Re: How to activate MAC address randomization?

On Thu, 2016-05-19 at 01:41 +0200, poma wrote:
On 18.05.2016 16:49, Thomas Haller wrote:
I actually have a question for you, and Lubo;

In the wpa_supplicant, Pre-association MAC random-ization is disabled
per default:
Pre-association MAC address policy
# MAC address policy for pre-association operations (scanning, ANQP)
# 0 = use permanent MAC address
# 1 = use random MAC address
# 2 = like 1, but maintain OUI (with local admin bit set)

and the same was said, toward NetworkManager, in:
* Added an option to enable use of random MAC addresses for Wi-Fi
    point scanning (defaults to disabled).  Controlled with
    'wifi.mac-address-randomization' property
    ifcfg files).

Yeah, this is wrong. I fixed it:

-but- you said in:
When NM detects support in wpa-supplicant, it always sets
PreassocMacAddr to 1. This setting is only relevant during scanning,
and thus NM *always* enables it.

-and- as "published" by Lubo in:
What seems like a viable option is randomizing the MAC address while
changing it every now and then,
but still use the hard-wired MAC address for association and actual
connectivity. [...]
With the upcoming NetworkManager 1.2 we’re doing this too. [...]
With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4
or newer) we’re doing this too.

Is not that, as mentioned in the NEWS, in fact MAC random-ization per
connecting, not MAC random-ization per scanning!?

You are right.

That is, in the wpa_supplicant, Connection MAC random-ization:
MAC address policy default
# MAC address policy default
# 0 = use permanent MAC address
# 1 = use random MAC address for each ESS connection
# 2 = like 1, but maintain OUI (with local admin bit set)
# By default, permanent MAC address is used unless policy is changed
# the per-network mac_addr parameter. Global mac_addr=1 can be used
# change this default behavior.

toward NetworkManager, what -you- said in:
The mac-address-randomization connection-setting on the other hand,
configures the behavior while being connected.

-and- as "published" by Lubo in:
Could we randomize the permanent address too?
We added option for that to NetworkManager 1.2 too, but are leaving
it off. [...]

What is what, and what is not!? :)

Hi poma,

yes, the NEWS file was wrong.

Also, as we already found out, another mistake was that wpa-supplicant
support is not yet available in 2.4. It is currently only on master
(and will be in supplicant version 2.6)
-- unless we backport it, for which you opened a Fedora bug (thank

Lubo's "but are leaving it off." statement means:
if you leave the per-connection setting wifi.mac-address-randomization
at "default", then the default means "off"
-- unless you overwrite it via a global default value in
/etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`.

Does this resolve all unclarities?


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]