Reduce snaplen default from 65535 to old default of 8192. (fixes #720)

Also replaced the --snaplen/-l command line option with a scripting-layer option called "snaplen" (which can also be redefined on the command line, e.g. `bro -i eth0 snaplen=65535`).
2025-10-02 06:38:20 +00:00 · 2012-01-04 16:30:15 -06:00 · 2012-01-04 16:30:15 -06:00 · 645c80f974
commit 645c80f974
parent e5b3d318a6
2 changed files with 6 additions and 7 deletions
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -1505,6 +1505,9 @@ const skip_http_data = F &redef;
 ## UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro.
 const parse_udp_tunnels = F &redef;

+## Number of bytes per packet to capture from live interfaces.
+const snaplen = 8192 &redef;
+
 # Load the logging framework here because it uses fairly deep integration with 
 # BiFs and script-land defined types.
@load base/frameworks/logging
--- a/src/main.cc
+++ b/src/main.cc
@ -97,7 +97,7 @@ extern char version[];
 char* command_line_policy = 0;
 vector<string> params;
 char* proc_status_file = 0;
-int snaplen = 65535;	// really want "capture entire packet"
+int snaplen = 0;	// this gets set from the scripting-layer's value

 int FLAGS_use_binpac = false;

@ -145,7 +145,6 @@ void usage()
 	fprintf(stderr, "    -g|--dump-config               | dump current config into .state dir\n");
 	fprintf(stderr, "    -h|--help|-?                   | command line help\n");
 	fprintf(stderr, "    -i|--iface <interface>         | read from given interface\n");
-	fprintf(stderr, "    -l|--snaplen <snaplen>         | number of bytes per packet to capture from interfaces (default 65535)\n");
 	fprintf(stderr, "    -p|--prefix <prefix>           | add given prefix to policy file resolution\n");
 	fprintf(stderr, "    -r|--readfile <readfile>       | read from given tcpdump file\n");
 	fprintf(stderr, "    -y|--flowfile <file>[=<ident>] | read from given flow file\n");
@ -372,7 +371,6 @@ int main(int argc, char** argv)
 		{"filter",		required_argument,	0,	'f'},
 		{"help",		no_argument,		0,	'h'},
 		{"iface",		required_argument,	0,	'i'},
-		{"snaplen",		required_argument,	0,	'l'},
 		{"doc-scripts",		no_argument,		0,	'Z'},
 		{"prefix",		required_argument,	0,	'p'},
 		{"readfile",		required_argument,	0,	'r'},
@ -481,10 +479,6 @@ int main(int argc, char** argv)
 			interfaces.append(optarg);
 			break;

-		case 'l':
-			snaplen = atoi(optarg);
-			break;
-
 		case 'p':
 			prefixes.append(optarg);
 			break;
@ -833,6 +827,8 @@ int main(int argc, char** argv)
 			}
 		}

+	snaplen = internal_val("snaplen")->AsCount();
+
 	// Initialize the secondary path, if it's needed.
 	secondary_path = new SecondaryPath();