$raw .= "lxc.net.$ind.veth.pair = veth${vmid}i${ind}\n";
$raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
$raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
- $raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+ # Keep container from starting with invalid mtu configuration
+ if (my $mtu = $d->{mtu}) {
+ my $bridge_mtu = PVE::Network::read_bridge_mtu($d->{bridge});
+ die "$k: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+ if ($mtu > $bridge_mtu);
+
+ $raw .= "lxc.net.$ind.mtu = $mtu\n";
+ }
# Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
if ($lxc_major >= 4) {
type => 'integer',
description => 'Maximum transfer unit of the interface. (lxc.network.mtu)',
minimum => 64, # minimum ethernet frame is 64 bytes
+ maximum => 65535,
optional => 1,
},
ip => {
$value = PVE::LXC::verify_searchdomain_list($value);
} elsif ($opt eq 'unprivileged') {
die "unable to modify read-only option: '$opt'\n";
+ } elsif ($opt =~ m/^net(\d+)$/) {
+ my $res = PVE::JSONSchema::parse_property_string($netconf_desc, $value);
+
+ if (my $mtu = $res->{mtu}) {
+ my $bridge_mtu = PVE::Network::read_bridge_mtu($res->{bridge});
+ die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+ if ($mtu > $bridge_mtu);
+ }
}
$conf->{pending}->{$opt} = $value;
$class->remove_from_pending_delete($conf, $opt);