What makes a good fake MAC address?

What makes a good fake MAC address?

[Mark Smith]

Hi Inaky,

(please CC me, I'm not on the list)

"The problem with using a zero mac address is that it confuses the
bridging software (and maybe others). I was wondering, what would be a
fake mac address we could put in there that is legal for this kind of
"faking"? [or the closest thing to legal?]"

Since you're from an organisation with an OUI allocation or two, I
think a real Intel one would be best. It then wouldn't be fake, and no
matter where it was exposed (host only, local network, or globally
e.g. in IPv6 node addresses), it would be guaranteed not to collide
with any other addresses (unless Intel make error an error in their own
OUI administration.) 

The other alternative would be locally assigned addresses i.e. those
out of the "0x02" range. There is a function in the kernel
(random_ether_addr()) to generate random ones which should minimise the
chances of collision with any others. If you don't have an OUI, then I
think they're a reasonable compromise. However, I don't think the
"global" linux kernel automatically assigning local addresses
completely fits with the idea of those addresses are only locally
significant and administered.

Don't do what Microsoft have done, and "globally" use a 0x02 address.
They've "stolen" some static 0x02 addresses for use with their high
availability software for Windows (0x02:01:01:01:01 is one of them
IIRC). I happened to discover it by assigning those addresses in a test
environment (i.e. *locally assigning* them), and then found Wireshark
displayed them as "belonging" to Microsoft. Fortunately I didn't happen
to have a MS HA environment, so I didn't break anything. If anybody has
ever had to troubleshoot duplicate MAC addresses, I'm sure they'd agree
that in the least MS should have randomised the addresses. Or
better yet, spent probably less than a millisecond's worth of their
revenue and got themselves an OUI, ensuring global uniqueness.

(Any chance Intel want to donate an OUI to the Linux kernel to used
instead of locally assigned addresses for things like dummy, tap and
etc. interfaces? From memory they're only US $1250 :-) )

Regards,
Mark.

Re: What makes a good fake MAC address?

[Inaky Perez-Gonzalez]

On Wednesday 22 April 2009, Mark Smith wrote:
> Hi Inaky,
>
> (please CC me, I'm not on the list)
>
> "The problem with using a zero mac address is that it confuses the
> bridging software (and maybe others). I was wondering, what would be a
> fake mac address we could put in there that is legal for this kind of
> "faking"? [or the closest thing to legal?]"
>
> Since you're from an organisation with an OUI allocation or two, I
> think a real Intel one would be best. It then wouldn't be fake, and no
> matter where it was exposed (host only, local network, or globally
> e.g. in IPv6 node addresses), it would be guaranteed not to collide
> with any other addresses (unless Intel make error an error in their own
> OUI administration.)

It doesn't really work, because it is for the "from" end of the connection; as 
said somewhere else in the thread, the WiMAX link is P2P, IP only. The card 
has a local address, that we use for the "to" field, but for the from, we 
need to fake an address from the network -- which is not necessarily an intel 
device :)

So maybe local addresses would not be the right choice, and clearly Intel 
assigned ones neither :)

Thanks,


-- 
Inaky

Re: What makes a good fake MAC address?

[Stephen Hemminger]

On Wed, 22 Apr 2009 15:15:05 -0700
Inaky Perez-Gonzalez <inaky@linux.intel.com> wrote:

> On Wednesday 22 April 2009, Mark Smith wrote:
> > Hi Inaky,
> >
> > (please CC me, I'm not on the list)
> >
> > "The problem with using a zero mac address is that it confuses the
> > bridging software (and maybe others). I was wondering, what would
> > be a fake mac address we could put in there that is legal for this
> > kind of "faking"? [or the closest thing to legal?]"
> >
> > Since you're from an organisation with an OUI allocation or two, I
> > think a real Intel one would be best. It then wouldn't be fake, and
> > no matter where it was exposed (host only, local network, or
> > globally e.g. in IPv6 node addresses), it would be guaranteed not
> > to collide with any other addresses (unless Intel make error an
> > error in their own OUI administration.)
> 
> It doesn't really work, because it is for the "from" end of the
> connection; as said somewhere else in the thread, the WiMAX link is
> P2P, IP only. The card has a local address, that we use for the "to"
> field, but for the from, we need to fake an address from the network
> -- which is not necessarily an intel device :)
> 
> So maybe local addresses would not be the right choice, and clearly
> Intel assigned ones neither :)
> 

You need a from address for the bridge to be able to populate its
forwarding table. If remote end is always same, just get some random
address at start of tunnel and reuse it.

Re: What makes a good fake MAC address?

[Inaky Perez-Gonzalez]

On Wednesday 22 April 2009, Stephen Hemminger wrote:
> On Wed, 22 Apr 2009 15:15:05 -0700
>
> Inaky Perez-Gonzalez <inaky@linux.intel.com> wrote:
> > On Wednesday 22 April 2009, Mark Smith wrote:
> > > Hi Inaky,
> > >
> > > (please CC me, I'm not on the list)
> > >
> > > "The problem with using a zero mac address is that it confuses the
> > > bridging software (and maybe others). I was wondering, what would
> > > be a fake mac address we could put in there that is legal for this
> > > kind of "faking"? [or the closest thing to legal?]"
> > >
> > > Since you're from an organisation with an OUI allocation or two, I
> > > think a real Intel one would be best. It then wouldn't be fake, and
> > > no matter where it was exposed (host only, local network, or
> > > globally e.g. in IPv6 node addresses), it would be guaranteed not
> > > to collide with any other addresses (unless Intel make error an
> > > error in their own OUI administration.)
> >
> > It doesn't really work, because it is for the "from" end of the
> > connection; as said somewhere else in the thread, the WiMAX link is
> > P2P, IP only. The card has a local address, that we use for the "to"
> > field, but for the from, we need to fake an address from the network
> > -- which is not necessarily an intel device :)
> >
> > So maybe local addresses would not be the right choice, and clearly
> > Intel assigned ones neither :)
>
> You need a from address for the bridge to be able to populate its
> forwarding table. If remote end is always same, just get some random
> address at start of tunnel and reuse it.

Nope, the remote end will change as you move around from base station to base 
station :(

-- 
Inaky

Re: What makes a good fake MAC address?

[Stephen Hemminger]

On Wed, 22 Apr 2009 15:38:10 -0700
Inaky Perez-Gonzalez <inaky@linux.intel.com> wrote:

> On Wednesday 22 April 2009, Stephen Hemminger wrote:
> > On Wed, 22 Apr 2009 15:15:05 -0700
> >
> > Inaky Perez-Gonzalez <inaky@linux.intel.com> wrote:
> > > On Wednesday 22 April 2009, Mark Smith wrote:
> > > > Hi Inaky,
> > > >
> > > > (please CC me, I'm not on the list)
> > > >
> > > > "The problem with using a zero mac address is that it confuses
> > > > the bridging software (and maybe others). I was wondering, what
> > > > would be a fake mac address we could put in there that is legal
> > > > for this kind of "faking"? [or the closest thing to legal?]"
> > > >
> > > > Since you're from an organisation with an OUI allocation or
> > > > two, I think a real Intel one would be best. It then wouldn't
> > > > be fake, and no matter where it was exposed (host only, local
> > > > network, or globally e.g. in IPv6 node addresses), it would be
> > > > guaranteed not to collide with any other addresses (unless
> > > > Intel make error an error in their own OUI administration.)
> > >
> > > It doesn't really work, because it is for the "from" end of the
> > > connection; as said somewhere else in the thread, the WiMAX link
> > > is P2P, IP only. The card has a local address, that we use for
> > > the "to" field, but for the from, we need to fake an address from
> > > the network -- which is not necessarily an intel device :)
> > >
> > > So maybe local addresses would not be the right choice, and
> > > clearly Intel assigned ones neither :)
> >
> > You need a from address for the bridge to be able to populate its
> > forwarding table. If remote end is always same, just get some random
> > address at start of tunnel and reuse it.
> 
> Nope, the remote end will change as you move around from base station
> to base station :(
> 

Then don't bridge.

Re: What makes a good fake MAC address?

[Inaky Perez-Gonzalez]

On Wednesday 22 April 2009, Stephen Hemminger wrote:
> On Wed, 22 Apr 2009 15:38:10 -0700
>
> > > You need a from address for the bridge to be able to populate its
> > > forwarding table. If remote end is always same, just get some random
> > > address at start of tunnel and reuse it.
> >
> > Nope, the remote end will change as you move around from base station
> > to base station :(
>
> Then don't bridge.

heh :) I'll give a try to just try an address from random_ether_addr(), 
it might work

Thanks!

-- 
Inaky

Re: What makes a good fake MAC address?

[Inaky Perez-Gonzalez]

On Wednesday 22 April 2009, Eric Dumazet wrote:
> Inaky Perez-Gonzalez a écrit :
> > Hi All
> >
> > The Intel i2400m WiMAX driver behaves as an ethernet device, and
> > currently when sending packets to the netdev stack, it fakes an ethernet
> > header, sets the "from" mac address to zeroes and the "to" to it's own
> > MAC address.
> >
> > The WiMAX network can be considered to be a point-to-point (up to the
> > gateway) connection, all IP based, so there are not MAC addresses from
> > our gateway (not to mention that it can change behind us).
> >
> > The problem with using a zero mac address is that it confuses the
> > bridging software (and maybe others). I was wondering, what would be a
> > fake mac address we could put in there that is legal for this kind of
> > "faking"? [or the closest thing to legal?]
> >
> > Thanks!
>
> We have random_ether_addr(), it should be self explained :)

(Also in reply to Stephen's comment) the device has its own local address; 
what we are faking is the address the packet comes from.

According to random_ether_addr(), it sets the local bits; will this work to 
fake the "other end of the connection"? (for which there is an IP address but 
no MAC address, it being a pure IP link).

Thanks,

-- 
Inaky

Re: What makes a good fake MAC address?

[Eric Dumazet]

Inaky Perez-Gonzalez a écrit :
> Hi All
> 
> The Intel i2400m WiMAX driver behaves as an ethernet device, and currently 
> when sending packets to the netdev stack, it fakes an ethernet header, sets 
> the "from" mac address to zeroes and the "to" to it's own MAC address.
> 
> The WiMAX network can be considered to be a point-to-point (up to the gateway) 
> connection, all IP based, so there are not MAC addresses from our gateway 
> (not to mention that it can change behind us).
> 
> The problem with using a zero mac address is that it confuses the bridging 
> software (and maybe others). I was wondering, what would be a fake mac 
> address we could put in there that is legal for this kind of "faking"? [or 
> the closest thing to legal?]
> 
> Thanks!
> 

We have random_ether_addr(), it should be self explained :)

/**
 * random_ether_addr - Generate software assigned random Ethernet address
 * @addr: Pointer to a six-byte array containing the Ethernet address
 *
 * Generate a random Ethernet address (MAC) that is not multicast
 * and has the local assigned bit set.
 */
static inline void random_ether_addr(u8 *addr)
{
        get_random_bytes (addr, ETH_ALEN);
        addr [0] &= 0xfe;       /* clear multicast bit */
        addr [0] |= 0x02;       /* set local assignment bit (IEEE802) */
}

Re: What makes a good fake MAC address?

[Stephen Hemminger]

On Wed, 22 Apr 2009 13:48:27 -0700
Inaky Perez-Gonzalez <inaky@linux.intel.com> wrote:

> 
> Hi All
> 
> The Intel i2400m WiMAX driver behaves as an ethernet device, and
> currently when sending packets to the netdev stack, it fakes an
> ethernet header, sets the "from" mac address to zeroes and the "to"
> to it's own MAC address.
> 
> The WiMAX network can be considered to be a point-to-point (up to the
> gateway) connection, all IP based, so there are not MAC addresses
> from our gateway (not to mention that it can change behind us).
> 
> The problem with using a zero mac address is that it confuses the
> bridging software (and maybe others). I was wondering, what would be
> a fake mac address we could put in there that is legal for this kind
> of "faking"? [or the closest thing to legal?]
> 
> Thanks!
> 

You want really want hw to have real mac, but if not use
random_ether_addr()

What makes a good fake MAC address?

[Inaky Perez-Gonzalez]

Hi All

The Intel i2400m WiMAX driver behaves as an ethernet device, and currently 
when sending packets to the netdev stack, it fakes an ethernet header, sets 
the "from" mac address to zeroes and the "to" to it's own MAC address.

The WiMAX network can be considered to be a point-to-point (up to the gateway) 
connection, all IP based, so there are not MAC addresses from our gateway 
(not to mention that it can change behind us).

The problem with using a zero mac address is that it confuses the bridging 
software (and maybe others). I was wondering, what would be a fake mac 
address we could put in there that is legal for this kind of "faking"? [or 
the closest thing to legal?]

Thanks!

-- 
Inaky