Try to set NETLINK_GET_STRICT_CHK socket option

Added in https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md#v130 > the netlink.GetStrictCheck option can be used to tell the kernel to be more strict when parsing requests. This enables more safety checks and can allow the kernel to perform more advanced request filtering in subsystems such as route netlink. This connection option would allow netlink to get the kernel to filter out unnecessary info on dumping. This is important for us, as we have many systems that consume BGP and have in excess of 800k routes in non-default routing tables. Unfortunately, support for NETLINK_GET_STRICT_CHK was added in kernel 4.20, and mdlayher/netlink returns a syscall error when it is not supported. This patch attempts to set the option and handles the ENOPROTOOPT error if it does not succeed. Behavior should be unchanged on kernels that predate 4.20, and later kernels will see better netlink performance as the kernel returns less info per query of qdisc.
ema · Nov 30, 2022 · 1528c42 · 1528c42
1 parent d9a3e0e
commit 1528c42
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/get.go b/get.go
@@ -1,9 +1,11 @@
 package qdisc
 
 import (
+	"errors"
 	"fmt"
 	"math"
 	"net"
+	"syscall"
 
 	"github.com/mdlayher/netlink"
 	"github.com/mdlayher/netlink/nlenc"
@@ -293,6 +295,14 @@ func Get() ([]QdiscInfo, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to dial netlink: %v", err)
 	}
+
+	if err := c.SetOption(netlink.GetStrictCheck, true); err != nil {
+		// silently accept ENOPROTOOPT errors when kernel is not > 4.20
+		if !errors.Is(err, syscall.ENOPROTOOPT) {
+			return nil, fmt.Errorf("unexpected error trying to set option NETLINK_GET_STRICT_CHK: %v", err)
+		}
+	}
+
 	defer c.Close()
 
 	return getAndParse(c)