hello, on Thu 1/3/2008 10:26 AM Guy Harris wrote: > Presumably if pcap_open_live() supplies a very large snapshot length, > the attempt to allocate the ring buffer will fail if the ring buffer > would be too large.
Currently the whole ring size is bounded to 4M, which seams a rasonable default
(is the same value currently used by the bpf code). Using a very large snap
length make the allocation somewhat more difficult for the kernel, but I
suppose that is better to follow the user 'desiderata'. If the ring allocation
fails, the capture is open with the traditional packet socket interface, so
there is no loss of functionality.
Please note anyway that the snaplen bounding was a legacy from the first
version of the patch (when the snaplen parameter in pcap_open_live was used to
encode both the snapshot length and the ring frame number).
ciao,
Paolo
--------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons above and
may contain confidential information. If you have received the message in
error, be informed that any use of the content hereof is prohibited. Please
return it immediately to the sender and delete the message. Should you have any
questions, please contact us by replying to [EMAIL PROTECTED]
Thank you
www.telecomitalia.it
--------------------------------------------------------------------
<<winmail.dat>>
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
