Network bridging

This application note contains guidelines for using the target platform as a network bridge between two networks.

Requirements

You will need the following to make a target platform act as a network bridge between two networks:

The target platform needs to have at least two network interfaces (either wired or wireless).
The Linux kernel image of the target platform requires support for network bridging.

Methods

There are two methods for connecting a pair of networks:

Bridging: The platform device acts like a tunnel that connects the two networks (or two network segments) forming one big subnet that allows devices to connect to each other without the need for routers.
IP forwarding: The platform device translates the address of a packet to a new destination according to a routing table.

This application note explains the bridging method.

Bridging

This chapter illustrates how to configure a target platform to act as a network bridge. Consider the following scenario:

A target platform embedded device acts as the bridge.
The target is connected through one wired Ethernet interface to a wired LAN that has access to the Internet.
There are three wireless devices to connect by bridge.
There is no wireless AP, so the wireless devices cannot access the LAN.

By configuring the platform as a bridge, you can make the three wireless devices connect to the LAN and gain access to the Internet.

Note A network bridge can be established between two network interfaces of any kind: two wired Ethernets, a wired Ethernet and a USB-Ethernet gadget, a USB-Ethernet gadget and a wireless interface, and so on.

In this document we will show how to establish a network bridge between a wired Ethernet (eth0) and a wireless interface (wlan0), including how to configure the wireless interface. You can follow similar steps to create the bridge between arbitrary network interfaces as long as you configure each interface properly.

CAUTION! For a platform to act as a bridge using a wireless interface, the wireless interface needs to be able to operate in SoftAP mode. Refer to the documentation for your wireless adapter for instructions on how to configure it as SoftAP.

Add network bridging support to the kernel

Go to your DEY project folder and configure the kernel using the following commands:

$ bitbake -c configure virtual/kernel
$ bitbake -c menuconfig virtual/kernel

Enable the following kernel options (if not already enabled):

802.1d Ethernet Bridging (CONFIG_BRIDGE)
IGMP MLD snooping (CONFIG_BRIDGE_IGMP_SNOOPING)

Build and update the system for your platform

Build the DEY project and transfer the images to the target platform. See System development.

Operate the wireless interface in SoftAP mode

Configure as SoftAP

Configure the connection settings of your wireless interface in the /etc/wpa_supplicant.conf file on your target's root file system.

Make sure the parameter mode is set to 2, to work as SoftAP. The following example shows a configuration that uses WPA-PSK/AES authentication and names the SoftAP ath6kl-ap:

/etc/wpa_supplicant.conf

# SoftAP mode (WPA-PSK/AES)
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
fast_reauth=1
update_config=1
 
ap_scan=2
network={
    ssid="ath6kl-ap"
    mode=2
    frequency=2412
    key_mgmt=WPA-PSK
    proto=RSN
    pairwise=CCMP
    psk="12345678"
}

Start the wireless interface as SoftAP

You need to restart the wpa_supplicant daemon so that it uses the new configuration file.

Kill all running instances of the wpa_supplicant daemon:

# killall wpa_supplicant

Create the bridge interface br0:

# brctl addbr br0

Run the wpa_supplicant daemon again and tell it to use the bridge br0:

# wpa_supplicant -i wlan0 -D nl80211 -c /etc/wpa_supplicant.conf -b br0 -B

Connect the wireless devices to the SoftAP

Configure each of the three wireless devices to connect to the SoftAP just created on your platform. For example, a device that uses the wpa_supplicant daemon to connect to the wireless network would have a configuration file like this:

/etc/wpa_supplicant.conf

# Client that connects to the SoftAP
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
fast_reauth=1
update_config=1
 
ap_scan=1
network={
    scan_ssid=1
    ssid="ath6kl-ap"
    key_mgmt=WPA-PSK
    proto=RSN
    pairwise=CCMP
    # Use the wpa_passphrase application with the ssid and password to obtain the psk
    # In this example:
    #
    #   wpa_passphrase ath6kl-ap 12345678
    #   27b9137ab2d24609864128ea8c97399f06ca37ff2ca40c6617a17d265e57b171
    #
    psk=27b9137ab2d24609864128ea8c97399f06ca37ff2ca40c6617a17d265e57b171
}

Enable bridging on the target platform

Remove the IP addresses of the two network interfaces that the bridge will join. (The following example shows eth0 and wlan0).

# ifconfig eth0 0.0.0.0
# ifconfig wlan0 0.0.0.0

Configure the bridge interface br0 to join the two network interfaces.

# brctl addif br0 eth0
# brctl addif br0 wlan0
# brctl show
bridge name    bridge id              STP enabled   interfaces
br0            8000.0004f3280000      no            eth0
                                                    wlan0

The brctl show command should correctly list eth0 and wlan0 in the same br0 bridge. If that does not happen, or it is showing something else, the bridge has not been created correctly and you should delete it before trying to re-create it.

Note To remove the bridge and restart the procedure, you can do the following:

# ifconfig br0 down
# brctl delbr br0
# killall wpa_supplicant

Assign a static or dynamic IP address in the LAN to the bridge. This is optional but it allows you to reach the bridge (the target platform) in the network.

Static IP assignment

# ifconfig br0 192.168.1.5 netmask 255.255.0.0

Bring the bridge up:

# ifconfig br0 up

Your configuration is complete. Your wireless devices, connected to the target platform (acting as SoftAP), should now be able to reach any device in the network, and vice versa.

Note It might not be possible to ping or telnet the IP address assigned to br0 from the wireless LAN if the address is not in your subnet. This is an expected behavior.

Automatically create the bridge interface at boot time

To automatically create the bridge interface at startup, edit /etc/network/interface and uncomment the following lines:

/etc/network/interfaces

auto br0
iface br0 inet static
       bridge_ports eth0 wlan0
       address 192.168.42.50
       netmask 255.255.255.0

Note When an interface is part of a bridge, its IP configuration is ignored, but the interface itself must be up for the bridge to work.

To re-create it when the Ethernet cable gets disconnected while the bridge is active, you can use a daemon like ifplugd (included in DEY root file systems by default) to take care of plug/unplug events.

Create this script:

eth_event.sh

#!/bin/sh
index="0" # change to N for the interface ethN
[ `cat /sys/class/net/eth$index/operstate` == "up" ] && ifconfig eth$index up || echo cable eth$index unpluged

Give it execution permissions and then run:

ifplugd -apqs -t3 -u2 -d2 -i "eth0" -r "eth_event.sh"

Configure the ifplugd daemon to start at boot time.