Don't treat 65535 as the maximum snapshot length.

Make it 131072, instead; the MTU on the Linux loopback interface, in at
least some versions of the kernel, is 65536, and that doesn't count the
fake Ethernet header, so we need a value bigger than 65536.  We don't
want a value that's *too* large, so that it causes attempts to allocate
huge amounts of memory, however.

This (plus the corresponding change to libpcap) should fix GitHub issue

1 files changed, 8 insertions, 5 deletions

diff --git a/netdissect.h b/netdissect.h
index 1b11bf8e..87a976a0 100644
--- a/netdissect.h
+++ b/netdissect.h
@@ -209,12 +209,15 @@ struct netdissect_options {
  * Maximum snapshot length.  This should be enough to capture the full
  * packet on most network interfaces.
  *
- * XXX - could it be larger?  If so, should it?  Some applications might
- * use the snapshot length in a savefile header to control the size of
- * the buffer they allocate, so a size of, say, 2^31-1 might not work
- * well.
+ * Somewhat arbitrary, but chosen to be 1) big enough for maximum-size
+ * Linux loopback packets and 2) small enough not to cause attempts to
+ * allocate huge amounts of memory; some applications might use the
+ * snapshot length in a savefile header to control the size of the buffer
+ * they allocate, so a size of, say, 2^31-1 might not work well.
+ *
+ * XXX - does it need to be bigger still?
  */
-#define MAXIMUM_SNAPLEN	65535
+#define MAXIMUM_SNAPLEN	131072
 
 /*
  * The default snapshot length is the maximum.