[PATCH] Improvement of behaviour when -s 0 is used

[Magnus Gille <mgille () edgewaternetworks com>]

I came across an issue with tcpdump where the linux kernel couldn't allocate
memory properly when we ran tcpdump -s 0 on one of our boxes. Tcpdump sets
snaplen to 65535 if -s 0 is provided and this became a problem for us, to
get around this I changed the behaviour to query what the MTU actually is. I
made this patch against git current, please give me comments if you want
something changed. I only have access to a Linux machine so I've not tested
it on any other machine.


diff --git a/tcpdump.c b/tcpdump.c
index ee9304d..c91f4eb 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -83,6 +83,14 @@ extern int SIZE_BUF;
 #include "gmt2local.h"
 #include "pcap-missing.h"

+
+#ifdef LINUX
+#include <sys/ioctl.h>
+#include <net/if.h>
+#include <netinet/if_ether.h>
+#endif
+
+
 #ifndef NAME_MAX
 #define NAME_MAX 255
 #endif
@@ -324,6 +332,35 @@ static struct ndo_printer ndo_printers[] = {
        { NULL,                 0 },
 };

+#ifdef LINUX
+static int get_device_mtu(const char *device) {
+       int fd = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL));
+       if(fd == -1) {
+               perror("socket");
+               exit(-1);
+       }
+       if (!device) {
+               close(fd);
+               return BIGGER_THAN_ALL_MTUS;
+       }
+
+       memset(&ifr, 0, sizeof(ifr));
+       strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+
+       if (ioctl(fd, SIOCGIFMTU, &ifr) == -1) {
+               close(sockfd);
+               return BIGGER_THAN_ALL_MTUS;
+       }
+       close(fd);
+
+       return ifr.ifr_mtu;
+}

//Magnus
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.