Add skip_routes option

README.md

@@ -153,6 +153,7 @@ networks:
       bridge: my-bridge
       ipv6: 'true'
       ignore_conflicts: 'false'
+      skip_routes: 'false'
     ipam:
       driver: 'null'
 ```
@@ -168,8 +169,10 @@ Note:
  - If the `docker run` command times out waiting for a lease, you can try increasing the initial timeout value by
    passing `-o lease_timeout=60s` when creating the network (e.g. to increase to 60 seconds)
  - By default, a bridge can only be used for a single DHCP network. There is additionally a check to see if a bridge is
-	is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
-  conflict), pass `-o ignore_conflicts=true` when creating the network.
+	 is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
+   conflict), pass `-o ignore_conflicts=true` when creating the network.
+ - `docker-net-dhcp` will try to copy static routes from the host bridge to the container. To disable this behaviour,
+   pass `-o skip_routes=true` when creating the network.
 
 ## Debugging
 

pkg/plugin/network.go

@@ -326,7 +326,7 @@ func (p *Plugin) DeleteEndpoint(r DeleteEndpointRequest) error {
 	return nil
 }
 
-func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
+func (p *Plugin) addRoutes(opts *DHCPNetworkOptions, v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
 	family := unix.AF_INET
 	if v6 {
 		family = unix.AF_INET6
@@ -370,6 +370,11 @@ func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joi
 			continue
 		}
 
+		if opts.SkipRoutes {
+			// Don't do static routes at all
+			continue
+		}
+
 		if route.Protocol == unix.RTPROT_KERNEL ||
 			(family == unix.AF_INET && route.Dst.Contains(hint.IPv4.IP)) ||
 			(family == unix.AF_INET6 && route.Dst.Contains(hint.IPv6.IP)) {
@@ -443,11 +448,11 @@ func (p *Plugin) Join(ctx context.Context, r JoinRequest) (JoinResponse, error)
 		return res, fmt.Errorf("failed to get bridge interface: %w", err)
 	}
 
-	if err := p.addRoutes(false, bridge, r, hint, &res); err != nil {
+	if err := p.addRoutes(&opts, false, bridge, r, hint, &res); err != nil {
 		return res, err
 	}
 	if opts.IPv6 {
-		if err := p.addRoutes(true, bridge, r, hint, &res); err != nil {
+		if err := p.addRoutes(&opts, true, bridge, r, hint, &res); err != nil {
 			return res, err
 		}
 	}

pkg/plugin/plugin.go

@@ -33,6 +33,7 @@ type DHCPNetworkOptions struct {
 	IPv6            bool
 	LeaseTimeout    time.Duration `mapstructure:"lease_timeout"`
 	IgnoreConflicts bool          `mapstructure:"ignore_conflicts"`
+	SkipRoutes      bool          `mapstructure:"skip_routes"`
 }
 
 func decodeOpts(input interface{}) (DHCPNetworkOptions, error) {