tcpslice and files > 2GB

[Shane Williams <broot () ischool utexas edu>]

I spent several hours today troubleshooting tcpslice when used on
capture files larger than 2 gigabytes.  This is all on a RedHat 7.2
system using gcc 2.96 (the default on RH 7.2).  I have a custom
compiled version of libpcap-0.7.2 that properly supports such files
and I know it works because the version of tcpdump that uses it has
captured files on the order of 30 GB before.  As one can imagine, it's
files this large that would make tcpslice really useful (at least for
me).

After various attempts with various versions, I found the solution
that works.  Unlike tcpdump, where large file support only requires
you point it at a libpcap compiled with large file support, tcpslice
also needs the following entries added to the DEFS line in the
Makefile (this is based on the cvs version as of today):
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE

Hopefully someone else can avoid spending 2 hours of experimentation
now.

Related to my trial and error, it would be nice if the configure
script for tcpslice would allow you to specify include and lib
directories that aren't automatically prefaced with PREFIX.  In my
case, the main libpcap is what came with the system, and the one with
large file support sits in my user directory, so I had to edit the
Makefile by hand to add a -I entry as well as a correct LIBS entry.
Not a big deal, but some users might not catch it.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |       broot () ischool utexas edu
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe