Date: Sat, 11 Sep 1999 12:15:40 +0900 (JST) From: TATEOKA Takamichi <tate@spa.is.uec.ac.jp> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/13691: tcpslice cannot extract over 2GB part of trace file Message-ID: <199909110315.MAA55702@unzen.spa.is.uec.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 13691 >Category: bin >Synopsis: tcpslice cannot extract over 2GB part of trace file >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 10 20:20:00 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Takamichi Tateoka >Release: FreeBSD 3.1-RELEASE i386 >Organization: University of Electro-Communications, Tokyo, JAPAN >Environment: FreeBSD-3.1 RELEASE on i386 (Pentium-II) >Description: The version of tcpslice cannot extract portions that stay on over 2GB part of original packet trace file. >How-To-Repeat: Create a large (over 2GB) trace file by tcpdump, and extract tail of it. Following is example: unzen:tate[13]% ls -l total 4806848 -rw-r--r-- 1 root wheel 4919795712 Sep 11 02:22 dump.fxp0.932014828 unzen:tate[14]% tcpdump -n -tt -r dump.fxp0.932014828 | grep ^9366804 | head tcpdump: pcap_loop: truncated dump file 936680400.586243 192.168.166.48.753 > 192.168.166.2.732: udp 76 936680400.587052 192.168.166.2.732 > 192.168.166.48.753: udp 68 (DF) 936680400.587164 192.168.166.48.753 > 192.168.166.2.732: udp 88 936680400.587752 192.168.166.2.732 > 192.168.166.48.753: udp 60 (DF) 936680400.587837 192.168.166.48.753 > 192.168.166.2.732: udp 88 936680400.588436 192.168.166.2.732 > 192.168.166.48.753: udp 76 (DF) 936680400.588522 192.168.166.48.753 > 192.168.166.2.732: udp 88 936680400.589109 192.168.166.2.732 > 192.168.166.48.753: udp 60 (DF) 936680400.589195 192.168.166.48.753 > 192.168.166.2.732: udp 88 936680400.589774 192.168.166.2.732 > 192.168.166.48.753: udp 60 (DF) 1585.854u 84.556s 29:02.78 95.8% 125+2247k 41333+267io 2pf+0w unzen:tate[15]% tcpslice -w /var/tmp/output 936680400.000000 936680500.000000 dump.fxp0.932014828 42.098u 30.661s 6:54.65 17.5% 15+208k 28177+43io 0pf+0w unzen:tate[16]% ls -l /var/tmp/output -rw-r--r-- 1 tate wheel 24 Sep 11 12:09 /var/tmp/output unzen:tate[17]% tcpdump -n -tt -r /var/tmp/output unzen:tate[18]% >Fix: I think that tcpslice uses "long" type variables instead of "off_t" type variables for search a posision of target portion. The program also uses fseek(3) which only takes "long" for file offset, we should use fsetpos(3) instead. Sorry, I can make a patch. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909110315.MAA55702>