On 18.05.2016 16:49, Thomas Haller wrote: > On Wed, 2016-05-18 at 01:36 +0200, poma wrote: >> On 16.05.2016 23:07, Chris Laprise wrote: >>> >>> >>> >>> On 05/16/2016 12:03 PM, poma wrote: >>>> >>>> On 13.05.2016 00:16, Dan Williams wrote: >>>>> >>>>> On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I just installed NetworkManager 1.2 in fedora 23 in the hopes >>>>>> that I >>>>>> can >>>>>> get mac randomization working. Only problem is there's no >>>>>> sign of a >>>>>> setting for this in nmcli or the applet. I found a reference >>>>>> to a >>>>>> setting on the NetworkManager.conf manpage which states: >>>>>> >>>>>> wifi.mac-address-randomization >>>>>> If left unspecified, MAC address randomization >>>>>> is >>>>>> disabled. >>>>> wpa_supplicant only gained the necessary functionality that >>>>> NetworkManager looks for back in late October 2015. It was >>>>> committed >>>>> after wpa_supplicant 2.5 but it appears there hasn't been a >>>>> release >>>>> since then. But once that happens, or if you build supplicant >>>>> version >>>>> from git, NM will begin to use that capability if you've enable >>>>> it in >>>>> the NM configuration. >>>>> >>>>> http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a >>>>> 3c9cc37743747 >>>>> >>>>> Dan >>>>> >>>> dbus: Expose interface globals via D-Bus properties - 2.5 >>>> backport >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1336495 >>>> >>>> Professor, your patch your move ;) >>> LOL, that's great. I hope this means the feature could land in >>> Fedora >>> 24, which has wpas 2.5. >>> >>> Chris >>> >> # grep rand /etc/NetworkManager/NetworkManager.conf >> wifi.mac-address-randomization=2 > > the value 2 here means ALWAYS: > > typedef enum { > »···NM_SETTING_MAC_RANDOMIZATION_DEFAULT = 0, > »···NM_SETTING_MAC_RANDOMIZATION_NEVER = 1, > »···NM_SETTING_MAC_RANDOMIZATION_ALWAYS = 2, > } NMSettingMacRandomization; > >> >> # nmcli connection show WiFiRd | grep rand >> 802-11-wireless.mac-address-randomization:default > > correct, so it is allowed to fallback to the global configuration > above. > > > > >> # journalctl -o cat -b -u NetworkManager | grep random >> NetworkManager[2081]: <info> [...] sup-iface[[...],wlp0s2f1u3]: >> config: set MAC randomization to 1 > > here NM logs the value for the supplicant, that is supplicant's > "MacAddr" property, it is either 0 (no-rand) or 1 (randomization). > > This is not the numeric value 2 (from NMSettingMacRandomization). > > > So, above is correct and as expected (albeit confusing). > > >> The problem is that "rand-mac" does not work, >> tested with patched 2.5 and 2.6-devel, >> mt7601u and rt2800usb driven devices. > > Why do you say that "rand-mac" does not work? > > > > Thomas >
I actually have a question for you, and Lubo; In the wpa_supplicant, Pre-association MAC random-ization is disabled per default: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 PreassocMacAddr Pre-association MAC address policy https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n418 # MAC address policy for pre-association operations (scanning, ANQP) # 0 = use permanent MAC address # 1 = use random MAC address # 2 = like 1, but maintain OUI (with local admin bit set) #preassoc_mac_addr=0 and the same was said, toward NetworkManager, in: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS#n8 * Added an option to enable use of random MAC addresses for Wi-Fi access point scanning (defaults to disabled). Controlled with 'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in ifcfg files). -but- you said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042.html <quote> When NM detects support in wpa-supplicant, it always sets PreassocMacAddr to 1. This setting is only relevant during scanning, and thus NM *always* enables it. </quote> -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks <quote> What seems like a viable option is randomizing the MAC address while scanning, changing it every now and then, but still use the hard-wired MAC address for association and actual connectivity. [...] With the upcoming NetworkManager 1.2 we’re doing this too. [...] With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too. </quote> Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per scanning!? That is, in the wpa_supplicant, Connection MAC random-ization: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 MacAddr MAC address policy default https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n405 # MAC address policy default # 0 = use permanent MAC address # 1 = use random MAC address for each ESS connection # 2 = like 1, but maintain OUI (with local admin bit set) # # By default, permanent MAC address is used unless policy is changed by # the per-network mac_addr parameter. Global mac_addr=1 can be used to # change this default behavior. #mac_addr=0 toward NetworkManager, what -you- said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042.html <quote> The mac-address-randomization connection-setting on the other hand, configures the behavior while being connected. </quote> -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks <quote> Could we randomize the permanent address too? We added option for that to NetworkManager 1.2 too, but are leaving it off. [...] </quote> What is what, and what is not!? :) _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
