macchange all the interfaces

Question

macchange all the interfaces

grugq opened this issue 11 years ago · comments

thaddeus t. grugq commented 11 years ago

not very useful, but...

set macchange to run at init and change the MAC of all the interfaces on the system.

Walter Stanish · Answer 1 · Thu Nov 28 2013 10:11:15 GMT+0800 (China Standard Time)

not healthy for all interfaces. eg. if bonding driver is in use, this may break things.

sample output:

enp3s0
hwsim0
wlan0
wlan1

this rejects bond*, vmnet*, etc.

thaddeus t. grugq · Answer 2 · Fri Nov 29 2013 03:34:24 GMT+0800 (China Standard Time)

Ok, so that might not be a good approach.

How about if there is something like:
/etc/conf/macchanger file with a configuration for the macchanger init script, in particular a list of interfaces to change.

Then a systemd file that will only macchange those interfaces? Allows the user more control, and we can pre-populate it at install time w/ using your cmd.

Walter Stanish · Answer 3 · Fri Nov 29 2013 03:41:59 GMT+0800 (China Standard Time)

/etc/conf/kathoey

thaddeus t. grugq · Answer 4 · Fri Dec 27 2013 01:35:31 GMT+0800 (China Standard Time)

This has not been particularly successful. I have not been able to get systemd to change a single MAC. I am quite annoyed at it, actually. Once the interface is up and associating it won't macchange, but I can't figure out how to get a script to run after ifconfig up but before, e.g. wpa_supplicant takes over.

fucking annoying. It would be easier on a Debian based system, but then the size of the base image goes up to something stupid, like 2G.

Walter Stanish · Answer 5 · Fri Dec 27 2013 06:53:45 GMT+0800 (China Standard Time)

https://en.wikipedia.org/wiki/OpenRC might be worth trying, which is Gentoo/Funtoo's native RC system and also works on NetBSD/FreeBSD. It has a very flexible networking system, recently rewritten.

Actually Gentoo makes a lot of sense in general if you are worried about absolute-latest packages, and care about output size (eg. if you want to use specific FS types, maintain feature control within each package, etc.) ... you just use it to make life easy building a small binary distribution, and leave out the Gentoo 'portage' package management/python runtime stuff in the finished system.

IIRC in response to multiple whinges including mine they are currently implementing a system to enable automated end to end crypto on base system images ... https://bugs.gentoo.org/show_bug.cgi?id=453620 .. and looking for input @ #gentoo-keys on freenode ... keys @ http://api.gentoo.org/gentoo-keys/seeds/release.seeds

So automated building of a sub-distro to binary form with full control of package features and cryptographically verified sources should be easy...

thaddeus t. grugq · Answer 6 · Fri Dec 27 2013 13:12:35 GMT+0800 (China Standard Time)

yeah, this is not going to happen: http://dustinhatch.tumblr.com/post/38118003177/minimalist-gentoo-for-the-raspberry-pi

I do this in my spare time. If there was a commercial version that paid for itself, then I would be able to invest the time into that. I think it is a great idea. I just don't have the time to do it. Maybe one of those liberty tech grants would cover paying for it.

Dewayne Hicks · Answer 7 · Sun Feb 16 2014 16:49:05 GMT+0800 (China Standard Time)

I got this working for the following configurations:

(wlan0, inet) & (eth0, intranet)
(eth0, inet) & (eth1, intranet)

Haven't setup AP yet but on my list to test next.

I started by looking at the order that systemd loads services (all the main ones point to multi-user.target or network.target).

Order of loading.

network.service & dhcpcd.service [Wants=network.target, Before=network.target]
network.target
ntpd.service & dnsmasq.service [After=network.target]
ntp-wait.service
tor.service

Two problems arose:

dhcpcd tries to allocate an IP to the intranet facing interface which is already getting a static IP.
Adding two MAC changing ExecStart lines (ExecStart=ip link set dev address XX:XX:XX:XX:XX:XX) to network.service before bringing the intranet device up was denied. This happened when dhcpcd was trying to configure the interface already due to systemd parallelism or because the MAC address was invalid (E.g., 11:11:11:11:11:6c)

Fixed this in two steps:

added denyinterfaces to /etc/dhcpcd.conf (E.g., denyinterfaces eth0 for configuration 1 above)
Changed dhcpcd.service to start after network.service finished
Wants=network.service
After=network.service

It is easy to generate a permanent MAC address when running build.sh and store the configurations in /etc/conf.d/network as intraMAC= and interMAC= with intraIface= and interIface=.

thaddeus t. grugq · Answer 8 · Sat Mar 01 2014 20:10:26 GMT+0800 (China Standard Time)

sorry, git issues really isn't the best way to contact me. email before next time so i have some forewarning: thegrugq@gmail.com :)

thaddeus t. grugq · Answer 9 · Sat Mar 01 2014 20:11:34 GMT+0800 (China Standard Time)

I don't see a pull request for the updated scripts... can you open one please?

ad90df8e708e8fa8153e56a059 · Answer 10 · Sat Apr 02 2016 20:25:10 GMT+0800 (China Standard Time)

If you set the flag MACAddressPolicy=random in your /etc/systemd/network/iface.linkfile, systemd will randomize the mac when it starts the interface. Probably the cleanest way to do this unless you don't want to use systemd to define your interfaces.

(One of the few instances where the systemd feature creep isn't so horrible.)

Example: /etc/systemd/network/eth0.link

[Match]
Name = eth0

[Link]
MACAddressPolicy = random

https://wiki.archlinux.org/index.php/systemd-networkd#.5BLink.5D_section