I'm wondering whether instead of using a DHCP relay netfilter (be that
tc or nftables) can be used to route DHCP broadcast packets to a Docker container attached to a bridge.
The reasoning for this is that I'd like to move away from having to use a macvlan DHCP container so it can appear as if one IP (i.e. the router IP) is handling all of the network operations. DHCP containers usually require CAP_NET_ADMIN (due to DHCP requiring promiscuous mode) and I understand that without a macvlan this would give control over the host's network stack (I also userns-remap my containers).
It would be great if it were possible to modify the DHCP packets and forward them on. A relay wouldn't work here as it would still require the same macvlan approach as the DHCP container already has.
Is this something that's possible? Thanks
Asked by Synthetic Ascension
(249 rep)
Aug 19, 2023, 09:20 AM
Last activity: Nov 11, 2023, 01:00 PM
Last activity: Nov 11, 2023, 01:00 PM