I have a question related to IRIX platforms. Does anyone know what the reason for the SIOCSNOOPLEN ioctl in pcap-snoop.c is? I ran into a bug with how its snooplen parameter is set in the newer versions of libpcap yesterday, which I reported in SourceForge. Then I did some more digging and found that in another version of libpcap in use on the project I'm working on, someone had worked around an earlier incarnation of the bug by simply commenting out the offending ioctl call.
I've managed to find enough information to establish that the ioctl limits how much data the "snoop" mechanism will collect in each packet, but as best I can tell in the testing I've done so far, that has no real effect on the user. If the ioctl doesn't limit the amount of data captured, a check against p->snapshot in the pcap_read function still ensures that the caplen returned to the user will not be larger than desired. Thus, I'm left wondering what the original purpose for using the SIOCSNOOPLEN ioctl was. Is removing the ioctl a valid workaround, or is there something important about it that we've missed? Or could the ioctl be something that was needed on earlier versions of Irix but not on 6.5? If anyone can shed light on these issues, I'd appreciate it. Nathan Barclay Teledyne Brown Engineering - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
