[Dnsmasq-discuss] Tag requests for a DHCP address from devices using a Locally Administered MAC address

Geert Stappers stappers at stappers.nl
Sun Jul 26 14:35:24 BST 2020


On Sun, Jul 26, 2020 at 06:07:52AM -0700, dev at lutean.com wrote:
> > > iOS 14  
> > 
> > CISCO provides an IOS, https://en.wikipedia.org/wiki/Cisco_IOS
> > My second guess on IOS is an Apple Computer Inc product.
> > 
> > 
> > > will by default use randomized, private MAC addresses.
> > 
> > Yeah right, let's sell a depleted MAC address pool
> > as a privacy improvement ... 
> > 
> 
> It is an upcoming feature of Apple products that will be on
> by default: https://support.apple.com/en-ca/HT211227
> 
> It is already available through the public beta.
> 
> So Apple devices as of October or sooner will be
> changing their MAC addresses by default
> 
> > 
> > > In my testing these devices use a MAC address with the LAA bit set 
> > > (2nd least significant bit of the first byte of the MAC). It restricts
> > > this to host addresses (least significant bit is set to 0). 
> > 
> > Speaks about two bits
> > 
> > 
> > > This patch detects MAC addresses with this bit set and tags the request with
> > > the tag "laa-address". This would allow other rules to decide what to do
> > > with these requests (such as ignoring them).
> > 
> > Speaks about one bit 
> > 
> > 
> > 
> > Speaking about bits, see
> https://en.wikipedia.org/wiki/MAC_address#/media/File:MAC-48_Address.svg
> > for the "exploded view"
> > 
> 
> https://en.wikipedia.org/wiki/MAC_address#Unicast_vs._multicast
> 
> The reason two bits are tested is because:
> - one bit is the UAA / LAA bit
> - one bit is the unicast / multicast bit
> 
> so this patch wouldn't tag LAA multicast MAC addresses should
> those happen to be in use somewhere.
> 
> So specifically a device with an LAA unicast MAC address
> would get a tag. This requires testing two bits.
> 

OK, thanks for elaborating


Groeten
Geert Stappers
-- 
Silence is hard to parse



More information about the Dnsmasq-discuss mailing list