struct Bridge {
	char *dev;		// bridge device name
	uint32_t ip;		// bridge device IP address
	uint32_t mask;		// bridge device mask
	uint32_t ipsandbox 	// sandbox interface IP address
}

net_configure_bridge(br, device) {
	br->dev  = devname;
	br->ip = extracted from kernel device - using net_get_if_addr() in network.c
	br->mask = extracted from kernel device - using net_get_if_addr() in network.c
	check available network range; /31 networks are not supported
}

net_configure_sandbox_ip(br) {
	if br->ip_snadbox
		check br->ipsandbox inside the bridge network
		arp_check(br->ipsandbox)	// send an arp req to check if anybody else is using this address
	else
		br->ipsandbox = arp_assign();
}

net_configure_veth_pair {
	create a veth pair
	place one interface end in the bridge
	place the other end in the namespace of the child process
}

net_bridge_wait_ip {
	arp_check br->ipsandbox address to come up
	wait for not more than 5 seconds
}

main() {

	foreach argv[i] {
		if --net
			br = next bridge available
			net_configure_bridge(br, device name from argv[i]);
		else if --ip
			br = last bridge configured
			br->ipsandbox = ip address extracted from argv[i]
		else if --defaultgw 
			cfg.defaultgw = ip address extracted from argv[i]
	}
		
	net_check_cfg(); // check the validity of network configuration so far

	if (any bridge configured) {
		lock /var/lock/firejail.lock file
		for each bridge
			net_configure_sandbox_ip(br)
	}
	
	clone (new network namespace if any bridge configured or --net=none)
	
	if (any bridge configured) {
		for each bridge
			net_configure_veth_pair
	}		

	notify child init is done
	
	if (any bridge configured) {
		for each bridge
			net_bridge_wait_ip
		unlock /var/lock/firejail.lock file
	}
	
	wait on child
	exit
}


******************************************************
* macvlan notes	
******************************************************
Configure a macvlan interface

# ip link add virtual0 link eth0 type macvlan mode bridge
(you can configure it with # ifconfig virtual0 192.168.1.52/24 up)

Create a new network namespace and move the interface in the new network namespace

# ip netns add dummy0
# ip link set virtual0 netns dummy0

Join the namespace and configure the interfaces

# ip netns exec dummy0 bash
# ifconfig lo up
# ifconfig virtual0 192.168.1.52/24

Investigate ipvlan interface - added to linux kernel 3.19
https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvlan.txt