nfnl_rcvbufsiz() is the first bullet point in the Performance section of the libnetfilter_queue HTML main page. We have to assume people have used it, so supply a version that uses libmnl. Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> --- .../libnetfilter_queue/libnetfilter_queue.h | 2 ++ src/libnetfilter_queue.c | 34 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h index f7e68d8..9327f8c 100644 --- a/include/libnetfilter_queue/libnetfilter_queue.h +++ b/include/libnetfilter_queue/libnetfilter_queue.h @@ -35,6 +35,8 @@ typedef int nfq_callback(struct nfq_q_handle *gh, struct nfgenmsg *nfmsg, struct nfq_data *nfad, void *data); +extern unsigned int nfnl_rcvbufsiz(const struct nfnl_handle *h, + unsigned int size); extern struct nfq_handle *nfq_open(void); extern struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh); extern int nfq_close(struct nfq_handle *h); diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 17fe879..2051aca 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -559,6 +559,40 @@ out_free: * @{ */ +/** + * nfnl_rcvbufsiz - set the socket buffer size + * \param h nfnetlink connection handle obtained via call to \b nfq_nfnlh() + * \param size size of the buffer we want to set + * + * This nfnl-API function sets the new size of the socket buffer. + * Use this setting + * to increase the socket buffer size if your system is reporting ENOBUFS + * errors. + * + * \return new size of kernel socket buffer + */ + +EXPORT_SYMBOL +unsigned int nfnl_rcvbufsiz(const struct nfnl_handle *h, unsigned int size) +{ + int status; + socklen_t socklen = sizeof(size); + unsigned int read_size = 0; + + /* first we try the FORCE option, which is introduced in kernel + * 2.6.14 to give "root" the ability to override the system wide + * maximum */ + status = setsockopt(h->fd, SOL_SOCKET, SO_RCVBUFFORCE, &size, socklen); + if (status < 0) { + /* if this didn't work, we try at least to get the system + * wide maximum (or whatever the user requested) */ + setsockopt(h->fd, SOL_SOCKET, SO_RCVBUF, &size, socklen); + } + getsockopt(h->fd, SOL_SOCKET, SO_RCVBUF, &read_size, &socklen); + + return read_size; +} + /** * nfq_close - close a nfqueue handler * \param h Netfilter queue connection handle obtained via call to nfq_open() -- 2.35.8