Subject: Re: packet capturing
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Daniel Carosone <dan@geek.com.au>
List: tech-kern
Date: 01/21/2004 10:47:19
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 20, 2004 at 03:08:03PM -0800, Jonathan Stone wrote:
> How about this as a compromise:
>=20
> 1. bump the `default' bpf buffersize for naive apps to 32k, and the def=
ault
> limit (bpf_maxbufersize) to 256k.
>=20
> 2. Make the run-time values sysctl'able (or at least patchable,
> since I dont really grok Andew's dynamic sysctl API).
>=20
> 3. Pull in the binary-search heuristic to bpf-pcap's live-capture
> routine. Have it search (via BIOCSBLEN) all the way up to a humungous
> size, say 4Mbytes. That way, root can set larger values via patch/sys=
ctl
> (or dynamic boot-time sizing, if someone wants to add it)
> without requiring recompilation of libpcap.
This sounds good, especially if sysctl'able.
--
Dan.
--WfZ7S8PLGjBY9Voh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
iD8DBQFADb4GEAVxvV4N66cRAtR0AJ9T7p/8zBFLEyVMUSlq5MsVl1lb5wCdF9cH
lI6AqqxRcfzfoZHrxl3C9IA=
=PTdi
-----END PGP SIGNATURE-----
--WfZ7S8PLGjBY9Voh--