Thanks for below information. Are you suggesting that this will be
implemented in future release or recommend I recompile with change. If
recompile source, do you know location of array setup. I am not setup
currently to compile in windows environemt, but can for *nix. Could this
possibally be supported with run flag or is specific to compilation?
>
> Message: 7
> Date: Sat, 26 Nov 2005 01:44:25 +0100
> From: Ulf Lamping <ulf.lamping@xxxxxx>
> Subject: Re: [Ethereal-users] Ring buffer issue with tethereal
> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> Message-ID: <4387AFE9.30300@xxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Cory Perry (SNL:434-951-7463) wrote:
>
> > I have run across and intersting issue with command line utility
> > "Tetheral" when using (-b files:xxxx) ring buffers greater
> that 1024.
> > (Used to keep a preset amount of historical data)
> >
> > The number of files saves never exceeds 1024. If I set
> value to 2000
> > or 5000, again only 1024 files are kept, first file written is
> > deleted, but file number will increase to set value of -b
> files:xxxxxx.
> >
> > I have increased and decreased -a filesize:yyyyyy and -b files:xxxx
> > (xxxx greater than 1024)
> >
> > Here is test command: tethereal -a filesize:1 -b files:2000 -w
> > c:\temp\capture\test1.cap
> >
> > I am currently using the Windows version.
> >
> > tethereal 0.10.13
> > Compiled with GLib 2.4.7, with WinPcap (version unknown),
> with libz 1.2.3,
> > with libpcre 6.3, with Net-SNMP 5.2.1.2, with ADNS.
> > Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27),
> > based on libp
> > cap version 0.9[.x] on Windows XP Service Pack 2, build 2600.
>
> Hi Cory!
>
> Sorry for the late response, just being busy.
>
> I can confirm this behaviour. The limit is currently 1024
> max. files for
> the ring buffer feature.
>
> The array to keep information about the ring buffer (e.g. all
> the file
> names) is allocated using g_malloc(), so increasing the
> maximum number
> will only increase the amount of memory used when such a huge
> number of
> files is really used.
>
> So I don't see any technical reason for this limit being only 1024,
> probably the implementor did a quick estimate "more than 1000
> files will
> never be used". Well, same as: "the year 2000 is more than 30
> years in
> the future, so two digits to keep the year are just enough!" ;-)
>
> It might simply be a prevention to not use a very (unreasonable) huge
> amount of files e.g. "12345678" as Ethereal will crash if it
> cannot get
> the memory for all this (each entry will typically take
> 100-200 bytes,
> or even more, depending on the length of the filename incl.
> full path).
>
> Raising the max. number of ringbuffer files to 10000 might be a good
> idea. It won't hurd any of us and should help you in your project.
>
> Regards, ULFL
>
> P.S: Another bug is that tethereal should complain about the
> huge number
> of files instead of simply reducing the actual number. This makes it
> hard to find the real limit (and also that there's a limit at all).
>
>
>
