On Fri, 2018-06-29 at 15:48 -0500, Jim Campbell wrote: > Hi All, > > I was looking through the options regarding MAC Address > randomization, and have a question about them. A member of my team > wanted to know if it would be possible to do a sort of combo between > the "stable" and the "random" options. > > As a refresher, here is my understanding of these two particular > options: > > 1) The "stable" option - give one MAC address to My_Neat_Wifi_AP_Name > (which would remain stable, but would be unique), and give another > unique address to each other Wifi AP. The MAC address would remain > stable for each of those AP's, but they would be unique between each > other. > > or > > 2) The "random" option - Give a random MAC address to > My_Neat_Wifi_AP_Name and to every other Wifi AP (each connection > would always use a random MAC address every time the system connected > to an AP). > > What my coworker inquired about is a mix between 1 (stable for > My_Neat_Wifi_AP_Name ) and 2 (random for every other AP). > > I don't think this is currently possible (and may not be feasible / > practical in the future), but I thought I would inquire about it just > to be sure. > > Thanks very much for all of your work.
Hi,
I think that should be easily possible.
In general, NetworkManager is profile oriented. So, you anyway reqire a
profile for each SSID, as you see them with `nmcli connection`.
The configuration option in question (wifi.cloned-mac-address) is part
of the profile, you could just configure most profiles with a value
"random", except one having "stable". For example with something like:
for UUID in $(nmcli -g UUID connection); do nmcli connection modify uuid
"$UUID" wifi.cloned-mac-address $WHATEVER ; done
Alternativley, various profile settings support to have their default
value defined in NetworkManager.conf. See "CONNECTION SECTION" in `man
NetworkManager.conf`. As such, you could instead leave "wifi.cloned-
mac-address" setting of most profiles at their default/unset value.
This makes the setting elegible to fallback to the default from
NetworkManager.conf. Only at a selected few you'd configure an explicit
value.
It result is very similar, whether you explicitly configure "random" in
the profile, or whether you allow it to fall back to a default-value
"random" from NetworkManager.conf.
Also, I personally prefer to leave cloned-mac-address always unset (in
the profile), and set their default to "stable". But then instead I
tweak the stable-id to either "${RANDOM}" or "some value". The stable-
id itself can be dynamic, via certain special values ("${RANDOM}",
"${BOOT}", "${CONNECTION}", which also can be combined, like
"${CONNECTION}${BOOT}" -- which is actually the only combination that
makes sense).
See connection.stable-id in `man nm-settings` [1].
Actually, I use [2] snippet, with most profiles neither specifying
stable-id nor cloned-mac-address (thus, falling back to "stable" and a
"${RANDOM}" stable-id). And then, for a selected few profiles, I set a
more suitable stable-id.
[1] https://developer.gnome.org/NetworkManager/stable/nm-settings.html
[2]
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/nm-conf.d/30-anon.conf?id=b26efa5b680b45a1e6e8fcfb2f9ea996d8e28706
best,
Thomas
>
> Kind regards,
>
> Jim
>
> P.S. Thanks for this well-written blog-post! https://blogs.gnome.org
> /thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
> _______________________________________________
> networkmanager-list mailing list
> [email protected]
> https://mail.gnome.org/mailman/listinfo/networkmanager-list
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
