Bridging a Wireless NIC?

In our previous post, we have setup Pi-hole in LXD through bridging of macvlan network adapter. Thus, our containers share the network segment with the host's machine network. The limitation of such setup is network bridging only works for Ethernet network adapter instead of Wifi network adapter. Because "many wireless cards don't allow spoofing of the source address" (shown in example later) and also a limitation of 802.11. Read this answer for more complete explanation.

Following this guide, I tried to create a bridge using Bridge Control tool, `brctl` and add the wireless network interface, `wlp3s0` to it.
$ sudo brctl addbr wbr0

$ brctl show wbr0
bridge name     bridge id               STP enabled     interfaces
wbr0            8000.000000000000       no

$ sudo brctl addif wbr0 wlp3s0
can't add wlp3s0 to bridge wbr0: Operation not supported

To resolve the shown error above, we need to enable `4addr` option to our Wifi adapter. The `4addr` is used so that "IEEE 802.3 (Ethernet) frame gets encapsulated in a IEEE 802.11 (WLAN) frame".
$ sudo iw dev wlp3s0 set 4addr on
$ sudo brctl addif wbr0 wlp3s0

Trying to obtain an IP from our bridge interface, `wbr0`.
$ sudo dhclient -d wbr0
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/wbr0/12:34:56:78:90:01
Sending on   LPF/wbr0/12:34:56:78:90:01
Sending on   Socket/fallback
DHCPDISCOVER on wbr0 to 255.255.255.255 port 67 interval 3 (xid=0x444ed350)
DHCPDISCOVER on wbr0 to 255.255.255.255 port 67 interval 3 (xid=0x444ed350)
......

And suddenly, we lost connectivity to our Wifi connection and can't find any Wifi network adapter anymore. Because of security reason, it's hard to spoof source MAC address.

To undo this, let's remove all changes we've made. Also, we may need to reboot the machine to regain the Wifi connectivity.
$ sudo brctl delbr wbr0
bridge wbr0 is still up; can't delete it

$ sudo iw dev wlp3s0 set 4addr off
command failed: Device or resource busy (-16)

$ sudo brctl delif wbr0 wlp3s0
$ sudo iw dev wlp3s0 set 4addr off

$ sudo ifconfig wbr0 down
$ sudo brctl delbr wbr0

$ sudo systemctl restart NetworkManager

Nevertheless, there are still different ways to make this works although far more complicated. Since macvlan does not work with wireless adapter, there is an alternative way using ipvlan. However, this was proposed to be included to LXD but postponed since macvlan provides similar features. Furthermore, DHCP will not works in both methods anyway.

No comments:

Post a Comment