DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th August 2018
beavers beavers is offline
Port Guard
 
Join Date: Nov 2017
Posts: 31
Default ifconfig's new 'join' parameter

I am loving ifconfig's recently added 'join' parameter in -current, but having a slight bit of trouble using it from my hostname.if file. Of the networks I regularly visit, there's one in particular where I like to use a random MAC.

Code:
/etc/hostname.iwn0:

join "Guest_Wireless" lladdr random
join "linksies" wpakey "0123456789abcdef"
join "network not found" wpakey "fedcba9876543210"
join "WNET5" wpakey "Super secret passphrase!"
dhcp
up
However, this randomizes my MAC on _all_ of the networks I join, not just that specific one. (I've also tried changing the order of the join statements, to no effect.) Should I be achieving this some other way?
Reply With Quote
  #2   (View Single Post)  
Old 14th August 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

The new join option is part of IEEE 802.11 provisioning syntax, which does not include lladdr. You'll have to use a different mechanism -- such as a shell script -- to connect to that network.
Reply With Quote
  #3   (View Single Post)  
Old 14th August 2018
beavers beavers is offline
Port Guard
 
Join Date: Nov 2017
Posts: 31
Default

Where's a good place to put that so it runs before /etc/netstart?
Reply With Quote
  #4   (View Single Post)  
Old 14th August 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

Consider: once you alter the MAC address with ifconfig()'s lladdr, the change remains in effect until you reboot or the command is re-issued. You do not want your MAC address randomized if you want repeatable leases on your three standard networks. It should not run before netstart(8).

Run a script to set the MAC address to random, set the SSID, and initiate a DHCP client session when you take your laptop to the untrusted network. Use "join" in hostname.iwn0 only for the three networks where you are able to use the hardware MAC address.

This script can be manually executed, or you could perhaps automate this in an rc.local(8) script, which would be run by rc(8) as a last step, if the script exists. If automated, your script could use ifconfig() to scan for "Guest_Wireless" and if found proceed to issue the appropriate SSID provisioning with ifconfig() and request IP address, routing, and DNS with dhclient(8). If manually executed, it only needs to issue ifconfig and dhclient commands, without any logic.
Reply With Quote
  #5   (View Single Post)  
Old 14th August 2018
beavers beavers is offline
Port Guard
 
Join Date: Nov 2017
Posts: 31
Default

Quote:
Originally Posted by jggimi View Post
You do not want your MAC address randomized if you want repeatable leases on your three standard networks.
My only concern is that I don't want the MAC transmitted at all if I'm near that particular untrusted network -- would a (failed) connection attempt from netstart transmit anything during association that contains my real hardware lladdr?

Quote:
Originally Posted by jggimi View Post
This script can be manually executed, or you could perhaps automate this in an rc.local(8) script, which would be run by rc(8) as a last step, if the script exists. If automated, your script could use ifconfig() to scan for "Guest_Wireless" and if found proceed to issue the appropriate SSID provisioning with ifconfig() and request IP address, routing, and DNS with dhclient(8). If manually executed, it only needs to issue ifconfig and dhclient commands, without any logic.
Such a script is actually what I had been doing before "join" was added, so I've already got a little something ready to go! Will give it a shot from rc.local -- this look reasonable?

Code:
#!/bin/ksh

SSID=Guest_Wireless
IF=iwn0

ifconfig ${IF} scan | grep ${SSID} >/dev/null 2>&1
if [ $? -eq 0 ] ; then
        pkill -9 dhclient
        ifconfig ${IF} -inet -nwid -bssid down
        ifconfig ${IF} lladdr random
        ifconfig ${IF} | grep lladdr | awk '{print $2}'
        ifconfig ${IF} nwid ${SSID} up
        dhclient ${IF}
fi
Reply With Quote
  #6   (View Single Post)  
Old 14th August 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

It looks like a reasonable script when reading it.

I'm not completely aware of all the ins and outs of 802.11 SSID association, but to my understanding the client *will* send out its MAC address in association request frames. This could be in response to SSID beacons, and also -- if my meager understanding is correct -- unsolicited in an association request frame to a "hidden" AP that does not issue beacons. If an unsolicited association request is for an SSID which is not present, no response is returned. But the request can be recorded. Tying a single workstation to multiple sessions (and therefore usage patterns) is the only significant value from "capturing" a MAC address for other than Ethernet connectivity and IP addressing -- that I can think of.

If you don't need repeatable leases from your trusted access points, then feel free to randomize your MAC address in hostname.iwn0, and provision all 4 networks with join, without an access script.

One last option is to develop support for lladdr "restoration" in ifconfig() with -lladdr, which does not exist. Then, you could attempt to update join functionality to add MAC address management options. OpenBSD gets features and functionality from people who believe something is missing, and then develop them, test them, and share them with the community. The tech@ mailing list is the most appropriate place to submit development diffs.
Reply With Quote
  #7   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

Quote:
Originally Posted by jggimi View Post
... a "hidden" AP that does not issue beacons....
I'm wrong. These APs broadcast beacons without named SSIDs.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD gains Wi-Fi "auto-join" e1-531g News 1 12th July 2018 06:33 PM
ifconfig and superuser LeFrettchen OpenBSD General 2 29th October 2017 09:08 PM
ifconfig and ssh question frcc OpenBSD Security 3 21st August 2013 12:02 PM
ifconfig athn0 marconi OpenBSD General 6 25th March 2012 02:39 PM
PF - ifconfig problem ripp3r OpenBSD Security 5 12th December 2010 04:10 PM


All times are GMT. The time now is 10:35 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick