On 20.05.2016 19:36, Dan Williams wrote:
> On Fri, 2016-05-20 at 19:03 +0200, poma wrote:
>> On 19.05.2016 12:22, Thomas Haller wrote:
>>>
>>> On Thu, 2016-05-19 at 01:41 +0200, poma wrote:
>>>>
>>>> On 18.05.2016 16:49, Thomas Haller wrote:
>>>>>
>>>>>
>>>> I actually have a question for you, and Lubo;
>>>>
>>>> In the wpa_supplicant, Pre-association MAC random-ization is
>>>> disabled
>>>> per default:
>>>>
>>>> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964
>>>> PreassocMacAddr
>>>> Pre-association MAC address policy
>>>>
>>>> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf
>>>> #n41
>>>> 8
>>>> # MAC address policy for pre-association operations (scanning,
>>>> ANQP)
>>>> # 0 = use permanent MAC address
>>>> # 1 = use random MAC address
>>>> # 2 = like 1, but maintain OUI (with local admin bit set)
>>>> #preassoc_mac_addr=0
>>>>
>>>>
>>>> and the same was said, toward NetworkManager, in:
>>>>
>>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N
>>>> EWS#
>>>> n8
>>>> * Added an option to enable use of random MAC addresses for Wi-Fi
>>>> access
>>>> point scanning (defaults to disabled). Controlled with
>>>> 'wifi.mac-address-randomization' property
>>>> (MAC_ADDRESS_RANDOMIZATION key in
>>>> ifcfg files).
>>> Yeah, this is wrong. I fixed it:
>>>
>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?
>>> id=e0e1c5916073deac49d27a9ee2343073f5fe552a
>>>
>>>
>>>
>>>
>>>>
>>>> -but- you said in:
>>>>
>>>> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0
>>>> 0042
>>>> .html
>>>> <quote>
>>>> When NM detects support in wpa-supplicant, it always sets
>>>> PreassocMacAddr to 1. This setting is only relevant during
>>>> scanning,
>>>> and thus NM *always* enables it.
>>>> </quote>
>>>>
>>>>
>>>> -and- as "published" by Lubo in:
>>>>
>>>> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra
>>>> ckin
>>>> g-protection-in-wi-fi-networks
>>>> <quote>
>>>> What seems like a viable option is randomizing the MAC address
>>>> while
>>>> scanning,
>>>> changing it every now and then,
>>>> but still use the hard-wired MAC address for association and
>>>> actual
>>>> connectivity. [...]
>>>> With the upcoming NetworkManager 1.2 we’re doing this too. [...]
>>>> With the upcoming NetworkManager 1.2 (when using wpa_supplicant
>>>> 2.4
>>>> or newer) we’re doing this too.
>>>> </quote>
>>>>
>>>>
>>>> Is not that, as mentioned in the NEWS, in fact MAC random-ization
>>>> per
>>>> connecting, not MAC random-ization per scanning!?
>>> You are right.
>>>
>>>
>>>
>>>
>>>>
>>>> That is, in the wpa_supplicant, Connection MAC random-ization:
>>>>
>>>> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954
>>>> MacAddr
>>>> MAC address policy default
>>>>
>>>> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf
>>>> #n40
>>>> 5
>>>> # MAC address policy default
>>>> # 0 = use permanent MAC address
>>>> # 1 = use random MAC address for each ESS connection
>>>> # 2 = like 1, but maintain OUI (with local admin bit set)
>>>> #
>>>> # By default, permanent MAC address is used unless policy is
>>>> changed
>>>> by
>>>> # the per-network mac_addr parameter. Global mac_addr=1 can be
>>>> used
>>>> to
>>>> # change this default behavior.
>>>> #mac_addr=0
>>>>
>>>>
>>>> toward NetworkManager, what -you- said in:
>>>>
>>>> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0
>>>> 0042
>>>> .html
>>>> <quote>
>>>> The mac-address-randomization connection-setting on the other
>>>> hand,
>>>> configures the behavior while being connected.
>>>> </quote>
>>>>
>>>>
>>>> -and- as "published" by Lubo in:
>>>>
>>>> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra
>>>> ckin
>>>> g-protection-in-wi-fi-networks
>>>> <quote>
>>>> Could we randomize the permanent address too?
>>>> We added option for that to NetworkManager 1.2 too, but are
>>>> leaving
>>>> it off. [...]
>>>> </quote>
>>>>
>>>>
>>>> What is what, and what is not!? :)
>>>>
>>>
>>> Hi poma,
>>>
>>>
>>> yes, the NEWS file was wrong.
>>>
>>> Also, as we already found out, another mistake was that wpa-
>>> supplicant
>>> support is not yet available in 2.4. It is currently only on master
>>> (and will be in supplicant version 2.6)
>>> -- unless we backport it, for which you opened a Fedora bug (thank
>>> you).
>>>
>>>
>>> Lubo's "but are leaving it off." statement means:
>>> if you leave the per-connection setting wifi.mac-address-
>>> randomization
>>> at "default", then the default means "off"
>>> -- unless you overwrite it via a global default value in
>>> /etc/NetworkManager/NetworkManager.conf, see `man
>>> NetworkManager.conf`.
>>>
>>>
>>>
>>> Does this resolve all unclarities?
>>>
>>
>> Of course!
>>
>> Here's the answer to your question - "Why do you say that "rand-mac"
>> does not work?"
>>
>>
>> == Client ==
>>
>> # cat /sys/class/net/wlp0s2f1u3/address
>> 00:aa:bb:cc:dd:ee
>>
>>
>> # journalctl -o cat -b -u NetworkManager
>> ...
>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed:
>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500
>> arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver
>> mt7601u
>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed:
>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup>
>> mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE
>> driver mt7601u
>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed:
>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup>
>> mtu 1500 arp 1 wifi? init addrgenmode eui64 addr 00:AA:BB:CC:DD:EE
>> driver mt7601u
>>
>>
>> # nmcli connection show WiFiRd | grep rand
>> 802-11-wireless.mac-address-randomization:default
>>
>>
>> # journalctl -o cat -b -u NetworkManager -f | grep -i rand
>>
>> NetworkManager[2125]: <debug> [[...]] CONFIG: wifi.mac-address-
>> randomization=2
>> NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address-
>> randomization = 1
>> NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address-
>> randomization = 1
>> ...
>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]:
>> config: set MAC randomization to 1
>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]:
>> config: set MAC randomization to 1
>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]:
>> config: set MAC randomization to 1
>
> If you run the supplicant with debug logging, do you see messages like:
>
> nl80211: set_mac_addr for wlp0s2f1u3 to XXXXXXXXXX
> Using random MAC address XXXXXXXX
>
> or do you see any messages like:
>
> Failed to set random MAC address
> Could not update MAC address information
>
> ?
>
> Dan
>
# journalctl -o short-monotonic -b -u wpa_supplicant | egrep -i mac\|rand
[ 38.736110] lnx wpa_supplicant[2422]: random: Trying to read entropy from
/dev/random
[ 38.738572] lnx wpa_supplicant[2422]: random: Got 20/20 bytes from
/dev/random
[ 174.447387] lnx wpa_supplicant[2422]: wlp0s2f1u3: Own MAC address:
00:aa:bb:cc:dd:ee
[ 174.450838] lnx wpa_supplicant[2422]: wlp0s2f1u3: WPS: UUID based on MAC
address: [...]
[ 174.472250] lnx wpa_supplicant[2422]: wlp0s4f1u1: Own MAC address:
ee:dd:cc:bb:aa:00
[ 174.483434] lnx wpa_supplicant[2422]: properties_get_or_set:
Set(PreassocMacAddr)
[ 174.483627] lnx wpa_supplicant[2422]: preassoc_mac_addr=1
[ 174.902680] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to 5a:c2:ee:36:48:3f
[ 174.954705] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
5a:c2:ee:36:48:3f
[ 174.966249] lnx wpa_supplicant[2422]: properties_get_or_set:
Set(PreassocMacAddr)
[ 174.966446] lnx wpa_supplicant[2422]: preassoc_mac_addr=1
[ 175.380436] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to 9a:a5:7a:36:7d:33
[ 175.614766] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
9a:a5:7a:36:7d:33
[ 178.006699] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected random
MAC address has not yet expired
[ 178.013728] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected random
MAC address has not yet expired
[ 201.018229] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected random
MAC address has not yet expired
[ 201.020298] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected random
MAC address has not yet expired
[ 234.022119] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected random
MAC address has not yet expired
[ 234.023105] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected random
MAC address has not yet expired
[ 277.432410] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to 4a:73:b1:79:04:f4
[ 277.468792] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
4a:73:b1:79:04:f4
[ 277.890732] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to e2:0a:50:fb:3d:1d
[ 278.098748] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
e2:0a:50:fb:3d:1d
[ 330.120064] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected random
MAC address has not yet expired
[ 330.120976] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected random
MAC address has not yet expired
[ 393.426189] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to 06:d2:3a:84:9c:09
[ 393.457738] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
06:d2:3a:84:9c:09
[ 393.881657] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to 46:fd:91:cc:a9:5e
[ 394.096735] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
46:fd:91:cc:a9:5e
[ 456.452965] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to c2:cf:77:68:f2:f8
[ 456.498794] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
c2:cf:77:68:f2:f8
[ 456.911105] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to 12:16:f6:16:28:f2
[ 457.143778] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
12:16:f6:16:28:f2
[ 519.441354] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to b2:23:e6:f5:ef:e0
[ 519.475777] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
b2:23:e6:f5:ef:e0
[ 519.899036] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to 4a:3b:9a:a9:0b:bb
[ 520.116736] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
4a:3b:9a:a9:0b:bb
[ 582.464207] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to ae:16:d5:83:08:e0
[ 582.489822] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
ae:16:d5:83:08:e0
[ 582.918087] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to 66:6e:61:ab:c6:1d
[ 583.127823] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
66:6e:61:ab:c6:1d
[ 645.443366] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3
to e6:e9:69:4a:91:d9
[ 645.472711] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address
e6:e9:69:4a:91:d9
[ 645.884186] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1
to de:98:b2:d0:65:5b
[ 646.108737] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address
de:98:b2:d0:65:5b
# systemctl status wpa_supplicant.service | grep sbin
└─2422 /usr/sbin/wpa_supplicant -c
/etc/wpa_supplicant/wpa_supplicant.conf -u -dd
# man 8 wpa_supplicant
...
COMMAND LINE OPTIONS
...
-u Enable DBus control interface. If enabled, interface definitions may be
omitted.
(This is only available if wpa_supplicant was built with the
CONFIG_DBUS option.)
Is CONFIG_DBUS option necessary in
https://pkgs.fedoraproject.org/cgit/rpms/wpa_supplicant.git/tree/build-config
?
>>
>> == Hotspot ==
>>
>> # journalctl -o cat -b -u NetworkManager
>> ...
>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2
>> <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 arp 1 wifi?
>> init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb
>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2
>> <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1
>> wifi? init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb
>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2
>> <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1
>> wifi? init addrgenmode eui64 addr EE:DD:CC:BB:AA:00 driver rt2800usb
>>
>>
>> # tcpdump -i wlp2s2f7u2
>> ...
>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered,
>> xid, Flags [Response], length 6: 01 00
>> [...] EAPOL key (3) v2, len 95
>> [...] EAPOL key (3) v1, len 117
>> [...] EAPOL key (3) v2, len 199
>> [...] EAPOL key (3) v1, len 95
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc:
>> BOOTP/DHCP, Reply, length 300
>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain,
>> length 28
>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown),
>> length 28
>> .
>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered,
>> xid, Flags [Response], length 6: 01 00
>> [...] EAPOL key (3) v2, len 95
>> [...] EAPOL key (3) v1, len 117
>> [...] EAPOL key (3) v2, len 199
>> [...] EAPOL key (3) v1, len 95
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc:
>> BOOTP/DHCP, Reply, length 300
>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain,
>> length 28
>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown),
>> length 28
>> .
>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered,
>> xid, Flags [Response], length 6: 01 00
>> [...] EAPOL key (3) v2, len 95
>> [...] EAPOL key (3) v1, len 117
>> [...] EAPOL key (3) v2, len 199
>> [...] EAPOL key (3) v1, len 95
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request
>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300
>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc:
>> BOOTP/DHCP, Reply, length 300
>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain,
>> length 28
>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown),
>> length 28
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
