From: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
Date: Thu, 3 Nov 2022 15:38:10 +0000 (+0100)
Subject: better parsing for lxc networking mtu setting
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=5fbd58cba8df1a0633f362728ddf8c1a0284fe33;p=pve-container.git

better parsing for lxc networking mtu setting

This patch reworks some mtu settings for LXC containers in the backend
Namely, introducing an absolute maximum for the MTU field of 65535 and
asserting that the MTU setting isn't bigger than the bridge's MTU size

Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
---

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 4bbd739..9bd04af 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -729,7 +729,15 @@ sub update_lxc_config {
 	$raw .= "lxc.net.$ind.veth.pair = veth${vmid}i${ind}\n";
 	$raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
 	$raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
-	$raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+	# Keep container from starting with invalid mtu configuration
+	if (my $mtu = $d->{mtu}) {
+	    my $bridge_mtu = PVE::Network::read_bridge_mtu($d->{bridge});
+	    die "$k: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+		if ($mtu > $bridge_mtu);
+
+	    $raw .= "lxc.net.$ind.mtu = $mtu\n";
+	}
 
 	# Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
 	if ($lxc_major >= 4) {
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index b1f779b..181e108 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -758,6 +758,7 @@ our $netconf_desc = {
 	type => 'integer',
 	description => 'Maximum transfer unit of the interface. (lxc.network.mtu)',
 	minimum => 64, # minimum ethernet frame is 64 bytes
+	maximum => 65535,
 	optional => 1,
     },
     ip => {
@@ -1113,6 +1114,14 @@ sub update_pct_config {
 	    $value = PVE::LXC::verify_searchdomain_list($value);
 	} elsif ($opt eq 'unprivileged') {
 	    die "unable to modify read-only option: '$opt'\n";
+	} elsif ($opt =~ m/^net(\d+)$/) {
+	    my $res = PVE::JSONSchema::parse_property_string($netconf_desc, $value);
+
+	    if (my $mtu = $res->{mtu}) {
+		my $bridge_mtu = PVE::Network::read_bridge_mtu($res->{bridge});
+		die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+		    if ($mtu > $bridge_mtu);
+	    }
 	}
 	$conf->{pending}->{$opt} = $value;
 	$class->remove_from_pending_delete($conf, $opt);