If we're reading from a savefile, don't try to install a kernel packet
filter.
It appears that "recvfrom()", in 2.2 and later kernels, doesn't check
whether the starting buffer address plus the byte count goes into an
unmapped region of the address space - it (or code it calls) presumably
only checks the locations into which it's actually copying data - so
there doesn't appear to be, on systems with 2.2 and later kernels, any
need to ensure that the buffer size is at least large as the snapshot
length. We therefore only do so if we're using the old
PF_INET/SOCK_PACKET mechanism; if we're using PF_PACKET, we're on a
2.2 or later kernel, so we don't do it there.
projects / libpcap / commit
