Re: Buffer size question

[Pekka Savola <pekkas () netcore fi>]

On Fri, 15 Oct 2004, Hannes Gredler wrote:
> shouldn't we have upper/lower boundary checks for
> such a buffer ?
>
> i.e. minbuffer 1.5K
>      maxbuffer 128K

And if this is done, shouldn't we be doing some input validation?  
The user might not even give a numeric value, much less positive one.  
And think about the cases when tcpdump is setuid root, and run by
users.  Seems like a potentially dangerous thing to do..


> On Thu, Oct 14, 2004 at 02:29:14PM -0400, Ed Maste wrote:
> | > I'll download one of the nightly tars and try out the 
> | > environment variable idea.
> | 
> | Here's my simple patch to allow an environment variable
> | PCAP_BUFSIZE to override the default initial buffer size.
> | 
> | --- pcap-bpf.c      Tue Oct  5 03:23:39 2004
> | +++ pcap-bpf.c.new  Thu Oct 14 14:21:41 2004
> | @@ -578,6 +578,7 @@
> |     u_int v;
> |     pcap_t *p;
> |     struct utsname osinfo;
> | +   char *cp;
> |  
> |  #ifdef HAVE_DAG_API
> |     if (strstr(device, "dag")) {
> | @@ -626,6 +627,8 @@
> |      */
> |     if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768)
> |             v = 32768;
> | +   if ((cp = getenv("PCAP_BUFSIZE")))
> | +           v = atoi(cp);
> |     for ( ; v != 0; v >>= 1) {
> |             /* Ignore the return value - this is because the call fails
> |              * on BPF systems that don't have kernel malloc.  And if
> | -
> | This is the tcpdump-workers list.
> | Visit https://lists.sandelman.ca/ to unsubscribe.
> | 
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.