Hello.
I am using Docker containers on RouterOS (latest stable) and running applications that rely on netlink (iproute2 / ipset / nftables).
When applying large rule sets, the following error occurs inside the container:
netlink: Error: Could not process rule: Message too large
Please, raise /proc/sys/net/core/wmem_max on the host namespace. Hint: 2097152 bytes
However, inside RouterOS Docker containers:
-
/proc/sys/net/coreexists but is empty -
sysctl net.core.wmem_maxis unavailable -
Docker does not support
--sysctl net.core.wmem_max=... -
The parameter cannot be configured on the host RouterOS system either
As a result, applications that require larger netlink socket buffers cannot function correctly in RouterOS Docker, even though they work on standard Linux hosts.
Request:
Please consider implementing one of the following in RouterOS:
-
Support for
net.core.wmem_max(and related net.core socket buffer parameters) on the host system, or -
Ability to pass these sysctl parameters to Docker containers, or
-
A documented RouterOS-specific mechanism to increase netlink socket buffer limits.
This would significantly improve compatibility of RouterOS Docker with standard Linux networking tools and containers that rely on netlink.
Thank you.