[Snort-devel] Re: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
se at ...151...
Sat Dec 9 08:21:32 EST 2000
On 2000-12-08 00:38 -0800, Guy Harris <gharris at ...148...> wrote:
> (Both FreeBSD and OpenBSD have the maximum buffer size for BPF as 512KB
> in the top of the CVS tree; NetBSD still has it as 32K.)
You can change both the default and maximum BPF buffer sizes at
run time (affecting an subsequent open()) in FreeBSD:
# sysctl -w debug.bpf_bufsize=32768 debug.bpf_maxbufsize=4194304
makes the default buffer size 32K and limits the size to 4MB, for
There were further changes to the BPF kernel code suggested by the
NFR folks, which do not seem to have made it into FreeBSD, though.
The original patches were for FreeBSD-2.2.x, I ported them to 3.x,
but there have been many changes to bpf.c since then ...
I can dig out the old patch and accompanying rationale, if anybody
is interested, since it has been removed from the NFR download area.
More information about the Snort-devel