Ulf Lamping wrote:
> Shehjar Tikoo schrieb:
>> I've seen a few posts in wireshark-users archive where Ulf Lamping
>> mentions incorporating support for gint64 offsets for traffic dump files.
>>
>> Does this imply that tshark can write pcap files using large file
>> support on Linux without the need to resort to multiple capture ring
>> files?
>>
> Although it's probably still untested, it should work.
No, it doesn't work on all systems. Heres the behavior I am getting:
1. On an Itanium, i.e. a 64-bit machine, tshark is able to dump files with
sizes larger than 2
Gigs, but thats obvious.
2. P4, a 32-bit machine, is where the problem is. I built tshark using the
following
command line:
$ ./configure --without-zlib --enable-wireshark=no
$ make
The resulting tshark binary can only write up to 2 Gigs in a single
file which is also obvious since there is no explicit large file
support, even though internally tshark might be using gint64's as
offset type.
Next I built tshark again using the following configure command:
$ CFLAGS=-D_GNU_SOURCE\ -D_FILE_OFFSET_BITS=64 ./configure
--enable-wireshark=no --without-zlib
This time, because the two macros were defined explicitly, tshark was
able to write a larger than 2 Gig file even on the IA32 machine.
Can the devs please modify the configure scripts and add these two flags
to enable large file support by default?
I've tested this on Linux.
Regards
Shehjar
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
