Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Adding wlan0 to br0
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Sun Nov 17, 2013 10:47 am    Post subject: [SOLVED] Adding wlan0 to br0 Reply with quote

Hi,

I've followed the guide [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC] to try to configure qemu with bridging capabilities, so my virtual machines could be seen as standalone machines in my network. This is working fine when using a eth0 cable interface, but fails when trying to do the same with wlan0 wireless interface. I've configured ebtables properly and done everything needed to make it work, but the error boils down to not being able to add wlan0 to the bridge br0:

Quote:

# brctl addif br0 wlan0
can't add wlan0 to bridge br0: Operation not supported


If I strace the same command, I get the following.

Quote:

# strace brctl addif br0 wlan0 [8/917]
execve("/sbin/brctl", ["brctl", "addif", "br0", "wlan0"], [/* 57 vars */]) = 0 [7/917]
brk(0) = 0x2435230 [6/917]
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2db8185b000 [5/917]
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [4/917]
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 [3/917]
fstat(3, {st_mode=S_IFREG|0644, st_size=269358, ...}) = 0 [2/917]
mmap(NULL, 269358, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2db81819000 [1/917]
close(3) = 0 [0/917]
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240%\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1732760, ...}) = 0
mmap(NULL, 3846144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2db81291000
mprotect(0x2db81432000, 2097152, PROT_NONE) = 0
mmap(0x2db81632000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x2db81632000
mmap(0x2db81638000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2db81638000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2db81818000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2db81817000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2db81816000
arch_prctl(ARCH_SET_FS, 0x2db81817700) = 0
mprotect(0x2db81632000, 16384, PROT_READ) = 0
mprotect(0x606000, 4096, PROT_READ) = 0
mprotect(0x2db8185d000, 4096, PROT_READ) = 0
munmap(0x2db81819000, 269358) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_index=4}) = 0
close(4) = 0
ioctl(3, SIOCBRADDIF, 0x397e0b41fe0) = -1 EOPNOTSUPP (Operation not supported)
ioctl(3, SIOCDEVPRIVATE, 0x397e0b41fe0) = -1 EOPNOTSUPP (Operation not supported)
write(2, "can't add wlan0 to bridge br0: O"..., 55can't add wlan0 to bridge br0: Operation not supported
) = 55
exit_group(1) = ?
+++ exited with 1 +++


I've encountered a number of referenced on this problem, but none of them actually solved the problem.

  • Hostapd: I could use hostapd to create AP with my wlan0 and then the qemu clients would connect to that, but I don't want to create an AP, which would then be seen by everybody close enough, so this option is out of the question.
  • Old Kernel: I've been told that this is supported by an old kernel, but new kernels don't support it, because it was kicked out of the kernel. I would like to know why the decision was made and what is the latest kernel that still supports it.


Currently I'm running the following kernel:

Quote:

# uname -r
3.10.1-hardened-r1


I'm using the following kernel driver:

Quote:

# lspci -k
03:00.0 Network controller: Intel Corporation PRO/Wireless 5100 AGN [Shiloh] Network Connection
Subsystem: Intel Corporation WiFi Link 5100 AGN
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi


I would like to get a solution to make the qemu virtual machines use bridging to present to the network as standalone clients; the same as it's with the Virtualbox bridging mode.

Any ideas and th[/url]oughts are welcome.


Last edited by eleanor on Sat Nov 23, 2013 3:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1361
Location: Montréal

PostPosted: Sun Nov 17, 2013 12:25 pm    Post subject: Reply with quote

You do not say which network interface your Qemu virtual machine is using from the host. If you create a tuntap virtual network card with the host command ip or tunctl and give it as the wired network card to your Qemu virtual machine, it will be easy for the host to bridge this interface.

Your wireless network can access your virtual machines by the bridge using forwarding, appropriate IP routes, Iptables rules and NAT on each host including virtual ones.
_________________
Paul
Back to top
View user's profile Send private message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Sun Nov 17, 2013 12:48 pm    Post subject: Reply with quote

Hi,

In qemu I'm using the following:

Quote:

-device e1000,netdev=net0
-netdev tap,id=net0,script=no,ifname=tap0,downscript=no


In /etc/conf.d/net I have this:

Quote:

# Interface wlan0
config_wlan0="null"

# Interface tap0
config_tap0="null"
tuntap_tap0="tap"
carrier_timeout_tap0="0"

# Interface br0
config_br0="dhcp"
bridge_br0="tap0"
brctl_br0="setfd 0 stp on sethello 1"


The above options will start the tap0 and wlan0 interface by default by using the appropriate init scripts.

I'm tying to give the VM the tap0 device, which is bridged with wlan0 wireless interface into br0. The br0 it self should connect with the AP through wlan0 wireless network. If the tap0 and wlan0 are bridged, it means that when VM will issue a DHCP request, it will be sent over the air to the AP, which will give it another IP address.

The problem is that I cannot add wlan0 to the br0 and I receive an error outlined in the first post.
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1361
Location: Montréal

PostPosted: Sun Nov 17, 2013 2:03 pm    Post subject: Reply with quote

Dhcp request do not authentificate a Wep or a Wpa client to an AP. You can succeed what you want to do without putting wlan0 in the bridge. Do a normal wireless configuration for wlan0 and put only tap0 in the bridge.

Configure your bridge and your virtual machine manually on the same network. For the virtual machine you can have instead a Dhcp server on the host that listen on br0 and do a Dhcp request on the guest. Than routing and firwall rules should do the rest.

I can communicate between my wire, wireless and virtual networks that way, but Gentoo is my wireless AP. It allow to open sessions between wireless hosts and others. The only external router is my ISP.
_________________
Paul
Back to top
View user's profile Send private message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Sun Nov 17, 2013 3:08 pm    Post subject: Reply with quote

Hi,

Okay, I've added the tap0 to the br0 without also adding the wlan0. The host and guest can ping each other over the br0 interface, but the guest still cannot access the internet.

Current routing table is:

Quote:

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 203 0 0 wlan0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 203 0 0 wlan0


I guess no routing entries are needed, since the default GW is already set.

Can you possibly share your routing rules or tell me what I have to add to make this work?
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1361
Location: Montréal

PostPosted: Sun Nov 17, 2013 3:37 pm    Post subject: Reply with quote

Hi,
I will give you a way to proceed manually with the 192.168.0.0/24 subnet for br0. From the host
Code:
ifconfig br0 192.168.0.1 up
sysctl -w net.ipv4.ip_forward=1
iptables -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24 -t nat

From the guest
Code:
ifconfig eth0 192.168.0.2 up
route add default gw 192.168.0.1
echo 'nameserver 8.8.8.8' > /etc/resolv.conf

You have to be sure that the other firewall rules on each workstation, including the virtual one, permit to communicate with the outside world. Forwarding and masquerading are the task of the host who serve as a gateway for 192.168.0.0/24 subnet. Guest requests for anywhere, including wireless, should be done by the other routes of the host.
_________________
Paul
Back to top
View user's profile Send private message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Sun Nov 17, 2013 3:56 pm    Post subject: Reply with quote

Yes, this works ok, but it's still not completely the same as bridged networking as Virtualbox configures it. The virtual machines can connect to the other hosts on the network, but other hosts cannot connect to the virtual machines, because they don't have a route for 172.16.1.0/24. If I manually add the route to each device on the network, this would work as it should, but I'm not going to do that.

I was thinking to configure network DHCP to give out 192.168.1.100-150 IP addresses and my own DHCP server on the host to give out 192.168.1.151-200 IP addresses. Therefore the two DHCP servers would serve the same IP address range 192.168.1.0/24, but each would have a different IP range. I guess I would still have to use ebtables, but this might just work as expected.
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1361
Location: Montréal

PostPosted: Sun Nov 17, 2013 8:31 pm    Post subject: Reply with quote

Note that you can use a tuntap Ethernet card like the one you create, tap0, and not the one that VirtualBox will create by default, vboxnet0, when you configure the network of the VirtualBox virtual machine. I use in this case Access by bridge as access method.

In all cases, the host gateway must forward and masquerade packets on all local networks that must communicate togethers. In your case, it should be at least the virtual and wireless ones. You need an iptable rule for each of them on the host gateway.

My ISP give to my host gateway the Internet IP address and route. My host gateway authentificate clients as a wireless Access Point (Hostapd), give to each of them always the same IP address, route and Dns (Dnsmasq) through my wireless network (wlan0), forward and masquerade packets on the virtual (br0) and wireless networks.

I configure manually the virtual network of the host (br0 with tap0 as slave) and the same for the guest (eth0 through tap0) and all the machines, real and guests, can connect to each others and access Internet without more configuration.

The virtual guests machines do not need a specific route to the real machines on the wireless network and the same apply to the real machines of the wireless network to virtual guests machines. The host gateway as the default route of each of them is enough to make them communicate to each others because the host gateway forward and masquerade packets on the virtual and wireless networks.

Note that the host gateway give one default route, the same, to each the wireless machines but a different one, the same, to the virtuals machines.
_________________
Paul
Back to top
View user's profile Send private message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Mon Nov 18, 2013 4:34 pm    Post subject: Reply with quote

Hi,

Yes, this is true, but only when the host machine is also an AP, which isn't the case in my setup. I'm using Linksys router as AP (which has the first DHCP server) to which the host connects with wlan0 interface. Additionally, the host has a bridge br0 and tap0 (added to br0), which has another DHCP server to give IP addresses to guest virtual machines. I've already described the rest of the process and it's problems.
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1361
Location: Montréal

PostPosted: Mon Nov 18, 2013 6:23 pm    Post subject: Reply with quote

By default I think, routers like Linksys do not allow connected clients to be part of the same network and open an ssh session from one client to another. This probably can be change in the setup of the routers. Without that, I dont see how wireless machines can be part of the same network if your host do not act as the wireless router itself.
_________________
Paul
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum