Same story.
root@nsm1:~# ./netsniff-ng -i eth2 -o
/nsm/sensor_data/nsm1-eth2/dailylogs/2014-04-30/ --user 2551 --group
2551 -s --prefix snort.log. --verbose --ring-size 5GiB --interval
1500MiB --mmap --filter /etc/nsm/nsm1-eth2/bpf-pcap.ops
pcap file I/O method: mmap
RX,V3: 5120.00 MiB, 81920 Blocks, each 65536 Byte allocated
Running! Hang up with ^C!
.(+1433218/-387788)
And than no other files get created other than
-rw-r--r-- 1 sguil sguil 1.9G May 5 20:18 snort.log.1399321111.pcap
-rw-r--r-- 1 sguil sguil 1.8G May 5 20:18 snort.log.1399321118.pcap
Judging by the iostat -m -x 1 the application saves nothing to disk -
i.e. it does not perform any writes.
Thanks for testing! Can you try whether the patch below (or download
from [1]) fixes your problem?
[1] http://distanz.ch/patches/netsniff-ng/num_pkts_fix.patch
diff --git a/netsniff-ng.c b/netsniff-ng.c
index 52ec00f..e122631 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -817,7 +817,8 @@ static void walk_t3_block(struct block_desc *pbd, struct
ctx *ctx,
int sock, int *fd, unsigned long *frame_count)
{
uint8_t *packet;
- int num_pkts = pbd->h1.num_pkts, i, ret;
+ uint32_t num_pkts = pbd->h1.num_pkts, i;
+ int ret;
struct tpacket3_hdr *hdr;
pcap_pkthdr_t phdr;
struct sockaddr_ll *sll;
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
