treewide: update nftables to 0.2 with patches
This updates nftables to 0.2 and adapts nfproxy to the changes.
It also includes two patches which will be needed by the k8s-nft-npc
implementation later. The first one increases buffer sizes to allow
larger transactions (the buffer size is sadly not configurable). The
second one introduces a special expr implementation which allows for
expressions whose value depends on the address family.
Both patches should eventually go upstream but are not fully suitable
for upstreaming in their current form.
Change-Id: Ib398a14fa3fb7b6f808a834406d5307cea1fe8ae
Reviewed-on: https://review.monogon.dev/c/monogon/+/3751
Tested-by: Jenkins CI
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
diff --git a/third_party/go/patches/nftables-bigger-buffers.patch b/third_party/go/patches/nftables-bigger-buffers.patch
new file mode 100644
index 0000000..9513800
--- /dev/null
+++ b/third_party/go/patches/nftables-bigger-buffers.patch
@@ -0,0 +1,25 @@
+From ba6c6c23295a765158a2e6d94879173419b72926 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Sat, 30 Nov 2024 01:03:23 +0100
+Subject: [PATCH 1/2] Increase netlink socket buffers
+
+---
+ conn.go | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/conn.go b/conn.go
+index fef9c2a..a315db3 100644
+--- a/conn.go
++++ b/conn.go
+@@ -73,6 +73,8 @@ func New(opts ...ConnOption) (*Conn, error) {
+ if err != nil {
+ return nil, err
+ }
++ nlconn.SetReadBuffer(1 << 22)
++ nlconn.SetWriteBuffer(1 << 22)
+ cc.nlconn = nlconn
+ return cc, nil
+ }
+--
+2.47.0
+