build: hex: add ex_doc configuration

1.1.2

rlimit: limit to max open fd

libpcap may open additional file descriptors such as for polling by
eventfd(2). If the rlimit process restrictions are used, find the largest
open file descriptor by testing all fd's from the max open file descriptor
limit (`ulimit -n`).

With this restriction, an epcap process still has the capability to
access files or the network by closing and reopening a fd. The
capability to access files is limited by the call to chroot().

Thanks @jephthai !

Fixes #33

Set the default filter to match any packet

Imitiate tcpdump and match any packet by default.

style nit: simplify logic