[Snort-users] Snort 2GB limit

Lyle Sudin lylesudin at ...131...
Mon Feb 18 12:38:04 EST 2002


Thanks, Phil but even with the addition of 64-bit
support in libpcap, snort stops at exactly 2GB.

I recompiled libpcap with the changes to savefile.c
and I added the CFLAGS line to the snort Makefile to
no avail.  

I am running Turbo Linux Server 6.5 which supports
files > 2GB (I have tested it) so it's not a problem
with the OS.  

Could there be any other files which need editing?

Thanks,
Lyle


--- Phil Wood <cpw at ...440...> wrote:
> If you are running linux, change to the source to
> pcap and put the following
> somewhere before the #include(s) statements in
> savefile.c:
> 
> #ifdef linux
> #define _FILE_OFFSET_BITS 64
> #define _LARGEFILE64_SOURCE
> #endif
> 
> Them make clean, make.  Then, go to snort source
> directory:
> 
>   rm snort
>   make
> 
> This all assumes you have both the source to pcap
> and the source to snort
> and now how to build libpcap based applications and
> have correct include
> and library directives in your Makefile.
> 
> If you expect other files, created by snort to get
> large, then you would
> have to do a similar thing.  You can also just -D
> those two defines in
> somewhere in your Makefiles for the various
> applications that do big
> files.  Something like this:
> 	
> CFLAGS = -O2 -g -Wall -D_FILE_OFFSET_BITS 64
> -D_LARGEFILE64_SOURCE
> 
> is what I would do to the Makefile for snort.
> 
> On Fri, Feb 15, 2002 at 10:09:31AM -0600, Chris
> Eidem wrote:
> 
> > Sounds like an OS limitation, what are you
> running?
> > 
> >  - chris
> > 
> > > -----Original Message-----
> > > From: Lyle Sudin [mailto:lylesudin at ...131...]
> > > Sent: Friday, February 15, 2002 8:09 AM
> > > To: snort-users at lists.sourceforge.net
> > > Subject: [Snort-users] Snort 2GB limit
> > > 
> > > 
> > > Is there an inherent 2GB limit for snort?  My
> system supports files > 
> > > 2GB but when I run snort in binary mode it stops
> cold at 2GB. 
> > >  Is there 
> > > something I am missing here?  snort was run
> simply as:
> > > snort -l /data -b -D
> > > 
> > > It works fine up to 2GB.
> > > 
> > > Thanks,
> > > Lyle
> > > 
> > > 
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or
> unsubscribe:
> > >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list
> 
> -- 
> Phil Wood, cpw at ...440...
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com




More information about the Snort-users mailing list