Comment 23 for bug 1758037

I realized that the path without:
  <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
works but is totally different.
It uses pcap_open_live

So I compared our code in virNWFilterSnoopDHCPOpen with pcap_open_live.
We use different buffer sizes and don't set promisc and timeout.
But the minimal change I found that seems to make it work was:

--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1115,7 +1115,6 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
     }

     if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 ||
- pcap_set_buffer_size(handle, PCAP_BUFFERSIZE) < 0 ||
         pcap_activate(handle) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("setup of pcap handle failed: %s"),

The size for this was defined as:
  /*
   * libpcap 1.5 requires a 128kb buffer
   * 128 kb is bigger than (DHCP_PKT_BURST * PCAP_PBUFSIZE / 2)
   */
  # define PCAP_BUFFERSIZE (128 * 1024)

This is from [1], does all that from a libpcap experts POV make sense?
Would it be reasonable to drop this call these days or change the size?

[1]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=49b59a151f60b0a178b023b727bac30f80bd6000