From f9dcad24e4db2fc19d883ae0bf85bcd53d2d7a05 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 22 Sep 2015 15:33:12 +0200 Subject: [PATCH 112/325] Attempt to fix MAC address randomization after r287197 Obtained from: ElectroBSD --- etc/Makefile | 1 + etc/mac-randomization.subr | 76 ++++++++++++++++++++++++++++++++++++++ libexec/rc/rc.d/netif | 3 ++ libexec/rc/rc.d/rether | 35 ++++-------------- 4 files changed, 87 insertions(+), 28 deletions(-) create mode 100755 etc/mac-randomization.subr diff --git a/etc/Makefile b/etc/Makefile index f33b026349ac..f485728b7967 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -15,6 +15,7 @@ SUBDIR+=sendmail BIN1= \ group \ login.access \ + mac-randomization.subr \ rc.bsdextended \ rc.firewall \ termcap.small diff --git a/etc/mac-randomization.subr b/etc/mac-randomization.subr new file mode 100755 index 000000000000..d486bf454591 --- /dev/null +++ b/etc/mac-randomization.subr @@ -0,0 +1,76 @@ +#!/bin/sh +# +########################################################################### +# +# Sub routines to randomizes MAC addresses after r287197 (WIP!) +# +# Add the following line to /etc/rc.conf to randomize the MAC +# address for all recognized network interfaces that got one +# at startup: +# +# rether_enable="YES" +# +# You can specify the interfaces manually like this: +# +# rether_interfaces="bge0 iwn0" +# +# Rether requires an ifconfig version that understands "ether random". +# +########################################################################### +# +# Copyright (c) 2014 Fabian Keil +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ALL YOUR +# DATA IS BELONG TO THE SOFTWARE AND MAY BE EATEN BY IT. IF THAT IS NOT +# ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE. +########################################################################### + +rether_enable="${rether_enable-NO}" + +get_ethernet_interfaces() { + ifconfig -l ether +} + +get_ethernet_address() { + local interface="${1}" + + ifconfig "${interface}" ether | awk '/ether/ {print $2}' +} + +randomize_mac_addresses() { + local \ + interface \ + ethernet_address + + if [ "${rether_enable}" = "NO" ]; then + echo "Not randomizing any MAC addresses!" + return 0 + fi + + if [ -z "${rether_interfaces}" ]; then + rether_interfaces="$(get_ethernet_interfaces)" + fi + + echo "Randomizing MAC addresses for: ${rether_interfaces}" + + for interface in $rether_interfaces; + do + ethernet_address="$(get_ethernet_address "${interface}")" + + ifconfig "${interface}" ether random + + if [ "${ethernet_address}" = "$(get_ethernet_address "${interface}")" ]; then + echo "Failed to randomize MAC address for ${interface}: ${ethernet_address}" + fi + done +} diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif index eb1efc4d6274..ff6962a1198e 100755 --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -32,6 +32,7 @@ . /etc/rc.subr . /etc/network.subr +. /etc/mac-randomization.subr name="netif" desc="Network interface setup" @@ -74,6 +75,8 @@ netif_start() # Create cloned interfaces clone_up $cmdifn + randomize_mac_addresses + # Rename interfaces. ifnet_rename $cmdifn diff --git a/libexec/rc/rc.d/rether b/libexec/rc/rc.d/rether index 51e860353458..d486bf454591 100755 --- a/libexec/rc/rc.d/rether +++ b/libexec/rc/rc.d/rether @@ -2,7 +2,7 @@ # ########################################################################### # -# rether - Randomizes MAC addresses +# Sub routines to randomizes MAC addresses after r287197 (WIP!) # # Add the following line to /etc/rc.conf to randomize the MAC # address for all recognized network interfaces that got one @@ -14,16 +14,6 @@ # # rether_interfaces="bge0 iwn0" # -# By default rether runs before netif so cloned devices aren't -# expected to exist yet. In case of wlan clones the MAC address -# of the parent is inherited so as long as it's randomized the -# clone should be fine too. -# -# Note that MAC address mismatches between clone and parent may -# prevent the clone from working as expected. If you intend to -# run this script after the system is up, you may want to -# explicitly set rether_interfaces to skip clones. -# # Rether requires an ifconfig version that understands "ether random". # ########################################################################### @@ -45,21 +35,8 @@ # ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE. ########################################################################### -# PROVIDE: rether -# REQUIRE: FILESYSTEMS -# BEFORE: netif - -. /etc/rc.subr - -name="rether" -rcvar="rether_enable" - rether_enable="${rether_enable-NO}" -start_cmd="rether_start" -stop_cmd=":" - -# For the reason given above, it may make sense to skip cloned devices. get_ethernet_interfaces() { ifconfig -l ether } @@ -70,11 +47,16 @@ get_ethernet_address() { ifconfig "${interface}" ether | awk '/ether/ {print $2}' } -rether_start() { +randomize_mac_addresses() { local \ interface \ ethernet_address + if [ "${rether_enable}" = "NO" ]; then + echo "Not randomizing any MAC addresses!" + return 0 + fi + if [ -z "${rether_interfaces}" ]; then rether_interfaces="$(get_ethernet_interfaces)" fi @@ -92,6 +74,3 @@ rether_start() { fi done } - -load_rc_config "${name}" -run_rc_command "${1}" -- 2.32.0