3 files changed, 24 insertions, 5 deletions
diff --git a/pkg/sentry/socket/hostinet/sockopt_impl.go b/pkg/sentry/socket/hostinet/sockopt_impl.go
index 8a783712e..2397e04e7 100644
--- a/pkg/sentry/socket/hostinet/sockopt_impl.go
+++ b/pkg/sentry/socket/hostinet/sockopt_impl.go
@@ -12,6 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//go:build go1.1
+// +build go1.1
+
 package hostinet
 
 import (
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index ea736e446..9b844b0c0 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -49,6 +49,7 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
 	"gvisor.dev/gvisor/pkg/sentry/inet"
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
 	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
 	"gvisor.dev/gvisor/pkg/sentry/socket"
 	"gvisor.dev/gvisor/pkg/sentry/socket/netfilter"
@@ -273,6 +274,7 @@ var Metrics = tcpip.Stats{
 		Timeouts:                           mustCreateMetric("/netstack/tcp/timeouts", "Number of times RTO expired."),
 		ChecksumErrors:                     mustCreateMetric("/netstack/tcp/checksum_errors", "Number of segments dropped due to bad checksums."),
 		FailedPortReservations:             mustCreateMetric("/netstack/tcp/failed_port_reservations", "Number of time TCP failed to reserve a port."),
+		SegmentsAckedWithDSACK:             mustCreateMetric("/netstack/tcp/segments_acked_with_dsack", "Number of segments for which DSACK was received."),
 	},
 	UDP: tcpip.UDPStats{
 		PacketsReceived:          mustCreateMetric("/netstack/udp/packets_received", "Number of UDP datagrams received via HandlePacket."),
@@ -1682,12 +1684,12 @@ func SetSockOpt(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, level int
 	return nil
 }
 
-func clampBufSize(newSz, min, max int64) int64 {
+func clampBufSize(newSz, min, max int64, ignoreMax bool) int64 {
 	// packetOverheadFactor is used to multiply the value provided by the user on
 	// a setsockopt(2) for setting the send/receive buffer sizes sockets.
 	const packetOverheadFactor = 2
 
-	if newSz > max {
+	if !ignoreMax && newSz > max {
 		newSz = max
 	}
 
@@ -1712,7 +1714,7 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
 
 		v := hostarch.ByteOrder.Uint32(optVal)
 		min, max := ep.SocketOptions().SendBufferLimits()
-		clamped := clampBufSize(int64(v), min, max)
+		clamped := clampBufSize(int64(v), min, max, false /* ignoreMax */)
 		ep.SocketOptions().SetSendBufferSize(clamped, true /* notify */)
 		return nil
 
@@ -1723,7 +1725,22 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
 
 		v := hostarch.ByteOrder.Uint32(optVal)
 		min, max := ep.SocketOptions().ReceiveBufferLimits()
-		clamped := clampBufSize(int64(v), min, max)
+		clamped := clampBufSize(int64(v), min, max, false /* ignoreMax */)
+		ep.SocketOptions().SetReceiveBufferSize(clamped, true /* notify */)
+		return nil
+
+	case linux.SO_RCVBUFFORCE:
+		if len(optVal) < sizeOfInt32 {
+			return syserr.ErrInvalidArgument
+		}
+
+		if creds := auth.CredentialsFromContext(t); !creds.HasCapability(linux.CAP_NET_ADMIN) {
+			return syserr.ErrNotPermitted
+		}
+
+		v := hostarch.ByteOrder.Uint32(optVal)
+		min, max := ep.SocketOptions().ReceiveBufferLimits()
+		clamped := clampBufSize(int64(v), min, max, true /* ignoreMax */)
 		ep.SocketOptions().SetReceiveBufferSize(clamped, true /* notify */)
 		return nil
 
diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go
index f5da3c509..658e90bb9 100644
--- a/pkg/sentry/socket/socket.go
+++ b/pkg/sentry/socket/socket.go
@@ -509,7 +509,6 @@ func SetSockOptEmitUnimplementedEvent(t *kernel.Task, name int) {
 		linux.SO_ATTACH_REUSEPORT_EBPF,
 		linux.SO_CNX_ADVICE,
 		linux.SO_DETACH_FILTER,
-		linux.SO_RCVBUFFORCE,
 		linux.SO_SNDBUFFORCE:
 
 		t.Kernel().EmitUnimplementedEvent(t)