From: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH container v2] better parsing for lxc networking mtu setting
Date: Thu, 3 Nov 2022 16:38:10 +0100 [thread overview]
Message-ID: <20221103153810.690086-3-d.tschlatscher@proxmox.com> (raw)
In-Reply-To: <20221103153810.690086-1-d.tschlatscher@proxmox.com>
This patch reworks some mtu settings for LXC containers in the backend
Namely, introducing an absolute maximum for the MTU field of 65535 and
asserting that the MTU setting isn't bigger than the bridge's MTU size
Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
---
Changes from v1:
* New patch
The functionality of checking whether the config option for 'mtu' is
valid is implemented somewhat redundant here. This is due to
'update_lxc_config' handling the VM start check and 'update_pct_config'
handling the general configuration check.
As far as I can tell, there is no location in the code, that could
handle both cases centrally and elegantly (at least not without major
restructuring, which seem very overkill for this feature)
Of course, open for suggestions though
src/PVE/LXC.pm | 10 +++++++++-
src/PVE/LXC/Config.pm | 9 +++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 333286a..ac45fc6 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -730,7 +730,15 @@ sub update_lxc_config {
$raw .= "lxc.net.$ind.veth.pair = veth${vmid}i${ind}\n";
$raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
$raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
- $raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+ # Keep container from starting with invalid mtu configuration
+ if (my $mtu = $d->{mtu}) {
+ my $bridge_mtu = PVE::Network::read_bridge_mtu($d->{bridge});
+ die "$k: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+ if ($mtu > $bridge_mtu);
+
+ $raw .= "lxc.net.$ind.mtu = $mtu\n";
+ }
# Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
if ($lxc_major >= 4) {
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index d1fdd50..4bb27ff 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -755,6 +755,7 @@ our $netconf_desc = {
type => 'integer',
description => 'Maximum transfer unit of the interface. (lxc.network.mtu)',
minimum => 64, # minimum ethernet frame is 64 bytes
+ maximum => 65535,
optional => 1,
},
ip => {
@@ -1110,6 +1111,14 @@ sub update_pct_config {
$value = PVE::LXC::verify_searchdomain_list($value);
} elsif ($opt eq 'unprivileged') {
die "unable to modify read-only option: '$opt'\n";
+ } elsif ($opt =~ m/^net(\d+)$/) {
+ my $res = PVE::JSONSchema::parse_property_string($netconf_desc, $value);
+
+ if (my $mtu = $res->{mtu}) {
+ my $bridge_mtu = PVE::Network::read_bridge_mtu($res->{bridge});
+ die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+ if ($mtu > $bridge_mtu);
+ }
}
$conf->{pending}->{$opt} = $value;
$class->remove_from_pending_delete($conf, $opt);
--
2.30.2
next prev parent reply other threads:[~2022-11-03 15:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-03 15:38 [pve-devel] [PATCH manager v2 1/2] fix #3719: gui: expose LXC MTU option in web UI Daniel Tschlatscher
2022-11-03 15:38 ` [pve-devel] [PATCH manager v2 2/2] gui: move rate limit field to advanced section Daniel Tschlatscher
2022-11-03 15:38 ` Daniel Tschlatscher [this message]
2022-11-11 11:14 ` [pve-devel] [PATCH manager v2 1/2] fix #3719: gui: expose LXC MTU option in web UI Stefan Hanreich
2022-11-16 19:11 ` [pve-devel] applied: " Thomas Lamprecht
2022-11-17 12:52 ` Wolfgang Bumiller
2022-11-17 13:13 ` DERUMIER, Alexandre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221103153810.690086-3-d.tschlatscher@proxmox.com \
--to=d.tschlatscher@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox