>
> /*
> - * Charge the memory to the socket. This is done specifically
> - * to prevent sockets using all the memory up.
> + * Sock packet can be created by root and the only thing that root
> + * cares when him uses af_packet is to _not_ lose frames. So
> + * completly ignore the rcvbuf limit and queue as much skb
> + * as possible. This avoids us to lose frames and become crazy
> + * while debugging TCP/IP ;). No, this won't either impact the
> + * stability of the system because we woundn't reach this point if
> + * the machine would been OOM because the skb woundn't be alloced in
> + * first place. -arca
I think this is a completely bogus logic. Even root has the right that
we don't crash his system willingly. Imagine what will happen on a 100Mbit/s
or gigabit ethernet interface. The real solution is to increase the socket
buffer - but you really have to limit the queue somehow.
BTW, a more useful change would be reliable counters on when a tapped
packet is dropped because of out-of-memory (in /proc/net/netstat). Currently
there are many cases when there is no counter increased. With that users
could reliably diagnose when their packet socket buffers are too small or
when their dump machine can't keep up. I did most of the work for this in
late 2.1, but it was too late for the code freeze.
>
> tcpdump uses obsolete (PF_INET,SOCK_PACKET)
Because that API is obsolete, and Linux does not want to support it
forever.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/