Add random MAC generation after each reboot

Feature Requests
5

Are you saying that randomizing the router's MAC address enhances the privacy of the devices inside the local network? If so, there's a serious misunderstanding of the purpose of MAC addresses and the threat model that MAC randomization operates under.

First of all, MAC addresses are valid only within a local network. When I connect to openwrt.org on my computer, the (highly simplified) packet flow goes like this:

  1. My computer creates an IP packet. Its source address is my computer's IP address. Its destination address is openwrt.org's IP address.
  2. My computer wraps the packet into an Ethernet frame. Its source address is the computer's MAC address. Its destination address is my router's LAN MAC address.
  3. My computer sends this frame which gets picked up by my router's LAN port.
  4. My router strips the Ethernet frame and inspects the IP packet header. It determines it should be forwarded to the ISP's router which is reachable via my router's WAN port.
  5. My router wraps the packet into a new Ethernet frame. Its source address is my router's WAN MAC address. Its destination address is the ISP router's MAC address.
  6. Repeat steps 3 through 5 for each router hop until the packet gets to the final router connected to the LAN containing openwrt.org's servers.
  7. That final router wraps the IP packet into the final Ethernet frame. Its source address is the final router's MAC address. Its destination address is the openwrt.org server's MAC address.

Notice that the MAC addresses of the Ethernet frames change at each hop. The ISP router never sees the MAC addresses of the internal devices. And neither does the openwrt.org servers, or the servers of any other website. (Well, except for LuCI running on the OpenWrt router, of course.)

Second of all, MAC randomization came about because of smartphones constantly transmitting probes in order to find WiFi networks to connect to. A bunch of WiFi APs collectively can use this to track the physical movement of smartphone owners. This scenario doesn't apply to your router, because it's almost always in a fixed location. MAC randomization is mainly useful for WiFi devices that are highly mobile or portable like phones and laptops.

But let's say for the sake of argument that router MAC randomization on reboot is somehow useful. OpenWrt users have uptimes measured in weeks to months, rebooting their device only to install updates or to test snapshots. So are you expecting users to constantly reboot their routers every 24 hours or so, disrupting all current connections?

6 Likes