How does connman handle scan

Discussion:

How does connman handle scan_ssid?

Sven Schwedas

2015-03-17 11:02:44 UTC

Cf.
http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel

How does connman handle this? There don't seem to be configuration
options for it.

--
Mit freundlichen GrÃŒÃen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: ***@tao.at | +43 (0)680 301 7167
http://software.tao.at

Tomasz Bursztyka

2015-03-17 11:09:55 UTC

Permalink

Hi Sven,

ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs.
We could easily add a main.conf parameter to prevent that.

Tomasz

Post by Sven Schwedas
Cf.
http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel
How does connman handle this? There don't seem to be configuration
options for it.
_______________________________________________
connman mailing list
https://lists.connman.net/mailman/listinfo/connman

Sven Schwedas

2015-03-17 11:45:54 UTC

Permalink

Post by Tomasz Bursztyka
Hi Sven,
ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs.
We could easily add a main.conf parameter to prevent that.

Sounds good. What would be the trade-offs? More time needed to authenticate?

Post by Tomasz Bursztyka
Tomasz

_______________________________________________
connman mailing list
https://lists.connman.net/mailman/listinfo/connman

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: ***@tao.at | +43 (0)680 301 7167
http://software.tao.at

Tomasz Bursztyka

2015-03-17 12:04:44 UTC

Permalink

Post by Sven Schwedas

Post by Tomasz Bursztyka
ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs.

Post by Tomasz Bursztyka
We could easily add a main.conf parameter to prevent that.

Sounds good. What would be the trade-offs? More time needed to authenticate?

More time to autoconnect on known-networks basically.
For instance, one passive scan might miss some results (the time frame
just missed some beacons etc...).
But fortunately in ConnMan handles automatic scans, as long as the user
has not disabled it from main.conf
of course. Maybe some seconds more to autoconnect on worst cases.

There is an issue however: the hidden SSIDs. These ones, to autoconnect,
definitely need an active scan.
We could run it if only a hidden service is created for instance. But
that means we could still leak some SSIDs
- the hidden ones - if we are not located where these could be found.

The best ever solution would be to get ConnMan knows always its location
and could then run active scans
relevantly (i.e. running an active scan for the home AP since it knows
this AP is located there and it is where
we are currently etc...).

Tomasz

Pasi Sjöholm

2015-03-17 15:47:28 UTC

Permalink

Post by Tomasz Bursztyka
There is an issue however: the hidden SSIDs. These ones, to
autoconnect, definitely need an active scan. We could run it if
only a hidden service is created for instance. But that means we
could still leak some SSIDs - the hidden ones - if we are not
located where these could be found.

This is exactly what we (Jolla) been doing in the Sailfish OS with
ConnMan since July 2014 per customer request. No huge or minor issues
experienced.

Br,
Pasi

Sven Schwedas

2015-03-17 15:57:10 UTC

Permalink

Post by Pasi SjÃ¶holm

This is exactly what we (Jolla) been doing in the Sailfish OS with
ConnMan since July 2014 per customer request. No huge or minor issues
experienced.

Can this patch be mainlined? Or is it too specific?

Post by Pasi SjÃ¶holm
Br,
Pasi
_______________________________________________
connman mailing list
https://lists.connman.net/mailman/listinfo/connman

Pasi Sjöholm

2015-03-27 13:09:55 UTC

Permalink

Post by Sven Schwedas

Post by Pasi SjÃ¶holm

Post by Tomasz Bursztyka
There is an issue however: the hidden SSIDs. These ones, to
autoconnect, definitely need an active scan. We could run it if
only a hidden service is created for instance. But that means
we could still leak some SSIDs - the hidden ones - if we are
not located where these could be found.

This is exactly what we (Jolla) been doing in the Sailfish OS
with ConnMan since July 2014 per customer request. No huge or
minor issues experienced.

Can this patch be mainlined?

Yes I guess so, didn't have the time to send the patch this week but
will try to do it on the next week.

Br,
Pasi

Patrik Flykt

2015-03-18 06:52:22 UTC

Permalink

Post by Pasi SjÃ¶holm
This is exactly what we (Jolla) been doing in the Sailfish OS with
ConnMan since July 2014 per customer request. No huge or minor issues
experienced.

And you haven't been sending the patch upstream because...? ;-)

Cheers,

Patrik

Pasi Sjöholm

2015-03-17 15:31:14 UTC

Permalink

Post by Sven Schwedas
Cf.
http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel
How does connman handle this? There don't seem to be
configuration options for it.

ConnMan will actively scan any previously connected network(s) (or
networks which have been configured as hidden) when not connected, but
uses passive scanning when being connected.

Yes, this will make your device as track-able but its relatively easy
to patch the ConnMan to only use passive scanning for networks which
are not hidden.

Another option would be to randomize the MAC-address of the used
interface for each scan but it is easier said than done.