feat: Allow large MTU sizes (#1042)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/hub.yml

@@ -15,7 +15,7 @@ jobs:
     - uses: actions/checkout@v5
     - 
       name: Docker Hub Description
-      uses: peter-evans/dockerhub-description@v4
+      uses: peter-evans/dockerhub-description@v5
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}

Dockerfile

@@ -28,6 +28,7 @@ RUN set -eu && \
         unzip \
         nginx \
         procps \
+        ethtool \
         python3 \
         python3-pip \
         python3-msgpack \
@@ -57,7 +58,7 @@ RUN set -eu && \
 COPY --chmod=755 ./src /run/
 COPY --chmod=755 ./web /var/www/
 COPY --chmod=755 --from=builder /qemu-host.bin /run/host.bin
-COPY --chmod=744 ./web/conf/nginx.conf /etc/nginx/sites-enabled/web.conf
+COPY --chmod=744 ./web/conf/nginx.conf /etc/nginx/default.conf
 ADD --chmod=775 https://raw.githubusercontent.com/sud0woodo/patology/refs/heads/main/patology.py /run/extract.py
 
 VOLUME /storage
@@ -65,7 +66,7 @@ EXPOSE 22 139 445 5000
 
 ENV RAM_SIZE="2G"
 ENV CPU_CORES="2"
-ENV DISK_SIZE="16G"
+ENV DISK_SIZE="256G"
 
 HEALTHCHECK --interval=60s --start-period=45s --retries=2 CMD /run/check.sh
 

compose.yml

@@ -3,7 +3,7 @@ services:
     container_name: dsm
     image: vdsm/virtual-dsm
     environment:
-      DISK_SIZE: "16G"
+      DISK_SIZE: "256G"
     devices:
       - /dev/kvm
       - /dev/net/tun

kubernetes.yml

@@ -8,7 +8,7 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 16Gi
+      storage: 256Gi
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -31,7 +31,7 @@ spec:
         image: vdsm/virtual-dsm
         env:
         - name: DISK_SIZE
-          value: "16G"
+          value: "256G"
         ports:
           - containerPort: 5000
             name: http

readme.md

@@ -30,7 +30,7 @@ services:
     container_name: dsm
     image: vdsm/virtual-dsm
     environment:
-      DISK_SIZE: "16G"
+      DISK_SIZE: "256G"
     devices:
       - /dev/kvm
       - /dev/net/tun
@@ -47,7 +47,7 @@ services:
 ##### Via Docker CLI:
 
 ```bash
-docker run -it --rm --name dsm -p 5000:5000 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/dsm:/storage" --stop-timeout 120 vdsm/virtual-dsm
+docker run -it --rm --name dsm -e "DISK_SIZE=256G" -p 5000:5000 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/dsm:/storage" --stop-timeout 120 vdsm/virtual-dsm
 ```
 
 ##### Via Kubernetes:
@@ -87,35 +87,24 @@ kubectl apply -f https://raw.githubusercontent.com/vdsm/virtual-dsm/refs/heads/m
  
 ### How do I change the size of the disk?
 
-  To expand the default size of 16 GB, locate the `DISK_SIZE` setting in your compose file and modify it to your preferred capacity:
+  To expand the default size of 256 GB, locate the `DISK_SIZE` setting in your compose file and modify it to your preferred capacity:
 
   ```yaml
   environment:
-    DISK_SIZE: "128G"
+    DISK_SIZE: "512G"
   ```
   
 > [!TIP]
 > This can also be used to resize the existing disk to a larger capacity without any data loss.
 
-### How do I create a growable disk?
-
-  By default, the entire capacity of the disk will be reserved in advance.
-
-  To create a growable disk that only allocates space that is actually used, add the following environment variable:
-
-  ```yaml
-  environment:
-    DISK_FMT: "qcow2"
-  ```
-
 ### How do I add multiple disks?
 
   To create additional disks, modify your compose file like this:
   
   ```yaml
   environment:
-    DISK2_SIZE: "32G"
+    DISK2_SIZE: "500G"
-    DISK3_SIZE: "64G"
+    DISK3_SIZE: "750G"
   volumes:
     - ./example2:/storage2
     - ./example3:/storage3
@@ -263,14 +252,6 @@ kubectl apply -f https://raw.githubusercontent.com/vdsm/virtual-dsm/refs/heads/m
 
   There are only two minor differences: the Virtual Machine Manager package is not available, and Surveillance Station will not include any free licenses.
 
-### How do I run Windows in a container?
-
-  You can use [dockur/windows](https://github.com/dockur/windows) for that. It shares many of the same features, and even has completely automatic installation.
-
-### How do I run a Linux desktop in a container?
-
-  You can use [qemus/qemu](https://github.com/qemus/qemu) in that case.
-
 ### Is this project legal?
 
   Yes, this project contains only open-source code and does not distribute any copyrighted material. Neither does it try to circumvent any copyright protection measures. So under all applicable laws, this project will be considered legal. 

src/disk.sh

@@ -507,13 +507,9 @@ addDevice () {
   physical="${physical%% *}"
 
   if [ -n "$physical" ]; then
-    if [[ "$physical" == "512" || "$physical" == "4096" ]]; then
+    if [[ "$physical" != "512" ]]; then
-      if [[ "$physical" == "4096" ]]; then
       sectors=",logical_block_size=$logical,physical_block_size=$physical"
     fi
-    else
-      warn "Unknown physical sector size: $physical for $DISK_DEV"
-    fi
   else
     warn "Failed to determine the sector size for $DISK_DEV"
   fi
@@ -523,7 +519,9 @@ addDevice () {
   return 0
 }
 
-html "Initializing disks..."
+msg="Initializing disks..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
 
 [ -z "${DISK_OPTS:-}" ] && DISK_OPTS=""
 [ -z "${DISK_TYPE:-}" ] && DISK_TYPE="scsi"
@@ -535,12 +533,8 @@ case "${DISK_TYPE,,}" in
 esac
 
 if [ -z "$ALLOCATE" ]; then
-  if [[ "${DISK_FMT,,}" == "raw" ]]; then
-    ALLOCATE="Y"
-  else
   ALLOCATE="N"
 fi
-fi
 
 if [[ "$ALLOCATE" == [Nn]* ]]; then
   DISK_STYLE="growable"
@@ -554,7 +548,7 @@ DISK_OPTS+=$(createDevice "$BOOT" "$DISK_TYPE" "1" "0xa" "raw" "$DISK_IO" "$DISK
 DISK_OPTS+=$(createDevice "$SYSTEM" "$DISK_TYPE" "2" "0xb" "raw" "$DISK_IO" "$DISK_CACHE" "" "")
 
 DISK1_FILE="$STORAGE/${DISK_NAME}"
-if [[ ! -f "$DISK1_FILE.img" && -f "$STORAGE/data${DISK_SIZE}.img" ]]; then
+if [ ! -f "$DISK1_FILE.img" ] && [ -f "$STORAGE/data${DISK_SIZE}.img" ]; then
   # Fallback for legacy installs
   mv "$STORAGE/data${DISK_SIZE}.img" "$DISK1_FILE.img"
 fi

src/display.sh

@@ -18,6 +18,10 @@ if [[ "$GPU" != [Yy1]* || "$CPU_VENDOR" != "GenuineIntel" || "$ARCH" != "amd64"
 
 fi
 
+msg="Configuring display drivers..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
 DISPLAY_OPTS="-display egl-headless,rendernode=$RENDERNODE"
 DISPLAY_OPTS+=" -vga $VGA"
 

src/entry.sh

@@ -6,6 +6,7 @@ set -Eeuo pipefail
 
 cd /run
 
+. start.sh      # Placeholder
 . utils.sh      # Load functions
 . reset.sh      # Initialize system
 . install.sh    # Run installation

src/install.sh

@@ -31,8 +31,9 @@ if [ -n "$URL" ] && [ ! -s "$FILE" ] && [ ! -d "$DIR" ]; then
   BASE=$(basename "$URL" .pat)
   if [ ! -s "$STORAGE/$BASE.system.img" ]; then
     BASE=$(basename "${URL%%\?*}" .pat)
-    : "${BASE//+/ }"; printf -v BASE '%b' "${_//%/\\x}"
+    BASE="${BASE//+/ }"
-    BASE=$(echo "$BASE" | sed -e 's/[^A-Za-z0-9._-]/_/g')
+    printf -v BASE '%b' "${BASE//%/\\x}"
+    BASE="${BASE//[!A-Za-z0-9._-]/_}"
   fi
   if [[ "${URL,,}" != "http"* && "${URL,,}" != "file:"* ]] ; then
     [ ! -s "$STORAGE/$BASE.pat" ] && error "Invalid URL:  $URL" && exit 65
@@ -65,8 +66,9 @@ fi
 
 if [ ! -s "$FILE" ]; then
   BASE=$(basename "${URL%%\?*}" .pat)
-  : "${BASE//+/ }"; printf -v BASE '%b' "${_//%/\\x}"
+  BASE="${BASE//+/ }"
-  BASE=$(echo "$BASE" | sed -e 's/[^A-Za-z0-9._-]/_/g')
+  printf -v BASE '%b' "${BASE//%/\\x}"
+  BASE="${BASE//[!A-Za-z0-9._-]/_}"
 fi
 
 if [[ "$URL" != "file://$STORAGE/$BASE.pat" ]]; then

src/network.sh

@@ -29,6 +29,8 @@ ADD_ERR="Please add the following setting to your container:"
 
 configureDHCP() {
 
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring MACVTAP networking..."
+
   # Create the necessary file structure for /dev/vhost-net
   if [ ! -c /dev/vhost-net ]; then
     if mknod /dev/vhost-net c 10 238; then
@@ -61,12 +63,13 @@ configureDHCP() {
 
   if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
     if ! ip link set dev "$VM_NET_TAP" mtu "$MTU"; then
-      warn "Failed to set MTU size.."
+      warn "Failed to set MTU size to $MTU." && MTU="0"
     fi
   fi
 
   while ! ip link set "$VM_NET_TAP" up; do
     info "Waiting for MAC address $VM_NET_MAC to become available..."
+    info "If you cloned this machine, please delete the 'dsm.mac' file to generate a different MAC address."
     sleep 2
   done
 
@@ -104,6 +107,9 @@ configureDHCP() {
 
 configureDNS() {
 
+  local log="/var/log/dnsmasq.log"
+  rm -f "$log"
+
   # Create lease file for faster resolve
   echo "0 $VM_NET_MAC $VM_NET_IP $VM_NET_HOST 01:$VM_NET_MAC" > /var/lib/misc/dnsmasq.leases
   chmod 644 /var/lib/misc/dnsmasq.leases
@@ -122,17 +128,21 @@ configureDNS() {
 
   # Add DNS entry for container
   DNSMASQ_OPTS+=" --address=/host.lan/${VM_NET_IP%.*}.1"
+  DNSMASQ_OPTS+=" --log-facility=$log"
 
   DNSMASQ_OPTS=$(echo "$DNSMASQ_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//')
 
-  if [[ "${DEBUG_DNS:-}" == [Yy1]* ]]; then
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Starting Dnsmasq daemon..."
-   DNSMASQ_OPTS+=" -d"
-   $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} &
-   return 0
-  fi
 
   if ! $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS}; then
-    error "Failed to start dnsmasq, reason: $?" && return 1
+    local msg="Failed to start Dnsmasq, reason: $?"
+    [ -f "$log" ] && cat "$log"
+    error "$msg"
+    return 1
+  fi
+
+  if [[ "${DEBUG_DNS:-}" == [Yy1]* ]]; then
+    tail -fn +0 "$log" &
   fi
 
   return 0
@@ -172,8 +182,9 @@ getUserPorts() {
 
 getHostPorts() {
 
-  local list=$1
+  local list="$1"
 
+  [ -z "$list" ] && list="$MON_PORT" || list+=",$MON_PORT"
   [ -z "$list" ] && echo "" && return 0
 
   if [[ "$list" != *","* ]]; then
@@ -187,6 +198,8 @@ getHostPorts() {
 
 configureUser() {
 
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring SLIRP networking..."
+
   if [ -z "$IP6" ]; then
     NET_OPTS="-netdev user,id=hostnet0,host=${VM_NET_IP%.*}.1,net=${VM_NET_IP%.*}.0/24,dhcpstart=$VM_NET_IP,hostname=$VM_NET_HOST"
   else
@@ -205,6 +218,8 @@ configureNAT() {
   local tuntap="TUN device is missing. $ADD_ERR --device /dev/net/tun"
   local tables="The 'ip_tables' kernel module is not loaded. Try this command: sudo modprobe ip_tables iptable_nat"
 
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring NAT networking..."
+
   # Create the necessary file structure for /dev/net/tun
   if [ ! -c /dev/net/tun ]; then
     [[ "$PODMAN" == [Yy1]* ]] && return 1
@@ -251,7 +266,7 @@ configureNAT() {
 
   if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
     if ! ip link set dev "$VM_NET_TAP" mtu "$MTU"; then
-      warn "Failed to set MTU size.."
+      warn "Failed to set MTU size to $MTU." && MTU="0"
     fi
   fi
 
@@ -392,6 +407,32 @@ getInfo() {
     error "$ADD_ERR -e \"VM_NET_DEV=NAME\" to specify another interface name." && exit 26
   fi
 
+  local result nic bus
+  result=$(ethtool -i "$VM_NET_DEV")
+  nic=$(grep -m 1 -i 'driver:' <<< "$result" | awk '{print $(2)}')
+  bus=$(grep -m 1 -i 'bus-info:' <<< "$result" | awk '{print $(2)}')
+
+  if [[ "${bus,,}" != "" && "${bus,,}" != "n/a" ]]; then
+    [[ "$DEBUG" == [Yy1]* ]] && info "Detected BUS: $bus"
+    error "This container does not support host mode networking!"
+    exit 29
+  fi
+
+  if [[ "$DHCP" == [Yy1]* ]]; then
+
+    if [[ "${nic,,}" == "ipvlan" ]]; then
+      error "This container does not support IPVLAN networking when DHCP=Y."
+      exit 29
+    fi
+
+    if [[ "${nic,,}" != "macvlan" ]]; then
+      [[ "$DEBUG" == [Yy1]* ]] && info "Detected NIC: $nic"
+      error "The container needs to be in a MACVLAN network when DHCP=Y."
+      exit 29
+    fi
+
+  fi
+
   BASE_IP="${VM_NET_IP%.*}."
 
   if [ "${VM_NET_IP/$BASE_IP/}" -lt "3" ]; then
@@ -402,10 +443,6 @@ getInfo() {
     MTU=$(cat "/sys/class/net/$VM_NET_DEV/mtu")
   fi
 
-  if [ "$MTU" -gt "1500" ]; then
-    info "MTU size is too large: $MTU, ignoring..." && MTU="0"
-  fi
-
   if [[ "${ADAPTER,,}" != "virtio-net-pci" ]]; then
     if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
       warn "MTU size is $MTU, but cannot be set for $ADAPTER adapters!" && MTU="0"
@@ -460,6 +497,8 @@ if [[ "$NETWORK" == [Nn]* ]]; then
   return 0
 fi
 
+[[ "$DEBUG" == [Yy1]* ]] && echo "Retrieving network information..."
+
 getInfo
 html "Initializing network..."
 
@@ -479,6 +518,9 @@ if [[ "$IP" == "172.17."* ]]; then
   warn "your container IP starts with 172.17.* which will cause conflicts when you install the Container Manager package inside DSM!"
 fi
 
+# Clean up old files
+rm -f /var/run/dnsmasq.pid
+
 if [[ -d "/sys/class/net/$VM_NET_TAP" ]]; then
   info "Lingering interface will be removed..."
   ip link delete "$VM_NET_TAP" || true
@@ -488,10 +530,6 @@ if [[ "$DHCP" == [Yy1]* ]]; then
 
   checkOS
 
-  if [[ "$IP" == "172."* ]]; then
-    warn "container IP starts with 172.* which is often a sign that you are not on a macvlan network (required for DHCP)!"
-  fi
-
   # Configure for macvtap interface
   configureDHCP || exit 20
 
@@ -526,7 +564,7 @@ else
         msg="podman detected, $msg"
       fi
       warn "$msg"
-      [ -z "$USER_PORTS" ] && info "Notice: port mapping will not work without \"USER_PORTS\" now."
+      [ -z "$USER_PORTS" ] && info "Notice: when you want to expose ports in this mode, map them using this variable: \"USER_PORTS=5000,5001\"."
 
     fi
 

src/power.sh

@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
+: "${API_TIMEOUT:="50"}"   # API Call timeout
+: "${QEMU_TIMEOUT:="50"}"  # QEMU Termination timeout
+
 # Configure QEMU for graceful shutdown
 
 API_CMD=6
 API_HOST="127.0.0.1:2210"
-: "${API_TIMEOUT:="50"}" # API Call timeout
 
 QEMU_TERM=""
-QEMU_PORT=7100
-: "${QEMU_TIMEOUT:="50"}" # QEMU Termination timeout
 QEMU_DIR="/run/shm"
 QEMU_PID="$QEMU_DIR/qemu.pid"
 QEMU_LOG="$QEMU_DIR/qemu.log"
@@ -83,7 +83,7 @@ terminal() {
   fi
 
   if [ ! -c "$dev" ]; then
-    dev=$(echo 'info chardev' | nc -q 1 -w 1 localhost "$QEMU_PORT" | tr -d '\000')
+    dev=$(echo 'info chardev' | nc -q 1 -w 1 localhost "$MON_PORT" | tr -d '\000')
     dev="${dev#*serial0}"
     dev="${dev#*pty:}"
     dev="${dev%%$'\n'*}"
@@ -127,7 +127,7 @@ _graceful_shutdown() {
   fi
 
   # Don't send the powerdown signal because vDSM ignores ACPI signals
-  # echo 'system_powerdown' | nc -q 1 -w 1 localhost "${QEMU_PORT}" > /dev/null
+  # echo 'system_powerdown' | nc -q 1 -w 1 localhost "$MON_PORT" > /dev/null
 
   # Send shutdown command to guest agent via serial port
   url="http://$API_HOST/read?command=$API_CMD&timeout=$API_TIMEOUT"
@@ -172,7 +172,7 @@ _graceful_shutdown() {
 MON_OPTS="\
         -pidfile $QEMU_PID \
         -name $PROCESS,process=$PROCESS,debug-threads=on \
-        -monitor telnet:localhost:$QEMU_PORT,server,nowait,nodelay"
+        -monitor telnet:localhost:$MON_PORT,server,nowait,nodelay"
 
 if [[ "$CONSOLE" != [Yy]* ]]; then
 

src/reset.sh

@@ -2,6 +2,7 @@
 set -Eeuo pipefail
 
 trap 'error "Status $? while: $BASH_COMMAND (line $LINENO/$BASH_LINENO)"' ERR
+[[ "${TRACE:-}" == [Yy1]* ]] && set -o functrace && trap 'echo "# $BASH_COMMAND" >&2' DEBUG
 
 [ ! -f "/run/entry.sh" ] && error "Script must run inside Docker container!" && exit 11
 [ "$(id -u)" -ne "0" ] && error "Script must be executed with root privileges." && exit 12
@@ -202,19 +203,23 @@ addPackage() {
   return 0
 }
 
+: "${MON_PORT:="7100"}"    # Monitor port
+: "${WEB_PORT:="5000"}"    # Webserver port
+
 cp -r /var/www/* /run/shm
 html "Starting $APP for Docker..."
 
 if [[ "${WEB:-}" != [Nn]* ]]; then
 
+  mkdir -p /etc/nginx/sites-enabled
+  cp /etc/nginx/default.conf /etc/nginx/sites-enabled/web.conf
+
+  sed -i "s/listen 5000 default_server;/listen $WEB_PORT default_server;/g" /etc/nginx/sites-enabled/web.conf
+  
   # shellcheck disable=SC2143
   if [ -f /proc/net/if_inet6 ] && [ -n "$(ifconfig -a | grep inet6)" ]; then
 
-    sed -i "s/listen 5000 default_server;/listen [::]:5000 default_server ipv6only=off;/g" /etc/nginx/sites-enabled/web.conf
+    sed -i "s/listen $WEB_PORT default_server;/listen [::]:$WEB_PORT default_server ipv6only=off;/g" /etc/nginx/sites-enabled/web.conf
-
-  else
-
-    sed -i "s/listen [::]:5000 default_server ipv6only=off;/listen 5000 default_server;/g" /etc/nginx/sites-enabled/web.conf
 
   fi
   

src/start.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Override this placeholder file using a Docker bind to execute a script during startup!