Re: NL80211_SCAN_FLAG_RANDOM_ADDR ?

[Denis Kenzior <denkenz@gmail.com>]

Hi Sergey,

On 04/12/2019 04:26 AM, Sergey Matyukevich wrote:
>> I've been poking around at how this flag is used and I noticed this
>> check in net/wireless/nl80211.c:
>>
>> nl80211_check_scan_flags()
>>
>>          if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
>>                  int err;
>>
>>                  if (!(wiphy->features & randomness_flag) ||
>>                      (wdev && wdev->current_bss))
>>                          return -EOPNOTSUPP;
>>
>>
>> The above disallows the use of RANDOM_ADDR for scans while connected.
>> The nl80211.h uapi header seems to concur:
>>
>>   "@NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR: This device/driver supports
>> using a random MAC address during scan (if the device is unassociated);"
>>
>> However, if I create a P2P Device (in addition to the default STA
>> device), the kernel happily lets me scan on the wdev while the STA
>> interface is connected.
>>
>> sudo iw phy0 interface add p2p type __p2pdev
>> sudo iw wdev 0x2 p2p start
>> sudo iw wdev 0x2 scan randomize
>>
>> So the immediate question I have is, should the RANDOM_ADDR flag indeed
>> be limited to unassociated STA interfaces?  It would seem the hardware
>> is capable randomizing even when connected? Please educate me :)
> 
> Hello Denis,
> 
> IIUC, this feature could be introduced to support Android Compatibility
> Definition Document (CDD). Those documents are available at the
> following page: https://source.android.com/compatibility/cdd

Thanks for the reference.  It looks like a 'At a minimum you should/must 
do this' type of document.  It doesn't look like it precludes the use of 
randomization when connected?

> 
> For instance, in the latest CDD randomized scan requirements are described
> in the section 7.4.2. It looks like current high level nl80211 API follows
> those recommendations. Probably it has been implemented with STA use-case
> in mind, that is why you can use that flag for P2P connection. But, as
> Ben pointed out, actual application of this flag may depend on
> implementation in firwmare and hardware.
> 

Sure, understood.  But this is exactly the point of my question.  Is the 
check at the global level correct?  Or should it be relaxed in case 
there is hardware out there that can randomize probe requests while 
connected?  From my test it would seem this is possible?

Or put another way, besides hardware limitations, are there reasons why 
you would not want to randomize probe request address when connected?

Regards,
-Denis