uxc: veth setup issues

[dhewg]

If I create a simple veth pair with the uxc jail settings...

config device
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'
    option ipv6 '0'

config interface 'virt0'
    option device 'vhost0'
    option proto 'dhcp'
    option jail 'alpine'
    option jail_device 'vhost'

..add virt0 to br-lan:

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'eth0'
    list ports 'virt0'

...and then create the container:

$ /etc/init.d/network restart
$ uxc create alpine

...then there's no set up veth pair on the host (while netifd is spawned in the container)

The only way I could find to get it working is call the ubus "up" function before create, using ip isn't sufficient:

$ uxc kill alpine
$ /etc/init.d/network restart
$ ubus call network.interface.virt0 up

Now I get:

netifd: Network device 'virt0' link is up
netifd: veth 'vhost0' link is up
netifd: Interface 'virt0' has link connectivity
netifd: Interface 'virt0' is setting up now

The veth pair exists, and the host netifd already set it up via dhcp.

Upon uxc create alpine the container netifd fights the host one:

netifd: virt0 (20): udhcpc: started, v1.37.0
netifd: virt0 (23837): udhcpc: SIOCGIFINDEX: No such device
netifd: virt0 (23837): udhcpc: received SIGTERM
netifd: virt0 (23837): udhcpc: unicasting a release of 192.168.0.183 to 192.168.0.1
netifd: virt0 (23837): udhcpc: sending release
netifd: virt0 (23837): udhcpc: can't bind to interface vhost0: No such device
netifd: virt0 (23837): udhcpc: bindtodevice: No such device
netifd: virt0 (23837): udhcpc: entering released state
netifd: virt0 (23837): Command failed: ubus call network.interface notify_proto { "action": 0, "link-up": false, "keep": false, "interface": "virt0" } (Permission denied)

While that doesn't seems to be a problem, now I have connectivity in both directions.

But obviously something is off. As netifd is spawned per container, I assume the intention is that's the instance supposed to set up veth. My ubus call makes it work for me, but that makes the host netifd setup the veth pair. And the fact that it doesn't come up without intervention breaks autostart upon host boot. What am I missing?

[dhewg]

Any pointers?

[dangowrt]

The intention (and working state some time ago) is to have host-netifd only care about config sections which do not have a jail option set. And have ujail generate per-container netifd configuration only including those options which do have a matching jail option. Nothing too complicated in the end, and the configuration you show there is pretty much how it is intended and more or less a copy of the example configuration I've used when I wrote this thing. Apparently something in netifd changed so that it now ignores the jail parameter. I'll try to find time to look into it.

[dhewg]

I tried a few older netifd versions. Alas, no luck, all have the same veth/uxc issue: netifd-2024.12.17~ea01ed41-r1.apk netifd-2025.05.23~7901e66c-r1.apk netifd-2025.09.12~2a85440b-r1.apk netifd-2025.10.06~64902801-r1.apk netifd-2025.10.20~777f5942-r3.apk Do I have to keep going further back? It can't be broken for ~1.5 years without anyone noticing, right?