-devel,
mt7601u and rt2800usb driven devices.
Why do you say that "rand-mac" does not work?
Thomas
I actually have a question for you, and Lubo;
In the wpa_supplicant, Pre-association MAC random-ization is disabled per default:
https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964
PreassocMacAddr
Pre-association MAC address policy
https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n418
# MAC address policy for pre-association operations (scanning, ANQP)
# 0 = use permanent MAC address
# 1 = use random MAC address
# 2 = like 1, but maintain OUI (with local admin bit set)
#preassoc_mac_addr=0
and the same was said, toward NetworkManager, in:
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS#n8
* Added an option to enable use of random MAC addresses for Wi-Fi access
point scanning (defaults to disabled). Controlled with
'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in
ifcfg files).
-but- you said in:
https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042.html
<quote>
When NM detects support in wpa-supplicant, it always sets
PreassocMacAddr to 1. This setting is only relevant during scanning,
and thus NM *always* enables it.
</quote>
-and- as "published" by Lubo in:
https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks
<quote>
What seems like a viable option is randomizing the MAC address while scanning,
changing it every now and then,
but still use the hard-wired MAC address for association and actual connectivity. [...]
With the upcoming NetworkManager 1.2 we’re doing this too. [...]
With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too.
</quote>
Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per
scanning!?
That is, in the wpa_supplicant, Connection MAC random-ization:
https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954
MacAddr
MAC address policy default
https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n405
# MAC address policy default
# 0 = use permanent MAC address
# 1 = use random MAC address for each ESS connection
# 2 = like 1, but maintain OUI (with local admin bit set)
#
# By default, permanent MAC address is used unless policy is changed by
# the per-network mac_addr parameter. Global mac_addr=1 can be used to
# change this default behavior.
#mac_addr=0
toward NetworkManager, what -you- said in:
https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042.html
<quote>
The mac-address-randomization connection-setting on the other hand,
configures the behavior while being connected.
</quote>
-and- as "published" by Lubo in:
https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks
<quote>
Could we randomize the permanent address too?
We added option for that to NetworkManager 1.2 too, but are leaving it off. [...]
</quote>
What is what, and what is not!? :)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
