3 files changed, 17 insertions, 4 deletions

diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 626fcabdd..2523077fd 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -175,6 +175,9 @@ type Config struct {
 	// Network indicates what type of network to use.
 	Network NetworkType
 
+	// GSO indicates that generic segmentation offload is enabled.
+	GSO bool
+
 	// LogPackets indicates that all network packets should be logged.
 	LogPackets bool
 
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 1ba5b7257..9c72e3b1a 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -256,12 +256,20 @@ var allowedSyscalls = seccomp.SyscallRules{
 		},
 	},
 	syscall.SYS_WRITE: {},
+	// The only user in rawfile.NonBlockingWrite3 always passes iovcnt with
+	// values 2 or 3. Three iovec-s are passed, when the PACKET_VNET_HDR
+	// option is enabled for a packet socket.
 	syscall.SYS_WRITEV: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
 			seccomp.AllowAny{},
 			seccomp.AllowValue(2),
 		},
+		{
+			seccomp.AllowAny{},
+			seccomp.AllowAny{},
+			seccomp.AllowValue(3),
+		},
 	},
 }
 
diff --git a/runsc/boot/network.go b/runsc/boot/network.go
index f025a42f1..77291415b 100644
--- a/runsc/boot/network.go
+++ b/runsc/boot/network.go
@@ -52,10 +52,11 @@ type DefaultRoute struct {
 
 // FDBasedLink configures an fd-based link.
 type FDBasedLink struct {
-	Name      string
-	MTU       int
-	Addresses []net.IP
-	Routes    []Route
+	Name       string
+	MTU        int
+	Addresses  []net.IP
+	Routes     []Route
+	GSOMaxSize uint32
 }
 
 // LoopbackLink configures a loopback li nk.
@@ -140,6 +141,7 @@ func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct
 			EthernetHeader:     true,
 			Address:            mac,
 			PacketDispatchMode: fdbased.PacketMMap,
+			GSOMaxSize:         link.GSOMaxSize,
 		})
 
 		log.Infof("Enabling interface %q with id %d on addresses %+v (%v)", link.Name, nicID, link.Addresses, mac)