Page MenuHomeFreeBSD

Adding randomized MAC address option on ifconfig.
AbandonedPublic

Authored by araujo on Aug 23 2016, 2:28 PM.
Tags
None
Referenced Files
F103015810: D7615.id.diff
Tue, Nov 19, 8:48 PM
Unknown Object (File)
Tue, Nov 5, 9:52 AM
Unknown Object (File)
Oct 9 2024, 10:29 AM
Unknown Object (File)
Oct 7 2024, 7:57 AM
Unknown Object (File)
Oct 7 2024, 7:56 AM
Unknown Object (File)
Oct 7 2024, 7:56 AM
Unknown Object (File)
Oct 7 2024, 7:56 AM
Unknown Object (File)
Oct 7 2024, 7:55 AM

Details

Reviewers
jhb
wblock
gnn
Group Reviewers
manpages
Summary

Add a "random" option that combined with "ether" can generate a random MAC address for a Ethernet interface.

Also update ifconfig(8) manpage and fix few typos.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211984
Original patch: https://gist.github.com/t6

Test Plan

ifconfig tap0 create
ifconfig tap0 ether 01:01:01:01:01:01
ifconfig tap0
ifconfig tap0 ether random
ifconfig tap0

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 5000
Build 5067: arc lint + arc unit

Event Timeline

araujo retitled this revision from to Adding randomized MAC address option on ifconfig..
araujo updated this object.
araujo edited the test plan for this revision. (Show Details)
araujo added reviewers: gnn, jhb.
gnn requested changes to this revision.Aug 23 2016, 7:24 PM
gnn edited edge metadata.

I am somewhat confused. I don't see anything about random addresses in the RFC mentioned in the followup.

This revision now requires changes to proceed.Aug 23 2016, 7:24 PM

The patch adds a option random, which creates random MAC addresses for an ethernet interface. The problem: What happens if a random MAC is selected which has some meaning for multicast etc ? To avoid that, the option needs to
make sure it does not generate one of those 'special' MACs.

This is why araujo is researching which MAC ranges are reserved for special use cases.

I guess my other fear is that the address might overlap an existing allocation. What is the use case for random MACs?

Yes, duplicate MACs might happen.

Privacy, or 'secrecy' or 'OpSec' is the use-case. Now, what was my personal domainname again 8-} ?

For the 'duplicate-MAC' case, that issue should be mentioned in the man-page.

But the feature itself is valid, given the appreciation of values.

In D7615#158300, @gnn wrote:

I guess my other fear is that the address might overlap an existing allocation. What is the use case for random MACs?

Duplicates are fairly unlikely, right? We have 48 bits; so the odds of a collision is something like 2^-24.

lidl added inline comments.
sbin/ifconfig/af_link.c
100

I think this should really be clearing the lowest bit of the first octet to clean the multicast bit, and then setting on the second lowest bit of the first octet, to indicate that this is a locally administered MAC address.

I think the possibility of duplicates should just be documented. I'd lean towards not having the code automatically retry if the randomly generated MAC collides with an existing interface on the machine, but others might favor the automatic retry. OTOH, it's actually ok if different interfaces on the same machine have the same MAC so long as they aren't on the same subnet. (Recall that Sun used to ship sparc boxes that used the same MAC on both ports of dual-port NICs on the assumption that you would only use two ports if you were bridging two different LANs).

wblock added inline comments.
sbin/ifconfig/ifconfig.8
148

Needs a comma for the pause after "address", but we can rearrange to avoid that pause:

Use the
.Pq Dq random
keyword to set a randomly generated MAC address.

And then the warnings should be mentioned:

The odds of a random MAC address suffering an inelastic collision with an existing MAC address are low.
Do not use with roller skates.
Possible side effects include giddiness, nausea, and thinking that XML is a good idea.
araujo edited edge metadata.

Address the update on ifconfig(8) about the possibility to have
duplicate mac address.

rpokala added inline comments.
sbin/ifconfig/ifconfig.8
151

s/but//

araujo edited edge metadata.

Remove s/but// suggested by rpokala@.

sbin/ifconfig/ifconfig.8
152
A randomly-generated MAC address might be the same as
one already in use in the network.  Such duplications are
extremely unlikely.
araujo edited edge metadata.

Address @wblock suggestion.

sbin/ifconfig/ifconfig.8
152

Please start new sentences on new lines.

Also, typo: s/ducplications/duplications/

araujo edited edge metadata.

Fix typo and start sentence in new line.
Spotted by @wblock.

wblock added a reviewer: wblock.

Committed already!

Thanks!