Netifd inside docker


I'm trying to run OpenWRT inside docker for implementing a VPN server.

To be able to configure the firewall, netifd needs to be running, and a proper lan device needs to be configured in /etc/config/network. However, that leads to netifd brining the interface down and then up again, which makes it lose its docker assigned ip number, as well as remove the docker provided default route.

I'd like to not have to hardcode these, as that makes deploying multiple containers of the same image hard.

Is there a way to configure a "fake" interface definition that makes the firewall happy, but makes netifd not touch the interface, or routes related to it?

I have been trying to read the source code of netifd, but can't figure out a way from that...

Thanks in advance,
Egil Möller

You can use the uci firewall (fw3) without netifd, you just need to replace the logical option network references in the zone declarations with option device ones which point to real netdevs (e.g. option device eth0).

This is no solution to your actual problem but might be a viable workaround.

Fantastic, that seems to work! Thank you! But it is a bit of a cludge...

Just saw your name in the netifd sourcecode, so I guess I could ask you this:

Is it netifd that brings up/down the device itself, or the protocol handler? Or is the protocol just run once the device is "up"? It sure seems like netifd itself. On what kind of events does it do that?

It is netifd, it has some generic interface teardown code which strips all addresses etc. from an iface.

Do you think it would be viable for me to try to patch ifd so that this behavior can be disabled on a per-interface basis in the config? Would such a patch be accepted? And where in the code should I start looking?