[RFC PATCH] fix MAC address spoofing issues

[Jouni Malinen]

On Fri, Nov 19, 2010 at 03:52:22PM -0600, Dan Williams wrote:
> This patch is from Jirka Klimes, developed to fix various issues when
> spoofing MAC addresses.  Does this approach look workable?  If you have
> specific questions about the issues he encountered I'm sure he could
> elaborate.  But part of the problem was that if the MAC address gets
> changed without removing and re-adding the interface to the supplicant,
> it gets some upper-layer stuff wrong.  But removing and re-adding is a
> pretty heavy operation that we don't want to do often.  In a more
> dynamic environment you may want to spoof a MAC on one wifi network but
> not on another, and in that case a managed like NM just switches the MAC
> address of the interface (while the interface is in the disconnected
> state) and then tells the supplicant to connect.

What makes association so special? Shouldn't this update be done when
the MAC address is changed or when the interface goes up and not when
the next association request may be triggered? There is already a driver
event (EVENT_INTERFACE_ENABLED) which will be indicated when the
interface comes back up. Wouldn't that be able to provide an indication
of the changed MAC address, too?

Are you really changing the address so frequently, that removing and
re-adding the interface would bring in noticeable problems? Is this for
privacy purposes or what is the need for these MAC address changes?

-- 
Jouni Malinen                                            PGP id EFC895FA