Bridge TAP interface to ETH on Raspberry Pi 3?



My team and I are working with a couple of raspberry pi 3's and an IP-Stack called PicoTCP. PicoTCP uses a TAP interface, ours is called tap0. The tap0 interface must have it's own IP when using with PicoTCP. Unfortunately, because the tap0 interface is virtualized it has no awareness of the other raspberry pi's on the same LAN. It seems obvious that we need to bridge the tap0 interface with our ethernet interface eth0 to solve this issue (Correct me if I'm wrong). We've tried many solutions to no avail!

Technical Information:

  • All Pi's are connected via ethernet to the same router
  • All Pi's are running the latest version of Raspbian OS

A couple solutions we have tried:!

auto br0
iface br0 inet dhcp
pre-up tunctl -t (tap device ""ex:tap0"") -u (tap owner) -g (owner group name)
pre-up ip link set dev eth0 down   ('''Brings down ethernet''')
pre-up brctl addbr br0   ('''Adds bridge''')
pre-up brctl addif br0 eth0   ('''Adds eth0 to bridge''')
pre-up brctl addif br0 tap0   ('''Adds tap0 to bridge''')
pre-up ip link set dev tap0 up   ('''Bring tap0 up''')
up chmod 0666 /dev/net/tun   ('''Changes permissions on tap device to user/ owner''')
post-down ip link set dev eth0 down   ('''Brings down eth0''' )
post-down ip link set dev tap0 dpwn   ('''Brings down tap0''')
post-down ip link set dev br0 down   ('''Brings down br0''')
post-down brctl delif br0 eth0   ('''Removes bridge between br0 & eth0''')
post-down brctl delif br0 tap0   ('''Removes bridge between br0 & tap0''')
post-down brctl delbr br0  ('''Removes bridge''')

How to bridge tap to eth0 on raspberry pi?

ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set dev eth0 down
ip addr flush dev eth0 
ip link set dev eth0 up
ip link set eth0 master br0
ip link set dev br0 up


# Set up Ethernet bridge on Linux
# Requires: bridge-utils

# Define Bridge Interface

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.

for t in $tap; do
    openvpn --mktun --dev $t

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t

for t in $tap; do
    ifconfig $t promisc up

ifconfig $eth promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

PicoTCP Utilizing tap0 interface:

struct pico_device* init_picotcp(void) {
    struct pico_device *dev;
    struct pico_ip4 ipaddr, netmask, local;

    pico_string_to_ipv4("tap0", &local.addr);

    dev = pico_ipv4_link_find(&local);

    if(!dev) {
        return NULL;

    pico_string_to_ipv4(serv.ipv4_addr.c_str(), &ipaddr.addr);
    pico_string_to_ipv4(serv.netmask.c_str(), &netmask.addr);
    pico_ipv4_link_add(dev, ipaddr, netmask);

    return dev;

This line: pico_ipv4_link_add(dev, ipaddr, netmask);

Opens the created tap0 device with a specific IP and Netmask.


None of these solutions worked for us.


Posted 2016-12-06T15:27:14.983

Reputation: 11

Note that it's the bridge that should have IP configuration – not the individual "ports". – user1686 – 2016-12-06T15:31:02.097

@grawity that definitely makes sense, and goes along with everything I have read. But, the way a picoTCP device is set up, you have to have the device created on your system, pass the name of the device, the devices IP, and Netmask. I updated the post to show that. – btald1331 – 2016-12-06T15:39:03.747

I don't know PicoTCP, and I don't understand why it needs an IP addr and how that will affect the stack, but what happens if you just add one using ip addr add dev tap0 etc.? Maybe try both the same IP addr as the bridge, and a different one. Note that normally the "ports" of a bridge don't get an IP addr of their own. – dirkt – 2016-12-06T17:16:50.543

If this doesn't work, you can still enable forwarding/routing, and not use a bridge at all. – dirkt – 2016-12-06T17:18:08.403

@dirkt Thanks for your help. I will try experimenting with it this evening and let you know how it works! – btald1331 – 2016-12-06T18:25:57.133



(picoTCP developer here)

A first (very rough) first guess : you're probably setting up the TAP device with root permissions. Are you running picoTCP as root as well? If you're not, it probably can't open the TAP because of permissions. First try running the picoTCP application under sudo.

If you don't like to run the application as root, you can use sudo tunctl -u <username> to set up a tap device that is accessible by <username>.

If that wasn't the cause, some more info might be necessary : is any of the tools printing some errors or warnings? What exactly do you mean "none of these solutions worked for us" - is one of the commands (or the picoTCP app) reporting an error, stopping or crashing, or is everything running, but you just can't ping the devices? Can you take a wireshark dump at the tap device, so we can see what's coming and going? Can you show us the output of ifconfig -a when you have everything set up? And maybe the output of brctl show as well. (sorry it's such a long list of questions, it's just that there are lots of little things that could go wrong.)

Also, we have some new example code in our development branch on the ( which you can have a look at. It also works with tap devices (though not with bridging). It's supposed to get pushed to master at our next release, which has been taking forever. If that example works (without the bridging), maybe you can try modifying the IP address in the code example to match your local network, then setting up the bridge again, and you should be able to ping it.


Posted 2016-12-06T15:27:14.983

Reputation: 11