From d9391cfeef5be99ea607f1b7b319e9c4c6ee77fb Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Wed, 4 Mar 2015 14:22:43 +0100
Subject: [PATCH 309/310] Allow to randomize MAC addresses at boot time through
 /etc/rc.conf

Obtained from: ElectroBSD
---
 libexec/rc/Makefile               |  2 +-
 libexec/rc/mac-randomization.subr | 76 +++++++++++++++++++++++++++++++
 libexec/rc/rc.d/Makefile          |  1 +
 libexec/rc/rc.d/netif             |  3 ++
 libexec/rc/rc.d/rether            | 76 +++++++++++++++++++++++++++++++
 5 files changed, 157 insertions(+), 1 deletion(-)
 create mode 100755 libexec/rc/mac-randomization.subr
 create mode 100755 libexec/rc/rc.d/rether

diff --git a/libexec/rc/Makefile b/libexec/rc/Makefile
index 974eb8661182..7dd004896a23 100644
--- a/libexec/rc/Makefile
+++ b/libexec/rc/Makefile
@@ -4,7 +4,7 @@
 
 CONFGROUPS=	CONFETC CONFETCEXEC CONFETCDEFAULTS
 CONFETCDIR=	/etc
-CONFETC=	network.subr rc rc.initdiskless rc.subr rc.shutdown rc.bsdextended
+CONFETC=	network.subr mac-randomization.subr rc rc.initdiskless rc.subr rc.shutdown rc.bsdextended
 CONFETCPACKAGE=	rc
 
 .if ${MK_IPFW} != "no"
diff --git a/libexec/rc/mac-randomization.subr b/libexec/rc/mac-randomization.subr
new file mode 100755
index 000000000000..d486bf454591
--- /dev/null
+++ b/libexec/rc/mac-randomization.subr
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+###########################################################################
+#
+# Sub routines to randomizes MAC addresses after r287197 (WIP!)
+#
+# Add the following line to /etc/rc.conf to randomize the MAC
+# address for all recognized network interfaces that got one
+# at startup:
+#
+# rether_enable="YES"
+#
+# You can specify the interfaces manually like this:
+#
+# rether_interfaces="bge0 iwn0"
+#
+# Rether requires an ifconfig version that understands "ether random".
+#
+###########################################################################
+#
+# Copyright (c) 2014 Fabian Keil <fk@fabiankeil.de>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ALL YOUR
+# DATA IS BELONG TO THE SOFTWARE AND MAY BE EATEN BY IT. IF THAT IS NOT
+# ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE.
+###########################################################################
+
+rether_enable="${rether_enable-NO}"
+
+get_ethernet_interfaces() {
+    ifconfig -l ether
+}
+
+get_ethernet_address() {
+    local interface="${1}"
+
+    ifconfig "${interface}" ether | awk '/ether/ {print $2}'
+}
+
+randomize_mac_addresses() {
+    local \
+        interface \
+        ethernet_address
+
+    if [ "${rether_enable}" = "NO" ]; then
+        echo "Not randomizing any MAC addresses!"
+        return 0
+    fi
+
+    if [ -z "${rether_interfaces}" ]; then
+        rether_interfaces="$(get_ethernet_interfaces)"
+    fi
+
+    echo "Randomizing MAC addresses for: ${rether_interfaces}"
+
+    for interface in $rether_interfaces;
+    do
+        ethernet_address="$(get_ethernet_address "${interface}")"
+
+        ifconfig "${interface}" ether random
+
+        if [ "${ethernet_address}" = "$(get_ethernet_address "${interface}")" ]; then
+            echo "Failed to randomize MAC address for ${interface}: ${ethernet_address}"
+        fi
+    done
+}
diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile
index a9959e7e5534..694e904df8ab 100644
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@ -82,6 +82,7 @@ CONFS=	DAEMON \
 	rarpd \
 	rctl \
 	resolv \
+	rether \
 	root \
 	route6d \
 	routing \
diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif
index b0d405b8cd45..bf7bfcee1353 100755
--- a/libexec/rc/rc.d/netif
+++ b/libexec/rc/rc.d/netif
@@ -32,6 +32,7 @@
 
 . /etc/rc.subr
 . /etc/network.subr
+. /etc/mac-randomization.subr
 
 name="netif"
 desc="Network interface setup"
@@ -74,6 +75,8 @@ netif_start()
 	# Create cloned interfaces
 	clone_up $cmdifn
 
+	randomize_mac_addresses
+
 	# Rename interfaces.
 	ifnet_rename $cmdifn
 
diff --git a/libexec/rc/rc.d/rether b/libexec/rc/rc.d/rether
new file mode 100755
index 000000000000..d486bf454591
--- /dev/null
+++ b/libexec/rc/rc.d/rether
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+###########################################################################
+#
+# Sub routines to randomizes MAC addresses after r287197 (WIP!)
+#
+# Add the following line to /etc/rc.conf to randomize the MAC
+# address for all recognized network interfaces that got one
+# at startup:
+#
+# rether_enable="YES"
+#
+# You can specify the interfaces manually like this:
+#
+# rether_interfaces="bge0 iwn0"
+#
+# Rether requires an ifconfig version that understands "ether random".
+#
+###########################################################################
+#
+# Copyright (c) 2014 Fabian Keil <fk@fabiankeil.de>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ALL YOUR
+# DATA IS BELONG TO THE SOFTWARE AND MAY BE EATEN BY IT. IF THAT IS NOT
+# ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE.
+###########################################################################
+
+rether_enable="${rether_enable-NO}"
+
+get_ethernet_interfaces() {
+    ifconfig -l ether
+}
+
+get_ethernet_address() {
+    local interface="${1}"
+
+    ifconfig "${interface}" ether | awk '/ether/ {print $2}'
+}
+
+randomize_mac_addresses() {
+    local \
+        interface \
+        ethernet_address
+
+    if [ "${rether_enable}" = "NO" ]; then
+        echo "Not randomizing any MAC addresses!"
+        return 0
+    fi
+
+    if [ -z "${rether_interfaces}" ]; then
+        rether_interfaces="$(get_ethernet_interfaces)"
+    fi
+
+    echo "Randomizing MAC addresses for: ${rether_interfaces}"
+
+    for interface in $rether_interfaces;
+    do
+        ethernet_address="$(get_ethernet_address "${interface}")"
+
+        ifconfig "${interface}" ether random
+
+        if [ "${ethernet_address}" = "$(get_ethernet_address "${interface}")" ]; then
+            echo "Failed to randomize MAC address for ${interface}: ${ethernet_address}"
+        fi
+    done
+}
-- 
2.37.1