2 files changed, 14 insertions, 2 deletions

diff --git a/pkg/tcpip/link/fdbased/endpoint.go b/pkg/tcpip/link/fdbased/endpoint.go
index 6354688e2..8f4d67074 100644
--- a/pkg/tcpip/link/fdbased/endpoint.go
+++ b/pkg/tcpip/link/fdbased/endpoint.go
@@ -197,8 +197,9 @@ func New(opts *Options) (tcpip.LinkEndpointID, error) {
 			return stack.RegisterLinkEndpoint(e), nil
 
 		case RecvMMsg:
-			// If the provided FD is a socket then we optimize packet reads by
-			// using recvmmsg() instead of read() to read packets in a batch.
+			// If the provided FD is a socket then we optimize
+			// packet reads by using recvmmsg() instead of read() to
+			// read packets in a batch.
 			e.inboundDispatcher = e.recvMMsgDispatch
 			msgsPerRecv = MaxMsgsPerRecv
 		}
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go
index e52a51569..6c6b665a0 100644
--- a/runsc/sandbox/network.go
+++ b/runsc/sandbox/network.go
@@ -262,6 +262,17 @@ func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string, enableGSO
 			}
 		}
 
+		// Use SO_RCVBUFFORCE because on linux the receive buffer for an
+		// AF_PACKET socket is capped by "net.core.rmem_max". rmem_max
+		// defaults to a unusually low value of 208KB. This is too low
+		// for gVisor to be able to receive packets at high throughputs
+		// without incurring packet drops.
+		const rcvBufSize = 4 << 20 // 4MB.
+
+		if err := syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_RCVBUFFORCE, rcvBufSize); err != nil {
+			return fmt.Errorf("failed to increase socket rcv buffer to %d: %v", rcvBufSize, err)
+		}
+
 		// Collect the addresses for the interface, enable forwarding,
 		// and remove them from the host.
 		for _, addr := range ip4addrs {