[RFC PATCH] fix MAC address spoofing issues

Jirka Klimes jklimes at redhat.com
Tue Dec 14 04:36:48 EST 2010


On Saturday 20 of November 2010 00:49:47 Jouni Malinen wrote:
> On Fri, Nov 19, 2010 at 03:52:22PM -0600, Dan Williams wrote:
> > This patch is from Jirka Klimes, developed to fix various issues when
> > spoofing MAC addresses.  Does this approach look workable?  If you have
> > specific questions about the issues he encountered I'm sure he could
> > elaborate.  But part of the problem was that if the MAC address gets
> > changed without removing and re-adding the interface to the supplicant,
> > it gets some upper-layer stuff wrong.  But removing and re-adding is a
> > pretty heavy operation that we don't want to do often.  In a more
> > dynamic environment you may want to spoof a MAC on one wifi network but
> > not on another, and in that case a managed like NM just switches the MAC
> > address of the interface (while the interface is in the disconnected
> > state) and then tells the supplicant to connect.
> 
> What makes association so special? Shouldn't this update be done when
> the MAC address is changed or when the interface goes up and not when
> the next association request may be triggered? There is already a driver
> event (EVENT_INTERFACE_ENABLED) which will be indicated when the
> interface comes back up. Wouldn't that be able to provide an indication
> of the changed MAC address, too?
> 
> Are you really changing the address so frequently, that removing and
> re-adding the interface would bring in noticeable problems? Is this for
> privacy purposes or what is the need for these MAC address changes?

As Dan said we need to have up-to-date MAC and we use that for the MAC spoofing 
feature. The user can define several network profiles with different MACs and 
switch between them quite often as he connects to different APs. I also saw 
many use cases where people changes interface MAC manually in a script (before 
we implemented the feature in NM).
Removing and re-adding the interface seems too heavy for me. Moreover I think 
it's a good feature that wpa_supplicant updates the MAC and thus it is in sync 
with the current state of the interface.
I admit that  I don't much understand wpa_supplicant internals, but the patch 
works well for me and doesn't cause any troubles.

Jirka


More information about the HostAP mailing list