interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:7d83c94f648f023d33d800a159050dfd238a7552
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0
...
compare: interesting:f8c01f0bf355453959484e686632bf2aa07550c2
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0

2 Commits
7d83c94f64 ... f8c01f0bf3

Author SHA1 Message Date
nickgarlis f8c01f0bf3 Address review comments 2025-06-30 21:28:35 +02:00
nickgarlis 0a7196fb65 Prevent buffer enlargement in specific scenarios 
We should not enlarge the socket buffers when:
 - We are using a test dial (there are no buffers to enlarge).
 - A connection has been initialized with socket options which means
   that the user could have specified fixed buffer sizes.
 2025-06-30 21:07:25 +02:00
1 changed files with 26 additions and 2 deletions
Show Stats Expand all files Collapse all files

28
conn.go
View File

@ -250,10 +250,10 @@ func (cc *Conn) Flush() error {
}
defer func() { _ = closer() }()
if err = cc.enlargeWriteBuffer(conn); err != nil {
if err := cc.enlargeWriteBuffer(conn); err != nil {
return err
}
if err = cc.enlargeReadBuffer(conn); err != nil {
if err := cc.enlargeReadBuffer(conn); err != nil {
return err
}
@ -440,6 +440,22 @@ func (cc *Conn) getMessageSize() int {
return total
}
// canEnlargeBuffers returns true if the connection can automatically enlarge
// the write and read buffers of the netlink connection.
func (cc *Conn) canEnlargeBuffers() bool {
// If there are sock options, we assume that the user has already set the
// buffers to a fixed size.
if len(cc.sockOptions) > 0 {
return false
}
if cc.TestDial != nil {
return false
}
return true
}
// enlargeWriteBuffer automatically sets the write buffer of the given
// connection to the accumulated message size. This is only done if the current
// write buffer is smaller than the message size.
@ -453,6 +469,10 @@ func (cc *Conn) getMessageSize() int {
// TODO: Update this function to mimic the behavior of nftables once our
// socket library supports multiple iovec entries.
func (cc *Conn) enlargeWriteBuffer(conn *netlink.Conn) error {
if !cc.canEnlargeBuffers() {
return nil
}
messageSize := cc.getMessageSize()
writeBuffer, err := conn.WriteBuffer()
if err != nil {
@ -481,6 +501,10 @@ func (cc *Conn) getDefaultEchoReadBuffer() int {
//
// See https://git.netfilter.org/nftables/tree/src/mnl.c?id=713592c6008a8c589a00d3d3d2e49709ff2de62c#n426
func (cc *Conn) enlargeReadBuffer(conn *netlink.Conn) error {
if !cc.canEnlargeBuffers() {
return nil
}
var bufferSize int
// If there are any messages with the Echo flag, we initialize the buffer size