bridging tap interface problem

[rudivd]

Hi,

Running 8.2 RELEASE we encounter the following issue using tap interfaces:

IF bridging a wlan interface or an ethernet interface to the tap interface we see that broadcast packets (like dhcp request and dhcp offer) pass the [wlan|ethernet]interface->bridge-> tap chain, and are seen on all interfaces.

Unicast packages however are seen on the [wlan|ethernet] interface, but do not pass the chain, we do not see them on the bridge.

If we replace the tap interface with a real interface (like ethernet) we see all packages passing, no problem... So: we might be doing something wrong with the tap / bridge stuff.

Any ideas!?

Rudi

 

[SirDice]

Not all wlan drivers support bridging unfortunately. The wlan interface basically has to spoof the source MAC address and not all drivers support this.

 

[Aeterno]

While I can certainly imagine the wlan driver not supporting bridging possibly being a problem in general. I do not think this is the case in our situation.

As stated in the initial post we have bridged that same tap interface to an ethernet interface, and have observed identical behaviour. DHCP broadcasts and arp requests go through without any issues. But unicast packets such as ICMP and ssh fail to appear on the bridge.

Similarly, we have bridged the wlan interface in question (ath) to an ethernet interface. And have full connectivity through that bridge. Both DHCP broadcast and unicast (ICMP / SSH) packets go through perfectly in that scenario.

Should the wlan interface be at fault I'd expect normal behavior when bridging tap <-> eth, and expect issues when bridging eth <-> wlan.

 

[davidgurvich]

Have you tried 9-CURRENT with the same scenario? I've been testing 9-CURRENT and have found wireless and networking to be much improved over 8.X but haven't tried a scenario such as you describe. Simple bridging does seem to work better.

 

[SirDice]

How are you creating the bridge and the tap?

 

[Aeterno]

The tap interface is created by the openvpn client. Connectivity between the tap interface on the client and the tap interface on the server side has been verified (both are capable of pinging each other, and only each other)

the bridge is created at boot through rc.conf

gateway_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm wlan0 addm tap0 up"
ifconfig_bridge0="10.253.0.101 netmask 255.255.255.0

similarly
[CMD=""]ifconfig bridge create[/CMD]
[CMD=""]ifconfig bridge0 addm tap0 addm wlan0 up[/CMD]
[CMD=""]ifconfig bridge0 10.253.0.101 netmask 255.255.255.0[/CMD]

in shell for manual testing. As was described in the handbook