On Thu, 2016-05-19 at 01:41 +0200, poma wrote:
On 18.05.2016 16:49, Thomas Haller wrote:I actually have a question for you, and Lubo; In the wpa_supplicant, Pre-association MAC random-ization is disabled per default: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 PreassocMacAddr Pre-association MAC address policy https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n41 8 # MAC address policy for pre-association operations (scanning, ANQP) # 0 = use permanent MAC address # 1 = use random MAC address # 2 = like 1, but maintain OUI (with local admin bit set) #preassoc_mac_addr=0 and the same was said, toward NetworkManager, in: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS# n8 * Added an option to enable use of random MAC addresses for Wi-Fi access point scanning (defaults to disabled). Controlled with 'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in ifcfg files).
Yeah, this is wrong. I fixed it: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e0e1c5916073deac49d27a9ee2343073f5fe552a
-but- you said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 .html <quote> When NM detects support in wpa-supplicant, it always sets PreassocMacAddr to 1. This setting is only relevant during scanning, and thus NM *always* enables it. </quote> -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin g-protection-in-wi-fi-networks <quote> What seems like a viable option is randomizing the MAC address while scanning, changing it every now and then, but still use the hard-wired MAC address for association and actual connectivity. [...] With the upcoming NetworkManager 1.2 we’re doing this too. [...] With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too. </quote> Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per scanning!?
You are right.
That is, in the wpa_supplicant, Connection MAC random-ization: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 MacAddr MAC address policy default https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n40 5 # MAC address policy default # 0 = use permanent MAC address # 1 = use random MAC address for each ESS connection # 2 = like 1, but maintain OUI (with local admin bit set) # # By default, permanent MAC address is used unless policy is changed by # the per-network mac_addr parameter. Global mac_addr=1 can be used to # change this default behavior. #mac_addr=0 toward NetworkManager, what -you- said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 .html <quote> The mac-address-randomization connection-setting on the other hand, configures the behavior while being connected. </quote> -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin g-protection-in-wi-fi-networks <quote> Could we randomize the permanent address too? We added option for that to NetworkManager 1.2 too, but are leaving it off. [...] </quote> What is what, and what is not!? :)
Hi poma, yes, the NEWS file was wrong. Also, as we already found out, another mistake was that wpa-supplicant support is not yet available in 2.4. It is currently only on master (and will be in supplicant version 2.6) -- unless we backport it, for which you opened a Fedora bug (thank you). Lubo's "but are leaving it off." statement means: if you leave the per-connection setting wifi.mac-address-randomization at "default", then the default means "off" -- unless you overwrite it via a global default value in /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. Does this resolve all unclarities? Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part