]> git.proxmox.com Git - pve-container.git/commitdiff
projects / pve-container.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1eaaedf)
better parsing for lxc networking mtu setting
authorDaniel Tschlatscher <d.tschlatscher@proxmox.com>
Thu, 3 Nov 2022 15:38:10 +0000 (16:38 +0100)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Wed, 16 Nov 2022 19:00:07 +0000 (20:00 +0100)
This patch reworks some mtu settings for LXC containers in the backend
Namely, introducing an absolute maximum for the MTU field of 65535 and
asserting that the MTU setting isn't bigger than the bridge's MTU size

Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
src/PVE/LXC.pm patch | blob | blame | history
src/PVE/LXC/Config.pm patch | blob | blame | history

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 4bbd739e248ebe6f598077d5d62bb06db8c4e0d0..9bd04afaa707b839a6ec79293a8f2bfe5049764f 100644 (file)
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -729,7 +729,15 @@ sub update_lxc_config {
        $raw .= "lxc.net.$ind.veth.pair = veth${vmid}i${ind}\n";
        $raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
        $raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
-       $raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+       # Keep container from starting with invalid mtu configuration
+       if (my $mtu = $d->{mtu}) {
+           my $bridge_mtu = PVE::Network::read_bridge_mtu($d->{bridge});
+           die "$k: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+               if ($mtu > $bridge_mtu);
+
+           $raw .= "lxc.net.$ind.mtu = $mtu\n";
+       }
 
        # Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
        if ($lxc_major >= 4) {
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index b1f779bbb9f54b5e416206b3d36a95155906e53c..181e1083f8314eae31ca171119d233730f84ebad 100644 (file)
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -758,6 +758,7 @@ our $netconf_desc = {
        type => 'integer',
        description => 'Maximum transfer unit of the interface. (lxc.network.mtu)',
        minimum => 64, # minimum ethernet frame is 64 bytes
+       maximum => 65535,
        optional => 1,
     },
     ip => {
@@ -1113,6 +1114,14 @@ sub update_pct_config {
            $value = PVE::LXC::verify_searchdomain_list($value);
        } elsif ($opt eq 'unprivileged') {
            die "unable to modify read-only option: '$opt'\n";
+       } elsif ($opt =~ m/^net(\d+)$/) {
+           my $res = PVE::JSONSchema::parse_property_string($netconf_desc, $value);
+
+           if (my $mtu = $res->{mtu}) {
+               my $bridge_mtu = PVE::Network::read_bridge_mtu($res->{bridge});
+               die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+                   if ($mtu > $bridge_mtu);
+           }
        }
        $conf->{pending}->{$opt} = $value;
        $class->remove_from_pending_delete($conf, $opt);
PVE Container Toolkit