Re: WLAN and Bridge

In reply to: Bjoern A. Zeeb: "Re: WLAN and Bridge"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jan Bramkamp <crest_at_rlwinm.de>
Date: Mon, 28 Jul 2025 14:17:03 UTC
On 28.07.25 15:24, Bjoern A. Zeeb wrote:
> On Mon, 28 Jul 2025, Jan Bramkamp wrote:
>
>> On 13.07.25 02:58, Ben Hutton wrote:
>>> Hi,
>>>
>>> Is it possible to use a wlan device with a bridge and tap device for 
>>> use with bhyve? When I've tried this I cannot seem to get traffic to 
>>> route past the bridge.
>>
>> Not really. A normal Ethernet frame has two MAC addresses (source and 
>> destination).
>>
>> WiFi adds a third MAC address to each frame (source, destination and 
>> access point) with the client MAC address authenticated to the access 
>> point.
>>
>> What you want would require a fourth MAC address (source, 
>> destination, access point, client) to separate the client 
>> authentication from source/destination MAC address (depending on 
>> direction).
>>
>> Such a frame format exists and is used by WiFi repeaters, but it's 
>> not commonly supported by FreeBSD WiFi drivers or access points.
>>
>>> My aim is to get bhyve working with network access on my laptop on 
>>> WiFi. So far I have had to use Ethernet connections.
>> All reasonably sane bhyve guest connections look like Ethernet to the 
>> bhyve guest.
>>> I have looked into NAT but am unsure how I would do this with bhyve?
>>
>> You would:
>>
>> * configure the host as a router
>>
>> * create a bridge (with a static MAC address if you want to)
>>
>> * not add any physical interfaces to the bridge
>
> What is that bridge for if you are routing anyway?
>
> You are forwarding packets and are doing { wlan | NAT } - forward - tap.
> tap interfaces can have IP addresses.

Without the bridge more host configuration per bhyve guest is needed. 
The bridge is a single interface that can handle multiple guests and it 
isolates the routed interface from the link state changes if guest 
start/stop.

If you want to reduce the overhead and provide better isolation between 
guests I would recommend using the tap driver under the vmnet name 
because it sets the needed interface flag to not bring down the 
interface when the guest closes the tap device because that removes the 
route(s).