Merge pull request #85 from apernet/wip-buf

feat: netlink rcv/snd buffer config options

README.ja.md

@@ -70,6 +70,8 @@ opkg install kmod-nft-queue kmod-nf-conntrack-netlink
 ```yaml
 io:
   queueSize: 1024
+  rcvBuf: 4194304
+  sndBuf: 4194304
   local: true # FORWARD チェーンで OpenGFW を実行したい場合は false に設定する
 
 workers:

README.md

@@ -74,6 +74,8 @@ opkg install kmod-nft-queue kmod-nf-conntrack-netlink
 ```yaml
 io:
   queueSize: 1024
+  rcvBuf: 4194304
+  sndBuf: 4194304
   local: true # set to false if you want to run OpenGFW on FORWARD chain
 
 workers:

README.zh.md

@@ -70,6 +70,8 @@ opkg install kmod-nft-queue kmod-nf-conntrack-netlink
 ```yaml
 io:
   queueSize: 1024
+  rcvBuf: 4194304
+  sndBuf: 4194304
   local: true # 如果需要在 FORWARD 链上运行 OpenGFW，请设置为 false
 
 workers:

cmd/root.go

@@ -168,8 +168,10 @@ type cliConfig struct {
 }
 
 type cliConfigIO struct {
-	QueueSize uint32 `mapstructure:"queueSize"`
-	Local     bool   `mapstructure:"local"`
+	QueueSize   uint32 `mapstructure:"queueSize"`
+	ReadBuffer  int    `mapstructure:"rcvBuf"`
+	WriteBuffer int    `mapstructure:"sndBuf"`
+	Local       bool   `mapstructure:"local"`
 }
 
 type cliConfigWorkers struct {
@@ -192,8 +194,10 @@ func (c *cliConfig) fillLogger(config *engine.Config) error {
 
 func (c *cliConfig) fillIO(config *engine.Config) error {
 	nfio, err := io.NewNFQueuePacketIO(io.NFQueuePacketIOConfig{
-		QueueSize: c.IO.QueueSize,
-		Local:     c.IO.Local,
+		QueueSize:   c.IO.QueueSize,
+		ReadBuffer:  c.IO.ReadBuffer,
+		WriteBuffer: c.IO.WriteBuffer,
+		Local:       c.IO.Local,
 	})
 	if err != nil {
 		return configError{Field: "io", Err: err}

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.26.0
 	golang.org/x/crypto v0.19.0
+	golang.org/x/sys v0.17.0
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -43,7 +44,6 @@ require (
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/net v0.19.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )

io/nfqueue.go

@@ -12,6 +12,7 @@ import (
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/florianl/go-nfqueue"
 	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -96,8 +97,10 @@ type nfqueuePacketIO struct {
 }
 
 type NFQueuePacketIOConfig struct {
-	QueueSize uint32
-	Local     bool
+	QueueSize   uint32
+	ReadBuffer  int
+	WriteBuffer int
+	Local       bool
 }
 
 func NewNFQueuePacketIO(config NFQueuePacketIOConfig) (PacketIO, error) {
@@ -127,9 +130,19 @@ func NewNFQueuePacketIO(config NFQueuePacketIOConfig) (PacketIO, error) {
 	if err != nil {
 		return nil, err
 	}
-	err = n.Con.SetOption(netlink.NoENOBUFS, true)
-	if err != nil {
-		return nil, fmt.Errorf("failed to set NoENOBUFS option: %w", err)
+	if config.ReadBuffer > 0 {
+		err = n.Con.SetReadBuffer(config.ReadBuffer)
+		if err != nil {
+			_ = n.Close()
+			return nil, err
+		}
+	}
+	if config.WriteBuffer > 0 {
+		err = n.Con.SetWriteBuffer(config.WriteBuffer)
+		if err != nil {
+			_ = n.Close()
+			return nil, err
+		}
 	}
 	return &nfqueuePacketIO{
 		n:     n,
@@ -156,6 +169,12 @@ func (n *nfqueuePacketIO) Register(ctx context.Context, cb PacketCallback) error
 			return okBoolToInt(cb(p, nil))
 		},
 		func(e error) int {
+			if opErr := (*netlink.OpError)(nil); errors.As(e, &opErr) {
+				if errors.Is(opErr.Err, unix.ENOBUFS) {
+					// Kernel buffer temporarily full, ignore
+					return 0
+				}
+			}
 			return okBoolToInt(cb(nil, e))
 		})
 	if err != nil {