Feature request: use random MAC addresses when scanning

Eric Branson esbranson
Sun Jun 8 15:22:16 PDT 2014


On Sun, Jun 8, 2014 at 3:27 PM, Jouni Malinen <j at w1.fi> wrote:
> On Sun, Jun 08, 2014 at 02:53:12PM -0600, Eric Branson wrote:
>> I have a humble feature request: the option, preferably enabled by
>> default, to use random, locally administered MAC addresses when
>> sending probe and GAS frames etc. used in scanning and associated
>> station interrogation functions.
>
> [snip]
>
> I did plan on implementing this quite some time ago, but it turned out
> to be far from trivial with the current cfg80211 design and number of
> constraints from various corner cases. It could be relatively
> straightforward to handle this for the case of scanning and GAS in
> unconnected state (even without kernel changes), but it gets much more
> complex when taking into account associated state. It should still be
> doable with most drivers at least with some constraints, but it does
> require someone to go through the effort of adding support for this in
> cfg80211 (and mac80211/drivers for operations while associated) to allow
> more complete implementation.

Sorry, I should have been more precise in my words. I did not mean
"associated" as in a STA associated with an AP, but just those
functions "related" to scanning. A particularly poor choice of words
on my part, I must say.

With that said, do you think using random MAC addresses with
unconnected, non-associated scanning functions is doable in
wpa_supplicant without the aforementioned API changes? Is that what
iOS 8 does, do you know? Wouldn't that prevent the real (universal)
MAC address from being logged by every AP and wardriver in town as you
traveled around? That's my real feature request.

Using randomized MAC addresses in association states would be ...
complicated, I agree. Actually, if that's what we're talking about, I
would think just changing the MAC address on the interface with
IFLA_ADDRESS or whatever would suffice, no? Is there a use case where
one might want to keep the real address on the interface but
nevertheless use random addresses in associations? I don't think
cfg80211/mac80211 API changes would be an easy sell, and, in any
event, I don't think I'm the man to advocate for them. :(

--
Eric



More information about the Hostap mailing list