Don't treat 65535 as the maximum snapshot length.

Make it 131072, instead; the MTU on the Linux loopback interface, in at least some versions of the kernel, is 65536, and that doesn't count the fake Ethernet header, so we need a value bigger than 65536. We don't want a value that's *too* large, so that it causes attempts to allocate huge amounts of memory, however. This (plus the corresponding change to libpcap) should fix GitHub issue
the-tcpdump-group · Jun 25, 2014 · d033c1b · d033c1b
1 parent f2b690e
commit d033c1b
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/netdissect.h b/netdissect.h
@@ -209,12 +209,15 @@ struct netdissect_options {
  * Maximum snapshot length.  This should be enough to capture the full
  * packet on most network interfaces.
  *
- * XXX - could it be larger?  If so, should it?  Some applications might
- * use the snapshot length in a savefile header to control the size of
- * the buffer they allocate, so a size of, say, 2^31-1 might not work
- * well.
+ * Somewhat arbitrary, but chosen to be 1) big enough for maximum-size
+ * Linux loopback packets and 2) small enough not to cause attempts to
+ * allocate huge amounts of memory; some applications might use the
+ * snapshot length in a savefile header to control the size of the buffer
+ * they allocate, so a size of, say, 2^31-1 might not work well.
+ *
+ * XXX - does it need to be bigger still?
  */
-#define MAXIMUM_SNAPLEN	65535
+#define MAXIMUM_SNAPLEN	131072
 
 /*
  * The default snapshot length is the maximum.