fix(docker): use configured gateways for VLAN networks

elibosley · elibosley · commit f9dc3d24d553 · 2026-05-11T18:13:40.000-04:00
- Purpose: keep Docker custom networks on VLAN and secondary interfaces from losing their configured gateway during automatic network recreation.

- Before: rc.docker only read the gateway from a default route on the interface, so VLANs without an interface-specific default route created Docker networks without --gateway.

- Why that was a problem: Docker could claim the first subnet address as the macvlan/ipvlan gateway, colliding with real VLAN gateways such as 192.168.10.1 and breaking DHCP or static-IP containers.

- What the new change accomplishes: automatic Docker network creation now falls back to the configured IPv4 or IPv6 gateway stored in network.ini when no live default route exists.

- How it works: configured_gateway maps br/bond network names back to their eth network.ini section, resolves VLAN IDs to their indexed entries, and returns the matching GATEWAY or GATEWAY6 value before network create arguments are assembled.
diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
@@ -210,6 +210,39 @@ network(){
   docker network ls --filter driver="$1" --format='{{.Name}}' 2>/dev/null | grep -P "^[a-z]+$2(\$|\.)" | tr '\n' ' '
 }
 
+configured_gateway(){
+  local NETWORK=$1
+  local KEY=$2
+  local BASE=${NETWORK%%.*}
+  local VLAN=
+  local SECTION
+
+  [[ $NETWORK == *.* ]] && VLAN=${NETWORK#*.}
+  SECTION=${BASE/#br/eth}
+  SECTION=${SECTION/#bond/eth}
+
+  awk -F'[=:"]+' -v section="[$SECTION]" -v vlan="$VLAN" -v key="$KEY" '
+    $0 == section {
+      inside = 1
+      want = vlan == "" ? "0" : ""
+      next
+    }
+    /^\[/ {
+      inside = 0
+    }
+    inside && vlan != "" && $1 == "VLANID" && $3 == vlan {
+      want = $2
+    }
+    inside && want != "" && $1 == key && $2 == want {
+      value = $0
+      sub(/^[^=]+="/, "", value)
+      sub(/"$/, "", value)
+      print value
+      exit
+    }
+  ' "$INI"
+}
+
 # Is container running?
 container_running(){
   local CONTAINER
@@ -470,6 +503,7 @@ docker_network_start(){
       if [[ -n $IPV4 ]]; then
         SUBNET=$(ip -4 route show dev $NETWORK | sort | awk -v ORS=" " '$1 !~ /^default/ {print $1}' | sed 's/ $//')
         GATEWAY=$(ip -4 route show to default dev $NETWORK | awk '{print $3;exit}')
+        [[ -n $GATEWAY ]] || GATEWAY=$(configured_gateway "$NETWORK" GATEWAY)
         SERVER=${IPV4%/*}
         DHCP=${NETWORK/./_}
         DHCP=DOCKER_DHCP_${DHCP^^}
@@ -481,6 +515,7 @@ docker_network_start(){
       if [[ -n $IPV6 ]]; then
         SUBNET6=$(ip -6 route show dev $NETWORK | sort | awk -v ORS=" " '$1 !~ /^(default|fe80)/ {print $1}' | sed 's/ $//')
         GATEWAY6=$(ip -6 route show to default dev $NETWORK | awk '{print $3;exit}')
+        [[ -n $GATEWAY6 ]] || GATEWAY6=$(configured_gateway "$NETWORK" GATEWAY6)
       fi
     else
       # add user defined networks
