> >> So I fixed the thing simply changing af_packet to ignore the rcvbuf
> >> limits. I think it's a good thing to be sure to always have a _relialable_
> >> tcpdump.
> >
> >It is a good thing to have a reliable tcpdump. Its even less reliable
> >now I can use it to wipe out your machine. Your tools to monitor an attacker
> >now let them break your computer.
>
> In the worst case it won't wipe out my machine. The machine could go OOM
> yes, but I'd like more to have the machine overloaded than not see what's
> going to happen. And if your tcpdump will get an OOM segfault it won't
> make difference because you are just going to lose data so better a
> complete break than an hided lose frame. This mean you'll do everything
> possible until you'll be OOM. I like this way here. I use tcpdump for
> debugging and I _don't_ want to ask myself if for some unliky reason a
What about kernel telling tcpdump [lost 5 frames here]? It is better
than silently loosing your frames. It will not go OOM. What do you
think?
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/