From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Denis Kenzior <denkenz@gmail.com>, iwd@lists.linux.dev
Subject: Re: Wrong source MAC for DHCP requests with AddressRandomization=network
Date: Fri, 24 Nov 2023 17:53:03 +0100 [thread overview]
Message-ID: <87plzzhz4g.fsf@toke.dk> (raw)
In-Reply-To: <0d1aaf1b-09b3-48c9-82ed-fa3a46cc56b2@gmail.com>
Denis Kenzior <denkenz@gmail.com> writes:
> Hi Toke,
>
> On 11/24/23 05:58, Toke Høiland-Jørgensen wrote:
>> Hi
>>
>> When setting AddressRandomization=network in main.conf, I am unable to
>> connect to networks because I don't get a DHCP reply after the L2
>> connection.
>>
>> Looking at a packet dump, it seems the DHCP request uses the wrong
>> source MAC in the request:
>>
>
> Can you try the following patch on the ell mailing list? Here's the patchwork
> link in case you're not subscribed:
> https://patchwork.kernel.org/project/ell/patch/20231124161740.1243946-1-denkenz@gmail.com/
Yup, that resolves the issue so that I can connect. However, this is the
DHCP packets I see when moving between two networks (back and forth):
17:49:59.040639 1e:aa:ca:6d:0d:e0 > 92:0a:9a:27:ca:65, ethertype IPv4 (0x0800), length 342: 10.42.3.52.68 > 10.42.3.33.67: BOOTP/DHCP, Request from 1e:aa:ca:6d:0d:e0, length 300
17:49:59.392682 ba:06:75:75:30:90 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from ba:06:75:75:30:90, length 300
17:49:59.396012 e6:49:86:36:22:bf > ba:06:75:75:30:90, ethertype IPv4 (0x0800), length 335: 10.42.3.97.67 > 10.42.3.102.68: BOOTP/DHCP, Reply, length 293
17:49:59.396167 ba:06:75:75:30:90 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from ba:06:75:75:30:90, length 300
17:49:59.397811 e6:49:86:36:22:bf > ba:06:75:75:30:90, ethertype IPv4 (0x0800), length 335: 10.42.3.97.67 > 10.42.3.102.68: BOOTP/DHCP, Reply, length 293
17:50:03.306455 ba:06:75:75:30:90 > e6:49:86:36:22:bf, ethertype IPv4 (0x0800), length 342: 10.42.3.102.68 > 10.42.3.97.67: BOOTP/DHCP, Request from ba:06:75:75:30:90, length 300
17:50:03.614293 1e:aa:ca:6d:0d:e0 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 1e:aa:ca:6d:0d:e0, length 300
17:50:03.619009 92:0a:9a:27:ca:65 > 1e:aa:ca:6d:0d:e0, ethertype IPv4 (0x0800), length 359: 10.42.3.33.67 > 10.42.3.52.68: BOOTP/DHCP, Reply, length 317
17:50:03.619085 1e:aa:ca:6d:0d:e0 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 1e:aa:ca:6d:0d:e0, length 300
17:50:03.620141 92:0a:9a:27:ca:65 > 1e:aa:ca:6d:0d:e0, ethertype IPv4 (0x0800), length 359: 10.42.3.33.67 > 10.42.3.52.68: BOOTP/DHCP, Reply, length 317
As you can see, in each case, there's an initial unicast request that
contains the old MAC and IP. Which seems to be a bit counter productive
if this is supposed to be a privacy feature that doesn't leak addresses
across networks? :)
-Toke
next prev parent reply other threads:[~2023-11-24 16:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 11:58 Wrong source MAC for DHCP requests with AddressRandomization=network Toke Høiland-Jørgensen
2023-11-24 16:23 ` Denis Kenzior
2023-11-24 16:53 ` Toke Høiland-Jørgensen [this message]
2023-11-24 17:09 ` Denis Kenzior
2023-11-24 17:51 ` Toke Høiland-Jørgensen
2023-11-24 19:21 ` Rhys Perry
2023-11-25 23:30 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87plzzhz4g.fsf@toke.dk \
--to=toke@toke.dk \
--cc=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.