On Fri, 2016-05-20 at 19:03 +0200, poma wrote: > On 19.05.2016 12:22, Thomas Haller wrote: > > > > On Thu, 2016-05-19 at 01:41 +0200, poma wrote: > > > > > > On 18.05.2016 16:49, Thomas Haller wrote: > > > > > > > > > > > I actually have a question for you, and Lubo; > > > > > > In the wpa_supplicant, Pre-association MAC random-ization is > > > disabled > > > per default: > > > > > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 > > > PreassocMacAddr > > > Pre-association MAC address policy > > > > > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > > > #n41 > > > 8 > > > # MAC address policy for pre-association operations (scanning, > > > ANQP) > > > # 0 = use permanent MAC address > > > # 1 = use random MAC address > > > # 2 = like 1, but maintain OUI (with local admin bit set) > > > #preassoc_mac_addr=0 > > > > > > > > > and the same was said, toward NetworkManager, in: > > > > > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N > > > EWS# > > > n8 > > > * Added an option to enable use of random MAC addresses for Wi-Fi > > > access > > > point scanning (defaults to disabled). Controlled with > > > 'wifi.mac-address-randomization' property > > > (MAC_ADDRESS_RANDOMIZATION key in > > > ifcfg files). > > Yeah, this is wrong. I fixed it: > > > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/? > > id=e0e1c5916073deac49d27a9ee2343073f5fe552a > > > > > > > > > > > > > > -but- you said in: > > > > > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > > > 0042 > > > .html > > > <quote> > > > When NM detects support in wpa-supplicant, it always sets > > > PreassocMacAddr to 1. This setting is only relevant during > > > scanning, > > > and thus NM *always* enables it. > > > </quote> > > > > > > > > > -and- as "published" by Lubo in: > > > > > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > > > ckin > > > g-protection-in-wi-fi-networks > > > <quote> > > > What seems like a viable option is randomizing the MAC address > > > while > > > scanning, > > > changing it every now and then, > > > but still use the hard-wired MAC address for association and > > > actual > > > connectivity. [...] > > > With the upcoming NetworkManager 1.2 we’re doing this too. [...] > > > With the upcoming NetworkManager 1.2 (when using wpa_supplicant > > > 2.4 > > > or newer) we’re doing this too. > > > </quote> > > > > > > > > > Is not that, as mentioned in the NEWS, in fact MAC random-ization > > > per > > > connecting, not MAC random-ization per scanning!? > > You are right. > > > > > > > > > > > > > > That is, in the wpa_supplicant, Connection MAC random-ization: > > > > > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 > > > MacAddr > > > MAC address policy default > > > > > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > > > #n40 > > > 5 > > > # MAC address policy default > > > # 0 = use permanent MAC address > > > # 1 = use random MAC address for each ESS connection > > > # 2 = like 1, but maintain OUI (with local admin bit set) > > > # > > > # By default, permanent MAC address is used unless policy is > > > changed > > > by > > > # the per-network mac_addr parameter. Global mac_addr=1 can be > > > used > > > to > > > # change this default behavior. > > > #mac_addr=0 > > > > > > > > > toward NetworkManager, what -you- said in: > > > > > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > > > 0042 > > > .html > > > <quote> > > > The mac-address-randomization connection-setting on the other > > > hand, > > > configures the behavior while being connected. > > > </quote> > > > > > > > > > -and- as "published" by Lubo in: > > > > > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > > > ckin > > > g-protection-in-wi-fi-networks > > > <quote> > > > Could we randomize the permanent address too? > > > We added option for that to NetworkManager 1.2 too, but are > > > leaving > > > it off. [...] > > > </quote> > > > > > > > > > What is what, and what is not!? :) > > > > > > > Hi poma, > > > > > > yes, the NEWS file was wrong. > > > > Also, as we already found out, another mistake was that wpa- > > supplicant > > support is not yet available in 2.4. It is currently only on master > > (and will be in supplicant version 2.6) > > -- unless we backport it, for which you opened a Fedora bug (thank > > you). > > > > > > Lubo's "but are leaving it off." statement means: > > if you leave the per-connection setting wifi.mac-address- > > randomization > > at "default", then the default means "off" > > -- unless you overwrite it via a global default value in > > /etc/NetworkManager/NetworkManager.conf, see `man > > NetworkManager.conf`. > > > > > > > > Does this resolve all unclarities? > > > > Of course! > > Here's the answer to your question - "Why do you say that "rand-mac" > does not work?" > > > == Client == > > # cat /sys/class/net/wlp0s2f1u3/address > 00:aa:bb:cc:dd:ee > > > # journalctl -o cat -b -u NetworkManager > ... > NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: > 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 > arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver > mt7601u > NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: > 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> > mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE > driver mt7601u > NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: > 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> > mtu 1500 arp 1 wifi? init addrgenmode eui64 addr 00:AA:BB:CC:DD:EE > driver mt7601u > > > # nmcli connection show WiFiRd | grep rand > 802-11-wireless.mac-address-randomization:default > > > # journalctl -o cat -b -u NetworkManager -f | grep -i rand > > NetworkManager[2125]: <debug> [[...]] CONFIG: wifi.mac-address- > randomization=2 > NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address- > randomization = 1 > NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address- > randomization = 1 > ... > NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: > config: set MAC randomization to 1 > NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: > config: set MAC randomization to 1 > NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: > config: set MAC randomization to 1
If you run the supplicant with debug logging, do you see messages like: nl80211: set_mac_addr for wlp0s2f1u3 to XXXXXXXXXX Using random MAC address XXXXXXXX or do you see any messages like: Failed to set random MAC address Could not update MAC address information ? Dan > > == Hotspot == > > # journalctl -o cat -b -u NetworkManager > ... > <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 > <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 arp 1 wifi? > init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb > <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 > <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 > wifi? init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb > <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 > <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 > wifi? init addrgenmode eui64 addr EE:DD:CC:BB:AA:00 driver rt2800usb > > > # tcpdump -i wlp2s2f7u2 > ... > [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, > xid, Flags [Response], length 6: 01 00 > [...] EAPOL key (3) v2, len 95 > [...] EAPOL key (3) v1, len 117 > [...] EAPOL key (3) v2, len 199 > [...] EAPOL key (3) v1, len 95 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: > BOOTP/DHCP, Reply, length 300 > [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, > length 28 > [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), > length 28 > . > [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, > xid, Flags [Response], length 6: 01 00 > [...] EAPOL key (3) v2, len 95 > [...] EAPOL key (3) v1, len 117 > [...] EAPOL key (3) v2, len 199 > [...] EAPOL key (3) v1, len 95 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: > BOOTP/DHCP, Reply, length 300 > [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, > length 28 > [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), > length 28 > . > [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, > xid, Flags [Response], length 6: 01 00 > [...] EAPOL key (3) v2, len 95 > [...] EAPOL key (3) v1, len 117 > [...] EAPOL key (3) v2, len 199 > [...] EAPOL key (3) v1, len 95 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request > from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 > [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: > BOOTP/DHCP, Reply, length 300 > [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, > length 28 > [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), > length 28 _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list