[opensuse-arm] MAC address on Raspberry PI 3
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2 It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address? -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Am 02.03.2017 um 08:19 schrieb Roger Oberholtzer:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I noticed a similar DHCP issue on RPi2 with Tumbleweed recently - so far no one knew why. U-Boot should pass the MAC address to the kernel in the device tree so that this doesn't happen - TW and Leap should be using different U-Boot versions, so that hints at a kernel regression. Regards, Andreas -- SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Thu, Mar 2, 2017 at 12:11 PM, Andreas Färber <afaerber@suse.de> wrote:
Am 02.03.2017 um 08:19 schrieb Roger Oberholtzer:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I noticed a similar DHCP issue on RPi2 with Tumbleweed recently - so far no one knew why. U-Boot should pass the MAC address to the kernel in the device tree so that this doesn't happen - TW and Leap should be using different U-Boot versions, so that hints at a kernel regression.
I changed the Raspberry to use a static address. Now I can access it over the network. I'm not sure how to proceed to get back using an address if gets via dhcp. The kernel command line is: BOOT_IMAGE=/boot/Image-4.9.6-1-default root=UUID=7c83a65d-25cb-4a95-a693-349caca50955 root=/dev/disk/by-id/mmc-SU32G_0x815062d3-part2 disk=/dev/disk/by-id/mmc-SU32G_0x815062d3 resume=/dev/disk/by-id/mmc-SU32G_0x815062d3-part3 quiet splash=silent plymouth.enable=0 console=ttyS0,115200n8 quiet -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Op donderdag 2 maart 2017 14:59:16 CET schreef Roger Oberholtzer:
On Thu, Mar 2, 2017 at 12:11 PM, Andreas Färber <afaerber@suse.de> wrote:
Am 02.03.2017 um 08:19 schrieb Roger Oberholtzer:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I noticed a similar DHCP issue on RPi2 with Tumbleweed recently - so far no one knew why. U-Boot should pass the MAC address to the kernel in the device tree so that this doesn't happen - TW and Leap should be using different U-Boot versions, so that hints at a kernel regression.
I changed the Raspberry to use a static address. Now I can access it over the network.
I'm not sure how to proceed to get back using an address if gets via dhcp.
The kernel command line is:
BOOT_IMAGE=/boot/Image-4.9.6-1-default root=UUID=7c83a65d-25cb-4a95-a693-349caca50955 root=/dev/disk/by-id/mmc-SU32G_0x815062d3-part2 disk=/dev/disk/by-id/mmc-SU32G_0x815062d3 resume=/dev/disk/by-id/mmc-SU32G_0x815062d3-part3 quiet splash=silent plymouth.enable=0 console=ttyS0,115200n8 quiet
You can use a hack by using a systemd file generated by the following shell script: ----------- start of script ------ #! /bin/bash # the address after the following = needs to be your own invented MAC address # like the one you get randomly after the first boot lladdr=ab:cd:ef:01:23:45 cat <<EOF > /etc/systemd/system/macspoof@.service [Unit] Description=MAC Address Change %I Wants=network-pre.target Before=network-pre.target BindsTo=sys-subsystem-net-devices-%i.device After=sys-subsystem-net-devices-%i.device [Service] Type=oneshot ExecStart=/usr/sbin/ip link set dev %i address $lladdr ExecStart=/usr/sbin/ip link set dev %i up [Install] WantedBy=multi-user.target EOF ln -s /etc/systemd/system/macspoof@.service /etc/systemd/system/multi- user.target.wants/macspoof@eth0.service ----------- end of script ------ -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Am 02.03.2017 um 17:37 schrieb Freek de Kruijf:
Op donderdag 2 maart 2017 14:59:16 CET schreef Roger Oberholtzer:
On Thu, Mar 2, 2017 at 12:11 PM, Andreas Färber <afaerber@suse.de> wrote:
Am 02.03.2017 um 08:19 schrieb Roger Oberholtzer:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I noticed a similar DHCP issue on RPi2 with Tumbleweed recently - so far no one knew why. U-Boot should pass the MAC address to the kernel in the device tree so that this doesn't happen - TW and Leap should be using different U-Boot versions, so that hints at a kernel regression.
I changed the Raspberry to use a static address. Now I can access it over the network.
I'm not sure how to proceed to get back using an address if gets via dhcp.
The kernel command line is:
BOOT_IMAGE=/boot/Image-4.9.6-1-default root=UUID=7c83a65d-25cb-4a95-a693-349caca50955 root=/dev/disk/by-id/mmc-SU32G_0x815062d3-part2 disk=/dev/disk/by-id/mmc-SU32G_0x815062d3 resume=/dev/disk/by-id/mmc-SU32G_0x815062d3-part3 quiet splash=silent plymouth.enable=0 console=ttyS0,115200n8 quiet
You can use a hack by using a systemd file generated by the following shell script:
Another solution is to interrupt U-Boot by pressing a key, looking up the real address with `printenv ethaddr` (untested) and putting that into /etc/sysconfig/network/ifcfg-eth0. Maybe even try YaST. That avoids a custom service. Regards, Andreas -- SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Hi Roger et al., Am 02.03.2017 um 12:11 schrieb Andreas Färber:
Am 02.03.2017 um 08:19 schrieb Roger Oberholtzer:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I noticed a similar DHCP issue on RPi2 with Tumbleweed recently - so far no one knew why. U-Boot should pass the MAC address to the kernel in the device tree so that this doesn't happen [...].
I have just updated U-Boot to v2017.05-rc3, which IIUC includes a fix for this issue. Any testing feedback appreciated for the new packages: https://build.opensuse.org/project/show/Base:System:Staging Upstream patch was "[U-Boot] [PATCH] fdt: Move fdt_fixup_ethernet to a common place", which says 'Fixes: 3f66149d9fb4 ("Remove extra fdt_fixup_ethernet() call")'. Regards, Andreas -- SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Thursday, 2 March 2017 8:19 Roger Oberholtzer wrote:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I seem to remember someone complaining about problem like this once. IIRC the result of the discussion was it was a cool (well, authors thought so) feature of some userspace tool (NetworkManager?). Michal Kubeček -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fri, Mar 3, 2017 at 7:02 AM, Michal Kubecek <mkubecek@suse.cz> wrote:
On Thursday, 2 March 2017 8:19 Roger Oberholtzer wrote:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I seem to remember someone complaining about problem like this once. IIRC the result of the discussion was it was a cool (well, authors thought so) feature of some userspace tool (NetworkManager?).
I am not using NetworkManager. The Ethernet comes up on boot. Cool feature? Hmmm. Not sure how one can use dhcp to assign addresses to specific devices with that. As an optional flag, maybe. My solution right now is to use a fixed address. At least I can access the device. I will next try a script suggested in another response. After I figure out what it is doing... -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Friday, 3 March 2017 8:13 Roger Oberholtzer wrote:
I am not using NetworkManager. The Ethernet comes up on boot.
It might be something else doing the same thing.
Cool feature? Hmmm. Not sure how one can use dhcp to assign addresses to specific devices with that. As an optional flag, maybe.
I don't find it cool and I definitely don't think something like this should be enabled by default; that's why I added the "well, authors though so" part. But there apparently are people who do - try to google "MAC address randomization" and you find people asking how to activate such feature. I suppose it's the same kind of people who thought enabling IPv6 privacy extensions by default was a good idea. Michal Kubeček -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fri, Mar 3, 2017 at 8:22 AM, Michal Kubecek <mkubecek@suse.cz> wrote:
On Friday, 3 March 2017 8:13 Roger Oberholtzer wrote:
I am not using NetworkManager. The Ethernet comes up on boot.
It might be something else doing the same thing.
Cool feature? Hmmm. Not sure how one can use dhcp to assign addresses to specific devices with that. As an optional flag, maybe.
I don't find it cool and I definitely don't think something like this should be enabled by default; that's why I added the "well, authors though so" part.
I got that. I really could only think such a feature would be needed in a stealth setting. Like a device that wants to attack but be difficult to track. 1. Boot with random MAC address. 2. Do harm for a short time. 3. Reboot. My use of the Raspberry is to track wheel pulses in a moving vehicle and trigger transducer sampling based on this. I want it always to be on the local network where I expect it to be. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On 03/03/2017 02:13 AM, Roger Oberholtzer wrote:
On Fri, Mar 3, 2017 at 7:02 AM, Michal Kubecek <mkubecek@suse.cz> wrote:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address? I seem to remember someone complaining about problem like this once. IIRC the result of the discussion was it was a cool (well, authors
On Thursday, 2 March 2017 8:19 Roger Oberholtzer wrote: thought so) feature of some userspace tool (NetworkManager?). I am not using NetworkManager. The Ethernet comes up on boot.
Cool feature? Hmmm. Not sure how one can use dhcp to assign addresses to specific devices with that. As an optional flag, maybe.
My solution right now is to use a fixed address. At least I can access the device. I will next try a script suggested in another response. After I figure out what it is doing...
Most modern routers allow you to assign a fixed address to a mac address. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fri, Mar 3, 2017 at 2:37 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
Most modern routers allow you to assign a fixed address to a mac address.
Of course. But if the MAC address keeps changing, what will the fixed address be? And, there is no router in these systems. Only a switch. an openSUSE server provides DHCPD services. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On 03/03/2017 09:34 AM, Roger Oberholtzer wrote:
On Fri, Mar 3, 2017 at 2:37 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
Most modern routers allow you to assign a fixed address to a mac address.
Of course. But if the MAC address keeps changing, what will the fixed address be?
And, there is no router in these systems. Only a switch. an openSUSE server provides DHCPD services.
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer. Having an openSUSE server provide DHCP means you can configure it to supply a fixed IP address to a fixed MAC address. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fr, 2017-03-03 at 10:05 -0500, Ken Schneider - openSUSE wrote:
On 03/03/2017 09:34 AM, Roger Oberholtzer wrote:
On Fri, Mar 3, 2017 at 2:37 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
Most modern routers allow you to assign a fixed address to a mac address.
Of course. But if the MAC address keeps changing, what will the fixed address be?
And, there is no router in these systems. Only a switch. an openSUSE server provides DHCPD services.
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer. Having an openSUSE server provide DHCP means you can configure it to supply a fixed IP address to a fixed MAC address.
Thats not the case for at least the RPi1/2/3 [A,B[plus]]. Other SBCs may be affected as well. Virtual machines also have no vendor assigned MAC addresses. Regards, Stefan
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer.
This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries. Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log. Ciao, Michael.
On Sun, Mar 5, 2017 at 7:48 AM, Michael Ströder <michael@stroeder.com> wrote:
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer.
This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log.
I admin a business WiFi network (not meant for guests) with about 30 known devices that connect regularly (daily/weekly). I get notified when a new to the WiFi MAC shows up. I can assure you that non-static MACs is not standard on: Win10 laptops Win7 laptops iPhones (of my users) iMacs (of my users) printers (Brother / Xerox / Canon) android phones (of my users) If a user of that WiFi ever brings in a device with a non-static MAC, I will have to get with them and figure out how to make the MAC static. I'm not going to allow a device on that WiFi to trigger notices to me routinely and it is an important security control to know who is connecting to a non-guest WiFi. Greg -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Op zondag 5 maart 2017 15:39:46 CET schreef Greg Freemyer:
On Sun, Mar 5, 2017 at 7:48 AM, Michael Ströder <michael@stroeder.com> wrote:
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer.
This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log.
I admin a business WiFi network (not meant for guests) with about 30 known devices that connect regularly (daily/weekly). I get notified when a new to the WiFi MAC shows up.
I can assure you that non-static MACs is not standard on:
There is some confusion here. What is meant, AFAICS, is the IPv6 address derived from the MAC address. For privacy reasons this IPv6 address can assume a random lower 64 bit address part. So when you move from IPv6 network to another IPv6 address you are not traceable. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On 03/05/2017 10:55 AM, Freek de Kruijf wrote:
Op zondag 5 maart 2017 15:39:46 CET schreef Greg Freemyer:
On Sun, Mar 5, 2017 at 7:48 AM, Michael Ströder <michael@stroeder.com> wrote:
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer. This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log. I admin a business WiFi network (not meant for guests) with about 30 known devices that connect regularly (daily/weekly). I get notified when a new to the WiFi MAC shows up.
I can assure you that non-static MACs is not standard on: There is some confusion here. What is meant, AFAICS, is the IPv6 address derived from the MAC address. For privacy reasons this IPv6 address can assume a random lower 64 bit address part. So when you move from IPv6 network to another IPv6 address you are not traceable.
Thank you for that answer. I keep forgetting about the technical difference between IPv4 and IPv6. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Sun, Mar 5, 2017 at 10:55 AM, Freek de Kruijf <freek@opensuse.org> wrote:
Op zondag 5 maart 2017 15:39:46 CET schreef Greg Freemyer:
On Sun, Mar 5, 2017 at 7:48 AM, Michael Ströder <michael@stroeder.com> wrote:
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer.
This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log.
I admin a business WiFi network (not meant for guests) with about 30 known devices that connect regularly (daily/weekly). I get notified when a new to the WiFi MAC shows up.
I can assure you that non-static MACs is not standard on:
There is some confusion here. What is meant, AFAICS, is the IPv6 address derived from the MAC address. For privacy reasons this IPv6 address can assume a random lower 64 bit address part. So when you move from IPv6 network to another IPv6 address you are not traceable.
As I understood it, the complaint revolves around inconsistent DHCP IPv4 address assignment. That means the complaint revolves around the actual MAC address not being stable in the DHCP address assignment request. If that isn't the MAC address under-discussion, clarification is indeed needed. Greg -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Sun, Mar 5, 2017 at 6:01 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
If that isn't the MAC address under-discussion, clarification is indeed needed.
I am referring to the MAC address that is broadcast in the DSCP DHCPDISCOVER packet from the PI 3. It changes with each re-boot. It did not do so before the last upgrade. So I am assuming it is a regression. But what to do about it? -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Roger Oberholtzer wrote:
On Sun, Mar 5, 2017 at 6:01 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
If that isn't the MAC address under-discussion, clarification is indeed needed.
I am referring to the MAC address that is broadcast in the DSCP DHCPDISCOVER packet from the PI 3. It changes with each re-boot. It did not do so before the last upgrade. So I am assuming it is a regression. But what to do about it?
Are you using NetworkManager 1.4.0+? https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkma... Ciao, Michael.
On Mon, Mar 6, 2017 at 9:59 AM, Michael Ströder <michael@stroeder.com> wrote:
Roger Oberholtzer wrote:
On Sun, Mar 5, 2017 at 6:01 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
If that isn't the MAC address under-discussion, clarification is indeed needed.
I am referring to the MAC address that is broadcast in the DSCP DHCPDISCOVER packet from the PI 3. It changes with each re-boot. It did not do so before the last upgrade. So I am assuming it is a regression. But what to do about it?
Are you using NetworkManager 1.4.0+?
https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkma...
I'm using the traditional setup where the network comes up onboot. I don't have NetworkManager installed. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Does this work differently on a RPI2? With LibreELEC and kernel 4.4.13 for example I always get the same MAC. (b8:27:eb:... Raspberry Pi Foundation) There is nothing in cmdline.txt or config.txt concerning this, so I don't know where the fixed MAC address is coming from, when the hardware doesn't have one. Ralph Gauer Am 06.03.2017 um 08:17 schrieb Roger Oberholtzer:
On Sun, Mar 5, 2017 at 6:01 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
If that isn't the MAC address under-discussion, clarification is indeed needed. I am referring to the MAC address that is broadcast in the DSCP DHCPDISCOVER packet from the PI 3. It changes with each re-boot. It did not do so before the last upgrade. So I am assuming it is a regression. But what to do about it?
-- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Further investigation is showing, that the MAC address is always beginning with b8:27:eb for Raspberry Pi Foundation and ending with the last three bytes of the serial number of the raspberry pi ("cat /proc/cpuinfo"). Ralph Gauer Am 06.03.2017 um 10:24 schrieb BWC Illmensee GmbH - Ralph Gauer:
Does this work differently on a RPI2? With LibreELEC and kernel 4.4.13 for example I always get the same MAC. (b8:27:eb:... Raspberry Pi Foundation) There is nothing in cmdline.txt or config.txt concerning this, so I don't know where the fixed MAC address is coming from, when the hardware doesn't have one.
Ralph Gauer
Am 06.03.2017 um 08:17 schrieb Roger Oberholtzer:
On Sun, Mar 5, 2017 at 6:01 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
If that isn't the MAC address under-discussion, clarification is indeed needed. I am referring to the MAC address that is broadcast in the DSCP DHCPDISCOVER packet from the PI 3. It changes with each re-boot. It did not do so before the last upgrade. So I am assuming it is a regression. But what to do about it?
-- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Mon, Mar 6, 2017 at 11:10 AM, BWC Illmensee GmbH - Ralph Gauer <ralph.gauer@bwc-illmensee.de> wrote:
Further investigation is showing, that the MAC address is always beginning with b8:27:eb for Raspberry Pi Foundation and ending with the last three bytes of the serial number of the raspberry pi ("cat /proc/cpuinfo").
Before this upgrade, the MAC addresses were in fact starting with b8:27:eb. Now I do not see a pattern. The current one on is e6:e0:b6:52:30:be -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On So, 2017-03-05 at 09:39 -0500, Greg Freemyer wrote:
On Sun, Mar 5, 2017 at 7:48 AM, Michael Ströder <michael@stroeder.com
wrote: Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer.
This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log.
Randomization (by default) only happens during scanning, not when actually associating with the network, i.e. you will always see the same MAC address and Client Identifier (derived from the MAC) in you DHCP logs.
I admin a business WiFi network (not meant for guests) with about 30 known devices that connect regularly (daily/weekly). I get notified when a new to the WiFi MAC shows up.
I can assure you that non-static MACs is not standard on:
Win10 laptops Win7 laptops iPhones (of my users) iMacs (of my users) printers (Brother / Xerox / Canon) android phones (of my users)
The MAC addresses used during association and later on are the ones set in the hardware, given: 1. The hardware actually provides one, which is not generally the case for the RPis 2. The address has not be volutarily altered, i.e. spoofed. You won't see the random addresses on the DHCP server, only maybe on the AP.
If a user of that WiFi ever brings in a device with a non-static MAC, I will have to get with them and figure out how to make the MAC static. I'm not going to allow a device on that WiFi to trigger notices to me routinely and it is an important security control to know who is connecting to a non-guest WiFi.
Sorry, but mentioning MAC address monitoring and security in a single sentence is ridiculous. The MAC addresses are broadcasted over the air, and can be altered in most cases (even many Android phones). Kind regards, Stefan
On Mon, Mar 6, 2017 at 2:23 PM, Brüns, Stefan <Stefan.Bruens@rwth-aachen.de> wrote:
On So, 2017-03-05 at 09:39 -0500, Greg Freemyer wrote: <snip>
If a user of that WiFi ever brings in a device with a non-static MAC, I will have to get with them and figure out how to make the MAC static. I'm not going to allow a device on that WiFi to trigger notices to me routinely and it is an important security control to know who is connecting to a non-guest WiFi.
Sorry, but mentioning MAC address monitoring and security in a single sentence is ridiculous. The MAC addresses are broadcasted over the air, and can be altered in most cases (even many Android phones).
Kind regards,
Stefan
Stefan, I know MAC spoofing isn't hard to accomplish, but monitoring for new to the network MACs is a best practice in the CIS CC v6.1 document as I recall. https://www.cisecurity.org/critical-controls/Library.cfm It's also low hanging fruit that can be done at no cost. Greg -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
I added LLADDR to the device config file (/etc/sysconfig/network/ifcfg-eth0). And the MAC address was then correct. The thing is that when I deploy these, I expect each to have a unique and consistent MAC address without the need to do this edit. After all, if I have to do this edit, I can just as well assign the IP address, as that is what I am really after... I hear different claims as to whether the PI 3 has a unique MAC address, or if it must generated by u-boot/linux. I still don't know. If the MAC address is generated, where does the leading E6:E0:B6 part come from? We had some VME-based PC board a while back that all cam with a the same MAC address, which was XX:XX:XX:00:00:00, where the XX part was whatever the manufacturer had been assigned. We were expected to fill in the 00s to make them unique. Is this how the PI 3 is? On Mon, Mar 6, 2017 at 8:49 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
On Mon, Mar 6, 2017 at 2:23 PM, Brüns, Stefan <Stefan.Bruens@rwth-aachen.de> wrote:
On So, 2017-03-05 at 09:39 -0500, Greg Freemyer wrote: <snip>
If a user of that WiFi ever brings in a device with a non-static MAC, I will have to get with them and figure out how to make the MAC static. I'm not going to allow a device on that WiFi to trigger notices to me routinely and it is an important security control to know who is connecting to a non-guest WiFi.
Sorry, but mentioning MAC address monitoring and security in a single sentence is ridiculous. The MAC addresses are broadcasted over the air, and can be altered in most cases (even many Android phones).
Kind regards,
Stefan
Stefan,
I know MAC spoofing isn't hard to accomplish, but monitoring for new to the network MACs is a best practice in the CIS CC v6.1 document as I recall.
https://www.cisecurity.org/critical-controls/Library.cfm
It's also low hanging fruit that can be done at no cost.
Greg -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
-- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On 03/05/2017 07:48 AM, Michael Ströder wrote:
Ken Schneider - openSUSE wrote:
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer. This is a privacy feature. And yes, you want that when traveling with your laptop in certain countries.
Note that recent Android versions and IIRC Windows 10 also do that. You can observe that when looking at leases in your DHCP server log.
Ciao, Michael.
Meant for all of the "Reply to All" posters. IS IT REALLY NECESSARY TO SEND A PRIVATE COPY??? OR ARE YOU JUST TO LAZY TO USE THE REPLY TO LIST FEATURE??? In order to post to this list, or any other openSUSE list, you need to be a member of the list which means I get a copy from the list just as you do!!! Read up on the list netiqutte: https://en.opensuse.org/openSUSE:Mailing_list_netiquette#Personal_and_mail_l... -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Sunday, 5 March 2017 17:13 Ken Schneider - openSUSE wrote:
Meant for all of the "Reply to All" posters.
IS IT REALLY NECESSARY TO SEND A PRIVATE COPY???
OR ARE YOU JUST TO LAZY TO USE THE REPLY TO LIST FEATURE???
In order to post to this list, or any other openSUSE list, you need to be a member of the list which means I get a copy from the list just as you do!!! Read up on the list netiqutte: https://en.opensuse.org/openSUSE:Mailing_list_netiquette#Personal_and_ mail_list_answers
1. Someone writing lines in uppercase (e-mail equivalent of shouting) trying to teach others about netiquette is... let's just say sad. 2. In technical mailing lists - and I hope this is considered one - it's common to Cc at least the person you are replying to, preferrably all active participants of the thread in question. I'm aware that many people on openSUSE lists tend to always reply only to the list. I also do that for general discussions but this is (or rather was) a discussion on a particular problem which is different. You may not like something that has been common practice for decades, you may disagree, you may even ignore the practice; but shouting at other people for following it and doing it in such rude way is way over the line. Please don't do that again. Michal Kubeček -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On 03/06/2017 01:42 AM, Michal Kubecek wrote:
On Sunday, 5 March 2017 17:13 Ken Schneider - openSUSE wrote:
Meant for all of the "Reply to All" posters.
IS IT REALLY NECESSARY TO SEND A PRIVATE COPY???
OR ARE YOU JUST TO LAZY TO USE THE REPLY TO LIST FEATURE???
In order to post to this list, or any other openSUSE list, you need to be a member of the list which means I get a copy from the list just as you do!!! Read up on the list netiqutte: https://en.opensuse.org/openSUSE:Mailing_list_netiquette#Personal_and_ mail_list_answers
1. Someone writing lines in uppercase (e-mail equivalent of shouting) trying to teach others about netiquette is... let's just say sad.
2. In technical mailing lists - and I hope this is considered one - it's common to Cc at least the person you are replying to, preferrably all active participants of the thread in question. I'm aware that many people on openSUSE lists tend to always reply only to the list. I also do that for general discussions but this is (or rather was) a discussion on a particular problem which is different. You may not like something that has been common practice for decades, you may disagree, you may even ignore the practice; but shouting at other people for following it and doing it in such rude way is way over the line. Please don't do that again.
Michal Kubeček
Well, apparently you do not follow the suggested rules regarding openSUSE list, so now who is being rude! And who are you to tell me what and how I post here? Apparently you still do not understand how the lists on openSUSE are set up. If you do not agree with them I suggest you contact Henne. -- Ken linux since 1994 S.u.S.E./openSUSE since 1996 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Mon, Mar 06, 2017 at 10:01:07AM -0500, Ken Schneider wrote:
On 03/06/2017 01:42 AM, Michal Kubecek wrote:
1. Someone writing lines in uppercase (e-mail equivalent of shouting) trying to teach others about netiquette is... let's just say sad.
2. In technical mailing lists - and I hope this is considered one - it's common to Cc at least the person you are replying to, preferrably all active participants of the thread in question. I'm aware that many people on openSUSE lists tend to always reply only to the list. I also do that for general discussions but this is (or rather was) a discussion on a particular problem which is different. You may not like something that has been common practice for decades, you may disagree, you may even ignore the practice; but shouting at other people for following it and doing it in such rude way is way over the line. Please don't do that again.
Well, apparently you do not follow the suggested rules regarding openSUSE list, so now who is being rude!
You are. And shouting what you did out of the blue would be rude even if you were right. And this:
To: Michal Kubecek <mkubecek@suse.cz>, opensuse-arm@opensuse.org, Michal Kubecek <mkubecek@suse.cz>, Michal Kubecek <mkubecek@suse.cz>, Michal Kubecek <mkubecek@suse.cz>
was not only (attempt to be) rude but plain stupid (FYI: it did not work the way you wanted it to).
And who are you to tell me what and how I post here?
You somehow missed that it was _you_ who started telling people what to do and what not, in a very rude way to boot. So I guess we should rather ask who _you_ are to feel entitled to do so.
Apparently you still do not understand how the lists on openSUSE are set up.
I understand how they are set up. But this is not matter of setup. Making sure poster who is not subscribed gets the replies is only one of reasons to send replies not only to the list. Michal Kubeček -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Mon, Mar 6, 2017 at 4:43 PM, Michal Kubecek <mkubecek@suse.cz> wrote:
I understand how they are set up. But this is not matter of setup. Making sure poster who is not subscribed gets the replies is only one of reasons to send replies not only to the list.
OOC, how does that happen? When I have tried to post to an openSUSE group that I had not subscribed to, the post was rejected. I don't mind subscribing. And I thought that was not optional if you want to post. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Mo, 2017-03-06 at 16:51 +0100, Roger Oberholtzer wrote:
On Mon, Mar 6, 2017 at 4:43 PM, Michal Kubecek <mkubecek@suse.cz> wrote:
I understand how they are set up. But this is not matter of setup. Making sure poster who is not subscribed gets the replies is only one of reasons to send replies not only to the list.
OOC, how does that happen? When I have tried to post to an openSUSE group that I had not subscribed to, the post was rejected. I don't mind subscribing. And I thought that was not optional if you want to post.
Quite simple: 1. Someone who is not following the ML is CCed, because someone else thinks this person should be made aware of the topic. 2. The persons replies to all participants 3. To do so, the person has subscribed the ML, but disabled delivery Regards, Stefan N�����r��y隊Z)z{.�櫛맲��r��z�^�ˬz��N�(�֜��^� ޭ隊Z)z{.�櫛�0�����Ǩ�
On 03/06/2017 10:43 AM, Michal Kubecek wrote:
I understand how they are set up. But this is not matter of setup. Making sure poster who is not subscribed gets the replies is only one of reasons to send replies not only to the list.
Michal Kubeček
*But* on this list, and any openSUSE list, you must be a member (subscriber) to post so your reasoning is false. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Mon, Mar 06, 2017 at 12:10:38PM -0500, Ken Schneider - openSUSE wrote:
On 03/06/2017 10:43 AM, Michal Kubecek wrote:
I understand how they are set up. But this is not matter of setup. Making sure poster who is not subscribed gets the replies is only one of reasons to send replies not only to the list.
*But* on this list, and any openSUSE list, you must be a member (subscriber) to post so your reasoning is false.
Once more: non-subscribers getting replies is only one of the reasons for the common practice. Thus it makes sense even in lists where only subscribers can post. For example, common setup is to have e-mails from various mailing lists delivered to their folders (I can't imagine anyone not doing that for lists with tens or even hundreds of mails per day). Getting replies from threads you participate in (or at least replies to your mails) into inbox helps to speed up the communication on a particular topic. Michal Kubeček -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Sun, Mar 5, 2017 at 5:13 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
Meant for all of the "Reply to All" posters.
IS IT REALLY NECESSARY TO SEND A PRIVATE COPY???
OR ARE YOU JUST TO LAZY TO USE THE REPLY TO LIST FEATURE???
This is going off topic, and I know this is a religious topic for some, but... SUSE lists always assume that people's e-mail clients have such a feature. Mine does not. Period. I still wonder why, if the message should not go to the sender, are they in reply-fo field? If this discussion should be rearing it's ugly head again, please make a new post... -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fri, Mar 3, 2017 at 4:05 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
On 03/03/2017 09:34 AM, Roger Oberholtzer wrote:
On Fri, Mar 3, 2017 at 2:37 PM, Ken Schneider - openSUSE <suse-list3@bout-tyme.net> wrote:
Most modern routers allow you to assign a fixed address to a mac address.
Of course. But if the MAC address keeps changing, what will the fixed address be?
And, there is no router in these systems. Only a switch. an openSUSE server provides DHCPD services.
I cannot understand the need for the system to creat a MAC address when every device is asigned an address by the manufacturer. Having an openSUSE server provide DHCP means you can configure it to supply a fixed IP address to a fixed MAC address.
That's the precise problem: the MAC address is not fixed. Or at least any MAC address in the hardware is being ignored. So DHCP is not a viable option. If I have a half dozen PIs in a system, each connected to a different transducer, it is mainly the MAC address that I can use to configure the system so I know which transducer I am communicating with. Unless I use a fixed IP address in each card. And I have to say it is unusual to have fixed IP addresses and random MAC addresses. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
On Fr, 2017-03-03 at 07:02 +0100, Michal Kubecek wrote:
On Thursday, 2 March 2017 8:19 Roger Oberholtzer wrote:
I have just updated my previously working RI 3 to the latest kernel for openSUSE 42.2
It seems that the device now generates a unique MAC address on the wired Ethernet connection each time it is powered on. Could this happen? If so, how can I change it back to use a fixed MAC address?
I seem to remember someone complaining about problem like this once. IIRC the result of the discussion was it was a cool (well, authors thought so) feature of some userspace tool (NetworkManager?).
How about informing yourself before ranting? Obviously each ethernet device needs a unique MAC address. Asthe RPIs USB ethernet MAC/PHY fails to provide one, U-Boot or the kernel has to make up an address, it uses a "locally assigned" MAC address, clearly visible by the 02:xx:xx:xx:xx:xx flag bit in the address. Failure to store the MAC address permanently inside some secondary storage (file system, EEPROM, nonvolatile memory in the SoC) ofteh leads to changing MAC addresses, if the address is not derived from some other *unique* ID. Failure to create/store a permanent (but still, "locally assigned") address *may* be the fault of either U-Boot or the kernel, or their cooperation. U-Boot had some changes regarding how to store the MAC address in the recent past, also deriving the address from the SoCs serial number changed. Regarding the randomization of MAC addresses even for devices which *do* have a unique address, as e.g. done by NetworkManager: The reasons therefor and the scope are clearly described in e.g. https: //blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking- protection-in-wi-fi-networks/ Its by no way specific to NetworkManager (its e.g. also done by MacOS and Windows 10). Violating the privacy of users unknowing to them and by default is not acceptable. The randomization only applies to WiFi, and it only applies to the scanning phase. Regards, Stefan
On Fri, Mar 3, 2017 at 4:03 PM, Brüns, Stefan <Stefan.Bruens@rwth-aachen.de> wrote:
The randomization only applies to WiFi, and it only applies to the scanning phase.
This is happening on the wired port. Not the WiFi. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
participants (10)
-
Andreas Färber -
Brüns, Stefan -
BWC Illmensee GmbH - Ralph Gauer -
Freek de Kruijf -
Greg Freemyer -
Ken Schneider -
Ken Schneider - openSUSE
-
Michael Ströder -
Michal Kubecek -
Roger Oberholtzer