fix(docker): apply fixed macs through network API

elibosley · elibosley · commit ba558022eeca · 2026-04-21T15:39:45.000-04:00
- Switch the Docker network restore path from endpoint driver options to the Docker network connect API when a fixed MAC is stored.
- Before, rc.docker passed com.docker.network.endpoint.macaddress through docker network connect --driver-opt.
- Docker 29.3.1 persisted that value in DriverOpts but still assigned a random endpoint MacAddress on macvlan networks.
- That meant containers could reboot with random MACs even though MyMAC was stored in the template.
- Now, fixed-MAC reconnects send EndpointConfig.MacAddress, with IPv4 and IPv6 addresses preserved through IPAMConfig, matching the working docker run endpoint form.
diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
@@ -245,8 +245,14 @@ netrestore_connect(){
   local MY_TT=$3
   local MY_MAC=$4
   local MY_IP=
-  local MY_OPTS=
+  local MY_IPV4=
+  local MY_IPV6=
   local IP=
+  local IPAM_JSON=
+  local ENDPOINT_JSON=
+  local CONNECT_JSON=
+  local CODE=
+  local BODY=
   local ENDPOINT_ID=
   local ENDPOINT_MAC=
   local OUT=
@@ -267,15 +273,16 @@ netrestore_connect(){
   for IP in ${MY_TT//;/ }; do
     [[ -n $IP ]] || continue
     if [[ $IP =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+      MY_IPV4=$IP
       MY_IP="$MY_IP --ip $IP"
     elif [[ $IP =~ : ]]; then
+      MY_IPV6=$IP
       MY_IP="$MY_IP --ip6 $IP"
     else
       log "skipping invalid stored IP for $CONTAINER on network $NETWORK: $IP"
     fi
   done
 
-  [[ -n $MY_MAC ]] && MY_OPTS="--driver-opt=com.docker.network.endpoint.macaddress=$MY_MAC"
   ENDPOINT_ID=$(docker inspect --format="{{with index .NetworkSettings.Networks \"$NETWORK\"}}{{.EndpointID}}{{end}}" "$CONTAINER" 2>/dev/null)
   if [[ -n $ENDPOINT_ID ]]; then
     [[ -n $MY_MAC ]] || return 0
@@ -288,8 +295,24 @@ netrestore_connect(){
     fi
   fi
 
+  if [[ -n $MY_MAC ]]; then
+    [[ -n $MY_IPV4 ]] && IPAM_JSON="\"IPv4Address\":\"$MY_IPV4\""
+    [[ -n $MY_IPV6 ]] && IPAM_JSON="${IPAM_JSON:+$IPAM_JSON,}\"IPv6Address\":\"$MY_IPV6\""
+    ENDPOINT_JSON="\"MacAddress\":\"$MY_MAC\""
+    [[ -n $IPAM_JSON ]] && ENDPOINT_JSON="\"IPAMConfig\":{$IPAM_JSON},$ENDPOINT_JSON"
+    CONNECT_JSON="{\"Container\":\"$CONTAINER\",\"EndpointConfig\":{$ENDPOINT_JSON}}"
+    OUT=$(curl --unix-socket /var/run/docker.sock -sS -w $'\n%{http_code}' -X POST -H "Content-Type: application/json" --data "$CONNECT_JSON" "http://localhost/networks/$NETWORK/connect" 2>&1)
+    CODE=${OUT##*$'\n'}
+    BODY=${OUT%$'\n'$CODE}
+    if [[ $CODE != 2* ]]; then
+      log "failed to connect $CONTAINER to network $NETWORK: $BODY"
+      return 1
+    fi
+    return 0
+  fi
+
   log "connecting $CONTAINER to network $NETWORK"
-  if ! OUT=$(docker network connect $MY_OPTS $MY_IP $NETWORK $CONTAINER 2>&1); then
+  if ! OUT=$(docker network connect $MY_IP $NETWORK $CONTAINER 2>&1); then
     log "failed to connect $CONTAINER to network $NETWORK: $OUT"
     return 1
   fi
