[pve-devel] [PATCH container v2] better parsing for lxc networking mtu setting

[Daniel Tschlatscher <d.tschlatscher@proxmox.com>]

This patch reworks some mtu settings for LXC containers in the backend
Namely, introducing an absolute maximum for the MTU field of 65535 and
asserting that the MTU setting isn't bigger than the bridge's MTU size

Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
---
Changes from v1:
* New patch

The functionality of checking whether the config option for 'mtu' is
valid is implemented somewhat redundant here. This is due to
'update_lxc_config' handling the VM start check and 'update_pct_config'
handling the general configuration check.
As far as I can tell, there is no location in the code, that could
handle both cases centrally and elegantly (at least not without major
restructuring, which seem very overkill for this feature)
Of course, open for suggestions though

 src/PVE/LXC.pm        | 10 +++++++++-
 src/PVE/LXC/Config.pm |  9 +++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 333286a..ac45fc6 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -730,7 +730,15 @@ sub update_lxc_config {
 	$raw .= "lxc.net.$ind.veth.pair = veth${vmid}i${ind}\n";
 	$raw .= "lxc.net.$ind.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr});
 	$raw .= "lxc.net.$ind.name = $d->{name}\n" if defined($d->{name});
-	$raw .= "lxc.net.$ind.mtu = $d->{mtu}\n" if defined($d->{mtu});
+
+	# Keep container from starting with invalid mtu configuration
+	if (my $mtu = $d->{mtu}) {
+	    my $bridge_mtu = PVE::Network::read_bridge_mtu($d->{bridge});
+	    die "$k: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+		if ($mtu > $bridge_mtu);
+
+	    $raw .= "lxc.net.$ind.mtu = $mtu\n";
+	}
 
 	# Starting with lxc 4.0, we do not patch lxc to execute our up-scripts.
 	if ($lxc_major >= 4) {
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index d1fdd50..4bb27ff 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -755,6 +755,7 @@ our $netconf_desc = {
 	type => 'integer',
 	description => 'Maximum transfer unit of the interface. (lxc.network.mtu)',
 	minimum => 64, # minimum ethernet frame is 64 bytes
+	maximum => 65535,
 	optional => 1,
     },
     ip => {
@@ -1110,6 +1111,14 @@ sub update_pct_config {
 	    $value = PVE::LXC::verify_searchdomain_list($value);
 	} elsif ($opt eq 'unprivileged') {
 	    die "unable to modify read-only option: '$opt'\n";
+	} elsif ($opt =~ m/^net(\d+)$/) {
+	    my $res = PVE::JSONSchema::parse_property_string($netconf_desc, $value);
+
+	    if (my $mtu = $res->{mtu}) {
+		my $bridge_mtu = PVE::Network::read_bridge_mtu($res->{bridge});
+		die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
+		    if ($mtu > $bridge_mtu);
+	    }
 	}
 	$conf->{pending}->{$opt} = $value;
 	$class->remove_from_pending_delete($conf, $opt);
-- 
2.30.2