11 files changed, 89 insertions, 9 deletions
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index c9a3c5e94..09dd74e20 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -817,6 +817,7 @@ func AutocompleteNetworkFlag(cmd *cobra.Command, args []string, toComplete strin
 				"allow_host_loopback=": getBoolCompletion,
 				"cidr=":                nil,
 				"enable_ipv6=":         getBoolCompletion,
+				"mtu=":                 nil,
 				"outbound_addr=":       nil,
 				"outbound_addr6=":      nil,
 				"port_handler=": func(_ string) ([]string, cobra.ShellCompDirective) {
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index b3ac8b6ee..1d72db065 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -638,6 +638,7 @@ Valid _mode_ values are:
 - **private**: create a new namespace for the container (default)
 - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
   - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
   - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
   - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
   - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index e606c456f..0838dd546 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -674,6 +674,7 @@ Valid _mode_ values are:
 - **private**: create a new namespace for the container (default)
 - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
   - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+  - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
   - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
   - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
   - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md
index cb73fc519..ea5990833 100644
--- a/docs/tutorials/rootless_tutorial.md
+++ b/docs/tutorials/rootless_tutorial.md
@@ -184,7 +184,7 @@ total 0
 
 We do recognize that this doesn't really match how many people intend to use rootless Podman - they want their UID inside and outside the container to match. Thus, we provide the `--userns=keep-id` flag, which ensures that your user is mapped to its own UID and GID inside the container.
 
-It is also helpful to distinguish between running Podman as a rootless user, and a container which is built to run rootless. If the container you're trying you run has a `USER` which is not root, then when mounting volumes you **must** use `--userns=keep-id`. This is because the container user would not be able to become `root` and access the mounted volumes.
+It is also helpful to distinguish between running Podman as a rootless user, and a container which is built to run rootless. If the container you're trying to run has a `USER` which is not root, then when mounting volumes you **must** use `--userns=keep-id`. This is because the container user would not be able to become `root` and access the mounted volumes.
 
 Other considerations in regards to volumes:
 
diff --git a/libpod/network/config.go b/libpod/network/config.go
index ce351129e..294e23509 100644
--- a/libpod/network/config.go
+++ b/libpod/network/config.go
@@ -103,7 +103,9 @@ func (p PortMapConfig) Bytes() ([]byte, error) {
 
 // IPAMDHCP describes the ipamdhcp config
 type IPAMDHCP struct {
-	DHCP string `json:"type"`
+	DHCP   string                     `json:"type"`
+	Routes []IPAMRoute                `json:"routes,omitempty"`
+	Ranges [][]IPAMLocalHostRangeConf `json:"ranges,omitempty"`
 }
 
 // MacVLANConfig describes the macvlan config
@@ -111,6 +113,7 @@ type MacVLANConfig struct {
 	PluginType string   `json:"type"`
 	Master     string   `json:"master"`
 	IPAM       IPAMDHCP `json:"ipam"`
+	MTU        int      `json:"mtu,omitempty"`
 }
 
 // Bytes outputs the configuration as []byte
diff --git a/libpod/network/create.go b/libpod/network/create.go
index 88310a79c..deacf487a 100644
--- a/libpod/network/create.go
+++ b/libpod/network/create.go
@@ -249,6 +249,7 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
 
 func createMacVLAN(name string, options entities.NetworkCreateOptions, runtimeConfig *config.Config) (string, error) {
 	var (
+		mtu     int
 		plugins []CNIPlugins
 	)
 	liveNetNames, err := GetLiveNetworkNames()
@@ -283,7 +284,19 @@ func createMacVLAN(name string, options entities.NetworkCreateOptions, runtimeCo
 		}
 	}
 	ncList := NewNcList(name, version.Current(), options.Labels)
-	macvlan := NewMacVLANPlugin(parentNetworkDevice)
+	if val, ok := options.Options["mtu"]; ok {
+		intVal, err := strconv.Atoi(val)
+		if err != nil {
+			return "", err
+		}
+		if intVal > 0 {
+			mtu = intVal
+		}
+	}
+	macvlan, err := NewMacVLANPlugin(parentNetworkDevice, options.Gateway, &options.Range, &options.Subnet, mtu)
+	if err != nil {
+		return "", err
+	}
 	plugins = append(plugins, macvlan)
 	ncList["plugins"] = plugins
 	b, err := json.MarshalIndent(ncList, "", "   ")
diff --git a/libpod/network/netconflist.go b/libpod/network/netconflist.go
index ca6a4a70b..9be98e78f 100644
--- a/libpod/network/netconflist.go
+++ b/libpod/network/netconflist.go
@@ -172,19 +172,31 @@ func HasDNSNamePlugin(paths []string) bool {
 }
 
 // NewMacVLANPlugin creates a macvlanconfig with a given device name
-func NewMacVLANPlugin(device string) MacVLANConfig {
+func NewMacVLANPlugin(device string, gateway net.IP, ipRange *net.IPNet, subnet *net.IPNet, mtu int) (MacVLANConfig, error) {
 	i := IPAMDHCP{DHCP: "dhcp"}
+	if gateway != nil || ipRange != nil || subnet != nil {
+		ipam, err := NewIPAMLocalHostRange(subnet, ipRange, gateway)
+		if err != nil {
+			return MacVLANConfig{}, err
+		}
+		ranges := make([][]IPAMLocalHostRangeConf, 0)
+		ranges = append(ranges, ipam)
+		i.Ranges = ranges
+	}
 
 	m := MacVLANConfig{
 		PluginType: "macvlan",
 		IPAM:       i,
 	}
+	if mtu > 0 {
+		m.MTU = mtu
+	}
 	// CNI is supposed to use the default route if a
 	// parent device is not provided
 	if len(device) > 0 {
 		m.Master = device
 	}
-	return m
+	return m, nil
 }
 
 // IfPassesFilter filters NetworkListReport and returns true if the filter match the given config
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 737dbf935..01e4102d1 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -15,6 +15,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"sort"
+	"strconv"
 	"strings"
 	"syscall"
 	"time"
@@ -42,6 +43,9 @@ const (
 
 	// slirp4netnsDNS is the IP for the built-in DNS server in the slirp network
 	slirp4netnsDNS = "10.0.2.3"
+
+	// slirp4netnsMTU the default MTU override
+	slirp4netnsMTU = 65520
 )
 
 // Get an OCICNI network config
@@ -282,6 +286,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	enableIPv6 := false
 	outboundAddr := ""
 	outboundAddr6 := ""
+	mtu := slirp4netnsMTU
 
 	if ctr.config.NetworkOptions != nil {
 		slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...)
@@ -345,6 +350,11 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 				}
 			}
 			outboundAddr6 = value
+		case "mtu":
+			mtu, err = strconv.Atoi(value)
+			if mtu < 68 || err != nil {
+				return errors.Errorf("invalid mtu %q", value)
+			}
 		default:
 			return errors.Errorf("unknown option for slirp4netns: %q", o)
 		}
@@ -358,8 +368,8 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	if disableHostLoopback && slirpFeatures.HasDisableHostLoopback {
 		cmdArgs = append(cmdArgs, "--disable-host-loopback")
 	}
-	if slirpFeatures.HasMTU {
-		cmdArgs = append(cmdArgs, "--mtu", "65520")
+	if mtu > -1 && slirpFeatures.HasMTU {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--mtu=%d", mtu))
 	}
 	if !noPivotRoot && slirpFeatures.HasEnableSandbox {
 		cmdArgs = append(cmdArgs, "--enable-sandbox")
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index 124ee7e29..c6010ba43 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -487,7 +487,6 @@ var _ = Describe("Podman network", func() {
 		inspect := podmanTest.Podman([]string{"network", "inspect", net})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect.ExitCode()).To(BeZero())
-		fmt.Println(inspect.OutputToString())
 
 		out, err := inspect.jq(".[0].plugins[0].master")
 		Expect(err).To(BeNil())
@@ -513,4 +512,32 @@ var _ = Describe("Podman network", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(1))
 	})
+
+	It("podman network create macvlan with network info and options", func() {
+		net := "macvlan" + stringid.GenerateNonCryptoID()
+		nc := podmanTest.Podman([]string{"network", "create", "-d", "macvlan", "-o", "parent=lo", "-o", "mtu=1500", "--gateway", "192.168.1.254", "--subnet", "192.168.1.0/24", net})
+		nc.WaitWithDefaultTimeout()
+		defer podmanTest.removeCNINetwork(net)
+		Expect(nc.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"network", "inspect", net})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(BeZero())
+
+		mtu, err := inspect.jq(".[0].plugins[0].mtu")
+		Expect(err).To(BeNil())
+		Expect(mtu).To(Equal("1500"))
+
+		gw, err := inspect.jq(".[0].plugins[0].ipam.ranges[0][0].gateway")
+		Expect(err).To(BeNil())
+		Expect(gw).To(Equal("\"192.168.1.254\""))
+
+		subnet, err := inspect.jq(".[0].plugins[0].ipam.ranges[0][0].subnet")
+		Expect(err).To(BeNil())
+		Expect(subnet).To(Equal("\"192.168.1.0/24\""))
+
+		nc = podmanTest.Podman([]string{"network", "rm", net})
+		nc.WaitWithDefaultTimeout()
+		Expect(nc.ExitCode()).To(Equal(0))
+	})
 })
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index ebea2132a..676f24e5d 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -376,6 +376,13 @@ var _ = Describe("Podman run networking", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 	})
 
+	It("podman run slirp4netns network with mtu", func() {
+		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:mtu=9000", ALPINE, "ip", "addr"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("mtu 9000"))
+	})
+
 	It("podman run slirp4netns network with different cidr", func() {
 		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
 		Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
diff --git a/test/system/140-diff.bats b/test/system/140-diff.bats
index 1277f9bbe..02b3a86ca 100644
--- a/test/system/140-diff.bats
+++ b/test/system/140-diff.bats
@@ -25,7 +25,12 @@ load helpers
     )
 
     for field in ${!expect[@]}; do
-        result=$(jq -r -c ".${field}[]" <<<"$output")
+        # ARGH! The /sys/fs kludgery is for RHEL8 rootless, which mumble mumble
+        # does some sort of magic muckery with /sys - I think the relevant
+        # PR is https://github.com/containers/podman/pull/8561
+        # Anyhow, without the egrep below, this test fails about 50% of the
+        # time on rootless RHEL8. (No, I don't know why it's not 100%).
+        result=$(jq -r -c ".${field}[]" <<<"$output" | egrep -v '^/sys/fs')
         is "$result" "${expect[$field]}" "$field"
     done