On Fri, 2018-06-29 at 15:48 -0500, Jim Campbell wrote:
Hi All, I was looking through the options regarding MAC Address randomization, and have a question about them. A member of my team wanted to know if it would be possible to do a sort of combo between the "stable" and the "random" options. As a refresher, here is my understanding of these two particular options: 1) The "stable" option - give one MAC address to My_Neat_Wifi_AP_Name (which would remain stable, but would be unique), and give another unique address to each other Wifi AP. The MAC address would remain stable for each of those AP's, but they would be unique between each other. or 2) The "random" option - Give a random MAC address to My_Neat_Wifi_AP_Name and to every other Wifi AP (each connection would always use a random MAC address every time the system connected to an AP). What my coworker inquired about is a mix between 1 (stable for My_Neat_Wifi_AP_Name ) and 2 (random for every other AP). I don't think this is currently possible (and may not be feasible / practical in the future), but I thought I would inquire about it just to be sure. Thanks very much for all of your work.
Hi,
I think that should be easily possible.
In general, NetworkManager is profile oriented. So, you anyway reqire a
profile for each SSID, as you see them with `nmcli connection`.
The configuration option in question (wifi.cloned-mac-address) is part
of the profile, you could just configure most profiles with a value
"random", except one having "stable". For example with something like:
for UUID in $(nmcli -g UUID connection); do nmcli connection modify uuid "$UUID" wifi.cloned-mac-address
$WHATEVER ; done
Alternativley, various profile settings support to have their default
value defined in NetworkManager.conf. See "CONNECTION SECTION" in `man
NetworkManager.conf`. As such, you could instead leave "wifi.cloned-
mac-address" setting of most profiles at their default/unset value.
This makes the setting elegible to fallback to the default from
NetworkManager.conf. Only at a selected few you'd configure an explicit
value.
It result is very similar, whether you explicitly configure "random" in
the profile, or whether you allow it to fall back to a default-value
"random" from NetworkManager.conf.
Also, I personally prefer to leave cloned-mac-address always unset (in
the profile), and set their default to "stable". But then instead I
tweak the stable-id to either "${RANDOM}" or "some value". The stable-
id itself can be dynamic, via certain special values ("${RANDOM}",
"${BOOT}", "${CONNECTION}", which also can be combined, like
"${CONNECTION}${BOOT}" -- which is actually the only combination that
makes sense).
See connection.stable-id in `man nm-settings` [1].
Actually, I use [2] snippet, with most profiles neither specifying
stable-id nor cloned-mac-address (thus, falling back to "stable" and a
"${RANDOM}" stable-id). And then, for a selected few profiles, I set a
more suitable stable-id.
[1] https://developer.gnome.org/NetworkManager/stable/nm-settings.html
[2]
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/nm-conf.d/30-anon.conf?id=b26efa5b680b45a1e6e8fcfb2f9ea996d8e28706
best,
Thomas
Kind regards, Jim P.S. Thanks for this well-written blog-post! https://blogs.gnome.org /thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ _______________________________________________ networkmanager-list mailing list networkmanager-list gnome org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Attachment:
signature.asc
Description: This is a digitally signed message part