From bee8d6cf302d0f962fa2bc6274eb154139de6926 Mon Sep 17 00:00:00 2001
From: Bruce Ma <brucema19901024@gmail.com>
Date: Fri, 25 Oct 2019 19:59:33 +0800
Subject: [PATCH] vlan: add MTU validation in loadNetConf

Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
---
 plugins/main/vlan/vlan.go | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/plugins/main/vlan/vlan.go b/plugins/main/vlan/vlan.go
index 355d261f..8f424069 100644
--- a/plugins/main/vlan/vlan.go
+++ b/plugins/main/vlan/vlan.go
@@ -58,9 +58,27 @@ func loadConf(bytes []byte) (*NetConf, string, error) {
 	if n.VlanId < 0 || n.VlanId > 4094 {
 		return nil, "", fmt.Errorf("invalid VLAN ID %d (must be between 0 and 4095 inclusive)", n.VlanId)
 	}
+
+	// check existing and MTU of master interface
+	masterMTU, err := getMTUByName(n.Master)
+	if err != nil {
+		return nil, "", err
+	}
+	if n.MTU < 0 || n.MTU > masterMTU {
+		return nil, "", fmt.Errorf("invalid MTU %d, must be [0, master MTU(%d)]", n.MTU, masterMTU)
+	}
+
 	return n, n.CNIVersion, nil
 }
 
+func getMTUByName(ifName string) (int, error) {
+	link, err := netlink.LinkByName(ifName)
+	if err != nil {
+		return 0, err
+	}
+	return link.Attrs().MTU, nil
+}
+
 func createVlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interface, error) {
 	vlan := &current.Interface{}
 
@@ -76,10 +94,6 @@ func createVlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interfac
 		return nil, err
 	}
 
-	if conf.MTU <= 0 {
-		conf.MTU = m.Attrs().MTU
-	}
-
 	v := &netlink.Vlan{
 		LinkAttrs: netlink.LinkAttrs{
 			MTU:         conf.MTU,