[Snort-devel] Re: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Stefan Esser se at ...151...
Sat Dec 9 08:21:32 EST 2000


On 2000-12-08 00:38 -0800, Guy Harris <gharris at ...148...> wrote:
> (Both FreeBSD and OpenBSD have the maximum buffer size for BPF as 512KB
> in the top of the CVS tree; NetBSD still has it as 32K.)

You can change both the default and maximum BPF buffer sizes at 
run time (affecting an subsequent open()) in FreeBSD:

# sysctl -w debug.bpf_bufsize=32768 debug.bpf_maxbufsize=4194304

makes the default buffer size 32K and limits the size to 4MB, for 
example.

There were further changes to the BPF kernel code suggested by the 
NFR folks, which do not seem to have made it into FreeBSD, though. 
The original patches were for FreeBSD-2.2.x, I ported them to 3.x, 
but there have been many changes to bpf.c since then ...

I can dig out the old patch and accompanying rationale, if anybody 
is interested, since it has been removed from the NFR download area.

Regards, STefan




More information about the Snort-devel mailing list