Wireshark-dev: Re: [Wireshark-dev] File size limits on Linux and building for large file suppor
From: Shehjar Tikoo <[email protected]>
Date: Tue, 26 Jun 2007 19:23:33 +1000
Ulf Lamping wrote:
Shehjar Tikoo schrieb:
I've seen a few posts in wireshark-users archive where Ulf Lamping mentions incorporating support for gint64 offsets for traffic dump files.
Does this imply that tshark can write pcap files using large file 
support on Linux without the need to resort to multiple capture ring 
files?
  
Although it's probably still untested, it should work.
No, it doesn't work on all systems. Heres the behavior I am getting:

1. On an Itanium, i.e. a 64-bit machine, tshark is able to dump files with sizes larger than 2
Gigs, but thats obvious.

2. P4, a 32-bit machine, is where the problem is. I built tshark using the following
command line:

	$ ./configure --without-zlib --enable-wireshark=no
	$ make

The resulting tshark binary can only write up to 2 Gigs in a single
file which is also obvious since there is no explicit large file
support, even though internally tshark might be using gint64's as
offset type.

Next I built tshark again using the following configure command:

   $ CFLAGS=-D_GNU_SOURCE\ -D_FILE_OFFSET_BITS=64 ./configure --enable-wireshark=no --without-zlib

This time, because the two macros were defined explicitly, tshark was
able to write a larger than 2 Gig file even on the IA32 machine.

Can the devs please modify the configure scripts and add these two flags
to enable large file support by default?

I've tested this on Linux.

Regards
Shehjar