From 0afa33d532c3bd1bf54d7e764ac32619cd73e028 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 3 Jul 2019 09:36:26 +0200
Subject: nft: Move send/receive buffer sizes into nft_handle

Store them next to the mnl_socket pointer. While being at it, add a
comment to mnl_set_rcvbuffer() explaining why the buffer size is
changed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 17 +++++++----------
 iptables/nft.h |  2 ++
 2 files changed, 9 insertions(+), 10 deletions(-)

(limited to 'iptables')

diff --git a/iptables/nft.c b/iptables/nft.c
index 4a528091..e927d1db 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -186,13 +186,11 @@ static void mnl_err_list_free(struct mnl_err *err)
 	free(err);
 }
 
-static int nlbuffsiz;
-
 static void mnl_set_sndbuffer(struct nft_handle *h)
 {
 	int newbuffsiz = nftnl_batch_iovec_len(h->batch) * BATCH_PAGE_SIZE;
 
-	if (newbuffsiz <= nlbuffsiz)
+	if (newbuffsiz <= h->nlsndbuffsiz)
 		return;
 
 	/* Rise sender buffer length to avoid hitting -EMSGSIZE */
@@ -200,23 +198,22 @@ static void mnl_set_sndbuffer(struct nft_handle *h)
 		       &newbuffsiz, sizeof(socklen_t)) < 0)
 		return;
 
-	nlbuffsiz = newbuffsiz;
+	h->nlsndbuffsiz = newbuffsiz;
 }
 
-static int nlrcvbuffsiz;
-
 static void mnl_set_rcvbuffer(struct nft_handle *h, int numcmds)
 {
 	int newbuffsiz = getpagesize() * numcmds;
 
-	if (newbuffsiz <= nlrcvbuffsiz)
+	if (newbuffsiz <= h->nlrcvbuffsiz)
 		return;
 
+	/* Rise receiver buffer length to avoid hitting -ENOBUFS */
 	if (setsockopt(mnl_socket_get_fd(h->nl), SOL_SOCKET, SO_RCVBUFFORCE,
 		       &newbuffsiz, sizeof(socklen_t)) < 0)
 		return;
 
-	nlrcvbuffsiz = newbuffsiz;
+	h->nlrcvbuffsiz = newbuffsiz;
 }
 
 static ssize_t mnl_nft_socket_sendmsg(struct nft_handle *h, int numcmds)
@@ -807,8 +804,8 @@ static int nft_restart(struct nft_handle *h)
 		return -1;
 
 	h->portid = mnl_socket_get_portid(h->nl);
-	nlbuffsiz = 0;
-	nlrcvbuffsiz = 0;
+	h->nlsndbuffsiz = 0;
+	h->nlrcvbuffsiz = 0;
 
 	return 0;
 }
diff --git a/iptables/nft.h b/iptables/nft.h
index 43eb8a39..dc116184 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -38,6 +38,8 @@ struct nft_cache {
 struct nft_handle {
 	int			family;
 	struct mnl_socket	*nl;
+	int			nlsndbuffsiz;
+	int			nlrcvbuffsiz;
 	uint32_t		portid;
 	uint32_t		seq;
 	uint32_t		nft_genid;
-- 
cgit v1.2.3