Ulf Lamping wrote:
Shehjar Tikoo schrieb:
I've seen a few posts in wireshark-users archive where Ulf Lamping
mentions incorporating support for gint64 offsets for traffic dump files.
Does this imply that tshark can write pcap files using large file
support on Linux without the need to resort to multiple capture ring
files?
Although it's probably still untested, it should work.
No, it doesn't work on all systems. Heres the behavior I am getting:
1. On an Itanium, i.e. a 64-bit machine, tshark is able to dump files with sizes larger than 2
Gigs, but thats obvious.
2. P4, a 32-bit machine, is where the problem is. I built tshark using the following
command line:
$ ./configure --without-zlib --enable-wireshark=no
$ make
The resulting tshark binary can only write up to 2 Gigs in a single
file which is also obvious since there is no explicit large file
support, even though internally tshark might be using gint64's as
offset type.
Next I built tshark again using the following configure command:
$ CFLAGS=-D_GNU_SOURCE\ -D_FILE_OFFSET_BITS=64 ./configure --enable-wireshark=no --without-zlib
This time, because the two macros were defined explicitly, tshark was
able to write a larger than 2 Gig file even on the IA32 machine.
Can the devs please modify the configure scripts and add these two flags
to enable large file support by default?
I've tested this on Linux.
Regards
Shehjar