On 21.05.2016 01:03, poma wrote: > On 20.05.2016 19:36, Dan Williams wrote: >> On Fri, 2016-05-20 at 19:03 +0200, poma wrote: >>> On 19.05.2016 12:22, Thomas Haller wrote: >>>> >>>> On Thu, 2016-05-19 at 01:41 +0200, poma wrote: >>>>> >>>>> On 18.05.2016 16:49, Thomas Haller wrote: >>>>>> >>>>>> >>>>> I actually have a question for you, and Lubo; >>>>> >>>>> In the wpa_supplicant, Pre-association MAC random-ization is >>>>> disabled >>>>> per default: >>>>> >>>>> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 >>>>> PreassocMacAddr >>>>> Pre-association MAC address policy >>>>> >>>>> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf >>>>> #n41 >>>>> 8 >>>>> # MAC address policy for pre-association operations (scanning, >>>>> ANQP) >>>>> # 0 = use permanent MAC address >>>>> # 1 = use random MAC address >>>>> # 2 = like 1, but maintain OUI (with local admin bit set) >>>>> #preassoc_mac_addr=0 >>>>> >>>>> >>>>> and the same was said, toward NetworkManager, in: >>>>> >>>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N >>>>> EWS# >>>>> n8 >>>>> * Added an option to enable use of random MAC addresses for Wi-Fi >>>>> access >>>>> point scanning (defaults to disabled). Controlled with >>>>> 'wifi.mac-address-randomization' property >>>>> (MAC_ADDRESS_RANDOMIZATION key in >>>>> ifcfg files). >>>> Yeah, this is wrong. I fixed it: >>>> >>>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/? >>>> id=e0e1c5916073deac49d27a9ee2343073f5fe552a >>>> >>>> >>>> >>>> >>>>> >>>>> -but- you said in: >>>>> >>>>> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 >>>>> 0042 >>>>> .html >>>>> <quote> >>>>> When NM detects support in wpa-supplicant, it always sets >>>>> PreassocMacAddr to 1. This setting is only relevant during >>>>> scanning, >>>>> and thus NM *always* enables it. >>>>> </quote> >>>>> >>>>> >>>>> -and- as "published" by Lubo in: >>>>> >>>>> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra >>>>> ckin >>>>> g-protection-in-wi-fi-networks >>>>> <quote> >>>>> What seems like a viable option is randomizing the MAC address >>>>> while >>>>> scanning, >>>>> changing it every now and then, >>>>> but still use the hard-wired MAC address for association and >>>>> actual >>>>> connectivity. [...] >>>>> With the upcoming NetworkManager 1.2 we’re doing this too. [...] >>>>> With the upcoming NetworkManager 1.2 (when using wpa_supplicant >>>>> 2.4 >>>>> or newer) we’re doing this too. >>>>> </quote> >>>>> >>>>> >>>>> Is not that, as mentioned in the NEWS, in fact MAC random-ization >>>>> per >>>>> connecting, not MAC random-ization per scanning!? >>>> You are right. >>>> >>>> >>>> >>>> >>>>> >>>>> That is, in the wpa_supplicant, Connection MAC random-ization: >>>>> >>>>> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 >>>>> MacAddr >>>>> MAC address policy default >>>>> >>>>> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf >>>>> #n40 >>>>> 5 >>>>> # MAC address policy default >>>>> # 0 = use permanent MAC address >>>>> # 1 = use random MAC address for each ESS connection >>>>> # 2 = like 1, but maintain OUI (with local admin bit set) >>>>> # >>>>> # By default, permanent MAC address is used unless policy is >>>>> changed >>>>> by >>>>> # the per-network mac_addr parameter. Global mac_addr=1 can be >>>>> used >>>>> to >>>>> # change this default behavior. >>>>> #mac_addr=0 >>>>> >>>>> >>>>> toward NetworkManager, what -you- said in: >>>>> >>>>> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 >>>>> 0042 >>>>> .html >>>>> <quote> >>>>> The mac-address-randomization connection-setting on the other >>>>> hand, >>>>> configures the behavior while being connected. >>>>> </quote> >>>>> >>>>> >>>>> -and- as "published" by Lubo in: >>>>> >>>>> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra >>>>> ckin >>>>> g-protection-in-wi-fi-networks >>>>> <quote> >>>>> Could we randomize the permanent address too? >>>>> We added option for that to NetworkManager 1.2 too, but are >>>>> leaving >>>>> it off. [...] >>>>> </quote> >>>>> >>>>> >>>>> What is what, and what is not!? :) >>>>> >>>> >>>> Hi poma, >>>> >>>> >>>> yes, the NEWS file was wrong. >>>> >>>> Also, as we already found out, another mistake was that wpa- >>>> supplicant >>>> support is not yet available in 2.4. It is currently only on master >>>> (and will be in supplicant version 2.6) >>>> -- unless we backport it, for which you opened a Fedora bug (thank >>>> you). >>>> >>>> >>>> Lubo's "but are leaving it off." statement means: >>>> if you leave the per-connection setting wifi.mac-address- >>>> randomization >>>> at "default", then the default means "off" >>>> -- unless you overwrite it via a global default value in >>>> /etc/NetworkManager/NetworkManager.conf, see `man >>>> NetworkManager.conf`. >>>> >>>> >>>> >>>> Does this resolve all unclarities? >>>> >>> >>> Of course! >>> >>> Here's the answer to your question - "Why do you say that "rand-mac" >>> does not work?" >>> >>> >>> == Client == >>> >>> # cat /sys/class/net/wlp0s2f1u3/address >>> 00:aa:bb:cc:dd:ee >>> >>> >>> # journalctl -o cat -b -u NetworkManager >>> ... >>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: >>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 >>> arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver >>> mt7601u >>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: >>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> >>> mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE >>> driver mt7601u >>> NetworkManager[2125]: <debug> [[...]] platform: signal: link changed: >>> 5: wlp0s2f1u3 <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> >>> mtu 1500 arp 1 wifi? init addrgenmode eui64 addr 00:AA:BB:CC:DD:EE >>> driver mt7601u >>> >>> >>> # nmcli connection show WiFiRd | grep rand >>> 802-11-wireless.mac-address-randomization:default >>> >>> >>> # journalctl -o cat -b -u NetworkManager -f | grep -i rand >>> >>> NetworkManager[2125]: <debug> [[...]] CONFIG: wifi.mac-address- >>> randomization=2 >>> NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address- >>> randomization = 1 >>> NetworkManager[2125]: <debug> [[...]] ++ 802-11-wireless.mac-address- >>> randomization = 1 >>> ... >>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: >>> config: set MAC randomization to 1 >>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: >>> config: set MAC randomization to 1 >>> NetworkManager[2125]: <info> [[...]] sup-iface[[...],wlp0s2f1u3]: >>> config: set MAC randomization to 1 >> >> If you run the supplicant with debug logging, do you see messages like: >> >> nl80211: set_mac_addr for wlp0s2f1u3 to XXXXXXXXXX >> Using random MAC address XXXXXXXX >> >> or do you see any messages like: >> >> Failed to set random MAC address >> Could not update MAC address information >> >> ? >> >> Dan >> > > # journalctl -o short-monotonic -b -u wpa_supplicant | egrep -i mac\|rand > [ 38.736110] lnx wpa_supplicant[2422]: random: Trying to read entropy from > /dev/random > [ 38.738572] lnx wpa_supplicant[2422]: random: Got 20/20 bytes from > /dev/random > [ 174.447387] lnx wpa_supplicant[2422]: wlp0s2f1u3: Own MAC address: > 00:aa:bb:cc:dd:ee > [ 174.450838] lnx wpa_supplicant[2422]: wlp0s2f1u3: WPS: UUID based on MAC > address: [...] > [ 174.472250] lnx wpa_supplicant[2422]: wlp0s4f1u1: Own MAC address: > ee:dd:cc:bb:aa:00 > [ 174.483434] lnx wpa_supplicant[2422]: properties_get_or_set: > Set(PreassocMacAddr) > [ 174.483627] lnx wpa_supplicant[2422]: preassoc_mac_addr=1 > [ 174.902680] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to 5a:c2:ee:36:48:3f > [ 174.954705] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > 5a:c2:ee:36:48:3f > [ 174.966249] lnx wpa_supplicant[2422]: properties_get_or_set: > Set(PreassocMacAddr) > [ 174.966446] lnx wpa_supplicant[2422]: preassoc_mac_addr=1 > [ 175.380436] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to 9a:a5:7a:36:7d:33 > [ 175.614766] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > 9a:a5:7a:36:7d:33 > [ 178.006699] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected > random MAC address has not yet expired > [ 178.013728] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected > random MAC address has not yet expired > [ 201.018229] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected > random MAC address has not yet expired > [ 201.020298] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected > random MAC address has not yet expired > [ 234.022119] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected > random MAC address has not yet expired > [ 234.023105] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected > random MAC address has not yet expired > [ 277.432410] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to 4a:73:b1:79:04:f4 > [ 277.468792] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > 4a:73:b1:79:04:f4 > [ 277.890732] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to e2:0a:50:fb:3d:1d > [ 278.098748] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > e2:0a:50:fb:3d:1d > [ 330.120064] lnx wpa_supplicant[2422]: wlp0s2f1u3: Previously selected > random MAC address has not yet expired > [ 330.120976] lnx wpa_supplicant[2422]: wlp0s4f1u1: Previously selected > random MAC address has not yet expired > [ 393.426189] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to 06:d2:3a:84:9c:09 > [ 393.457738] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > 06:d2:3a:84:9c:09 > [ 393.881657] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to 46:fd:91:cc:a9:5e > [ 394.096735] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > 46:fd:91:cc:a9:5e > [ 456.452965] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to c2:cf:77:68:f2:f8 > [ 456.498794] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > c2:cf:77:68:f2:f8 > [ 456.911105] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to 12:16:f6:16:28:f2 > [ 457.143778] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > 12:16:f6:16:28:f2 > [ 519.441354] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to b2:23:e6:f5:ef:e0 > [ 519.475777] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > b2:23:e6:f5:ef:e0 > [ 519.899036] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to 4a:3b:9a:a9:0b:bb > [ 520.116736] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > 4a:3b:9a:a9:0b:bb > [ 582.464207] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to ae:16:d5:83:08:e0 > [ 582.489822] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > ae:16:d5:83:08:e0 > [ 582.918087] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to 66:6e:61:ab:c6:1d > [ 583.127823] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > 66:6e:61:ab:c6:1d > [ 645.443366] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s2f1u3 > to e6:e9:69:4a:91:d9 > [ 645.472711] lnx wpa_supplicant[2422]: wlp0s2f1u3: Using random MAC address > e6:e9:69:4a:91:d9 > [ 645.884186] lnx wpa_supplicant[2422]: nl80211: set_mac_addr for wlp0s4f1u1 > to de:98:b2:d0:65:5b > [ 646.108737] lnx wpa_supplicant[2422]: wlp0s4f1u1: Using random MAC address > de:98:b2:d0:65:5b > > > # systemctl status wpa_supplicant.service | grep sbin > └─2422 /usr/sbin/wpa_supplicant -c > /etc/wpa_supplicant/wpa_supplicant.conf -u -dd > > > # man 8 wpa_supplicant > ... > COMMAND LINE OPTIONS > ... > -u Enable DBus control interface. If enabled, interface definitions may > be omitted. > (This is only available if wpa_supplicant was built with the > CONFIG_DBUS option.) > > > Is CONFIG_DBUS option necessary in > https://pkgs.fedoraproject.org/cgit/rpms/wpa_supplicant.git/tree/build-config > ? >
OK this -CFLAG- is already included, Err, build-config hahh. > >>> >>> == Hotspot == >>> >>> # journalctl -o cat -b -u NetworkManager >>> ... >>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 >>> <UP,LOWER_UP;broadcast,multicast,up,lowerup> mtu 1500 arp 1 wifi? >>> init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb >>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 >>> <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 >>> wifi? init addrgenmode none addr EE:DD:CC:BB:AA:00 driver rt2800usb >>> <debug> [[...]] platform: signal: link changed: 3: wlp2s2f7u2 >>> <UP,LOWER_UP;broadcast,multicast,up,running,lowerup> mtu 1500 arp 1 >>> wifi? init addrgenmode eui64 addr EE:DD:CC:BB:AA:00 driver rt2800usb >>> >>> >>> # tcpdump -i wlp2s2f7u2 >>> ... >>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, >>> xid, Flags [Response], length 6: 01 00 >>> [...] EAPOL key (3) v2, len 95 >>> [...] EAPOL key (3) v1, len 117 >>> [...] EAPOL key (3) v2, len 199 >>> [...] EAPOL key (3) v1, len 95 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: >>> BOOTP/DHCP, Reply, length 300 >>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, >>> length 28 >>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), >>> length 28 >>> . >>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, >>> xid, Flags [Response], length 6: 01 00 >>> [...] EAPOL key (3) v2, len 95 >>> [...] EAPOL key (3) v1, len 117 >>> [...] EAPOL key (3) v2, len 199 >>> [...] EAPOL key (3) v1, len 95 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: >>> BOOTP/DHCP, Reply, length 300 >>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, >>> length 28 >>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), >>> length 28 >>> . >>> [...] 00:aa:bb:cc:dd:ee (oui Unknown) > Broadcast Null Unnumbered, >>> xid, Flags [Response], length 6: 01 00 >>> [...] EAPOL key (3) v2, len 95 >>> [...] EAPOL key (3) v1, len 117 >>> [...] EAPOL key (3) v2, len 199 >>> [...] EAPOL key (3) v1, len 95 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request >>> from 00:aa:bb:cc:dd:ee (oui Unknown), length 300 >>> [...] IP localhost.localdomain.bootps > 10.42.0.17.bootpc: >>> BOOTP/DHCP, Reply, length 300 >>> [...] ARP, Request who-has 10.42.0.17 tell localhost.localdomain, >>> length 28 >>> [...] ARP, Reply 10.42.0.17 is-at 00:aa:bb:cc:dd:ee (oui Unknown), >>> length 28 > _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list