7 files changed, 82 insertions, 12 deletions
diff --git a/libpod/network/config.go b/libpod/network/config.go
index ce351129e..294e23509 100644
--- a/libpod/network/config.go
+++ b/libpod/network/config.go
@@ -103,7 +103,9 @@ func (p PortMapConfig) Bytes() ([]byte, error) {
 
 // IPAMDHCP describes the ipamdhcp config
 type IPAMDHCP struct {
-	DHCP string `json:"type"`
+	DHCP   string                     `json:"type"`
+	Routes []IPAMRoute                `json:"routes,omitempty"`
+	Ranges [][]IPAMLocalHostRangeConf `json:"ranges,omitempty"`
 }
 
 // MacVLANConfig describes the macvlan config
@@ -111,6 +113,7 @@ type MacVLANConfig struct {
 	PluginType string   `json:"type"`
 	Master     string   `json:"master"`
 	IPAM       IPAMDHCP `json:"ipam"`
+	MTU        int      `json:"mtu,omitempty"`
 }
 
 // Bytes outputs the configuration as []byte
diff --git a/libpod/network/create.go b/libpod/network/create.go
index 88310a79c..deacf487a 100644
--- a/libpod/network/create.go
+++ b/libpod/network/create.go
@@ -249,6 +249,7 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
 
 func createMacVLAN(name string, options entities.NetworkCreateOptions, runtimeConfig *config.Config) (string, error) {
 	var (
+		mtu     int
 		plugins []CNIPlugins
 	)
 	liveNetNames, err := GetLiveNetworkNames()
@@ -283,7 +284,19 @@ func createMacVLAN(name string, options entities.NetworkCreateOptions, runtimeCo
 		}
 	}
 	ncList := NewNcList(name, version.Current(), options.Labels)
-	macvlan := NewMacVLANPlugin(parentNetworkDevice)
+	if val, ok := options.Options["mtu"]; ok {
+		intVal, err := strconv.Atoi(val)
+		if err != nil {
+			return "", err
+		}
+		if intVal > 0 {
+			mtu = intVal
+		}
+	}
+	macvlan, err := NewMacVLANPlugin(parentNetworkDevice, options.Gateway, &options.Range, &options.Subnet, mtu)
+	if err != nil {
+		return "", err
+	}
 	plugins = append(plugins, macvlan)
 	ncList["plugins"] = plugins
 	b, err := json.MarshalIndent(ncList, "", "   ")
diff --git a/libpod/network/netconflist.go b/libpod/network/netconflist.go
index ca6a4a70b..9be98e78f 100644
--- a/libpod/network/netconflist.go
+++ b/libpod/network/netconflist.go
@@ -172,19 +172,31 @@ func HasDNSNamePlugin(paths []string) bool {
 }
 
 // NewMacVLANPlugin creates a macvlanconfig with a given device name
-func NewMacVLANPlugin(device string) MacVLANConfig {
+func NewMacVLANPlugin(device string, gateway net.IP, ipRange *net.IPNet, subnet *net.IPNet, mtu int) (MacVLANConfig, error) {
 	i := IPAMDHCP{DHCP: "dhcp"}
+	if gateway != nil || ipRange != nil || subnet != nil {
+		ipam, err := NewIPAMLocalHostRange(subnet, ipRange, gateway)
+		if err != nil {
+			return MacVLANConfig{}, err
+		}
+		ranges := make([][]IPAMLocalHostRangeConf, 0)
+		ranges = append(ranges, ipam)
+		i.Ranges = ranges
+	}
 
 	m := MacVLANConfig{
 		PluginType: "macvlan",
 		IPAM:       i,
 	}
+	if mtu > 0 {
+		m.MTU = mtu
+	}
 	// CNI is supposed to use the default route if a
 	// parent device is not provided
 	if len(device) > 0 {
 		m.Master = device
 	}
-	return m
+	return m, nil
 }
 
 // IfPassesFilter filters NetworkListReport and returns true if the filter match the given config
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 737dbf935..01e4102d1 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -15,6 +15,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"sort"
+	"strconv"
 	"strings"
 	"syscall"
 	"time"
@@ -42,6 +43,9 @@ const (
 
 	// slirp4netnsDNS is the IP for the built-in DNS server in the slirp network
 	slirp4netnsDNS = "10.0.2.3"
+
+	// slirp4netnsMTU the default MTU override
+	slirp4netnsMTU = 65520
 )
 
 // Get an OCICNI network config
@@ -282,6 +286,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	enableIPv6 := false
 	outboundAddr := ""
 	outboundAddr6 := ""
+	mtu := slirp4netnsMTU
 
 	if ctr.config.NetworkOptions != nil {
 		slirpOptions = append(slirpOptions, ctr.config.NetworkOptions["slirp4netns"]...)
@@ -345,6 +350,11 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 				}
 			}
 			outboundAddr6 = value
+		case "mtu":
+			mtu, err = strconv.Atoi(value)
+			if mtu < 68 || err != nil {
+				return errors.Errorf("invalid mtu %q", value)
+			}
 		default:
 			return errors.Errorf("unknown option for slirp4netns: %q", o)
 		}
@@ -358,8 +368,8 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	if disableHostLoopback && slirpFeatures.HasDisableHostLoopback {
 		cmdArgs = append(cmdArgs, "--disable-host-loopback")
 	}
-	if slirpFeatures.HasMTU {
-		cmdArgs = append(cmdArgs, "--mtu", "65520")
+	if mtu > -1 && slirpFeatures.HasMTU {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--mtu=%d", mtu))
 	}
 	if !noPivotRoot && slirpFeatures.HasEnableSandbox {
 		cmdArgs = append(cmdArgs, "--enable-sandbox")
diff --git a/libpod/options.go b/libpod/options.go
index c7bac7e1f..20f62ee37 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -2190,13 +2190,37 @@ func WithPodNetworks(networks []string) PodCreateOption {
 	}
 }
 
+// WithPodNoNetwork tells the pod to disable external networking.
+func WithPodNoNetwork() PodCreateOption {
+	return func(pod *Pod) error {
+		if pod.valid {
+			return define.ErrPodFinalized
+		}
+
+		if !pod.config.InfraContainer.HasInfraContainer {
+			return errors.Wrapf(define.ErrInvalidArg, "cannot disable pod networking as no infra container is being created")
+		}
+
+		if len(pod.config.InfraContainer.PortBindings) > 0 ||
+			pod.config.InfraContainer.StaticIP != nil ||
+			pod.config.InfraContainer.StaticMAC != nil ||
+			len(pod.config.InfraContainer.Networks) > 0 ||
+			pod.config.InfraContainer.HostNetwork {
+			return errors.Wrapf(define.ErrInvalidArg, "cannot disable pod network if network-related configuration is specified")
+		}
+
+		pod.config.InfraContainer.NoNetwork = true
+
+		return nil
+	}
+}
+
 // WithPodHostNetwork tells the pod to use the host's network namespace.
 func WithPodHostNetwork() PodCreateOption {
 	return func(pod *Pod) error {
 		if pod.valid {
 			return define.ErrPodFinalized
 		}
-
 		if !pod.config.InfraContainer.HasInfraContainer {
 			return errors.Wrapf(define.ErrInvalidArg, "cannot configure pod host networking as no infra container is being created")
 		}
@@ -2204,7 +2228,8 @@ func WithPodHostNetwork() PodCreateOption {
 		if len(pod.config.InfraContainer.PortBindings) > 0 ||
 			pod.config.InfraContainer.StaticIP != nil ||
 			pod.config.InfraContainer.StaticMAC != nil ||
-			len(pod.config.InfraContainer.Networks) > 0 {
+			len(pod.config.InfraContainer.Networks) > 0 ||
+			pod.config.InfraContainer.NoNetwork {
 			return errors.Wrapf(define.ErrInvalidArg, "cannot set host network if network-related configuration is specified")
 		}
 
diff --git a/libpod/pod.go b/libpod/pod.go
index c8f62ca18..784c2cf5e 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -93,6 +93,7 @@ type podState struct {
 type InfraContainerConfig struct {
 	ConmonPidFile      string               `json:"conmonPidFile"`
 	HasInfraContainer  bool                 `json:"makeInfraContainer"`
+	NoNetwork          bool                 `json:"noNetwork,omitempty"`
 	HostNetwork        bool                 `json:"infraHostNetwork,omitempty"`
 	PortBindings       []ocicni.PortMapping `json:"infraPortBindings"`
 	StaticIP           net.IP               `json:"staticIP,omitempty"`
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index dd957527d..564851f4e 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -94,8 +94,16 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 			}
 		}
 
-		// Since user namespace sharing is not implemented, we only need to check if it's rootless
-		if !p.config.InfraContainer.HostNetwork {
+		switch {
+		case p.config.InfraContainer.HostNetwork:
+			if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil {
+				return nil, errors.Wrapf(err, "error removing network namespace from pod %s infra container", p.ID())
+			}
+		case p.config.InfraContainer.NoNetwork:
+			// Do nothing - we have a network namespace by default,
+			// but should not configure slirp.
+		default:
+			// Since user namespace sharing is not implemented, we only need to check if it's rootless
 			netmode := "bridge"
 			if isRootless || p.config.InfraContainer.Slirp4netns {
 				netmode = "slirp4netns"
@@ -106,8 +114,6 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 			// PostConfigureNetNS should not be set since user namespace sharing is not implemented
 			// and rootless networking no longer supports post configuration setup
 			options = append(options, WithNetNS(p.config.InfraContainer.PortBindings, false, netmode, p.config.InfraContainer.Networks))
-		} else if err := g.RemoveLinuxNamespace(string(spec.NetworkNamespace)); err != nil {
-			return nil, errors.Wrapf(err, "error removing network namespace from pod %s infra container", p.ID())
 		}
 
 		// For each option in InfraContainerConfig - if set, pass into