I'm trying to run OpenWRT inside docker for implementing a VPN server.
To be able to configure the firewall, netifd needs to be running, and a proper lan device needs to be configured in /etc/config/network. However, that leads to netifd brining the interface down and then up again, which makes it lose its docker assigned ip number, as well as remove the docker provided default route.
I'd like to not have to hardcode these, as that makes deploying multiple containers of the same image hard.
Is there a way to configure a "fake" interface definition that makes the firewall happy, but makes netifd not touch the interface, or routes related to it?
I have been trying to read the source code of netifd, but can't figure out a way from that...
You can use the uci firewall (fw3) without netifd, you just need to replace the logical option network references in the zone declarations with option device ones which point to real netdevs (e.g. option device eth0).
This is no solution to your actual problem but might be a viable workaround.
Just saw your name in the netifd sourcecode, so I guess I could ask you this:
Is it netifd that brings up/down the device itself, or the protocol handler? Or is the protocol just run once the device is "up"? It sure seems like netifd itself. On what kind of events does it do that?
Do you think it would be viable for me to try to patch ifd so that this behavior can be disabled on a per-interface basis in the config? Would such a patch be accepted? And where in the code should I start looking?