Merge remote-tracking branch 'origin/topic/jazoff/fix-snaplen'

* origin/topic/jazoff/fix-snaplen: problem: default snaplen is too small for jumbo frames
2025-10-02 14:48:21 +00:00 · 2018-08-21 14:54:12 -05:00 · 2018-08-21 14:54:12 -05:00 · b679a51376
commit b679a51376
parent b63f0e2675 bbcf95dca4
12 changed files with 50 additions and 6 deletions
--- a/5
+++ b/5
@ -1,4 +1,9 @@
 2.5-887 | 2018-08-21 14:54:12 -0500
  * Change default snaplen to 9216 bytes to better accommodate jumbo frames
    (Justin Azoff)
 2.5-884 | 2018-08-20 15:39:21 -0500
  * Fix outdated documentation test baselines (Jon Siwek, Corelight)
--- a/3
+++ b/3
@ -450,6 +450,9 @@ Removed Functionality
 - The node-specific ``site/local-*.bro`` scripts have been removed.
 - The default value of ``Pcap::snaplen`` changed from 8192 to 9216 bytes
  to better accommodate jumbo frames.
 Deprecated Functionality
 ------------------------
--- a/2
+++ b/2
@ -1 +1 @@
-2.5-884
+2.5-887
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit 336e719c33d64efebe65f11322e2fbc6d11c946b
+Subproject commit 57973e670effe27a0b66bff75f35298b6066e469
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -4813,7 +4813,7 @@ export {
 module Pcap;
 export {
 	## Number of bytes per packet to capture from live interfaces.
-	const snaplen = 8192 &redef;
+	const snaplen = 9216 &redef;
 	## Number of Mbytes to provide as buffer space when capturing from live
 	## interfaces.
--- a/testing/btest/Baseline/bifs.dump_current_packet/1.hex
+++ b/testing/btest/Baseline/bifs.dump_current_packet/1.hex
@ -0,0 +1,9 @@
 00000000  d4 c3 b2 a1 02 00 04 00  00 00 00 00 00 00 00 00  |................|
 00000010  00 24 00 00 01 00 00 00  1f ad 83 4d 17 79 01 00  |.$.........M.y..|
 00000020  57 00 00 00 57 00 00 00  01 00 5e 00 00 fb 00 30  |W...W.....^....0|
 00000030  48 bd 3e c4 08 00 45 00  00 49 00 00 40 00 ff 11  |H.>...E..I..@...|
 00000040  30 4f 8d 8e dc ca e0 00  00 fb 14 e9 14 e9 00 35  |0O.............5|
 00000050  7f 62 00 00 00 00 00 01  00 00 00 00 00 00 06 67  |.b.............g|
 00000060  65 6d 69 6e 69 09 5f 73  66 74 70 2d 73 73 68 04  |emini._sftp-ssh.|
 00000070  5f 74 63 70 05 6c 6f 63  61 6c 00 00 21 00 01     |_tcp.local..!..|
 0000007f
--- a/testing/btest/Baseline/bifs.dump_current_packet/1.pcap
+++ b/testing/btest/Baseline/bifs.dump_current_packet/1.pcap
--- a/testing/btest/Baseline/bifs.dump_current_packet/2.hex
+++ b/testing/btest/Baseline/bifs.dump_current_packet/2.hex
@ -0,0 +1,17 @@
 00000000  d4 c3 b2 a1 02 00 04 00  00 00 00 00 00 00 00 00  |................|
 00000010  00 24 00 00 01 00 00 00  1f ad 83 4d f4 7a 01 00  |.$.........M.z..|
 00000020  d5 00 00 00 d5 00 00 00  33 33 00 00 00 fb 00 17  |........33......|
 00000030  f2 d7 cf 65 86 dd 60 00  00 00 00 9f 11 ff fe 80  |...e..`.........|
 00000040  00 00 00 00 00 00 02 17  f2 ff fe d7 cf 65 ff 02  |.............e..|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 fb 14 e9  |................|
 00000060  14 e9 00 9f 44 e9 00 00  84 00 00 00 00 01 00 00  |....D...........|
 00000070  00 04 06 67 65 6d 69 6e  69 09 5f 73 66 74 70 2d  |...gemini._sftp-|
 00000080  73 73 68 04 5f 74 63 70  05 6c 6f 63 61 6c 00 00  |ssh._tcp.local..|
 00000090  21 80 01 00 00 00 78 00  0f 00 00 00 00 00 16 06  |!.....x.........|
 000000a0  67 65 6d 69 6e 69 c0 22  c0 39 00 1c 80 01 00 00  |gemini.".9......|
 000000b0  00 78 00 10 fe 80 00 00  00 00 00 00 02 17 f2 ff  |.x..............|
 000000c0  fe d7 cf 65 c0 39 00 01  80 01 00 00 00 78 00 04  |...e.9.......x..|
 000000d0  8d 8e dc 32 c0 0c 00 2f  80 01 00 00 00 78 00 09  |...2.../.....x..|
 000000e0  c0 0c 00 05 00 00 80 00  40 c0 39 00 2f 80 01 00  |........@.9./...|
 000000f0  00 00 78 00 08 c0 39 00  04 40 00 00 08           |..x...9..@...|
 000000fd
--- a/testing/btest/Baseline/bifs.dump_current_packet/2.pcap
+++ b/testing/btest/Baseline/bifs.dump_current_packet/2.pcap
--- a/testing/btest/Baseline/core.pcap.dumper/output
+++ b/testing/btest/Baseline/core.pcap.dumper/output
@ -1,4 +1,4 @@
 2c2
 < 00000010  ff ff 00 00 01 00 00 00  1d a2 b2 4e 73 00 07 00  |...........Ns...|
 ---
-> 00000010  00 20 00 00 01 00 00 00  1d a2 b2 4e 73 00 07 00  |. .........Ns...|
+> 00000010  00 24 00 00 01 00 00 00  1d a2 b2 4e 73 00 07 00  |.$.........Ns...|
--- a/testing/btest/bifs/dump_current_packet.bro
+++ b/testing/btest/bifs/dump_current_packet.bro
@ -1,6 +1,12 @@
 # @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
-# @TEST-EXEC: btest-diff 1.pcap
+# @TEST-EXEC: hexdump -C 1.pcap >1.hex
-# @TEST-EXEC: btest-diff 2.pcap
+# @TEST-EXEC: hexdump -C 2.pcap >2.hex
 # @TEST-EXEC: btest-diff 1.hex
 # @TEST-EXEC: btest-diff 2.hex
 # Note that the hex output will contain global pcap header information,
 # including Bro's snaplen setting (so maybe check that out in the case
 # you are reading this message due to this test failing in the future).
 global i: count = 0;
--- a/testing/btest/core/pcap/dumper.bro
+++ b/testing/btest/core/pcap/dumper.bro
@ -2,4 +2,8 @@
 # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1
 # @TEST-EXEC: hexdump -C dump >2
 # @TEST-EXEC: diff 1 2 >output || true
 # Note that we're diff'ing the diff because there is an expected
 # difference in the pcaps: namely, the snaplen setting stored in the
 # global pcap header.
 # @TEST-EXEC: btest-diff output
		`@ -1 +1 @@`
			`Subproject commit 336e719c33d64efebe65f11322e2fbc6d11c946b`				`Subproject commit 57973e670effe27a0b66bff75f35298b6066e469`