tcpdump mailing list archives
Re: libpcap file size limit
From: Michael Boman <michael.boman () securecirt com>
Date: Tue, 11 Nov 2003 16:07:36 +0800
On Tue, 2003-11-11 at 04:39, Guy Harris wrote:
On Nov 10, 2003, at 11:20 AM, dloose () WPI EDU wrote:Hi everyone. I did a Google search for this problem and uncovered a wealth of information about the it, but not very much on how to fix it, so here I am. I have two rather large (~1.5GB each) capture files that I need to merge into one. The program I'm using runs for a bit and then stops with a "maximum file size exceeded" error.What happens if you compile and run the attached file on the two capture files and send the standard output to another file? If you get a "maximum file size exceeded" error, the problem is that the standard way to use the "standard I/O library" routines on your Linux system (and probably most if not all Linux systems) doesn't handle files >2GB. If there's a way to get those routines to do so, libpcap would have to use that way *IF* available in order to support files >2GB on platforms where the standard way to use those routines doesn't handle them. If there isn't a way to get those routines to do so, libpcap would have to be changed not to use them in order to support files >2GB on those platforms.Is there a workaround of some kind that will let libpcap handle larger files? Some of the info I turned up seemed to suggest that there is a configuration option that will compile libpcap with large file support, but I can't seem to find it.That's because it doesn't exist, at least with the tcpdump.org libpcap.
http://www.suse.de/~aj/linux_lfs.html has the answer. Basically recompile libpcap with DEFS = -DHAVE_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -D_GNU_SOURCE in the Makefile.. (information originated from a snort-users posting..) Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- libpcap file size limit dloose (Nov 10)
- Re: libpcap file size limit Guy Harris (Nov 10)
- Re: libpcap file size limit Michael Boman (Nov 11)
- Re: libpcap file size limit Guy Harris (Nov 11)
- Re: libpcap file size limit Michael Boman (Nov 11)
- Re: libpcap file size limit Guy Harris (Nov 10)