On 19.05.2016 12:22, Thomas Haller wrote: > On Thu, 2016-05-19 at 01:41 +0200, poma wrote: >> On 18.05.2016 16:49, Thomas Haller wrote: >>> >> I actually have a question for you, and Lubo; >> >> In the wpa_supplicant, Pre-association MAC random-ization is disabled >> per default: >> >> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 >> PreassocMacAddr >> Pre-association MAC address policy >> >> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n41 >> 8 >> # MAC address policy for pre-association operations (scanning, ANQP) >> # 0 = use permanent MAC address >> # 1 = use random MAC address >> # 2 = like 1, but maintain OUI (with local admin bit set) >> #preassoc_mac_addr=0 >> >> >> and the same was said, toward NetworkManager, in: >> >> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS# >> n8 >> * Added an option to enable use of random MAC addresses for Wi-Fi >> access >> point scanning (defaults to disabled). Controlled with >> 'wifi.mac-address-randomization' property >> (MAC_ADDRESS_RANDOMIZATION key in >> ifcfg files). > > Yeah, this is wrong. I fixed it: > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e0e1c5916073deac49d27a9ee2343073f5fe552a > > > > >> -but- you said in: >> >> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 >> .html >> <quote> >> When NM detects support in wpa-supplicant, it always sets >> PreassocMacAddr to 1. This setting is only relevant during scanning, >> and thus NM *always* enables it. >> </quote> >> >> >> -and- as "published" by Lubo in: >> >> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin >> g-protection-in-wi-fi-networks >> <quote> >> What seems like a viable option is randomizing the MAC address while >> scanning, >> changing it every now and then, >> but still use the hard-wired MAC address for association and actual >> connectivity. [...] >> With the upcoming NetworkManager 1.2 we’re doing this too. [...] >> With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 >> or newer) we’re doing this too. >> </quote> >> >> >> Is not that, as mentioned in the NEWS, in fact MAC random-ization per >> connecting, not MAC random-ization per scanning!? > > You are right. > > > > >> That is, in the wpa_supplicant, Connection MAC random-ization: >> >> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 >> MacAddr >> MAC address policy default >> >> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n40 >> 5 >> # MAC address policy default >> # 0 = use permanent MAC address >> # 1 = use random MAC address for each ESS connection >> # 2 = like 1, but maintain OUI (with local admin bit set) >> # >> # By default, permanent MAC address is used unless policy is changed >> by >> # the per-network mac_addr parameter. Global mac_addr=1 can be used >> to >> # change this default behavior. >> #mac_addr=0 >> >> >> toward NetworkManager, what -you- said in: >> >> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 >> .html >> <quote> >> The mac-address-randomization connection-setting on the other hand, >> configures the behavior while being connected. >> </quote> >> >> >> -and- as "published" by Lubo in: >> >> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin >> g-protection-in-wi-fi-networks >> <quote> >> Could we randomize the permanent address too? >> We added option for that to NetworkManager 1.2 too, but are leaving >> it off. [...] >> </quote> >> >> >> What is what, and what is not!? :) >> > > > Hi poma, > > > yes, the NEWS file was wrong. > > Also, as we already found out, another mistake was that wpa-supplicant > support is not yet available in 2.4. It is currently only on master > (and will be in supplicant version 2.6) > -- unless we backport it, for which you opened a Fedora bug (thank > you). > > > Lubo's "but are leaving it off." statement means: > if you leave the per-connection setting wifi.mac-address-randomization > at "default", then the default means "off" > -- unless you overwrite it via a global default value in > /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. > > > > Does this resolve all unclarities? >
Of course! Here's the answer to your question - "Why do you say that "rand-mac" does not work?" == Client == # cat /sys/class/net/wlp0s2f1u3/address 00:aa:bb:cc:dd:ee # journalctl -o cat -b -u NetworkManager ... NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver mt7601u NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver mt7601u NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 wifi? init addrgenmode eui64 addr 00:AA:BB:CC:DD:EE driver mt7601u # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalctl -o cat -b -u NetworkManager -f | grep -i rand NetworkManager[2125]: <debug> [[...]] CONFIG: wifi.mac-address-randomization=2 NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address-randomization = 1 NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address-randomization = 1 ... NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 == Hotspot == # journalctl -o cat -b -u NetworkManager ... <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 arp 1 wifi? init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 wifi? init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 wifi? init addrgenmode eui64 addr EE:DD:CC:BB:AA:00 driver rt2800usb # tcpdump -i wlp2s2f7u2 ... [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00 [...] EAPOL key (3) v2, len 95 [...] EAPOL key (3) v1, len 117 [...] EAPOL key (3) v2, len 199 [...] EAPOL key (3) v1, len 95 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: BOOTP/DHCP, Reply, length 300 [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, length 28 [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), length 28 . [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00 [...] EAPOL key (3) v2, len 95 [...] EAPOL key (3) v1, len 117 [...] EAPOL key (3) v2, len 199 [...] EAPOL key (3) v1, len 95 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: BOOTP/DHCP, Reply, length 300 [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, length 28 [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), length 28 . [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00 [...] EAPOL key (3) v2, len 95 [...] EAPOL key (3) v1, len 117 [...] EAPOL key (3) v2, len 199 [...] EAPOL key (3) v1, len 95 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: BOOTP/DHCP, Reply, length 300 [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, length 28 [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), length 28 _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list