Improve behaviour of SetReadBuffer / SetWriteBuffer
MarkusBauer opened this issue · comments
Hi,
after dealing with netlink socket's buffer size I compared mdlayher/netlink's implementation of SetReadBuffer
with libnfnetlink's nfnl_rcvbufsiz
and found an improvement:
SetReadBuffer uses a single syscall with SO_RCVBUF
to set the buffer size.
In contrast libnfnetlink's nfnl_rcvbufsiz uses SO_RCVBUFFORCE
with a fallback to SO_RCVBUF
if that fails.
This difference is important if the user requests a buffer size that is larger than the system's limit on buffer sizes. SO_RCVBUFFORCE
ignores this limit if the user is root (or has CAP_NET_ADMIN
set), while SO_RCVBUF
fails (see man socket for details). In my use case, this difference would save me from tampering with global limits if I need a large netlink buffer.
Implementing SetReadBuffer with SO_RCVBUFFORCE
will allow users to fully use their privileges without limiting the abilities of unprivileged users. Given that buffer sizes are typically changed only once performance impact should be negligible.
If you approve this change I'll try to implement this and send you a PR.
Sounds good to me, please do open a PR when you can. Thanks!
Closed by #165 .