On Thu, 2016-05-19 at 01:41 +0200, poma wrote: > On 18.05.2016 16:49, Thomas Haller wrote: > > > I actually have a question for you, and Lubo; > > In the wpa_supplicant, Pre-association MAC random-ization is disabled > per default: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 > PreassocMacAddr > Pre-association MAC address policy > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n41 > 8 > # MAC address policy for pre-association operations (scanning, ANQP) > # 0 = use permanent MAC address > # 1 = use random MAC address > # 2 = like 1, but maintain OUI (with local admin bit set) > #preassoc_mac_addr=0 > > > and the same was said, toward NetworkManager, in: > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS# > n8 > * Added an option to enable use of random MAC addresses for Wi-Fi > access > point scanning (defaults to disabled). Controlled with > 'wifi.mac-address-randomization' property > (MAC_ADDRESS_RANDOMIZATION key in > ifcfg files).
Yeah, this is wrong. I fixed it: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e0e1c5916073deac49d27a9ee2343073f5fe552a > -but- you said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 > .html > <quote> > When NM detects support in wpa-supplicant, it always sets > PreassocMacAddr to 1. This setting is only relevant during scanning, > and thus NM *always* enables it. > </quote> > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin > g-protection-in-wi-fi-networks > <quote> > What seems like a viable option is randomizing the MAC address while > scanning, > changing it every now and then, > but still use the hard-wired MAC address for association and actual > connectivity. [...] > With the upcoming NetworkManager 1.2 we’re doing this too. [...] > With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 > or newer) we’re doing this too. > </quote> > > > Is not that, as mentioned in the NEWS, in fact MAC random-ization per > connecting, not MAC random-ization per scanning!? You are right. > That is, in the wpa_supplicant, Connection MAC random-ization: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 > MacAddr > MAC address policy default > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n40 > 5 > # MAC address policy default > # 0 = use permanent MAC address > # 1 = use random MAC address for each ESS connection > # 2 = like 1, but maintain OUI (with local admin bit set) > # > # By default, permanent MAC address is used unless policy is changed > by > # the per-network mac_addr parameter. Global mac_addr=1 can be used > to > # change this default behavior. > #mac_addr=0 > > > toward NetworkManager, what -you- said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 > .html > <quote> > The mac-address-randomization connection-setting on the other hand, > configures the behavior while being connected. > </quote> > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin > g-protection-in-wi-fi-networks > <quote> > Could we randomize the permanent address too? > We added option for that to NetworkManager 1.2 too, but are leaving > it off. [...] > </quote> > > > What is what, and what is not!? :) > Hi poma, yes, the NEWS file was wrong. Also, as we already found out, another mistake was that wpa-supplicant support is not yet available in 2.4. It is currently only on master (and will be in supplicant version 2.6) -- unless we backport it, for which you opened a Fedora bug (thank you). Lubo's "but are leaving it off." statement means: if you leave the per-connection setting wifi.mac-address-randomization at "default", then the default means "off" -- unless you overwrite it via a global default value in /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. Does this resolve all unclarities? Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
