Add mtu option for network attachments (#1267)

realrajaryan · web-flow · commit e0bedba81cdd · 2026-03-03T17:57:16.000-08:00
diff --git a/Sources/ContainerResource/Network/Attachment.swift b/Sources/ContainerResource/Network/Attachment.swift
@@ -31,20 +31,24 @@ public struct Attachment: Codable, Sendable {
     public let ipv6Address: CIDRv6?
     /// The MAC address associated with the attachment (optional).
     public let macAddress: MACAddress?
+    /// The MTU for the network interface.
+    public let mtu: UInt32?
 
     public init(
         network: String,
         hostname: String,
         ipv4Address: CIDRv4,
         ipv4Gateway: IPv4Address,
         ipv6Address: CIDRv6?,
-        macAddress: MACAddress?
+        macAddress: MACAddress?,
+        mtu: UInt32? = nil
     ) {
         self.network = network
         self.hostname = hostname
         self.ipv4Address = ipv4Address
         self.ipv4Gateway = ipv4Gateway
         self.ipv6Address = ipv6Address
         self.macAddress = macAddress
+        self.mtu = mtu
     }
 }
diff --git a/Sources/ContainerResource/Network/AttachmentConfiguration.swift b/Sources/ContainerResource/Network/AttachmentConfiguration.swift
@@ -38,8 +38,12 @@ public struct AttachmentOptions: Codable, Sendable {
     /// The MAC address associated with the attachment (optional).
     public let macAddress: MACAddress?
 
-    public init(hostname: String, macAddress: MACAddress? = nil) {
+    /// The MTU for the network interface.
+    public let mtu: UInt32?
+
+    public init(hostname: String, macAddress: MACAddress? = nil, mtu: UInt32? = nil) {
         self.hostname = hostname
         self.macAddress = macAddress
+        self.mtu = mtu
     }
 }
diff --git a/Sources/Helpers/RuntimeLinux/IsolatedInterfaceStrategy.swift b/Sources/Helpers/RuntimeLinux/IsolatedInterfaceStrategy.swift
@@ -30,7 +30,7 @@ struct IsolatedInterfaceStrategy: InterfaceStrategy {
             ipv4Gateway: ipv4Gateway,
             macAddress: attachment.macAddress,
             // https://github.com/apple/containerization/pull/38
-            mtu: 1280
+            mtu: attachment.mtu ?? 1280
         )
     }
 }
diff --git a/Sources/Helpers/RuntimeLinux/NonisolatedInterfaceStrategy.swift b/Sources/Helpers/RuntimeLinux/NonisolatedInterfaceStrategy.swift
@@ -50,7 +50,7 @@ struct NonisolatedInterfaceStrategy: InterfaceStrategy {
             reference: networkRef,
             macAddress: attachment.macAddress,
             // https://github.com/apple/containerization/pull/38
-            mtu: 1280
+            mtu: attachment.mtu ?? 1280
         )
     }
 }
diff --git a/Sources/Services/ContainerAPIService/Client/Flags.swift b/Sources/Services/ContainerAPIService/Client/Flags.swift
@@ -268,7 +268,7 @@ public struct Flags {
         @Option(name: .long, help: "Use the specified name as the container ID")
         public var name: String?
 
-        @Option(name: [.customLong("network")], help: "Attach the container to a network (format: <name>[,mac=XX:XX:XX:XX:XX:XX])")
+        @Option(name: [.customLong("network")], help: "Attach the container to a network (format: <name>[,mac=XX:XX:XX:XX:XX:XX][,mtu=VALUE])")
         public var networks: [String] = []
 
         @Flag(name: [.customLong("no-dns")], help: "Do not configure DNS in the container")
diff --git a/Sources/Services/ContainerAPIService/Client/Parser.swift b/Sources/Services/ContainerAPIService/Client/Parser.swift
@@ -795,16 +795,18 @@ public struct Parser {
     public struct ParsedNetwork {
         public let name: String
         public let macAddress: String?
+        public let mtu: UInt32?
 
-        public init(name: String, macAddress: String? = nil) {
+        public init(name: String, macAddress: String? = nil, mtu: UInt32? = nil) {
             self.name = name
             self.macAddress = macAddress
+            self.mtu = mtu
         }
     }
 
     /// Parse network attachment with optional properties
-    /// Format: network_name[,mac=XX:XX:XX:XX:XX:XX]
-    /// Example: "backend,mac=02:42:ac:11:00:02"
+    /// Format: network_name[,mac=XX:XX:XX:XX:XX:XX][,mtu=VALUE]
+    /// Example: "backend,mac=02:42:ac:11:00:02,mtu=1500"
     public static func network(_ networkSpec: String) throws -> ParsedNetwork {
         guard !networkSpec.isEmpty else {
             throw ContainerizationError(.invalidArgument, message: "network specification cannot be empty")
@@ -822,6 +824,7 @@ public struct Parser {
         }
 
         var macAddress: String?
+        var mtu: UInt32?
 
         // Parse properties if any
         for part in parts.dropFirst() {
@@ -848,15 +851,23 @@ public struct Parser {
                     )
                 }
                 macAddress = value
+            case "mtu":
+                guard let mtuValue = UInt32(value), mtuValue >= 1280, mtuValue <= 65535 else {
+                    throw ContainerizationError(
+                        .invalidArgument,
+                        message: "invalid mtu value '\(value)': must be between 1280 and 65535"
+                    )
+                }
+                mtu = mtuValue
             default:
                 throw ContainerizationError(
                     .invalidArgument,
-                    message: "unknown network property '\(key)'. Available properties: mac"
+                    message: "unknown network property '\(key)'. Available properties: mac, mtu"
                 )
             }
         }
 
-        return ParsedNetwork(name: networkName, macAddress: macAddress)
+        return ParsedNetwork(name: networkName, macAddress: macAddress, mtu: mtu)
     }
 
     // MARK: DNS
diff --git a/Sources/Services/ContainerAPIService/Client/Utility.swift b/Sources/Services/ContainerAPIService/Client/Utility.swift
@@ -297,15 +297,16 @@ public struct Utility {
             // attach the first network using the fqdn, and the rest using just the container ID
             return try networks.enumerated().map { item in
                 let macAddress = try item.element.macAddress.map { try MACAddress($0) }
+                let mtu = item.element.mtu ?? 1280
                 guard item.offset == 0 else {
                     return AttachmentConfiguration(
                         network: item.element.name,
-                        options: AttachmentOptions(hostname: containerId, macAddress: macAddress)
+                        options: AttachmentOptions(hostname: containerId, macAddress: macAddress, mtu: mtu)
                     )
                 }
                 return AttachmentConfiguration(
                     network: item.element.name,
-                    options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: macAddress)
+                    options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: macAddress, mtu: mtu)
                 )
             }
         }
@@ -314,7 +315,7 @@ public struct Utility {
         guard let builtinNetworkId else {
             throw ContainerizationError(.invalidState, message: "builtin network is not present")
         }
-        return [AttachmentConfiguration(network: builtinNetworkId, options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: nil))]
+        return [AttachmentConfiguration(network: builtinNetworkId, options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: nil, mtu: 1280))]
     }
 
     private static func getKernel(management: Flags.Management) async throws -> Kernel {
diff --git a/Sources/Services/ContainerAPIService/Server/Containers/ContainersService.swift b/Sources/Services/ContainerAPIService/Server/Containers/ContainersService.swift
@@ -417,9 +417,26 @@ public actor ContainersService {
                         hostname: n.options.hostname,
                         macAddress: n.options.macAddress
                     )
-                    guard let allocatedAttach = allocatedAttach else {
+                    guard var allocatedAttach = allocatedAttach else {
                         throw ContainerizationError(.internalError, message: "failed to allocate a network")
                     }
+
+                    if let mtu = n.options.mtu {
+                        let a = allocatedAttach.attachment
+                        allocatedAttach = AllocatedAttachment(
+                            attachment: Attachment(
+                                network: a.network,
+                                hostname: a.hostname,
+                                ipv4Address: a.ipv4Address,
+                                ipv4Gateway: a.ipv4Gateway,
+                                ipv6Address: a.ipv6Address,
+                                macAddress: a.macAddress,
+                                mtu: mtu
+                            ),
+                            additionalData: allocatedAttach.additionalData,
+                            pluginInfo: allocatedAttach.pluginInfo
+                        )
+                    }
                     allocatedAttachments.append(allocatedAttach)
                 }
 
diff --git a/Tests/CLITests/Subcommands/Networks/TestCLINetwork.swift b/Tests/CLITests/Subcommands/Networks/TestCLINetwork.swift
@@ -191,6 +191,19 @@ class TestCLINetwork: CLITest {
         }
     }
 
+    @Test func testNetworkMTU() async throws {
+        let name = getLowercasedTestName()
+        try? doStop(name: name)
+        try? doRemove(name: name)
+
+        try doLongRun(name: name, args: ["--network", "default,mtu=1500"])
+        defer { try? doStop(name: name) }
+
+        try waitForContainerRunning(name)
+        let output = try doExec(name: name, cmd: ["ip", "link", "show", "eth0"])
+        #expect(output.contains("mtu 1500"), "expected mtu 1500 in ip link output: \(output)")
+    }
+
     @available(macOS 26, *)
     @Test func testIsolatedNetwork() async throws {
         do {

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,12 @@ public struct AttachmentOptions: Codable, Sendable {`
`38`	`38`	`/// The MAC address associated with the attachment (optional).`
`39`	`39`	`public let macAddress: MACAddress?`
`40`	`40`
`41`		`- public init(hostname: String, macAddress: MACAddress? = nil) {`
	`41`	`+ /// The MTU for the network interface.`
	`42`	`+ public let mtu: UInt32?`
	`43`	`+`
	`44`	`+ public init(hostname: String, macAddress: MACAddress? = nil, mtu: UInt32? = nil) {`
`42`	`45`	`self.hostname = hostname`
`43`	`46`	`self.macAddress = macAddress`
	`47`	`+ self.mtu = mtu`
`44`	`48`	`}`
`45`	`49`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ struct IsolatedInterfaceStrategy: InterfaceStrategy {`
`30`	`30`	`ipv4Gateway: ipv4Gateway,`
`31`	`31`	`macAddress: attachment.macAddress,`
`32`	`32`	`// https://github.com/apple/containerization/pull/38`
`33`		`- mtu: 1280`
	`33`	`+ mtu: attachment.mtu ?? 1280`
`34`	`34`	`)`
`35`	`35`	`}`
`36`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ struct NonisolatedInterfaceStrategy: InterfaceStrategy {`
`50`	`50`	`reference: networkRef,`
`51`	`51`	`macAddress: attachment.macAddress,`
`52`	`52`	`// https://github.com/apple/containerization/pull/38`
`53`		`- mtu: 1280`
	`53`	`+ mtu: attachment.mtu ?? 1280`
`54`	`54`	`)`
`55`	`55`	`}`
`56`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -795,16 +795,18 @@ public struct Parser {`
`795`	`795`	`public struct ParsedNetwork {`
`796`	`796`	`public let name: String`
`797`	`797`	`public let macAddress: String?`
	`798`	`+ public let mtu: UInt32?`
`798`	`799`
`799`		`- public init(name: String, macAddress: String? = nil) {`
	`800`	`+ public init(name: String, macAddress: String? = nil, mtu: UInt32? = nil) {`
`800`	`801`	`self.name = name`
`801`	`802`	`self.macAddress = macAddress`
	`803`	`+ self.mtu = mtu`
`802`	`804`	`}`
`803`	`805`	`}`
`804`	`806`
`805`	`807`	`/// Parse network attachment with optional properties`
`806`		`- /// Format: network_name[,mac=XX:XX:XX:XX:XX:XX]`
`807`		`- /// Example: "backend,mac=02:42:ac:11:00:02"`
	`808`	`+ /// Format: network_name[,mac=XX:XX:XX:XX:XX:XX][,mtu=VALUE]`
	`809`	`+ /// Example: "backend,mac=02:42:ac:11:00:02,mtu=1500"`
`808`	`810`	`public static func network(_ networkSpec: String) throws -> ParsedNetwork {`
`809`	`811`	`guard !networkSpec.isEmpty else {`
`810`	`812`	`throw ContainerizationError(.invalidArgument, message: "network specification cannot be empty")`
`@@ -822,6 +824,7 @@ public struct Parser {`
`822`	`824`	`}`
`823`	`825`
`824`	`826`	`var macAddress: String?`
	`827`	`+ var mtu: UInt32?`
`825`	`828`
`826`	`829`	`// Parse properties if any`
`827`	`830`	`for part in parts.dropFirst() {`
`@@ -848,15 +851,23 @@ public struct Parser {`
`848`	`851`	`)`
`849`	`852`	`}`
`850`	`853`	`macAddress = value`
	`854`	`+ case "mtu":`
	`855`	`+ guard let mtuValue = UInt32(value), mtuValue >= 1280, mtuValue <= 65535 else {`
	`856`	`+ throw ContainerizationError(`
	`857`	`+ .invalidArgument,`
	`858`	`+ message: "invalid mtu value '\(value)': must be between 1280 and 65535"`
	`859`	`+ )`
	`860`	`+ }`
	`861`	`+ mtu = mtuValue`
`851`	`862`	`default:`
`852`	`863`	`throw ContainerizationError(`
`853`	`864`	`.invalidArgument,`
`854`		`- message: "unknown network property '\(key)'. Available properties: mac"`
	`865`	`+ message: "unknown network property '\(key)'. Available properties: mac, mtu"`
`855`	`866`	`)`
`856`	`867`	`}`
`857`	`868`	`}`
`858`	`869`
`859`		`- return ParsedNetwork(name: networkName, macAddress: macAddress)`
	`870`	`+ return ParsedNetwork(name: networkName, macAddress: macAddress, mtu: mtu)`
`860`	`871`	`}`
`861`	`872`
`862`	`873`	`// MARK: DNS`
Original file line number	Diff line number	Diff line change
`@@ -297,15 +297,16 @@ public struct Utility {`
`297`	`297`	`// attach the first network using the fqdn, and the rest using just the container ID`
`298`	`298`	`return try networks.enumerated().map { item in`
`299`	`299`	`let macAddress = try item.element.macAddress.map { try MACAddress($0) }`
	`300`	`+ let mtu = item.element.mtu ?? 1280`
`300`	`301`	`guard item.offset == 0 else {`
`301`	`302`	`return AttachmentConfiguration(`
`302`	`303`	`network: item.element.name,`
`303`		`- options: AttachmentOptions(hostname: containerId, macAddress: macAddress)`
	`304`	`+ options: AttachmentOptions(hostname: containerId, macAddress: macAddress, mtu: mtu)`
`304`	`305`	`)`
`305`	`306`	`}`
`306`	`307`	`return AttachmentConfiguration(`
`307`	`308`	`network: item.element.name,`
`308`		`- options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: macAddress)`
	`309`	`+ options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: macAddress, mtu: mtu)`
`309`	`310`	`)`
`310`	`311`	`}`
`311`	`312`	`}`
`@@ -314,7 +315,7 @@ public struct Utility {`
`314`	`315`	`guard let builtinNetworkId else {`
`315`	`316`	`throw ContainerizationError(.invalidState, message: "builtin network is not present")`
`316`	`317`	`}`
`317`		`- return [AttachmentConfiguration(network: builtinNetworkId, options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: nil))]`
	`318`	`+ return [AttachmentConfiguration(network: builtinNetworkId, options: AttachmentOptions(hostname: fqdn ?? containerId, macAddress: nil, mtu: 1280))]`
`318`	`319`	`}`
`319`	`320`
`320`	`321`	`private static func getKernel(management: Flags.Management) async throws -> Kernel {`