> On Jul 2, 2025, at 15:05, Michael van Elst <mlel...@serpens.de> wrote: > > On Wed, Jul 02, 2025 at 10:31:32PM +0200, Rhialto wrote: >> On Wed 02 Jul 2025 at 20:09:08 -0000, Michael van Elst wrote: >>> You can also configure a vether interface and add that. This >>> creates a more isolated guest network together with the host. >>> This can then be routed to the host network (with or without NAT). >> >> The vether(4) manual page is totally insufficient for knowing why I >> would use vether rather than tap; what the differences and similarities >> are. It doesn't even say how to get packets into or out of it as a >> userland program. > > So, for reading/writing packets, use tap and for a private interface > use vether.
I’m not sure if this was part of the question, but vether is a cloneable device, just like tap and bridge. Thus, create one with ifconfig vetherX create. That is the significance of the reference to ifconfig(8) in vether(4). Admittedly, that’s not obvious unless you run ifconfig -C and see it in the list. Cheers, Brook
