Snort mailing list archives
Re: Snort 2GB limit
From: Phil Wood <cpw () lanl gov>
Date: Mon, 18 Feb 2002 17:50:46 -0700
On Mon, Feb 18, 2002 at 12:37:14PM -0800, Lyle Sudin wrote:
Thanks, Phil but even with the addition of 64-bit support in libpcap, snort stops at exactly 2GB.
Make sure that there is not another pcap lurking where snorts configure could find it. It might be using a shared library .so and bypassing what you want.
I recompiled libpcap with the changes to savefile.c and I added the CFLAGS line to the snort Makefile to no avail. I am running Turbo Linux Server 6.5 which supports files > 2GB (I have tested it) so it's not a problem with the OS. Could there be any other files which need editing?
I did not use any other files. But, I'm using Debian, with my own "turbo" linux and running a 2.4.16 kernel. You might want to check the kernel config. I seem to remember something about > x Gig. But, it might just have been the memory configuration. One thing you might make sure of is that your asm and linux includes are linked to your kernel source (/usr/src/linux/include/{asm,linux} respectively.
Thanks, Lyle --- Phil Wood <cpw () lanl gov> wrote:If you are running linux, change to the source to pcap and put the following somewhere before the #include(s) statements in savefile.c: #ifdef linux #define _FILE_OFFSET_BITS 64 #define _LARGEFILE64_SOURCE #endif Them make clean, make. Then, go to snort source directory: rm snort make This all assumes you have both the source to pcap and the source to snort and now how to build libpcap based applications and have correct include and library directives in your Makefile. If you expect other files, created by snort to get large, then you would have to do a similar thing. You can also just -D those two defines in somewhere in your Makefiles for the various applications that do big files. Something like this: CFLAGS = -O2 -g -Wall -D_FILE_OFFSET_BITS 64 -D_LARGEFILE64_SOURCE is what I would do to the Makefile for snort. On Fri, Feb 15, 2002 at 10:09:31AM -0600, Chris Eidem wrote:Sounds like an OS limitation, what are yourunning?- chris-----Original Message----- From: Lyle Sudin [mailto:lylesudin () yahoo com] Sent: Friday, February 15, 2002 8:09 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort 2GB limit Is there an inherent 2GB limit for snort? Mysystem supports files >2GB but when I run snort in binary mode it stopscold at 2GB.Is there something I am missing here? snort was runsimply as:snort -l /data -b -D It works fine up to 2GB. Thanks, Lyle _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive: http://www.geocrawler.com/redir-sf.php3?list-- Phil Wood, cpw () lanl gov__________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2GB limit Lyle Sudin (Feb 15)
- Re: Snort 2GB limit Tony Blackmon (Feb 15)
- <Possible follow-ups>
- RE: Snort 2GB limit Chris Eidem (Feb 15)
- Re: Snort 2GB limit Phil Wood (Feb 15)
- Re: Snort 2GB limit Lyle Sudin (Feb 18)
- Re: Snort 2GB limit Phil Wood (Feb 18)
- Re: Snort 2GB limit Phil Wood (Feb 15)