Allow libpcap buffer size to be set manually.

scripts/base/init-bare.bro

@@ -3715,6 +3715,9 @@ module GLOBAL;
 ## Number of bytes per packet to capture from live interfaces.
 const snaplen = 8192 &redef;
 
+## Number of bytes for libpcap buffer.
+const bufsize = 128 &redef;
+
 ## Seed for hashes computed internally for probabilistic data structures. Using
 ## the same value here will make the hashes compatible between independent Bro
 ## instances. If left unset, Bro will use a temporary local seed.

src/Net.h

@@ -73,6 +73,9 @@ extern bool using_communication;
 // Snaplen passed to libpcap.
 extern int snaplen;
 
+// Buffer size passed to libpcap.
+extern int bufsize;
+
 extern const Packet* current_pkt;
 extern int current_dispatched;
 extern double current_timestamp;

src/iosource/PktSrc.cc

@@ -71,6 +71,11 @@ int PktSrc::SnapLen() const
 	return snaplen; // That's a global. Change?
 	}
 
+int PktSrc::BufSize() const
+	{
+	return bufsize; // That's a global too. Change?
+	}
+
 bool PktSrc::IsLive() const
 	{
 	return props.is_live;

src/iosource/PktSrc.h

@@ -100,6 +100,11 @@ public:
 	 */
 	int SnapLen() const;
 
+	/**
+	 * Returns the buffer size for this source.
+	 */
+	int BufSize() const;
+
 	/**
 	 * In pseudo-realtime mode, returns the logical timestamp of the
 	 * current packet. Undefined if not running pseudo-realtime mode.

src/iosource/pcap/Source.cc

@@ -89,11 +89,53 @@ void PcapSource::OpenLive()
 	// broken on FreeBSD: even when select() indicates that we can read
 	// something, we may get nothing if the store buffer hasn't filled up
 	// yet.)
-	pd = pcap_open_live(props.path.c_str(), SnapLen(), 1, 1, tmp_errbuf);
+	pd = pcap_create(props.path.c_str(), errbuf);
 
 	if ( ! pd )
 		{
-		Error(tmp_errbuf);
+        safe_snprintf(errbuf, sizeof(errbuf), 
+            "pcap_create: %s", pcap_geterr(pd));
+     	Error(errbuf);
+        return;
+        }
+
+    if ( pcap_set_snaplen(pd, SnapLen()) )
+        {
+        safe_snprintf(errbuf, sizeof(errbuf), 
+            "pcap_set_snaplen: %s", pcap_geterr(pd));
+     	Error(errbuf);
+        return;
+        }
+
+    if ( pcap_set_promisc(pd, 1) )
+        {
+        safe_snprintf(errbuf, sizeof(errbuf), 
+            "pcap_set_promisc: %s", pcap_geterr(pd));
+     	Error(errbuf);
+        return;
+        }
+
+    if ( pcap_set_timeout(pd, 1) )
+        {
+        safe_snprintf(errbuf, sizeof(errbuf), 
+            "pcap_set_timeout: %s", pcap_geterr(pd));
+     	Error(errbuf);
+        return;
+        }
+
+    if ( pcap_set_buffer_size(pd, BufSize()) )
+        {
+        safe_snprintf(errbuf, sizeof(errbuf), 
+            "pcap_set_buffer_size: %s", pcap_geterr(pd));
+     	Error(errbuf);
+        return;
+        }
+
+	if ( pcap_activate(pd) )
+		{
+ 		safe_snprintf(errbuf, sizeof(errbuf),
+            "pcap_activate: %s", pcap_geterr(pd));
+     	Error(errbuf);
 		return;
 		}
 

src/main.cc

@@ -122,6 +122,7 @@ vector<string> params;
 set<string> requested_plugins;
 char* proc_status_file = 0;
 int snaplen = 0;	// this gets set from the scripting-layer's value
+int bufsize = 0;
 
 OpaqueType* md5_type = 0;
 OpaqueType* sha1_type = 0;
@@ -990,6 +991,7 @@ int main(int argc, char** argv)
 		}
 
 	snaplen = internal_val("snaplen")->AsCount();
+	bufsize = internal_val("bufsize")->AsCount() * 1024 * 1024;     // Size in Mbytes
 
 	if ( dns_type != DNS_PRIME )
 		net_init(interfaces, read_files, writefile, do_watchdog);