Docker bridge to act as main interface for lan,static host ip, assert revert namespace of wlan0

Makefile

@@ -28,7 +28,7 @@ run:
 clean:
 	docker stop ${CONTAINER} || true
 	docker rm ${CONTAINER} || true
-	docker network rm ${LAN_NAME} ${WAN_NAME} || true
+	docker network rm ${LAN_NAME} ${WAN_NAME} ${DMZ_NET_NAME} || true
 
 install:
 	install -Dm644 openwrt.service /usr/lib/systemd/system/openwrt.service

run.sh

@@ -45,6 +45,11 @@ function _cleanup() {
 	elif [[ $LAN_PARENT =~ \. ]] ; then
 		sudo ip link del dev $LAN_PARENT
 	fi
+	echo "* Rolling back ip address for main if"
+	sudo service dhcpcd start
+	sudo dhclient -r
+	test $WIFI_ENABLED = 'false' || echo "* returning $WIFI_PHY to host"
+	test $WIFI_ENABLED = 'false' || sudo iw phy "$WIFI_PHY" set netns 1
 	echo -ne "* finished"
 }
 
@@ -66,6 +71,13 @@ function _init_network() {
 	case $LAN_DRIVER in
 		bridge)
 			LAN_ARGS=""
+			# Hopefully, this will set the linux bridge name, so we can configure it on the OS-level
+			#if [ ! -z "$BRIDGE_NAME" ]; then
+			LAN_ARGS='-o com.docker.network.bridge.name='
+			# BAD - I dont know bash!
+			LAN_ARGS+=${BRIDGE_NAME}
+			LAN_ARGS+=''
+			#fi
 		;;
 		macvlan)
 			LAN_ARGS="-o parent=$LAN_PARENT"
@@ -78,14 +90,30 @@ function _init_network() {
 			exit 1
 		;;
 	esac
+	# One could specify --gateway $LAN_GW here but that's WRONG
+	# specifying gateway will configure the address of the docker network gateway
+	# which is the host interface for the bridge (I.E. the bridge ip address and not the gateway)
+
 	docker network create --driver $LAN_DRIVER \
 		$LAN_ARGS \
+		--gateway $HOST_LAN_ADDR \
 		--subnet $LAN_SUBNET \
 		$LAN_NAME || exit 1
 
-	docker network create --driver macvlan \
-		-o parent=$WAN_PARENT \
-		$WAN_NAME || exit 1
+	if [ ! -z "$WAN_PARENT" ]; then
+		docker network create --driver macvlan \
+			-o parent=$WAN_PARENT \
+			$WAN_NAME || exit 1
+	fi
+
+	# Here host does not matter, open-wrt manages dhcp and routing
+	#--gateway $DMZ_DOCKER_ADDR \
+	if [ ! -z "$DMZ_NET_NAME" ]; then
+		docker network create --driver macvlan \
+			--subnet $DMZ_SUBNET \
+			$DMZ_NET_NAME || exit 1
+	fi
+
 }
 
 function _set_hairpin() {
@@ -114,17 +142,33 @@ function _create_or_start_container() {
 		_init_network
 		echo "* creating container $CONTAINER"
 		docker create \
-			--network $LAN_NAME \
+			--network $LAN_NAME\
+			--ip $LAN_ADDR \
 			--cap-add NET_ADMIN \
 			--cap-add NET_RAW \
 			--hostname openwrt \
 			--dns 127.0.0.1 \
-			--ip $LAN_ADDR \
 			--sysctl net.netfilter.nf_conntrack_acct=1 \
 			--sysctl net.ipv6.conf.all.disable_ipv6=0 \
 			--sysctl net.ipv6.conf.all.forwarding=1 \
 			--name $CONTAINER $IMAGE_TAG >/dev/null
-		docker network connect $WAN_NAME $CONTAINER
+
+		# TODO: figure out how to not connect the container on `create`
+		# using --network none in create causes conteiner to be configured as isolated! not what we want
+		# so meanwhile, just disconnect the deafult network; why bridge? this is what i saw autoconnecting for me
+		#docker network disconnect bridge $CONTAINER
+
+		# TODO: can we combine `connects` in a predictable ethx manner?
+
+		if [ ! -z "$WAN_PARENT" ]; then
+			docker network connect $WAN_NAME $CONTAINER
+		fi
+
+		# if [ ! -z "$DMZ_NET_NAME" ]; then
+		# 	docker network connect --ip $DMZ_ROUTER_ADDR $DMZ_NET_NAME $CONTAINER
+		# fi
+		#docker network connect --ip $LAN_ADDR $LAN_NAME --ip $DMZ_ROUTER_ADDR $DMZ_NET_NAME $CONTAINER
+		docker network connect --ip $DMZ_ROUTER_ADDR $DMZ_NET_NAME $CONTAINER
 
 		_gen_config
 		docker start $CONTAINER
@@ -170,22 +214,35 @@ function _prepare_lan() {
 		;;
 		bridge)
 			LAN_ID=$(docker network inspect $LAN_NAME -f "{{.Id}}")
-			LAN_IFACE=br-${LAN_ID:0:12}
+			#TODO: add if $BRIDGE_NAME is empty
+			# LAN_IFACE=br-${LAN_ID:0:12}
+			LAN_IFACE=$BRIDGE_NAME
 
 			# test if $LAN_PARENT is a VLAN of $WAN_PARENT, create it if it doesn't exist and add it to the bridge
 			local lan_array=(${LAN_PARENT//./ })
 			if [[ ${lan_array[0]} = $WAN_PARENT ]] && ! ip link show $LAN_PARENT >/dev/null 2>&1 ; then
 				sudo ip link add link ${lan_array[0]} name $LAN_PARENT type vlan id ${lan_array[1]}
 			fi
 			sudo ip link set $LAN_PARENT master $LAN_IFACE
+
+			# Fix: Orignal code assumed pi would fetch new ip address from the openwrt
+			# The only way it makes sense is when working with the pi as a `workstation` and not as network device.
+			# Still, this is usable on workstation scenario but the pi should just have a static ip address that is the
+			# First address of the segment (docker bride takes .1 which will become the `main` ip for the pi) 
+			echo "* Release current IF address make sure dhcpcd does not come back and screw up ips for the host"
+			sudo service dhcpcd stop
+			sudo dhclient -r
+			echo "* Removing eth0 ip address to prevent confusion with docker bridge"
+			sudo ip addr flush dev eth0
+			# In case open-wrt acts as a router, host shouldn't be routed to the internet, rather to the openwrt
+			echo "* Make sure host access to upstream router (May not apply in all usecases...)"
+			sudo ip route add default via $LAN_GW
 		;;
 		*)
 			echo "invalid network driver type, must be 'bridge' or 'macvlan'"
 			exit 1
 		;;
 	esac
-	echo "* getting address via DHCP"
-	sudo dhcpcd -q $LAN_IFACE
 }
 
 function main() {