[systemd-devel] How to add a second bridge to a nspawn container?

Alexander E. Patrakov patrakov at gmail.com
Fri Jan 4 03:23:49 UTC 2019 

Wojtek Swiatek <w at swtk.info>:
>
> Hello everyone,
>
> I have an nspawn container which is currently connected to a bridge on the host:
>
> root at srv /e/s/nspawn# cat domotique.nspawn
> [Exec]
> Boot=yes
> [Network]
> Bridge=br0
> #Bridge=wlx00c0ca384bd9
>
> This results in a host0 interface being present in the container. Everything works.
>
> I now would like to add another interface in the container, which would be bridged with a wireless card on the host. The commented out line above is my attempt to add another bridge but it failed with
>
> -- Subject: Unit systemd-nspawn at domotique.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://www.ubuntu.com/support
> --
> -- Unit systemd-nspawn at domotique.service has begun starting up.
> Jan 03 17:02:17 srv systemd-nspawn[17264]: Selected user namespace base 119472128 and range 65536.
> Jan 03 17:02:17 srv systemd-nspawn[17264]: Failed to add interface vb-domotique to bridge wlx00c0ca384bd9: Operation not supported
> Jan 03 17:02:17 srv systemd-udevd[17279]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
> Jan 03 17:02:17 srv systemd-timesyncd[791]: Network configuration changed, trying to establish connection.
> Jan 03 17:02:17 srv networkd-dispatcher[906]: WARNING:Unknown index 26 seen, reloading interface list
> Jan 03 17:02:17 srv systemd-timesyncd[791]: Synchronized to time server 145.238.203.10:123 (ntp.obspm.fr).
> Jan 03 17:02:17 srv systemd[1]: systemd-nspawn at domotique.service: Main process exited, code=exited, status=1/FAILURE
> Jan 03 17:02:17 srv systemd[1]: systemd-nspawn at domotique.service: Failed with result 'exit-code'.
> Jan 03 17:02:17 srv systemd[1]: Failed to start Container domotique.
>
> I am not sure whether "Operation not supported" means that there is something wrong with that config? or that it is not possible to create a bridge to a wireless NIC?

To be able to participate in a bridge, the wireless card must act as
an access point. This restriction comes from the fact that, generally,
there are 4 MAC addresses that one needs to be concerned about: Access
Point, Station, Source and Destination, but a wireless packet can
contain only three distinct ones. Being an access point helps, because
one knows that there are no bridges on the far end, i.e. all incoming
packets have Station = Source, and all outgoing packets except
multicast have Station = Destination.

To sidestep this limitation, use something like parprouted instead of a bridge.

-- 
Alexander E. Patrakov

More information about the systemd-devel mailing list