Re: Preserve MAC address for a specific device
On Tue, 2021-06-08 at 19:03 +0700, Pedro Ribeiro wrote: > On Tue, 2021-06-08 at 12:37 +0200, Thomas Haller wrote: > > That means the effectively used > > value can first always be configured for each profile, and > > these > > default values only matter if the per-profile values > > explicitly > > indicates to use the default from NetworkManager.conf. > > Thank you, this worked perfectly. Turns out I was setting the preserve > value after the general one, not before! ah cool... Note what `man NetworkManager.conf` says about the order of these sections: The sections within one file are considered in order of appearance, with the exception that the [connection] section is always considered last. In the example above, this order is [...] [...] When having different sections in multiple files, sections from files that are read later have higher priority. So within one file the priority of the sections is top-to-bottom. Across multiple files later definitions take precedence. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Preserve MAC address for a specific device
On Tue, 2021-06-08 at 12:37 +0200, Thomas Haller wrote: > That means the effectively used > value can first always be configured for each profile, and > these > default values only matter if the per-profile values > explicitly > indicates to use the default from NetworkManager.conf. Thank you, this worked perfectly. Turns out I was setting the preserve value after the general one, not before! Regards, -- Pedro Ribeiro Vulnerability and Reverse Engineer / Cyber Security Specialist ped...@gmail.com PGP: 4CE8 5A3D 133D 78BB BC03 671C 3C39 4966 870E 966C ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Preserve MAC address for a specific device
On Tue, 2021-06-08 at 15:17 +0700, Pedro Ribeiro via networkmanager- list wrote: > Hi, > > I have the following configuration in spoof.conf in order to anonymise > MAC addresses when connecting to a network: > > [device-mac-randomization] > wifi.scan-rand-mac-address=yes > > [connection-mac-randomization] > ethernet.cloned-mac-address=stable > wifi.cloned-mac-address=stable > > However, this doesn't work with an iPhone tether ethernet device: > > Jun 8 10:53:06 testing NetworkManager[50086]: > [1623124386.8513] device (iphone): state change: disconnected -> > prepare (reason 'none', sys-iface-state: 'managed') > Jun 8 10:53:06 testing NetworkManager[50086]: > [1623124386.8520] platform-linux: do-change-link[19]: failure changing > link: failure 95 (Operation not supported) > Jun 8 10:53:06 testing NetworkManager[50086]: > [1623124386.8537] platform-linux: do-change-link[19]: failure changing > link: failure 95 (Operation not supported) > Jun 8 10:53:06 testing NetworkManager[50086]: > [1623124386.8537] device (iphone): set-hw-addr: failed to set-cloned > MAC address to fa:2b:4c:dd:47:b1 (stable) (NME_UNSPEC) > Jun 8 10:53:06 testing NetworkManager[50086]: > [1623124386.8550] device (iphone): state change: prepare -> failed > (reason 'config-failed', sys-iface-state: 'managed') > > Probably the device doesn't allow the MAC address to be changed. > Anyway, I decided to see if I could disable the MAC address > randomisation for a specific device with the following config file: > > [connection-iphone] > match-device=interface-name:iphone > ethernet.cloned-mac-address=preserve > > ... but it doesn't seem to work, NM always tries to set the ethernet > address of the device as above. > > Am I doing something wrong? Is this possible, to have a global > randomisation on but turned off for a specific device? did you afterwards reload the configuration with `killall -SIGHUP` or `systemctl reload NetworkManager`? And did you re-activate the desired profile afterwards? `man NetworkManager.conf` says about the [connection*] section: Specify default values for connections. Such default values are only consulted if the corresponding per-connection property explicitly allows for that. That means, all these properties correspond to a property of the connection profile (for example connection.mud-url). Only if the per-profile property is set to a special value that indicates to use the default, the default value from NetworkManager.conf is consulted. It depends on the property, which is the special value that indicates fallback to the default, but it usually is something like empty, unset values or special numeric values like 0 or -1. That means the effectively used value can first always be configured for each profile, and these default values only matter if the per-profile values explicitly indicates to use the default from NetworkManager.conf. all these default values can be configured per-profile. Check the per-profile value by looking at the profile with `nmcli connection show "$PROFILE"`. > to have a global > randomisation on but turned off for a specific device? And, the default values in the [connection*] section can also be per- device too. As you specified "match-device=interface-name:iphone", this section will only be relevant when activating a profile on iphone device which does not specify ethernet.cloned-mac-address already. [connection-ethernet-cloned-mac-address-iphone] match-device=interface-name:iphone ethernet.cloned-mac-address=preserve [connection-ethernet-cloned-mac-address-all] ethernet.cloned-mac-address=stable best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Preserve MAC address for a specific device
Hi, I have the following configuration in spoof.conf in order to anonymise MAC addresses when connecting to a network: [device-mac-randomization] wifi.scan-rand-mac-address=yes [connection-mac-randomization] ethernet.cloned-mac-address=stable wifi.cloned-mac-address=stable However, this doesn't work with an iPhone tether ethernet device: Jun 8 10:53:06 testing NetworkManager[50086]: [1623124386.8513] device (iphone): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Jun 8 10:53:06 testing NetworkManager[50086]: [1623124386.8520] platform-linux: do-change-link[19]: failure changing link: failure 95 (Operation not supported) Jun 8 10:53:06 testing NetworkManager[50086]: [1623124386.8537] platform-linux: do-change-link[19]: failure changing link: failure 95 (Operation not supported) Jun 8 10:53:06 testing NetworkManager[50086]: [1623124386.8537] device (iphone): set-hw-addr: failed to set-cloned MAC address to fa:2b:4c:dd:47:b1 (stable) (NME_UNSPEC) Jun 8 10:53:06 testing NetworkManager[50086]: [1623124386.8550] device (iphone): state change: prepare -> failed (reason 'config-failed', sys-iface-state: 'managed') Probably the device doesn't allow the MAC address to be changed. Anyway, I decided to see if I could disable the MAC address randomisation for a specific device with the following config file: [connection-iphone] match-device=interface-name:iphone ethernet.cloned-mac-address=preserve ... but it doesn't seem to work, NM always tries to set the ethernet address of the device as above. Am I doing something wrong? Is this possible, to have a global randomisation on but turned off for a specific device? Thank you! -- Pedro Ribeiro Vulnerability and Reverse Engineer / Cyber Security Specialist ped...@gmail.com PGP: 4CE8 5A3D 133D 78BB BC03 671C 3C39 4966 870E 966C ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
