Subject: Re: packet capturing
To: Perry E. Metzger <email@example.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 01/21/2004 19:07:51
>One last question -- any reason not to use the sysctl to determine the
>limit now that you added one?
Only ``Thats what the standard libpcap does''. If you can get
tcpdump.org to buy it back, I say go for it. The sysctl name we use
is already different from the name FreeBSD uses, so a portable version
might be messier (if less aesthetically pleasing to us) than doing the
The binary search is ... weird, though. In most of the bpf
implementations I've seen, if you ask for an absurdly large buffer
size, bpf will succeed and clip the buffer size at its own maximum.
So the code could just ask for a megabyte or three; if that succeeds,
there's no need to search.